* Posts by Paul Crawford

2805 posts • joined 15 Mar 2007

Be afraid, Apple and Samsung: Huawei's IoT home looks cheaper and better

Paul Crawford
Silver badge
Gimp

"We cannot even capture the backside of the passer by"

Exactly! That is no way to make a good perv-cam

2
0

New gear needed to capture net connection records, say ISPs

Paul Crawford
Silver badge

Re: There is no point in trying to play party politics with this one.

Yes there is - make sure the fsckers know they (whoever is in power currently) will be tarred with introducing it come the next election. It might magically make the grow some ethics, like the LD has in this respect.

9
1
Paul Crawford
Silver badge

The ISPs should tell the committee that cost recovery is not an issue - they will all simply put all of the hardware, software and administrative costs down on the customer's bill separately itemised as "Conservative Government Snooping Tax".

17
2

Microsoft extends Internet Explorer 8 desktop lifeline to upgrade laggards

Paul Crawford
Silver badge

"same kind of lock-in as if they'd stuck with a Windows-native client"

Actually if they had used a win32 client and stuck to the most simple and common API calls (and actually read MS' own guidelines about privileged use, etc) they would have far less of a problem.

I have several applications that were written for Windows a long time ago that just keep working, version after version. Often also working on Linux+WINE as well. Its the fancy new and/or undocumented stuff that bites your ass eventually, so just keep clear of the latest fad (how is Silverlight doing?) and use the common stuff and its not too bad.

Much more so if you force your developers to build & test on two different platforms/compilers always (even if both are "Windows" and "Visual Studio" but different releases) as that way they can't use the ephemeral stuff...

5
0

Memory-resident modular malware menaces moneymen

Paul Crawford
Silver badge

Memory resident?

So how does it survive reboots? Can it spread machine-to-machine, or would making your office work PCs shut down every night be a useful mitigation technique (as well as saving money on electric)?

4
0

Microsoft to OneDrive users: We're sorry, click the magic link to keep your free storage

Paul Crawford
Silver badge

"the incident nevertheless serves as a reminder that free stuff in the cloud can be taken away as well as given"

There, fixed it for you...

2
0

Volkswagen blames emissions cheating on 'chain of errors'

Paul Crawford
Silver badge

Re: the only error is that I bought one of these

" I was impressed with the power and the fuel economy" ... "my 13 month old car with less than 9,000 miles is worth half of what I paid for it"

Why don't you just keep the car for 5-10 years and get your money's worth out of it? Works for me (as a tight-fisted Aberdonian)

21
1

Predictable: How AV flaw hit Microsoft's Windows defences

Paul Crawford
Silver badge

Re: The MS platform is pretty robust ... Firefox

Yes, this is a sore point also on most Linux systems as well. If there is one sane thing that the Firefox management could do for their products and the world at large, it would be to focus on making a browser that was easy to secure and designed to enforce a respect for privacy.

That means having a simple way of using central management tools to set parameters and to force/block plug-ins that are centrally defined, and to have a sane limit on what the browser should ever need to access so things like apparmour profiles are trivial to use without issues. And this goal should be thought through so it works using WSUS and several of the Linux options (both per-machine via local admin, and centrally for the network).

As far as privacy goes, this means reporting only one of a few configurations so its not easy to fingerprint for tracking (and/or randomly reposting different bits every time so no two sessions on a given machine look alike, e.g. dithering on canvas draw etc). It also means having a design so things like history and cookies are all isolated from javacript and plug-ins by default, and only signed plugins that ask for permission and are granted it can use it. And that denying access just returns a near-blank list, like a fresh browser install, so a plugin can't tell if it has real access blocked or not.

So please Firefox team, quit dicking around with the GUI to look like chrome, quite removing features because you can't be arsed to support or test them, and focus of having a selling point that system admins want - an easy life of little trouble from users, idiot or otherwise.

5
0

Microsoft drops internal PowerShell tests on GitHub

Paul Crawford
Silver badge
Trollface

Re: What the world needs now

Poor quality trolling there.

You could have tried mentioning the lack of portability beyond Windows, or the benefits of ASCII for cross-platform use in bash, maybe even joked about csh/tch/sh/bash offering one common way of doing things.

0
0

Facebook wants a kinder, gentler end for SHA-1

Paul Crawford
Silver badge

Of course this is not helped by the muppets at Google & Firefox, etc, dropping support for web browsers on the likes of XP even though a significant number of folk still rely on it.

For the technically competent there is always Linux for safely browsing using old machines, but that is hardly a solution for the majority who don't even grasp what an operating system is, let alone that it can be replaced on existing hardware.

2
1

Obama calls out encryption in terror strategy speech

Paul Crawford
Silver badge

Re: @Joseph Eoff

Meanwhile in Europe we don't have school massacres practically every year for the last century...I think you will find that even with all of the "terrorist" acts in Europe post WW2 together the death toll is less than a year of US gun-related accidents.

