* Posts by Paul Crawford

2869 posts • joined 15 Mar 2007

Inside Intel's CPU-level multi-factor auth (and why we've got deja vu)

Paul Crawford
Silver badge
Trollface

Re: Deep joy!

I hear that Juniper Networks supply such firewalls for secure application. Oh wait...

9
0

For pity's sake, enterprises, upgrade your mobile OS - report

Paul Crawford
Silver badge

It is high time that the cost of vulnerabilities was put on the manufacturer of the phone (or carrier, if bloatware). Basically, for say 5 years after purchase it has to be supported, and if not patched in a timely manner (say 30 days from notification) they are liable for the costs.

Yes, it would put up the costs of phones slightly, but then we would have a damn sight less trouble over all from them and lower cost than the current "you need a new phone gov" option.

0
0

Facebook Messenger: All your numbers are belong to us

Paul Crawford
Silver badge

Re: Whatsapp?

I did wonder about that, as (so far) WhatsApp is advert-free and offered with a small fee. Last night it told me I would not have to pay this ever, so I did ponder on how the system will be paid for.

WhatsApp seems a great system, but not in Facebook's hands I fear.

8
0

Microsoft: We’ve taken down the botnets. Europol: Would Sir like a kill switch, too?

Paul Crawford
Silver badge

Re: Less Scary

While simple in theory, its not as if the bad guys have a DNS entry for "botnets-are-us.com" to make it easy. A lot is P2P between compromised machines to obscure the final machines.

Other side of such ISP fiddling is how long before world+dog starts asking for ISP blocks for all sorts of reasons a-la Pirate Bay? Then it impacts on wider freedom and adds a lot to costs to support it.

1
0
Paul Crawford
Silver badge

True about free wifi, but said free wifi links are usually pretty low bandwidth and only on a small percentage of machines. So it might not stop the problem, but would make it a damn sight smaller.

0
0
Paul Crawford
Silver badge

Re: Not invisible

"But a crime might be something I choose to do"

Or quite possibly is something legal in your own country (or a civil case, not criminal) and not in the USA where no doubt they would decide on such action.

Either way, it is a slippery slope to go down. For example, can we then blame MS if they fail to stop botnets DDoS'ing a web site, etc, on the grounds those machines are "under the control of MS"?

3
0

Kiev airport goes dark after 'BlackEnergy-linked' power outage

Paul Crawford
Silver badge

Perhaps, just perhaps, we might see some sense returning and people not putting critical systems on relatively unprotected Internet end points?

Or not, if the bean counters continue to rule the roost...

0
0

Ubuntu's Amazon 'adware' feature to be made opt in

Paul Crawford
Silver badge

I have no problem with the Ubuntu team getting money from any Amazon searches provided it is done with my explicit consent.

I was rather annoyed by them for doing it be default when you might be searching for stuff on your private machine. Had they simply offered two search boxes, one clearly labelled for the "local machine", and one for "internet & shopping", I reckon most folk would have had no major beef about it.

8
0

Friends Reunited to shut down. What do you mean, 'is it still going?'

Paul Crawford
Silver badge
Trollface

And how is that different from Facebook?

43
0

Put your private parts on display if you want to keep earning a living

Paul Crawford
Silver badge

Re: Not all you need

I have a Fed 4 range-finder my father gave me as a present almost 40 years ago. Last tried it out about 15 years ago with some "colour" IR slide film and it worked! Even the exposure meter was still working (selenium cell, no battery required). Very sharp images even if heavy and a bit fiddly to use.

But modern digital cameras are much lighter and easier to use, and no cost/delay in processing film to see how successful (or not) you photos were.

0
0

French say 'Non, merci' to encryption backdoors

Paul Crawford
Silver badge

Cheese eating? - Oui

Surrender monkeys? - Non!

Such a shame we in the UK have such a bunch of clueless fuckwits technically challenged leaders.

13
0

What do we do about a problem like Uber? Tom Slee speaks his brains

Paul Crawford
Silver badge

Re: Uber are trying to be two different things

In the UK London at least we have two different forms of taxi.

Fixed it for you...

1
8
Paul Crawford
Silver badge

Regulation own-goal

One aspect about the various changes in regulation that are mooted is they are stupidly reactionary: they see (picking Uber for argument's sake) the business practice and they try to target that.

