* Posts by Paul Crawford

2990 posts • joined 15 Mar 2007

Mozilla slings Firefox patches at flaw found by GCHQ's infosec arm

Paul Crawford
Silver badge

Re: Take heed..

Well web browsers take so much memory these days its almost inevitable it comes down to thoughtless crap management, and hence corruption...

1
0

Microsoft fingered for Western Euro PC tragedy

Paul Crawford
Silver badge

Re: Microsoft

Not just no profit for vendors, none for MS and a weakened market for Windows licences elsewhere.

I guess MS decided it was cheaper/easier just to use malware tactics to get existing Windows users on to 10 by hook or by crook?

4
0

Intel CEO Krzanich: PCs are things too!

Paul Crawford
Silver badge

Moore's Law is not a law.

Moore's law is an empirical observation from the early stages of IC development that predicted the growth in complexity possible from a combination of shrinking features and larger dies sizes are improving yields allowed it.

There is no physical meaning to it that says it has to continue, nor that it will be cost-effective to do so. Thus relying on "Moore's Law" is simply an act of faith that if you throw enough development money at your fab facility you will get bigger/faster/cheaper chips. It might not turn out that way as even today the cost of a single state of the art fab is unbelievable.

5
0

Game of P0wns: Malvertising menace strikes Pirate Bay season six downloads

Paul Crawford
Silver badge

Re: "targeting users with pop-under ads"

As does removing Flash and Silverlight.

On can hope, but sadly one also suspects that HTML5 will rapidly acquire enough complexity to bring the risk right back to square one.

12
0

Tokyo rebrands 2020 Olympics

Paul Crawford
Silver badge

Re: Lisa Simpson

That is a terribly Wong though

2
0

If Android’s wings are clipped, other Google platforms may gain

Paul Crawford
Silver badge

Re: "good luck getting help from Google with that one"

They listen to their customers.

You are the product, advertisers are the real customers.

2
0

Is Microsoft's Office dev platform ready to go mainstream?

Paul Crawford
Silver badge

Lets face it, MS struggles to maintain proper compatibility with their own versions of Office. I pity the poor buggers who end up depending on this.

3
0

'I hacked Facebook – and found someone had beaten me to it'

Paul Crawford
Silver badge

Re: Are we even allowed to discuss this?

It's too cold every time of the year!

0
0

Dutch students serve up world's first 'drone café'

Paul Crawford
Silver badge
Trollface

Re: NO WAY

Indeed, he pays a fortune in hair bleach/dye for that look

3
0

RIP Prince: You were the soundtrack of my youth

Paul Crawford
Silver badge

Re: Unexpected

Nah, Keith Richards really died 20 years ago. Just no one told him he had to stop playing...

15
0

Ubuntu 16.04 LTS arrives today complete with forbidden ZFS

Paul Crawford
Silver badge

@DrXym Re: Priorities?

"allows it to synchronise the local date & time with a remote NTP server during bootup. This is bad how exactly?"

Syncing time during boot-up is a good thing. We already have ntpdate that is typically used to step-adjust during booting to correct any CMOS clock errors, so why re-implement it?

My point is not that the goals of systemd are bad, nor that init scripts have problems, but it is the growing number of systemd dependencies that mean you can't choose what and where.

If we want another rant, as one commentard has mentioned systemd will put a failed process in to maintenance mode, so it has to be manually restarted even after the next boot. With init a future reboot gives it another chance, which is a better thing for overall reliability (if in doubt || watchedog timeout => reboot!).

4
0
Paul Crawford
Silver badge

Re: RedHat seem to think Btrfs is ok to use

Also many RHEL customers are sticking to version 6 and older proven stuff. They value stability and dependability over "new and probably broken on arrival or the next update".

2
0
Paul Crawford
Silver badge

@AC Re: Priorities?

You missed the point completely, and others have already done my bit to point out that systemd starting NTP is fine, but reimplementing it in a manner that won't work outside of the systemd universe is a pointless waste of effort.

