* Posts by Paul Crawford

1696 posts • joined 15 Mar 2007

Linux users at risk as ANOTHER critical GnuTLS bug found

Paul Crawford
Silver badge

Re: Buffer Overflow

It is possible, but often not done for historical or laziness reasons.

The most common problems are copying or printing a string of characters in to a destination that is too small, so it overflows into somewhere else that can then be exploited. The usual culprits in the C/C++ language are strcpy() and sprintf() (and similar) but you can often use alternatives such as strncpy() and snprintf() instead which take the destination size and enforce that limit (though with strncpy() you should also enforce nul-termination of the string as it won't do that).

If the destination buffer is allocated by the malloc() family, then in Linux you can also use the electricfence library for debugging and that puts each buffer in to a separate page and any violation results in a segmentation fault that you can then debug from the core dump. However, you would not normally use electricfence that for release code as it has a performance penalty, it is really intended for testing and debugging.

0
0
Paul Crawford
Silver badge

Re: Someone is actually using GnuTLS?

Hopefully like the heartbleed fall-out some big Linux corporate users/backers will put some money in to having it properly reviewed and re-written as needed.

Instead of dicking around with the GUI yet again...

11
0
Paul Crawford
Silver badge

Re: @Sander van der Wal

"What it also did was make the world a worse place. The three letter agencies got free and easy access, and all they had to do was look at the code, find the bugs and do nothing about them."

And how is this worse than closed source from US companies where the three letter agencies got access by one means or another, found the bugs and do nothing about them as they could be used for spying?

24
1

German server lockbox scores MEELLION dollar seed-smashing record

Paul Crawford
Silver badge

Re: And the clients?

"I mean what did they actually do ?"

Probably what most IT folk and businesses do - turn existing stuff in to a product/service that works/sells according to demand.

6
0

China puts Windows 8 on TV, screams: 'SECURITY, GET IT OUT OF HERE!'

Paul Crawford
Silver badge

Re: Look at page 113 of the 'Greenwald' file

I think you will find slide "Page 113" is on page 27 of the PDF.

1
0

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Paul Crawford
Silver badge
WTF?

Re: "who are shamelessly stealing from TrueCrypt"

You might want to look up what stealing means. It implies depriving the rightful owner of something of value.

Given that the moral owners of the TrueCrypt name are not coming forward, and that there is absolutely no sign of them commercialising this product in any way, I don't see what is being "lost" to justify a copyright infringement charge, let along "stealing".

Sure it is an infringement of the license terms, but who is actually suffering? Certainly not the end users who otherwise would have to go to something else that might be much worse in terms of privacy.

5
1

Oh, wow. US Secret Service wants a Twitter sarcasm-spotter

Paul Crawford
Silver badge

Won't that need IE9 or above?

4
0

REVEALED: GCHQ's BEYOND TOP SECRET Middle Eastern INTERNET SPY BASE

Paul Crawford
Silver badge

Re: Dissapointed

I thought "11 levels above Top Secret" was the latest Spinal Tap album...

2
0
Paul Crawford
Silver badge
Alien

Dissapointed

I would have hoped that "3 levels above Top Secret" would be flying saucers and such like, not yet another politically sensitive spying-at-scale program.

33
0

Samsung, Chipzilla in 4K monitor price cut pact

Paul Crawford
Silver badge

Re: Greg D

I find that I work at around 60cm from my monitor, so for a 24" HD monitor that is about 0.5mm per pixel. According to Wikipedia the limit of human eye resolution is about 0.21mm at that distance, so I would hardly call that "terrible" resolution.

However, I heartily agree with you that modern monitors are piss-poor and have worse capabilities than ~2002 CRT devices. So yes, 4k is welcome and long overdue, but I still would argue that most folk (OK, those of my age range) will not be working close enough with comfort to benefit so much from the "retina" style DPI.

2
1
Paul Crawford
Silver badge

Size matters...

...not ultra high DPI.

Few folk can work at distances from a monitor where the current DPI is terribly noticeable, certainly not for any length of time. Hence in my humble opinion the really useful market for 4k monitors in the 30" (or a bit more) where having in effect 4 x 15" HD monitors patched together is going to give you useful space for images, text, etc.

3
7

How Bitcoin could become a super-sized Wayback Machine

Paul Crawford
Silver badge

With a lot of broadband accounts having ~1GB/day upload limits, you are looking at just under 3 years to upload a TB of data, even assuming 24/7 connections with no down-time.

Yes, multiple sources would spread that burden around, but even so it is still a major problem. How many users, let alone businesses, can wait for months to get data back?