What they ought to be doing for everyone's sake is to identify why such regulation ought to exist, and make sure it applies to Uber as for any other taxi company. For example, most people are not in favour of cartels and other "closed shop" arrangements that serve to protect a few, but they are in favour of, for example, making sure that cars and drivers are in fit condition and fully covered by insurance. Simply putting that onus on Uber alone would be a step towards a level playing field.

OK, it may not address all of the issues, for example, to keeping universally available service, but unless that is also explicitly imposed by the existing taxi license holders its a hard sell to argue against Uber on that point. Legislate for social outcomes, not business methods, etc.

10
0

Late night server rebuild led to 'nightmares about mutilated corpses'

Paul Crawford
Silver badge
Gimp

Fool!

They should have gone for good pr0n. Much nicer to keep dreaming about for months afterwards :)

OK, maybe not the S&M sort =>

7
0

Huffing and puffing Intel needs new diet of chips if it's to stay in shape

Paul Crawford
Silver badge

Re: "Microsoft dishing out free copies of Windows 10 to people hasn't helped..

Most people don't want a new OS, or a new PC, as such: they just think its a way to stop the current one sucking so badly.

9
0

$30 webcam spun into persistent network backdoor

Paul Crawford
Silver badge

Re: Ouch.

Like not putting crap like these things on your corporate LAN? Have another IP range for them without Internet access nor much internal access so only the security desk PC can record/view the cameras?

Oh and while you are at it, partition your network to put printers, etc, that have web servers and other crap that is never patched on to a similar restricted zone...

0
0

Windows 10 shattered Remote Desktop's security defaults – so get patching

Paul Crawford
Silver badge

Re: Slow

I noticed that when trying to update a W7 VM a week or so ago, even an hour or two later - no patches apparently downloaded. Gave up and shut the VM down as I only needed it due to the incompetence of VMware management where they need flash 11.5.+ but Adobe only offer 11.2.+ now for Linux.

WTF #1 needing flash for anything

WTF #2 not using a version that is available on most server-room platforms

WTF #3 was added in 11.2 -> 11.5 that mattered?

6
0

Microsoft’s Get Windows 10 nagware shows signs of sentience

Paul Crawford
Silver badge
Linux

Re: @Ken Hagan

Have an up-vote from me. Seems people don't like your sort of realism on the situation.

I really liked w2k and paid full price. I found XP tolerable after 'classic mode' enabled (and more secure with SP3), hated my few experiences with Vista (mostly sitting around waiting for it to complete updates etc) and while 7 looked a competent fix for Vista, by then I had given up on Windows as primary OS.

8
0

One Ring to pwn them all: IoT doorbell can reveal your Wi-Fi key

Paul Crawford
Silver badge

There was a time when gaining access to one's WiFi password was but a minor annoyance if others free-loaded off your connections. Of course these days it seems they could then screw over all of the piss-poor security in IoT and SOHO equipment inside your home without having to leave their van*

[*] Other transport options are available, assuming they are not dumb enough to live next door and have no getaway plan on discovery.

5
1

Anyone using M-DISC to archive snaps?

Paul Crawford
Silver badge

How about another NAS? Or several USB HDD?

Depending on your data volume, how about a 2nd NAS off-site. First sync it locally, then use rsync or similar to copy over changes every so often. If your NASs support snapshots (e.g. FreeNAS using ZFS) then you can replicate a snapshot without worrying about changes mid-backup. Also ZFS snapshots take almost no space, only the *changes* need it, so you can have a scheduled snapshot regime to deal with cryptolocker virus, etc.

If that is not viable, and your data totals less then a few TB, then just get a few USB HDD and cycle them round syncing to your NAS. Set up an encrypted file system if you want, of course, buf if the risk of loss of password and/or FS support is greater than the data value and physical security risk, then don't. Your call...

0
0

Windows 10 makes big gains at home, lags at work

Paul Crawford
Silver badge

"I don't see what all the fuss is about with Win10 (privacy aside)"

Well if you can temporarily ignore being whored out by your OS, then the invasive pushing of "updates" where they are not needed, but simple serve to let MS whore you more effectively, is a reason to create a fuss.

"If you hate MS that much then maybe you should try a Linux distro."

I grew to hate MS (or at least the corporate actions, some products they do are pretty good) and did, never looked back really. Yes its true that Linux occasionally sucks donkey balls, but I find them smaller and less throat-blocking than recent MS OS when I am no longer really in charge of what the software does (DRM, product activation, etc).

