* Posts by Paul Crawford

2462 posts • joined 15 Mar 2007

The Edward Snowden guide to practical privacy

Paul Crawford
Silver badge

Facebook

"the man had deleted all of his Facebook data. A huge pain and shame"

Indeed, the shame being he should have deleted it himself!

Even if keeping on FB then please delete and create a new profile with a new disposable email every year or so. It limits what FB can easily gather on you and evidence of past indiscretions, and a perfect excuse to dump those "friends" who are sufficiently important not to appear to single out for un-friending, but that you really did not want watching your every post.

Edited to add: And don't give FB your email log-in password or mobile number, mkay?

11
3

IT contractors raise alarm over HMRC mulling 'one-month' nudge onto payrolls

Paul Crawford
Silver badge

Just add in the planned Snooper's Charter and there is an even bigger reason to quit the UK and go elsewhere for work :(

An article on possible destinations and how they are for freelance work would be very welcome!

3
0

Got a time machine? Good, you can brute-force 2FA

Paul Crawford
Silver badge

You can use GPS along with other time sources, both network or radio.

For example, the Meinberg LANTIME M900 can use combinations of GPS/GLONASS as well as LW from your nearest source (probably DCF77 in central Europe, MSF in UK, etc)

0
0
Paul Crawford
Silver badge

Really if you depend on time being accurate for security then your organisation should have a couple of NTP servers (for redundancy) that are fully patched and set up to use ntpd on multiple external sources (at least 5 and even their own GPS) so they can detect "false tickers" and reject them. Then all of your internal machines should only talk to those trust-worthy time servers.

The only times I have seen ntpdate depended upon for time is (a) on boot or network change to get time roughyl right, and (b) in VMs that suck so badly for time-keeping using the "internal clock" that ntpd gives up on its clock regulation approach.

4
0

Shadow state? Scotland's IT independence creeps forth

Paul Crawford
Silver badge

Re: Jeez

Exactly, time for El Reg readers in Scotland to write to their MPs and make clear the problems and risks from all of this. Not just for Scotland but also when it comes for voting on the snooper's charter zombie that has re-emerged from the Home Office.

1
1
Paul Crawford
Silver badge

Re: bit expensive for the bleedin' cameras

£3,571 *per f@%kin' camera* !!!

Is about right, given that a lot are analogue so you are talking networking, HDD recorders, etc, and labour to visit each camera point and do the work, possibly with a cherry-picker.

To achieve exactly what?

Aye, there is the rub. Just how helpful are these cameras? Have we got evidence that they will save more than £10m in reduced crime?

3
0

Microsoft capitulates, announces German data centres

Paul Crawford
Silver badge

Re: How is this helping with the broken safe harbour?

True, but its a good start.

4
0

Tor Project: US government paid university $1m bounty to hack our networks

Paul Crawford
Silver badge

You mean like arming the Taliban as an anti-Russian move?

18
1

UK citizens will have to pay government to spy on them

Paul Crawford
Silver badge

Re: 15TB?

The gov is not asking for *ALL* data to be stored, only some woolly-defined meta-data like the URL of each site accessed. I'm guessing his figure is based on the proportion of data seen in such a link.

Of course, if most folk run browser plug-ins to randomly poke sites every few seconds that could go up massively...

3
0

Brussels paws Android map apps to see if they displace Euro rivals – report

Paul Crawford
Silver badge

Lets face it the main advantage of Google maps is it is "free" (in return for bending you over and lubing you for privacy violations).

It works well if you have a good data link, but outside of 3G+ areas, or in cities when your chosen supplier is shit at times (looking at you Tesco mobile), the result is crap. I use it occasionally and sure it is nice to have, but if I had to depend on something for daily use would not be Google's offering.

5
0

Most developers have never seen a successful project

Paul Crawford
Silver badge

Re: Continuious Development

Here, hear!

In my simplistic view, you have two major factors:

1) having a clear, fixed and agreed idea of exactly what is needed.

