Feeds

* Posts by Paul Crawford

1673 posts • joined 15 Mar 2007

NO TIME to read Facebook? Delegate the task to your FUTURE SELF

Paul Crawford
Silver badge
Unhappy

Alternatively...

I got fed up of the endless stream of pointless re-posting of crap and generally depressing updates from my "friends" on trivia and decided to ignore it completely for a while. Anyone who really needs to contact me can use email, or better still actually call and talk to me.

If FB is important enough to you, try the F.B.Purity add-on for Chrome & Firefox, it makes the current website a touch more bearable. Sadly it won't deal with idiots polluting your news feed.

2
1

New BOMB detect-o-tech 'could give sniffer dogs competition': TRUE

Paul Crawford
Silver badge

Re: @Crazy Operations Guy

"get a copy of a terrorist handbook and make it the same way that they do"

Thanks, but no. I'd rather keep my limbs if you don't mind...

If you really like stuff that is not nice to handle (for various reasons), just Google for "Things I won't work with" (for Derek Lowe's blog).

2
0

Cave pits, ideal for human bases, FOUND ON MOON

Paul Crawford
Silver badge
Paris Hilton

Re: Venezuelan Beaver Cheese?

I am simultaneously intrigued and horrified by the prospect of tasting Venezuelan Beaver Cheese.

2
0

MARS NEEDS OCEANS to support life - and so do exoplanets

Paul Crawford
Silver badge

Not oxygen?

I think the original commentard was referring to this:

http://en.wikipedia.org/wiki/Great_Oxygenation_Event

Cyanobacteria are postulated to be the cause of the first major organism extinction as they produced plentiful O2 by photosynthesis which is toxic to obligate anaerobes.

So the first life on Earth did not need atmospheric oxygen, but of course it did need it bound with hydrogen in water.

6
0

US judge: YES, cops or feds so can slurp an ENTIRE Gmail account

Paul Crawford
Silver badge

Re: What is the point of a warrant?

There is little you can do about limiting reading to pairs of keys, as with email you have to be able to read it stand-alone from the other person being present. So with encrypted traffic either party can decrypt it, or its no good. You are always one of the two parties even when many others with different keys are present.

A much simpler and easier option is for the police to ask the judge "We believe that ABC and XYZ were involved in criminal actives between START and STOP dates, please can we get those emails?" and the judge to get a 3rd party to filter both ABC and XYZ's emails for the period START-STOP for communications each other.

Job done, police can look for the specific info the believe is needed to clinch prosecution and 3rd parties are not having their privacy invaded.

0
0

Snowden wants YOU – yes, YOU – to build spy-busting tech

Paul Crawford
Silver badge
Big Brother

Re: There's a peculiar phenomenon at work here ...

That is exactly my concern. Today I don't really have anything to fear from what GCHQ know about me, but can you imagine what would happen in a few years of the likes of the BNP/UKIP got in to power and started looking for anyone who was a "threat" to their propaganda and monitoring of Joe Public to find them?

Same here for most El Reg readers - dangerous intellectuals with an interest it technology...

0
0

UN to Five Eyes nations: Your mass surveillance is breaking the law

Paul Crawford
Silver badge

Re: @Roj Blake

You might also want to include the "USA" in how it dealt with the native Indians (not to mention the first appearance of prisoner camps in the civil war), and the Spanish in various south America countries.

Not to mention government-church sanctioned massacres throughout Europe in the late middle ages, oh yes, and that bit of bother caused by the Romans earlier...

A few nutters have nothing on the ability of national organisation to cause suffering.

18
0
Paul Crawford
Silver badge

Re: Dangerous precedent

I think the Nuremberg trials established that simply obeying orders and laws is not an acceptable defence against actions that are clearly morally abhorrent.

By implication, those who speak out and act against said actions should be protected against perverse laws or illegal orders.

It is the whistle-blower's charter on a grand scale: If you have evidence of wrong-doing you should not be punished for revealing it, but that is kind of hard when the evidence is against the government who is also in charge of the trial & punishment.

