* Posts by Paul Crawford

2994 posts • joined 15 Mar 2007

Microsoft's 200 million 'Windows 10' 'devices' include Lumias, Xboxes

Paul Crawford
Silver badge
Trollface

Re: ENOUGH!

What about Windows ME?

2
0

Intel, Warner lock horns with hardware biz over HDCP crypto-busters

Paul Crawford
Silver badge

I don't have any HRDCP 2.2 need now, or in the immediate future, but I am sorely tempted to buy one of these simply to piss Intel & Warner off.

14
0

AMD to nibble the ankles of Nvidia this summer with 14nm FinFET GPUs

Paul Crawford
Silver badge

<- this

In the past decade or so the only major trouble I have ever had when installing or updating systems has been crappy video drivers. Both Linux and Windows.

A pox on them all!

7
0

The Register guide to software-defined infrastructure

Paul Crawford
Silver badge

Re: Change Management

One of the guys in the networking department where I work explained it thus: Change management provides me with no immediate advantage in having to fill out the request forms, etc, but it provides me with plenty of benefits when others do it. And vice-versa.

Knowing what was changed and when, and having easy ways of rolling back (e.g. snapshots of file systems and configs, etc) is a huge advantage if what you do really matters.

1
0

John McAfee rattles tin for password replacement tech

Paul Crawford
Silver badge

Re: Maybe

Wristwatch? I have never lost on of mine, though I have occasionally forgotten to put it on in the morning. If my pre-departure email check needed it, then probably that would be further reduced to the point where its an acceptable risk.

But..still needs something like a master password designed-in as well so it can't be used to activate another phone by someone standing next to me in the tube, etc, without my knowledge.

0
0
Paul Crawford
Silver badge

Close, but no cigar

Having a physically isolated password store is a good start, you don't have to entrust your data to others (or do you? details...) and it ought to be difficult to hack by virtue of having a limited connection to the machine's it unlocks. Also it ought to encourage unique and difficult passwords all round, so you don't get some numptie's server being raided and half your family/friends other accounts exposed due to id (email address?) & password re-use.

But really it ought to be a 2FA item, and you still should need some master password as well, so that it can't be stolen and used before you realise it and can have it frozen. There are, of course, other issues like how it is supported on the host machines, and how free such software will be (e.g. will there be an open source driver for Linux use?) to make it usable on enough platforms to be of value.

Most worrying is the time and money so far for no sign of a working prototype...

1
0

Trustworthy x86 laptops? There is a way, says system-level security ace

Paul Crawford
Silver badge

Re: Trusted storage

No, that is not as big a problems as "can we be sure there is no hidden storage on the main CPU, or anything like it in a vendor-supplied device driver?"

Really it comes back to two important and related issues for 'trust' in a system:

1) Is everything open to inspection and cross checking? The basics of open source development really (and yes I am aware of the likes of Ken Thompson's compiler backdoor).

2) Is the level of complexity as each key step manageable for inspection and/or automated validation?

Having hidden code in the US-based corporation's "CPU" for remote management is a nightmare for any non-US government as it offers such an opportunity for a planted backdoor, as much as it is a nightmare for everyone else who cares about security due to the opportunity for plain old fsck-ups.

5
0

Five key findings from 15 years of the International Space Station

Paul Crawford
Silver badge
Coat

Re: AFAIK orbital nookie hasn't happened

But do they have a policy on orbital masturbation?

Mine is the dirty mac, thanks ->

0
0

Researcher criticises 'weak' crypto in Internet of Things alarm system

Paul Crawford
Silver badge

Re: What?

Indeed 2-3 years is taking the piss, but that is what we see with the majority of smartphones. You have to look hard to find any getting support or security updates even when under 1 year old, let alone 3.

But this misses the point - such shit security practice like unencrypted communications that reveal passwords, etc, have been known to be shit for decades so there is no excuse. It simply comes down to companies not employing staff or external support (e.g. penetration testing, etc) who know what they are doing when it comes to security. So many of the bugs that keep coming up, and design flaws, are well known and often (in some cases, like memory abuse) picked up by compiler warning and static analysis tools. That don't get used.

