* Posts by Paul Crawford

2869 posts • joined 15 Mar 2007

Man sues YET AGAIN for chance to marry his computer

Paul Crawford
Silver badge

Re: I'm sorry Dave...

Oink!

13
1

Fear and Brexit in Tech City: Digital 'elite' are having a nervous breakdown

Paul Crawford
Silver badge

Indeed, as this parody shows:

http://youtu.be/-a6HNXtdvVQ

3
0

Brexit-bored Brits back to bashing the bishop after ballot box blues

Paul Crawford
Silver badge

Re: Says everything that there is to be said

I forget who said it, but: democracy takes power from the corrupt few and hands it to the incompetent many.

28
0

Bacon is not my vodka friend

Paul Crawford
Silver badge
Gimp

Re: Okie is a strange place

Gotta protect our wimmin from seeing something more interesting...

2
0

No means no: Windows 10 nagware's red X will stop update – Microsoft

Paul Crawford
Silver badge

"valuable feedback on how people use the OS so Microsoft can improve it even more"

Ah yes, so that is why Windows 8 & 10 are so much loved and respected by the users?

As for blocked updates for Win7, if the fsckers had not been abusing the update mechanism for this there would NOT be blocked!

16
0
Paul Crawford
Silver badge

Re: Charles 9

Eh? You can, and generally should, set Linux to automatically install security updates.

Unlike the "new Microsoft", that does just that patches stuff without major changes (like the old MS). If you actually want to do the equivalent of an OS upgrade you can (though it is not 100% successful in my experience when unusual partitioning / RAID is in use, etc). You are warned to back up and be sure before starting, etc, etc. Or you can simply tell it never to offer such an upgrade again.

2
0

You can be my wingman any time! RaspBerry Pi AI waxes Air Force top gun's tail in dogfights

Paul Crawford
Silver badge

"forces to be deployed without human loss of life"

On your side. While that is generally a good thing, if it makes politicians more trigger-happy it is probable not.

37
0

You know how that data breach happened? Three words: eBay, hard drives

Paul Crawford
Silver badge

Re: Formatting has two options

Lets face it, if you worry about a TLA recovering data you should have been using an encrypted file system with the HDD when in use, so not only do they have to try and undo the overwrite, but they also have to know your encryption key as well.

3
0
Paul Crawford
Silver badge

Re: "don't work properly"

Thing is, you need an order of magnitude greater skills to get data out of those areas, and probably you are looking at a tiny fraction of what was once stored on the HDD.

Deleted via recycle bin? Piss-easy to get back.

Formatted? Not too hard if standard structure used and/or you use a scanning tool looking for recognisable data (word doccuments, JPEG images, etc)

Overwritten with zeros? Damn hard without low-level HDD access below the usual SATA command set (possibly even custom forensics hardware & software).

Physically destroyed with thermite? No chance.

Considering the effort and possible desire to get some 2nd hand value/use, simply doing a full disk wipe or using the "secure erase" option is plenty good enough.

5
0

Visiting America? US border agents want your Twitter, Facebook URLs

Paul Crawford
Silver badge

Re: Of course, given a choice...

Greece was looking like a good cheap holiday option with ancient historical sites to visit and fantastic food.

Not so cheap from the UK now, of course...

1
0

25,000 malware-riddled CCTV cameras form network-crashing botnet

Paul Crawford
Silver badge

Re: IoT and it will get worse?

Have an up-vote!

"I wonder how many of these aren't supported by anyone including the manufacturers of them?"

Fixed it for you...

9
0

SPC says up yours to DataCore

Paul Crawford
Silver badge

Re: Why use and array of any type anyway?

I can think of a few very good reasons for centralised storage, such as (1) simplifying the task of recognising, protecting and managing your data (snapshots, data replicated to off-site store and/or tape robot), and (2) allowing common data/programs to be updated in one go for everyone who needs access, (3) allowing applications on differing native OS to share data.

However, (1) it will never match local storage for speed on any comparable basis, and (2) you get a degree of redundancy in your company that one central fault won't take down everything.

So really depending on what attribute matters more you you will go for one, the other, or maybe a bit of both (e.g. fast data local, central for share/replication/off-site transfer).

0
0
Paul Crawford
Silver badge
Headmaster

Re: "UPS costs $1,000"

I guess it should be uW per IOPS (or SI alternative) given that IOPS is I/O per second, and energy per I/O would then be energy/second = power.

