* Posts by Paul Crawford

1922 posts • joined 15 Mar 2007

Microsoft update mayhem delays German basketball game, costs team dear

Paul Crawford
Silver badge

Re: @NumptyScrub

Firefox warns you it needs restarted, so unless you really hold the browser open for days on end (just how much RAM do you have?) that is dealt with.

Also any new instance of a call (e.g. starting flash for a new video) gets the new version, so unless you are watching the same compromised video for weeks, same applies.

Its not perfect, but it seems a better approach than Windows where you cant replace an open file, so all sorts of stuff has to be done on shutdown/restart.

7
2
Paul Crawford
Silver badge

Re: Linux

"get stuck waiting for a disk check"

That is not too long if you use ext4 (default these days). E.g. my PCs typically take 10-20 seconds to check and that is with spinning rust HDD filled with 100+GB of crap I could probably safely delete.

Still, if you ever had to wait for the old non-journalled systems like ext2 to fsck then you have reason to be concerned.

2
0
Paul Crawford
Silver badge

Re: Linux

"With Linux 4.x you will not have to reboot at all soon for ANY updates..."

For the kernel maybe, but what about the cluster-fsck that is systemd?

10
0
Paul Crawford
Silver badge

Re: Clearly it's a case of...

Oh I don't know - being unable to use your PC for 17 minutes due to updates is a serious flaw in the OS design.

While not really wanting to start a pointless OS willy-waving competition, I still ought to point out that other OS can updated without needing you to stop and more critically, for updates that actually need a reboot such as a new kernel, its just the usual 30 seconds or so to restart.

All possible because the new files were already in-place earlier as *NIX style file systems allow an atomic in-place replacement of files, but still allows an open file handle to continue using the previous on-disk data until the last handle is closed (i.e. on shut-down for the kernel or similar).

18
9

Apple's 13-incher will STILL cost you a bomb: MacBook Air 2015

Paul Crawford
Silver badge

Re: It's not expensive

Have you noticed that site, like most, tells you bugger-all about the screen resolution unless you click on technical details for each one in turn?

WTF is the reason why screen resolution is not a searchable/choice option for selection?

2
0
Paul Crawford
Silver badge

I don't want "retina" resolution, mostly because I'm too old to be able to view things at ~30cm or less like the kids of today seem to do :(

What I do want to see is more vertical scale, since 1080 lines is OK for a 15" screen and bloody well ought to be the norm for 14"+ anyway. Apple are one of the few how offer 16:10 aspect which is better for practically everything but DVD viewing than 16:9

But 1080 "HD" becomes pants when you get to 24" or more. Really, I want a 42" 4k monitor at an affordable price, but that is not going to be a portable set-up no matter what...

1
0

Cross-dressing blokes storm NSA HQ: One shot dead, one hurt

Paul Crawford
Silver badge

Re:@Tapeador

Well here in the UK we have a little short of 3000 deaths per year due to cars & road transport, should we all surrender the freedom and opportunity that road transport has given us for the last century us for that?

26
1

Short circuit at Large Hadron Collider slows return to matter-mauling

Paul Crawford
Silver badge

Re: At last!

11, 12 even 13...

https://xkcd.com/670/

1
0
Paul Crawford
Silver badge

At last!

Two beams at 6.5TeV? So finally they can turn it up to 11?

(Alas! No Spinal Tap icon to go with this)

1
0

Belgium to the rescue as UK consumers freeze after BST blunder

Paul Crawford
Silver badge

Re: Timestamps @Frumious Bandersnatch

I think you are talking about changing the underlying system clock (i.e. UTC time).

That is normally slewed by NTP unless its a leap second (where the kernel gets that and ought to handle it properly for event timers, etc) or if the time error is too big to be done in a sensible window (typically at system boot where you have no idea if the clock is OK).

The "jump" I am referring to is in local time when the daylight saving hour goes in/out of effect. I don't know of any system that would slew the DST value, but its not an impossible thing to consider.

0
0
Paul Crawford
Silver badge

Re: Why...

Why - cheap (usually) code monkeys not using/understanding the details of time/time-libraries, and NOT BLOODY TESTING them!

3
0
Paul Crawford
Silver badge

Re: Timestamps

The standard *NIX approach is to do all your data storage and maths in linear UTC and only for humans do you display it in a readable form and at that point you allow for the local time-zone & language. Its the sensible way.

