* Posts by Paul Crawford

2161 posts • joined 15 Mar 2007

Cries of spies as audit group finds possible 'backdoor' in Bittorrent Sync

Paul Crawford
Silver badge

Re: Dan 55

Beat me to it: why trust a closed-source program? While open/closed tells you nothing about how good the programmers are, or the underlying ideas, at least with open it is possible[1] to audit the code and much harder to conceal back doors[2].

[1] Possible yes, but not necessarily going to happen.

[2] Back doors are still possible, but code changes/commits need a bit more explaining.

0
0

The Nokia ENIGMA THING and its SECRET, TERRIBLE purpose

Paul Crawford
Silver badge

@fearnothing

Well played!

0
0
Paul Crawford
Silver badge
Paris Hilton

Teledildonics

I'm betting on a nice matching his&hers[1] remotely linked sex toys all in a discrete black box. And guaranteed to fit her black box as well (other colours supported).

[1] Also fits his&his, or hers&hers, of course.

11
0

This 125mph train is fitted with LASERS. Sadly no sharks, though

Paul Crawford
Silver badge

Or the money saved can be put into making things more efficient/faster, and that also earns money.

1
0

Words to put dread in a sysadmin's heart: 'We are moving our cloud from Windows to Linux'

Paul Crawford
Silver badge

Re: Windows upgrades

Moving from OS to OS, or between versions of the "same" OS separated by many years, is often a real pain and takes a lot of effort and testing. For some legacy applications the cost or trouble may not be worth it. If you have legacy code that is not internet-facing, then running it in VMs of NT4, W2k, old Linux, etc, is probably going to be your saviour.

You can typically run a good few VMs on a single newer server with your preferred OS (Linux or Windows) using either a paid-for VM or (if willing to risk it) a free one. All at lower cost and higher performance, security, and ease of backup/restore, than keeping old machines going.

2
0

Emoticons blast three security holes in Pidgin :-(

Paul Crawford
Silver badge

I have Pidgin installed on my Linux box at home, but honestly never use it. Those I used to IM with now use Facebook's chat, which I don't like, and the rest just seem to have vanished with MSN closing.

How many folk still use this?

0
0

BOFH: SOOO... You want to sell us some antivirus software?

Paul Crawford
Silver badge

Re: Why do you use AV, unless you are compelled?

You make an important point, considering how practically useless and excruciatingly unpleasant the "cure" for viruses is.

What matters most is you have some off-line backup & restore strategy and actually use it.

Then you are probably better to run Windows without AV and just be willing to nuke it and restore the backup when t gets infected. This has the added bonus of getting rid of general crap and bloat (aka "windows entropy") as well.

0
0

Ex-NSA lawyer warns Google, Apple: IMPENETRABLE RIM ruined BlackBerry

Paul Crawford
Silver badge

WTF?

Either this guy has been smoking something his former employers would have strong policies against, or he is barking mad. Who wants to be spied upon, given the bad guys (for any preferred definition of "bad"), gain the same capability?

On the other hand, maybe he is sane and just revealed the existence of a behind-the-scenes campaign by the US gov to discredit RIM to a number of big businesses?

On the third hand, for those of you with special capabilities, maybe he is talking up the 'problem' knowing full well they already have to broken enough for business as usual?

36
1

Luxembourg: Engine-room of the tax-break economy

Paul Crawford
Silver badge

Re: Luxembourg

Funny that, I didn't think there was so much software writers and servers in what is basically a big city...

0
0

Eye laser surgery campaigner burned by Facebook takedown

Paul Crawford
Silver badge

@JDX

Or how many who are saved from eye damage by plastic lenses taking some of the blow?

1
0

Rovnix Trojan infection outbreak infects 130,000 machines in Blighty

Paul Crawford
Silver badge

Re: A simply secure OS ?

The problem for most folk is that so much of what they want to do on-line, like buy stuff, relies on stuff that NoScript blocks. Once users get the idea of just clicking 'yes' to make things work you have something just as bad as the typical Windows plus shitty AV software that asks users if they want shaftmesideways.exe to run.

Until (and I advise you not to hold your breath) most web sites are designed to work without suspect scripting that crosses domains, then NoScript is just an annoyance to non-tech folk that they will click-through, rendering it pointless.