43
1

Crooks fling banking Trojan at Japanese smut site fans

Paul Crawford
Silver badge
Paris Hilton

Re: References

Dunno, maybe they like that sort of thing?

Had a quick shuffle over to ppv.xxxurabi.com but damn - its all in Japanese! Other than the NSFW images of course...

0
0

Microsoft: You NEED bad passwords and should re-use them a lot

Paul Crawford
Silver badge

Unless your PC is also compromised, then said kiddy-porn or terrorist postings would be traced back to other IP addresses where it was logged in under control of the hackers.

The bottom line is people are shit at security, and some things (like regular password resets[1]) don't help at all. What MS recognise is that not all accounts are equal, and the consequences need to be weighed up against the effort of remembering passwords.

[1] Assume that you are forced to change password one per year, as my work proposes. If your password has been randomly compromised then the mean time to exploit it is 6 months. Just how long does a hacker need to have it to install a trojan and/or create another account for mischief?

So why bother unless there has just been a major breach and they KNOW that everything has to be reset?

49
0

Voteware source code review 'could lead to hacking'

Paul Crawford
Silver badge

@Fluffy Bunny

I would have though that hard coding the login credentials (as in SSH key, etc) to the source code would be a BLOODY STUPID thing to do. He asked for the code, not the cryptography keys. There are numerous open-source projects that don't get magically hacked because they are fully inspected by all.

And if, as you suggest, there are dozens of ways to break this then it is clearly not good enough for an important job such as vote-counting. At the very least it should have been subject to more than one security review by competent outfits and the result published after the flaws have been fixed (and not those with any ties to the supplier).

16
0

Delaware pair nabbed for getting saucy atop Mexican eatery

Paul Crawford
Silver badge

Re: At least...

Oh you just had to slip that one in...

3
0

NIST told to grow a pair and kick NSA to the curb

Paul Crawford
Silver badge

Re: Until key length equals...

Oh yes. And just how do you distribute said one-time pads securely to the world+dog for use?

That is the point of practical cryptography, to make stuff "secure enough" while still being practical to use from a key management and encoding/decoding effort point of view. If you run a web server with limited resources, you don't really relish everyone going to 16k key lengths for access to videos of cats, etc.

Even with 128 bit keys, if implemented properly and used by all, the effort of breaking it would overwhelm the TLAs. That is why they sought to get the private keys by other means. Of course, if targeted by a gov or major criminal organisation so a lot of resources can be target at only your messages then 128 bits is clearly not enough, but you need to put usage in to perspective.

3
1

YES: Scotland declares independence ... from the dot co dot uk empire

Paul Crawford
Silver badge

Re: Not an ISO 3166 code

Same country code most likely, just like USA & Canada do.

4
0
Paul Crawford
Silver badge
Unhappy

Re: re. " ... the chains of digital bondage"

Given the way the MSPs went ever further than the UK's "extreme porn" bill, then yes they will because a portion of them are small-minded petty Calvinists and a lot of rest think too much of the opinions of the Daily Fail and similar.

3
0

Hackers' delight: Hotel cyber-cafe, er, business centers, apparently – US Secret Service

Paul Crawford
Silver badge
FAIL

Eh? Only some?

"some business centre computers may have taken the safeguard of not allowing anyone to log in with Administrator rights"

I leave it as an exercise for El Reg readers to determine one of the key problems here.

1
0

Get an EYEFUL OF CURRY for the sake of your brain

Paul Crawford
Silver badge
Coat

Re: Turmeric's not a root ...

The root of all eyeful?

Mine has the book of bad puns in the pocket...

21
0

Adobe Flash: The most INSECURE program on a UK user's PC

Paul Crawford
Silver badge
Unhappy

Re: Isn't it great...

Still getting the "security" updates for version 11x on Linux using apt-get (Ubuntu) as they never supported anything later. Unless of course it is embedded in Chrome for Linux (with added Google spy-ware).

Adobe is such a crap company...

12
0

Thought PCs were in the toilet? They're STILL eating Apple's lunch

Paul Crawford
Silver badge

Profits?

How do Apple rank in terms of PC-based profits? I'm guessing that is a more useful measure if you are a shareholder.