2
0

Debian Linux founder Ian Murdock dead at 42

Paul Crawford
Silver badge

Always sad

It is always sad when someone's life is cut short for any reason, but more so for mental illness, etc, where it always feels as if it could have been prevented so easily if only we had known how deep the problem was. More so, of course, when the person is famous in some way for having contributed to humanities well being in a significant way.

"Therefore, send not to know

For whom the bell tolls,

It tolls for thee."

14
3

US Marines kill noisy BigDog robo-mule for blowing their cover

Paul Crawford
Silver badge
Terminator

Re: The Uncanny Canine Valley

"Or the big robotic dog will give you a humping that no postman ever dreamt of in his worst nightmare"

4
0

Intel completes epic $16.7bn Altera swallow, fills self with vitamin IoT

Paul Crawford
Silver badge

Re: "We will apply Moore's Law to grow today's FPGA business"

"The idea that FPGAs are going to be used by the million in autonomous vehicles is farcical"

Really, you think that they will be either standard CPUs or an ASIC they got right first time and has no need for updates due to bugs and litigation-induced changes?

2
2

SAP business apps rolled as Hitachi cloud service

Paul Crawford
Silver badge
Unhappy

Re: @Hans 1

"Nobody understands human-machine interfaces anymore"

You forgot the morons at web browser dev teams, think Chrome, Firefox (desperately trying to copy Chrome and losing their USPs in the process), even Vivaldi, the new-Opera, has gone for its own stupid win7-ish framework that looks out of place even on Windows, let along other machines, and seems to have lost the good bits of Opera. Opera, of course, has also lost the good bits by becoming a Chrome-reband (OK, the "turbo" feature is still useful).

A pox on them all!

0
0

China wants encryption cracked on demand because ... er, terrorism

Paul Crawford
Silver badge
FAIL

Re: Well, that didn't take long

So when all of the gear in the West has China's required back-doors, as they also want, will our governments be happy that we can all sleep safer knowing those bad guys can be found and stopped, and that the Chinese (and every other government out there) would never dream of using this mandated access for political reasons or for industrial espionage?

29
0

Hybrid cloud thingies, new media and everything is software-defined: Storage reinvents itself

Paul Crawford
Silver badge

Re: Software defined this, software defined that...

"what this crap is all about?"

Not being tied to some vendor's over-priced hardware is the most obvious aspect, as traditionally you would buy some storage array and then have to get replacement HDD from that vendor, at £1-2k per HDD for SFA, but for a firmware version the software would accept.

So yes it is a lot of bollocks but the underlying issue, that of having a choice of hardware, is not such a trivial aspect after all.

2
0

Microsoft in 2015: Mobile disasters, Windows 10 and heads in the clouds

Paul Crawford
Silver badge

Re: Mixed messages ....

Its far to easy to shout "MS shill" at consumer magazines when the real answer is much more likely to be how they choose to evaluate things. The "average consumer" from an advertiser's perspective appears to be someone not terribly bright and blown over by bling and novelty features, say, voice control. They are unlikely to think or care much about the privacy implications of how that is implemented, nor do they think much about freedom and control over a PC.

Tech web sites on the other hand obsess over small points and how thing can be used for massive scale computing, etc. I have to admit to being that sort of a geek and champion Linux for various reason like this.

But I know some folk who have "upgraded" to W10 and genuinely love it because it works for them and they don't care about the things I do. Sure I point them out, but I don't behave like a religious nutter over it and they are perfectly free to choose that if they want.

9
3
Paul Crawford
Silver badge
Trollface

Re: My 5 WIndows 10 machines (of all form-factors) ......

Doh! You just fed a troll.

3
0
Paul Crawford
Silver badge

Re: CAD software

We are pretty much a Linux shop, with a few Solaris machines being retired as fast as we can get our gonads out of Larry's money-making vice. However we do require Office for some document work where it has to be format-perfect with other MS users, and a few CAD packages that are Windows-only. Our solution is to use Linux for our desktops and have a few VMs with Windows for those applications (often XP, as for 7 you need the enterprise license I think for virtulisation), and not give them internet access.

