Feeds

* Posts by Paul Crawford

1617 posts • joined 15 Mar 2007

Top Canadian court: Cops need warrant to get names from ISPs

Paul Crawford
Silver badge

Re: No sympathy.

There are two separate issues that the court seem to rightly have asserted : firstly that IN GENERAL the police, or anyone else, needs a warrant for such private information. That is the whole point of judicial oversight. The second point you appear to have overlooked is the court also ruled that in spite of this point, the evidence in this case stands.

Overall this is a triumph of common sense.

37
1

Tech companies are raising their game (and pants) post-Snowden

Paul Crawford
Silver badge

"The goal here isn’t to keep the NSA out, because realistically they will find a way in if they really care about you. The goal is to raise the cost so that bulk surveillance becomes impossible."

Amen to that. We all knew spy organisation perform spying activities, but we thought/hoped it was targeted on the basis of probable cause and court oversight. By raising the cost of doing so, it becomes targeted again, court or no court.

The other aspect of this is likely to be a general improvement in security practice, something that also helps against access by foreign gov (for any given definition of "foreign" that fits) and criminal hackers.

6
0

So, what exactly defines a 'boffin'? Speak your brains...

Paul Crawford
Silver badge

Re: Biological sciences

I suspect that biological sciences produce too many who might have been boffins, but end up as "mad scientists" due to feeling the need for a personal Igor to assist in the lab.

2
0
Paul Crawford
Silver badge

Re: The socks have it

@Lester Haines - agreed, the deci-Pyke is better, and in keeping with the decibel.

@Gray Ham - It helps to name things after dead folk, as there is no risk of them returning to a normal low-energy non-boffin state.

3
0
Paul Crawford
Silver badge

Magnus Pyke's genius

I remember when he was asked what time is, and his answer was quick, funny, and at a deep level actually true: "Its the stuff produced by clocks"

9
0
Paul Crawford
Silver badge
Thumb Up

Re: The socks have it

I vote for the milli-Pyke as being a new El Reg measure!

6
0
Paul Crawford
Silver badge
Thumb Up

Agreed, to be a boffin you need to meet several requirements:

1) To perform research in to something technical.

2) Said research is to create something new and special (i.e. not just a slightly cheaper/faster phone or similar). Physics/astronomy theory might just get in there, but only if well beyond normal comprehension.

3) Points 1 & 2 are more important to said boffin than "normal" social activities. Not to say they don't enjoy a pub, BBQ, or anything similar, but are quite likely to head back to test tube-bothering at unpredictable times.

24
0

Israel develops wireless-malware-injection-by-smartmobe tool

Paul Crawford
Silver badge

Re: This is quite credible

Er, no. A typical PC is pretty immune to mobile phone signals, otherwise it simply crashes. What you are thinking of is interference to the audio systems, but that counts for nothing really (bar spoiling your YouTube videos, etc).

As already stated, it is easy with lots of power to crash a PC but much harder, to the point of being virtually impossible, to crash selective sections. And the PC is already in a Faraday cage, called its box.

An attack based on bluetooth/wifi is much, much more likely as a large number of PCs have those enabled by default and mobile phones can communicate with them. Even if logically "off" it is quite likely that the protocol stack has vulnerabilities that can be exploited to access the PC.

Hell, I once managed to wipe the boot sector of an XP PC when developing a USB peripheral while using MS' own stack and drivers. So if it can be done there, I have no doubt it is at least theoretically possible with wifi/bluetooth if the hardware is on and listening, even if not supposedly used.

2
0
Paul Crawford
Silver badge

@knarf

Do you know anything about what you are talking about?

Buffer overruns and similar attacks (e.g. mal-formed pictures) require you to actually get the have the PC do something with the data that is subject to a lack of validation. That is simply not possible with a sound system bar, perhaps, voice-to-text-to-command conversion which is hardly likely.

Same for other routes, to actually inject data to a system that is not expecting it (wired network, USB cable, etc) needs a LOT of energy, not something that is going to go unnoticed and not something you will get from a mobile phone meters away.

First time I got an ESD test gun I did the obvious - ignored the instructions, wound it up to maximum (above 18kV) and tried it on my PC. It was fine, but I crashed an old (pre-EMC regulations) PC in the adjacent office.

To do so took a lot of peak power, and it is virtually impossible to induce such a crash in a controlled manner to exploit it. It is not like a buffer overrun where you can inject code in a specific place, you induce data/address corruption in a GHz clocked PC and you have no idea of just where it is going to bork at.

1
0
Paul Crawford
Silver badge

I see no feasible way of pushing malware on to an air-gapped computer. The sort of RF power needed to flip bits is simply going to crash it. Unless it has something like wi-fi or bluetooth operating of course!