2) having the resources (i.e. people, tools) to deliver #1

Most failures I have seen come down to at least one of these aspects. I have pulled out of work requests that I could see was a train wreak coming because foolish decisions had been made already due to not understanding #1, and then they were needing me for #2 when it was already an impossible task.

4
0

Feeble Phobos flaking as it falls to Mars

Paul Crawford
Silver badge
Gimp

I often do! But usually at night. With a tube of lube to hand.

3
0

Freebooting: How Facebook's 8 billion views could be a mirage

Paul Crawford
Silver badge

Re: What's the point?

"Is there a technical term for empty headed delusional twats?"

Yes, a politician

2
0

GCHQ director blasts free market, says UK must be 'sovereign cryptographic nation'

Paul Crawford
Silver badge

Re: I may be wrong

You forget that GCHQ, like most agencies, is not a simple creature with a single goal.

What they should be doing is protecting the UK: that means defence, business and private lives, as they are all inter-related.

On one hand that means stopping The Bad Guys(tm) from having access, and that means encouraging properly used encryption to make sure that information goes where it should and not in to the wrong hands. On the other hand it means having to break encryption to spy or assist the police for what should be the same goal, and there is an obvious conflict of interests there.

Most will realise that both goals are justified, but given the evidence of past lying and political machinations bending of the rules, there is a serious mistrust of either goal. This is made so much worse by the clueless fuckwits calibre of politician we seem to get in charge of the situation.

5
0

So. Farewell then Betamax. We always liked you better than VHS anyway

Paul Crawford
Silver badge

Re: Can we finally settle this?

Technically - yes

Financially - no

Basically VHS have multiple suppliers and soon was the only one that rental stores (remember them?) bothered keeping much range in. The rest is obvious history...sadly for Sony, they didn't learn and tried with Minidisk and memory sticks that no other used, both were business failures really.

12
0

How Twitter can see the financial future – and change it

Paul Crawford
Silver badge

Lemmings

It also illustrates just how fake and insubstantial the whole financial market is. Boy cries "wolf" and shops close, people panic, sheep raped, etc, etc, before anyone bothers to check facts at all.

6
0

Untamed pledge() aims to improve OpenBSD security

Paul Crawford
Silver badge

Also one hopes that developers will start to check carefully what they are doing any why, rather than just asking for the Moon on a stick as Android devs seem to do.

10
0
Paul Crawford
Silver badge

Re: Only goes down, not up ;)

That was my thought: like SELinux or AppArmour, but internal to the program.

I can see how this helps mitigate bugs inside the software and hence possible future exploits, but I can't help thinking that having an external rule set (like SELinux, etc) is a good idea in case someone tries to replace/modify-in-place a program/daemon with a Trojan version. The external rules also help you know what a program is allowed to do without delving inside it.

2
0

GSMA offers a share and share alike approach to the C-Band

Paul Crawford
Silver badge

Mobile is the problem

How do you stop mobile phones from not operating anywhere within, say, 15km of a satellite ground terminal?

Sharing sat comms band with fixed point-point links is feasible because you know where they are and they don't go for a wander.

How are you going to control mobiles? Have them drop C-band based on a GPS map of potential hazards? Who pays up if some phones and/or software updates starts to cause problems? How do you force out updates to all such phones if/when the licensing for sat comms changes, or is this just a land-grab to force others to pay to change equipment in order that GSMA members can profit?

0
0

Symantec numbers are out. Execs might wish they weren't

Paul Crawford
Silver badge

Instead of focusing on "rebuild executive talent" why not try "fixing shitty software" instead?

6
0

Exam board in 'send all' fail: Hands up who knows what the BCC button is for?

Paul Crawford
Silver badge

Re: Happens all the time - but could mail systems help

I have not personally tried it, but you could consider this:

https://addons.mozilla.org/En-us/thunderbird/addon/use-bcc-instead/

0
0
Paul Crawford
Silver badge
Facepalm

Idiots

Also did no one explain that you cant "recall" an email. At most you can ask your own exchange server to remove it, but that counts for SFA once its left your internal system.