Result is pretty much the best of both worlds in terms of cost, flexibility and security. Yes it adds a slight complexity to using software in having to fire up the VMs but for anyone capable of using CAD software or writing complex technical or business documents its not a challenge after 10 mins of tuition.

Of course it might not suit everyone's use-case, but is worth considering.

14
0

Bookstore sells some data centre capacity, becomes Microsoft, Oracle's nemesis

Paul Crawford
Silver badge

Re: @oldcoder

The whole "TCO thing" is flaky, it depends on who is running the evaluation and just what they are asking as the licensing costs for Windows (in particular) are complicated.

But even if Windows was a little cheaper for my use-case, which I doubt, I would still choose Linux for the simple reason that I am in charge of what my computers do. Not some company that won't give me all the source code and reserves the rights in the EULA to disable stuff if they feel like it (e.g. for DRM support). That is a point of principle for me.

20
2
Paul Crawford
Silver badge

Re: Since it wasn't mentioned by name in the article

Over 5 years, look at the cost of Red Hat versus a Windows 2012 server. Which OS is more expensive to run?

I'm sure that depends on who you ask:

http://www.redhat.com/en/about/blog/how-red-hat-enterprise-linux-trims-total-cost-of-ownership-in-comparison-to-windows-server

So they say "Red Hat Enterprise Linux experienced 34% lower annual TCO per user compared to systems running Windows Server", what are your figures please? And a suitable citation.

17
2

Security sweep firm links botnet infestation and file sharing

Paul Crawford
Silver badge

Hmm...

So organisations that allow users to install arbitrary software like P2P clients, and don't pay any real attention to network security/firewall rules, are also getting Rodger'd with a spiky barge poll when it comes to Windows infections, etc?

Colour me surprised...

3
0

Windows 10 won't come to old WinPhones until some time in early 2016

Paul Crawford
Silver badge
Trollface

Re: Which is worse

Opps, did I just feed a Troll?

2
2
Paul Crawford
Silver badge

Re: Which is worse

"Have you looked at the amount of crud you get with say a default Linux install?"

And yet a typical Linux install takes up far less disk space than typical Windows 10, odd that?

From here, Windows 10 16GB/20GB for 32/64-bit, Ubuntu 7GB:

https://www.microsoft.com/en-gb/windows/windows-10-specifications

https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes/UbuntuGNOME

Also its easy to fire up Synaptic or whatever package manager and de-install anything you really feel is unneeded for your system. If you are doing it a lot, then just use command line 'apt-get' (or equivalent) program to remove packages, and when done, use 'history' to list what you did, and copy/paste it in to a bash script that allows you to do the same on other installations.

2
1

Firefox-on-Windows users, rejoice: Game of Thrones now in HTML5

Paul Crawford
Silver badge

@Greg J Preece

It seems I stand corrected on this one:

http://www.makeuseof.com/tag/watch-netflix-natively-linux-easy-way/

I have not tried it, and would be interested to know if it plays nicely with the (usually off) AppArmour profile, etc, but it is a step in the right direction.

1
0
Paul Crawford
Silver badge

"The only actual effect of DRM is that it makes it so I cannot use my Linux box to watch Netflix and I'm a paying subscriber."

At one time they used Flash, and for all of the swiss cheese flaws in its implementation, it actually achieved the goal of having something that ran on all major OS (Windows, MacOS, Linux, maybe even Solaris once?) and could do enough DRM-ish stuff that companies were happy with it as a solution to getting people to use a paying service instead of torrenting it.

But then they decided to use Silverlight as apparently Flash was not secure enough (in DRM terms, they care not one hoot about your security) to keep Hollywood happy. Or maybe MS paid someone to try and embrace their new and long-lasting technology, who knows... Add to that Apple's decision to kill flash on mobile, and Adobe's utter inability to fix it for any sane length of time, and we see Flash is dying as well with only an old version support on Linux (unless you let Google slurp your privates with Chrome).

So we are back to the situation of not having support on many platform (older Android, Linux, Windows XP, etc) and it is easier to torrent. Any how many tears do I see being cried over this?

