* Posts by Paul Crawford

1696 posts • joined 15 Mar 2007

Firefox takes top marks in browser stability tests

Paul Crawford
Silver badge

At my work nobody has found a browser that allows you to keep ~100 tabs open and not either crash outright or soak up >8GB of memory and so page the machine in to oblivion.

I close mine every night and keep to ~20 tabs max for that reason :(

Back to the WTF point of this, even 400 tabs & 8GB or memory is approx 20MB used per tab, really how do you get that usage from a few 100kB of download per open tab?!

1
1

So, you gonna foot this '$200bn' hacking bill, insurance giants asked

Paul Crawford
Silver badge

Cheaper option?

Maybe just making those at the top of said companies liable for losses (or open to prosecution) from ill thought out IT systems being public facing, when the main driving factor to do so is cost-reduction and good IT advice is ignored or not sought, would cost us all a lot less?

4
0

Report: NSA spying deals billion dollar knockout to US cloud prospects

Paul Crawford
Silver badge

Re: U.S. NATIONAL DEBT

I can't see this making any difference to non-IT systems.

Maybe for Cisco, MS, etc. it will cause problems.

Most definitely for cloud provides as things stand. But really, the whole idea of putting your data into someone else's hands without verifiable client-side encryption is dumb by any standards. All that the recent NSA revelations have shown is this risk (your data being subject to secret access by a foreign gov) is real.

It applies no matter which country you store data in, not just the USA (though they seem to be the worst so far). The moral of today's story is encrypt before any others (ISP, cloud provider, etc) get access!

2
0
Paul Crawford
Silver badge

AES, or not AES...

Some people don't seem to grasp that AES was created by two Belgian cryptographers and after a lot of competitions and open peer-review by most of the world's experts and was ultimately decided to be the best by more or less everyone. That is why it became the official US choice (i.e. NIST), not because it was created with a NSA backdoor of any sort.

Now you might argue that the NSA has built acceleration hardware to assist AES code-breaking, but with the advent of FPGA systems that can be re-programmed to suit any cypher, hence no common cypher is going to fair better. And if you go inventing or adapting your own or some obscure one, most likely you will inadvertently make matters much worse for your own security.

So if cryptographic security really REALLY matters to you, you need to concentrate on having a high entropy key, and securing the key against "APT" style of system wide hacking. Most likely, that is the weak link.

Finally, don't over-estimate your importance to the spooks, most comentards seem to think the NSA, etc, will blow days of billion dollar machine's system time on their scribblings. They won't, not unless you are important enough.

Maybe you are, say a business that is serious money competition to a US gov supplier, for instance. But in reality making your data encrypted in any way means they (and advertisers, private investigators, etc) can't read/mine it so it gets stored away in case they do want to investigate you. Out of 1 billion or so Internet users? Really?

4
0

Horrific moment curvy mum-of-none Mail Online spills everyone's data

Paul Crawford
Silver badge

The entire Internet would go smarter.

There, fixed if for you...

4
0

IBM opens up Power chips, ARM-style, to take on Chipzilla

Paul Crawford
Silver badge

It will be interesting to see how this pans out. Sun was one of the first to open up a CPU for such things but it ultimately failed to make enough money to survive, and Oracle have, it seems, little real interest in this.

Given the "limited success" of Itanium, it seems the only significant player left is IBM so maybe it can work this. But...I find it hard to see what most users will find that makes it sufficiently desirable compared to the current market leaders of x86 (lots of legacy software) or ARM (cheap license, good for systems with lots of cores).

1
0

Can't agree on a coding style? Maybe the NEW YORK TIMES can help

Paul Crawford
Silver badge

Re: Clueless in America

Only the Japanese have the "correct" date format with MSB-left as in 2013-08-06

Those in the USA have sadly converted the spoken way of "August the 6th" in to numbers, hence the dumb approach.

