* Posts by Paul Crawford

2869 posts • joined 15 Mar 2007

Crysis creeps: Our ransomware locks network drives and PCs. Bargain

Paul Crawford
Silver badge

"crypto virus automate the stupidity process"

Very much so. While I do feel for those suffering data loss, it could just as easily be a careless file deletion, and accidental format of a partition, a hardware fault, or the theft/loss of a laptop.

If you don't have a usable and protected backup, you don't really have your data. It is simply a matter of time...

0
1
Paul Crawford
Silver badge

Re: @Ledswinger

You are right to a point about fuckwit users, but the MS move of hiding the file extension was a good trick for fooling partially sensible users by sending nicephoto.jpg.exe so they see in the file manager a JPEG photo, and the exe bit is lost.

Now you can harden both Linux and Windows against the click-and-run thing, for example by making all user-writeable areas non-execute (you do put /home in a separate partition, don't you?). But as you say, a user willing to provide name & password to a suspect link is just a big problem.

2FA is a big step forward, and Fartbook do support that, but when I had an account with them I was absolutely not going to give the data-slurping bastards by phone number as well. My bank uses 2FA for some things, or a card reader in other cases, so for major stuff it exists now. But having a universal fob that you can use when signing up for ANY service would be nice, so you don't end up with a whole pile of crap to take with you anywhere you want to be secure and don't trust your phone (it is both internet connected, and probably unpatched, where as a random number fob has only I guess a public/private key pair that one half of needs securing and it need not be on the Internet).

1
1
Paul Crawford
Silver badge
Trollface

"using double file extensions or as seemingly innocent installers"

Oh dear, I had thought those glory days were gone. Still, nice to see the old "make it easy for users" changes for Windows are still working their magic.

Now how long until some Linux GUI Muppet decides they need the same...

2
3

Did you know there's a mega cybercrime backlog in Ireland? Now you do

Paul Crawford
Silver badge

@chaotic mess of various UK police forces IT

Lets not single out the police now, after all the same sort of problem appears to impact on most UK gov IT systems. And quite a few private companies as well.

0
0

FFS, Twitter. It's not that hard

Paul Crawford
Silver badge

Re: $4 per quarter ad revenue

Really? Companies think they can get $4/quarter of additional profit per narcissist user by punting ads on Twitter?

Am I lacking in marketing and business nous, or is that a seriously deluded return rate?

0
0

Now Google backs everyone's favorite trade pact: The TPP

Paul Crawford
Silver badge

Re: USA-ians selling items abroad?

68-pin ones were easy to get for SCSI. I needed the 80-pin version (not used for SCSI but for a custom board). Think it was DigiKey I got them from.

5
0
Paul Crawford
Silver badge

Re: USA-ians selling items abroad?

Some years ago I needed some 80-pin versions of the old SCSI mini parallel connector, only sold in the USA as far as I could find. So had to fill out various forms, etc, to get clearance to have them exported to me as clearly such connectors are in big demand by terrorists, government spies and pinko-commie-subversives worldwide.

On arrival I saw they were made in Mexico.

But look at the up-side where ITAR has done wonders for the European space industry.

13
0
Paul Crawford
Silver badge

Should be caned on principle

The way it has been "negotiated" is an affront to democracy EVERYWHERE and for that reason alone it should be slapped down.

What if it has benefits? Does not matter. Our political leaders and their Machiavellian ministers who negotiated and/or supported this need to be told in no uncertain terms that secrecy is not acceptable. After every round of negotiation the whole document should have been published as "draft" for the world to see so the next round has a democratic input. Nothing is perfect, but as it stands my MP (good or useless) can't go and look at it and bring a copy of bits back to me for discussion. It stinks of corruption.

45
0

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Paul Crawford
Silver badge

Re: Password

Mine used to be dadada but now it is ich lieb dich nicht

1
0

Sysadmin 'fesses up to wrecking his former employer's IT systems

Paul Crawford
Silver badge

Er, have you seen his pic?

Have you seen Bubba's pic?

13
0

PC market sinking even faster than first thought, thanks to Windows 10

Paul Crawford
Silver badge

Re: I wouldn't blame Windows 10

While there are a lot of shitty things about Win10 (pushed "upgrade", data slurping) it is not the resource hog Vista was at the time. I guess MS' recent focus on mobile and cloud has made them realise OS bloat is bad.

One wonders how long they will keep things that way though?