4
1

Former security officials and BlackBerry CEO pile in on encryption debate

Paul Crawford
Silver badge

Re: @Michael Wojcik

"So the government could decrypt part of the key, then brute-force the remainder"

One aspect of all of this that I wondered about is most folk have pretty simple PIN sequences or unlock patters for their phones, so I suspect they are brute-forcible in the order of 1E8 attempts or less, for a 4 digit PIN probably ~500 attempts. So is recovery from a confiscated phone really beyond the law enforcement capabilities, or is it simply an issue of cost/time that it looks too hard to do without a simple backdoor?

After all the Internet part needs very strong encryption because there are plenty of opportunities for the data to be intercepted and plenty of botnet PCs to do cracking if it looks worth it, but physical access to a phone is much less common and generally I suspect most stolen phones are going to be wiped and re-sold unless its trivial to get profitable data off it.

0
0
Paul Crawford
Silver badge

"Of course the big difference between being in government and having left government is that you no longer have the direct responsibility to keep people safe to knee-jerk to tabloid scare stories and moronic voters who believe them"

Is the fixed version for you. Really, what we have seen recently mostly did not use encryption, and decades ago when the likes of the IRA, Red Brigade, ETA, etc, we bombing and shooting people they did not have access to encrypted phones at all but some how managed to keep killing.

4
0

Windows for Warships? Not on our new aircraft carriers, says MoD

Paul Crawford
Silver badge

Re: sexually harass myself

Yes, when I was self-employed that was the downside. Ended up with an arm like Popeye...

3
0

Brazil gets a WTF WhatsApp moment

Paul Crawford
Silver badge

Re: @Chris W

"Refusal to comply is not the same as giving a reason for not being able to"

But what is it? The El Reg article reads is if they just point-blank ignored the Brazilian courts (which is always possible I guess). But so far I have not seen any translation of what the court requested nor what the official response of WhatsApp was to this request.

Can someone find out the real point of disagreement?

9
0
Paul Crawford
Silver badge

Re: @T. F. M. Reader

I use WhatsApp as it offers a group messaging facility that is handy to organise meetings of friends, etc, and once after wiping data to clear space on my SD card it asked if I wanted to download the previous messages, so obviously it keeps at least some history.

That would make sense, as the recipient's phone could be off or out of range for a few days so you would still want a message to get through. However, if anything like SMS I doubt they bother to store more than a week or two's worth of history (as it can also have photos, audio and video clips, so could be large).

As for WhatsApp having flawed encryption, that is a different matter. The fact that it can be broken or intercepted with moderate effort by a skilled hackler (GCHQ/NSA sort of thing) is not the same as being able to offer plain text on demand.

4
0
Paul Crawford
Silver badge

@Leeroy

That was my thought - they simply can't provide what was requested and the court can't get their head around that concept. But without an explanation of the original case and court order its just speculation.

9
0
Paul Crawford
Silver badge

Re: Internet services is that they should be resilient

Not if your sole route and connection (i.e. ISP / mobile operator) disconnects that service by blocking it.

You (an El Reg reader) can of course use VPN, etc, to bypass regional blocks, unless they are told to block VPNs for that reason, then you are in to the whack-a-mole game of blocking proxies, protocols, etc. Joe Public will just look at the phone/PC and go "WTF?"

8
0
Paul Crawford
Silver badge

What did the court orginally ask for?

I wonder if there is a good reason that WhatsApp refused to comply with the court order. Were they asked to supply plain-text data that they simply had no access to? Or did they think the original request was unreasonable in any other way?

The article covers none of this, and it seems odd that WhatsApp would simply refuse to consider a valid court order relating to an intentionally-accepted crime in any country unless there was something odd about it.

This appears to be very different to Uber who make a point of not complying with existing rules on licensing and insurance for taxies by arguing they somehow are not offering rides-for-hire, when everyone can see that is the whole point of paying for a ride.

25
0

CES tech show adds new security checks after fears of violence

Paul Crawford
Silver badge

Re: Are you clueless?

I can't quite tell if you were meaning to be sarcastic or simply trolling (if so, not a quality Troll).