It is this aspect, of making everything dependent on systemd for reasons that are often seem like no more than vanity, that is the issue.

24
1
Paul Crawford
Silver badge

Priorities?

"frustrate those looking for cutting edge enhancements" is exactly who?

I doubt many want yet-more pointless GUI dicking around, or Firefox moving its drinks cabinet 6 inches closer to Chrome in removing useful features. Most folk like stability, and like the look and feel to stay the same unless they deliberately change it.

For me having ZFS is a major useful step in it provides both data checksums and file system snapshots. Though it remains to be seen if this is well-used (e.g. can you snapshot the OS partition/share before any update/upgrade to allow roll-back without also rolling back your own data? Is that the default option in the upgrade manager?)

systemd is another sore point. If you read Pottering's blogs it all sounds a good idea, and many aspects are. But the endlessly growing interdependency with it is a very bad thing, as its their borging of things that an init process has no need for (e.g. NTP) presumably because they were bored and did not want to fix bugs or, more importantly, user complaints instead.

57
2

Official: EU goes after Google, alleges it uses Android to kill competition

Paul Crawford
Silver badge

Re: @Paul - Why don't the EU

Those "opponents" are any of the phone makers who might dare to fork Android or offer variations in terms of search, location, etc, that would reduce Google's advert revenue-generation opportunities.

You know, the sort of competition that normally benefits consumers.

2
0
Paul Crawford
Silver badge

Re: Why don't the EU

Well of course, after all screwing your opponents via secretive contracts gives us all a much better deal, eh?

7
1

Not OK, Google! FTC urged to thrust antitrust probe into Android

Paul Crawford
Silver badge

Re: "Freezing out third-party apps"

Oh dear Wade, here we go again for the hard-of-thinking...

This is not about the ability to side-load from outside of the Google app-store, this is about the bundling of key Google data-slurping processes and the dependency on those in many apps. The reasons Google is abusing its position compared to Apple are:

1) Apple make and sell phones. No other company uses iOS or Apple's store. Thus Apple can't pressure, say, Samsung or LG, or Motorola, etc, to bundle something in Apple's favour.

2) Current market share (http://www.idc.com/prodserv/smartphone-os-market-share.jsp) shows that Android had (2015) 82.8% of the market compared to 13.9% for Apple's iOS. Once you are well over 50% you get enormous leverage in terms of compatibility, developer attention, etc.

This, and in particular the forced installation of Chrome, is exactly the same as MS' abuse of its OEM licensing in the past. However, I doubt the US regulators will act, or if they do it will be shut down by a change of gov who happens to be "pro-business" (in other words, enjoying the lobbying funds).

13
1

FBI's Tor pedo torpedoes torpedoed by United States judge

Paul Crawford
Silver badge

I think that is the point of the judgement: that they should have got a proper US-wide warrant for this action, or if they somehow could only get a local one, use the gathered evidence only on suspects in that locality.

Sounds like laziness on the FBI's part.

7
0

VXers pass stolen card data over DNS

Paul Crawford
Silver badge

Re: Those fixes aren't enough

Very good point.

However, would all sorts of requests to some odd domain not trip any decent intrusion detection system? Or am I being naive about how good such "enterprise" tools actually are in practice?

0
0

All-Python malware nasty bites Windows victims in Poland

Paul Crawford
Silver badge

@bazza

Removing execute permissions for the /home partition, /tmp, etc, where users can write to helps a lot, but not as you say for a particularly determined user and/or program. For the really gullible Linux user you can also deny them a command shell so they can be tempted to type in crap.

However, for more serious blocking of tricks like you mention you can use tools like apparmor to deny execution of bash, python, etc, in user-writeable areas to further piss off malware authors.

Incidentally Windows supports no-execute as a ACL setting, you can do the same to block execution in all user-writeable areas stop a lot of Trojans from being able to run even if the user is dumb enough to try some random download. Of course, you end up with complaints of other crap they need also being broken...