1
0

US military tests massive GPS jamming weapon over California

Paul Crawford
Silver badge
Devil

Re: The Embraer Phenom 300

666 pages. A coincidence?

0
0
Paul Crawford
Silver badge

Re: Selective Availability

Not necessarily. A jammer can be deployed for a smaller area of interest, and for denial times determined by the local ground force for a specific operation (instead of going all the way through the GPS command system, getting approval along the way).

I suspect though it is all-systems jamming as you say, and they want to check their own kit is still usable.

0
0
Paul Crawford
Silver badge

That was my first thought, as I'm pretty sure you can't get a plane certified for commercial flight that relies upon GPS at all times. Do they have particularly poor EMC performance in other areas?

1
0

Surveillance forestalls more 'draconian' police powers – William Hague

Paul Crawford
Silver badge

Re: Missing the point

Then how long until said key is passed to well-funded criminal gangs from at least one country?

12
0

You've got a patch, you've got a patch ... almost every Android device has a patch

Paul Crawford
Silver badge

Re: Where are those monthly updates?

Sadly we need the law to step in and make suppliers liable for bugs not patched in a timely manner for, say, 5 years after the data of sale.

Can't patch the software after 2 years due to your chain of code monkeys? OK, then give the customer a new device free of charge. No doubt it would focus their minds on quality in a manner not seen so far.

12
0

Norway might insist on zero-emission vehicles by 2025

Paul Crawford
Silver badge

Re: What about oil production?

I was talking of the plans for an independent Scotland where oil revenue was assumed. And at much higher oil prices than today.

0
0
Paul Crawford
Silver badge

Re: What about oil production?

Same point about the Scottish government as well, all talk of no nuclear and renewable energy, and the budget largely funded by selling oil/gas to others to polute instead.

A bit like closing heavy industry in the EU for pollution reasons (and energy cost) and then buying form China where they use a lot of heavy polluting coal plants and have lax environmental standards. But hey, our voters can feel good!

9
2
Paul Crawford
Silver badge

More to the point, what is the "Lystresepten" article about?

9
0

Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash

Paul Crawford
Silver badge

Re: Simple answer: Don't use Windows.

An upvote for your obvious point they are changing the deal.

But, no you don't have any right to complain as its all covered by the EULA you agreed to by using Windows. You know, all those nasty little details you either did not read or though no company in its right mind would exploit...

1
1

GNU cryptocurrency aims at 'the mainstream economy not the black market'

Paul Crawford
Silver badge

Re: Mining?

"I can't see a lot of advantages over a prepaid debit card"

If it breaks the USA strangle hold on on-line commerce by Visa/MasterCard/PayPal, what is there not to like?

9
0

Latin-quoting Linus Torvalds plays God by not abusing mortals

Paul Crawford
Silver badge

Re: Quia ego sic dico

Oh, and don't let me detain you.

4
0

Farewell, Fadell: Nest CEO Tony quits IoT biz

Paul Crawford
Silver badge

Ah yes, the fact the CEO is a complete knob-head is a business fact that must be kept secret at all times, more so than the next quarter's financials...

3
0

'Whites are taking over': Race storm hits heart of Africa's internet body

Paul Crawford
Silver badge

Disclaimer: I am white (well not really, as I'm not a vampire, but close enough).

I dare say a lot of coloured people still get the shitty end of the stick, but that is not a justification for playing the race card. Remember the most successful people in the history of coloured emancipation have all made it clear that equality and a lack of prejudice is the right and proper thing. Think of Mahatma Gandhi, Martin Luther King, Nelson Mandela, etc. Long may their light shine above man's petty squabbles.

10
1

UCLA shooter: I killed my prof over code theft

Paul Crawford
Silver badge

Re: @Shadow Systems

Oh FFS, please provide the murder statistics of the various alternatives to guns you suggest. Sure probably EVERYTHING has at some point in time been used as a weapon, but just look at the annual death statistics due to guns in the USA both intended (as here) and accidental.

Now do the same for any other country with any semblance of working government.

Edited: Here is a list:

https://en.wikipedia.org/wiki/List_of_countries_by_firearm-related_death_rate

OK the USA is not the worst, but please, compared to the rest of the "west" (Canada and EU region) and the "east" (Japan, South Korea, etc) we are looking at a x10 or more ratio.

1
0
Paul Crawford
Silver badge

Of course easy access to guns in no way made this tragedy more likely :(

56
19

'Irongate' attack looks like Stuxnet, quacks like Stuxnet ...

