* Posts by Paul Crawford

2994 posts • joined 15 Mar 2007

Apple's 'lappable' iPad Pro concept is far from laughable

Paul Crawford
Silver badge

And you know this via....???

Why, by the 9" already mentioned!

1
0

Snoopers' Charter 'goes too far' says retired Met assistant commish

Paul Crawford
Silver badge
Gimp

Mind you, that could work another way if browser coders decided to undermine that sort of system by randomly connecting to anything/everything in the background. Suddenly everyone's ICR logs are massive and expensive to maintain, and everyone looks equally suspicious and has plausible denyability about looking at any odd site.

You know those sites only too well =>

1
0

Tor torpedoed! Tesco Bank app won't run with privacy tool installed

Paul Crawford
Silver badge

"when your customers only have ONE factor to them?"

Difficult, though some of my accounts have a card reader that generates a code based on the card/PIN and the transfer amount to be used. This is a separate validation path that is very hard for a compromised phone (or PC, or MITM from hacked wifi point, etc) to to bypass.

Advantage - no internet connection to said device so it can't be hacked (directly, lets overlook the RSA Token breach for a moment).

Disadvantage - it is something annoying to carry with you if you really want banking on the move.

1
0
Paul Crawford
Silver badge

Re: Missing the point again

Even if the banking app can't tell the phone's IP address, the bank surely can tell if the connection is coming out of a Tor node. Maybe not 100% as I doubt there is a very up-to-date list, but pretty much most connections would be identifiable that way. Also if its an app that can get your location then a geo-lookup should be able to tell if the phone's IP address is sane as well.

But one way or another, they should not be placing great trust the bank app, phone, or network path in the first place. 2FA is needed if it matters, but sadly for a mobile-only customer that is a single point of failure.

4
0
Paul Crawford
Silver badge

Re: Missing the point again

You are right but also mistaken.

Yes, I can see that banks should not accept business via Tor due to the additional risk of the originator not being the real person, and no doubt the use of the IP address and geo-lookup is one aspect banks use in detecting fraud.

But you are mistaken here: the whole point of the article is the banking app won't allow you to have a Tor browser installed on the same phone even though it is cleared via Google's own Play store, not that it won't work via a Tor network. Those are two very different things.

9
0
Paul Crawford
Silver badge
FAIL

You are indeed a moron if you think that the presence or otherwise of a tor browser is the single most important thing for banking security.

Here is a clue - if security matters, and one has to assume banks are aware of this, you must start by the assumption that any device or communication channel may be compromised and design a system to catch that. That is the whole point of 2FA (you can't trust a single path/factor).

Of course if the '2' in your 2FA both via your phone (e.g. banking app & text message confirmation) this is a big FAIL as you really have 1FA (and considering the numerous unpatched bugs in many phones, really SFA). Banks must know this, but take the risk that fraud is less expensive than the lost business of forcing a more secure model on the customer.

7
1
Paul Crawford
Silver badge

Re: @Fibbles

"I don't know where you're getting your info from"

Experience. My first "smartphone" was an HTC Wildfire and it received a single OS update in 3-4 years for some wifi bug but remained remained buggy (would reboot in poor signal strength areas after a while). Also that update wiped phone so was really a factory reset as well. Now have a ~3 year old Motorola G which has had 2 OS updates so far and currently is telling me that its Android 5.1 patch 2016-03-01 is as up to date as there is.

So while *you* might be lucky with your phone, the majority of phone owners get SAF in the way of timely updates.

8
1
Paul Crawford
Silver badge

"a vector for hackers"

Really, as far as I can see from the Play store is it not a tor node and just a tor access point or proxy. And if for access then I can't believe it is much worse than some unpatched browser on the phone as you go to legitimate web sites already hacked and serving up malware.

26
1
Paul Crawford
Silver badge

Re: "preventing free speech and internet security"

WTF? The app is complaining about the Tor app installed on a non-rooted phone.

So what if Tor is used by "some of the worst people on the planet to conduct their despicable business" as you could easily say "mobiles phones are used by..." or the Internet, or cars, etc, etc. So long as he is not using Tor for kiddy-fiddling etc then it is none of your damn business.

55
5
Paul Crawford
Silver badge

Best security practice

Don't use a banking app on Android in the first place.

Every sane OS is patched at least monthly, if not more often as bugs and security holes are found. Most phones one per year if you are lucky for core OS parts, occasionally more often for app and that often asks for more permissions.

69
5

Apple and Android wearables: What iceberg? It’s full steam ahead!

