* Posts by Paul Crawford

3887 posts • joined 15 Mar 2007

Huawei hasn't yet fixed its security vulns, says UK's NCSC overseers

Paul Crawford Silver badge

Re: Different issues

On a technical level they may the same, but given the lack of any information about it actually being used, and the known information about the NSA bugging US equipment, the current brouhaha is most likely political/economic than an actual security issue.

Paul Crawford Silver badge

Re: Different issues

In a sense they are the same - if a company has piss-poor software quality and no credible plan to fix it then you just know there are lots of known bugs waiting to be exploited.

In that sense the Chinese don't need to put in any "back door" code if the windows, air vents, gutters and skylight windows are secured by wet string (or your nearest equivalent) and are well known to their secret service.

El Reg talks to PornHub sister biz AgeID – and an indie pornographer – about age verification

Paul Crawford Silver badge

Re: Um Penetration Testing

Yes, yes, Oh God YES!

Intel to finally scatter remaining ashes of Itanium to the wind in 2021: Final call for doomed server CPU line

Paul Crawford Silver badge

There is a big difference though - GPUs are generally used for massively parallel tasks anyway. The organisation of multiple compute blocks and the impact of instruction queues dumping are far less on that sort of special accelerator, as compared to general purpose code used by OS / word processor / web server / etc..

Paul Crawford Silver badge

There was a thing for VLWI style processors around that time - TI produced some DSP with fantastic headlines speeds for the time, but you would be lucky to get 20% of it in many cases if you could not take full advantage of the approach (schedule instructions to use the 2 * 4 blocks of compute engines in parallel, not conditional instructions that would dump the instruction queue, etc). They seem to have faded away as well?

Sadder is that HP took over DEC and canned their Alpha processor line as clearly the Itanium was going to win in 64-bit computer space, eh? Just goes to show how poorly HP's judgement has been more or less since their founders were gone.

Oh cool, the Bluetooth 5.1 specification is out. Nice. *control-F* master-slave... 2,000 results

Paul Crawford Silver badge
Gimp

Spanker / Spankee?

Our vulture listened to four hours of obtuse net neutrality legal blah-blah so you don't have to: Here's what's happening

Paul Crawford Silver badge

The old paper telephone directories, and the services the phone up and query them, added the exactly ability: to look up numeric addresses given the human-memorable details of someone's name and residence. So are the two not the same in such a legal argument?

I studied hard, I trained for years. Yay, now I'm an astronaut in space. Argggh, leukemia!

Paul Crawford Silver badge
Gimp

Re: Kinda makes sense...

...training involving lots of disgusting risky deviant sexual contact perhaps? All for the immune system's benefit of course, no ulterior motives, none at all!

Arm wants to wrestle industry into a seat on the UK.gov's £70m hardware security train

Paul Crawford Silver badge

Re: Wonderful

I was going to say much the same thing - how many security holes are the result of cunningly crafted attacks on good code that hardware measures might mitigate, versus those due to piss-poor design with the likes hard coded root passwords, no automatic patching, and shitty insecure web admin pages that are enabled by default?

Apple: Trust us, we've patented parts of Swift, and thus chunks of other programming languages, for your own good

Paul Crawford Silver badge

Re: Just use Python. You need nothing else.

The white space that looks OK in one editor that happens to show tabs and 4 spaces the same way but breaks your code, that sort of design feature?

Not to mention the raft of v2/v3 changes that are still being found to subtly break things years later?

Thinking here of the change in the way the divide operation is interpreted as the most dumb/annoying to spot, with v2 acting like classic languages (divide int/int and get int result) while v3 "helpfully" assumes you really wanted a float answer to an integer division, like you expected float out of integer add, or multiply, ....

Crispest image yet of Ultima Thule arrives on Earth, but grab a coffee while the rest downloads

Paul Crawford Silver badge

Re: Look very hard!

Also remember those Voyagers are using valve amplifiers.

Yes, OK I am talking TWT here for the final RF amplification and not a pail of KT88s in ultra-linear configuration.

Pentagon cloud contract sueball: Oh no, Oracle doesn't need those docs, AWS tells court

Paul Crawford Silver badge

AWS sells face recognition to the gov for a small price, gov awards fat contract to AWS with little competition.

