* Posts by Paul Crawford

2861 posts • joined 15 Mar 2007

Have Microsoft-hosted email? Love using Live Mail 2012? Bad news

Paul Crawford
Silver badge

Modern synchronization technologies?

What is actually changing? The MS web page does not say what these "modern synchronization technologies" are that are needed. POP or IMAP, are they really modern?

Or are they the ones being deleted to force poor outlook users in to a web interface to spam you with adverts more effectively?

16
1

Clixta: A copyright-friendly way to share your family photos

Paul Crawford
Silver badge

Re: Metadata from Clixta

There was talk of making it illegal to strip metadata, which would stop this (or at least give you redress).

I think it should be a bit more complex though as some metadata might be dangerous to share (real name, GPS coords of your kids, etc) but if there is a random copyright ID that can by linked you you should you allow it (i.e. reverse lookup tricky unless you set it so or reply to a request) but otherwise exists as a flag it is copyrighted by someone who has not given that right up, then it would be a good thing.

1
0

'Apple ate my music!' Streaming jukebox wipes 122GB – including muso's original tracks

Paul Crawford
Silver badge

Oh how my friends laugh at me for still buying music CDs...

78
2

Stop resetting your passwords, says UK govt's spy network

Paul Crawford
Silver badge

Re: Pointless

Exactly, so once per year would leave on average 6 months to do your business over! Pointless...

However, changing shared passwords after someone leaves (say any shared admin accounts on certain boxes that don't support more than one admin user), or following a potential compromise, make a lot of sense.

2
0
Paul Crawford
Silver badge

There is some sense here, you want users to have long passwords to make them difficult to guess, but easy to remember. So saying "at least 16 characters, like a few words perhaps" and not requiring stupid ratios of punctuation, numbers, and case, is likely to get them using something different to other services, and to remember it instead of putting it on a post-it note.

Also, of course, having a bozo filter to stop "Correct Horse Battery Staple", or even "password" or "12345" and similar being used N times to fit the minimum limit...

24
1

Jobs in Ireland may be vulnerable at post merger Dell Technologies

Paul Crawford
Silver badge

Re: I wonder if they'll all still use dell.com?

Or Oracle deleting/redirecting the Sun site instead of just changing page logos so hyperlinks still work.

1
0

Daisy-chained research spells malware worm hell for power plants and other utilities

Paul Crawford
Silver badge

c) PLCs networked together without any firewall rules to enforce communications only with a few designated monitor computers. Or fancier intrusion detection.

Of course, one would hope that the monitoring computers were not unpatched Windows boxes due to the PLC suppliers being unable to support open standards and/or be sure that system updates are not going to break poorly written software...

5
0

How to evade the NSA: OpSec guide for journalists also used by terrorists

Paul Crawford
Silver badge

Re: a bloke in the pub told me that...

Didn't the Judean Peoples' Front split from the Judean Peoples Front over some dispute about possessions?

2
0

'Toxic' WIPO catches flak as US congressmen call for Gurry's head

Paul Crawford
Silver badge

Re: My, so little jurisdiction yet so much vitreol

Maybe, maybe. But lets face it, it appears WIPO is almost the thinking man's FIFA in terms of inability to deal with internal corruption. Sadly it took the USA to step in and force action on FIFA.

Almost, as there is always ICANN...

1
0

Iranian cyberspy phishing rod pulled from the waters and exposed

Paul Crawford
Silver badge

Or the Iranians making it look obvious so you think its an Israeli false flag. Or the Israelis making it look like the Iranians...

2
0

Intel has driven a dagger through Microsoft's mobile strategy

Paul Crawford
Silver badge

Re: It's not just Microsoft.

I am mostly a Linux user, with a few VMs for specialist Windows software. I most certainly don't want Windows to disappear, but I would like its desktop share to drop further, say to 60-70% so that companies are willing to supply device drivers (or supporting documentation) for non-Windows OS.