Getting data off an already infected but now air-gapped computer is within the bounds of belief, but unless you are looking at very special hardware (i.e. not a mobile phone) then the data rate would be very low as it is not so easy to get most hardware to generate a wanted modulated signal that won't be drowned by the usual chatter of data and address bus activity of both the PC and the phone (along with the usual spread-spectrum clock typically used to help meet EMC requirements).

10
1

Kids hack Canadian ATM during LUNCH HOUR

Paul Crawford
Silver badge
WTF?

Security through Obscurity

Fails one again...

Default (or lame) administrator passwords in this day and age?

13
0

Microsoft challenges US gov over attempts to search overseas data

Paul Crawford
Silver badge

Re: @Gordon 10

I think his point is the secret requests, and being paid to honour them (e.g. PRISM), were hardly discussed or much in the way of objections raised until the full extent was exposed by Snowdon, and now they find their revenue threatened so are having to grow some and challenge the legality.

12
2

AWS breaks silence over Truecrypt's role in data import/export

Paul Crawford
Silver badge

"It's a bit shocking to be honest"

What, that they had not funded such an audit themselves with that sort of a budget?

0
0
Paul Crawford
Silver badge

Re: you scratch my back and I'll spend tax payers money on you.

It depends on what you use Amazon for. If it is cloud backup then you never have to send the keys - just have the TrueCrypt volume on there, even with DropBox that works (diff sync only changes/ sends the blocks that are updated not the multi-GB file).

If its a VM running something then yes, it is fairly easy to grab the system memory while it is running.

If $SPYAGENCY with billion $CURRENCY budgets is willing to go as far as knobbling your OS via a targeted update (as opposed to a general 0-day vun or _NSAKEY style of arrangement) then you don't stand much chance anyway.

0
0

Chrome OS leaks data to Google before switching on a VPN, says GCHQ

Paul Crawford
Silver badge

Re: SELinux eh?

"a computer not connected to the internet"

Yes, that makes for a very useful smartphone...

10
0
Paul Crawford
Silver badge
FAIL

Re: SELinux eh?

So, when faced with the two choices:

1) Trust me, and here is the NSA-supplied code to review

2) Trust me, I'm a big US company with NSA connections.

Which do you prefer?

13
0

DOCX disaster recovery: How I rescued my wife from XM-HELL

Paul Crawford
Silver badge
Unhappy

I have had errors on trying to save in Word saying the document was too big to save - think some corrupted embedded objects were reporting '-1' as the size so 4GB or something.

Sadly only option was to delete said object, save, start gain and re-embed it. I just hate Word...but it is probably the least-sucking word processor :(

0
0
Paul Crawford
Silver badge

Re: Bah!

I have seen Word fsck-up on embedded equations and occasionally on embedded images on EVERY version from 95 to a fully-patched (as of a few months ago) version of Word 2010, that is 15 years of at least one unfixed bug!

Also seen crap from OpenOffice/LibreOffice.

1
0

I am NOT a PC repair man. I will NOT get your iPad working

Paul Crawford
Silver badge
Joke

Re: Jam...

Try some Marmite - the Devil's very own lubricant.

3
0
Paul Crawford
Silver badge
Windows

Re: An even better solution

From my recent cases of helping family & friends with their PCs:

Setting up Linux on a PC to stop the infestations (little ones have not worked out how to shag Linux yet), payment in kind was a bottle of wine.

Reinstalling Vista (against my better judgement, but they really wanted that), after getting them to spring for 4GB memory instead of 1GB it came with, result was 12 bottles of wine.

3
0

Thanks for nothing, OpenSSL, grumbles stonewalled De Raadt

Paul Crawford
Silver badge

Re: sabroni

"How can anyone take open source seriously when major bits of software are managed by pouty children?"

Have you ever worked in a large company? The management layer can be every bit as bad, though for subtly different reasons.

In any case there are plenty of examples of closed source products that only ever got reluctantly patched once a breach had occurred, and not when they were notified of it. Should we not take commercial software seriously as a result?

5
0

Linux users at risk as ANOTHER critical GnuTLS bug found

Paul Crawford
Silver badge

Re: Buffer Overflow

It is possible, but often not done for historical or laziness reasons.

The most common problems are copying or printing a string of characters in to a destination that is too small, so it overflows into somewhere else that can then be exploited. The usual culprits in the C/C++ language are strcpy() and sprintf() (and similar) but you can often use alternatives such as strncpy() and snprintf() instead which take the destination size and enforce that limit (though with strncpy() you should also enforce nul-termination of the string as it won't do that).

If the destination buffer is allocated by the malloc() family, then in Linux you can also use the electricfence library for debugging and that puts each buffer in to a separate page and any violation results in a segmentation fault that you can then debug from the core dump. However, you would not normally use electricfence that for release code as it has a performance penalty, it is really intended for testing and debugging.