1
1

Languages don't breed bugs, PEOPLE breed bugs, say boffins

Paul Crawford
Silver badge
Joke

What, no assembly language projects?

6
0

NSA director: We share most of the [crap] bugs we find!

Paul Crawford
Silver badge

Time scale?

Did he say how long they sit on a bug before disclosing it?

Given the weasel-worded manner of bureaucrats everywhere, they could disclose them a year or two later and still be technically correct in saying they share discovered vulnerabilities.

3
0

Having a Web Summit? Get some decent Wi-Fi!

Paul Crawford
Silver badge

Re: What? Techies that don't have their own mobile data plan?

You seriously think that a typical nearby phone cell is going to offer usable data to 22 thousand delegates?

That is why venues charge a lot for good wifi (though clearly the 2nd part was missing here) as you need a lot of coordinated access points and serious back-end capacity. You know, simplistically 22k users trying to get a miserable-by-3g-standards 100kbit is going to peak at 2.2Gbit/sec for the broadband link out.

9
1

Microsoft: How to run Internet Explorer 11 on ANDROID, iOS, OS X

Paul Crawford
Silver badge

MS missing the point, again.

Why can't they make IE a stand-alone product like every other browser manages? I thought they had got to the point with a GUI-less Windows Server that this was now possible (or at least, not *essential* for Windows to run), so why don't they?

How hard could it be for a multi-billion dollar company to make their software cross-platform like all other seem to manage on a fraction of the budget?

4
0

The NO-NAME vuln: wget mess patched without a fancy brand

Paul Crawford
Silver badge

Re: ... it could “overwrite your entire filesystem”

True, you can't p0wn the machine unless running as root (why? really why do that?)

But you could get up to lots of mischief by overwriting the user's own files, maybe starting with something creative in .bashrc

<twiddles moustache like a cad & bounder>

Can we have a Terry Thomas icon please?

0
0

BlackEnergy crimeware coursing through US control systems

Paul Crawford
Silver badge

Re: AC

"not patched, then there would be no need to reboot"

That was what I meant, these days an unmolested Windows box (as for Linux) should stay up more or less indefinitely.

The problems come when patching, and that leads you to the "soapy frog dilemma":

(1) Do you leave things alone because they are working, and risk someone coming along with a bucket of soapy frogs, or;

(2) Do you patch/update them to keep your trousers on, and risk breaking things.

http://www.youtube.com/watch?v=RJF_bBiMstc

3
0
Paul Crawford
Silver badge
FAIL

Colour me unsurprised

So we have internet-connected machines running critical control stuff, probably not OS patched due to the risks of disruption from untested interactions or bad patches (and the near-inevitable reboots in these as windows-based system), and probably not application patched due to vendors taking their time and/or the same risks of downtime, more testing needed, etc.

And they get compromised.

Are there any El Reg readers who are surprised?

9
0

MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer

Paul Crawford
Silver badge
Boffin

I also wondered about that, after all correlation (which we have) is not causation. But that is science really: Find some unexplained connections, postulate a theory, and then try to perform experiments to disprove said theory. If it holds up, then it is true enough to be usable.

Until someone else comes along with something better that can be tested...

2
0
Paul Crawford
Silver badge

Re: "a statistically quite small group of people"

A few thousand folk is not, in my humble opinion, statistically small. That is the whole point of sampling a population, you can't practically evaluate all so you get "enough" to have some specified confidence interval.

Do you have enough knowledge of statistical method to comment in any more detail?

26
0

Just don't blame Bono! Apple iTunes music sales PLUMMET

Paul Crawford
Silver badge

@werdsmith

Before criticising folk who use iTunes you have to consider the following:

1) Apple managed to get a sensible sales model from the major music labels. You need to look back a decade or so to see just how crap the industries own on-line shops were. Just who gives a fsck about which label your favourite band is on? And the incompatible DRM shit!

2) Some folk struggle to use ripping software. Hell, some struggle with the concept of RTFM, or even of using Google, etc, to find help...

3) A lot of folk bought Apple ipods, etc, and they deliberately did not document the interfaces and often changed them, so getting music on along with album art was hit and miss. Same trick MS has used...except nobody bought the Zune...

4) A lot of new laptops, and all tablets, lack CD drives and few folk will splash for an external USB one unless they can be persuaded of the benefit. Buying the CD may be comparable to, or even cheaper to iTunes in the sale/bargin box case, but buying one track at a time is popular because frankly a lot of albums are pish, with one or two redeeming tracks. If you are lucky. In that case the economics work against CD purchases.

