Feeds

* Posts by Paul Crawford

1610 posts • joined 15 Mar 2007

YES: Scotland declares independence ... from the dot co dot uk empire

Paul Crawford
Silver badge

Re: Not an ISO 3166 code

Same country code most likely, just like USA & Canada do.

4
0
Paul Crawford
Silver badge
Unhappy

Re: re. " ... the chains of digital bondage"

Given the way the MSPs went ever further than the UK's "extreme porn" bill, then yes they will because a portion of them are small-minded petty Calvinists and a lot of rest think too much of the opinions of the Daily Fail and similar.

3
0

Hackers' delight: Hotel cyber-cafe, er, business centers, apparently – US Secret Service

Paul Crawford
Silver badge
FAIL

Eh? Only some?

"some business centre computers may have taken the safeguard of not allowing anyone to log in with Administrator rights"

I leave it as an exercise for El Reg readers to determine one of the key problems here.

1
0

Get an EYEFUL OF CURRY for the sake of your brain

Paul Crawford
Silver badge
Coat

Re: Turmeric's not a root ...

The root of all eyeful?

Mine has the book of bad puns in the pocket...

21
0

Adobe Flash: The most INSECURE program on a UK user's PC

Paul Crawford
Silver badge
Unhappy

Re: Isn't it great...

Still getting the "security" updates for version 11x on Linux using apt-get (Ubuntu) as they never supported anything later. Unless of course it is embedded in Chrome for Linux (with added Google spy-ware).

Adobe is such a crap company...

12
0

Thought PCs were in the toilet? They're STILL eating Apple's lunch

Paul Crawford
Silver badge

Profits?

How do Apple rank in terms of PC-based profits? I'm guessing that is a more useful measure if you are a shareholder.

3
3

Global protest calls for canning SOPA-by-stealth treaty's IP bits

Paul Crawford
Silver badge

Whether it makes a difference or not is largely irrelevant.

The simple fact that such profound policy-making is being negotiated in secret, save for industry pressure organisations, is an affront to democracy world-wide and for that reason alone it deserves to die.

11
0

Virgin Media goes titsup AGAIN. The cause? Yet MORE DNS strife

Paul Crawford
Silver badge
FAIL

DNS and "filtering"?

Any coincidence I got an email from them yesterday telling me I could enable the (largely pointless and broken) content filtering supposedly there to protect the children?

As for other comments, I was OK as I use the older modem-only device and my own router with OpenDNS.

This article might be of interest to the educated reader when wondering why the gov took such an about-turn on the merits (or lack of) filtering after their own consultation rejected it:

https://torrentfreak.com/the-copyright-lobby-absolutely-loves-child-pornography-110709/

11
0

Standby consumes MORE POWER THAN CANADA: IEA

Paul Crawford
Silver badge

Re: Heat

Yes & No.

Of course heat is the end product of all losses, but if you have a ~100W device on full power device that heats the touchable case by ~20C above ambient to dissipate said heat, you will hardly notice if it is down to 5W, 1W or 0.2W when on stand by without a lot of careful measurement as you would be looking at order of 1C or less.

5
0

That AMAZING Windows comeback: Wow – 0.5% growth in 2015

Paul Crawford
Silver badge

Re: @h4rm0ny

"ignoring the cause of these things - which are that XP has a far weaker security model than Vista onwards which is really what causes people and processes to need to be admin by default."

No, the problem is a legacy one that MS allowed, and in some cases encouraged, bad security practice so they ended up with an OS that could not be properly secured because the software for it assumed all sorts of privileges that were removed by Vista and later to make things better.

I have at least one package that I can't run on XP without admin, or on later, because it needs to modify registry keys (now secured) for f-all reason.

Do I change OS and pay ~£1k for the latest version (and also change code using it), or so I run XP in a VM just for that job?

Yes, Windows 7 is a whole lot better OS than XP, but that is not going to make up for the sort of business legacy that is the reason folk use Windows in the first place.