Quite a few do fairly well in this respect already, offering Mac & Linux support, but its still an issue for some things where they are just not supportable due to a lack of any openness or effort from the company.

11
0
Paul Crawford
Silver badge

Re: Microsoft Windows Mobile and Surface don't have 30% market share!

I think AO is pointing out that in spite of still having ~90% of the desktop PC market due to legacy software investment worldwide, MS now has only ~30% of the total number of internet-connected computers, that means PCs, tablets and smart phones (most of which are not x86 nor Windows in any form but cheap Android devices).

5
0
Paul Crawford
Silver badge

Re: Logic & Gui

"The only thing stopping you is the fact that the source code belongs to someone else"

No, its the fact that you have built your code to assume a specific API, like win32, and a specific model for GUI, maybe even worse with assumptions of the size of 'int' or similar instead of using int32_t or whatever options were supported. That makes even a small program an absolute PITA to port. That is what most legacy software is like.

The exceptions are stuff that was written to be multi-platform, even if just two variants of "UNIX" (say Linux and later MacOS) as then you have to write your code with some degree of abstraction for GUI and low-level stuff, and that greatly mitigates the pain for porting because you are probably started using two compilers/dev environments and can never be quite sure of what API consistency will be like, so you learn to segregate from the beginning.

15
1

Do you know where your trade secrets are?

Paul Crawford
Silver badge

@Doctor Syntax

"The user has to log on specifically as that user to do that - no privilege escalation is allowed."

And in that one sentence you have nailed the problem. Privilege escalation is not supposed to happen, short of giving the admin password (a whole set of FAIL! for another day's rant), but it does. And because all software, be it application, OS, or low level hardware driver, has bugs of one form or another it is inevitable that someday someone will find it.

That is why dreaming up ever more complex OS models to try and stop this is never going to be that successful. Sure we can segregate user accounts from admin tasks, and we can use things like SElinux/AppArmor to enforce the expected behaviour of process that have high privileges to reduce what p0wning them can do, but we can never be sure.

And that is why a backup machine has to be physically and administratively separate from any machine that can be taken over from the Internet access or portable media, etc. And it has to assume that files might be trashed, so some point-in-time model for data recovery needs to be implemented.

2
0
Paul Crawford
Silver badge

Re: There should be no over-ruling this ...

If you use snapshots in ZFS/GPFS or on NetApp boxes, etc, then you have the "copy on write" model so attempts to re-write files puts the data elsewhere on disk, and the original is still accessible via the previous (snapshot) file tables.

Of course you need to be doing snapshots, and to protect the machine doing so from being done over, and also to have long-term backups elsewhere so you can go back as far as you need when you discover it was infested. Some DB randsomware waited 6 months or so before revealing itself so there would be no viable backup to recover from.

2
0
Paul Crawford
Silver badge

Re: Extend this idea of restricting write privileges

The problem is it can't be controlled by "write privileges" on any box that is potentially compromised.

If your cryptolocker is run as an ordinary user then any normal backup is fine because it is done by a privileged account. But if your malware is anything smarter than a small user-mode script then it will exploit either the meatware for a suitable password or use any one of the numerous flaws in *ANY* OS to gain what it needs to attack all. There is always some sort of admin account, and pointing to the all-powerful UNIX root is a distraction that if you have a more compartmentalised model (as Windows should be, but usually is not) you still only need a few more steps to get the account you need.

Really, the only viable option is to reverse the process, so the backup machine comes in and reads what it needs from servers and desktops and where it writes it to, and how versioning/snapshots/etc, are controlled is well separate from the at-risk boxes.

Of course this also assumes you can simply log-in to the backup machine using an account on the others...

1
0

Carl Icahn: Will someone rid my portfolio of this rotten Apple?

Paul Crawford
Silver badge

Re: "13 per cent drop in turnover to $50.6m"

You mean the proper name for what the Yanks call a "billion"?

2
0

The EU wants you to log into YouTube using your state-issued ID card

Paul Crawford
Silver badge

Re: Brexit?

