Feeds

* Posts by Paul Crawford

1576 posts • joined 15 Mar 2007

Win gorgeous strap-on, enter whole new world with Reg compo

Paul Crawford
Silver badge

Maybe the VR show is all about the other sort of strap-on? Explains the general look of enfeeblement....

0
0

BOFH: Oh DO tell us what you think. *CLICK*

Paul Crawford
Silver badge

Re: This is not good

Bloodshed?

For whom? The boss who is not getting in the BOFH's way, or the beancounter who turns down the boss' most excellent suggestion for new kit desperately needed for his support team?

You know, those 4k monitors and extra storage arrays for "speciality" content?

1
0

Snowden-inspired crypto-email service Lavaboom launches

Paul Crawford
Silver badge

I'm less concerned by lawful access, based on a court order from any competent government, than unwarranted hoovering of all data "just in case".

6
0

Over half of software developers think they'll be millionaires – study

Paul Crawford
Silver badge
Pint

Re: @JeeBee

Have an upvote for using "salubrious", oh and a beer.

0
0

Heartbleed exploit, inoculation, both released

Paul Crawford
Silver badge

Re: @Jamie Jones

Thanks for the feedback, I stand corrected.

"If you follow the spaghetti trail that is the source code"

I think you have identified a significant problem just there.

"I.e. it's read-overflow (or 'buffer overflow' by reading rather than writing) - nothing to do with the memory allocation!"

If they are really using a stack-based source then electric fence would not have caught it, but I would have hoped some of the code profiling tools would have thrown up a warning about the copy size being potentially bigger than the buffer.

1
0
Paul Crawford
Silver badge

Re: @Michael Wojcik

I'm not sure, but usually if you overrun a buffer then standard tools like the "electric fence" library or the valgrind tool fill find the problem.

Of course, if you write obscure code and use a not-very-well-thought-through alternative version of malloc() then things might not go so well...

0
0
Paul Crawford
Silver badge

Re: leaving vulnerable information in memory in the first place?

"You using calloc doesn't solve a damn thing."

Except in this bug it would have, as the padding beyond the heartbeat request that was returned when the request length was longer would always be zero'd. Thus no leaks.

Where you are correct is that it won't stop other heap-walking mischief where something else gets hold of a freed block with sensitive data. Though others using calloc() by default would minimise that risk as well.

What would be nice would be a built-in cfree() equivalent that would clean up by already knowing the allocated buffer size to zero it, so that you could use "#define free(x) cfree(x)" (or some compile flag) to apply generically without having to re-write code to pass the size as well.

0
0
Paul Crawford
Silver badge

Re: leaving vulnerable information in memory in the first place?

ALL computers leave essential information in memory - they need to in order to work!

The issue here, as is so often the case, is poor use of malloc()/free() and the opportunity for such memory to be re-used without sanitisation.

I'm not an expert, but I use calloc() in all but uber-time-critical steps partly to stop this sort of thing, and partly so when I do make a boo-boo at least I get consistent borking as it always starts with zero'd memory before I go on to abuse it.

The patch is about keeping the keys in memory that is not easily re-used, which is good, but as already reported the OpenSSL project really needs some proper support and a bit more code review. Hey NSA/GCHQ could you do something useful for us for a change?

5
1

Audio fans, prepare yourself for the Second Coming ... of Blu-ray

Paul Crawford
Silver badge

Re: @Lost all faith...

Thanks for that champaign comparison!

Though I now feel a bit dirty having visited the Daily Mail site.

6
0
Paul Crawford
Silver badge

Re: AntiCopy AACS

That was my first thought, as how many Blue Ray players have DAC and analogue electronics that is even a match for studio quality 16-bit/CD style hardware, let alone enough to show differences (if any) in the standards?

Oh yes, these disks will sound *different* but that is down to "re-mixing" for effect, not because you get a fundamentally better product.

As others have pointed out FLAC is already better than CD (higher quality possible with less storage) and no DRM - what is there not to like?

3
1

Want a free Bosch steam iron? You'll have to TALK TO THE DEAD

Paul Crawford
Silver badge

Re: Working at that company...

Ah, so that is the BOFH's strategy!

4
0

US taxman blows Win XP deadline, must now spend millions on custom support

Paul Crawford
Silver badge

Re: @LDS

In most cases the XP machines that can't be economically replaced are so because of one or two specific jobs, and very rarely will that need much, if any, internet access. So a firewall that simply white-lists the things it needs (e.g. NTP and specific IP addresses it needs) will stop most things.