3
3

Global protest calls for canning SOPA-by-stealth treaty's IP bits

Paul Crawford
Silver badge

Whether it makes a difference or not is largely irrelevant.

The simple fact that such profound policy-making is being negotiated in secret, save for industry pressure organisations, is an affront to democracy world-wide and for that reason alone it deserves to die.

11
0

Virgin Media goes titsup AGAIN. The cause? Yet MORE DNS strife

Paul Crawford
Silver badge
FAIL

DNS and "filtering"?

Any coincidence I got an email from them yesterday telling me I could enable the (largely pointless and broken) content filtering supposedly there to protect the children?

As for other comments, I was OK as I use the older modem-only device and my own router with OpenDNS.

This article might be of interest to the educated reader when wondering why the gov took such an about-turn on the merits (or lack of) filtering after their own consultation rejected it:

https://torrentfreak.com/the-copyright-lobby-absolutely-loves-child-pornography-110709/

11
0

Standby consumes MORE POWER THAN CANADA: IEA

Paul Crawford
Silver badge

Re: Heat

Yes & No.

Of course heat is the end product of all losses, but if you have a ~100W device on full power device that heats the touchable case by ~20C above ambient to dissipate said heat, you will hardly notice if it is down to 5W, 1W or 0.2W when on stand by without a lot of careful measurement as you would be looking at order of 1C or less.

5
0

That AMAZING Windows comeback: Wow – 0.5% growth in 2015

Paul Crawford
Silver badge

Re: @h4rm0ny

"ignoring the cause of these things - which are that XP has a far weaker security model than Vista onwards which is really what causes people and processes to need to be admin by default."

No, the problem is a legacy one that MS allowed, and in some cases encouraged, bad security practice so they ended up with an OS that could not be properly secured because the software for it assumed all sorts of privileges that were removed by Vista and later to make things better.

I have at least one package that I can't run on XP without admin, or on later, because it needs to modify registry keys (now secured) for f-all reason.

Do I change OS and pay ~£1k for the latest version (and also change code using it), or so I run XP in a VM just for that job?

Yes, Windows 7 is a whole lot better OS than XP, but that is not going to make up for the sort of business legacy that is the reason folk use Windows in the first place.

5
0

Report: UK.gov wants to legislate on comms data BEFORE next election

Paul Crawford
Silver badge

What is missing from such a statement is how old most of the useful data is. Do the police request data for 1 week before the reported/alleged criminal incident? 1 month? 3 months?

I think other EU states have a 6 month retention period which I suspect is more than enough for most cases, as a judge can always request an on-going recording of data on any that is an on-going investigation.

3
0

USA to insist on pre-flight mobe power probe

Paul Crawford
Silver badge

Do they still ask if you committed war crimes in 1939-45?

Did anyone ever confess?

3
0

You 'posted' a 'letter' with Outlook... No, NO, that's the MONITOR

Paul Crawford
Silver badge
Unhappy

Re: @AndrueC

Alas - fixing broken email clients is often the reason for the call :(

2
0

Qualcomm fires DMCA shotgun at alleged code thieves on GitHub – including itself

Paul Crawford
Silver badge

Re: "Presumed innocent until proved guilty"

Presumed innocent unless proved guilty.

An important distinction.

2
0

Austrian Tor exit relay operator guilty of ferrying child porn

Paul Crawford
Silver badge

Re: Great

Child porn is always a good way of silencing debate in a privacy issue. As is terrorism. Something governments are all to happy to use when promoting yet more invasive spying on our lives.

Please ignore the man behind the curtain.

39
2

Big Java security fixes on the way – but not so fast, Windows XP users

Paul Crawford
Silver badge

Upgrade to Vista?!

Too cruel a punishment for holding on to XP! Really, if upgrading go to 7 and do not pass TIFKAM.

Or, unless you really need it, uninstall Java. Most home users simply don't.

3
0

What do we want? CAT VIDEOS! How do we get them? TOR!

Paul Crawford
Silver badge

Re: "Only terrorists want privacy. Apparently."