So? Nothing unusual here, move along, nothing to see...

'Nun' drops goat head on pavement outside Cheltenham 'Spoons

Paul Crawford Silver badge

Re: Maybe

If Tim Martin is getting hard on the Goat then it is even worse than I imagined!

IBM to kill off Watson... Workspace from end of February

Paul Crawford Silver badge
Gimp

SHUT UP AND TAKE MY SEED FUNDING

Fixed it for you?

Iran satellite fails: ICBM test drive or microsat test? Opinion is divided...

Paul Crawford Silver badge

Exactly - if its fuelled with cryogenics (LOX / Kerosene, for example) then its not for ICBM use. However if its UDMH and N204 or similar then its very, very, suspicious.

Facebook's pay-for-more-eyeballs shtick looks too good to be true: Page views, Likes from 'fake' profiles

Paul Crawford Silver badge

Very much in keeping with the expected honesty of FB really. I trust them as far as I can comfortably spit a rat (as Ford Prefect put it).

Poland may consider Huawei ban amid 'spy' arrests – reports

Paul Crawford Silver badge

Re: "we will consider legislative changes that would allow such a move"

Sadly those bozos are typical of many countries, UK included, that have any sort of first-past-the-post system of election that magnifies differences.

If you wanna learn from the IT security blunders committed by hacked hospital group, here's some weekend reading

Paul Crawford Silver badge
Trollface

Re: Detailed report into the hack

MS Word macros, the gift that keeps on giving!

You were told to clean up our systems, not delete 8,000 crucial files

Paul Crawford Silver badge

Re: Linux Filesystem Hierarchy Standard

Behind that is the possible case that /tmp is a ramdrive and small, while /var/tmp is expected to be on non-volatile storage and much larger. In the ramdrive case a reboot will inevitably wipe the directory even if the OS has no explicit step to do so.

Debian based systems like Ubuntu wipe /tmp on reboot only, where as RedHat based systems typically deleted from /tmp by cron job based on the last access time being a week or two ago.

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

Paul Crawford Silver badge

If your current corporate choice is WebEx then practically anything, Skype included, is going to suck so much less it would be a joy!

New side-channel leak: Boffins bash operating system page caches until they spill secrets

Paul Crawford Silver badge

Re: Hmm

If you have hostile software successfully running on your device you're already screwed regardless of the mechanism

What, like javascript from some shitty ad-broker? Sadly the web has brought such nasties on to machines and made them executable and for little benefit is so many cases.

FCC tosses aside rules, treats Google to a happy ending following request for handy tech

Paul Crawford Silver badge

Re: Confused!

The dB is a relative measure, specifically of power = 10 log10(P1/P2) but if you define P2 to be something fixed then it is an absolute measure. dBW has P2 = 1W, dBm has P2 = 1mW, etc, so:

0dBW = +30dBm = 1.0W = 1000mW

-10dBW = +20dBm = 1.0e-1 W = 100mW

-20dBW = +10dBm = 1.0e-2 W = 10mW

-30dBW = 0dBm = 1.0e-3 W = 1mW

-40dBW = -10dBm = 1.0e-4 W = 0.1mW

etc...

Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs

Paul Crawford Silver badge

Re: Linux and out of date Windows machines

Some Linux distros are signed and can be used with secure boot enabled, but I think there can be issues with some propitiatory video drivers, etc, that break the trust-chain in such cases. In any case "secure boot" is only good at stopping some cases of root kits, and would not stop anyone capable of using Microcsoft's keys, for example, or of exploiting the generally piss-poor state of UEFI (or BIOS) firmware security.

If you are worried about security in general then a good starting place is the guidance at NCSC which cover many OS, not just Windows as one might expect, and including Ubuntu Linux:

https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts

It's 2019, and from Beijing to Blighty folk are still worried about slurp-happy apps

Paul Crawford Silver badge

Re: And people look at me funny...

Just ask any one of those people to hand over their phone (unlocked) so you look through their internet history, read their text messages, etc. Suddenly they find that privacy is not pointless!

Microsoft's 2018, part 2: Azure data centres heat up and Windows 10? It burns! It burns!