13
5

Boozing is unsafe at ‘any level’, thunders chief UK.gov quack

Paul Crawford
Silver badge
Linux

Re: "fractional freezing"

How they create Tactical Nuclear Penguin "beer"

0
0

'OAuth please do grow up' say IETF boffins

Paul Crawford
Silver badge

Its fine for a handful of work-related sites where you might, say, want to have a corporate tool for local and remote site password management.

But not for personal stuff for exactly this reason, just like Farcebook wanting to provide log-in and tracking so it can whore you more effectively to any advertisers (and, of course, the US gov). What is needed is something like a password manager that makes 3rd party tracking hard because its not "owned" by anyone other then yourself. So something, for example, like a bluetooth dongle built in to a (otherwise dumb) watch that also needs a master password each pairing time so its mostly with you and not terribly useful if found/stolen.

3
0

ANN-IE-LATION: Microsoft to axe support for older Internet Explorer next week

Paul Crawford
Silver badge
Thumb Up

Re: @Nigey

Works for my old man, has Ubuntu+Gnome for the main desktop (thus email & web access) and a Windows XP VM to run some old & flaky genealogy program that is main computer use-case these days.

I get about 1-2 calls per year to support it, which is a damn sight less than I used to get from certain others running Windows...

1
0

Library web filtering removes info access for vulnerable, says shushing collective

Paul Crawford
Silver badge
Unhappy

So. Fscking. Predictable.

2
0

Microsoft's 200 million 'Windows 10' 'devices' include Lumias, Xboxes

Paul Crawford
Silver badge
Trollface

Re: ENOUGH!

What about Windows ME?

2
0

Intel, Warner lock horns with hardware biz over HDCP crypto-busters

Paul Crawford
Silver badge

I don't have any HRDCP 2.2 need now, or in the immediate future, but I am sorely tempted to buy one of these simply to piss Intel & Warner off.

14
0

AMD to nibble the ankles of Nvidia this summer with 14nm FinFET GPUs

Paul Crawford
Silver badge

<- this

In the past decade or so the only major trouble I have ever had when installing or updating systems has been crappy video drivers. Both Linux and Windows.

A pox on them all!

7
0

The Register guide to software-defined infrastructure

Paul Crawford
Silver badge

Re: Change Management

One of the guys in the networking department where I work explained it thus: Change management provides me with no immediate advantage in having to fill out the request forms, etc, but it provides me with plenty of benefits when others do it. And vice-versa.

Knowing what was changed and when, and having easy ways of rolling back (e.g. snapshots of file systems and configs, etc) is a huge advantage if what you do really matters.

1
0

John McAfee rattles tin for password replacement tech

Paul Crawford
Silver badge

Re: Maybe

Wristwatch? I have never lost on of mine, though I have occasionally forgotten to put it on in the morning. If my pre-departure email check needed it, then probably that would be further reduced to the point where its an acceptable risk.

But..still needs something like a master password designed-in as well so it can't be used to activate another phone by someone standing next to me in the tube, etc, without my knowledge.

0
0
Paul Crawford
Silver badge

Close, but no cigar

Having a physically isolated password store is a good start, you don't have to entrust your data to others (or do you? details...) and it ought to be difficult to hack by virtue of having a limited connection to the machine's it unlocks. Also it ought to encourage unique and difficult passwords all round, so you don't get some numptie's server being raided and half your family/friends other accounts exposed due to id (email address?) & password re-use.

But really it ought to be a 2FA item, and you still should need some master password as well, so that it can't be stolen and used before you realise it and can have it frozen. There are, of course, other issues like how it is supported on the host machines, and how free such software will be (e.g. will there be an open source driver for Linux use?) to make it usable on enough platforms to be of value.

Most worrying is the time and money so far for no sign of a working prototype...

1
0

Trustworthy x86 laptops? There is a way, says system-level security ace

Paul Crawford
Silver badge

Re: Trusted storage

No, that is not as big a problems as "can we be sure there is no hidden storage on the main CPU, or anything like it in a vendor-supplied device driver?"

Really it comes back to two important and related issues for 'trust' in a system:

1) Is everything open to inspection and cross checking? The basics of open source development really (and yes I am aware of the likes of Ken Thompson's compiler backdoor).

2) Is the level of complexity as each key step manageable for inspection and/or automated validation?

Having hidden code in the US-based corporation's "CPU" for remote management is a nightmare for any non-US government as it offers such an opportunity for a planted backdoor, as much as it is a nightmare for everyone else who cares about security due to the opportunity for plain old fsck-ups.

