Feeds

* Posts by Paul Crawford

1551 posts • joined 15 Mar 2007

Today's bugs have BRANDS? Be still my bleeding heart [logo]

Paul Crawford
Silver badge

Re: GOTO be GONE?

There are occasions where a goto might be the most elegant option (e.g. breaking out of multiple nested loops) but the problem I see is when you look at a goto target, just how did I get there?

0
0
Paul Crawford
Silver badge

I think gcc supports a variant on the idea, but then you get in to serious portability issues for a library that should be cross-platform and compilable on systems of widely varying age.

1
1
Paul Crawford
Silver badge

Re: Note to all C programmers

Yes, one of the issues is simply crappy coding style (as the author put it so well "No bug is shallow if it lives in a bug-camouflaging environment.").

That is why the likes of MISRA C/C++ guidelines were created, to get programmers doing things in ways that are robust (i.e. common/minor mistakes are easily caught or mitigated) and readable (so bugs have less opportunity to be hidden).

You can argue C++ has more elegant ways of doing safety/clean-up things, you can also argue that it has lots of interesting ways of adding bloat or doing things inefficiently. But if you know and understand those arguments, you can probably write safe code in either C or C++ anyway.

6
0

New secure OS will put Tails between NSA's legs

Paul Crawford
Silver badge

Depends - it won't stop them if you are a high-value target worthy of directing a lot of resources, hell they will just bug your machine(s) at $100k+ sort of cost in that case.

What is does do is make data hoovering that bit more difficult and expensive. If enough people used it then they would only be able to investigate high-value targets, sort of like the good old days when human resources (i.e. a spy) had to do the work, or that quaint idea of having proper judicial oversight.

17
1

Facebook UNVEILS VEIL for 'anonymous' logins

Paul Crawford
Silver badge

Re: Useful for photo sharing.

Have an upvote for mentioning the FB Purity add-on !

2
0
Paul Crawford
Silver badge

Useful for photo sharing.

Increasingly I don't bother with facebook as the signal to noise has decreased. Maybe my "friends" are more boring now, or simply numerous, also adverts increased and lots of pointless article referrals.

But as an ID service? You must be joking?

3
0

DreamWorks CEO: Movie downloaders should pay by screen size

Paul Crawford
Silver badge

Allofmp3

Remember the "rouge" MP3 site that sold tunes by the data volume, in the format of your choosing, and DRM-free? Much easier to mange as no device type info needed, just let consumers choose the image size/quality and price it accordingly.

Oh and the industry might make more money if they turned out better films and less crap remakes. Just my opinion of course...

20
0

Hey, Samsung: Why so shy about your 960GB flash drive's endurance?

Paul Crawford
Silver badge

Re: Beyond a joke.

"since an SSD has a life of say, 3000 years"

Mistake #1, you assume that erase/write is the only failure mode, and not due to, say, ion migration under voltage stress, etc. Most devices have a lot of failure modes, but often only 1 or 2 are dominant and you may find SSD have lives under read-dominated operations of 5-10 years max.

However, having it mirrored with another device, such as a cheaper HDD, gives you a sporting chance of surviving a failure without problems. (Incidentally the more recent Linux RAID software supports write-mostly for situations like that where IOPS differ a lot between the storage devices).

1
0
Paul Crawford
Silver badge

Re: die fast

Rule #3 of data sheets - NDAs exist because they suck at something or another, and don't want it more widely known or compared..

0
0
Paul Crawford
Silver badge

Rule #1 of Data Sheets

Rule #1: if it is not specified - it sucks.

Rule #2: they probably lied with the stuff that doesn't suck.

6
1

Spy back doors? That would be suicide, says Huawei

Paul Crawford
Silver badge
Joke

Yes.

Broadly - when talking bollocks about one's self.

Allegedly - when talking bollocks about others.

0
0

Brain surgery? Would sir care for a CHOC-ICE with that?

Paul Crawford
Silver badge

Re: Stalemate

***chough*** RBS Mainframe ***cough***

1
0

Lost artworks by Andy Warhol found on 80s-era FLOPPY DISKS

Paul Crawford
Silver badge

Re: @Peter Gathercole

"I tried to embark on a process of capturing the disk images, but stopped when I had difficulty finding any new blank double sided double density floppies"

Don't do that - make an image of the whole disk, for example using 'dd' or some Windows equivalent, and then you can present a copy of said image to a VM running an emulator to extract the files (assuming it is a weird file system format). For example:

dd if=/dev/fd0 of=~/Documents/image-1.dat conv=noerror

Even if you need to make real floppies again, you can 'dd' back from the stored and backed up images you made.