And politicians. Often those who were fiddling their expense accounts...

6
0

Distributed Linux OS wizards CoreOS release first commercial product

Paul Crawford
Silver badge
FAIL

Re: What part of distributed did you not understand?

Maybe the bit when I said: "that might be part of the overall system design and fail-over strategy for cloud use"

Either way, you still have to migrate running jobs off a given machine/kernel in order to have it updated when traditional Linux could often be kept going.

0
0
Paul Crawford
Silver badge

Update all at once?

That makes sense for laptops, etc, which get powered up/down irregularly so having two root partitions that toggle once safely updated makes sense.

But for a main OS then every update means a reboot. OK, that might be part of the overall system design and fail-over strategy for cloud use, but you can say goodbye to updating just a broken library, etc, with the rest of the machine (or at least that kernel) and running processes keeping going.

0
0

Remaining Snowden docs will be released to avert 'unspecified US war' – ‪Cryptome‬

Paul Crawford
Silver badge

Re: @Matt Bryant

A number of folk had a good idea of what NSA & GCHQ were up to, but were labelled as tin-foil hat wearing nutters by the press in general. That label turned out to be wrong.

The same goes for the degree of cooperation between USA-based corporations and the NSA. True, they had little choice in most cases but they hardly bleated when being paid for services rendered, and only made a lot of noise now they are loosing business world-wide due to the distaste about the dragnet operations.

I certainly don't approve of the whole-sale release of information that puts informants lives at risk, but equally I can't see another way of persuading the public to notice what is done in their name, and with (some of) their taxes.

24
3
Paul Crawford
Silver badge

Re: Cryptome

The issue is not about releasing classified information for the hell of it.

It is about showing the public when they have been lied to by the leaders, or in a number of cases where the (majority) of leaders have, it appears, been lied to by the agencies that are supposed to be under their control.

Can you suggest a better route to defining what those agencies should be doing? So far our leaders have not been willing or able to, or are in favour of that but not telling us.

The success of democracy depends on an informed public, and if we are not being told honestly the magnitude and general nature of such activities, we are not able to exercise that right.

17
5
Paul Crawford
Silver badge

Reading too much in to it?

The reference to "war" might be nothing to do with real guns & bombs war but something related to silencing those who are doing the (fairly responsible) releasing so far. Recently Cryptome have been a bit paranoid about site access, etc, though maybe with good reason.

Time will tell.

13
2

Windows Server 2003 end of life: Plan your WS2012 migration now

Paul Crawford
Silver badge

Re: AC's

Sh! <quiet voice> It is the same one </quiet voice>

2
0

Attackers fling Stuxnet-style RATs at critical control software in EUROPE

Paul Crawford
Silver badge
FAIL

Lessons of history, etc...

Put stuff on internet, watch it get hacking attempts.

Put critical stuff on internet, use software that was developed historically for stand-alone use, find patching said system is a major PITA because the hardware etc out live the software development cycle time-scale, and watch it get hacked.

Again, and again.

7
0

Patch looks like Microsoft FAIL, quacks like FAIL, is actually quite good

Paul Crawford
Silver badge

Re: Did you get the memo?

I know Vista is on security updates only mode, but given this was described as it "further enhances the security of Windows Update" I wondered why that was not covered.

Thankfully I personally don't have to deal with Vista on a daily basis, my own needs (which are not internet-facing) are covered by XP in a VM.

1
0
Paul Crawford
Silver badge
Windows

Vista?

What about the few sad folk still unable to avoid suffering from Vista, is that not still considered a supported OS?

1
1

Google pries open YOUR mailbox, invites developer partners

Paul Crawford
Silver badge
Thumb Up

Re: In the year...

Well played!

2
0

Daddy, what will you do in the new security wars?

Paul Crawford
Silver badge

Re: @DropBear

You are not the target audience, it is for Mr & Mrs Average and their family/friends/workmates who have little or no legitimate need to install or configure software on a daily basis.

Simply forcing them to log-out and back in with an Admin account is often enough to make them pause and ask "Is this really a wise thing to do?"