5
0

Five key findings from 15 years of the International Space Station

Paul Crawford
Silver badge
Coat

Re: AFAIK orbital nookie hasn't happened

But do they have a policy on orbital masturbation?

Mine is the dirty mac, thanks ->

0
0

Researcher criticises 'weak' crypto in Internet of Things alarm system

Paul Crawford
Silver badge

Re: What?

Indeed 2-3 years is taking the piss, but that is what we see with the majority of smartphones. You have to look hard to find any getting support or security updates even when under 1 year old, let alone 3.

But this misses the point - such shit security practice like unencrypted communications that reveal passwords, etc, have been known to be shit for decades so there is no excuse. It simply comes down to companies not employing staff or external support (e.g. penetration testing, etc) who know what they are doing when it comes to security. So many of the bugs that keep coming up, and design flaws, are well known and often (in some cases, like memory abuse) picked up by compiler warning and static analysis tools. That don't get used.

2
0

Debian Linux founder Ian Murdock dead at 42

Paul Crawford
Silver badge

Always sad

It is always sad when someone's life is cut short for any reason, but more so for mental illness, etc, where it always feels as if it could have been prevented so easily if only we had known how deep the problem was. More so, of course, when the person is famous in some way for having contributed to humanities well being in a significant way.

"Therefore, send not to know

For whom the bell tolls,

It tolls for thee."

14
3

US Marines kill noisy BigDog robo-mule for blowing their cover

Paul Crawford
Silver badge
Terminator

Re: The Uncanny Canine Valley

"Or the big robotic dog will give you a humping that no postman ever dreamt of in his worst nightmare"

4
0

Intel completes epic $16.7bn Altera swallow, fills self with vitamin IoT

Paul Crawford
Silver badge

Re: "We will apply Moore's Law to grow today's FPGA business"

"The idea that FPGAs are going to be used by the million in autonomous vehicles is farcical"

Really, you think that they will be either standard CPUs or an ASIC they got right first time and has no need for updates due to bugs and litigation-induced changes?

2
2

SAP business apps rolled as Hitachi cloud service

Paul Crawford
Silver badge
Unhappy

Re: @Hans 1

"Nobody understands human-machine interfaces anymore"

You forgot the morons at web browser dev teams, think Chrome, Firefox (desperately trying to copy Chrome and losing their USPs in the process), even Vivaldi, the new-Opera, has gone for its own stupid win7-ish framework that looks out of place even on Windows, let along other machines, and seems to have lost the good bits of Opera. Opera, of course, has also lost the good bits by becoming a Chrome-reband (OK, the "turbo" feature is still useful).

A pox on them all!

0
0

China wants encryption cracked on demand because ... er, terrorism

Paul Crawford
Silver badge
FAIL

Re: Well, that didn't take long

So when all of the gear in the West has China's required back-doors, as they also want, will our governments be happy that we can all sleep safer knowing those bad guys can be found and stopped, and that the Chinese (and every other government out there) would never dream of using this mandated access for political reasons or for industrial espionage?

28
0

Hybrid cloud thingies, new media and everything is software-defined: Storage reinvents itself

Paul Crawford
Silver badge

Re: Software defined this, software defined that...

"what this crap is all about?"

Not being tied to some vendor's over-priced hardware is the most obvious aspect, as traditionally you would buy some storage array and then have to get replacement HDD from that vendor, at £1-2k per HDD for SFA, but for a firmware version the software would accept.

So yes it is a lot of bollocks but the underlying issue, that of having a choice of hardware, is not such a trivial aspect after all.

2
0

Microsoft in 2015: Mobile disasters, Windows 10 and heads in the clouds

Paul Crawford
Silver badge

Re: Mixed messages ....

Its far to easy to shout "MS shill" at consumer magazines when the real answer is much more likely to be how they choose to evaluate things. The "average consumer" from an advertiser's perspective appears to be someone not terribly bright and blown over by bling and novelty features, say, voice control. They are unlikely to think or care much about the privacy implications of how that is implemented, nor do they think much about freedom and control over a PC.

Tech web sites on the other hand obsess over small points and how thing can be used for massive scale computing, etc. I have to admit to being that sort of a geek and champion Linux for various reason like this.

But I know some folk who have "upgraded" to W10 and genuinely love it because it works for them and they don't care about the things I do. Sure I point them out, but I don't behave like a religious nutter over it and they are perfectly free to choose that if they want.

9
3
Paul Crawford
Silver badge
Trollface

Re: My 5 WIndows 10 machines (of all form-factors) ......