1
0
Paul Crawford
Silver badge

Re: "UPS costs $1,000"

Just. It is a Lenovo X3650 M5 Server and a Dell PowerVault MD1220 Storage Array which have PSU rated for 900W+600W = 1500W but allowing a bit of margin for PF not exactly 1.0 you would really be looking at a 2kVA UPS (even though average power is likely a bit lower). Oddly enough the SPC benchmarks have $/IOPS but not pJ/IOPS or equivalent indication of actual power consumption which in this day is likely to factor in to the overall ownership cost as well.

p.s. I guess you missed the joke icon?

1
0
Paul Crawford
Silver badge
Joke

"UPS costs $1,000"

You are seriously underestimating the cost of a UPS for that sort of system, why it is likely to be MUCH higher, probably around $5,000 which will make an impact of almost 4% to the $/IOPS cost!

1
0

NASCAR team red-flagged by ransomware attack

Paul Crawford
Silver badge

Re: No backup, no commiseration.

I thought Dropbox provided snapshots? What went wrong with that?

2
0
Paul Crawford
Silver badge

Re: re Backup

Squeal like a piggy boy, squeal like a piggy that ain't got no back-up copies! Squee! Squee!

7
0

'Leave EU means...' WHAT?! Britons ask Google after results declared

Paul Crawford
Silver badge
Facepalm

Turkeys voting for Christmas on the basis its not halal, now asking what Christmas means for them.

50
9

Judge rules FBI can hack any time, any, place, anywhere

Paul Crawford
Silver badge

"The act of hacking it, shows its backdoored that they exploited a flaw in firefox to reveal the machine's local IP address."

Fixed it for you. Please check the facts of this case before making such general assertions.

6
1

Revive revived: Oculus DRM push shattered as DIY devs strike back

Paul Crawford
Silver badge
Trollface

Re: this will just cost Oculus a fortune

Oh I do hope so :)

13
0

Tor onion hardening will be tear-inducing for feds

Paul Crawford
Silver badge

Apparmor?

If Firefox is run under an apparmor profile would that achieve much the same?

After all that is what CESG recommend:

https://www.cesg.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts

1
0

Pressure mounts against Rule 41 – the FBI's power to hack Tor, VPN users on sight

Paul Crawford
Silver badge

Re: fingerprinting

What the web browser dev should be doing is fixing this, not endless dicking around with GUIs or finding ever smarter ways to whore us to the advertisers.

We should have browsers that only yield the minimum of necessary information back to a web site, and that tricks like canvas rendering hashes, etc, are deliberately broken by inducing some ~1/2 pixel random dither in the drawing so now two hashes are ever the same.

And that is before we get in to the unholy mess of SSL certificates and the half-measures like pining to try and catch MITM by state level actors.

19
0

Not smiling for the camera? Adobe's Creative Cloud suite can fix that

Paul Crawford
Silver badge
Gimp

Re: Airbrushes worked fairly well

Indeed, one can help a lot.

Ah, that odd half hour spent with the GIMP touching up a friend's daughter...

7
0

Kremlin wants to shoot the Messenger, and WhatsApp to boot

Paul Crawford
Silver badge

Re: Is this even practical....?

Also if you are not "doing business" in Russia by making the app free and not whoring for profit with their advertisers, who do they fine?

Yes, they could start a Great Firewall of Russia to try and block apps that are not on the good list but a little use of P2P technology and/or making use of ports like 443 that always look encrypted will make that whack-a-mole game a bit harder.

0
1

New York decides not to tinker with vendor lock-down for now

Paul Crawford
Silver badge

"It is made deliberately difficult if not impossible to repair."

That is why we should have 5 year warranties on electronics. Then they would have to consider the repair cost or replacement cost when designing it and one way or another you would see up front what the true cost of a gadget is likely to be..

0
0

Apple's 'lappable' iPad Pro concept is far from laughable

Paul Crawford
Silver badge

And you know this via....???

Why, by the 9" already mentioned!

1
0

Snoopers' Charter 'goes too far' says retired Met assistant commish

Paul Crawford
Silver badge
Gimp

Mind you, that could work another way if browser coders decided to undermine that sort of system by randomly connecting to anything/everything in the background. Suddenly everyone's ICR logs are massive and expensive to maintain, and everyone looks equally suspicious and has plausible denyability about looking at any odd site.

You know those sites only too well =>

1
0

Tor torpedoed! Tesco Bank app won't run with privacy tool installed

Paul Crawford
Silver badge

"when your customers only have ONE factor to them?"

Difficult, though some of my accounts have a card reader that generates a code based on the card/PIN and the transfer amount to be used. This is a separate validation path that is very hard for a compromised phone (or PC, or MITM from hacked wifi point, etc) to to bypass.

