* Posts by Paul Crawford

2993 posts • joined 15 Mar 2007

'Irongate' attack looks like Stuxnet, quacks like Stuxnet ...

Paul Crawford
Silver badge

"Irongate is also capable of evading VMware and Cuckoo sandboxes"

So maybe all windows software should be run in a VM?

OK specialised PCI cards, etc, are an exception, but if we are only talking supervision via USB/RS232 and the time-critical stuff is handled directly on the PLC, what is there not to like?

2
0

On her microphone's secret service: How spies, anyone can grab crypto keys from the air

Paul Crawford
Silver badge
Headmaster

Indeed it is dB, as in 1/10 of a Bel (after Alexander Graham Bell)

If you prefer your logarithms more natural, try the Neper for size.

1
0

Why Oracle will win its Java copyright case – and why you'll be glad when it does

Paul Crawford
Silver badge

Re: @DavCrav

In my mind an API would be the sort of thing declared in a header, say:

FILE *fopen(const char *path, const char *mode);

You have to more or less copy that word-for-word or your end application won't build. However, the code behind this that actually implements the fopen() behaviour ought to be the point of any copyright dispute. Did I write the code to do exactly the same logic (which may look like a copy if simple, but probably not if complex), or did I lift the glibc or MSDN examples and call it my own. In the former case I should be free to offer my version and not be legally slapped down for the copied name (i.e. "fair use") but if I just copied another's code then fair cop if I get fined for it.

6
0
Paul Crawford
Silver badge

Multiple points

This article is no better then some other anti-Oracle as it confuses, deliberately or otherwise, multiple facets of the case:

1) Are API's under copyright?

2) Is reimplementing an API "fair use" of copyright?

3) Did Google reimplement the API or simply copy Sun Microsystems Oracle's code?

The first 2 are much the same to the lay-person. In the previous trial the judge had some computer knowledge and ruled, quite reasonably, that blocking API re-use is against the whole of software inter-compatibility and so not the intended outcome. The currently finished trial said no, APIs are under copyright by the legal definition of this, so the trial was on point 2, and it ruled re-implementation is "fair use".

The last point has not adequately been investigated as Oracle went after the API question, and in many cases something like an in-line function has only one sane way to do it so a clean-room implementation will look very much like a copy.

Having said all this, AO's article has a fair point that GPL and free software needs strong IP laws, but they certainly don't need API protection as that would stop interoperability and shore up the entranced position of propitiatory suppliers against ANY competition.

9
2

King Tut's iron dagger of extraterrestrial origin

Paul Crawford
Silver badge

Re: So, just common iron then?

Baldrick, have you no idea what "irony" is?

Yes, it's like "goldy" and "bronzy" only it's made out of iron.

4
0

UCLA shooter: I killed my prof over code theft

Paul Crawford
Silver badge

Of course easy access to guns in no way made this tragedy more likely :(

56
19

Flash. Bang. Wallet: Marcher crooks target UK Android users

Paul Crawford
Silver badge

Re: If you are using your phone for 2FA

Indeed, the "2" in 2FA is the assumption that both channels are not compromised by the same folk.

Using your phone for both blows that out of the water, but you know for some its is the only "computer" they have so it is used, and sadly probably has less patching available than most XP boxes...

0
0

Unprecedented number of customers swimming off to cloud, says Barracuda

Paul Crawford
Silver badge

Attractive?

It all sounds nice, no IT demands, everything looked after for you. Just get on with your business and no need to worry.

Until, of course, it changes. New software not working as you want? Tough shit. Data not available? Might come back, otherwise tough shit as the SLA has no mention of compensation for *your* loss due to our fsck-up. Service down today and you have a deadline for tomorrow? Tough shit, get in line with 2 million other users who are kicking up a fuss and maybe we will get back to you.

Sure your own IT dept might do the same, but at least they are in reach of the cattle prod...

5
1

Lenovo cries 'dump our support app' after 'critical' hole found

Paul Crawford
Silver badge

Re: Always start from scratch!