Tip: Always use letters for the month, as anyone reading your text will understand that Aug is the month no matter where in the order it is placed.

0
0
Paul Crawford
Silver badge

Re: "several entry points, how far can that be from spaghetti code?"

Multiple entry points is really just a glorified "goto" mess but with the option of some locally visible variables. Quite why one would care about variable visibility if using such an horrible approach is left to the readers...

However, I think you are over-reacting with the multiple exit point issue. For example, if is not uncommon to have something like:

int myfunction(char *ptr)

{

if(ptr == NULL) return -1;

....<some code...>

return 0;

}

While you could code this as

int myfunction(char *ptr)

{

int rc =-1;

if(ptr != NULL)

....{

....<some code...>

....rc = 0;

....}

return rc;

}

I doubt it is any easier or more understandable to the reader. And that is what code is about, not just doing the algorithm, but making the process as transparent to the reader as possible.

p.s. A good read are any of the Numerical Recipes books (3rd edition is only C++), and not just for those with hard maths problems to consider.

1
0
Paul Crawford
Silver badge

Re: ARRRGGGGG!!!!!!

Macros are useful for building tables of names stuff, sort of:

#define ADD_VAR(x) {#x, (char *)&ptr->x},

table_t something[] = {

ADD_VAR(wibble)

ADD_VAR(wobble)

};

Which creates an array like:

{"wibble", (char *)&ptr->wibble},

{"wobble", (char *)&ptr->wobble},

etc.

As for "all functions have precisely one entry point" you have obviously never used old FORTRAN where a subroutine could have multiple entry points as well as exit points. Now that really is the Devil's work!

2
0

Tor fingers Firefox flaw for FAIL but FBI's also in the frame

Paul Crawford
Silver badge

Re: Why use Tor?

PPTP is not terribly secure and has no real defence (AFIK) against man-in-the-middle attacks.

OpenVPN is probably much better as it should be able to notify you of an SSH certificate change in such circumstances, though not all VPN suppliers support it so well.

Finally, any "free" VPN is not going to be very fast in general, someone has to pay for the bandwidth needed!

3
0

Arrr! Comcast working on new tech to nudge PIRATES to go straight

Paul Crawford
Silver badge

Re: This is just stupid

Yes, and 20 years for being an anonymous asshole and troll as well.

3
0

Big blue Avatar movie spawns THREE SEQUELS

Paul Crawford
Silver badge

Re: Avatar = "Pocahontas In Space"

"Dances with Smurfs" was used on El Reg recently, which sums it up...

1
0

Win XP alive and kicking despite 2014 kill switch (Don't ask about Win 8)

Paul Crawford
Silver badge

Re: That Was the Plan: The World Did Not Cooperate

You forgot to mention the bit about one major reason why Vista sucked so badly - DRM.

Yes, a lot of the effort they put in to "securing" the OS had little to do with protecting the end user, and a lot to do with sucking up to Hollywood as they hoped to make Windows the #1 choice for home consumers of media, rather then actual business/engineering/software development stuff.

See: http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html

4
0

Virgin Media blames scruffy students for HUGE drop in cable subscribers

Paul Crawford
Silver badge

Re: Downward spiral

Same here, but as currently cable is stable and fast I have not moved. Still, following the recent price hike and the censorship in the name of "protecting children of moronic parents" I might look at a move to Zen or Andrews & Arnold with ADSL as it might be better overall.

1
0

Ubuntu puts forums back online, reveals autopsy of a brag hacker

Paul Crawford
Silver badge

Re: "Hashed using MD5"

AFIK in practice any password extraction would rely on a rainbow table style of attack, not on any particular weakness in MD5/SAH1/etc. So the real questions then become:

How much entropy did the salt add?

Are you only trying for a specific user's login?

I have not seen what the salt used is, but have not really looked. For example, if just the email account then it would probably match other attack sites of interest, but if a hash of that plus the user's first log-in time, etc, then it could be usefully big in making a rainbow table impractical.