Advantage - no internet connection to said device so it can't be hacked (directly, lets overlook the RSA Token breach for a moment).

Disadvantage - it is something annoying to carry with you if you really want banking on the move.

1
0
Paul Crawford
Silver badge

Re: Missing the point again

Even if the banking app can't tell the phone's IP address, the bank surely can tell if the connection is coming out of a Tor node. Maybe not 100% as I doubt there is a very up-to-date list, but pretty much most connections would be identifiable that way. Also if its an app that can get your location then a geo-lookup should be able to tell if the phone's IP address is sane as well.

But one way or another, they should not be placing great trust the bank app, phone, or network path in the first place. 2FA is needed if it matters, but sadly for a mobile-only customer that is a single point of failure.

4
0
Paul Crawford
Silver badge

Re: Missing the point again

You are right but also mistaken.

Yes, I can see that banks should not accept business via Tor due to the additional risk of the originator not being the real person, and no doubt the use of the IP address and geo-lookup is one aspect banks use in detecting fraud.

But you are mistaken here: the whole point of the article is the banking app won't allow you to have a Tor browser installed on the same phone even though it is cleared via Google's own Play store, not that it won't work via a Tor network. Those are two very different things.

9
0
Paul Crawford
Silver badge
FAIL

You are indeed a moron if you think that the presence or otherwise of a tor browser is the single most important thing for banking security.

Here is a clue - if security matters, and one has to assume banks are aware of this, you must start by the assumption that any device or communication channel may be compromised and design a system to catch that. That is the whole point of 2FA (you can't trust a single path/factor).

Of course if the '2' in your 2FA both via your phone (e.g. banking app & text message confirmation) this is a big FAIL as you really have 1FA (and considering the numerous unpatched bugs in many phones, really SFA). Banks must know this, but take the risk that fraud is less expensive than the lost business of forcing a more secure model on the customer.

6
1
Paul Crawford
Silver badge

Re: @Fibbles

"I don't know where you're getting your info from"

Experience. My first "smartphone" was an HTC Wildfire and it received a single OS update in 3-4 years for some wifi bug but remained remained buggy (would reboot in poor signal strength areas after a while). Also that update wiped phone so was really a factory reset as well. Now have a ~3 year old Motorola G which has had 2 OS updates so far and currently is telling me that its Android 5.1 patch 2016-03-01 is as up to date as there is.

So while *you* might be lucky with your phone, the majority of phone owners get SAF in the way of timely updates.

8
1
Paul Crawford
Silver badge

"a vector for hackers"

Really, as far as I can see from the Play store is it not a tor node and just a tor access point or proxy. And if for access then I can't believe it is much worse than some unpatched browser on the phone as you go to legitimate web sites already hacked and serving up malware.

25
1
Paul Crawford
Silver badge

Re: "preventing free speech and internet security"

WTF? The app is complaining about the Tor app installed on a non-rooted phone.

So what if Tor is used by "some of the worst people on the planet to conduct their despicable business" as you could easily say "mobiles phones are used by..." or the Internet, or cars, etc, etc. So long as he is not using Tor for kiddy-fiddling etc then it is none of your damn business.

54
5
Paul Crawford
Silver badge

Best security practice

Don't use a banking app on Android in the first place.

Every sane OS is patched at least monthly, if not more often as bugs and security holes are found. Most phones one per year if you are lucky for core OS parts, occasionally more often for app and that often asks for more permissions.

69
5

Apple and Android wearables: What iceberg? It’s full steam ahead!

Paul Crawford
Silver badge

Re: An analogy

I also have a couple of mechanical watches, one is self-winding if I wear it all day, otherwise needs wound up daily. But the thing is, I don't have to carry a special winder with me, nor do I need an compatible power point for the winder.

My usual watch is a Casio that is automatically set by radio and is solar charged. Had it now for several years and no battery change needed (and resulting leaky seals) so pretty happy with it. Now if a smart watch could do the same...

3
0

FBI's iPhone paid-for hack should be barred, say ex-govt officials

Paul Crawford
Silver badge

Indeed the discovery phase and details of the data gathering are essential. After all, if the police have hacked in to my computer to gather evidence, how can the jury be sure they did not plant it there?

I'm not saying such techniques should be banned, but there must be proper rules for the use and full traceability of the actions and method presented at the trial so both sides can be sure the evidence is valid.