Most of what you say is perfectly sensible.

However, the "they need a 5 minute tour around the new OS and away they go" is really misleading. You could say exactly the same for switching to Linux if you have no special software, and it is also true.

What gets peoples goat on this site in relation to Microsoft is (A) the malware-like foisting of windows 10 on end users, and (B) the fact this often breaks established software or work-flows, meaning time and sometimes money wasted spent of getting specialised stuff working again, or XYZ's computer-illiterate relative able to send and email once more as they can't grasp where the button/menu/icon has been moved to.

1
0
Paul Crawford
Silver badge

Re: "no manufacturer has ever tried to store programs in either BIOS"

Think again:

http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

Of course there is the WTF? question over Windows supporting this sort of 'feature' in the first place.

5
0

Your WordPress and Drupal installs are probably obsolete

Paul Crawford
Silver badge

Do these programs have the "shifting shit" problem? You know when you have to upgrade to fix bugs and vulnerabilities, but the muppets in charge of design have broken so many plugins and APIs with little regard to reverse-compatibility that many folk simply give up and leave it and try to ignore the risk.

5
1

That sinking feeling: Itanic spat's back as HPE Oracle trial resumes

Paul Crawford
Silver badge
Trollface

I had forgotten that anyone still made Itanium based machines, and to think HP/Compaq dumped Alpha for this. Still I am sure Larry's pay-off will help HP's executive bonuses next year.

9
0

'Windows 10 nagware: You can't click X. Make a date OR ELSE'

Paul Crawford
Silver badge

Vista?

Eh, I though win10 was only being foisted on an already suffering world users of Win7/8/8.1?

9
0

Jaxa's litany of errors spun Hitomi to pieces

Paul Crawford
Silver badge

Re: This is why Japan prefers to fire refurbished WWII dreadnoughts into orbit

I think you will find those failings apply to far, far more than Japan.

However, it seems to permeate to safety-critical stuff in Japan, I wonder if this is a by-product of the social norms where questioning your elders is frowned upon? The Venn diagram for age, experience and wisdom is not one of concentric circles...

13
0

Compatibility before purity: Microsoft tweaks .NET Core again

Paul Crawford
Silver badge

If you already have projects or code-reuse written in .Net or C# perhaps?

4
0

65 million millennial blog bores' Tumblr logins ... for! sale! on! darknet!

Paul Crawford
Silver badge

Re: Post-it perils

You don't have to write it down exactly as used.

For example you could append some common and easy-to-remember simple password to each "unique" one on the post-it note. Most opportunists criminals are unlikely to do the hard work of trying combinations for one account, more so if the dumb fuckwits that run some of these sites have proper rate-limiting on login attempts...

2
0

Microsoft's Universal Windows Platform? It's an uphill battle, warns key partner

Paul Crawford
Silver badge

Re: Microsoft needs to realise...

So everyone is in starring in The Rocky Horror Picture Show, or nobody?

Which is worse?

0
0

ISS pump-up space podule fully engorged

Paul Crawford
Silver badge

Re: How space-junk-proof is it?

At orbital impact speeds EVERYTHING is flexible and basically liquid like! The usual approach for satellites is two thin sheets, first one gets holed but the impact vaporises the (very small) projectile so it is stopped but makes a modest dent in the 2nd sheet due to the gas pressure. Big stuff and its game over though...

3
0

Easy remote exploit drops for unpatchable power plant controller

Paul Crawford
Silver badge

Code space?

"Admins are advised to block port 80, stop using the web interface for device management"

Sigh, so they have enough space to fit a shitty web server in for the interface, but not enough to do it correctly, and so it is no longer supportable?

They can't even deliver a web-serverless version to path this?

4
0

NASA: We'll try again in the morning after friction ruins engorgement

Paul Crawford
Silver badge

Re: Oh dear, Mr Floppy?

Do you want to read my naughty inflation-procedure parchments again?

0
0

SWIFT finally pushes two-factor auth in banks – it only took several multimillion-dollar thefts

Paul Crawford
Silver badge

Re: How to make it state of the art?