12
0

Senate asks DHS: you don't negotiate with terrorists, but do you pay off ransomware?

Paul Crawford
Silver badge

NSA help?

With the billions of dollars in funding and all-seeing surveillance, can''t they do something useful to help out the government departments they are supposed to serve?

You know like catching the perpetrators, recovering data, that sort of thing...

4
0

Doctor Who: Oh, look! There's a restaurant at the end of the universe in Hell Bent

Paul Crawford
Silver badge
Coat

I'm glad I am not the only one thinking that.

Thanks, mine is the dirty mac...

12
1

Smut-seeding Prenda Law ringleader must sell home to pay $2.5m debt

Paul Crawford
Silver badge

Re: I wonder how our Mr. Crossley is getting on...

The ars technica article, essential reading for those who didn't get your reference:

http://arstechnica.com/tech-policy/2010/09/amounts-to-blackmail-inside-a-p2p-settlement-letter-factory/

The resulting Hitler parody to enjoy:

https://vimeo.com/15463930

6
0

Iran – yup, Iran – to the rescue to tackle Internet of Things security woes

Paul Crawford
Silver badge

Just by making suppliers liable for faults and security holes that are not patched reasonably quickly[1] and for the usable life[2] of the IoT devices, and no weasel EULA to got out of it, would be a major start. Most of the problems fundamentally come down to the "ship it fast even if shit, and don't pay for a decent support team" mentality of modern businesses.

[1] say 30 days from it being reported

[2] say 5 years after that model was last offered for sale

2
0

Are you the keymaster? Alternatives in a LogMeIn/LastPass universe

Paul Crawford
Silver badge

Re: @RIBrsiq

"Alternately, do not access password stores on any systems that are not known-secure."

Please tell me just how you know when a machine is compromised without being able to boot it and scan with various rescue CDs to check?

If you can do this where no one else has, there is a fortune in AV to be made!

0
0

IETF's older white men urged to tone it down

Paul Crawford
Silver badge

Re: Important RFCs by women ?

"How many RFCs...have been written by women ?

I'm guessing within an expected statistical range of the proportion of women taking part in the organisation.

Plenty of women have technical merit, but if you look at the proportion leaving school with an interest or attempt to follow a technical career you will see the problem is far from an issue with the IETF or similar.

Why so few women lecturers? Why so few women in science/technology roles? Duh, look at the number of women graduates 10-20 years previously!

4
1

Google to end updates, security bug fixes for Chrome on 32-bit Linux

Paul Crawford
Silver badge

Re: Don't people ever write portable code?

"Doubling the amount of time they have to devote to testing is"

WTF? Don't they have any automated testing then? In which case its only another build machine and for someone of Google's size I doubt that is such an intolerable expense.

Edited to add: Or is this down to the shitty inclusion of FlashPlayer, and the pain of supporting that?

10
2

Mozilla: Five... Four... Three... Two... One... Thunderbirds are – gone

Paul Crawford
Silver badge

Coupling?

"At the same time, build, Firefox, and platform engineers continue to pay a tax to support Thunderbird."

Really? It sounds like they really don't have a sane project structure in that case.

FFS just how much HTML or web rendering should be possible in any web client? Or is this really a case of their sponsors wanting people to move to web-mail so they can whore them more effectively to advertisers?

80
0

Why are only moneymen doing cyber resilience testing?

Paul Crawford
Silver badge

A very good question and the answer is usually one or more of three options:

1) Cost savings

2) Convenience

3) Trendy, as everyone else is apparently doing it

Sadly there has been nothing serious to place responsibility on those in charge to do it properly. And by that I mean to consider security from the very beginning: How it is protected, how it is partitioned to control damage, how it is tested, how it is patched [repeat from start]. Dangle serious fines and jail time over managers and things will then be done, otherwise its business as usual until the shit hits the fan...

5
0
Paul Crawford
Silver badge

Typo

"We see from this place every day the malign scope of our adversaries’ advertisers' goals"

0
0

Walmart spied on workers' Tweets, blogs before protests

Paul Crawford
Silver badge

Re: Is your business model flawed or is your management just crap?

Both, most likely.

10
0

VPN users menaced by port forwarding blunder

Paul Crawford
Silver badge

Firewall rules

I don't know if it was specifically intended for this port-forward risk, or just the more general issue of a VPN being dropped due to other software bugs or MITM attempts, but the UK Gov security advices on system deployment has a section on setting the firewall to only allow the VPN range of access. For example, see section 8.7 of this:

https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts/end-user-devices-guidance-ubuntu-1404-lts

0
0

Final countdown – NSA says it really will end blanket phone spying on US citizens this Sunday

Paul Crawford
Silver badge

Re: Some perspective needed in commentardia

"In the UK the headline figure for investment in this is £175M over the next 10 years"

And the ISPs, etc, who have a clue are saying £2B or so is needed. Now why would the gov not publish its costing approach when the bill is in the debate stage?