5
0

Report: UK.gov wants to legislate on comms data BEFORE next election

Paul Crawford
Silver badge

What is missing from such a statement is how old most of the useful data is. Do the police request data for 1 week before the reported/alleged criminal incident? 1 month? 3 months?

I think other EU states have a 6 month retention period which I suspect is more than enough for most cases, as a judge can always request an on-going recording of data on any that is an on-going investigation.

3
0

USA to insist on pre-flight mobe power probe

Paul Crawford
Silver badge

Do they still ask if you committed war crimes in 1939-45?

Did anyone ever confess?

3
0

You 'posted' a 'letter' with Outlook... No, NO, that's the MONITOR

Paul Crawford
Silver badge
Unhappy

Re: @AndrueC

Alas - fixing broken email clients is often the reason for the call :(

2
0

Qualcomm fires DMCA shotgun at alleged code thieves on GitHub – including itself

Paul Crawford
Silver badge

Re: "Presumed innocent until proved guilty"

Presumed innocent unless proved guilty.

An important distinction.

2
0

Austrian Tor exit relay operator guilty of ferrying child porn

Paul Crawford
Silver badge

Re: Great

Child porn is always a good way of silencing debate in a privacy issue. As is terrorism. Something governments are all to happy to use when promoting yet more invasive spying on our lives.

Please ignore the man behind the curtain.

39
2

Big Java security fixes on the way – but not so fast, Windows XP users

Paul Crawford
Silver badge

Upgrade to Vista?!

Too cruel a punishment for holding on to XP! Really, if upgrading go to 7 and do not pass TIFKAM.

Or, unless you really need it, uninstall Java. Most home users simply don't.

3
0

What do we want? CAT VIDEOS! How do we get them? TOR!

Paul Crawford
Silver badge

Re: "Only terrorists want privacy. Apparently."

And politicians. Often those who were fiddling their expense accounts...

6
0

Distributed Linux OS wizards CoreOS release first commercial product

Paul Crawford
Silver badge
FAIL

Re: What part of distributed did you not understand?

Maybe the bit when I said: "that might be part of the overall system design and fail-over strategy for cloud use"

Either way, you still have to migrate running jobs off a given machine/kernel in order to have it updated when traditional Linux could often be kept going.

0
0
Paul Crawford
Silver badge

Update all at once?

That makes sense for laptops, etc, which get powered up/down irregularly so having two root partitions that toggle once safely updated makes sense.

But for a main OS then every update means a reboot. OK, that might be part of the overall system design and fail-over strategy for cloud use, but you can say goodbye to updating just a broken library, etc, with the rest of the machine (or at least that kernel) and running processes keeping going.

0
0

Remaining Snowden docs will be released to avert 'unspecified US war' – ‪Cryptome‬

Paul Crawford
Silver badge

Re: @Matt Bryant

A number of folk had a good idea of what NSA & GCHQ were up to, but were labelled as tin-foil hat wearing nutters by the press in general. That label turned out to be wrong.

The same goes for the degree of cooperation between USA-based corporations and the NSA. True, they had little choice in most cases but they hardly bleated when being paid for services rendered, and only made a lot of noise now they are loosing business world-wide due to the distaste about the dragnet operations.

I certainly don't approve of the whole-sale release of information that puts informants lives at risk, but equally I can't see another way of persuading the public to notice what is done in their name, and with (some of) their taxes.

24
3
Paul Crawford
Silver badge

Re: Cryptome

The issue is not about releasing classified information for the hell of it.

It is about showing the public when they have been lied to by the leaders, or in a number of cases where the (majority) of leaders have, it appears, been lied to by the agencies that are supposed to be under their control.

Can you suggest a better route to defining what those agencies should be doing? So far our leaders have not been willing or able to, or are in favour of that but not telling us.

The success of democracy depends on an informed public, and if we are not being told honestly the magnitude and general nature of such activities, we are not able to exercise that right.