Just remember though that 'dd' is nicknamed 'destroy data' because of the tragic consequences of getting source and destination confused!

2
0
Paul Crawford
Silver badge
Coat

Re: I can't describe filesystem corruption...

So a bit like pr0n then?

Mine's the dirty mac with the profanasaurus in the pocket.

0
0
Paul Crawford
Silver badge

Re: "...small but potentially lucrative market..."

http://www.kryoflux.com/

Boards are around 100 Euro, need a good working floppy drive as well. They also sell them, but I'm guessing the 999 Euro for a 5.25" drive is an "out of stock" indicator, rather than a "we take the piss" one.

0
0
Paul Crawford
Silver badge

Re: Sharp PA-W1400 "Word Processor"

I did, but it was using non-standard connections (compared to my 3.5" PC drives).

0
0
Paul Crawford
Silver badge

Sharp PA-W1400 "Word Processor"

I had a similar problem with my father's "word processor" when it died (floppy drive no longer reading disks) and then I found out he had important stuff saved over about 20 years without any other copies (he did have two floppies for each important set, but they were both in Sharp-specific format which he though could be read elsewhere).

Reading the disks was the first challenge, because virtually none of our PCs had a floppy drive. They were in 720kB format and I made images of the floppies using one of our old Linux boxes that actually recognised a disk was present.

They were flaky formatted ones that a VM Windows 95 refused to understand, so it had to be actual DOS 6.22 VM to 'read' them, and that occasionally crashed due to cross-linked files showing up and endless loops. chkdsk sort of fixed that, so files could be found.

But they were mostly in Sharp PA-W1400 ".doc" format as my father had never seen the need to export in ASCII, and Sharp could not tell me what that format was, so I had to look in there with a hex editor and could see mostly recognisable stuff, so ended up writing a small program to parse them and convert what I could identify as special character sequences in to UTF-8 for things like "1/2" and so on.

A lesson there...

0
0

Teen girl arrested with 70-year-old man's four inch weapon inside her

Paul Crawford
Silver badge

No idea, I'm a bloke. But I imagine trying to get a spiky hair brush, can of hair spray, mirror for doing eyes, etc, up there would be a tad uncomfortable!

3
0

Dell charges £5 to switch on power-saving for new PCs (it takes 5 clicks)

Paul Crawford
Silver badge
Trollface

Re:

"Some people need their pcs to be slightly more secure than that...."

Exactly! That is why they don't install Windows...

Pot meet kettle.

14
2

IBM rides nightmarish hardware landscape on OpenPOWER Consortium raft

Paul Crawford
Silver badge

Re: arm -> low power. POWER -> ?

"What does ibm bring to the table in this that would interest anyone over x86/x64?"

Oh, maybe an established 64-bit system (compared to ARM) with a better underlying architecture (compared to x86) and willingness to license at affordable costs?

Yes, Intel has the lead in process technology, and yes the legacy software market for x86 is very important and deeply ingrained, but there is a lot of new stuff that has no such constraint.

8
2

Kill dodgy RNG says NIST

Paul Crawford
Silver badge

Re: RNG at Camelot

"One would have thought it's something that could be built in to a modern CPU."

Intel have that, but as it is a secret black box, who would trust it?

http://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/

2
0

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

Paul Crawford
Silver badge

Re: ACLs & OS willy-waving

Oh I would not worry about a lack of a willy, as in decades of engineering work I have never needed to use mine in a professional capacity. Also I think you will find that waving lady-bits around will trump any willy-based competition!

Sorry for omitting ReFS, just I have not seen that actually used yet. And it is also Windows-only!

2
0
Paul Crawford
Silver badge
Trollface

Re: ACLs & OS willy-waving

I thought I might as well come out from under my bridge to weigh in on this:

In the beginning there was no Windows security at all, and BillyG said Lo! Make it so we don't suck! Thus Dave Cutler was employed to design a worthy OS and, being who he is, it had to be non-UNIX in every aspect, presumably due to some nasty experience at the hands of some UNIX admins at a student party or similar.