Yes, people often are the weakest link in security but that is the very reason you need systems designed to make stupid less of a risk. That of course has a cost in training and monitoring of behaviour, but a proper audit will show if those sort of risks are being managed well enough.

2FA is a good example as it helps avoid the need for the human to understand if the https link is in use and if the certificate is the correct one.

3
0
Paul Crawford
Silver badge

And these would be the same banks that want to push liability for fraud on to the customers?

Can we please have a full public audit of how this happened first? You know, to check if any banks are running systems that are anything other than state-of-the-art in terms of security, say no IE version below 11, no comms protocols with known vulnerabilities, all machines' user-writeable areas set to no-execute, etc, etc.

11
1

Pas de problème ... Quebec just passed a website blocking law

Paul Crawford
Silver badge

Ban them all

See how the gov reacts if the ISPs just decided to add the state monopoly to the list "to protect the young".

And add the political web sites of those who voted for it as well. There is no legal right to have an ISP provide access to any web site is there?

30
0

German boffins smash records with 37km wireless spurt at 6Gbps

Paul Crawford
Silver badge

El reg units?

What is that rare expressed in kilowrists?

0
0

Crappy sandwiches, cantankerous nerds: Put user back in user group

Paul Crawford
Silver badge

Webex?!

Yes, go find system requirements. Get redirected to new site with no obvious system requirement details.

Do a search for them on site, find document (WebEx System Requirements (WBS31) Mar 23, 2016). See it lists Java 6 as a requirement for Linux, not latest version!? Says Firefox latest works. Try out Firefox and Java latest, find it does not work.

Look at requirements again and find that 64-bit versions of Chrome & Firefox are not supported. WTF Cisco? Are you supposed to be Tier-1 suppliers?

4
0

Oculus backtracks on open software promise

Paul Crawford
Silver badge

Re: Workaround

"There is an actual root or elevated account in windows"

Including loading unsigned drivers on 64-bit versions?

It not, then it is not really root but DRM in the way.

0
0
Paul Crawford
Silver badge

Re: Workaround

"Care to explain how it works on Windows then? Where the user is both 'root', and has full automatic 'admin' level?"

Simples - because you are not actually root or admin, just what MS decided to allow you to touch and nothing else.

Root on *nix systems means that, you can do real STOOPID shit if you want, but that you should have the sense not to. Like a God I suppose, but hopefully not Sithrak The Blind Gibberer...

3
1

Cock fight? Not half. Microsoft beats down Apple in Q1

Paul Crawford
Silver badge

Re: Disagree with some of this

"A simple cable can allow access to data on flash drives so that's not a huge issue"

It bloody well is! WTF? Why should you need any accessories (at extra cost, and something you have to remember and carry with you) to access data stored on devices that practically every other machine in the world will do for free?

Sadly Apple's bloody-mindedness to go their own way and to deliberately avoid compatibility is a good reason not to pay the premium. Sure they have some advantages over a Windows or Android machine in UI and lack of such obvious data slurping but I have been at too many meetings & presentations where half of the folk arrived with thunderbolt-only machines and no adaptor then looks all upset that the room "only" had VGA, DVI and HDMI support. And of course they could not even pass the martial over on a USB stick, that was available, for the same sort of reason.

MS deserve a bollocking as well though, as the Mac versions of Office are not compatible fully with Windows. Have you tried equations in Powerpoint? Or having equation objects in word (the sane to edit option, as older versions of word used)? A pox on them all! :(

4
1

Your next server will be a box full of connected stuff, not a server

Paul Crawford
Silver badge

Re: OK...

It means not going with suppliers with stupid licensing terms!

Thinking of Oracle, MS, etc, etc. For some who are tied in to stuff they have no choice, for others they may still chose to place their gonads in Larry's money-extracting vice because of some aspect Oracle do really well. But most I think, will be looking at software without tie-in or usurious license terms. Even if they have to adapt or write something to do so.

4
0

The underbelly of simulation science: replicating the results

Paul Crawford
Silver badge

Re: and this is called chaos theory...