Anyone care to save my some time and to enlighten El Reg's commentards?

0
0

Highway from HELL: Volcano tears through 35km of crust in WEEKS

Paul Crawford
Silver badge
Joke

Logically, the answer clearly must be he is a Vulcan.

1
0

Mystery object falls from sky, area sealed off by military: 'Weather balloon', say officials

Paul Crawford
Silver badge
WTF?

Re: released from Where?

Yes, been there and had a walk in the forest and found - a lighthouse!

0
0

USB accelerates to 10 Gbps

Paul Crawford
Silver badge
Unhappy

Re: interference problems

I doubt it :(

In a world where everything is build down to a price, and the likes of Ofcom don't care about end user or public good but only licensing fees, we should not expect any radio gear to work at all well.

0
0
Paul Crawford
Silver badge
Boffin

Tsk, you should know El Reg's official measure of speed is the kilowrist of pr0n movies (at least, until UK censorship is implemented):

http://www.theregister.co.uk/2008/11/12/arizona_boffins_grasp_fat_pipes/

1
0

Chubby-chasing SEX TROLLS ran me offline, says fashion blogger

Paul Crawford
Silver badge

Re: Depressing.

"ashamed of my species...."

There, fixed it for you.

6
2

'Steve Jobs killed music biz', but Bon Jovi don't mind Google Glass

Paul Crawford
Silver badge

Pedantic correction

"biting the heads off bats" was a front-stage activity for Ozzy.

1
0

No fondleslabs please, says Microsoft as Office 365 hits Android

Paul Crawford
Silver badge

So it works (for the usual definition of software "working as designed" no doubt) on Android, but not for a fondle slab. Do they really think this will make anyone buy WinRT instead?

Maybe, just maybe, they will finally learn that your best business plan is to give customers what they are willing to pay for on the customer's terms.

3
1

Bugs in beta weather model used to trash climate science

Paul Crawford
Silver badge

Re: In this case ElReg is being even handed on the debate.

Just look at how Python add a list of numbers, and then you might have some appreciation for the difference between a basic programmer and a numerical analyst:

http://code.activestate.com/recipes/393090/

0
0
Paul Crawford
Silver badge

Re: In this case ElReg is being even handed on the debate.

Clearly you have never written any numerical software!

If you put the same numbers through exactly the same computation process, then (assuming no Monte Carlo-style random number generation in use) you do get the same answer.

If anything is different (e.g. floating point representation or rounding) you get a different answer. How much of a difference that makes to the end result depends on what you are computing and how you went about it. That is one of the two fundamental problems of numerical analysis:

1) Computers are not 100% accurate for floating point maths (finite precision), thus you need to chose computation methods that are as insensitive to this as possible.

2) Computers do not have infinite speed so you need to chose algorithms that are fast enough for your budget and/or state of the art in hardware (even if they are even less precise such as truncated power series for some functions, etc).

When you have a chaotic system to model, the finite precision effects are magnified. That is almost the definition of a chaotic system! This is exactly the same problem with the initial data quality.

It has bugger-all to do with if the underlying theory is correct or not, and everything to do with how difficult it is to model, and how the researchers have chosen to implement it on real-world hardware. Looking in to what is making the difference might result in a better implementation (e.g. a change of algorithm somewhere that is less sensitive to maths precision) or reveal that the underlying problem cannot be modelled to the precision/time period requested.

That is numerical science in action really.

6
0

Western spooks banned Lenovo PCs after finding back doors

Paul Crawford
Silver badge

Re: You are an intelligence agency. You find a backdoor. a)Tell the world b) Keep it to yourself?

You don't need any secret 'debugging' mode when you have the System Management Mode interrupt that can't be blocked (above NMI priority!) and can run anything the BIOS demands, making it the vector for the perfect rootkit.