"But it's exactly things like this id card nonsense that drive people to want to get out of Europe"

So we can just get it shoved down our orifices by our own Gov instead? Remember Labour's obsession with it, on the current Conservative attempts to get our human rights removed to something they decide upon?

Are you seriously suggesting that the EU is somehow the source of this?

14
2

Ireland's tech sector fears fallout of Brexit 'Yes' vote

Paul Crawford
Silver badge
Trollface

Poor?

"Both campaigns in this sordid and rather pointless referendum are very poor."

I though that we had stopped talking about Scotland?

Yes, I'm Scottish and no, I am perfectly aware there were good points on both sides. But "sordid and rather pointless" seems to be how major political decisions with life-long implications are made these days,

1
0

Mozilla slings Firefox patches at flaw found by GCHQ's infosec arm

Paul Crawford
Silver badge

Re: GCHQ motivations

Don't forget that GCHQ has two jobs:

- The one folk tend to think about is spying on world+dog

- The other is stopping world+dog spying on our glorious leaders

Clearly there is a conflict of interests here, as hoarding vulnerability to shaft the other guy could very well lead to your own boys getting done over when their kit is not patched. There is even advice given to gov BOFH to help out on lots of platforms, not just Windows. Though given the number of high-profile breaches we hear of, and no doubt others we (and possibly they) don't know about, one wonders if it is listened to.

https://www.gov.uk/government/collections/end-user-devices-security-guidance

3
0
Paul Crawford
Silver badge

Re: Take heed..

Well web browsers take so much memory these days its almost inevitable it comes down to thoughtless crap management, and hence corruption...

1
0

Microsoft fingered for Western Euro PC tragedy

Paul Crawford
Silver badge

Re: Microsoft

Not just no profit for vendors, none for MS and a weakened market for Windows licences elsewhere.

I guess MS decided it was cheaper/easier just to use malware tactics to get existing Windows users on to 10 by hook or by crook?

4
0

Intel CEO Krzanich: PCs are things too!

Paul Crawford
Silver badge

Moore's Law is not a law.

Moore's law is an empirical observation from the early stages of IC development that predicted the growth in complexity possible from a combination of shrinking features and larger dies sizes are improving yields allowed it.

There is no physical meaning to it that says it has to continue, nor that it will be cost-effective to do so. Thus relying on "Moore's Law" is simply an act of faith that if you throw enough development money at your fab facility you will get bigger/faster/cheaper chips. It might not turn out that way as even today the cost of a single state of the art fab is unbelievable.

5
0

Game of P0wns: Malvertising menace strikes Pirate Bay season six downloads

Paul Crawford
Silver badge

Re: "targeting users with pop-under ads"

As does removing Flash and Silverlight.

On can hope, but sadly one also suspects that HTML5 will rapidly acquire enough complexity to bring the risk right back to square one.

12
0

Tokyo rebrands 2020 Olympics

Paul Crawford
Silver badge

Re: Lisa Simpson

That is a terribly Wong though

2
0

If Android’s wings are clipped, other Google platforms may gain

Paul Crawford
Silver badge

Re: "good luck getting help from Google with that one"

They listen to their customers.

You are the product, advertisers are the real customers.

2
0

Is Microsoft's Office dev platform ready to go mainstream?

Paul Crawford
Silver badge

Lets face it, MS struggles to maintain proper compatibility with their own versions of Office. I pity the poor buggers who end up depending on this.

3
0

'I hacked Facebook – and found someone had beaten me to it'

Paul Crawford
Silver badge

Re: Are we even allowed to discuss this?

It's too cold every time of the year!

0
0

Dutch students serve up world's first 'drone café'

Paul Crawford
Silver badge
Trollface

Re: NO WAY

Indeed, he pays a fortune in hair bleach/dye for that look

3
0

RIP Prince: You were the soundtrack of my youth

Paul Crawford
Silver badge

Re: Unexpected

Nah, Keith Richards really died 20 years ago. Just no one told him he had to stop playing...