5) While CDs are uncompressed and better than half of the MP3 tracks out there, most folk don't seem to care about Hi-Fi quality. They play them through crappy speakers or headphones and often as background music, and just don't see sound quality as important.

16
1

This Changes Everything? OH Naomi Klein, NO

Paul Crawford
Silver badge

Re: The Register should write about what it knows, this article is a FAIL.

"The only reason for the #Climatecrisis is the greed of the fossil fuel industry, and that is why this book is a must-read."

No, the reason is the collective "greed" of humans, like the tragedy of the commons. Paying more is something most folk will avoid, and even go in to denial about what the consequences are of their choices. People want, indeed expect, cheap energy and fossil fuels provide that but at a high environmental cost since folk are not paying for the consequences directly, nor are they being charged the "replacement" cost of such a resource.

Look how much has been done to try and raise animal welfare standards and yet a lot of folk still buy factory-farmed eggs rather than paying a few pence more! The same folk who bitch about petrol costs but won't change their behaviour to car-share on commutes, and need an SUV to take precious Tarquin the 1/2 mile to school, etc.

While the lobbying and dirty tricks of some of the fuel industry is distasteful, it is not unique to them but a character of our political system where those with money try to keep it by any means.

Personally I am in favour of "incentive taxes" against polluting or wasteful products, rather than the EU's approach of trying to ban things like filament bulbs, etc, as it gives folk the choice and generally the market will go that way as a result.

5
0

Consumers start feeling the love as Chromebook sales surge

Paul Crawford
Silver badge

Re: PC World

I have seen some interest in PC World while wandering around. Quite a lot if you compare the area of Windows machines to the sole Chromebook stand, but not as much as the fondlslabs and Apple kit was getting.

I suspect most ended up buying a fondleslab though, probably the cheaper iPads or Android. But then I am not a sales guru like Gartner, etc, so why listen to me?

0
0

Vulture trails claw across Lenovo's touchy N20p Chromebook

Paul Crawford
Silver badge

Biggest gripe

My biggest gripe with Chromebooks is actually the keyboard, more specifically the lack of Ins/Del/Home/End keys. Even with a web page, having to scroll all the way to top or bottom rather than using the Home/End is a major irritation.

Having said that, for a few folk I know they are ideal: cheap, simple, and virtually nothing to do to keep them running infestation-free, and not having a dozen or so updaters running in the background (of which they can't even explain what half of the stuff was installed for).

Accepting that Google's slurping is an infestation of sorts, of course...

1
0

Guns don't scare people, hackers do: Americans fear identity theft more than shooting sprees

Paul Crawford
Silver badge

Re: The media strikes again!

Wow - I had no idea that many had occurred in the USA, also if you look at the general page on school shootings, the rest of the world has not a patch on the USA for that :(

2
0

Computer misuse: Brits could face LIFE IN PRISON for serious hacking offences

Paul Crawford
Silver badge

Re: Needed

Perhaps if some of the punishment was also metered out to those ultimately in charge [1] of the systems being hacked and defrauded when they have not done a good job of securing them, things might change.

[1] I.e. at the CEO/CFO level, not BOFH. Those who decide how much to spend on security and if changes that make things better are to be vetoed for business reasons.

4
0

MARS NEEDS WOMEN, claims NASA pseudo 'naut: They eat less

Paul Crawford
Silver badge

Re: Bah!

Now I'm humming along to "Hong Kong Garden"

Damn!

0
0

UNIX greybeards threaten Debian fork over systemd plan

Paul Crawford
Silver badge
Unhappy

Systemd won't fix poorly implemented services either. Anyone who is not able to write/test/test-again something for init.d won't magically have it all work perfectly under another scheme. Upstart seems to be the least-worst option for something that permits dependency resolution and parallel starting, but its not perfect either and really should be extended to include managing the init.d scripts as well, as realistically there is a lot of stuff that won't get converted to native jobs any time soon.

At one point the Ubuntu project was doing a really good job of making a Linux distro that worked, and was fairly sane, but sadly from about 10.04 seems to have lost its way. It really needs someone like that who is interested in PC use, and not the tablets they fixated upon, to drive a project sanely.