Actually this is more appropriate for this thread:

https://randomascii.wordpress.com/2013/07/16/floating-point-determinism/

3
0
Paul Crawford
Silver badge

Re: "hit the average man in his pocket "

Would these be the same men who want a future for their kids with both energy & food, but have an irrational fear of anything with "nuclear" in the title?

8
1
Paul Crawford
Silver badge

Re: and this is called chaos theory...

Thing is, there are lots of science/engineering systems that show such sensitivity to initial state so I am not in the least surprised that they found it really hard to reproduce things. That simple fact alone ought to be part of any publication!

Sadly not many researchers take the time & effort to determine how deterministic the process is or how much differing tools can vary. For an insight in to just one of MANY possible issues you might care to read this blog and some of the commentards that follow:

https://randomascii.wordpress.com/2014/10/09/intel-underestimates-error-bounds-by-1-3-quintillion/

3
0

The Sons of Kahn and the Witch of Wookey

Paul Crawford
Silver badge
Paris Hilton

I must say I do like a mad lady who is reasonably priced.

Paris, but with 's/mad/thick/;s/reasonably/unreasonably'

3
0

Dark net LinkedIn sale looks like the real deal

Paul Crawford
Silver badge

Re: Captain Badmouth

No, they would need control over your email account to do that. Of course if you used the same password...

3
0
Paul Crawford
Silver badge

Re: Password changes

The problem is not the change period for any passwords.

The problem is people who use the same password for sites like Linkedin, Facebook, etc, and their work, bank accounts, etc

4
0

Catz: Google's Android hurt Oracle's Java business

Paul Crawford
Silver badge

Re: What a twit

"In reality, both restrictions should have been subjected to competition law scrutiny wrong ago"

Really? I suspect we would still be waiting for the count verdict and the last decade of phone development would have been at a snail's pace (unless Nokia or MS had really stepped up to challenge Apple, and they seemed to struggle at that due to bureaucracy).

Otherwise you are quite right, Sun seriously mis-stepped on mobile and Oracle appear to simple want Java to sue Google. Given the current piss-poor state of Java, after several years of Oracle's finest guidance and support, in terms of compatibility and security it manages to make Android's lack of patching seem almost benign. Almost.

3
0

IBM invents printer that checks for copyrights

Paul Crawford
Silver badge

Music Teacher vs Librarian show down

More like this:

https://www.youtube.com/watch?v=7bu69cnv0iU

1
0

The Windows 10 future: Imagine a boot stamping on an upgrade treadmill forever

Paul Crawford
Silver badge

Re: So...

"The ZFS issue is just an example of how difficult could be to develop kernel modules without giving IP away."

That shows a complete misunderstanding of the situation. Firstly virtually no "applications" need any kernel modules, typically that is for special hardware and things like file systems. Secondly you can develop a kernel module and make it available as a binary blob to be added to someone's Linux system if you want - after all that is what Nvidia, etc, do for graphics drivers. The current argument is about a distributing the GPL Linux kernel with a pre-compiled non-GPL driver and if that makes it "distributing a derivative" of the kernel (which seems a bit bizarre argument).

The lack of specialist applications for anything other than Windows is simply a historical artefact of 90+% of desktop computers being Windows based, why would you bother with the other 10%? However, if a lot of folk move off Windows due to this, or other reasons, then software developers may start to see the value in using cross-platform tools (like Qt and similar) so they are not tied to MS uncertain future roadmap.

Or just run stuff in a Win7 VM without email/web/external Internet access and forget about the future patching (or lack of) for the OS.

2
0
Paul Crawford
Silver badge

Re: @1Rafayal

Actually you are quite right, it is perfectly in MS legal rights to make the stable business version a premium price, and for their shareholders it is the obvious and reasonable way to get more value from the MS ecosystem (given the shift to phone-based use for most personal applications that MS failed to crack).

I leave it as an exercise for the reader to compute if following this route is better or worse than going to an alternative OS.