Paul Crawford
Silver badge

Re: An analogy

I also have a couple of mechanical watches, one is self-winding if I wear it all day, otherwise needs wound up daily. But the thing is, I don't have to carry a special winder with me, nor do I need an compatible power point for the winder.

My usual watch is a Casio that is automatically set by radio and is solar charged. Had it now for several years and no battery change needed (and resulting leaky seals) so pretty happy with it. Now if a smart watch could do the same...

3
0

FBI's iPhone paid-for hack should be barred, say ex-govt officials

Paul Crawford
Silver badge

Indeed the discovery phase and details of the data gathering are essential. After all, if the police have hacked in to my computer to gather evidence, how can the jury be sure they did not plant it there?

I'm not saying such techniques should be banned, but there must be proper rules for the use and full traceability of the actions and method presented at the trial so both sides can be sure the evidence is valid.

9
0

Dad of student slain in Paris terror massacre sues Google, Twitter, Facebook for their 'material support' of ISIS

Paul Crawford
Silver badge
Headmaster

Re: "MTB"

Since when was "Mountain Bikers" three words?

3
1

Apple faces Beijing blackout for iPhone 6

Paul Crawford
Silver badge
Trollface

Re: Where's the actual phone?

Isn’t the case and extra cost option?

2
0

BOFH: Follow the paper trail

Paul Crawford
Silver badge

Re: I was lucky..

Why did I read that as "a genital smile in my direction"?

5
0

Prenda Law's copyright-trolling shakedown scam slammed AGAIN

Paul Crawford
Silver badge

The bankruptcy is probably a move to protect what they can (e.g. all in wife’s name, etc) and in other cases may have nothing to do with the low-life practices seen here.

Being disbarred from practice should follow such a judgement though as a separate step.

6
0

Sneaky brown dwarf gives us a bright flash and astroboffins are confused

Paul Crawford
Silver badge

Re: I wonder

Great idea, send him on the B-arks first

1
0

Patent trolls, innovation and Brexit: What the FT won't tell you

Paul Crawford
Silver badge

You are also making the very dubious assumption that the UK post-Brexit would not just roll over and do what the US wanted on IP law giving us just as much, if not more, trouble.

79
7

Apple quietly launches next-gen encrypted file system

Paul Crawford
Silver badge

Re: @Kristian Walsh

Thanks for the detailed info.

"The HFS Resource-fork ... deprecated since 2001"

Maybe, but as far as I know it was still used just a couple of years ago for Apple's own photo management program, and was such a pain that a friend's only solution to allow NAS/RAID for his parents Mac's collection of images was to use iSCSI export from the NAS and format it in HFS. Of course, that sort of approach also makes sharing the NAS' contents impossible as you really don't want two machines able to write the file system tables, etc.

0
0
Paul Crawford
Silver badge

Re: POSIX requires filesystems to be case sensitive

While some folk might think case-insensitive is good as humans don't care, as you and other point out it is a right pain to make it sane and consistent with multiple character sets.

Its a computer, it should be case-sensitive and the muppets writing Adobe software who are not using consistent case in thier stuff just shows how dumb they are. Not that Flash's endless stream of exploitable bugs would suggest otherwise.

But the real elephant in the room is the incredibly dumb "feature" of data fork (Alternate Data Streams) that results in some Apple software being unusable on any file system that lacks this. So you can't put your photos on a NAS, etc. as it breaks the thumbnails, etc, which are stored in a 2nd or other stream of data behind the same filename.

6
7

Orlando shootings bring Facebook's safety check to US soil

Paul Crawford
Silver badge

Re: Terrorist Attack?

"which conveniently lends itself to the terrorist angle rather than being a hate crime"

No, sounds more like self-loathing being projected on the innocent from someone who's culture demonises homosexuality. Same as right-wing Christian nutters do.

5
0
Paul Crawford
Silver badge

Re: That's highly doubtful

It won't prevent all murders, would reduce the number of murders because its harder to kill many people in a short window with simple "secondary use" weapons. Restricting guns won't stop dedicated murderers but it makes it a bit harder to do, maybe gives the perpetrator cause to think twice, maybe gives the victim a more sporting chance to escape or defend themselves.

That is it in a nutshell.

6
0
Paul Crawford
Silver badge

Re: Guns don't kill people....

Ah yes, so the number of gun deaths in the USA has nothing to do with the number of guns?

