* Posts by Paul Crawford

3789 posts • joined 15 Mar 2007

In Windows 10 Update land, nobody can hear you scream

Paul Crawford
Silver badge

Re: Windows 7 "outdated"?

+1 for the VM suggestion. That is what I do: Linux host and a few VMs for w2k, XP and win7 for all Windows-only software. Added advantages are you can choose how many CPU cores a VM gets, how much host memory, etc. Also many of the nastiest malware will notice you are running on a VM and refuse to act in case you are a security researcher.

What it won't work well for is games, but increasingly they are available on Steam for Linux or folk simply buy an Xbox or similar for the single task of gaming. Also you should be looking at at least 8GB of host memory for a good experience (keep at least 2GB for host, rest can be given to VMs). But hey, that is what web browsers seem to need these days anyway...

7
0

Bloodhound Super-Sonic-Car lacks Super-Sonic-Cashflow

Paul Crawford
Silver badge

Re: Ignition!

That book on liquid rocket fuel is a fantastic read, even for people with very little grasp of chemistry. It conveys the paranoia of the time (and thus lack of concern for the toxic nature of some candidates) along with a great insight to the complex issues around rocket fuel choice.

And yes, several people have been killed due to monopropelent failures during development and deployment. Such as the unfortunate sailors on the Kursk.

4
0

GCHQ asks tech firms to pretty please make IoT devices secure

Paul Crawford
Silver badge

Trying to get others (like the ISPs) involved will not end well.

Simpler it to make the manufacturer and/or importer liable for GDPR-like fines for insecurity for the expected life of the product, which should be something like at least 5 years after last sold. With no exceptions.

Security costs and marketer-driven additions are all more liabilities to the end user, make sure those implementing IoT are held responsible for that.

0
0

Azure goes quiet, Huawei Canada ban urged, US Senators are after Google, and more

Paul Crawford
Silver badge

Re: As things stand right now...

Realistically if security and privacy matters then you must keep stuff on-premises.

Of course if all you are looking for is cloud backup (not live data or VMs) then you could encrypt the data before it leaves your network, but I would not trust any cloud provider's own mechanism given the various oppressive "national security" laws in most countries that could be used to force them to add a backdoor. Which they are then legally obliged to lie about its non-existence.

2
0
Paul Crawford
Silver badge

Re: Oh really ?

Very much so, but it is much the same in many UK businesses where a good engineer gets promoted to being a poor manager in order to get a pay rise.

The army, etc, should keep its general rank structure based on experience and progression but have some pay "bonus" for having cyber qualifications / job role / etc to bring the salary in to alignment with the job market.

3
0

China's clampdown on Tor pushes its hackers into foreign backyards

Paul Crawford
Silver badge

Re: Well Done

You are assuming the Chinese government care more about its citizens and businesses than in preserving its ideological position & power through media control.

7
0

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

Paul Crawford
Silver badge

When I try that site (www.electronicsweekly.com) I simply get "403 Forbidden"

So either they are blocking EU addresses or singling out VPN use, shame as I will just ignore them from now on.

4
0

SAP bug beatdowns, Apple gets nasty with Mac repairs, Struts woe, and more from infosec

Paul Crawford
Silver badge

Re: @Michael Hoffmann

Entroware only claim to ship to UK/EU but it is worth asking them if you could do elsewhere. I suspect it is largely down to the effort of managing shipping/import duties versus the number of sales expected.

1
0
Paul Crawford
Silver badge

Re: Wonder what Louis Rossmann thinks about Apple's dick move

At one point I was thinking about buying a Macbook Pro because they looked like welll engineered devices in spite of the hefty price tag. But then they dropped useful stuff for "pro" use like DVD drive, USB-2, RJ-45 network sockets, etc.

Now they seem to be complete arsholes when it comes to repair or upgrading the device and I have been spending my money with the like of Entroware instead.

15
0

IBM won't grow, says analyst firm while eyeing flatlining share price

Paul Crawford
Silver badge

All of that is probably true but it is still not changing the fact that mainframe use is in slow decline. How many new or expanding businesses are thinking "You know what, lets migrate from Linux/Windows servers to a zSeries mainframe?"

8
0

Where can I hide this mic? I know, shove it down my urethra

Paul Crawford
Silver badge

Re: Bromide for Mr. Dabbs please!