Paul Crawford Silver badge

Re: ... and people ask me why I use Linux exclusively

My point is, these issues are terrible and all that, but how widespread are they really? How many people are actually affected by all these issues?

The bigger point, as others have mentioned, is this is happening with mass-market stuff like Intel sound and HP laptops. And it is symptomatic of a culture of poor (or non-existent) QA and attitude to its customers. They are not short of cash to do it properly, they choose to avoid doing it, it seems.

Now we all love a flame-war on Windows versus Linux but this recent spat of problems is due to a change in MS culture. 5-10 years ago we moaned abut the never ending vulnerabilities in IE, etc, needing patched and on the other hand how Linux struggled to get many items hardware to run, but very rarely did MS bork a mass number of machines.

Slap for Slack chat app after US, Canada chaps zapped in Iranian IP address map whack

Paul Crawford Silver badge

Re: Weaponizing potential

Get a proper laptop with a proper APU and it will be at a very solid 0 nearly all of the time

So its just pissing away time & power running stupidly bloated code on the APU instead, but that is not showing up in 'top'?

On the first day of Christmas, Microsoft gave to me... an emergency out-of-band security patch for IE

Paul Crawford Silver badge

Re: "MS have pulled the advisories"

I now can't find my arse with both hands!

Ah, such a schoolboy error! You need a map and both hands to find it.

Mark Zuckerberg did everything in his power to avoid Facebook becoming the next MySpace – but forgot one crucial detail…

Paul Crawford Silver badge

Re: Is this libel?

Only if it is not true.

Can you see FB being willing to test any of those claims in court? Opening up internal emails and contracts to prove they were clean and these are simply malicious lies? Opening code to show how they use IP and WiFi SSID information?

I don't...

Paul Crawford Silver badge
Trollface

Re: Excellent article

Yes, such a good article I have now shared it on Facebook

Brazil bested by hackers, Virgin plugs hub bugs, and France surrenders… records

Paul Crawford Silver badge

Re: "while the apps themselves are secure"

Exactly, why would Australia lean on secure app developers (who are probably outside of any legal actions anyway) when they can simply pressure local phone networks to force a system "update" to any phones they want to spy on?

Hot on heels of 2.0, Vivaldi 2.2 adds tab session management among other goodies

Paul Crawford Silver badge

Another quick question

Can you properly stop auto-play videos from EVER starting with out an explicit user action?

You know the shitty sort of thing now embedded in HTML5 pages to push adverts or just pointless additions to news pages (which is annoying waste of bandwidth if you don't have sound on the machine or are not in a position to use it).

That would make it superior to Firefox that seems to be doing its best to piss of users by breaking useful add-ons, and dumbing things down to look like chrome.

Super Micro says audit found no trace of Chinese spy chips on its boards

Paul Crawford Silver badge

@Jeffrey Nonken

He is not, because I am...

Paul Crawford Silver badge

Re: Again, why bother

Yes, and bugger-all security or patching for most ILOM systems...

Paul Crawford Silver badge
Gimp

Re: a "special" hole in your pants

I pay extra for those!

Supernovae may explain mass extinctions of marine animals 2.6 million years ago

Paul Crawford Silver badge

Re: Who told them?

They did not have Dark Star to clean things up.

Britain approved £2.5m of snooping kit exports to thoroughly snuggly regime in Saudi Arabia

Paul Crawford Silver badge

Almost. Saudi Arabia is ruled by the (extended) royal family but mostly they assume power by virtue of religion, given they have Mecca and so much that is valued by Muslims. Not that it means much in terms of protection of historical value:

https://en.wikipedia.org/wiki/Destruction_of_early_Islamic_heritage_sites_in_Saudi_Arabia

(Just to add that I have little religious interest, but see the destruction or re-writing of history as an unforgivable crime against our descendants)

Bulk surveillance is always bad, say human rights orgs appealing against top Euro court

Paul Crawford Silver badge

Re: there is an absolute right to privacy, which there isn't

First, let's include commercial spying, aka data harvesting, in the mix. What "right to privacy" applies to NSA and GCHQ that does not apply to Facebook and Google?

It should apply to both, but equally FB/Google don't have the powers to alter your life like gov agencies do.

Next there is the POPD - Plain Old Physical Domain. What "right to privacy" does online trawling breach, that a telescope on a pier above a crowded beach does not?