38
1

OmniRAT malware scurrying into Android, PC, Mac, Linux systems

Paul Crawford
Silver badge

Re: Where's the Linux angle ?

Exactly, not even the ubiquitous Windows angle either. From the description in the article its a Trojan that needs a dumb-ish user to install it and then they are p0wnd, not exactly a high bar for malware?

8
1

Top FBI lawyer: You win, we've given up on encryption backdoors

Paul Crawford
Silver badge

Re: Condescending git

In most countries we live with typically a 10 to 100 times greater risk of being killed on the roads than by a murder. Even in that case its something like 90% are not unknown psycos doing the deed, but "friends", partners, business associates, etc.

Add to the in the USA something like 90k gun deaths per year (OK, only about 30% of those are crimes, as opposed to stupidity in gun handling, or suicide) versus a few k in the twin towers terrorist event and just how big is this risk? Yes, I know people are dumb and can't evaluate risks, etc, but it hardly seems that bad guys having encrypted phones is your biggest risk.

24
2

MacBooks are so hot right now. And so is Mac OS X malware

Paul Crawford
Silver badge
Joke

Didn't you read the instructions?

tar -xf shaftmybackside.tgz

cd shaftmybackside

./configure

make

sudo make install

0
1
Paul Crawford
Silver badge

Re: Warning : Sample NOT representative

Windows people tend to have far fewer of those than OS-X or Linux users these days

Really? Any figures/citations to back that up?

Even if they are getting more patches, they seem to spend a hell of a lot less time applying them and having to reboot.

0
1
Paul Crawford
Silver badge

And yet Windows users are still being screwed over so much more often by the black-hats, far more than the 10:1 or whatever ratio of users run Windows vs MacOS/Linux. Funny that?

2
1

DDoS, botnet, and fiber cut fail to stop Twitchers crowd-installing Linux

Paul Crawford
Silver badge
Unhappy

Unfortunately the majority in real life are as well

3
0

Stuxnet-style code signing of malware becomes darknet cottage industry

Paul Crawford
Silver badge

@AC

It is not just the problem of how Alice and Bob know they are not talking through Eve, but the fact that any one of hundreds of buggers can issue a certificate to Eve matching Alice and/or Bob. It only takes one of those to fail and the trust link is useless.

Just think of a RAID-0 strip with 600 flaky disks...

1
0
Paul Crawford
Silver badge
Unhappy

Just goes to show how fundamentally broken the certificate system of trust is though.

12
0

Red Hat Enterprise Linux lands on Microsoft Azure cloud – no, we're not pulling your leg

Paul Crawford
Silver badge
Joke

Last option?

I thought the last option on the list was to continue pushing systemd on to an already suffering world so Linux users get the same sort of "WTF is this up to?" joy as svchost provides Windows users with?

17
1

Alumina in glass could stop smartphones cracking up

Paul Crawford
Silver badge

Re: Ultimate test

Most of the broken phones I know of were folk who didn't put them in a cover. Perhaps images is more important than risk looking like and old fart, but this old fart has not broken a phone glass in the last 15 years in spite of several drops due to having them in a gimp mask leather-effect cover.

Oh yes, and the recent rend of having the glass right to the edge is not helping either, as less of the phone body to absorb the impact on a corner impact.

2
1

Spanish town trumpets 'Clitoris Festival' thanks to Google snafu

Paul Crawford
Silver badge

Re: Ah, Google Translate

Their AI-based attempts are a taste of things to come

2
0

Food, water, batteries, medical supplies, ammo … and Windows 7 PCs

Paul Crawford
Silver badge

Go for VM use. Unless you have specific hardware needs, or are dedicated to gaming on a bare-metal installation of Windows, running in a VM has so many advantages: Never-changing hardware, ease of creating a copy/snapshot if you want to monkey with it, can be moved across hardware and host OS, and often malware won't run under virtualisation to protect its secrets so another bonus!