This has already been covered:

https://www.theregister.co.uk/2012/01/26/ipad_fleshlight_design/

0
0
Paul Crawford
Silver badge

I found the memory card that came with a 1990's Anritsu spectrum analyser, a princely 32kB.

Yes kilobytes! Now got off my lawn!

2
0

On the third day of Windows Microsoft gave to me: A file-munching run of DELTREE

Paul Crawford
Silver badge

Re: Old-school Windows user here.

Similar to my experience, but I jumped ship to Linux instead of Vista and 7 did not tempt me back. I now run VMs for w2k, XP and 7 for various special packages that I need but use Linux for email/web (and much C / python development) so security of VM OS/packages is much less of an issue.

No, Linux is not perfect and the Gnome developers are a bunch of muppets, but it has caused me much less grief than I have seen in the last decade for Windows users.

11
1
Paul Crawford
Silver badge

FAT file systems for DOS and Windows 95/98 could get trashed with cross-linked files but in my experience of trying to break stuff I have not seen such damage on journalled file systems like NTFS or ext3/4

So unless your HDD is seriously bad or an OS has gone on a bug-fuelled rampage then disk repair won't cause any more damage than files already part-updated.

3
0
Paul Crawford
Silver badge

Re: hotel in Brum

To be fair it probably has been there since last Xmas...

9
0

Uncle Sam gives itself the right to shoot down any drone, anywhere, any time, any how

Paul Crawford
Silver badge

Or better still have drones fitted with some gov backdoor. If they see it and it won't respond to a take-over request then its not licensed and so shooting down is justified.

Now such an argument applies here only because a drone is often bought as a toy but poses a significant threat to aircraft, etc, which is rather different from encryption that protects everyone's commerce and privacy.

3
7
Paul Crawford
Silver badge

Re: @jake

idiots Darwinizing themselves

Best phrase of the day!

15
1

Wi-Fi Alliance ditches 802.11 spec codes for consumer-friendly naming scheme

Paul Crawford
Silver badge

Re: If it is not broken...

More to the point, how long until I can get WiFi 69 ?

1
1
Paul Crawford
Silver badge

In most cases I *never* see anything like the peak speed the standard is capable of as it is always negotiated down to match the congestion of a dozen or so access points in my block of flats. Add to that for most folk (certainly in this septic isle) will not see much more than 50Mbit/sec to the outside world its a bit pointless*.

[*] yes I know folk here will have home NAS and want to stream video or run backups, etc, where they would saturate a gigabit link but that is not Joe Public.

1
0

The secret history of Apple's Stacks

Paul Crawford
Silver badge

Desktop clutter

Desktop clutter is just the same problem that most people have - not having an organised way of keeping things. We all do it to some extent, say the "downloads" folder that fills with all sorts of stuff and eventually you have to clear it out to recover many GB of space.

Some companies have well-structured systems, typically a network share and some corporate standard for how projects, contacts, invoices, etc, are all to be organised and stored in a hierarchical system. That is why directory trees are so good. Also good to have it centrally backed up.

But it takes either a very organised mind-set, or someone high up clamping down on folk, to get that done. Instead some places in the local file system (like the desktop) become a cache of recent or possibly useful stuff. But it hardly ever gets tidied up in the way you might have to do each week in an office, etc.

Is there an easy solution? I doubt it, as things like stacks, etc, are just attempts to make an ad-hock file grouping (e.g. folders, directory tree) to do what is not being done by the person. But even the claims of AI to help are unlikely to work well. The other approach of removing the desktop (the sort of move loved by the muppets behind Gnome, for example) is really a bit if intellectual fascism - deciding how you *must* use *your* computer because we tell you so.

10
0

Apple forgot to lock Intel Management Engine in laptops, so get patching

Paul Crawford
Silver badge

Re: Before the Linux and FOSS crew start berating me

The security fsck-up of Intel ME is OS-agnostic, and even penguin-botherers can see why the ME functionality could be useful. No the real issues are:

1) Piss-poor attitude to security in Intel.

2) Lack of tools to see if ME is on and to verifiably disable it for those not wanting it.

3) Suppliers not getting 1 & 2 so leaving it enabled and in manufacturing mode.

3
0

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Paul Crawford
Silver badge

Re: Which Nation State

All of them.

But not all of them can actually deliver on that...