1
0

European Union set to release anti-competition hounds on Google

Paul Crawford
Silver badge

Re: Thank goodness this is nearly over.

"masterfully sarcastic" I think, just forgot the joke icon

8
1
Paul Crawford
Silver badge

Yes, after all Nokia did really well when "helped" by an ex-MS employee to choose a non-European OS.

7
1

Hacking Team hole still unpatched, exploit pop doc claims

Paul Crawford
Silver badge

Re: What's the embedded device?

Or some printer with a web server and/or wifi access point that is still on even when on Ethernet.

When did you last see any patching for any of your printers?

3
0

What's wrong with the Daily Mail Group buying Yahoo?

Paul Crawford
Silver badge

Re: Flickr

Welcome to the cloud, where you get little or no control of what happens to your data!

It can happen to any hosted service, either the hosting company screws up and deletes your stuff, or the service decided to close because they are bored or losing money. In short, if the ownership or future availability really matters to you then you set up your own (hosted if your ISP can't offer the bandwidth you need at a price you can afford), and keep your own mirror/backup in any case.

6
0

Linux command line mistake 'nukes web boss'S biz'

Paul Crawford
Silver badge

"Except, of course, for the 88%+* desktop market share Windows users, who have no idea what we're talking about"

Fixed it for you. When looking at anyone who would use (or even know about) command line actions, its probably closer to 50%.

Still, some additional "WTF?" options that allow (or not) such problems. Others recommend that most users don't get shell access, or the ability to execute programs in areas they have write access to:

https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts/end-user-devices-guidance-ubuntu-1404-lts

0
0
Paul Crawford
Silver badge
Joke

Re: "rm" stands for "remark"

While "dd" stands for "destroy data" as we all know...

6
0
Paul Crawford
Silver badge

More precisely, deleting stuff need write-access to the holding directory. Unless you are root, that user, or the user has allowed you via "group" membership & write permission (or $DIETY forbid, "other") then you can't do it.

Backups? Snapshot file system? I know its glib to ask, and we have all done dumb things in the past, but for a hosing business you like to assume there was *some* disaster recovery plan!

6
0

Vinyl LPs to top 3 million sales in Blighty this year

Paul Crawford
Silver badge

Re: Wow

I always thought RCA stood for "rubber conservation association" from how thin their records became.

6
0
Paul Crawford
Silver badge
Pirate

Re: Buying, not necessarily playing

1) Buy the vinyl record

2) Torrent the FLAC equivalent

3) Profit! (one hopes step 1 is actually paying musicians)

3
0

BOFH: If you liked it then you should've put the internet in it

Paul Crawford
Silver badge

Missing the two-way aspect

Why no mention of the built-in cattle prod?

1
0

ExoMars works! 2 Mbit/s link established and camera snapping

Paul Crawford
Silver badge

Re: @Symon

Thanks for posting that link

1
0

Web backup biz Monster Cloud monstered after monster price hike

Paul Crawford
Silver badge

Re: Another dot com manager is going to bite the bullet

True, but is this not yet another lesson in what it means to put your balls in another’s vice valuable data in a cloud service?

9
1

Music's value gap? Follow the money trail back to Google

Paul Crawford
Silver badge
Gimp

Rum, sodomy, and the lash?

Damn, need two icons!

3
0

Hey, Atlantis Computing. What the heck is this in your EULA?

Paul Crawford
Silver badge

"Those two vendors have a product that performs roughly the same, but vendor E knows how to tune vendor N's product so that it is 50% slower."

Don't public benchmarks serve to stop this sort of knobbling? OK they don't address the real-world if your problem is not similar to the test, but they ate least have an open set of tests that each vendor can submit their own tuning to get the best from it.

1
0

Microsoft sues US DoJ for right to squeal when Feds slurp your data

Paul Crawford
Silver badge

Re: Hat's off

Irrespective of MS' business reasons for doing this, it is good they are as few others have the resources or influence in the US to consider this.