Paul Crawford
Silver badge

"Irongate is also capable of evading VMware and Cuckoo sandboxes"

So maybe all windows software should be run in a VM?

OK specialised PCI cards, etc, are an exception, but if we are only talking supervision via USB/RS232 and the time-critical stuff is handled directly on the PLC, what is there not to like?

2
0

On her microphone's secret service: How spies, anyone can grab crypto keys from the air

Paul Crawford
Silver badge
Headmaster

Indeed it is dB, as in 1/10 of a Bel (after Alexander Graham Bell)

If you prefer your logarithms more natural, try the Neper for size.

1
0

Why Oracle will win its Java copyright case – and why you'll be glad when it does

Paul Crawford
Silver badge

Re: @DavCrav

In my mind an API would be the sort of thing declared in a header, say:

FILE *fopen(const char *path, const char *mode);

You have to more or less copy that word-for-word or your end application won't build. However, the code behind this that actually implements the fopen() behaviour ought to be the point of any copyright dispute. Did I write the code to do exactly the same logic (which may look like a copy if simple, but probably not if complex), or did I lift the glibc or MSDN examples and call it my own. In the former case I should be free to offer my version and not be legally slapped down for the copied name (i.e. "fair use") but if I just copied another's code then fair cop if I get fined for it.

6
0
Paul Crawford
Silver badge

Multiple points

This article is no better then some other anti-Oracle as it confuses, deliberately or otherwise, multiple facets of the case:

1) Are API's under copyright?

2) Is reimplementing an API "fair use" of copyright?

3) Did Google reimplement the API or simply copy Sun Microsystems Oracle's code?

The first 2 are much the same to the lay-person. In the previous trial the judge had some computer knowledge and ruled, quite reasonably, that blocking API re-use is against the whole of software inter-compatibility and so not the intended outcome. The currently finished trial said no, APIs are under copyright by the legal definition of this, so the trial was on point 2, and it ruled re-implementation is "fair use".

The last point has not adequately been investigated as Oracle went after the API question, and in many cases something like an in-line function has only one sane way to do it so a clean-room implementation will look very much like a copy.

Having said all this, AO's article has a fair point that GPL and free software needs strong IP laws, but they certainly don't need API protection as that would stop interoperability and shore up the entranced position of propitiatory suppliers against ANY competition.

9
2

King Tut's iron dagger of extraterrestrial origin

Paul Crawford
Silver badge

Re: So, just common iron then?

Baldrick, have you no idea what "irony" is?

Yes, it's like "goldy" and "bronzy" only it's made out of iron.

4
0

Flash. Bang. Wallet: Marcher crooks target UK Android users

Paul Crawford
Silver badge

Re: If you are using your phone for 2FA

Indeed, the "2" in 2FA is the assumption that both channels are not compromised by the same folk.

Using your phone for both blows that out of the water, but you know for some its is the only "computer" they have so it is used, and sadly probably has less patching available than most XP boxes...

0
0

Unprecedented number of customers swimming off to cloud, says Barracuda

Paul Crawford
Silver badge

Attractive?

It all sounds nice, no IT demands, everything looked after for you. Just get on with your business and no need to worry.

Until, of course, it changes. New software not working as you want? Tough shit. Data not available? Might come back, otherwise tough shit as the SLA has no mention of compensation for *your* loss due to our fsck-up. Service down today and you have a deadline for tomorrow? Tough shit, get in line with 2 million other users who are kicking up a fuss and maybe we will get back to you.

Sure your own IT dept might do the same, but at least they are in reach of the cattle prod...

5
1

Lenovo cries 'dump our support app' after 'critical' hole found

Paul Crawford
Silver badge

Re: Always start from scratch!

Most of what you say is perfectly sensible.

However, the "they need a 5 minute tour around the new OS and away they go" is really misleading. You could say exactly the same for switching to Linux if you have no special software, and it is also true.

What gets peoples goat on this site in relation to Microsoft is (A) the malware-like foisting of windows 10 on end users, and (B) the fact this often breaks established software or work-flows, meaning time and sometimes money wasted spent of getting specialised stuff working again, or XYZ's computer-illiterate relative able to send and email once more as they can't grasp where the button/menu/icon has been moved to.

1
0
Paul Crawford
Silver badge

Re: "no manufacturer has ever tried to store programs in either BIOS"

Think again:

http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

Of course there is the WTF? question over Windows supporting this sort of 'feature' in the first place.