If you can't access web/email on a given machine then it won't get drive-by attacks and also no casual use. If it can't talk to most of the internal machines then such attacks won't spread.

And of course you have disable auto-run on all devices, if not mass storage completely, to stop USB attack vectors on every machine?

6
0

Tamil Nadu's XP migration plan: Go Linux like a BOSS

Paul Crawford
Silver badge

Re: TheVogon

Citations? Or you are simply talking bollocks. Again.

http://www.pcworld.com/article/2082460/moving-a-city-to-linux-needs-political-backing-says-munich-project-leader.html

"Munich city authority migrated around 14,800 of the 15,000 or so PCs"

"that migrating to LiMux instead of modernizing its existing Microsoft software would save it over €11 million"

25
2

Nokia: ALL our Windows Phone 8 Lumias will get a cool 8.1 boost

Paul Crawford
Silver badge

I doubt it has anything to do with the OS, as most consumers hardly know what an OS is. More likely good deals on contract phones and/or well demoed units show the good points.

Its nice to see MS struggle to dominate a market, but also it is good to have more than a two-horse race.

2
0

Microsoft in 1-year Windows XP survival deal with UK govt

Paul Crawford
Silver badge
Trollface

dosemu

A lot of DOS software will run happily on dosemu on Linux, including MS' C 6.0 compiler.

Certainly more than will run on 64-bit Windows...

1
0

Driver drama delays deep desert XP upgrade

Paul Crawford
Silver badge

Re: Hand back the geek ID card, return the butter knife and leave

When faced with a sick Windows box, my steps are:

1) Open it and hoover out dust & crap, then check for Bulging Capacitors Of Death on the motherboard.

2) Boot a Linux CD/USB (old PCs often wont boot from USB happily so CD/DVD needed) and run the memory tester.

3) Check the HDD SMART status to see if its dying.

4) Boot a BitDefender or Kaspersky "rescue CD" and check for root kits and lesser malware.

If all of the above pass, then you know its 'just' a simple problem. But for most PCs not looked after by a competent Windows admin, you know its going to have so much crap installed and partly uninstalled that saving the data and nuking from orbit is the best solution.

That is, assuming they have the original Windows disk / rescue disk they were told to make when the PC was new...

1
0

How Microsoft can keep Win XP alive – and WHY: A real-world example

Paul Crawford
Silver badge

Re: Not quite true...

Or use a VM of XP on any OS of choice, more flexible.

But neither deals with XP in interface applications where it has to deal with custom hardware cards.

5
0
Paul Crawford
Silver badge

Re: @LDS

The "backward compatiblity of Linux" problem is when you change kernel version and some muppet decided, yet again, to change APIs on the basis that they assume all can just re-compile.

What I said was you can patch a working system for security holes in virtually every case without changing versions. I did not say it was easy, but possible. With MS you have no such ability at all, and given the typical extended support costs they are asking for you could hire a decent programmer just for that job alone.

7
1
Paul Crawford
Silver badge

Re: Paul Crawford

The MC6800 series is a CPU, not a computer platform, i.e. not a standardised board with "computer" (CPU, RAM, boot loader, etc) and expansion slots for extra interfaces & custom cards.

Most equipment designers want to concentrate on the "added value" they provide, which is the custom part, and not to have to develop the computer/boot loader/networking/etc.

That was why the original IBM-AT was so attractive - you got a functioning stand-along computer, along with plenty of development tools, and documented hardware that made it easy to build a special ISA card for whatever custom job you needed done.

The transition to Windows made that harder but safer (Linux is marginally easier as you can see most device driver's code to copy & adapt, but neither as simple nor dangerous as DOS' direct-to-hardware approach), and PCI is far more complex to implement (even with a cots chip or IP core), but the same basics apply: a PC is still a cheap, easy and longest lasting platform to develop for compared to any other I can think of.

6
0
Paul Crawford
Silver badge

Re:@Decade

You are right that Windows was a bad choice of platform for so many reasons, but usually the decision is based on what is cheap & practical now, with the presumption that product development and support will continue so upgrades to newer hardware/OS are thus managed.

In practice companies fail, get bought over, or otherwise decide to orphan products so support stops but lots of users have business-critical stuff that is no longer upgradable when the OS, like Windows, drops aspects of backwards-compatibility (often for other good reasons, like security).

Sadly short of an open source system, you are stuck making the best of what you have, not what you wanted.

More recent MS OS with product activation checks are even worse and should never be used. But they will, because some green programmer only knows that way and all problems look like nails...

But retuning to one of your gripes, that of PC hardware, what other computer platform has been more-or-less supported for 20 years? It is far from ideal, but a longer supported choice is hard to find.