I'm not American, nor do I live in the USA, but what happens in this case will be looked at world-wide and hopefully make other governments and their people think more carefully about what is reasonable to demand in the digital world.

4
0

You won't believe this, but… nothing useful found on Farook iPhone

Paul Crawford
Silver badge

Re: *grins*

"So the NSA admitted they couldn't crack couldn't be arsed to look at something pointless, but others could"

Fixed that for you...

16
0

Google yanks Chrome support for Windows XP, at long last

Paul Crawford
Silver badge

Re: Chrome for 32 bit Linux is also dead....

That is due to the fsking thing needing more than 2GB of memory!

17
0

Sweden 'secretly blames' hackers – not solar flares – for taking out air traffic control

Paul Crawford
Silver badge

Re: Might be but...

Cyberdickwaving is always a good enough reason!

Really though, Sweden should think of this as successful penetration testing for free.

1
1

Zuck: You're still using non-Facebook websites ... I'll put an end to that

Paul Crawford
Silver badge
Terminator

Re: Sick of this charade

Indeed, but maybe this new AI thing would be better then all of those "friends" who turn out to be morons when it comes the re-posting shit on Facebook?

My new friend ->

1
0

Prof Hawking to mail postage-stamp space craft to Alpha Centauri using frickin' lasers

Paul Crawford
Silver badge

Indeed, my first thought was "link budget?"

You beat me to the question of sensor acquisition time.

0
0

Graphene solar panels harvest energy from rain

Paul Crawford
Silver badge

Lifetime?

My own concern is how long would such a system continue work given the presence of various contaminants in the air, lichen, bird crap, etc.

5
1

Bundling ZFS and Linux is impossible says Richard Stallman

Paul Crawford
Silver badge
Joke

Re: ReiserFS...

"I hear it murders wives and gets caught"

Neither of which are good traits in a file system developer...

1
3
Paul Crawford
Silver badge

Re: Simpler solution.

AFIK Oracle was the major contributor to BTRFS for Linux, but that stopped when it bought Sun and inherited ZFS in the process.

Interesting point though, is the effort of brining BTRFS to match ZFS bigger or smaller than finding a way round the license terms?

2
0
Paul Crawford
Silver badge

Open/Closed

Odd really. A lot of folk accept, and Linux distros offer, closed-source drivers for video and similar. Not a GPL violation it seems.

Where as ZFS is open-source and you can also modify it, hence in terms of the overall goals of GPL, a much better fit. But not compatible because? Because?

I'm guessing its something to do with linking in the kernel rather than loading a driver, but it seems a little odd and almost one of those religious-wars type of reasons (you know Catholic/Protestant, Sunni/Shia, little-end/big-end, etc)

28
3

Aluminum-wrapped robbers fail to foil bank

Paul Crawford
Silver badge
Joke

Re: Hmm...

Silver opportunity, surely?

[Yes, really aluminium, but you know the colour most commonly associated with uniform-spectrum metallic reflections]

4
0

Anonymised search engine page found on 'kid-friendly' search site

Paul Crawford
Silver badge

Depending on the time-scale w.r.t. pr0n then "de-pubified" is probably most accurate.

0
0

FBI, Apple continue cat-and-mouse game over iPhones in New York

Paul Crawford
Silver badge

Re: Pretty weak position for the FBI here

My proposed solution to both the "lawful examination" request and the "dead relatives' phone" problem is to make the key readable by physical means: by desoldering a chip, grinding off its top and scanning the silicon with an electron microscope to read the bits back.

That way its not usable remotely, quickly, or cheaply. Just like old-school investigations that time & cost would focus its use to cases that really matter, and would not be viable for mass surveillance, fishing extraditions, etc.

4
0

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

Paul Crawford
Silver badge

Re: "lower bumfuckistan"

Have an up-vote for that alone!

0
0

Microsoft hopes to shine light on shadow IT

Paul Crawford
Silver badge

Yes, when I read "...Cloud App Security is to cover off the data loss danger..." I immediately thought "physician heal thyself".

3
2

Forums