2
0
Paul Crawford
Silver badge

Re: That's why we need free systems

Having open source BIOS & OS is the least-worst option from a security point of view, more so if you are not from the USA. To recap the recent revelations and discussions:

MS (thus Windows) is partner in PRISM and as a USA-based company hence under the jurisdiction of the PATRIOT act, thus almost certainly compromised (remember the _NSAKEY business around 2000?). No open code reviews or ability to compile and check updates etc, to suggest otherwise.

Apple (thus MacOS and iOS) also in PRISM and under PATRIOT act, thus and almost certainly compromised. As for MS, nothing to suggest otherwise.

Open source (e.g Linux) has lots of contributors (including MS, NSA, etc) so possibly compromised, but under not under PATRIOT act for code, etc, as not under any one USA company. Code open to review but no doubt not everything checked, or apt-get updates verified, etc.

Can you absolutely trust any of them? No.

If you are not in the USA which is the least-worst then? Open source.

8
1

Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000

Paul Crawford
Silver badge

Re: using RDP

I would have though most machines are now behind NAT and won't have port-forwarding for this. Unless, of course, there are a lot of routers with UPnP enabled that allow the malware to turn it on...

0
0
Paul Crawford
Silver badge

Secure boot, any help?

"easily infect machines running Windows 8 and x64 operating systems, and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on."

That is worrying, as anything that good/stealthy is best killed by booting the machine off a live CD to scan and nuke it. Of course, with secure boot enabled that could be a problem, though we were led to believe it would stop this sort of root-kit ability to pre-empt AV tools.

Anyone had experience of using the Bitlocker or Kaspersky rescue CDs with a Win8 machine? Did you need to disable secure boot, and was that easy enough to do?

3
0

Apple KILLER decloaked? Google lovingly unboxes Nexus 7 Android 4.3 slablette

Paul Crawford
Silver badge

@Mark.

1080 is piss-poor at £1000+, but would be adequate at £350 for a basic laptop, after all you can get a 20" 1080 monitor for under £100.

I think 1200 is the minimum for "serious" use of a computer, and that means not as a media consumption device but actual editing/coding/etc. As pointed out 1440 is better still, as is 1600, but the cost becomes a bit high (having said that, the Dell U3014 monitor is 30" and 2560 x 1600 lines and can be had for around £900).

I don't particularly want "retina" resolution as I can't work at a viewing distance of 20cm or so to benefit from that, but I maintain that the current 768 lines is utter rubbish and that 1080 is piss-poor if you are paying £1000+ to avoid the 768 rubbish.

6
0
Paul Crawford
Silver badge

Re: What year is that?

0.98 is close to 1, as is 1.02

Can you only deal with integers? Or maybe just whole numbers, if negative values are too tricky?

3
2
Paul Crawford
Silver badge

Note to laptop manufacturers...

How come a small $269 fondle slab has better screen resolution than most laptops costing up to, and over, £1000?

Really, it is hard to get a laptop beyond 768 lines now, and most over £1000 are still piss-poor at 1080 lines (Macbook retina and Chromebook pixel excepted). And you wonder why customers are unimpressed?

61
0

Pentagon: Mobe operators want our radio bands? Fine, but it'll cost $3.5bn

Paul Crawford
Silver badge

Paired wires?

The two wires commonly used for telephones were not separate send/receive, as that would be way too sensitive to ground noise, but a twisted pair used bi-directionally:

http://en.wikipedia.org/wiki/Telephone_hybrid

0
0

ISPs: Relax. Blocking smut online WON'T really work

Paul Crawford
Silver badge
FAIL

Re: "The people of Scotland, thankfully, do have a choice"

Really? Do you think our muppets are going to be in the slightest bit better than the Westminster muppets?

Clearly you are a dim-wit who has not considered Scotland's history of repressive religion, or the way that Scotland's parliament went beyond the already stupid goals of the extreme pr0n legislation when drawing up their own. You know, the one where they asked for public submissions on sex-laws then filtered out and discarded the emails that mentioned sexual things due to a filter (or intelligence) cock-up?