6
0
Paul Crawford
Silver badge

Re: Keeping Windows XP alive is not good for anyone

Here are some ISA motherboards:

http://www.bressner.co.uk/isa-motherboards

If you need more then various 19" rack mount PCs support ISA / PCI mixes.

We still have ISA cards with DOS control software, but now running in dosemu on Linux (which allows selective control of direct hardware access).

3
0
Paul Crawford
Silver badge

Re: So does OSX and Linux...

Not as such, but with Linux you have the code and the patches and if it matters enough find someone who can patch things and also there is an incentive to share that.

In most cases it is stuff that MS has dropped that makes upgrading a pain, along with DRM-like stuff that rejects old drivers that are not signed, etc.

But really for most XP-dependants the road now is likely to be one of auditing what they do, why, and how to isolate them from t'Internet and then moving all web/email/exposed stuff to newer, more secure, machines.

3
2

Hotmail-gate: Windows 8 code leaker pleads guilty to theft of trade secrets

Paul Crawford
Silver badge

Re: 10 years and $250K is way too little

I quite agree, he should be dancing the Tyburn jig for such appalling crime against humanity - that of promoting Windows 8 to the press!!![1]

[1] A single exclamation mark is hardly enough to convey my indignity, but 4 is just getting stupid.

9
2

OkCupid falls out of love with 'anti-gay' Firefox, tells people to see other browsers

Paul Crawford
Silver badge

OK Cupids untained ethics?

Ah yes, the site that pulled the blog about the money-grabbing approach of match.com when, ah yes, when they were bough over for $50M:

http://www.geekosystem.com/okcupid-pulls-why-you-should-never-pay-for-online-dating-match-com/

While I fully support LGBT rights, I find this a pointless attack on an open-source project for the past personal actions of one person. No doubt by those with numerous gadgets made in China by what is barely different from slave labour...

4
0

Artists install Monty Python silly walk signs in Norwegian town

Paul Crawford
Silver badge

Re: Fitness Craze

What ever you do, do not spill your precious fluids!

Yours sincerely, General Jack D. Ripper.

8
0

Bruce Schneier sneers at IBM's NSA denials

Paul Crawford
Silver badge

Re: I'm going to repeat my comment from elsewhere..

"...and legal ways to do it without pissing off US government too much."

IANAL but as far as I know the "patriot act" can be used to force them to provide data even from overseas sites, irrespective of other laws that may apply. So yes, it is good they are willing to pay lip service to EU laws and expectations, but if it matters you still can't depend on it.

5
0
Paul Crawford
Silver badge

Follow the money...

IBM has a lot to lose financially from any such involvement with the NSA (even if that is a legal requirement of doing business in the USA), thus they will be as "economical with the truth" as they dare, just short of statements that could lead jail-time.

So yes, I suspect they "lied".

13
0

Microsoft issues less-than-helpful tips to XP holdouts

Paul Crawford
Silver badge

Re: Depends on who/why

Hmm, on 2nd thoughts maybe a £100 Android table won't be that much more secure than their old XP box unless they are adverse to installing stuff.

0
4
Paul Crawford
Silver badge

Re: Backup XP?

I don't use windows enough to know what is the best backup software for typical home use, but I know from experience that windows own backup sucks donkey balls in terms of portability for getting your files back again after a major crash.

Suggestions folks for a good Windows backup program?

5
0
Paul Crawford
Silver badge

What you should already be doing - put them on a separate network area with no internet access (or heavy firewall control for specific sites they have to access), disable autorun on all drives, and force all personnel on pain of cattle-prod to have any USB sticks scanned on a known good machine before they plug them in.

3
0
Paul Crawford
Silver badge

Depends on who/why

If it is someone who really needs XP natively for some special application then they will already be taking precautions.

If it is a home user without any technical skills or the money to simply buy a new PC they are screwed, unless someone is willing to help them. At least a Linux install can be done for beer money, so folk on a really low budget have some option for safe web use.

Failing all of that, there are £100 android tablets out there...

3
0

Another day, another nasty Android vuln

Paul Crawford
Silver badge
Joke

Re: 387,000 characters?

They obviously never employed little Bobby Tables:

http://xkcd.com/327/

2
0

TV sales PLUMMET. But no one's prepared to say what we all know

Paul Crawford
Silver badge

Re: Could it be what is on offer in the shops/online?

" It isn't something that really adds to the cost."

No costs - what of patents, etc, that have to be licensed?

What kind of 3D?