7
0
Paul Crawford
Silver badge

Step 1 create pristine Win7 VM and patch it while keeping beady eye out for W10 shit

Step 2 disable internet access to VMs

Step 3 run these VM(s) on you OS of choice

Step 4 tell MS to go fsck itself...

33
3

Windows 10 is an antique (and you might be too) says Google man

Paul Crawford
Silver badge

Re: @Davie Dee

"with proper convergence in to NT in w7 we almost got there"

What are you talking about? The 16-bit DOS era kernels ended (badly) with Windows ME. With the relese of XP MS dropped 16-bit kernels and moved the "consumer" market to the 32-bit path started with NT.

XP was the direct successor to W2000 in terms of code/release, and that was the direct successor to NT4. You might argue about the goals of NT being better reached by Win7, but that has absolutely nothing to do with code convergence.

"Stable, AD, direct x, good driver support, backwards compatibility, etc etc"

In my case the only difference I saw was USB support. I had less stability issues under w2k, never used AD anyway, and never had driver problems or PnP issues on any of the machines I installed w2k upon. Maybe XP was more stable for some users/program combinations, but for me the only advantage was USB (plus longer support for patches, of course)

5
1
Paul Crawford
Silver badge

Re: Revisionist

It depended to some degree on which branch you reached XP by:

1) From Windows 95->98->ME as a consumer

2) From NT3.5->NT4->W2000 as a professional

In the former case you lost quite a lot of DOS games and win16 support, but gained much better stability and security (yes, I know pre SP3 XP was hardly great, but compared to 16-bit?!)

In the latter case you got...few more devices supported and a Fisher-Price interface? Oh yes, and "product activation". But at least you could go for classic look and be back like w2k (as I did). Having said that, all that w2k effectively gave me over NT4 was USB support really.

Due to product activation, and some other reasons, w2k was last Windows I bought, XP came as work system. Now I am using Linux almost exclusively and my old w2k & XP machines run as VMs on top. Critically the license for them allows that, something the consumer versions of Fista & Win7, etc, do not.

15
6

At Microsoft 'unlimited cloud storage' really means one terabyte

Paul Crawford
Silver badge
Paris Hilton

Shock horror!

What, you mean that people actually used the space we said was "unlimited" like there was no limit?

We all know that unlimited is a stupidly impractical thing to offer, but MS deserve a good PR kicking over this for the sheer stupidity of offering this and not expecting many to use it.

It also is a timely reminder of how putting your key data in the 'cloud' is basically giving someone else the power to change T&C and boot you out if they don't like you. This time MS appear to be giving folk a year to mend their ways, but in the future?

Paris - as she is smarter than MS marketing bods it seems.

29
0

Windows 10 growth stalls during October

Paul Crawford
Silver badge

Re: "What has changed since the days when XP was supported?"

A few un-patched nasties such as the kernel font-rendering and similar. They don't need any real interaction to do your machine in.

There are lots of good reasons to keep XP machines going, but internet access ain't one of them!

3
0
Paul Crawford
Silver badge

Re: Sir

Similar to my experiences in recent years, Linux installs with less pain than a typical machine without the correct pre-configured Windows OME image to install from (which users almost never saved when they had the chance). Less dicking around with updates as well.

And yes, I have suffered the exasperation of re-installing Vista to help a friend and it was crushingly slow to get and apply updates. After 3 hours I went home and told him to reboot it in the morning.

To be fair, installing an enterprise copy of Win 7 on recent hardware was no major trouble, but still slower than typical Linux install and try as I might, I could not get it to go from a USB stick. So it had to be a DVD written and temporary DVD reader to get it to boot and then install 7.

Maybe Win 10 has solved the USB boot and install process? Perhaps I shall never know care...

10
2

Boffins solve bacon crisis with newly-patented plant

Paul Crawford
Silver badge

Re: It's people!!

Soylent pink

With apology to the original commentary who thought that one up!