8
0

Micron: Our flashy girth leaves the competition cowering in impotence

Paul Crawford
Silver badge

Re: Big data needs big memory

Yes, I remember ~2000 era when 4GB memory limit of 32-bit CPUs was seen as both impractically expensive in RAM and utterly unnecessary for most users. Now you struggles to run a fscking web browser in under 4GB!

0
0

SkyDrive on par with C: Drive in Windows 8.1

Paul Crawford
Silver badge

Re: AC 08:09

Thanks for the link.

However, that is how MS should have done it by default: that *you* alone decide to whom you share the keys to access *your* data, not the Google-style "let us scan all your files" approach. Mind you, after the PRISM revelations about just how helpful MS are to the NSA, etc, I doubt I would trust their implementation.

0
0
Paul Crawford
Silver badge

"synced up to the cloud as well"

With your own choice of encryption?

Oh, sorry, so anyone at MS and their three-lettered friends can see your personal data with negligible effort? Great....

7
0

Ubuntuforums.org cracker promises no password release

Paul Crawford
Silver badge

Re: MD5?

I doubt the MD5 vs. SAH-1 etc argument is important, as I suspect large-ish rainbow tables already exist for most common hash functions. At least it was salted, which is more than some DB leaks have shown, though how much entropy the salt has is not stated in the article and that probably is the major factor in the effort to recover a significant number of original passwords.

2
0

Sysadmins: Keep YOUR data away from NSA spooks

Paul Crawford
Silver badge

Re: No, no, no, no and no - this is NOT a technical problem

Yes it is partly a technical problem - because that is what allows other gov to see your data without your knowledge or permission. Cryptography means they need to obtain the key(s) by one means or another, which could be stealthy (e.g. trojan a machine on your system and sniff it that way) or by the more obvious means of a court order.

However, if it is under your control, then at least you know the request has been made by your courts. And it is under a law that, theoretically at least, you have a democratic input on it. You don't get that with a foreign gov, by definition.

As to the possibility of a gagging order, if that mattered a lot (e.g. wistleblower site) you could split the keys to two holders in different legal regimes so they need to gag under to sets of laws. Possible, but it ups the effort and so is only likely for really, really, important stuff. And lets face it, most people/comentards have a far higher opinion of their importance that spooks are likely to have.

Of course, if it is software-as-a-service or similar the data is unencrypted while in use, so not technically practical to protect in most cases. But you could have some shared/useful things like email and dropbox-like document sharing that is decently protected by encrypting the data before it is sent/hosted and relying on client-side processing that works through the encryption layer.

2
0

Microsoft: Still using Office installed on a PC? Gosh, you squares

Paul Crawford
Silver badge

@AC 16:11

You are perfectly correct - same with Google and Yahoo, etc.

In fact, it is a key "design" feature of any hosted application - they can (and do) bugger around with it and you have little or no choice but to bend over and take it.

2
0
Paul Crawford
Silver badge

Re: And when

If its making enough money it will be available, but once your <choice of tender parts> are in the vice, they can screw you for ever more money because you can't migrate away with any ease.

More likely the issue will be them dicking around with the user interface and what features are available, all without any consideration to what you want.

12
0
Paul Crawford
Silver badge

Client-side encryption?

Sorry, but having all of my sensitive documents accessible on someone else's' machine, under different legal jurisdiction, and subject to secret data requests by another gov - NO THANKS!

If it is on my machine(s) then at least I have a decent idea if access is requested.

59
0

Optical archival system - where to buy from?

Paul Crawford
Silver badge
Boffin

Re: Let's run the numbers...

If using a NAS then you need to consider what happens when a HDD fails, and often the raid rebuild will cause others to croak (or at least reveal sector errors). So you should:

1) Use double parity if at all possible (i.e. RAID-6 or similar like RAID-Z2).