17
5
Paul Crawford
Silver badge

Reading too much in to it?

The reference to "war" might be nothing to do with real guns & bombs war but something related to silencing those who are doing the (fairly responsible) releasing so far. Recently Cryptome have been a bit paranoid about site access, etc, though maybe with good reason.

Time will tell.

13
2

Windows Server 2003 end of life: Plan your WS2012 migration now

Paul Crawford
Silver badge

Re: AC's

Sh! <quiet voice> It is the same one </quiet voice>

2
0

Attackers fling Stuxnet-style RATs at critical control software in EUROPE

Paul Crawford
Silver badge
FAIL

Lessons of history, etc...

Put stuff on internet, watch it get hacking attempts.

Put critical stuff on internet, use software that was developed historically for stand-alone use, find patching said system is a major PITA because the hardware etc out live the software development cycle time-scale, and watch it get hacked.

Again, and again.

7
0

Patch looks like Microsoft FAIL, quacks like FAIL, is actually quite good

Paul Crawford
Silver badge

Re: Did you get the memo?

I know Vista is on security updates only mode, but given this was described as it "further enhances the security of Windows Update" I wondered why that was not covered.

Thankfully I personally don't have to deal with Vista on a daily basis, my own needs (which are not internet-facing) are covered by XP in a VM.

1
0
Paul Crawford
Silver badge
Windows

Vista?

What about the few sad folk still unable to avoid suffering from Vista, is that not still considered a supported OS?

1
1

Google pries open YOUR mailbox, invites developer partners

Paul Crawford
Silver badge
Thumb Up

Re: In the year...

Well played!

2
0

Daddy, what will you do in the new security wars?

Paul Crawford
Silver badge

Re: @DropBear

You are not the target audience, it is for Mr & Mrs Average and their family/friends/workmates who have little or no legitimate need to install or configure software on a daily basis.

Simply forcing them to log-out and back in with an Admin account is often enough to make them pause and ask "Is this really a wise thing to do?"

2
0

ARRRRR. Half world's techies are software PIRATES – survey

Paul Crawford
Silver badge

Most software is pants for security. But its not uncommon for key generators and hacked versions of popular software to have a "little extra" inserted.

1
0
Paul Crawford
Silver badge

Questionable value

"The survey estimated around $62.7bn worth of unlicensed software had been used last year."

Except almost all of that use would just vanish or be replaced by FOSS if the end users had to pay the full price for things on which this valuation is based.

Personally I am not going to support folk using cracked versions of software. If you don't want to pay in cash then use software that is licensed as free. If all of those pirates were to do that, I suspect BSA members would be even more worried...

32
1

Microsoft is still touting Android smartphones – meet the new Nokia X2

Paul Crawford
Silver badge

Re: Target Market ?

It sounds pretty good in many ways, I can think of a few friends who would pay for this!

I would as well, if I didn't have a fairly new Moto-G to fondle for a while.

1
0

Snowden defends mega spy blab: 'Public affairs have to be known by the public'

Paul Crawford
Silver badge
Trollface

Re: @Matt Bryant

I think you will find it is the smart ones who are concerned by the over-reaching mind set of NSA/GCHQ/etc.

The dumb one of which you speak are too busy watching Big Brother/TOWIE/Geordie-whatever to care about that is being done in their name.

Have a down-vote, we all know you need some masochistic pleasure now you don't have Sun Microsystems to rant about.

19
3
Paul Crawford
Silver badge
FAIL

Re: jail sentence

So AC, you think that today's world is just like WWII when Hitler was crushing people across Europe and committing genocide on those groups he did not like?

If you feel so happy about mass surveillance and gov organisations that act as if they are beyond the reach of the law, why are you posting as AC? Fancy a bit of privacy, perhaps?

44
4

David Cameron wants mobe network roaming INSIDE the UK

Paul Crawford
Silver badge

Really?

"It introduces an incentive to “do a Netflix” and lobby regulators rather than invest in their own capacity and backhaul"

As if there is any incentive in these areas to invest in infrastructure anyway?