And never listen to the GUI developers either: look how many stupid changes have been made to Gnome and Firefox, etc, etc.

36
0
Paul Crawford
Silver badge

Re: Such hatred

I think upstart is a bit more sane, but even then it has its dumb aspects.

Why, for example, is upstart not calling the traditional scripts in order as well? That way you could at least use its dependency capabilities with non-upstart processes, just like the "service wibble start|stop" sort of command suggests you could.

2
1

ESNet's 100 Gbps Atlantic link almost ready to flow

Paul Crawford
Silver badge

El Reg units

I thought the correct unit for high speed bandwidth was the kilowrist?

http://www.theregister.co.uk/2008/11/12/arizona_boffins_grasp_fat_pipes/

0
0

Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know

Paul Crawford
Silver badge
WTF?

Re: Ummm, no.

Exactly! A "driver-less car" has to be just that - NO driver input expected at any time, bar choosing where to go.

Otherwise why bother? You would be paying a lot extra one way or another and still expected to be sober and alert for any time the computer decides "Fskc this, too hard for me. Hey meat bag? Grab the controls, oh by the way you have 5 seconds to impact..."

9
0

US government fines Intel's Wind River over crypto exports

Paul Crawford
Silver badge

@James 100

I doubt the FPU would do it, too much science checking results to notice odd values.

Now the random number generator, there is one you could use to leak key bits in a manner known only to the creators and those chosen to be 'in the know'...

0
0
Paul Crawford
Silver badge
Black Helicopters

Re: I cant believe it.

It is pretty easy to see that the Intel AES instructions do implement the AES maths correctly, so part 1 of the tin-foil equation seems to be settled.

However, that aspect the truly paranoid would want to know is part 2 - is there an undocumented method to recover previous keys (or parts of keys) used by said AES instructions? You know, something that windows, flashplayer, or similar closed source software might just run and report as a footnote to some other data dump...

1
0

Sign off my IT project or I’ll PHONE your MUM

Paul Crawford
Silver badge

Re: Toilet breaks?

Just don't forget to disable the video call feature.

2
0
Paul Crawford
Silver badge

Re: Plastic bottles shheesh

Gravel Roads? That were luxury!

We had t'piss in fields of nettles, and woe betide any lad who cried at his stung todger!

4
0

Forget passwords, let's use SELFIES, says Obama's cyber tsar

Paul Crawford
Silver badge

Re: Passwords work AND are easy.

Indeed!

Apart from those using "12345" or similar, just how many attacks actually guess a user's password compared to re-using a stolen password database?

I think those are the real problems:

(1) password re-use and;

(2) insecure sites storing passwords in plain-text or unsalted hashes.

Changing to a photo, etc, will make bugger-all difference to that, and once the bad guys have a copy, how do you change it?

4
0

Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE

Paul Crawford
Silver badge

Re: From ISC

Well on my Ubuntu home box:

Firefox 33 => not vulnerable

Chromium Version 37.0.2062.120 Ubuntu 12.04 (281580) (64-bit) => vulnerable

Opera 12.16 => test did not complete (probably not exploitable then?)

1
1

Ada Lovelace Day: Meet the 6 women who gave you the 'computer'

Paul Crawford
Silver badge

Did Margaret Thatcher herald a kinder, gentler phase in British politics?

5
0

White LED lies: It's great, but Nobel physics prize-winning great?

Paul Crawford
Silver badge

Another factor that is often overlooked is that in a place like the UK where a lot of lighting is used in winter, indoors, and along with heating, then any increase in efficiency is going to be partly offset by the heating system making up for the reduction in waste heat.

Other than that point, I tend to agree with Tim that we will just use more of it if the running cost is reduced.

17
3

US astrophysicist Neil deGrasse Tyson: US is losing science race

Paul Crawford
Silver badge
FAIL

Re: The United States

"there were no money to send humans anywhere else"

Alas, there was a trillion dollars to fight a pointless war in Iraq though.

Fail for us, because the well-known war criminal Tony Blair was from the UK.

17
0

Internet Explorer stars in monster October Patch Tuesday

Paul Crawford
Silver badge

@LDS

"What is better - a false sense of ssecurity, or a message reminding you you need to reboot?"

Well for a start it is better to simply restart a web browser (which is sometimes needed for other reasons) than to have to stop everything you are doing, saving sessions, etc, for that alone!

