* Posts by Paul Crawford

2096 posts • joined 15 Mar 2007

Have YOU got Equation NSAware in your drives? Meh, not really our concern, says EU

Paul Crawford
Silver badge

Re: Can we trace our HD's heritage?

This family of infections has a (rare) module that can be used to infect your HDD's firmware so even having bought a clean one is no guarantee it will never have this.

5
0

Microsoft leaves the Rooms. How will Windows Phone OS users make to do lists?

Paul Crawford
Silver badge
Pint

Re: Anyone else reading Cloud-o-bile my way

Arr, t'is the true way!

[closest icon to a flagon of rum]

0
0

Hoping for spy reforms? Jeb Bush, dangerously close to being the next US prez, backs the NSA

Paul Crawford
Silver badge

Of course if it were not for the botched intervention in Iraq a lot of the terrorist problems would not exist.

Sure Sadam Hussain was a ruthless bastard, and a lot of his people suffered under his regime, but I'm not convinced that Iraq "post-democracy" is a better place to live with the lack of security, rise of religious power, and enormous society & infrastructure damage.

23
0

AT&T suddenly finds demand for 1Gbps fiber in Kansas City – just after Google arrived

Paul Crawford
Silver badge

VPN?

I wonder how much VPN use that $29/month "privacy fee" would get you?

A smart enough router and you could stuff some high-bandwidth but low interest things like YouTube direct on AT&T's network and everything else via the VPN.

0
0

Thecus N4310 4-bay: A NAS-ty beast for the budget-conscious

Paul Crawford
Silver badge

@JEDIDIAH

Clearly you know little and/or have never used any significant number of single-parity RAID before. Maybe you got lucky, but others know that sinking feeling when a RAID rebuild throws up errors due to bad sectors on what you had hoped were the remaining good disks.

Of course "RAID is not backup" as everyone here should know, but unless you have a 2nd RAID or some serious money in a tape system you will have a tedious and probably incomplete data restore to face you.

By the way, that is one of the nice things about ZFS: it tells which files are corrupt, not that sector 1284529784 has an error and you have to either spend ages on your file system of choice to identify what that impacted upon, or go down the "nuke it from orbit" route of a fresh start and complete restore.

0
0
Paul Crawford
Silver badge

Re: RAID6

Rebuild times for classical RAID (including smarter ones like ZFS) is a bit problem with modern drives because the capacity has increased way beyond the read/write speed, so you can be looking at days or even a week or so. That is not, in its self, a problem but both the longer time and the huge amount of data means you have a much greater chance of another disk croaking (or discovering bad sectors) during this process.

This is why you really, REALLY, should be scrubbing your RAID array every week/fortnight. This forces the disks to read every sector and then to fix/remap bad sectors while you still have parity, so when you lose a disk in RAID-1/5/10 you have a sporting chance of a successful rebuild.

Better still, look to dual parity like RAID-6 or ZFS' RAID-Z2

1
1
Paul Crawford
Silver badge

Re: Pass

I don't know if its still the case, but fsck-ing ext4 with large arrays needs lots of memory, more than 2GB usable, and that is a problem on small NAS.

You are better off with XFS for a lot of those NAS, but ZFS (and not on LVM as Thecus do - doh!) is much better (subject to much more memory though).

1
0
Paul Crawford
Silver badge

Re: Had a Thecus, don't bother

I have had Thecus and support was not that bad, but still crappy much like other NAS-in-a-box offerings.

Really, if you have the technical know-how (which usually is the case of El Reg readers), then a cheap server like HP ProLiant Gen8 G1610T MicroServer, some more ECC memory, and a copy of FreNAS will give you a much better box.

2
0
Paul Crawford
Silver badge

Re: RAID6

Yes, I worry when reports like this profile RAID-0 without dire warnings about how that is not really "RAID" because it lacks the redundancy pert of the acronym...

4
0

Microsoft: Look at our cloudy privacy award. Isn't it so ... meaningful?

Paul Crawford
Silver badge

Re: “If there is unauthorised access ... we’ll let you know about this,”

Chris, this "protection from lawful interception" you speak of is complete bollocks. If the police wants my data then they simply have to get a court order in my country and I will have to hand it over.

We are not talking about some free/anonymous service here, this is all about businesses paying for storage/servers/etc so its pretty clear who is responsible.

5
1
Paul Crawford
Silver badge

Re: “If there is unauthorised access ... we’ll let you know about this,”

A much more useful measure of "cloud service" integrity would be some properly audited trail to show that YOU, the customer, sets a private encryption key on your clients and that is never made available to the cloud provider.

If the law want your data then they have the proper course of action by getting a court order in YOUR COUNTRY to force disclosure.

Anything less is just marketing whitewash.

10
0

Anonymous HACKED GAS STATIONS - and could cause FUEL SHORTAGES

Paul Crawford
Silver badge

Re: Is there any doubt?