Sometimes satire is just too close to the truth:

http://newsthump.com/2016/06/12/america-hoping-tomorrows-mass-shooting-slightly-less-serious/

4
0

The Microsoft-LinkedIn hookup will be the END of DAYS, I tell you

Paul Crawford
Silver badge

Cortana?

What is this Cortana you speak of? How will she/it spy on me? I have looked, but this is what I get:

$ apt-cache policy Cortana

N: Unable to locate package Cortana

Now then, to add "teledildonic DevOps using .net" over and over again to my Linkedin profile...

21
6

SLACKOUT

Paul Crawford
Silver badge

Re: The Cloud...

Yes and those utilities are "fungible" (a nice word that AO sometimes uses on El Reg) where they are interchangeable. Gas is gas from any utility to certain defined standards and to me they just burn and heat things.

My data is unique which is why it is valuable to me, and if some cloud provide vanishes or deletes my account due to incompetence or a dispute over billing then I am stuffed unless i have my own copy. Or have two cloud provides that don't share the same points of failure. And that is even before we get in to data sovereignty and who can use a legal warrant (secret or otherwise) to access it.

0
0

Crysis creeps: Our ransomware locks network drives and PCs. Bargain

Paul Crawford
Silver badge

"crypto virus automate the stupidity process"

Very much so. While I do feel for those suffering data loss, it could just as easily be a careless file deletion, and accidental format of a partition, a hardware fault, or the theft/loss of a laptop.

If you don't have a usable and protected backup, you don't really have your data. It is simply a matter of time...

0
1
Paul Crawford
Silver badge

Re: @Ledswinger

You are right to a point about fuckwit users, but the MS move of hiding the file extension was a good trick for fooling partially sensible users by sending nicephoto.jpg.exe so they see in the file manager a JPEG photo, and the exe bit is lost.

Now you can harden both Linux and Windows against the click-and-run thing, for example by making all user-writeable areas non-execute (you do put /home in a separate partition, don't you?). But as you say, a user willing to provide name & password to a suspect link is just a big problem.

2FA is a big step forward, and Fartbook do support that, but when I had an account with them I was absolutely not going to give the data-slurping bastards by phone number as well. My bank uses 2FA for some things, or a card reader in other cases, so for major stuff it exists now. But having a universal fob that you can use when signing up for ANY service would be nice, so you don't end up with a whole pile of crap to take with you anywhere you want to be secure and don't trust your phone (it is both internet connected, and probably unpatched, where as a random number fob has only I guess a public/private key pair that one half of needs securing and it need not be on the Internet).

1
1
Paul Crawford
Silver badge
Trollface

"using double file extensions or as seemingly innocent installers"

Oh dear, I had thought those glory days were gone. Still, nice to see the old "make it easy for users" changes for Windows are still working their magic.

Now how long until some Linux GUI Muppet decides they need the same...

2
3

Did you know there's a mega cybercrime backlog in Ireland? Now you do

Paul Crawford
Silver badge

@chaotic mess of various UK police forces IT

Lets not single out the police now, after all the same sort of problem appears to impact on most UK gov IT systems. And quite a few private companies as well.

0
0

FFS, Twitter. It's not that hard

Paul Crawford
Silver badge

Re: $4 per quarter ad revenue

Really? Companies think they can get $4/quarter of additional profit per narcissist user by punting ads on Twitter?

Am I lacking in marketing and business nous, or is that a seriously deluded return rate?

0
0

Now Google backs everyone's favorite trade pact: The TPP

Paul Crawford
Silver badge

Re: USA-ians selling items abroad?

68-pin ones were easy to get for SCSI. I needed the 80-pin version (not used for SCSI but for a custom board). Think it was DigiKey I got them from.

5
0
Paul Crawford
Silver badge

Re: USA-ians selling items abroad?

Some years ago I needed some 80-pin versions of the old SCSI mini parallel connector, only sold in the USA as far as I could find. So had to fill out various forms, etc, to get clearance to have them exported to me as clearly such connectors are in big demand by terrorists, government spies and pinko-commie-subversives worldwide.

On arrival I saw they were made in Mexico.

But look at the up-side where ITAR has done wonders for the European space industry.

13
0
Paul Crawford
Silver badge

Should be caned on principle

The way it has been "negotiated" is an affront to democracy EVERYWHERE and for that reason alone it should be slapped down.

What if it has benefits? Does not matter. Our political leaders and their Machiavellian ministers who negotiated and/or supported this need to be told in no uncertain terms that secrecy is not acceptable. After every round of negotiation the whole document should have been published as "draft" for the world to see so the next round has a democratic input. Nothing is perfect, but as it stands my MP (good or useless) can't go and look at it and bring a copy of bits back to me for discussion. It stinks of corruption.