0
0
Paul Crawford
Silver badge

Re: Someone is actually using GnuTLS?

Hopefully like the heartbleed fall-out some big Linux corporate users/backers will put some money in to having it properly reviewed and re-written as needed.

Instead of dicking around with the GUI yet again...

11
0
Paul Crawford
Silver badge

Re: @Sander van der Wal

"What it also did was make the world a worse place. The three letter agencies got free and easy access, and all they had to do was look at the code, find the bugs and do nothing about them."

And how is this worse than closed source from US companies where the three letter agencies got access by one means or another, found the bugs and do nothing about them as they could be used for spying?

24
1

German server lockbox scores MEELLION dollar seed-smashing record

Paul Crawford
Silver badge

Re: And the clients?

"I mean what did they actually do ?"

Probably what most IT folk and businesses do - turn existing stuff in to a product/service that works/sells according to demand.

6
0

China puts Windows 8 on TV, screams: 'SECURITY, GET IT OUT OF HERE!'

Paul Crawford
Silver badge

Re: Look at page 113 of the 'Greenwald' file

I think you will find slide "Page 113" is on page 27 of the PDF.

1
0

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Paul Crawford
Silver badge
WTF?

Re: "who are shamelessly stealing from TrueCrypt"

You might want to look up what stealing means. It implies depriving the rightful owner of something of value.

Given that the moral owners of the TrueCrypt name are not coming forward, and that there is absolutely no sign of them commercialising this product in any way, I don't see what is being "lost" to justify a copyright infringement charge, let along "stealing".

Sure it is an infringement of the license terms, but who is actually suffering? Certainly not the end users who otherwise would have to go to something else that might be much worse in terms of privacy.

5
1

Oh, wow. US Secret Service wants a Twitter sarcasm-spotter

Paul Crawford
Silver badge

Won't that need IE9 or above?

4
0

REVEALED: GCHQ's BEYOND TOP SECRET Middle Eastern INTERNET SPY BASE

Paul Crawford
Silver badge

Re: Dissapointed

I thought "11 levels above Top Secret" was the latest Spinal Tap album...

2
0
Paul Crawford
Silver badge
Alien

Dissapointed

I would have hoped that "3 levels above Top Secret" would be flying saucers and such like, not yet another politically sensitive spying-at-scale program.

33
0

Samsung, Chipzilla in 4K monitor price cut pact

Paul Crawford
Silver badge

Re: Greg D

I find that I work at around 60cm from my monitor, so for a 24" HD monitor that is about 0.5mm per pixel. According to Wikipedia the limit of human eye resolution is about 0.21mm at that distance, so I would hardly call that "terrible" resolution.

However, I heartily agree with you that modern monitors are piss-poor and have worse capabilities than ~2002 CRT devices. So yes, 4k is welcome and long overdue, but I still would argue that most folk (OK, those of my age range) will not be working close enough with comfort to benefit so much from the "retina" style DPI.

2
1
Paul Crawford
Silver badge

Size matters...

...not ultra high DPI.

Few folk can work at distances from a monitor where the current DPI is terribly noticeable, certainly not for any length of time. Hence in my humble opinion the really useful market for 4k monitors in the 30" (or a bit more) where having in effect 4 x 15" HD monitors patched together is going to give you useful space for images, text, etc.

3
7

How Bitcoin could become a super-sized Wayback Machine

Paul Crawford
Silver badge

With a lot of broadband accounts having ~1GB/day upload limits, you are looking at just under 3 years to upload a TB of data, even assuming 24/7 connections with no down-time.

Yes, multiple sources would spread that burden around, but even so it is still a major problem. How many users, let alone businesses, can wait for months to get data back?

1
1
Paul Crawford
Silver badge

When I first heard of "bitcoin mining" and had not looked it up, I was under the impression that they were "earned" by doing something useful like this and not simple solving a pointless puzzle designed to create logarithmically increasing scarcity.

I doubt the limiting factor in practice would be the end user's storage space though, network bandwidth is going to make the practicalities of accessing TB-sized data sets distributed on home user's PCs a challange.

2
2

Is the answer to life, the universe and everything hidden in Adams' newly uncovered archive?

Paul Crawford
Silver badge

A great man

Such a shame he died young, but good to see some of his stuff is coming out from the metaphorical locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'.

An example of his mind is in the El Reg article when he died in 2001:

"What we are now focussed on at h2g2 is what happens when people start to share information while they are on the move. Soon we will start to see devices arriving that combine palmtop computers with cellphones with Internet devices with GPS systems. That - in a phrase we hear over and over again when people talk about the Internet - will change everything. You'll be able to read and write to the Guide wherever you are: at the station, in the plane, on a park bench, in your car (pulled over to the side of the road with the handbrake on, of course) in a café. And when you write in something as simple as 'The coffee here is lousy!' the Guide will know exactly what to do with that information and where to put it. And if you see, a few seconds later, a note which says 'Yes, but the cheesecake is good' it might be worth looking round the other tables to see who you've just made contact with."