You might want to look up "anonymous", it kind of is opposite to declaring a consistent name.

1
0
Paul Crawford
Silver badge

Re: This was only vandalism, but if you read the manual...

No doubt the manual also warns of the consequences of being a moron and making all of this visible & vulnerable to world+dog?

Various countries, any recently the UK, have already regulated the installation of electrical wiring to prevent stupid things being done the put lives at risk due to fire or shock. It is high time that those who put important stuff (or personal stuff via smart TVs, etc) on the Internet are held accountable for gross stupidity and not applying best-practice precautions that any 1st year computing course ought to teach.

2
1
Paul Crawford
Silver badge

Re: Is there any doubt?

I mean really, is there any doubt why all anonymous trolls should not be executed?

11
0

Post-pub nosh neckfiller: The Red Dwarf chilli chutney egg sarnie

Paul Crawford
Silver badge

Re: nom nom nomenclature problem

The problem is you can't buy chutney made with chillis in civilian establishments, so they had to improvise with chutney & chilli sauce in some unholy combination.

That I might have to try later, just in case it leads to the second coming.

0
0

Uber isn't limited by the taxi market: It's limited by the Electronic Thumb market

Paul Crawford
Silver badge

Re: Regulation

I was going to make exactly the same point, regulation exists to prevent costs as well - crime, accidents, injury etc.

The goal of regulation should be to balance folk getting on with doing things, against folk getting on an ripping others off or exposing them to excess/unknown risks.

2
0

Never mind those touch apps, full Office 2016 is coming this year

Paul Crawford
Silver badge
Joke

Re: Coming this year

Simple, it is when they realistically expect it to ship!

1
1
Paul Crawford
Silver badge

Re: cluster fuck of a "Ribbon" UI

+1 for that. I have no problem with folk liking the ribbon, just mighty pissed off that we are given no bloody choice in the matter.

I often use LibreOffice and its great, but rarely follows the document layout in .docx in my experience, better with .doc

Office 2003 + 2007 compatibility sort of works, but often it borks on newer .docx in my sad experience.

Office 2010 is not that bad, so I tend to use if if I can't handle documents in older versions, or simply to convert to a format that is better parsed.

6
0

Top US privacy bod: EU should STOP appeasing whiny consumers

Paul Crawford
Silver badge

"Negotiations ... have been going on for more than three years and ..."

Well if the EU just banned US corporations for handling our data until a satisfactory agreement was in place, you can be damn sure it would not take 3 years!

31
0

Swots explain how to swat CPU SNITCHES

Paul Crawford
Silver badge

Re: In terms of doing anything useful

I was going to ask the same - just how useful is this in the real world?

I can see it matters if you can get close enough to a very high value system to record the EM signatures and (presumably) have it run stuff you know to help break the stuff you don't, but for 99.999% of computer users will it matter?

1
0

2015 and IBM: But it wasn't supposed to be like this...

Paul Crawford
Silver badge

Fixed it for you...

"As-a-service is more valuable in the world of cloud because it means repeatable subscription revenue as the onus is on the customer to cancel their account keep paying or all their business data and established work-flow vanishes."

1
0

Windows 10: The Microsoft rule-o-three holds, THIS time it's looking DECENT

Paul Crawford
Silver badge

Re: I will keep pestering you

Some of us know its pointless...

1
0
Paul Crawford
Silver badge

Re: Oops, wonder how THAT got in there?!?

Different log-in accounts?

But seriously, it is a point - I can imagine a lot of people not wanting all of their stuff in US clutches once they understand what this implies.

12
0

Facebook worth more than Portugal? Hell, it's worth a LOT more than THAT

Paul Crawford
Silver badge
Coat

Re: lack of value of France

Oh I don't know, I would like to take part in a France versus Portugal smack-down on either food or nubile lady fronts.

Maybe both, but then I'm a dirty old man. Thanks, mine is the mac...

0
0

This could be a case for Mulder and Scully: Fox 'in talks' to bring back The X-Files

Paul Crawford
Silver badge

Re: Anal probes all round then?

God I hope so! I mean, what if aliens have triangular sphincters?

2
0

Microsoft turns the power of FINE PRINT onto enterprise licensing

Paul Crawford
Silver badge

Re: Treating your customers as criminals . . .

Well, it is how governments treat all internet users after all...

0
0

Sony hack was good news for INSURERS and INVESTORS

Paul Crawford
Silver badge

Liability?

"If the theft and publication of that correspondence renders her unemployable, wouldn’t Pascal have grounds for a massive lawsuit against her former employer?"

Perhaps if they had not been suck a disk-heads in the first place to say things that are untrue, and/or in very poor taste, and/or showed very poor professional judgement, they would have nothing to fear?