Lets face it, roaming works perfectly well for those on overseas SIM cards who do get to roam between UK network operators and they manage to deal with that OK. Same with banks using each other's ATM for customer service, they somehow manage to work out a financial compensation arrangement that makes it worth while.

I for one am 100% in favour of forcing this as the current status in sparsely populated areas is you are lucky to get any signal, let alone 3G, and it is not getting any better under the current business plans.

6
0

DISPLAY DESTRUCTION D'OH! Teardown cracks Surface Pro 3 screen

Paul Crawford
Silver badge

Sad

Not just MS of course, but the whole business model where you basically throw it all away in a few years once you find that repairing it is way too expensive even for parts like batteries that have finite known life.

Makes me wish that the EU or someone would introduce a legal requirement for a 5 year warranty so that suppliers had to up the game in terms of MTBF and/or make repairs a cost-effective options once more.

I'm personally willing to give up a few mm of thickness to gain that cost saving and landfill reduction.

51
1

Traffic lights, fridges and how they've all got it in for us

Paul Crawford
Silver badge

Re: Liability

The point is not that someone did something stupid like not change the default password when prompted, it is when:

1) The user is not subject to any reasonable attempts to point this out to them, or

2) Said password can't be changed (looking at you Siemens' SCADA equipment), or

3) Software supplied is subject to a known flaw (e.g. Heartbleed) and they DO NOTHING to fix it.

All software has bugs, the issue is not that this will happen but that there will be lots of stuff that is simply not fixed because the manufacturers are too incompetent to do so, or just want to sell you another one.

If they were held liable for, say 5 years, after the product was on sale and for all bugs not fixed after a reasonable notification time (like the suggested 30 days), then maybe they would take it a bit more seriously. Of course it would cost a little more, but think of how much better we would all be if the race to the bottom on development, testing and support was halted in the name of security.

0
0

AT&T plays Game of Thrones: Every bit as ruthless as HBO version

Paul Crawford
Silver badge

Re: You win or you die.

More likely that US consumers get a screwing.

5
0

Hackers reverse-engineer NSA spy kit using off-the-shelf parts

Paul Crawford
Silver badge

Re: Secret Tech

Also a lot of these tools need physical access to fit them to the victim's computer. Generally speaking, if the bad guys have breached your physical security then you don't have much chance anyway. Also that ups the ante quite a bit, as someone (even if a corrupt employee) is there doing the fitting and risking jail-time it caught by CCTV, observant staff, security checks, etc.

2
0

Google, Microsoft to add remote KILL switch to phones

Paul Crawford
Silver badge

Re: And what's the real subtext here...?

The networks are already able to block phones if they really want to. Even if they don't use the IMEI to block like they do in Europe, they can keep killing your subscriber account.

This just makes the phone more obviously blocked so it can't be as easily or profitable re-sold. Of course there will be ways round it, but make it too much trouble and eventually the druggies, etc, doing the robbing will realise its not such a pot of gold (or heroin) after all.

4
0

Oracle shares pummeled after giant reports glacial growth

Paul Crawford
Silver badge

Re: SaaS, PaaS

Nope, all of the [X]aaS models are about locking you in to a steady revenue.

Unless you are too small to make having an IT support person worth it, or have such a variable service demand that buying peak-demand is too expensive, then just avoid it!

3
0

Microsoft to let customers know where Office 365 is going

Paul Crawford
Silver badge

Roll up, roll up!

Bet your business on our service that we can and will change without any choice on your behalf!

Of course we won't do anything stupid to upset you. It not like we would foist a universally disliked UI paradigm on all customers, even though the majority fed back a dislike of it, would we?

7
3

Mobe battery flat? These ELECTRIC PANTS will pump things up

Paul Crawford
Silver badge

The Wrong Trousers?

How compatible with other inductive phones will these wonder-pants be?

Cheese Gromit!