And yet, including all of the terrorist killings in USA and EU in the past decades, it is still only equivalent a few weeks of road deaths in the same area (and gun accidents in the USA, for added Troll flavour).

6
1

Bungled storage upgrade led to Google cloud brownout

Paul Crawford
Silver badge

Re: "anyone still has valid data on this 15-year old storage rig"

Step 1 - unplug networking

Step 2 - wait for several days/weeks to see what falls over and/or who calls you.

Step 3 - shut down rig now your fairly confident its not really needed, as once stopped and cooled you have little chance of spinning the disk up ever again!

2
0

After safe harbour: Navigating data sovereignty

Paul Crawford
Silver badge

Technological solution

The main problems with all of this discussion about the legal aspect is it relies on all gov doing the same thing in law as the EU standard and companies honouring that as well. Both as slow and unlikely to happen, and also likely to get screwed over by some gov deciding to change the law on slurping (or just doing it by the back door of secret court orders).

But there is the option of encrypting a customer's data with their own key(s) in such a way that the cloud service never has access to said keys. In that sense it matters not one hoot as to where your data is because its always under your lock & key.

Yes, I know it might not be fully NAS-proof if they took a fancy to it, but it is enough for companies to be able to honestly say they cannot prove clear-text data, so there is no point in asking. In addition there is little to no risk of accidental disclosure to a corrupt cloud company employee, discarded equipment, sale if cloud company goes in to administration or is taken over, etc...

Of course that has its own issues, and is not going to go down well with data slurping companies like FB, Google and (sadly now) MS where scanning your data to whore you to advertisers is how they make a living. They could work around that to have a decent compromise, but without all of the lovely profitable user-identifying data to play with. So bugger-all chance of them volunteering to do this.

1
0

Oracle, looks like your revenues were down. 'Cloud! Cloud! Look at the cloud!'

Paul Crawford
Silver badge

Re: They forgot how Sun got big.

You are thinking like an engineer. That is how companies like Sun did so well when they were pushing/practically giving away stuff to universities to get it used and liked by the upcoming generation of computer science students.

Oracle thinks more like a business. As in the business "offer you can't refuse" because your (legal) balls are in the vice and every time Larry asks for more money you just have squeal to ask "How much?"

0
0

Press Backspace 28 times to own unlucky Grub-by Linux boxes

Paul Crawford
Silver badge

Re: This explains why ....

Grub updates are usually OK so long as you don't have a "custom" boot arrangement which you don't really understand.

That usually shows up as a prompt about what do you want the update to do, usually in terms of using the default package maintainer's config or your own (own! own!) and/or which drives to install the boot loader (MBR) on (almost a trick question as it often offers logical drives like /dev/sda1 in the list but you should only ever install on physical drives such as /dev/sda).

Also, and this is the bummer for some, most grub updates don't need a reboot. But unless you reboot there and then to test it, some weeks/months later if something is screwed up you will be forced in to booting and it borks, and you have forgotten all about this update.

So my advices is install it, if prompted keep current settings (and/or install MBR on the /dev/sda) and then do a proper clean reboot just to be sure.

3
0

Beleaguered Microsoft customers: Streamline your licensing

Paul Crawford
Silver badge
Trollface

I find no real problems with MS software licensing these days.

Oh yes, forgot to mention its mostly Linux here, with the odd XP VM for various occasionally used software that has no viable FOSS alternative.

5
1

Be afraid, Apple and Samsung: Huawei's IoT home looks cheaper and better

Paul Crawford
Silver badge
Gimp

"We cannot even capture the backside of the passer by"

Exactly! That is no way to make a good perv-cam

2
0

New gear needed to capture net connection records, say ISPs

Paul Crawford
Silver badge

Re: There is no point in trying to play party politics with this one.

Yes there is - make sure the fsckers know they (whoever is in power currently) will be tarred with introducing it come the next election. It might magically make the grow some ethics, like the LD has in this respect.

9
1
Paul Crawford
Silver badge

The ISPs should tell the committee that cost recovery is not an issue - they will all simply put all of the hardware, software and administrative costs down on the customer's bill separately itemised as "Conservative Government Snooping Tax".