Thus he created NT, and we saw it was good and multi-platform. Anything and everything had an ACL for security and computer scientists around the world marvelled at how complex one could create a machines permissions. Alas, it did not last because those in MS' demonic marketing department decided that it had to be compatible with some legacy stuff based upon the old singer-user non-networked model of security, and speed was poor and thus the video subsystem, and other stuff, was thrust into the ring 0 code that once was pure kernel. Then it became x86 only, until very recently when the bastard child WinRT was created.

And darkness descended upon the windows ecosystem as software was allowed free reign by default to do things it should not, and the tenderest parts of the user's nether regions became the favourite lunch of malware writers the world over.

Meanwhile the old UNIX/Linux model chugged along on the bases of multi-user systems with a crude, but effective, set of permissions that were enforced by default leading to far less trouble.

And so children, the lesson here is analogous to the tortoise and the hare: Windows should have been the pinnacle of security, but was let down by pesky users not knowing or caring how to use ACLs, and by time it became a problem so much legacy software was doing it all wrong. Given you need to use a tool to simply find out what ACLs are in use, it is hardly surprising.

Linux is indeed less sophisticated by default, but as its basic segregation of admin & user has always been enforced, software for it always played well that way, thus basic security has always "just worked".

For ACLs on Linux you can copy this way:

getfacl file1 | setfacl --set-file=- file2

And yes, ACLs on Linux are not completely consistent across different file systems, but how consistent is Windows ACLs across file systems? Oh yes, it is only NTFS...

3
1

Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...

Paul Crawford
Silver badge
Trollface

Re: Btw, @Vic

Nothing like a good cross-forum argument!

Arguing security on ACLs versus permission bit-masks is so last decade...

0
0

Next Windows obsolescence panic is 450 days from … NOW!

Paul Crawford
Silver badge

Re: @LDS

As yes, those "unskilled and lazy developers" who wrote stuff like Outlook express (which saved emails at one time to random/cryptically names hidden folders under Program Files) and Office (that, unless patched, failed when XP SP3 finally turned on the firewall by default)?

With MS playing fast-and-loose with software development for such a long time, often to get round the speed or effort penalty of doing it right, can you really blame other developers of that era for doing the same?

2
2

Win gorgeous strap-on, enter whole new world with Reg compo

Paul Crawford
Silver badge

Maybe the VR show is all about the other sort of strap-on? Explains the general look of enfeeblement....

0
0

BOFH: Oh DO tell us what you think. *CLICK*

Paul Crawford
Silver badge

Re: This is not good

Bloodshed?

For whom? The boss who is not getting in the BOFH's way, or the beancounter who turns down the boss' most excellent suggestion for new kit desperately needed for his support team?

You know, those 4k monitors and extra storage arrays for "speciality" content?

1
0

Snowden-inspired crypto-email service Lavaboom launches

Paul Crawford
Silver badge

I'm less concerned by lawful access, based on a court order from any competent government, than unwarranted hoovering of all data "just in case".

6
0

Over half of software developers think they'll be millionaires – study

Paul Crawford
Silver badge
Pint

Re: @JeeBee

Have an upvote for using "salubrious", oh and a beer.

0
0

Heartbleed exploit, inoculation, both released

Paul Crawford
Silver badge

Re: @Jamie Jones

Thanks for the feedback, I stand corrected.

"If you follow the spaghetti trail that is the source code"

I think you have identified a significant problem just there.

"I.e. it's read-overflow (or 'buffer overflow' by reading rather than writing) - nothing to do with the memory allocation!"

If they are really using a stack-based source then electric fence would not have caught it, but I would have hoped some of the code profiling tools would have thrown up a warning about the copy size being potentially bigger than the buffer.

1
0
Paul Crawford
Silver badge

Re: @Michael Wojcik

I'm not sure, but usually if you overrun a buffer then standard tools like the "electric fence" library or the valgrind tool fill find the problem.

Of course, if you write obscure code and use a not-very-well-thought-through alternative version of malloc() then things might not go so well...

0
0
Paul Crawford
Silver badge

Re: leaving vulnerable information in memory in the first place?

"You using calloc doesn't solve a damn thing."

Except in this bug it would have, as the padding beyond the heartbeat request that was returned when the request length was longer would always be zero'd. Thus no leaks.

Where you are correct is that it won't stop other heap-walking mischief where something else gets hold of a freed block with sensitive data. Though others using calloc() by default would minimise that risk as well.

What would be nice would be a built-in cfree() equivalent that would clean up by already knowing the allocated buffer size to zero it, so that you could use "#define free(x) cfree(x)" (or some compile flag) to apply generically without having to re-write code to pass the size as well.