3
0

MPs and peers have just weeks to eyeball UK gov's super-snoop bid

Paul Crawford
Silver badge

Re: Thoroughly underwhelming joint Committee

"Now, they're guaranteeing a mess in the future"

As if any of the recent bills have been any different in this respect?

The whole thing stinks, but how much of that is incompetence and how much is (political) malice is hard to tell.

6
0

Grow up, judge tells EFF: You’re worse than a complaining child

Paul Crawford
Silver badge

Re: "punish the group as a whole"

You are aware that article 33 of the Fourth Geneva Convention specifically forbids collective punishment?

0
0

Yahoo! Mail! is! still! a! thing!, tries! blocking! Adblock! users!

Paul Crawford
Silver badge

Its only the best all round solution if you don't have any significant delays in loading ads, and they are not poisoned flash files or similar that then infect your PC.

14
0

Rdio's collapse another nail in the coffin of the 'digital economy'

Paul Crawford
Silver badge

Re: My 2¢

"competing against your contemporaries you are competing with 60 years of back catalog"

It is worse than that as today people are paying lots of different fees: ISP's, mobile phones, computer games, alcohol, etc. So music has to fight against a whole lot of other things to get a share of the youth's limited money compared to 20+ years ago.

And the problem is it is much easier to get music without paying compared to the more tangible goods, not just file sharing but YouTube and radio, etc. You really need to have something very special to keep enough fans buying. Today it also seems most folk are contended with crappy compressed audio, so the benefits of selling a CD or FLAC track appeal to few.

I don't know what the answer is. Certainly it would help if buying music was easier by micropaying options per track, etc, and such a scheme would potentially help others to make a living without being whored by Google. But will it happen?

3
0

Many UK ecommerce sites allow ‘password’ for logins – report

Paul Crawford
Silver badge

Re: not the right recommendation

"The thing that is important is entropy"

The things that are important are entropy and rate limiting on brute forces trials.

High entropy means more attempts on average to guess it, rate limiting stops them from doing it quickly. However to most likely password cracking scenario is when they have already compromised a web site and can brute-force the database.

4
0

Ofcom asks: Do kids believe anything they read on the internet?

Paul Crawford
Silver badge
Gimp

Or 50 Shades of Grey?

That would be bad, I mean there are much better examples of BDSM literature for the discerning reader...

6
0

Tech firms fight anti-encryption demands after Paris murders

Paul Crawford
Silver badge

Re: Time to wake

"For the really clueless it will take personal friends or family dying at the hands of terrorists before they wake up and smell the coffee."

So what? In the week or so since the Paris attacks more folk have been killed and injured on the roads of Europe than in the attacks. Should we all give up our own privacy and security to stamp out cars the next bogeyman?

5
0

BlackBerry Priv: After two weeks on test, looks like this is a keeper

Paul Crawford
Silver badge
Trollface

Re: What's so bad about Android?

Google

5
1

Apple's design 'drives up support costs, makes gadgets harder to use'

Paul Crawford
Silver badge

Good points

Tell it like it is!

I often wondered why the GUI muppets at Gnome, Firefox, Google, MS, etc, all seem to go down the same route of removing functionality and discoverability. They need a course in GUI design which consists of taking the odd granny/granddad or two off the street and giving them a simple task to do on the device. If they can't work it out in under 2 minutes the designers get beaten with rubber hoses until the elderly folk succeed.

A couple of lessons and I am sure designs would be so much more usable...

51
0

'Shut down the parts of internet used by Islamic State masterminds'

Paul Crawford
Silver badge

Re: greed is one of the deadly sins

Gluttony is in there as well, if pies are going for free.

Lust as well, if its warm apple pie

4
0
Paul Crawford
Silver badge

Re: Well that's a good solution

The "snooper's charter" is going far more than that, demanding all of your (and everyone's) internet access to be stored for a year and searchable, and also has various weasel-worded sections about who can access said data. That is blanket survalence.

What was proposed above was targeted - yes, you have some ability to scan all traffic, but it is used to pull out certain web sites that are known to be ISIS or similar, and then just look at that. A massive decrease in data gathering. Then you start to look for patterns, not just the odd link-following by someone who didn't know what the site was, but repeated visits and/or visits to sites related to that ideology.

Again, a big decrease in who you are looking at and then you are down to the levels where you can start to analyses what they are up to and see if they merit some human survalence and intelligence-gathering.