Also in the case of Linux, at least from my experience, if say Firefox is update it tells you that it needs restarting. And not the whole machine, which could be running other stuff or have other users logged in.

7
0
Paul Crawford
Silver badge

Cardinal Ximénez: Google Chrome is the browser you can update without needing a reboot!

Cardinal Fang: Firefox as well.

Cardinal Ximénez: Yes, Google Chrome and Firefox can both be updated without a reboot!

Cardinal Biggles: Whay about Opera?

Cardinal Ximénez: Among the browsers that can be updated without a reboot, are Chrome, Firefox, Opera, Safari, Konquror...

Cardinal Fang: Don't forget to mention a fanatical devotion to the Pope, and not IE

5
4

FLASH drive ... Ah-aaaaaah! BadUSB no saviour to plug and play Universe

Paul Crawford
Silver badge

Wrong direction of trust...

You have to start by assuming everything is suspect, so the PC/OS should start with the assumption that any USB device cannot be trusted.

As others have mentioned, when it is plugged in the very least an OS should do is tell you what class of device it claims to be. If it should be a USB mass storage device then that is fine, and you can proceed to be suspicious of its contents.

However, if your USB stick claims to be a mouse/keyboard/etc then WTF?

Fine for a proportion of El Reg readers, we might go "WTF? ...disable... ...destroy..." but that is not good enough for Joe/Jane Public for whom the OS needs to be a bit more protective, and query with language a bit more obvious than "enable HID?", say to something like "You appear to be adding a second mouse, is this really true? Think carefully my friend before answering..."

1
0

Google ordered to tear down search results from its global dotcom by French court

Paul Crawford
Silver badge

Same as MS & USA judge

Sadly this is as worrying as the issue of a USA judge ordering the data from MS Ireland, it is basically a power-grab where they feel that because "the internet" crosses their jurisdiction then they can apply judgements world-wide.

How long before we get other countries ordering global removal of links that don't suit them?

It may be unfortunate for the French individual to have defamatory things said, but they should take it up with the location of the comments as only a law there should apply to the other party.

2
0

Unchanging Unicorn: Don't be disappointed with Ubuntu 14.10, be happy

Paul Crawford
Silver badge

"reversed gnome 3"

Oh err, a "reversed gnome 3" sounds like some illegal pr0n move!

3
0

How the FLAC do I tell MP3s from lossless audio?

Paul Crawford
Silver badge

The ability to tell the difference depends on 3 things:

1) The original quality of the recording.

2) how good your system and ears are.

3) What sort of MP3 compression is in use.

Number (3) is critical, if you are using 128kbit fixed-rate coding then I am pretty confident you will tell the difference, if you are using 320kbit variable-rate I would doubt most could.

17
0
Paul Crawford
Silver badge

Re: "Everything between sample points is lost" (@the spectacularly refined chap)

The key point about Nyquist's theorem is it starts with the assumption that the signal you are interested in is strictly limited in bandwidth. If that initial assumption is true, for example that you only want/need 20Hz to 20kHz, then by sampling above twice the highest frequency (say at 40.0001kHz) than you are NOT losing any information by sampling.

What is impotent is that 20kHz is an arbitrary value (but realistic limit for most younger humans, us old buggers are lucky to get 15kHz) and to avoid the very unpleasant business of aliasing you MUST be strictly limited to that value.

Since that near brick-wall filter is highly impractical for any analogue filter, what is normally done is to sample higher than that, either a little bit more on sample rate (like 44.1kHz) and use good analogue filters, or a much, much higher sample rate and push the band-limiting problem in to the digital domain where it is practical to implement good filters (but with time delay, but for recording that in not a problem) and then to re-sample at a chosen lower rate.

9
1

Bash bug: Shellshocked yet? You will be ... when this goes WORM

Paul Crawford
Silver badge
Trollface

Re: Oh $!#t.

I picked a bad day to quit trolling.

6
1

Microsoft sets up bug bounties for online services

Paul Crawford
Silver badge

Big mistake

"Bugs requiring unlikely user actions"

Come on, just how often have you found end-users doing things in a manner thought to be unlikely/unreasonable/damn strange by the developers?

3
0

Chipzilla promises $6 billion to upgrade Israeli plant

Paul Crawford
Silver badge
Mushroom

'Infidel Inside'

It could be a new marketing slogan!

15
0

Forums