2
0

ARRRRR. Half world's techies are software PIRATES – survey

Paul Crawford
Silver badge

Most software is pants for security. But its not uncommon for key generators and hacked versions of popular software to have a "little extra" inserted.

1
0
Paul Crawford
Silver badge

Questionable value

"The survey estimated around $62.7bn worth of unlicensed software had been used last year."

Except almost all of that use would just vanish or be replaced by FOSS if the end users had to pay the full price for things on which this valuation is based.

Personally I am not going to support folk using cracked versions of software. If you don't want to pay in cash then use software that is licensed as free. If all of those pirates were to do that, I suspect BSA members would be even more worried...

32
1

Microsoft is still touting Android smartphones – meet the new Nokia X2

Paul Crawford
Silver badge

Re: Target Market ?

It sounds pretty good in many ways, I can think of a few friends who would pay for this!

I would as well, if I didn't have a fairly new Moto-G to fondle for a while.

1
0

Snowden defends mega spy blab: 'Public affairs have to be known by the public'

Paul Crawford
Silver badge
Trollface

Re: @Matt Bryant

I think you will find it is the smart ones who are concerned by the over-reaching mind set of NSA/GCHQ/etc.

The dumb one of which you speak are too busy watching Big Brother/TOWIE/Geordie-whatever to care about that is being done in their name.

Have a down-vote, we all know you need some masochistic pleasure now you don't have Sun Microsystems to rant about.

19
3
Paul Crawford
Silver badge
FAIL

Re: jail sentence

So AC, you think that today's world is just like WWII when Hitler was crushing people across Europe and committing genocide on those groups he did not like?

If you feel so happy about mass surveillance and gov organisations that act as if they are beyond the reach of the law, why are you posting as AC? Fancy a bit of privacy, perhaps?

44
4

David Cameron wants mobe network roaming INSIDE the UK

Paul Crawford
Silver badge

Really?

"It introduces an incentive to “do a Netflix” and lobby regulators rather than invest in their own capacity and backhaul"

As if there is any incentive in these areas to invest in infrastructure anyway?

Lets face it, roaming works perfectly well for those on overseas SIM cards who do get to roam between UK network operators and they manage to deal with that OK. Same with banks using each other's ATM for customer service, they somehow manage to work out a financial compensation arrangement that makes it worth while.

I for one am 100% in favour of forcing this as the current status in sparsely populated areas is you are lucky to get any signal, let alone 3G, and it is not getting any better under the current business plans.

6
0

DISPLAY DESTRUCTION D'OH! Teardown cracks Surface Pro 3 screen

Paul Crawford
Silver badge

Sad

Not just MS of course, but the whole business model where you basically throw it all away in a few years once you find that repairing it is way too expensive even for parts like batteries that have finite known life.

Makes me wish that the EU or someone would introduce a legal requirement for a 5 year warranty so that suppliers had to up the game in terms of MTBF and/or make repairs a cost-effective options once more.

I'm personally willing to give up a few mm of thickness to gain that cost saving and landfill reduction.

51
1

Traffic lights, fridges and how they've all got it in for us

Paul Crawford
Silver badge

Re: Liability

The point is not that someone did something stupid like not change the default password when prompted, it is when:

1) The user is not subject to any reasonable attempts to point this out to them, or

2) Said password can't be changed (looking at you Siemens' SCADA equipment), or

3) Software supplied is subject to a known flaw (e.g. Heartbleed) and they DO NOTHING to fix it.

All software has bugs, the issue is not that this will happen but that there will be lots of stuff that is simply not fixed because the manufacturers are too incompetent to do so, or just want to sell you another one.

If they were held liable for, say 5 years, after the product was on sale and for all bugs not fixed after a reasonable notification time (like the suggested 30 days), then maybe they would take it a bit more seriously. Of course it would cost a little more, but think of how much better we would all be if the race to the bottom on development, testing and support was halted in the name of security.

0
0

AT&T plays Game of Thrones: Every bit as ruthless as HBO version

Paul Crawford
Silver badge

Re: You win or you die.

More likely that US consumers get a screwing.

5
0