0
0
Paul Crawford
Silver badge

Re: leaving vulnerable information in memory in the first place?

ALL computers leave essential information in memory - they need to in order to work!

The issue here, as is so often the case, is poor use of malloc()/free() and the opportunity for such memory to be re-used without sanitisation.

I'm not an expert, but I use calloc() in all but uber-time-critical steps partly to stop this sort of thing, and partly so when I do make a boo-boo at least I get consistent borking as it always starts with zero'd memory before I go on to abuse it.

The patch is about keeping the keys in memory that is not easily re-used, which is good, but as already reported the OpenSSL project really needs some proper support and a bit more code review. Hey NSA/GCHQ could you do something useful for us for a change?

5
1

Audio fans, prepare yourself for the Second Coming ... of Blu-ray

Paul Crawford
Silver badge

Re: @Lost all faith...

Thanks for that champaign comparison!

Though I now feel a bit dirty having visited the Daily Mail site.

6
0
Paul Crawford
Silver badge

Re: AntiCopy AACS

That was my first thought, as how many Blue Ray players have DAC and analogue electronics that is even a match for studio quality 16-bit/CD style hardware, let alone enough to show differences (if any) in the standards?

Oh yes, these disks will sound *different* but that is down to "re-mixing" for effect, not because you get a fundamentally better product.

As others have pointed out FLAC is already better than CD (higher quality possible with less storage) and no DRM - what is there not to like?

3
1

Want a free Bosch steam iron? You'll have to TALK TO THE DEAD

Paul Crawford
Silver badge

Re: Working at that company...

Ah, so that is the BOFH's strategy!

4
0

US taxman blows Win XP deadline, must now spend millions on custom support

Paul Crawford
Silver badge

Re: @LDS

In most cases the XP machines that can't be economically replaced are so because of one or two specific jobs, and very rarely will that need much, if any, internet access. So a firewall that simply white-lists the things it needs (e.g. NTP and specific IP addresses it needs) will stop most things.

If you can't access web/email on a given machine then it won't get drive-by attacks and also no casual use. If it can't talk to most of the internal machines then such attacks won't spread.

And of course you have disable auto-run on all devices, if not mass storage completely, to stop USB attack vectors on every machine?

6
0

Tamil Nadu's XP migration plan: Go Linux like a BOSS

Paul Crawford
Silver badge

Re: TheVogon

Citations? Or you are simply talking bollocks. Again.

http://www.pcworld.com/article/2082460/moving-a-city-to-linux-needs-political-backing-says-munich-project-leader.html

"Munich city authority migrated around 14,800 of the 15,000 or so PCs"

"that migrating to LiMux instead of modernizing its existing Microsoft software would save it over €11 million"

25
2

Nokia: ALL our Windows Phone 8 Lumias will get a cool 8.1 boost

Paul Crawford
Silver badge

I doubt it has anything to do with the OS, as most consumers hardly know what an OS is. More likely good deals on contract phones and/or well demoed units show the good points.

Its nice to see MS struggle to dominate a market, but also it is good to have more than a two-horse race.

2
0

Microsoft in 1-year Windows XP survival deal with UK govt

Paul Crawford
Silver badge
Trollface

dosemu

A lot of DOS software will run happily on dosemu on Linux, including MS' C 6.0 compiler.

Certainly more than will run on 64-bit Windows...

1
0

Driver drama delays deep desert XP upgrade

Paul Crawford
Silver badge

Re: Hand back the geek ID card, return the butter knife and leave

When faced with a sick Windows box, my steps are:

1) Open it and hoover out dust & crap, then check for Bulging Capacitors Of Death on the motherboard.

2) Boot a Linux CD/USB (old PCs often wont boot from USB happily so CD/DVD needed) and run the memory tester.

3) Check the HDD SMART status to see if its dying.

4) Boot a BitDefender or Kaspersky "rescue CD" and check for root kits and lesser malware.

If all of the above pass, then you know its 'just' a simple problem. But for most PCs not looked after by a competent Windows admin, you know its going to have so much crap installed and partly uninstalled that saving the data and nuking from orbit is the best solution.

That is, assuming they have the original Windows disk / rescue disk they were told to make when the PC was new...

1
0

How Microsoft can keep Win XP alive – and WHY: A real-world example

Paul Crawford
Silver badge

Re: Not quite true...