If its polarising type you loose some brightness, if active shutter you have to add the hardware to support the headsets (and probably get one with the TV, which is just great for a typical family).

4
4

This changes everything: Microsoft slips WinXP holdouts $100 to buy new Windows 8 PCs

Paul Crawford
Silver badge

In most cases, probably special hardware aside, if you have XP-specific software the best solution is to run an XP VM in another host OS (my choice Linux, but Win7/8 just as effective).

You get 100% XP compatibility, no future hardware driver issues, the ability to restrict internet access to the (soon very vulnerable) XP VM, and a host computer that runs whatever new stuff you need fairly safely.

2
0
Paul Crawford
Silver badge

Re: Lifetime free support?

If I was being aggressive I would say "because they sold it with so many bugs in the first place".

If I was being helpful I would have suggested to MS that they could have offered support for, say, $5 per user per year after the first year. That is pretty small per user, but a tidy sum with some hundreds of millions of users and you could get support as long as you want, and they can afford to pay the staff to do so.

But doing what the customer wants seems to be an alien concept to so many companies.

11
1
Paul Crawford
Silver badge

@jason 7

"Try using a 13 year old install of XP on a 13 year old PC and you'll find that it doesn't work...very well at all."

It works fine if you have the original configuration - and typically that means no AV and anti-spyware running, and not piles of software that no one really uses but each one starts its own updater on boot-up. If not running well, usually some RAM as an upgrade is enough to restore sanity cheaply.

However, I think you will find there are two classes of hold-outs where the machine is newer but they stick with XP:

(1) Folk without the income or desire to spend on a PC, the old "it works fine for me and I hardly use it anyway" brigade. Definitely not El Reg readers.

(2) Folk who have the budget and support, but are sticking with XP because something they have won't run acceptably on a newer OS. Now you could argue they should simply upgrade the program(s) they use to avoid this, but there could be a whole range of reasons why not:

2.1) Stupidly expensive to do as it was custom software, etc. (thinking here of gov and IE6 lock-in, for example).

2.2) Not possible as no newer software exists (e.g. for old hardware, or company went bust, etc)

2.3) The upgrades change things in ways that will (or could possibly) break something key to their business (e.g. industrial control where it took a lot of time & money to certify the system in the first place).

All can be sorted with enough money, but it is likely to be WAY more than the cost of a new PC/OS.

10
2

French novel falls foul of Apple's breast inspectors

Paul Crawford
Silver badge

Re: What about Apple's rights?

"people who do choose to buy Apple devices should not then complain about the fact that they're limited to Apple-approved apps and content"

Have you ever spoken to a non-tech user and asked them if they know what they can and can't get for their proposed new shiny toy? Do you think they even considered that when buying?

Given Apple is the market leader in this area (certainly in the high value range) they deserve scrutiny from the technically literate. Just how hard would it be to have a tick-box or similar so users can choose kid-friendly stuff or not? If it is not illegal then Apple should simply classify it, not ban it.

3
1

No more squeaky bum moments, please Microsoft - partners beg

Paul Crawford
Silver badge

If you sup with the Devil...

...use a long-handled spoon.

MS look after themselves, resellers are only important if they are absolutely necessary for #1

6
0

Panasonic slaps Freetime EPG on 2014 smart tellies

Paul Crawford
Silver badge

Re: HDCP?

Best way to play reliably is to get DRM-free content via TPB. Of course, the industry can't see yet why paying for something should be the nicer experience.

0
0
Paul Crawford
Silver badge

Perhaps, but few have access to enough ISP bandwidth for streamed 4k content without horrendous compression artefacts (which removes its single advantage).

Add to the a whole new dimension of DRM that Sony, etc, are talking about for 4k content and I for one will wait and see before buying something that expensive.

1
0

Win XP holdouts storm eBay and licence brokers, hiss: Give us all your Windows 7

Paul Crawford
Silver badge

Re: Maybe I'm missing something here...

"Surely it can't be all about Metro and the lack of start menu?"

Mostly it is, and the general buggering about of where thing are.

Technically using Win8 is a good idea, but myself (and a lot of other El Reg commentards) just find the UI a horrible experience and life simply too short to put in the effort work around it when there is Win7 and various free Linux distros as alternatives.

9
1
Paul Crawford
Silver badge

Lenovo?

Did I not read on El Reg that Lenovo, one of the few PC makers to grow in market, are offering Win 7 machines?

Coincidence?

22
0

Straight to 8: London's Met Police hatches Win XP escape plan

Paul Crawford
Silver badge

@AC

"There has been widespread scepticism as to if those numbers show the full picture"

And never have you once provided the report, or figures, to back up your counter-claims.