4
0

GCHQ to share threat intel – and declassify SECRET inventions

Paul Crawford
Silver badge

Re: Backdoors anyone?

Better or worse than closed source software from companies based in countries known to spy on us?

10
1

Top Canadian court: Cops need warrant to get names from ISPs

Paul Crawford
Silver badge

Re: No sympathy.

There are two separate issues that the court seem to rightly have asserted : firstly that IN GENERAL the police, or anyone else, needs a warrant for such private information. That is the whole point of judicial oversight. The second point you appear to have overlooked is the court also ruled that in spite of this point, the evidence in this case stands.

Overall this is a triumph of common sense.

37
1

Tech companies are raising their game (and pants) post-Snowden

Paul Crawford
Silver badge

"The goal here isn’t to keep the NSA out, because realistically they will find a way in if they really care about you. The goal is to raise the cost so that bulk surveillance becomes impossible."

Amen to that. We all knew spy organisation perform spying activities, but we thought/hoped it was targeted on the basis of probable cause and court oversight. By raising the cost of doing so, it becomes targeted again, court or no court.

The other aspect of this is likely to be a general improvement in security practice, something that also helps against access by foreign gov (for any given definition of "foreign" that fits) and criminal hackers.

6
0

So, what exactly defines a 'boffin'? Speak your brains...

Paul Crawford
Silver badge

Re: Biological sciences

I suspect that biological sciences produce too many who might have been boffins, but end up as "mad scientists" due to feeling the need for a personal Igor to assist in the lab.

2
0
Paul Crawford
Silver badge

Re: The socks have it

@Lester Haines - agreed, the deci-Pyke is better, and in keeping with the decibel.

@Gray Ham - It helps to name things after dead folk, as there is no risk of them returning to a normal low-energy non-boffin state.

3
0

Israel develops wireless-malware-injection-by-smartmobe tool

Paul Crawford
Silver badge

Re: This is quite credible

Er, no. A typical PC is pretty immune to mobile phone signals, otherwise it simply crashes. What you are thinking of is interference to the audio systems, but that counts for nothing really (bar spoiling your YouTube videos, etc).

As already stated, it is easy with lots of power to crash a PC but much harder, to the point of being virtually impossible, to crash selective sections. And the PC is already in a Faraday cage, called its box.

An attack based on bluetooth/wifi is much, much more likely as a large number of PCs have those enabled by default and mobile phones can communicate with them. Even if logically "off" it is quite likely that the protocol stack has vulnerabilities that can be exploited to access the PC.

Hell, I once managed to wipe the boot sector of an XP PC when developing a USB peripheral while using MS' own stack and drivers. So if it can be done there, I have no doubt it is at least theoretically possible with wifi/bluetooth if the hardware is on and listening, even if not supposedly used.

2
0
Paul Crawford
Silver badge

@knarf

Do you know anything about what you are talking about?

Buffer overruns and similar attacks (e.g. mal-formed pictures) require you to actually get the have the PC do something with the data that is subject to a lack of validation. That is simply not possible with a sound system bar, perhaps, voice-to-text-to-command conversion which is hardly likely.

Same for other routes, to actually inject data to a system that is not expecting it (wired network, USB cable, etc) needs a LOT of energy, not something that is going to go unnoticed and not something you will get from a mobile phone meters away.

First time I got an ESD test gun I did the obvious - ignored the instructions, wound it up to maximum (above 18kV) and tried it on my PC. It was fine, but I crashed an old (pre-EMC regulations) PC in the adjacent office.

To do so took a lot of peak power, and it is virtually impossible to induce such a crash in a controlled manner to exploit it. It is not like a buffer overrun where you can inject code in a specific place, you induce data/address corruption in a GHz clocked PC and you have no idea of just where it is going to bork at.

1
0

Kids hack Canadian ATM during LUNCH HOUR

Paul Crawford
Silver badge
WTF?

Security through Obscurity

Fails one again...

Default (or lame) administrator passwords in this day and age?

13
0