That is pretty much targeted - one beach, and a given time-window when you might expect something is going to happen. The police, etc, have been doing that sort of thing for decades and most folk see it as a perfectly reasonable balance between privacy and crime prevention.

Bulk surveillance is recording every beach, all the time, and then being able to do a search at some point for where you have been. See the difference?

Thanks to UK peers, coming to a laptop near you in 2019: Age checks for online smut

Paul Crawford Silver badge

Re: There appears to be an assumption

I really doubt it. If you look at the stats for under-age pregnancy in the UK, which one might think would be correlated to badly planned sexual behaviour, it has dropped slightly in the last 20 years while the availability of pr0n (and associated moral hand-wringing) has rocketed.

So bugger-all in the way of evidence-based policies here.

Qualcomm axes staff, winds down data center processor efforts ... while China takes the blueprints and runs

Paul Crawford Silver badge

Re: CPU Back Doors For National Snooping...

Would you trust the Intel random number generation instruction?

Would you trust there are not already undocumented op-codes, even hidden in plain sight such as said random value, that recover part or all of previously used AES instruction's keys in some obfuscated form?

Peak tech! Bacon vending machine signals apex of human invention

Paul Crawford Silver badge

Re: The best bacon

I agree almost 100% - but would go with smoked every time.

And the next 7nm laptop processor will be designed by In, er, AM, um, Qualcomm: The 64-bit Arm Snapdragon 8CX

Paul Crawford Silver badge
Gimp

CX

Or the iconic Citroen of the mid 1970s?

I prefer the Citroen SM myself =>

It's nearly 2019, and your network can get pwned through an oscilloscope

Paul Crawford Silver badge

Re: FFS

Really, if you have someone on the inside of your network then messing with a scope is not going to be the most productive way of causing chaos, not by a long chalk.

Paul Crawford Silver badge

Re: Bigger problems here?

Lets face it, your development lab should be pretty much fire-walled off (or even air-gapped) from the rest of the world anyway as you have no idea what will be on it. Not necessarily malicious, but while developing products and messing about there is a very high chance of dumb shit happening and you don't want that leaking (or even as simple as IP address conflicts).

Sorry, we haven't ACLU what happened in sealed 'Facebook decryption' case, but let's find out

Paul Crawford Silver badge

Re: @tfb Gendered Connectors

Earth pins (in the socket) are just weird--anyone care to hypothesise (or explain) why they were invented?

No idea, but two thoughts are:

1) It was an after-thought added to an existing design when folk realised how much safer earthed systems are.

2) It prevented the mating of a non-earthed plug to force upgrading to match the infrastructure (where as a 3rd hole would not).

Paul Crawford Silver badge

Re: gender benders

Can't just swap pins for holes without changing the wiring

You can on a coaxial connector.

Forget DeepFakes. This robo-Rembrandt with AI for brains is not bad at knocking off paintings

Paul Crawford Silver badge

Re: robo-Rembrant [sic]

And you would not believe what Hieronymus Bosch will do to your ass. Getting medieval is only the start...

Tape vendors feel the cold, clammy hand of AWS on their shoulders. Behind them grins the Glacier Deep Archive

Paul Crawford Silver badge

Re: Retrieval time

And said time also depends on your bandwidth and the volume of data to be restored. Unless you are just re-populating an AWS instance, of course.

Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'

Paul Crawford Silver badge
Gimp

Re: Probably sits at home...

Mind probes? That is not the sort of probing I suffer from at home =>

Boeing 737 pilots battled confused safety system that plunged aircraft to their deaths – black box

Paul Crawford Silver badge

I think it was the opposite - the pilots *assumed* the plane anti-stall would stop it stalling, but below a certain hight it disengages as it *assumed* they would only fly that low in an attempt to land.

Blighty: We spent £1bn on Galileo and all we got was this lousy T-shirt

Paul Crawford Silver badge
Facepalm

"Brit taxpayers had shovelled £1bn into the programme from which they would now be locked out due to rules we insisted on and which we then decided to become non-compliant with"

Fixed his statement for him...

It is sad and stupid, and the loss of privileged access to Galileo is also sad and stupid but entirely predictable.

Biting the hand that feeds IT © 1998–2019