Even if it was cost-neutral, I would be in favour of our government departments switching simply to be free of US corporate control, and to pay for EU professionals to offer the required support in lieu of MS on-going costs.

9
0

Windows hits the skids, Mac OS X on the rise

Paul Crawford
Silver badge

Re: AC

"The vast majority of enterprises require a) documents to be interchanged seemlessly and look the same at source and destination"

That only works if you force them all to use the same version of Office and even the same damned printer. Otherwise use PDF as that actually works!

"and VBA macros"

No one wants to use VBA macros. Few really need to use VBA macros, they are 'needed' simply due to legacy lock-in and not even supported on the WindowsRT version of Office. Though I would forgive you for saying that is not a real version of Office...

"To a large degree, you get what you pay for!"

With MS you often don't even get that.

3
0
Paul Crawford
Silver badge
Trollface

@Matt "sorry, I dropped FreeBSD when ZFS was forced on us"

Come on Matt, you don't need to be shy on El Reg's forums - everyone here knows you use Solaris on the desktop and simply like to protesteth too much :)

1
2

Is no browser safe? Security bods poke holes in Chrome, Safari, IE, Firefox and earn $1m

Paul Crawford
Silver badge

Re: We need something more simple than webbrowsers

That ain't going to happen now that world+dog expect to run javascript/HTML5/etc to display "hello world". The modern web browser is more like an OS than a text rendering application, and so much of the web now depends on that to work. Yes, I know its dumb, but no I don't see it changing.

Probably the best we can hope for is sandboxing becoming robust enough to stop break-outs, and maybe aggressive enough to just kill browsers when something dodgy happens.

But there are problems in terms of actually using that - for example you might use Linux's apparmor to limit file access so a browser can't write to sensitive place, nor snaffle your files for uploading to spooks/criminals, but most users will simply howl when they find the browser dies on trying to navigate to, say, their collection of cat photos for uploading to facebook, etc. Sadly so far usability always triumphs over security.

6
0

Tony Benn, daddy of Brit IT biz ICL and pro-tech politician, dies at 88

Paul Crawford
Silver badge

Re: Concorde?

"The thing that killed any prospect of Concorde"

It was not one thing, but a combination of factors, most importantly:

(1) Oil cost post-1974, which made it expensive to run.

(2) Limited range, it could do London-NY and Paris-NY, but not the sort of range that would have made it a major success in the 80s such as Tokyo-SF

(3) The problems of supersonic flight over land. While the USA's stance did smack of national pride being upset, it turned out that no one would put up with the sonic boom over land, so key routes to make money had to be over water (not so bad, if it could have done Tokyo-SF non-stop).

(4) Noise levels. Concorde needed engine re-heat (aka afterburners) for take-off and that add massively to the noise (extra thrust proportional to exhaust velocity, noise to the 8th power!). When developed in the early 70s this was not so bad as other jets like the 707 were also noisy buggers, but by the 80s and onwards the move to high bypass engines for fuel efficiency also lead (and was driven by) much lower noise levels.

Still, it was the most beautiful airliner to date and I once had the privilege to fly on it. Not cheap, but my flight cost less than a similar first class flight I priced nearer the time.

RIP. My thoughts go out to Tony Benn's family, and I feel we have lost one of the few politicians worth listening to and a champion (abet not always best-advised) of technology.

2
0

'Amazon has destroyed the unicorn factory' ... How clouds are making sysadmins extinct

Paul Crawford
Silver badge

Re: Beware of sysadmins bearing cattleprods

More likely the BOFH will arrange for the CFO to get a visitation of ghosts of other companies who bet their corporate crown jewels on SLAs that turned out to be not worth the paper they were written on. Not even soft and absorbent.

1
0

Is Microsoft hinting at a fully fondleslab-friendly future for Office 365?

Paul Crawford
Silver badge

Er, no

"ARM-powered Windows RT slabs all come with a fully licensed version of Office"

Not for business use, so not "fully licensed" in my books.

The sooner MS learn that Windows is not the centre of computing any more, and that Office for other OS will sell, they will do themselves and the world a favour. However, this rental mode and the expectation of your files and ability to access them vanishing if you stop paying is not appealing.

6
0

BuzzGasm: 9 Incredible Things You Never Knew About PLIERS!

Paul Crawford
Silver badge
Gimp

King Dick

Psst!

Want something a bit "harder"?

<winks>

http://www.lawson-his.co.uk/king-dick-super-2000-vde-combination-plier-c2153

Say no more! Say no more!

0
0