The complication arises when you have a time-of-day event that some human wants at a set local time and you need special logic if that is in the hour where the "clocks change" as you could get either 2 or 0[*] time-crossing occurrences depending on the direction of the change. But that is independent of which zone your in, other than it is a zone that has "daylight saving" with is practically all significantly northern and southern latitudes.

It makes bugger-all difference to the amount of daylight of course, but humans seem unable to cope in modern times with doing things that are not a set times.

* - of course when local time jumps from 1am to 2am you cross all times in between, but how do you handle that? You could trigger all events set for 1-2 simultaneously, but what if the person needed A to be 5 mins before B, and both 10 min before C and all in that 1 hour window?

2
0

Easy come, easy go: Euro astroboffins blast brace of Galileo sats INTO SPAAACE

Paul Crawford
Silver badge

Re: free

While I was quite happy to condemn the original politics of Galileo where the EU weasels, sorry ministers, said it would all be paid by the commercial use, we all knew that was a lie. With GPS being free and mostly available courtesy of Uncle Sam, almost no one will pay much for an alternative.

But I fully support the EU doing Galileo for the following reasons:

1) Developing the technology & infrastructure in the EU to do it.

2) Having an alternative to GPS in case Uncle Sam throws a hissy-fit (or a budget stale-mate turns things off).

3) Improving the overall reliability and accuracy for everyone as they then have a choice of GPS. GLONASS, BeiDou, Galelio and any other regional or LF options.

While it may represent several billion Euros, per person in the EU it is small change and we have already seen the UK gov piss away similar sums on failed IT projects over the last decade.

So cheap for what we get in my view.

2
0
Paul Crawford
Silver badge

I'm sure its just commercial considerations. Just now, in spite of the on going politics and strife over the Ukraine, etc, the EU and Russia do business and this is part of it. Maybe future launches will be more birds in fewer Ariane rockets, most certainly if Russia causes trouble in this area, but for now I guess those in engineering and contract roles just get on with the best deal for the current time & place.

1
0

Building a better society from the Czechs' version of Meccano

Paul Crawford
Silver badge

Re: I remember that medicated Izal toilet paper

You have to add those moulded plastic seats that made everyone's arse sweaty and uncomfortable even up in less-than-tropical Scotland.

3
0

'If people can encrypt their cell phones, what's stopping them encrypting their PCs?'

Paul Crawford
Silver badge

Silly - that is what post-it notes are for! Put one next to your monitor and you wont have any problems with forgetting your password.

19
0

Dot-sucks sucks, say lawyers: ICANN urged to kill 'shakedown' now

Paul Crawford
Silver badge

In related news, bears are catholic and the pope...

5
0

Spookception: US spied on Israel spying on US-Iran nuke talks

Paul Crawford
Silver badge

France?

"...biggest threats outside of Russia, China and France."

When and how did France become a major threat to the USA?

Did they threaten to take away their French fries? Shrug and set about cooking good food in a sophisticated plot to topple McDonalds?

2
1

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Paul Crawford
Silver badge

I would say this is completely BT's fault, after all it matters not if the end user is business or consumer, the kit they supplied LIED to the admin about the firewall being on, and it LIED about UPnP being off.

More over, this is a known vulnerability that BT has done bugger-all about because it might add to their support costs.

25
3

Microsoft enlists web security pariah Adobe to help build Internet Explorer-killer Spartan

Paul Crawford
Silver badge

Re: So the Spartans have invited the Trojans around to advise on the decor?

Great title, if I could give you 300 up-votes I would!

4
0

Make up your mind: Microsoft puts a bullet in Internet Explorer after all

Paul Crawford
Silver badge

Re: @Ian Easson

"You may be, but Microsoft cannot afford to be as a corporation."

So what if MS decides to ditch IE and drop support for all legacy systems, maybe with patching stopped in 2-3 years? Those enterprise customers have no where to go, they will simply have to update and move on to a future without IE's awful stuff.

What alternatives do they have? They can't realistically go on with old OS/browser without MS providing security patches, so they simply have to either suck up MS' latest offerings, maybe pay a fortune for post-end-of-life support, or go elsewhere.

Where is the 'elsewhere' for them to go? Apple has abandoned any real interest in anything outside of consumer use. While I am a keen supporter of Linux, I am in no doubt that if you are IE-bound and MS-dependant for all sorts of specialist software then you have more pain in changing OS than fixing IE-related stuff.

So basically MS can do as the please and corporate users of Windows just have to follow because so little software was ever designed to be cross-platform. That my friend is the real "End of Story".