That is what our leaders keep telling us, so it must be true...

10
0

Don't use Charlie Hebdo to justify Big Brother data-slurp – Data protection MEP

Paul Crawford
Silver badge

Re: What fools

No, I disagree. And I am telling tell you to take the bus where you can cower under a blanket wetting yourself at all of the bogeymen that invading everyone's privacy was supposed to stop.

11
1

BlackBerry Enterprise chief: Yes, we did leave users behind

Paul Crawford
Silver badge

Interesting read, and nice to see someone in the mobile phone business where the #1 goal is not whoring you from advertiser to advertiser.

6
0

Android users are massive wan … er … smut consumers

Paul Crawford
Silver badge

Bandwidth

I am impressed by the girth of their pr0n hose! Don't we all wish our systems could sustain 50Gbit/sec?

However, I am disappointed that El Rag failed to convert that into kilowrists.

5
0

No, the Linux leap second bug WON'T crash the web

Paul Crawford
Silver badge

Re: Few systems propperly account for this

Yes, GPS are subject to time dilation, but that is accounted for in the numbers they provide. Its only a problem if you don't correct for it by design!

4
0
Paul Crawford
Silver badge

Bigger picture

Really, there is a bigger picture here. Systems get screwed up for all sorts of different reasons! While we debate the leap-second we also should remember faulty hardware and numerous other bugs in both the OS (and any OS) and the applications.

If you have a big critical system you really ought to have some sort of watchdog on your servers to spot the signs of kernel panic/lock-up or application faults and reboot it. While brutal, at least you would be coming back on-line in minutes rather than hours while support folks are called to investigate and find they can't SSH in, etc, so they have to debate and then use ILOMs to reboot possibly hundreds of machines.

0
0
Paul Crawford
Silver badge

Re: So, does that work with NTP?

GPS broadcasts the linear atomic time and the offset as separate fields, and all internal calculations (other than UTC output) use the former. Some GPS receiver's firmware has had buggy handling of the GPS-UTC offset change, but again that ultimately comes down to not testing it. You can buy GPS simulators, so its not like a company can't test for it, just they did not think and/or bother doing so.

Similarly NTP broadcasts the leap second event for the day before it happens, and then tells the kernel to apply the step at the appropriate time. AFIK the NTP daemon can get the pending leap-second info from an attached GPS used as a stratum-0 source, so it ought not to require networking to other peers to get that information.

The main bug was not in NTP itself, but in how the Linux kernel handled the application of the 1 second jump the the time_t UTC counter, as it allowed a dead-lock situation to occur. A standard type of problem for any multi-threaded software, and again one that ought to have been better reviewed and tested.

I don't know the reason(s) for the Java bug, but most likely it was related the kernel deadlock while waiting for "sleep" timers to expire.

2
1
Paul Crawford
Silver badge

Re: Easy fix

Better fix - just use the working code.

It was working properly in Linux, and then a patch was applied that broke it. No one noticed its implications at the time, and no one tested it on a leap-second generator. Then it failed in real life.

The moral is simple and need repeating: Test every bloody change you make!

8
0
Paul Crawford
Silver badge
FAIL

Re: Few systems propperly account for this

A lot of space systems already use variations on "ephemeris time" that has a linear atomic basis and a variable offset to get UTC, etc. That is not a new idea, and as pointed out exactly the same approach is used by the GPS satellites.

The problem is NOT the introduction of leap seconds, it is the simple fact that they don't test systems properly to deal with this known attribute of time keeping.

Instead of trying to get rid of leap seconds, perhaps they should always add/remove one each alternate month with the occasional add two months in a row?

That way people would be forced to test for this and not cry every 1-2 years when untested/patched code throw a wobbly.

4
1

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official

Paul Crawford
Silver badge
Black Helicopters

Re: They've probably captured her password now

That was my thought, that they wanted to record her password for whatever reason. I'm guessing that as she is a security expert she has now changed it, and it was never the same as anything else of importance.

What is a bigger worry is they have copied the encrypted HDD at another time (while sleeping, etc) and they wanted that to get access to it.

As another commentard has pointed out, best to have a 2nd account to demo a machine works so you don't have to decrypt your own files (assuming per-account encryption and not just full-disk).

Hmm, might need a tighter tinfoil hat now...

30
4

Facebook privacy policy change leaves Dutch stomping feet

Paul Crawford
Silver badge

Re: By all means...

No, the law should be where you do business. If FB is selling adverts to Dutch companies, even indirectly, then it should be forced to comply with Dutch laws.

Don't want to follow Saudi, NK, etc, laws? Then don't do business in those countries.

5
0

Healthcare: Look anywhere you like for answers, just not the US

Paul Crawford
Silver badge

Re: France

Keeping your own records sounds like a good idea, until they are needed in an emergency or the person finds they have lost them (or electronic copy is deleted, corrupted, HDD failed etc).