5
0

Your WordPress and Drupal installs are probably obsolete

Paul Crawford
Silver badge

Do these programs have the "shifting shit" problem? You know when you have to upgrade to fix bugs and vulnerabilities, but the muppets in charge of design have broken so many plugins and APIs with little regard to reverse-compatibility that many folk simply give up and leave it and try to ignore the risk.

5
1

That sinking feeling: Itanic spat's back as HPE Oracle trial resumes

Paul Crawford
Silver badge
Trollface

I had forgotten that anyone still made Itanium based machines, and to think HP/Compaq dumped Alpha for this. Still I am sure Larry's pay-off will help HP's executive bonuses next year.

9
0

'Windows 10 nagware: You can't click X. Make a date OR ELSE'

Paul Crawford
Silver badge

Vista?

Eh, I though win10 was only being foisted on an already suffering world users of Win7/8/8.1?

9
0

Jaxa's litany of errors spun Hitomi to pieces

Paul Crawford
Silver badge

Re: This is why Japan prefers to fire refurbished WWII dreadnoughts into orbit

I think you will find those failings apply to far, far more than Japan.

However, it seems to permeate to safety-critical stuff in Japan, I wonder if this is a by-product of the social norms where questioning your elders is frowned upon? The Venn diagram for age, experience and wisdom is not one of concentric circles...

13
0

Compatibility before purity: Microsoft tweaks .NET Core again

Paul Crawford
Silver badge

If you already have projects or code-reuse written in .Net or C# perhaps?

4
0

65 million millennial blog bores' Tumblr logins ... for! sale! on! darknet!

Paul Crawford
Silver badge

Re: Post-it perils

You don't have to write it down exactly as used.

For example you could append some common and easy-to-remember simple password to each "unique" one on the post-it note. Most opportunists criminals are unlikely to do the hard work of trying combinations for one account, more so if the dumb fuckwits that run some of these sites have proper rate-limiting on login attempts...

2
0

Microsoft's Universal Windows Platform? It's an uphill battle, warns key partner

Paul Crawford
Silver badge

Re: Microsoft needs to realise...

So everyone is in starring in The Rocky Horror Picture Show, or nobody?

Which is worse?

0
0

ISS pump-up space podule fully engorged

Paul Crawford
Silver badge

Re: How space-junk-proof is it?

At orbital impact speeds EVERYTHING is flexible and basically liquid like! The usual approach for satellites is two thin sheets, first one gets holed but the impact vaporises the (very small) projectile so it is stopped but makes a modest dent in the 2nd sheet due to the gas pressure. Big stuff and its game over though...

3
0

Easy remote exploit drops for unpatchable power plant controller

Paul Crawford
Silver badge

Code space?

"Admins are advised to block port 80, stop using the web interface for device management"

Sigh, so they have enough space to fit a shitty web server in for the interface, but not enough to do it correctly, and so it is no longer supportable?

They can't even deliver a web-serverless version to path this?

4
0

NASA: We'll try again in the morning after friction ruins engorgement

Paul Crawford
Silver badge

Re: Oh dear, Mr Floppy?

Do you want to read my naughty inflation-procedure parchments again?

0
0

SWIFT finally pushes two-factor auth in banks – it only took several multimillion-dollar thefts

Paul Crawford
Silver badge

Re: How to make it state of the art?

Yes, people often are the weakest link in security but that is the very reason you need systems designed to make stupid less of a risk. That of course has a cost in training and monitoring of behaviour, but a proper audit will show if those sort of risks are being managed well enough.

2FA is a good example as it helps avoid the need for the human to understand if the https link is in use and if the certificate is the correct one.

3
0
Paul Crawford
Silver badge

And these would be the same banks that want to push liability for fraud on to the customers?

Can we please have a full public audit of how this happened first? You know, to check if any banks are running systems that are anything other than state-of-the-art in terms of security, say no IE version below 11, no comms protocols with known vulnerabilities, all machines' user-writeable areas set to no-execute, etc, etc.

11
1

Pas de problème ... Quebec just passed a website blocking law

Paul Crawford
Silver badge

Ban them all

See how the gov reacts if the ISPs just decided to add the state monopoly to the list "to protect the young".

And add the political web sites of those who voted for it as well. There is no legal right to have an ISP provide access to any web site is there?

30
0

German boffins smash records with 37km wireless spurt at 6Gbps

Paul Crawford
Silver badge

El reg units?

What is that rare expressed in kilowrists?

0
0

Forums