1
1
Paul Crawford
Silver badge

When I first heard of "bitcoin mining" and had not looked it up, I was under the impression that they were "earned" by doing something useful like this and not simple solving a pointless puzzle designed to create logarithmically increasing scarcity.

I doubt the limiting factor in practice would be the end user's storage space though, network bandwidth is going to make the practicalities of accessing TB-sized data sets distributed on home user's PCs a challange.

2
2

Is the answer to life, the universe and everything hidden in Adams' newly uncovered archive?

Paul Crawford
Silver badge

A great man

Such a shame he died young, but good to see some of his stuff is coming out from the metaphorical locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'.

An example of his mind is in the El Reg article when he died in 2001:

"What we are now focussed on at h2g2 is what happens when people start to share information while they are on the move. Soon we will start to see devices arriving that combine palmtop computers with cellphones with Internet devices with GPS systems. That - in a phrase we hear over and over again when people talk about the Internet - will change everything. You'll be able to read and write to the Guide wherever you are: at the station, in the plane, on a park bench, in your car (pulled over to the side of the road with the handbrake on, of course) in a café. And when you write in something as simple as 'The coffee here is lousy!' the Guide will know exactly what to do with that information and where to put it. And if you see, a few seconds later, a note which says 'Yes, but the cheesecake is good' it might be worth looking round the other tables to see who you've just made contact with."

See, basically he invented the iPhone and Facebook!

Just a shame there were not actually invented by him and he had lived, I bet they would have been a whole lot less shitty to the end user's respect.

35
0

SPB's mountaintop HQ menaced by WOLVES

Paul Crawford
Silver badge

Mr. President, we must not allow a lupine directed energy weapon gap!

5
0

For your next privacy panic, look no further than vending machines

Paul Crawford
Silver badge

Re: Where will it all end?

When folk take to putting tape over the cameras?

8
0

Cyber crims smash through Windows into the great beyond

Paul Crawford
Silver badge

Re: king of foo

"But surely MS do something fundamentally wrong when it comes to security?"

It is more complex than that.

Modern versions of Windows can be locked down pretty good, but that requires a high level of skill and an attitude of not making life easy if it makes it vulnerable. Home users do not normally fall in to that category, and some (usually small) businesses are run by folk with little more IT knowledge.

What MS also has to battle is a legacy of folk just downloading and running stuff, often while logged in as admin, and just clicking "yes" to every annoying pop-up that asks them if shaftmesideways.exe should be allowed to do XYZ.

In that respect the typical *NIX system user is not expected to do that, and won't normally be logged in as root. Add to that the typical package manager approach to getting most software and it is a different mind-set, more like the Apple walled garden app store.

7
0

Police at the door? Hit the PANIC button to erase your RAM

Paul Crawford
Silver badge

Re: Paul Crawford Whitter

Do SSD's have a bulk erase option? That would side-step the issue as you could arrange for the data to be erased on panic, and not just the key, thus no encrypted data left to be prosecuted over.

0
0
Paul Crawford
Silver badge

Re: Yes, but...

Yes, I can see how much fun your computer will be once your cat finds the laser spot...

4
0
Paul Crawford
Silver badge

Re: Whitter

"Tough luck if you have deleted the keys, you still go to jail."

Er, no. The requirement is to hand over any keys in your possession. If you don't know the key because you never memorised it nor backed it up, I'm pretty sure any attempt to jail you for lack of knowledge would fall foul of the human rights act.

Whether they could get you for destroying evidence is another matter, I suspect that would very much depend on showing you activated the destruction because you knew it was the police calling.

6
3

Tesla's TOP SECRET gigafactories: Lithium to power world's vehicles? Let's do the sums

Paul Crawford
Silver badge

Interesting. What about Gallium, etc, for LED lights?

0
0

Skype to become 'Star Trek' style real-time translator, says Redmond

Paul Crawford
Silver badge

Seems like a very good reason not to use skype really. How many personal conversations would you really want written down?

1
1

'I was trained as a spy' says Snowden

Paul Crawford
Silver badge

Re: More Julian Clary I think

So he likes a warm hand on his entrance?

Ahem, to the stage...

6
1

Google clamps down on rogue Chrome plugins and extensions

Paul Crawford
Silver badge

Re: The problem with that

AdBlock allows non-intrusive adverts but stops the worst of them, which seems a reasonable deal as those advertisers who play nicely get shown. Also you can white-list sites you like to permit adverts, which is also a fair approach.