15
0

Ubuntu 16.04 LTS arrives today complete with forbidden ZFS

Paul Crawford
Silver badge

@DrXym Re: Priorities?

"allows it to synchronise the local date & time with a remote NTP server during bootup. This is bad how exactly?"

Syncing time during boot-up is a good thing. We already have ntpdate that is typically used to step-adjust during booting to correct any CMOS clock errors, so why re-implement it?

My point is not that the goals of systemd are bad, nor that init scripts have problems, but it is the growing number of systemd dependencies that mean you can't choose what and where.

If we want another rant, as one commentard has mentioned systemd will put a failed process in to maintenance mode, so it has to be manually restarted even after the next boot. With init a future reboot gives it another chance, which is a better thing for overall reliability (if in doubt || watchedog timeout => reboot!).

4
0
Paul Crawford
Silver badge

Re: RedHat seem to think Btrfs is ok to use

Also many RHEL customers are sticking to version 6 and older proven stuff. They value stability and dependability over "new and probably broken on arrival or the next update".

2
0
Paul Crawford
Silver badge

@AC Re: Priorities?

You missed the point completely, and others have already done my bit to point out that systemd starting NTP is fine, but reimplementing it in a manner that won't work outside of the systemd universe is a pointless waste of effort.

It is this aspect, of making everything dependent on systemd for reasons that are often seem like no more than vanity, that is the issue.

24
1
Paul Crawford
Silver badge

Priorities?

"frustrate those looking for cutting edge enhancements" is exactly who?

I doubt many want yet-more pointless GUI dicking around, or Firefox moving its drinks cabinet 6 inches closer to Chrome in removing useful features. Most folk like stability, and like the look and feel to stay the same unless they deliberately change it.

For me having ZFS is a major useful step in it provides both data checksums and file system snapshots. Though it remains to be seen if this is well-used (e.g. can you snapshot the OS partition/share before any update/upgrade to allow roll-back without also rolling back your own data? Is that the default option in the upgrade manager?)

systemd is another sore point. If you read Pottering's blogs it all sounds a good idea, and many aspects are. But the endlessly growing interdependency with it is a very bad thing, as its their borging of things that an init process has no need for (e.g. NTP) presumably because they were bored and did not want to fix bugs or, more importantly, user complaints instead.

57
2

Official: EU goes after Google, alleges it uses Android to kill competition

Paul Crawford
Silver badge

Re: @Paul - Why don't the EU

Those "opponents" are any of the phone makers who might dare to fork Android or offer variations in terms of search, location, etc, that would reduce Google's advert revenue-generation opportunities.

You know, the sort of competition that normally benefits consumers.

2
0
Paul Crawford
Silver badge

Re: Why don't the EU

Well of course, after all screwing your opponents via secretive contracts gives us all a much better deal, eh?

7
1

Not OK, Google! FTC urged to thrust antitrust probe into Android

Paul Crawford
Silver badge

Re: "Freezing out third-party apps"

Oh dear Wade, here we go again for the hard-of-thinking...

This is not about the ability to side-load from outside of the Google app-store, this is about the bundling of key Google data-slurping processes and the dependency on those in many apps. The reasons Google is abusing its position compared to Apple are:

1) Apple make and sell phones. No other company uses iOS or Apple's store. Thus Apple can't pressure, say, Samsung or LG, or Motorola, etc, to bundle something in Apple's favour.

2) Current market share (http://www.idc.com/prodserv/smartphone-os-market-share.jsp) shows that Android had (2015) 82.8% of the market compared to 13.9% for Apple's iOS. Once you are well over 50% you get enormous leverage in terms of compatibility, developer attention, etc.

This, and in particular the forced installation of Chrome, is exactly the same as MS' abuse of its OEM licensing in the past. However, I doubt the US regulators will act, or if they do it will be shut down by a change of gov who happens to be "pro-business" (in other words, enjoying the lobbying funds).