9
0

Dad of student slain in Paris terror massacre sues Google, Twitter, Facebook for their 'material support' of ISIS

Paul Crawford
Silver badge
Headmaster

Re: "MTB"

Since when was "Mountain Bikers" three words?

3
1

Apple faces Beijing blackout for iPhone 6

Paul Crawford
Silver badge
Trollface

Re: Where's the actual phone?

Isn’t the case and extra cost option?

2
0

BOFH: Follow the paper trail

Paul Crawford
Silver badge

Re: I was lucky..

Why did I read that as "a genital smile in my direction"?

5
0

Prenda Law's copyright-trolling shakedown scam slammed AGAIN

Paul Crawford
Silver badge

The bankruptcy is probably a move to protect what they can (e.g. all in wife’s name, etc) and in other cases may have nothing to do with the low-life practices seen here.

Being disbarred from practice should follow such a judgement though as a separate step.

6
0

Sneaky brown dwarf gives us a bright flash and astroboffins are confused

Paul Crawford
Silver badge

Re: I wonder

Great idea, send him on the B-arks first

1
0

Patent trolls, innovation and Brexit: What the FT won't tell you

Paul Crawford
Silver badge

You are also making the very dubious assumption that the UK post-Brexit would not just roll over and do what the US wanted on IP law giving us just as much, if not more, trouble.

79
7

Apple quietly launches next-gen encrypted file system

Paul Crawford
Silver badge

Re: @Kristian Walsh

Thanks for the detailed info.

"The HFS Resource-fork ... deprecated since 2001"

Maybe, but as far as I know it was still used just a couple of years ago for Apple's own photo management program, and was such a pain that a friend's only solution to allow NAS/RAID for his parents Mac's collection of images was to use iSCSI export from the NAS and format it in HFS. Of course, that sort of approach also makes sharing the NAS' contents impossible as you really don't want two machines able to write the file system tables, etc.

0
0
Paul Crawford
Silver badge

Re: POSIX requires filesystems to be case sensitive

While some folk might think case-insensitive is good as humans don't care, as you and other point out it is a right pain to make it sane and consistent with multiple character sets.

Its a computer, it should be case-sensitive and the muppets writing Adobe software who are not using consistent case in thier stuff just shows how dumb they are. Not that Flash's endless stream of exploitable bugs would suggest otherwise.

But the real elephant in the room is the incredibly dumb "feature" of data fork (Alternate Data Streams) that results in some Apple software being unusable on any file system that lacks this. So you can't put your photos on a NAS, etc. as it breaks the thumbnails, etc, which are stored in a 2nd or other stream of data behind the same filename.

6
7

Orlando shootings bring Facebook's safety check to US soil

Paul Crawford
Silver badge

Re: Terrorist Attack?

"which conveniently lends itself to the terrorist angle rather than being a hate crime"

No, sounds more like self-loathing being projected on the innocent from someone who's culture demonises homosexuality. Same as right-wing Christian nutters do.

5
0
Paul Crawford
Silver badge

Re: That's highly doubtful

It won't prevent all murders, would reduce the number of murders because its harder to kill many people in a short window with simple "secondary use" weapons. Restricting guns won't stop dedicated murderers but it makes it a bit harder to do, maybe gives the perpetrator cause to think twice, maybe gives the victim a more sporting chance to escape or defend themselves.

That is it in a nutshell.

6
0
Paul Crawford
Silver badge

Re: Guns don't kill people....

Ah yes, so the number of gun deaths in the USA has nothing to do with the number of guns?

Sometimes satire is just too close to the truth:

http://newsthump.com/2016/06/12/america-hoping-tomorrows-mass-shooting-slightly-less-serious/

4
0

The Microsoft-LinkedIn hookup will be the END of DAYS, I tell you

Paul Crawford
Silver badge

Cortana?

What is this Cortana you speak of? How will she/it spy on me? I have looked, but this is what I get:

$ apt-cache policy Cortana

N: Unable to locate package Cortana

Now then, to add "teledildonic DevOps using .net" over and over again to my Linkedin profile...

21
6

SLACKOUT

Paul Crawford
Silver badge

Re: The Cloud...

Yes and those utilities are "fungible" (a nice word that AO sometimes uses on El Reg) where they are interchangeable. Gas is gas from any utility to certain defined standards and to me they just burn and heat things.

My data is unique which is why it is valuable to me, and if some cloud provide vanishes or deletes my account due to incompetence or a dispute over billing then I am stuffed unless i have my own copy. Or have two cloud provides that don't share the same points of failure. And that is even before we get in to data sovereignty and who can use a legal warrant (secret or otherwise) to access it.

0
0

Forums