3
6
Paul Crawford
Silver badge

Missed opportunity here

Really, I don't see why MS should keep on IE other than for some locked-in corporate customers. So why don't they make Spartan the only supplied browser for Win10 and sell IE11 as an extra-cost option, maybe chucking it in with the "W10 professional enterprise edition" or whatever?

Those who really, really, must use IE will either stick to Win7 or whatever for the next 5 years, or simply pony up for it on Win10. Their pointy-hired bosses might just see that its time to fix their Intranet once they see an on-going cost for not doing so.

But, and this is the important bit, Joe Public won't consider it as an option as nobody has paid for a browser since, oh yes, IE was bundled for free two decades ago. Thus the few remaining web sites that rely on IE-specific support (and all public-facing gov sites, who are often offenders there) will get endless complaints until they fix their shit and become cross-platform.

11
1

This is what happens when a judge in New York orders an e-hit on a Chinese software biz

Paul Crawford
Silver badge

Similar to slysoft's AnyDVD I guess.

7
0
Paul Crawford
Silver badge

Re: Shameful

It would be funny if the company then sued Visa/Mastercard for blocking payments in China, won, and made them pay out $Million/day or whatever in compensation. Same for Google, Facebook, whatever. See how it feels when another big country extends its laws to the US business.

Make it big enough and the US laws might change. After all, the only thing that seems to matter in US politics or law-making is money.

20
1

Hawk like an Egyptian: Google is HOPPING MAD over fake SSL certs

Paul Crawford
Silver badge

Re: revoked cert

Not if you are using Chrome...

http://www.zdnet.com/article/chrome-does-certificate-revocation-better/

In spite of the apparent positive spin, the fact remains they don't properly check for revocation. The last point in the article basically says they whole system is crap/broken (as we know) but offers no proper solution to the stupidly lax design of certificate issuing where ANY one of nearly a thousand issuers can sign an imposter certificate for any domain.

2
0
Paul Crawford
Silver badge

The action should be obvious - revoke all trust in the company that issued the certificates.

If they face financial melt-down due to this, and others see the consequences, maybe the future will be a little better. But saying so, it really points to a fundamentally broken system, and the certificate pinning that some browsers support is not enough of a "standard" to deal with it.

13
0

Hey, Woz. You've got $150m. You're kicking back in Australia. What's on your mind? Killer AI

Paul Crawford
Silver badge
Terminator

The idea of AI machines destroying vast swaths of humanity is pretty applying.

Until you stop and look at vast swaths of humanity that is...

5
0

Tears of a cloud: Don’t be let down by backup and disaster recovery

Paul Crawford
Silver badge

Two comments...

Firstly, the issue of compliance with data protection ought not to be a problem if you encrypt your backup data BEFORE it goes cloudy, and that your cloud provided never has access to the key. In fact, that ought to be the Golden Rule of cloud storage: "no data without perfect secrecy".

Secondly, the idea that a home user only takes minutes to back up is laughable. If you have a 'typical' upstream rate of 0.5-1Mbit/sec on broadband, that is 225-450Mbyte/hour. If you have any sort of history of using a digital camera your archive could easily be 10-100GB of photos, so you are looking at 1-18 days of uninterrupted transfer to back up initially, and this is not taking ISP capping in to account.

Still, the idea of a NAS fronting your cloud backup is great, fast local syncing of data but with the off-site and (hopefully) backed-up/snapshotted storage if you lose your NAS or get a file-encrypting virus.

2
0

Got a killer Microsoft or Oracle cloud deal? Start sweating

Paul Crawford
Silver badge

And don't forget that if there is any dispute, your cloudy "partner" can make it all disappear at the drop of a hat. Sure you can fight them through the courts, but just how long will your business have the funds to do so if its IT systems have been turned off?

With on-site software, even if licensed (and not free-as-in-speech), the boot is on the other foot. If they dispute then they have to take you to court and prove it and until they do you still have a business.

6
0

PIRATES and THIEVES to get Windows 10 as BOOTY

Paul Crawford
Silver badge

Really, what is Win10 refuses to run unlicensed copies of Office?

1
1
Paul Crawford
Silver badge

"customers over time will realise the value of properly licensing Windows" - does not compute.

"stands to win more cash under its as-a-service model if it can convince the world to dump its old operating systems" - ah, now that makes sense!

However, given the Chinese government has already said no to Win 8 over (possibly spurious) "security concerns" over data sovereignty, etc, how will they react to Win 10 if its "as-a-service" model allows the US gov to pull the plug at any time on its citizens' business operations?