13
1

FBI's Tor pedo torpedoes torpedoed by United States judge

Paul Crawford
Silver badge

I think that is the point of the judgement: that they should have got a proper US-wide warrant for this action, or if they somehow could only get a local one, use the gathered evidence only on suspects in that locality.

Sounds like laziness on the FBI's part.

7
0

VXers pass stolen card data over DNS

Paul Crawford
Silver badge

Re: Those fixes aren't enough

Very good point.

However, would all sorts of requests to some odd domain not trip any decent intrusion detection system? Or am I being naive about how good such "enterprise" tools actually are in practice?

0
0

All-Python malware nasty bites Windows victims in Poland

Paul Crawford
Silver badge

@bazza

Removing execute permissions for the /home partition, /tmp, etc, where users can write to helps a lot, but not as you say for a particularly determined user and/or program. For the really gullible Linux user you can also deny them a command shell so they can be tempted to type in crap.

However, for more serious blocking of tricks like you mention you can use tools like apparmor to deny execution of bash, python, etc, in user-writeable areas to further piss off malware authors.

Incidentally Windows supports no-execute as a ACL setting, you can do the same to block execution in all user-writeable areas stop a lot of Trojans from being able to run even if the user is dumb enough to try some random download. Of course, you end up with complaints of other crap they need also being broken...

1
0

European Union set to release anti-competition hounds on Google

Paul Crawford
Silver badge

Re: Thank goodness this is nearly over.

"masterfully sarcastic" I think, just forgot the joke icon

8
1
Paul Crawford
Silver badge

Yes, after all Nokia did really well when "helped" by an ex-MS employee to choose a non-European OS.

7
1

Hacking Team hole still unpatched, exploit pop doc claims

Paul Crawford
Silver badge

Re: What's the embedded device?

Or some printer with a web server and/or wifi access point that is still on even when on Ethernet.

When did you last see any patching for any of your printers?

3
0

What's wrong with the Daily Mail Group buying Yahoo?

Paul Crawford
Silver badge

Re: Flickr

Welcome to the cloud, where you get little or no control of what happens to your data!

It can happen to any hosted service, either the hosting company screws up and deletes your stuff, or the service decided to close because they are bored or losing money. In short, if the ownership or future availability really matters to you then you set up your own (hosted if your ISP can't offer the bandwidth you need at a price you can afford), and keep your own mirror/backup in any case.

6
0

Linux command line mistake 'nukes web boss'S biz'

Paul Crawford
Silver badge

"Except, of course, for the 88%+* desktop market share Windows users, who have no idea what we're talking about"

Fixed it for you. When looking at anyone who would use (or even know about) command line actions, its probably closer to 50%.

Still, some additional "WTF?" options that allow (or not) such problems. Others recommend that most users don't get shell access, or the ability to execute programs in areas they have write access to:

https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts/end-user-devices-guidance-ubuntu-1404-lts

0
0
Paul Crawford
Silver badge
Joke

Re: "rm" stands for "remark"

While "dd" stands for "destroy data" as we all know...

6
0
Paul Crawford
Silver badge

More precisely, deleting stuff need write-access to the holding directory. Unless you are root, that user, or the user has allowed you via "group" membership & write permission (or $DIETY forbid, "other") then you can't do it.

Backups? Snapshot file system? I know its glib to ask, and we have all done dumb things in the past, but for a hosing business you like to assume there was *some* disaster recovery plan!

6
0

Vinyl LPs to top 3 million sales in Blighty this year

Paul Crawford
Silver badge

Re: Wow

I always thought RCA stood for "rubber conservation association" from how thin their records became.

6
0
Paul Crawford
Silver badge
Pirate

Re: Buying, not necessarily playing

1) Buy the vinyl record

2) Torrent the FLAC equivalent

3) Profit! (one hopes step 1 is actually paying musicians)

3
0

Forums