4
0

Behold, the fantasy of infinite cloud compute elasticity

Paul Crawford
Silver badge

Re: Spot pricing

That was my thoughts on the article, it will come down to a bidding "war" where you offer money for services and you don't get a cast iron guarantee of delivery, just a position in the scheduler based on who else is bidding for it and how much they are willing to pay.

What, you really need it to work? Maybe just buy your own server then...

2
0

Microsoft chief Satya drops an S bomb in Windows 10, cloud talk

Paul Crawford
Silver badge

"why not try for devotion?"

Usually devotion needs some sort of special dream, fantasy, or belief that out-weighs common sense. Given that MS is the dancing-dad of technology, and that few end users or sysadmins ever get up in the morning looking forward to engaging with MS' software, its going to be a long and tough sell...

19
0
Paul Crawford
Silver badge
Trollface

Re: "Nadella spoke about trust as both at the core and central to Microsoft's mission"

Maybe he should have spoken about how all of your data is encrypted by your own password before it hits MS' servers, and they don't have any access to it as a result.

Oh wait, that was a pipe dream resulting from me drinking too much port in a storm.

38
0

Terrorists seek to commit deadly 'cyber attacks' in UK, says Chancellor Osborne

Paul Crawford
Silver badge

You credit the clueless fuckwits honourable members of parliament with too much technical thinking there.

13
0

Yes, GCHQ is hiring 1,900 staffers. It's not a snap decision

Paul Crawford
Silver badge

Re: Genuine Question

I also doubt encryption is the biggest problem. Knowing what to do with a mountain of straw to find those couple of darn needles is a big challenge and more hay-gathering (AKA snooping) is not the answer, but having folk able to analyse it (and maybe act on it) probably is.

7
0

No, the EU is not going to make hyperlinks illegal

Paul Crawford
Silver badge

Yes, Google provides links to copyright material and they also got hauled over the coals!

What, they didn't? Anything to do with having $B to pay lawyers by any chance?

2
0

Microsoft creates its own movie moment with fancy privacy manifesto

Paul Crawford
Silver badge

Re: Huh?

Its a good point, Google is a master at whoring your from advertiser to advertiser.

MS used to offer a paid for OS that respected your privacy, but from XP's "product activation" through Vista's intrusive and bloated DRM aspects, and then finally to Win10's forced updates, weasel-worded upgrade pushes and and default-on telemetry, you have to ask: "Why pay for this shit?"

4
0

Drug-smuggling granny's vagina holds Kinder surprise

Paul Crawford
Silver badge

"Last heard of working in a sex dungeon in Blackpool"

You or the lady?

4
0

The Edward Snowden guide to practical privacy

Paul Crawford
Silver badge

Facebook

"the man had deleted all of his Facebook data. A huge pain and shame"

Indeed, the shame being he should have deleted it himself!

Even if keeping on FB then please delete and create a new profile with a new disposable email every year or so. It limits what FB can easily gather on you and evidence of past indiscretions, and a perfect excuse to dump those "friends" who are sufficiently important not to appear to single out for un-friending, but that you really did not want watching your every post.

Edited to add: And don't give FB your email log-in password or mobile number, mkay?

11
3

IT contractors raise alarm over HMRC mulling 'one-month' nudge onto payrolls

Paul Crawford
Silver badge

Just add in the planned Snooper's Charter and there is an even bigger reason to quit the UK and go elsewhere for work :(

An article on possible destinations and how they are for freelance work would be very welcome!

3
0

Got a time machine? Good, you can brute-force 2FA

Paul Crawford
Silver badge

You can use GPS along with other time sources, both network or radio.

For example, the Meinberg LANTIME M900 can use combinations of GPS/GLONASS as well as LW from your nearest source (probably DCF77 in central Europe, MSF in UK, etc)

0
0

Shadow state? Scotland's IT independence creeps forth

Paul Crawford
Silver badge

Re: Jeez

Exactly, time for El Reg readers in Scotland to write to their MPs and make clear the problems and risks from all of this. Not just for Scotland but also when it comes for voting on the snooper's charter zombie that has re-emerged from the Home Office.

1
1
Paul Crawford
Silver badge

Re: bit expensive for the bleedin' cameras

£3,571 *per f@%kin' camera* !!!

Is about right, given that a lot are analogue so you are talking networking, HDD recorders, etc, and labour to visit each camera point and do the work, possibly with a cherry-picker.

To achieve exactly what?

Aye, there is the rub. Just how helpful are these cameras? Have we got evidence that they will save more than £10m in reduced crime?

3
0

Microsoft capitulates, announces German data centres

Paul Crawford
Silver badge

Re: How is this helping with the broken safe harbour?

True, but its a good start.

4
0

Tor Project: US government paid university $1m bounty to hack our networks

Paul Crawford
Silver badge

You mean like arming the Taliban as an anti-Russian move?

18
1

Forums