17
2

Microsoft extends Internet Explorer 8 desktop lifeline to upgrade laggards

Paul Crawford
Silver badge

"same kind of lock-in as if they'd stuck with a Windows-native client"

Actually if they had used a win32 client and stuck to the most simple and common API calls (and actually read MS' own guidelines about privileged use, etc) they would have far less of a problem.

I have several applications that were written for Windows a long time ago that just keep working, version after version. Often also working on Linux+WINE as well. Its the fancy new and/or undocumented stuff that bites your ass eventually, so just keep clear of the latest fad (how is Silverlight doing?) and use the common stuff and its not too bad.

Much more so if you force your developers to build & test on two different platforms/compilers always (even if both are "Windows" and "Visual Studio" but different releases) as that way they can't use the ephemeral stuff...

5
0

Memory-resident modular malware menaces moneymen

Paul Crawford
Silver badge

Memory resident?

So how does it survive reboots? Can it spread machine-to-machine, or would making your office work PCs shut down every night be a useful mitigation technique (as well as saving money on electric)?

4
0

Microsoft to OneDrive users: We're sorry, click the magic link to keep your free storage

Paul Crawford
Silver badge

"the incident nevertheless serves as a reminder that free stuff in the cloud can be taken away as well as given"

There, fixed it for you...

2
0

Volkswagen blames emissions cheating on 'chain of errors'

Paul Crawford
Silver badge

Re: the only error is that I bought one of these

" I was impressed with the power and the fuel economy" ... "my 13 month old car with less than 9,000 miles is worth half of what I paid for it"

Why don't you just keep the car for 5-10 years and get your money's worth out of it? Works for me (as a tight-fisted Aberdonian)

21
1

Predictable: How AV flaw hit Microsoft's Windows defences

Paul Crawford
Silver badge

Re: The MS platform is pretty robust ... Firefox

Yes, this is a sore point also on most Linux systems as well. If there is one sane thing that the Firefox management could do for their products and the world at large, it would be to focus on making a browser that was easy to secure and designed to enforce a respect for privacy.

That means having a simple way of using central management tools to set parameters and to force/block plug-ins that are centrally defined, and to have a sane limit on what the browser should ever need to access so things like apparmour profiles are trivial to use without issues. And this goal should be thought through so it works using WSUS and several of the Linux options (both per-machine via local admin, and centrally for the network).

As far as privacy goes, this means reporting only one of a few configurations so its not easy to fingerprint for tracking (and/or randomly reposting different bits every time so no two sessions on a given machine look alike, e.g. dithering on canvas draw etc). It also means having a design so things like history and cookies are all isolated from javacript and plug-ins by default, and only signed plugins that ask for permission and are granted it can use it. And that denying access just returns a near-blank list, like a fresh browser install, so a plugin can't tell if it has real access blocked or not.

So please Firefox team, quit dicking around with the GUI to look like chrome, quite removing features because you can't be arsed to support or test them, and focus of having a selling point that system admins want - an easy life of little trouble from users, idiot or otherwise.

5
0

Microsoft drops internal PowerShell tests on GitHub

Paul Crawford
Silver badge
Trollface

Re: What the world needs now

Poor quality trolling there.

You could have tried mentioning the lack of portability beyond Windows, or the benefits of ASCII for cross-platform use in bash, maybe even joked about csh/tch/sh/bash offering one common way of doing things.

0
0

Facebook wants a kinder, gentler end for SHA-1

Paul Crawford
Silver badge

Of course this is not helped by the muppets at Google & Firefox, etc, dropping support for web browsers on the likes of XP even though a significant number of folk still rely on it.

For the technically competent there is always Linux for safely browsing using old machines, but that is hardly a solution for the majority who don't even grasp what an operating system is, let alone that it can be replaced on existing hardware.

2
1

Obama calls out encryption in terror strategy speech

Paul Crawford
Silver badge

Re: @Joseph Eoff

Meanwhile in Europe we don't have school massacres practically every year for the last century...I think you will find that even with all of the "terrorist" acts in Europe post WW2 together the death toll is less than a year of US gun-related accidents.

12
0

Forums