7
0

Poll: Climate change now more divisive than abortion, gun control

Paul Crawford
Silver badge

Re: Ergo sum

As opposed to rightists who are too busy following orders?

17
7

Tech that we want (but they never seem to give us)

Paul Crawford
Silver badge

Re: There is one

The problem with the likes of the Chromebook pixel and the Macbook retina is they are expensive largely due to the high resolution. For example, my el-chepo Acer chromebook is 1366 x 768 on an 11.6" screen - that is enough resolution for any viewing distance I can actually use, but the overall screen is just too small!

The option for, say, 1366 x 1024 on a 15.4" screen (4:3 aspect ratio) would give me 33% more vertical space and should not cost much. Scaling to a 17" 4x3 monitor would be even better!

1
0

PC makers! You, between Microsoft and the tablet market! Get DOWN!

Paul Crawford
Silver badge

"heaps of suits are doing network diagrams in Visio"

No, probably spreadsheets. But same applies, having a 3x2 screen is much less sucky than 16:9

3
0

Microsoft walks into a bar. China screams: 'Eww is that Windows 8? GET OUT OF HERE'

Paul Crawford
Silver badge

Re: 50% market penetration, but only 5% ever paid for.

No, just 0.1% phony...

Which bits were different to the official version might worry you, of course...

4
0
Paul Crawford
Silver badge

Re: @AC

"Until they realised that no one wants to pirate Windows 8...."

Fixed it for you.

54
3

More chance you came a cropper on a UK road than bought a Chromebook this year

Paul Crawford
Silver badge

Re: My hand is up

Clearly you, and most of El Reg's readers, are not the target market. It is mainly for folk who just want web access, with a keyboard, and don't want to manage anything to do with updates and AV software, etc.

For that sort of use-case it is very good and cheap, which is important.

Yes, it has Google's spying but most folk are still going to use Google anyway, and probably download Chrome as well, so that is not something they care about.

I got an Acer one for playing with and dual-booting, good value for money, but I do hate the lack of home/end/insert/delete keys on the keyboard.

1
0

GCHQ grants security clearance to Samsung's Knox mobe security

Paul Crawford
Silver badge

Re: KNOX is a buggy piece of shit.

"even in it's virgin form...KNOX complains of intrusions"

Maybe that is telling you something important about how buggy the pre-installed (and store?) apps are in terms of not poking where they should not be?

2
0

FCC mulls two-speed internet, axing net neutrality ... unless you convince it otherwise

Paul Crawford
Silver badge

Re: Kind of figures....

The problem with this comes from the president the USA would set, and other ISPs around the would would start eyeing up the opportunity to charge twice for their pipes.

The real problem is not the ides of prioritised data based on type - that is already a known technical solution - but that the payment by source of data becomes the factor. Added in to this the race to the bottom on ISP prices, they won't invest in making better back-hauls unless someone big and rich pays them to.

If ISPs are forced to treat all data sources equally then of course they may have to adapt thier billing model (and maybe, just maybe, be forced to honestly advertise their quality of service) and charge some end users more, but it would keep a level playing field so you don't get a few big media players delivering usable video and anyone else being throttled in to oblivion.

0
0

Mozilla agrees to add DRM support to Firefox – under protest

Paul Crawford
Silver badge

They don't provide the DRM, just the "hooks" that allow it to be called.

In that sense it is no worse than supporting flash player. But they, and other DRM-opponents, are right as it is a very worrying trend towards everything being restricted so ad-blockers, etc, may not be allowed in this dystopian future.

24
2

Patch Tuesday: Adobe outdoes Microsoft, swats 18 bugs in latest update

Paul Crawford
Silver badge

Re: Correction

Er, no.

MS had some of the weakest security around at the turn of the millennium but actually decided to do something about it. These days the Windows kernel is not bad at all, and in the believable comparisons (not the odd troll here) it has broadly similar numbers of flaws as the Linux kernel.

What gets your average Windows machine p0wned these days is user-space crape like Adobe reader plug-ins.

Of course, a Trojan and lack of knowledge is another easy route to the dropped trousers and bucket of soapy frogs (which is an OS-independent problem).

5
0
Paul Crawford
Silver badge
FAIL

WTF?

MS has an operating system comprising of millions of lines of code in hundreds of sub-systems, and has managed to get serious bugs down to a handful per month to be patched.

Adobe has a document reader, and not much more than a video player for the web, and it can't do much better?

15
0

550 reasons to buy this book for your beloved: COCKROACHES of Oz

Paul Crawford
Silver badge

Re: So how come there are so many of them in Australia?

Food for the spiders & snakes I suspect?