Or use a VM of XP on any OS of choice, more flexible.

But neither deals with XP in interface applications where it has to deal with custom hardware cards.

5
0
Paul Crawford
Silver badge

Re: @LDS

The "backward compatiblity of Linux" problem is when you change kernel version and some muppet decided, yet again, to change APIs on the basis that they assume all can just re-compile.

What I said was you can patch a working system for security holes in virtually every case without changing versions. I did not say it was easy, but possible. With MS you have no such ability at all, and given the typical extended support costs they are asking for you could hire a decent programmer just for that job alone.

7
1
Paul Crawford
Silver badge

Re: Paul Crawford

The MC6800 series is a CPU, not a computer platform, i.e. not a standardised board with "computer" (CPU, RAM, boot loader, etc) and expansion slots for extra interfaces & custom cards.

Most equipment designers want to concentrate on the "added value" they provide, which is the custom part, and not to have to develop the computer/boot loader/networking/etc.

That was why the original IBM-AT was so attractive - you got a functioning stand-along computer, along with plenty of development tools, and documented hardware that made it easy to build a special ISA card for whatever custom job you needed done.

The transition to Windows made that harder but safer (Linux is marginally easier as you can see most device driver's code to copy & adapt, but neither as simple nor dangerous as DOS' direct-to-hardware approach), and PCI is far more complex to implement (even with a cots chip or IP core), but the same basics apply: a PC is still a cheap, easy and longest lasting platform to develop for compared to any other I can think of.

6
0
Paul Crawford
Silver badge

Re:@Decade

You are right that Windows was a bad choice of platform for so many reasons, but usually the decision is based on what is cheap & practical now, with the presumption that product development and support will continue so upgrades to newer hardware/OS are thus managed.

In practice companies fail, get bought over, or otherwise decide to orphan products so support stops but lots of users have business-critical stuff that is no longer upgradable when the OS, like Windows, drops aspects of backwards-compatibility (often for other good reasons, like security).

Sadly short of an open source system, you are stuck making the best of what you have, not what you wanted.

More recent MS OS with product activation checks are even worse and should never be used. But they will, because some green programmer only knows that way and all problems look like nails...

But retuning to one of your gripes, that of PC hardware, what other computer platform has been more-or-less supported for 20 years? It is far from ideal, but a longer supported choice is hard to find.

6
0
Paul Crawford
Silver badge

Re: Keeping Windows XP alive is not good for anyone

Here are some ISA motherboards:

http://www.bressner.co.uk/isa-motherboards

If you need more then various 19" rack mount PCs support ISA / PCI mixes.

We still have ISA cards with DOS control software, but now running in dosemu on Linux (which allows selective control of direct hardware access).

3
0
Paul Crawford
Silver badge

Re: So does OSX and Linux...

Not as such, but with Linux you have the code and the patches and if it matters enough find someone who can patch things and also there is an incentive to share that.

In most cases it is stuff that MS has dropped that makes upgrading a pain, along with DRM-like stuff that rejects old drivers that are not signed, etc.

But really for most XP-dependants the road now is likely to be one of auditing what they do, why, and how to isolate them from t'Internet and then moving all web/email/exposed stuff to newer, more secure, machines.

3
2

Hotmail-gate: Windows 8 code leaker pleads guilty to theft of trade secrets

Paul Crawford
Silver badge

Re: 10 years and $250K is way too little

I quite agree, he should be dancing the Tyburn jig for such appalling crime against humanity - that of promoting Windows 8 to the press!!![1]

[1] A single exclamation mark is hardly enough to convey my indignity, but 4 is just getting stupid.

9
2

OkCupid falls out of love with 'anti-gay' Firefox, tells people to see other browsers

Paul Crawford
Silver badge

OK Cupids untained ethics?

Ah yes, the site that pulled the blog about the money-grabbing approach of match.com when, ah yes, when they were bough over for $50M:

http://www.geekosystem.com/okcupid-pulls-why-you-should-never-pay-for-online-dating-match-com/

While I fully support LGBT rights, I find this a pointless attack on an open-source project for the past personal actions of one person. No doubt by those with numerous gadgets made in China by what is barely different from slave labour...

4
0

Artists install Monty Python silly walk signs in Norwegian town

Paul Crawford
Silver badge

Re: Fitness Craze

What ever you do, do not spill your precious fluids!

Yours sincerely, General Jack D. Ripper.

8
0