9
0

Noobs can pwn world's most popular BIOSes in two minutes

Paul Crawford
Silver badge

"2. As described in the article, the attack requires physical access to the machine. Frankly, if somebody has this, it's always going to be game over."

Indeed, but p0wning the BIOS has the big advantage of getting the SMI and boot stages so it becomes possible to have an infection that is totally transparent to any booted OS, and can't even be seen when booting a rescue CD sort of tool. And if you can automate that to slip in USB, boot and press F11, 30 seconds later job done and power off, that is pretty tidy.

2
2
Paul Crawford
Silver badge

Re: This wouldn't be (much of) a problem...

"tablets, phones, and other sealed hardware "

The sort with various power & volume buttons on the side that could be held down in some odd manner to enable it passers?

1
1
Paul Crawford
Silver badge

Re: This wouldn't be (much of) a problem...

Its not just the UEFI stuff that is stupidly complex, its all of the pointless "eye candy" that MB makers seem to think you want/need. Really, the only folk who should ever be fiddling with BIOS/UEFI settings are the sort who really know what they are doing, and they are quite capable of using text-mode operations.

Its high time that we started pressing for MB makers to fully and openly support coreboot, at least then you have a chance of getting the source code inspected and maybe bugs fixed. Might even save them money in the long term for support and development.

And yes, I would like to see the return of a physical switch to allow BIOS writing, that would put a stop to most of these issues (aside from pre-installed malware, obviously).

7
1

My self-driving cars may lead to human driver ban, says Tesla's Musk

Paul Crawford
Silver badge

Re: @AC w.r.t AF447

"You simply do not have the necessary background to understand what went on and how it happened."

I did not claim that I would have done any better, nor that I understand the details of how the pilots reaction to various conflicting warnings and instrument inconsistencies led them to not recover the plane from stalling.

But what I am absolutely certain of is that having an autonomous system throw back the controls to humans under "difficult" conditions is a recipe for disaster. And equally for cars the conditions that are unlikely to be handled well, such as an unexpected conflict of sensors while approaching a junction, blind bend, etc, will leave the human operator with bugger-all time to come to terms with being in control, let alone to apprise the situation and react accordingly.

So why even consider that case? Maybe so the car manufacturers can pin the blame for out-of-capability accidents upon the meat sack failing to drive correctly...

1
1
Paul Crawford
Silver badge

Re: @Phil Dude

Folk who care about edge cases are the sort you want working on safety-critical stuff! Typically they are the ones to trust your well-being to. As for reliability, the current US death rate is around 1-2 per 100 million miles driven, or about 150-250 per million vehicle - years:

http://www.census.gov/compendia/statab/2012/tables/12s1103.pdf

So an autonomous car has to be pretty good to match that. Sure humans do really dumb things, and they are easily distracted, etc, which probably covers a good 90% or so of those deaths. But cars have to at least match that 2E-8 fault/mile figure under real-world conditions to be taken seriously.

2
1
Paul Crawford
Silver badge

Re: @Crisp

"Well, if it resembles auto-pilot systems (such as those on the Airbus), the correct fall-back would be manual control by the driver"

Yes, and look how well that worked out for AF447 after all!

See that is the problem, if it can't cope near-perfectly with anything on the roads your screwed. You won't be sitting there with full concentration all the time "just in case" - otherwise you might as well be driving. And in the event of an unhanded exception as car has seconds to impact, not the minute or two the startled pilots of AF447 had.

6
1
Paul Crawford
Silver badge

Re: @Crisp

Robots in a factory doing precisly defined work is one thing, and they work really well. Its the uncertainty in what a real road will throw at the system that matters, and how it copes.

Also I think it is moronic to have the assumption of "phone home" operation. What if you loose connectivity or the central servers go down for whatever reason? Does your car just stop?

So then what if someone simply jamms the radio for a short while to stop you and rob you?

6
2
Paul Crawford
Silver badge

Re: Not a problem solved

If it is a 10% driving failure it is not "annoying" but "potentially fatal".

4
1

Watchdog slaps American Apparel's youthful naked arse

Paul Crawford
Silver badge

Having looked at that link I feel quite dirty now :(

I should have noticed it as the Daily Fail.

5
1

OpenSSL preps fix for mystery high severity hole

Paul Crawford
Silver badge

Re: @tnovelli

You seem to forget that C was largely created to be a systems language in order to write UNIX in the 70s. Do you really think an OS written in assembler would be a better idea?