1
0

Think Fortran, assembly language programming is boring and useless? Tell that to the NASA Voyager team

Paul Crawford
Silver badge

I guess in a lot of cases they don't have much choice, they have a good enough job and that company often wants them to keep doing what they need done. No offers of new projects or training on things as they come along.

I'm as guilty as any. I have not pushed myself to change job as life has been OK-enough here, and the steps in my relevant knowledge have come not by planned progression but by projects coming along and I end up doing them. Hence learning a new skill, like how to write "C code" in python...

2
0
Paul Crawford
Silver badge

Re: High level languages?

Have an up-vote :) I wish I could give to 100 votes for the "universal macro assembler aka 'the 'C' programming language'" though!

Also share some of your views on FORTRAN, great for scientific work due to its built-in support for maths and complex numbers, extensive libraries (NAG & IMSL, etc) but had some horrible attributes as well (implicit typing, joys of GOTO being used far too often, being able to enter a function at multiple places, etc)

1
0
Paul Crawford
Silver badge

Re: For which chipset?

Alas, how many competent C programmers are there? You know the ones who actually understand how to manage memory & pointers...

21
4

The only GOOD DRONE is a DEAD DRONE. Y'hear me, scumbags?!

Paul Crawford
Silver badge

Re: Attention All Drone owners

All the better if the drones have self-defence weapons that return fire to the origin of the incoming projectiles. A glorious day of carnage for both drones and Maltese hunters as they exchange fire and we see how the Terminator would play out!

3
0

Next year's Windows 10 auto-upgrade is MSFT's worst idea since Vista

Paul Crawford
Silver badge

Re: @Pompous Git

"causes physical damage that may necessitate the use of emergency or protective services"

Sounds like he nagged support once too often and a 'solution' was found using the printer and a jar of Vaseline...

6
0
Paul Crawford
Silver badge
Trollface

Re: @Pompous Git

Try giving your brother-in-law the details of a local paid support company.

You will be amazed at how quickly he either decides his printer is no big deal, or uses Google & trial-and-error to fix it himself.

5
1
Paul Crawford
Silver badge

Re: Only yourselves to blame

(1) "how users disable or never install updates" Maybe because they break things, e.g. removing media centre?

(2) "no idea why users never install antivirus" Maybe because AV is mostly crap and an on-going fee or incessant nagging? (OK must at least give MS a vote for providing a low overhead free choice here).

(3) "Microsoft finally listened, then made you redundant by taking all those little jobs out of your hands" Good for that! So never again will I have to support some friend/relative who has, yet again, trashed their system and/or got it infected?

(4) "Linux is not ready...sacrificial chickens and chalk pentangles" Good to see you have recent experience of both Windows and Linux in terms of ease of installing and sorting out problems. Never had to registry edit I presume? Never has to get a driver from some web site and side-step the scams, bloatware (looking at you printer manufacturers, WTF does a driver need to be > 100MB for?) and shitty toolbars that come with the territory?

17
0
Paul Crawford
Silver badge

Re: Make your bloody minds up!

People want and expect bug-fixes, in particular for glaring security holes.

They do not want changes that break basic functionality (e.g. removal of media centre) or require re-training to use (have you ever had to give telephone support to an elderly relative?). Android is a basket-case in this respect, but Windows has a long history of keeping those two aspects separate, until this W10 cock-down-throat push.

17
0

UK watchdog offers 'safe harbor' advice on US data transfers

Paul Crawford
Silver badge

Consent?

""Of course transfers can always be made on the basis of an individual’s consent"

No that should not be the case, as that is asking someone to sign away their rights because they need gas or electricity, etc. Deciding not to deal with a given company because they are going to send my data to the US is often not an option, as you may only have one or two suppliers and enough do it to make competition on that basis impractical.

If I decide to deal with a US company that is one thing, but any company claiming to operate in the EU should not be allowed to break basic rights in return for slightly cheaper IT back-end supply.

20
1

Forums