What we need ideally are central records that can only be accessed by staff treating you, and that you can see an audit of access if you want. And not being available otherwise, except as anonymous data for research.

10
0
Paul Crawford
Silver badge

Re: @Chris Miller

You are right.

However, the goal of a single and effective IT and management system across the NHS is a good idea, but government organisations (and a lot of private industry) seem to be useless and properly specifying and developing such a system, and the contract inevitably go to the usual suspects who seem worse at software development than a room full of 2nd year comp sci students.

The answer? I don't know, but I guess that having a small group work with a couple of NHS trusts to prototype something, get proper feedback from those actually using it (not those who fear it, or those paying for it) and then pay more to scale & deploy it when proven would be a good start.

11
0

SpaceX six days from historic rocket landing attempt

Paul Crawford
Silver badge

Re: In world where news is mostly Celebs..

Well said sir!

8
7

The Reg's review of 2014: Naked JLaw selfies, Uber and monkey madness

Paul Crawford
Silver badge

Wrong term

"a back door named Shellshock"

That suggests it was designed and put in there by some agency who named it so. In fact it was just a by-product of some dumb design decisions/coding errors that became a real problem for some. Such as old web sites who passed user-supplied data *unsanitised* to bash, and obviously never met Bobby Tables.

4
0

Stale pizza, backup BlackBerrys, payroll panic: Sony Pictures mega-hack

Paul Crawford
Silver badge

Example to us all

Sony, up there with Gerald Ratner in the annals of business acumen!

Can't say I feel sorry for the board/corporate ethos at all, but it is pretty shitty for all of the ordinary folk who work/worked there.

2
0

Tor de farce: NSA fails to decrypt anonymised network

Paul Crawford
Silver badge

Re: I've said something before, which was ignored, but resulted in some personal discomfort...

The AES was the subject of a public competition with various cryptographers around the world studying the choices and weeding out obvious weaknesses, which is how it should be and leads to a strong and trustworthy standard.

That is not the same as saying the NSA, etc, might find a non-obvious (by global expert standards) weakness that speeds brute-forcing by some useful amount, nor that they might not have spent a small country's GDP on dedicated brute-forcing hardware to attack real high-value messages.

Nor is it the same as saying an implementation using the AES has not screwed up on not leaking the key, etc.

But its a damn sight better than the Dual Elliptic Curve Deterministic Random Bit Generator where the NSA basically wrote the spec with known-to-them weaknesses!

0
0

Bong Ventures will NEVER bow down to terrorism: Our Tough Stance in FULL

Paul Crawford
Silver badge

Drat!

Well this goes some way to explaining why I could never find those horny MILFs. I must be holding it wrong...

8
0

Reg man confesses: I took my wife out to choose a laptop for Xmas. NOOOO

Paul Crawford
Silver badge

Often a Chromebook is the least-worst option for most users, and no matter what you get, you will get support hassle:

Windows: AV/virus problems, TIKAM not looking as old laptop did, old hardware like scanners, etc, often not being supported if it pre-dated 7 for drivers.

Mac: You need to buy Office again (unless balls-in-the-vice subscription to 365) or use LibreOffice and some other stuff will need a very different software/approach.

Linux: Same issues as Mac, but much more so.

Chromebook: Very limited capabilities, but OK for most folks FB/webmail and on-line shopping.

3
10

Microsoft promises open plan mobile Office. Who sits by the Windows?

Paul Crawford
Silver badge

Re: MS FYI

Adobe has even managed to bugger that aspect though:

http://www.quickpdflibrary.com/faq/if-this-message-is-not-eventually-replaced-by-the-proper-contents-of-the-document.php

1
0

Makers of Snowden movie Citizenfour sued by ex-oil exec

Paul Crawford
Silver badge

Re: For profit?

Underpants. You forgot the essential step in profit making...

2
0

Hilton, Marriott and co want permission to JAM guests' personal Wi-Fi

Paul Crawford
Silver badge

Well if it is not about money making but good cooperative networking practice, how about they offer free wifi so said hotspots are not needed?

65
0

Armouring up online: Duncan Campbell's chief techie talks crypto with El Reg

Paul Crawford
Silver badge

Re: Oh a Windows only article, how interesting - NOT.

Don't forget the swap space on any OS...

0
0

Dangerous NTP hole ruins your Chrissy lunch

Paul Crawford
Silver badge

Re: Alternate attack vectors?

Theoretically, yes, you could force machine's clocks back/forward to get round some time-related checks.

In practice it is harder as any sensible NTP system will be using 4 or more time sources to allow the rejection of bad sources (AKA 'false tickers'). Of course, if you p0wn all of the sources as all are on the LAN and no one considered an "inside job" for attack (as LDS pointed out above), then you are free to do so...

0
0

Forums