2) Perform regular scrubs (i.e. weekly check where RAID system reads all disks and repairs any sector errors).

3) Use ZFS please, as it has much better error checking and correction, and it will tell you which files are trashed (which a lot of file system's don't).

4) Use a server with ECC memory (OK, getting expensive I know...)

I'm not kidding, see the following list of papers:

http://arxiv.org/pdf/cs/0701166.pdf

http://research.cs.wisc.edu/wind/Publications/zfs-corruption-fast10.pdf

http://indico.cern.ch/getFile.py/access?contribId=3&resId=1&materialId=paper&confId=13797

0
0
Paul Crawford
Silver badge

Re: Use the cloud dude!

Cloud is for sharing (esp with NSA, etc) not for critical backups. Put them off site somehow, but on your own terms (no vendor lock-in, and encrypted, and with a *tested* recovery plan).

Can't say my experience of low-end tape has been good, but equally not so great with optical disks either. Whatever your media is, you need also to plan and budget for recovering it all and re-writing it on to a new medium every 5-10 years to avoid obsolescence (and media degradation).

Personally for several TB of storage I would go with a ZFS-based NAS (ideally from someone who will bug-fix it, so not Oracle). First sync it on-site, then move it off site and do any diff backups/additions that way.

0
0

BBC abandons 3D TV, cites 'disappointing' results

Paul Crawford
Silver badge

Excellent journalism here, but might I suggest "minge-monger" as the correct adjective for Penthouse's quality service?

1
0

Cosmic blast mystery solved in neutron star's intense death throes

Paul Crawford
Silver badge

Re: Magnetic field

Yes, I kind of want magnetic monopoles to be discovered just so Maxwell's equations have the full symmetry that would result from it:

0
0

Dell explores wearable computing as PC base crumbles

Paul Crawford
Silver badge

General crapification

Good point there, and one that makes me think hard about buying a new laptop:

1) There are mostly nasty plasticy things, except the very expensive ones.

2) Most, and all of the very expensive ones are following Apple's bad example of no repair/service options as the things are glues together, use non-standard parts, etc.

3) The screens are CRAP. I mean, WTF is this business where you have to pay £1000+ to get even 1080 lines resolution? I can get that from a sub-£100 monitor which is bigger than any of those laptops!

A few years back you could get decent vertical resolution from most manufacturers, now it is uniformly crap at 768 lines except for a few at the very top, and most of them (MacBook Retina and Chromebook pixel aside) are still pretty piss-poor at 1080 lines even when you are looking at a near £2k 17" machine.

So no - I won't be buying any of that crap. However, putting Ubuntu on a Chromebook pixel is very tempting if I could only justify the cost...

11
0

Microsoft's murder most foul: TechNet is dead

Paul Crawford
Silver badge

Won't get fooled again!

"And the partition on NTFS,

is now a partition on ext4,

And the beards have all grown longer overnight"

5
2
Paul Crawford
Silver badge

Icon shift/shaft?

When, and more importantly, why did the icon move from the left to top-right of the comments?

19
0
Paul Crawford
Silver badge
Linux

Now is the time?

before we move from "customer" to "hostage."

This is just the latter stage of boiling a frog, it started with XP's "product activation" and the same thing moved to all of their products.

The move towards "higher margins" via cloud-based subscription lock-in, the means of screwing more out of its customers is no real surprise, as they can see the desktop market and OEM fees under serious pressure now, added to the lack of any real incentive for upgrades. Machines are fast enough for most user's needs, and other than fixing dumb security holes, what is there *new* in most OS to justify the pain and cost of migration?

This sort of move is not going to help MS in the long run, but I can't really say I care much.

<= Tux! Not perfect, but my choice because at least I have the freedom to use it as I please, and to modify and improve it should I have the ability or time to do so.

33
1

Forums