See, basically he invented the iPhone and Facebook!

Just a shame there were not actually invented by him and he had lived, I bet they would have been a whole lot less shitty to the end user's respect.

35
0

SPB's mountaintop HQ menaced by WOLVES

Paul Crawford
Silver badge

Mr. President, we must not allow a lupine directed energy weapon gap!

5
0

For your next privacy panic, look no further than vending machines

Paul Crawford
Silver badge

Re: Where will it all end?

When folk take to putting tape over the cameras?

8
0

Cyber crims smash through Windows into the great beyond

Paul Crawford
Silver badge

Re: king of foo

"But surely MS do something fundamentally wrong when it comes to security?"

It is more complex than that.

Modern versions of Windows can be locked down pretty good, but that requires a high level of skill and an attitude of not making life easy if it makes it vulnerable. Home users do not normally fall in to that category, and some (usually small) businesses are run by folk with little more IT knowledge.

What MS also has to battle is a legacy of folk just downloading and running stuff, often while logged in as admin, and just clicking "yes" to every annoying pop-up that asks them if shaftmesideways.exe should be allowed to do XYZ.

In that respect the typical *NIX system user is not expected to do that, and won't normally be logged in as root. Add to that the typical package manager approach to getting most software and it is a different mind-set, more like the Apple walled garden app store.

7
0

Police at the door? Hit the PANIC button to erase your RAM

Paul Crawford
Silver badge

Re: Paul Crawford Whitter

Do SSD's have a bulk erase option? That would side-step the issue as you could arrange for the data to be erased on panic, and not just the key, thus no encrypted data left to be prosecuted over.

0
0
Paul Crawford
Silver badge

Re: Yes, but...

Yes, I can see how much fun your computer will be once your cat finds the laser spot...

4
0
Paul Crawford
Silver badge

Re: Whitter

"Tough luck if you have deleted the keys, you still go to jail."

Er, no. The requirement is to hand over any keys in your possession. If you don't know the key because you never memorised it nor backed it up, I'm pretty sure any attempt to jail you for lack of knowledge would fall foul of the human rights act.

Whether they could get you for destroying evidence is another matter, I suspect that would very much depend on showing you activated the destruction because you knew it was the police calling.

6
3

Tesla's TOP SECRET gigafactories: Lithium to power world's vehicles? Let's do the sums

Paul Crawford
Silver badge

Interesting. What about Gallium, etc, for LED lights?

0
0

Skype to become 'Star Trek' style real-time translator, says Redmond

Paul Crawford
Silver badge

Seems like a very good reason not to use skype really. How many personal conversations would you really want written down?

1
1

'I was trained as a spy' says Snowden

Paul Crawford
Silver badge

Re: More Julian Clary I think

So he likes a warm hand on his entrance?

Ahem, to the stage...

6
1

Google clamps down on rogue Chrome plugins and extensions

Paul Crawford
Silver badge

Re: The problem with that

AdBlock allows non-intrusive adverts but stops the worst of them, which seems a reasonable deal as those advertisers who play nicely get shown. Also you can white-list sites you like to permit adverts, which is also a fair approach.

7
0

Poll: Climate change now more divisive than abortion, gun control

Paul Crawford
Silver badge

Re: Ergo sum

As opposed to rightists who are too busy following orders?

17
7

Tech that we want (but they never seem to give us)

Paul Crawford
Silver badge

Re: There is one

The problem with the likes of the Chromebook pixel and the Macbook retina is they are expensive largely due to the high resolution. For example, my el-chepo Acer chromebook is 1366 x 768 on an 11.6" screen - that is enough resolution for any viewing distance I can actually use, but the overall screen is just too small!

The option for, say, 1366 x 1024 on a 15.4" screen (4:3 aspect ratio) would give me 33% more vertical space and should not cost much. Scaling to a 17" 4x3 monitor would be even better!

1
0

PC makers! You, between Microsoft and the tablet market! Get DOWN!

Paul Crawford
Silver badge

"heaps of suits are doing network diagrams in Visio"

No, probably spreadsheets. But same applies, having a 3x2 screen is much less sucky than 16:9

3
0

Microsoft walks into a bar. China screams: 'Eww is that Windows 8? GET OUT OF HERE'

Paul Crawford
Silver badge

Re: 50% market penetration, but only 5% ever paid for.

No, just 0.1% phony...

Which bits were different to the official version might worry you, of course...

4
0
Paul Crawford
Silver badge

Re: @AC

"Until they realised that no one wants to pirate Windows 8...."

Fixed it for you.

54
3