7
3
Paul Crawford
Silver badge

Re: You seem to have forgotten

How long is your LTSB?

Are all of the OS things covered, or is Edge, etc, excluded?

2
0
Paul Crawford
Silver badge

Re: So...

No, but I could site on a 5 year LTS version of Linux for the best part of that time.

But as you say, as soon as its "as a service" you basically have to jump to their tune: OS change breaks some bespoke application? Tough shit, pay them to fix it. What, that updated version is not compatible with your archive of valuable data? Tough shit. Office 365 or Google docs has played "hide the feature" again? Tough shit, retrain your staff or stop using it.

41
0
Paul Crawford
Silver badge

Re: whose boot

And who slurps your private data for profit?

15
0
Paul Crawford
Silver badge

Re: So...

Depends on where you start from, those still struggling to get rid of IE & ActiveX crap are in for a massive re-wire effort either way.

15
0

US schoolkids deploy Earth-watching CubeSat

Paul Crawford
Silver badge

Re: A medal blessed by the Pope?

Divine guidance?

4
0

Destroying ransomware business models is not your job, so just pay up

Paul Crawford
Silver badge
Unhappy

Re: Dont be so harsh

Sadly most people, including some IT-literate sorts, simply have no plan for data loss. It could be a HDD failure, some "gross administrative error" formatting something, a laptop being stolen, or a cryptolocker attack. Sooner or later it happens (couple of % per year for HDD, no idea how common cryptolocker is in comparison) and only then do most folk do anything about it.

When its too late.

3
0
Paul Crawford
Silver badge
Unhappy

Price of an education...

...for those without working, protected backup copies I guess.

14
1

Sick of storage vendors? Me too. Let's build the darn stuff ourselves

Paul Crawford
Silver badge

Re: RAIDZ2

Like RAID-6 it gives you an extra degree of redundancy during a rebuild. And for all of you out there who have seen RAID-5 rebuilds cough blood on sector errors only found during the rebuild and with no parity remaining to correct them, that is vital.

But if you are looking at a week rebuild time on a 8TB disk under real-life conditions, you still have an uneasy window for something else to go wrong.

4
0
Paul Crawford
Silver badge

Re: Hold on... did you just get released from Salesforce?

They had all the bits to make a great and reasonably priced system, but pulled defeat from the jaws of victory by shipping a prototype version and then (largely by the Oracle take-over) losing key staff and failing to invest enough in to fixing it, instead of adding tick-box features that the sales folk were asking for.

Now of course Oracle has no interest in the lower priced end of the market, or even of selling storage as an item instead of part of a large profitable database deal. Others have stepped in with the same idea of a ZFS based appliance, but have any of them really sorted out the management and recovery aspects to make it reliable and painless to use?

Also we are seeing longer and longer rebuild times on bigger and bigger HDD, which are still your best bet for GB/£, and ZFS has not got anything like the Dell "data pools" where in effect your RAID strips are randomly spread over disks in a much bigger pool. Then a failed HDD results in a parallel rebuild of all affected RAID stripes to other HDD and you don't have the single spare/replacement HDD bottleneck in write speed versus capacity.

4
1
Paul Crawford
Silver badge

Re: Well, I agree in theory but...

I guess you have tried umount -f already?

0
0
Paul Crawford
Silver badge

Re: ZFS scary bits

1) Don't use de-dupe unless you have absolutely masses of RAM and something like multiple VMs that share a lot in common.

2) Fail over - just don't go there.

So far we have used the Oracle fail-over feature that sucked donkey balls big time. Others have said of other fail-over software that it causes as much down-time as it is supposed to solve. Stopping the "split brain" risk is very hard to do.

You might be better served by having a small separate arbiter (like a Raspberry Pi, etc) who's sole job it to spot an unusable system and power it down (ILOM command, or network controlled power strip) and bring up the 2nd head. Syncing the 2nd head status is another area of pain, again maybe best of the arbiter acts to configure both machines on boot from a central configuration. Yes, you just got a difficult job to implement and form your own start-up...

4
0

Forums