Of course, the other side of a "systems" tool is it lets you do things that might not be smart, even though you might just need to that sort of thing inside an OS. Common mistakes relate to memory usage (not bound-checking, use after freeing, etc) and the notorious printf()-like calls that can really mess things up on the same basis (it relies on you telling it correctly what type of arguments are being passed).

Wile other languages take away your ability to make some of those mistakes, much of those problems are now managable if only folk would use the C-language tools that are already out there! Static analysis tools (e.g. Coverity) and using maximum warnings from your compiler (gcc can now check printf formats, and please us snprintf() to force memory length restrictions) will help if you are willing to take the time to check what they are squaking about, and fix it.

6
0

Let's talk about the (real) price of flash and spinning disks

Paul Crawford
Silver badge

Re: Prices for flash are wrong

"To be fair, a consumer-grade flash drive (with SATA interface) is only 10x the $/GB of a SATA hard disk"

It was mentioned, and for fairness it also has costing for both "consumer" and "enterprise" SATA disks (really, use the SAS version for high-capacity HDD for various reasons to do with reliable identification and proper command queuing, but the pricing is not so different these days).

0
0
Paul Crawford
Silver badge

Re: IOPS

There is no "one size fits all" unless price is no object. For your use-case you have to decide how much IOPS you need, how much data you need to store, and how much money you are prepared to spend.

I suspect the majority of users would currently be best served by a combination of HDD and flash. Some file systems like ZFS have built-in support for using separate storage for write intent logs, so using flash for that is a very cost-effective gain on the write side. For reading you can also have read-optimised SSD for the cache to help with frequently accessed data. Other systems also support data tiering so you can balance cost and performance in an intelligent way. The Devil is often in the detail.

3
0
Paul Crawford
Silver badge

Re: Power?

"SATA 50p per gig per year"

So my home RAID with 12TB protected space from 5*3TB HDD is going to cost me £6000 per year in power! Are you quite sure?

1
0

Gamers! Ransomware will scramble your save files unless you cough up $1,000

Paul Crawford
Silver badge

Re: AV

If you don't need the last few percent of performance, then running Windows in a VM seems a pretty good way of putting off a lot of the smarter malware in case you are analysing it.

Also the ability to make a copy of a VM and restore operating in minutes, rather than hours (the old install Windows, reboot, patch it, reboot, install your software, find license keys, restore data files, etc) is also great.

3
1

I BEG YOU, mighty Jobs, TAKE MY LIVER, Cook told Apple's dying co-founder

Paul Crawford
Silver badge

I think is from this: http://en.wikipedia.org/wiki/Visible_Human_Project

0
0

RIP Sir Terry Pratchett: Discworld author finally gets to meet DEATH

Paul Crawford
Silver badge

Sad to hear, his books provided a lot of entetainment over the years :(

4
0

ACLU files new lawsuits in hunt for police 'Stingray' mobe-trackers

Paul Crawford
Silver badge

Re: ACLU = AssCLowns Unlimited

Gee, so you are happy to have secret evidence gathering against you? You know, without any discussion by the folks who make the laws (i.e. your elected representatives, and I mean all of them and not just a select few on secretive committees) and the public they are supposed to represent, nor by your defence lawyer should you find yourself accused of some crime?

I, and probably most of El Reg's commentards, have no problem with legal interception when it is done based on probable cause and with judicial oversight. If this equipment is gathering data on others who are not involved in the targeted operation that is no big deal as long as all such data is deleted afterwards and not misused outside of the scope of the investigation.

What I do have a problem with is the current trend to assuming EVERYONE is guilty so worthy of surveillance and endless data retention, and that our judges and politicians are not telling us about this so we can have a democratic system in place.

12
0

Ouch! Google crocks capacitors and deviates DRAM to root Linux

Paul Crawford
Silver badge

Double the cost?

Really? ECC memory costs more, but typically 20% and the RAM is often only a fraction of the machine cost.

True, proper servers cost a lot more than desktops, but there are other factors in that cost such as dual PSU options, easier to change fans, hot swappable HDD, etc, (and probably a bit of profiteering as well).

3
1

Nothing says 'Taliban' quite like net neutrality, eh, EU Digi Commish?

Paul Crawford
Silver badge

Ass-hat

Not just him, but anyone who has a car the depends on internet access for safety deserves to be dismissed and the design scrapped. Have you tried getting even GPRS around a large number of rural roads in hilly areas?

6
0

Forums