1
0

Boffins debunk red wine miracle antioxidant myth

Paul Crawford
Silver badge

Re: "....who wants a liver"

Are you offering a nice Chianti with this liver?

0
0

Hey sailor, fancy putting your hands all over a NeRD fondleslab?

Paul Crawford
Silver badge

Re: Shipboard Hardware

Good point, if that make it then the next sales opportunity is for schools...

0
0

VMware seasons its cloud with a sprinkling of ye olde spinning rust

Paul Crawford
Silver badge

Logical error

"...runs on ye olde spinning rust, a medium that offers lesser performance than the solid-state-disk-based tier it previously offered and therefore attracts a lower price."

Nope, it runs on ye olde spinning rust, a medium that offers lower cost per GB compared to SSD and that is the reason it is cheaper. The "lesser performance" aspect is why you might choose to pay more for SSD.

2
0

AMD beds ARM in 'Project SkyBridge' and home-grown 'K12' ARM architecture chips

Paul Crawford
Silver badge

An interesting move, however, I first thought they were doing x86 and ARM in the same chip as well so you could get both (or just low power, etc) as needed at run-time.

Maybe if Intel had done this with the Itanium from the start it would have been less Itanic...

1
0

Stephen Hawking: The creation of true AI could be the 'greatest event in human history'

Paul Crawford
Silver badge

Re: I was noodling on the idea of AI a few days ago

*cough* teledildonics *cough*

3
0

Super-heavy element 117 DOES exist – albeit briefly. Got any berkelium handy?

Paul Crawford
Silver badge

Re: 'new ways that atoms can be ... potentially made to decay more slowly'

The atomic number, like 117 is the count of protons in the nucleus, but the stability depends strongly on the number of neutrons. E.g. in the simplest hydrogen has none, the Deuterium isotope has one and both are stable, while Tritium has two and decays to half over 12.3 years.

So with the "island of stability" (which is a relative measure, none will be *that* stable) there is a great uncertainty about what the effect of differing isotopes will be. Unfortunately it is damn hard to make any of them, let along high neutron count versions.

6
0

10 PRINT "Happy 50th Birthday, BASIC" : GOTO 10

Paul Crawford
Silver badge
FAIL

Re: C

Oh dear, that reads as if "bit-wise operations" are dangerous! Doh!

1
0
Paul Crawford
Silver badge

Re: C

My point was you can do things in C with ease, such as bit-wise operations, pointer arithmetic, etc, that can be seriously dangerous, but is also essential for some OS operations. Same in that respect as assembly, and not as other languages that (for good reason) deny dangerous operations.

0
0
Paul Crawford
Silver badge

Re: C

I think C was created to be just "one step from the metal" for writing OS in a moderately portable way. However you might complain about the dangers of C, it sure beats assembly!

11
1

Today's bugs have BRANDS? Be still my bleeding heart [logo]

Paul Crawford
Silver badge

Re: GOTO be GONE?

There are occasions where a goto might be the most elegant option (e.g. breaking out of multiple nested loops) but the problem I see is when you look at a goto target, just how did I get there?

0
0
Paul Crawford
Silver badge

I think gcc supports a variant on the idea, but then you get in to serious portability issues for a library that should be cross-platform and compilable on systems of widely varying age.

1
1
Paul Crawford
Silver badge

Re: Note to all C programmers

Yes, one of the issues is simply crappy coding style (as the author put it so well "No bug is shallow if it lives in a bug-camouflaging environment.").

That is why the likes of MISRA C/C++ guidelines were created, to get programmers doing things in ways that are robust (i.e. common/minor mistakes are easily caught or mitigated) and readable (so bugs have less opportunity to be hidden).

You can argue C++ has more elegant ways of doing safety/clean-up things, you can also argue that it has lots of interesting ways of adding bloat or doing things inefficiently. But if you know and understand those arguments, you can probably write safe code in either C or C++ anyway.

6
0

New secure OS will put Tails between NSA's legs

Paul Crawford
Silver badge

Depends - it won't stop them if you are a high-value target worthy of directing a lot of resources, hell they will just bug your machine(s) at $100k+ sort of cost in that case.

What is does do is make data hoovering that bit more difficult and expensive. If enough people used it then they would only be able to investigate high-value targets, sort of like the good old days when human resources (i.e. a spy) had to do the work, or that quaint idea of having proper judicial oversight.

17
1

Facebook UNVEILS VEIL for 'anonymous' logins

Paul Crawford
Silver badge

Re: Useful for photo sharing.

Have an upvote for mentioning the FB Purity add-on !

2
0

Forums