Doh! You just fed a troll.

3
0
Paul Crawford
Silver badge

Re: CAD software

We are pretty much a Linux shop, with a few Solaris machines being retired as fast as we can get our gonads out of Larry's money-making vice. However we do require Office for some document work where it has to be format-perfect with other MS users, and a few CAD packages that are Windows-only. Our solution is to use Linux for our desktops and have a few VMs with Windows for those applications (often XP, as for 7 you need the enterprise license I think for virtulisation), and not give them internet access.

Result is pretty much the best of both worlds in terms of cost, flexibility and security. Yes it adds a slight complexity to using software in having to fire up the VMs but for anyone capable of using CAD software or writing complex technical or business documents its not a challenge after 10 mins of tuition.

Of course it might not suit everyone's use-case, but is worth considering.

14
0

Bookstore sells some data centre capacity, becomes Microsoft, Oracle's nemesis

Paul Crawford
Silver badge

Re: @oldcoder

The whole "TCO thing" is flaky, it depends on who is running the evaluation and just what they are asking as the licensing costs for Windows (in particular) are complicated.

But even if Windows was a little cheaper for my use-case, which I doubt, I would still choose Linux for the simple reason that I am in charge of what my computers do. Not some company that won't give me all the source code and reserves the rights in the EULA to disable stuff if they feel like it (e.g. for DRM support). That is a point of principle for me.

20
2
Paul Crawford
Silver badge

Re: Since it wasn't mentioned by name in the article

Over 5 years, look at the cost of Red Hat versus a Windows 2012 server. Which OS is more expensive to run?

I'm sure that depends on who you ask:

http://www.redhat.com/en/about/blog/how-red-hat-enterprise-linux-trims-total-cost-of-ownership-in-comparison-to-windows-server

So they say "Red Hat Enterprise Linux experienced 34% lower annual TCO per user compared to systems running Windows Server", what are your figures please? And a suitable citation.

17
2

Security sweep firm links botnet infestation and file sharing

Paul Crawford
Silver badge

Hmm...

So organisations that allow users to install arbitrary software like P2P clients, and don't pay any real attention to network security/firewall rules, are also getting Rodger'd with a spiky barge poll when it comes to Windows infections, etc?

Colour me surprised...

3
0

Windows 10 won't come to old WinPhones until some time in early 2016

Paul Crawford
Silver badge
Trollface

Re: Which is worse

Opps, did I just feed a Troll?

2
2
Paul Crawford
Silver badge

Re: Which is worse

"Have you looked at the amount of crud you get with say a default Linux install?"

And yet a typical Linux install takes up far less disk space than typical Windows 10, odd that?

From here, Windows 10 16GB/20GB for 32/64-bit, Ubuntu 7GB:

https://www.microsoft.com/en-gb/windows/windows-10-specifications

https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes/UbuntuGNOME

Also its easy to fire up Synaptic or whatever package manager and de-install anything you really feel is unneeded for your system. If you are doing it a lot, then just use command line 'apt-get' (or equivalent) program to remove packages, and when done, use 'history' to list what you did, and copy/paste it in to a bash script that allows you to do the same on other installations.

2
1

Firefox-on-Windows users, rejoice: Game of Thrones now in HTML5

Paul Crawford
Silver badge

@Greg J Preece

It seems I stand corrected on this one:

http://www.makeuseof.com/tag/watch-netflix-natively-linux-easy-way/

I have not tried it, and would be interested to know if it plays nicely with the (usually off) AppArmour profile, etc, but it is a step in the right direction.

1
0

Former security officials and BlackBerry CEO pile in on encryption debate

Paul Crawford
Silver badge

Re: @Michael Wojcik

"So the government could decrypt part of the key, then brute-force the remainder"

One aspect of all of this that I wondered about is most folk have pretty simple PIN sequences or unlock patters for their phones, so I suspect they are brute-forcible in the order of 1E8 attempts or less, for a 4 digit PIN probably ~500 attempts. So is recovery from a confiscated phone really beyond the law enforcement capabilities, or is it simply an issue of cost/time that it looks too hard to do without a simple backdoor?

After all the Internet part needs very strong encryption because there are plenty of opportunities for the data to be intercepted and plenty of botnet PCs to do cracking if it looks worth it, but physical access to a phone is much less common and generally I suspect most stolen phones are going to be wiped and re-sold unless its trivial to get profitable data off it.

0
0

Forums