45
0

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Paul Crawford
Silver badge

Re: Password

Mine used to be dadada but now it is ich lieb dich nicht

1
0

Sysadmin 'fesses up to wrecking his former employer's IT systems

Paul Crawford
Silver badge

Er, have you seen his pic?

Have you seen Bubba's pic?

13
0

PC market sinking even faster than first thought, thanks to Windows 10

Paul Crawford
Silver badge

Re: I wouldn't blame Windows 10

While there are a lot of shitty things about Win10 (pushed "upgrade", data slurping) it is not the resource hog Vista was at the time. I guess MS' recent focus on mobile and cloud has made them realise OS bloat is bad.

One wonders how long they will keep things that way though?

1
0

US military tests massive GPS jamming weapon over California

Paul Crawford
Silver badge
Devil

Re: The Embraer Phenom 300

666 pages. A coincidence?

0
0
Paul Crawford
Silver badge

Re: Selective Availability

Not necessarily. A jammer can be deployed for a smaller area of interest, and for denial times determined by the local ground force for a specific operation (instead of going all the way through the GPS command system, getting approval along the way).

I suspect though it is all-systems jamming as you say, and they want to check their own kit is still usable.

0
0
Paul Crawford
Silver badge

That was my first thought, as I'm pretty sure you can't get a plane certified for commercial flight that relies upon GPS at all times. Do they have particularly poor EMC performance in other areas?

1
0

Surveillance forestalls more 'draconian' police powers – William Hague

Paul Crawford
Silver badge

Re: Missing the point

Then how long until said key is passed to well-funded criminal gangs from at least one country?

12
0

You've got a patch, you've got a patch ... almost every Android device has a patch

Paul Crawford
Silver badge

Re: Where are those monthly updates?

Sadly we need the law to step in and make suppliers liable for bugs not patched in a timely manner for, say, 5 years after the data of sale.

Can't patch the software after 2 years due to your chain of code monkeys? OK, then give the customer a new device free of charge. No doubt it would focus their minds on quality in a manner not seen so far.

12
0

Norway might insist on zero-emission vehicles by 2025

Paul Crawford
Silver badge

Re: What about oil production?

I was talking of the plans for an independent Scotland where oil revenue was assumed. And at much higher oil prices than today.

0
0
Paul Crawford
Silver badge

Re: What about oil production?

Same point about the Scottish government as well, all talk of no nuclear and renewable energy, and the budget largely funded by selling oil/gas to others to polute instead.

A bit like closing heavy industry in the EU for pollution reasons (and energy cost) and then buying form China where they use a lot of heavy polluting coal plants and have lax environmental standards. But hey, our voters can feel good!

9
2
Paul Crawford
Silver badge

More to the point, what is the "Lystresepten" article about?

9
0

Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash

Paul Crawford
Silver badge

Re: Simple answer: Don't use Windows.

An upvote for your obvious point they are changing the deal.

But, no you don't have any right to complain as its all covered by the EULA you agreed to by using Windows. You know, all those nasty little details you either did not read or though no company in its right mind would exploit...

1
1

GNU cryptocurrency aims at 'the mainstream economy not the black market'

Paul Crawford
Silver badge

Re: Mining?

"I can't see a lot of advantages over a prepaid debit card"

If it breaks the USA strangle hold on on-line commerce by Visa/MasterCard/PayPal, what is there not to like?

9
0

Latin-quoting Linus Torvalds plays God by not abusing mortals

Paul Crawford
Silver badge

Re: Quia ego sic dico

Oh, and don't let me detain you.

4
0

Farewell, Fadell: Nest CEO Tony quits IoT biz

Paul Crawford
Silver badge

Ah yes, the fact the CEO is a complete knob-head is a business fact that must be kept secret at all times, more so than the next quarter's financials...

3
0

'Whites are taking over': Race storm hits heart of Africa's internet body

Paul Crawford
Silver badge

Disclaimer: I am white (well not really, as I'm not a vampire, but close enough).

I dare say a lot of coloured people still get the shitty end of the stick, but that is not a justification for playing the race card. Remember the most successful people in the history of coloured emancipation have all made it clear that equality and a lack of prejudice is the right and proper thing. Think of Mahatma Gandhi, Martin Luther King, Nelson Mandela, etc. Long may their light shine above man's petty squabbles.

10
1

Forums