10
1

Microsoft gets ready to kill Skype Classic once again: 'This time we mean it'

Paul Crawford
Silver badge

Re: wasn't peer-to-peer anymore

All the better to slurp you with!

3
0
Paul Crawford
Silver badge

Re: @Flatpackhamster

Do you feel the same about BitTorrent?

No, because:

1) It is for crappy media or Linux ISOs and I always do a separate sha256 checksum test on those.

2) I can tun my BT client on and off with ease and in an obvious place, and not magically find that I have seeded many GB of OS image over some fee-paying or bandwidth restricted network route.

9
0

Take the wheel, Arm tells its notebook-grade Cortex-A76 CPU: Now you're a robo-ride brain

Paul Crawford
Silver badge

Software versus microcode?

I wonder what is really more likely to be wrong: the CPU executing the software, or the actual software itself?

While having a trap for a hardware error in the CPU registers is a good thing it is only a start, you need to have ECC memory as well and even both are not a substitute for an overall hardware watchdog to deal with, say, an OS-level lock up.

Then we are still left with the rather uneasy aspect of how reliable and safe the masses of AI-based image recognition and driving control code can really be.

6
0

Office 2019 lumbers to the stage once more as Microsoft promises future releases

Paul Crawford
Silver badge

Re: Clippy is now AI?

Nope, it is AS

4
1

Secret IBM script could have prevented 11-hour US tax day outage

Paul Crawford
Silver badge

Very much so.

Most calculations for availability are based on the assumption of independent errors. Things like bug and manufacturing flaws, along with external "stress events" like lightning or A/C failure, are never EVER included as a realistic model.

4
1

That scary old system with 'do not touch' on it? Your boss very much wants you to touch it. Now what do you do?

Paul Crawford
Silver badge

Re: Insurers, banks, board of trade, government...

"actually produces the in-production machine code"

Is a very valid point, and not just from the aspect of someone editing the machine code to fix a minor bug without facing hours of compilation time.

You also have to deal with the problem that very likely what is archived was not the "last" version of what was compiled since not every project has good code management using CVS/SVN/GIT, etc and built-test cycles that are followed.

In one rather sad case a programmer I knew died and several months later the company had wiped and re-used he PC. Then around a year later they realised the in-use executables were build using a version that had been on that PC but had not been checked in to the central repository. Had they only bought a new HDD for the machine...

38
0

Cisco sneaks hardcoded secret root backdoor into vid surveillance kit

Paul Crawford
Silver badge

Re: At this point..

And yet governments seem only to ban Chinese kit due to this sort of allegation...

31
0

Scottish brewery recovers from ransomware attack

Paul Crawford
Silver badge

Re: offsite backup

There are many ways to destroy data integrity, not just the obvious ransom-ware or HDD failure, but also examples of electrical surge, fire, flood or some oik nicking the thing.

Having an off-site copy is a VERY GOOD IDEA and if you want to DIY then you could sync two NAS locally, move one off-site and then have an rsync job (ideally taking a copy of the most recent snapshot so it is all consistent in time).

Of course you also need to check it is working, not just initially but also months down the line, and to try your recovery process as well. You REALLY don't want to find out its not quite right after a major event!

5
0
Paul Crawford
Silver badge

Re: Customer caught

RAID != Backup

But a NAS that supports automated daily snapshots would have had a sporting chance of recovery with but a day's lost data (e.g. the feature on FreeNAS that comes free with ZFS' inherent copy-on-write operation).

14
0

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Paul Crawford
Silver badge

Re: Firewall

why I use FreeNAS

Not to mention it using ZFS with the data checksums and periodic scrubbing to help fix/detect any HDD problems early on.

0
0

Tech to solve post-Brexit customs woes doesn't exist yet, peers say

Paul Crawford
Silver badge

Simple and cheaper still, why not have a small "honesty box" next the a couple of main roads for anyone to put in any customs duty they think is needed?

Could be done on time, will cost less than what is not collected, and might have a slim chance of stopping a return to border bloodshed once more.

38
0

Why waste away in a cubicle when you could be a goddamn infosec neuromancer on £50k*?

Paul Crawford
Silver badge

Necromancer?

Why did I read that as a infosec necromancer? Maybe it is closer to the truth.

2
0

London tipped to lead European data market. Yes, despite Brexit!

Paul Crawford
Silver badge

Re: 33 zettabytes a year?

Not so much cat photographs as pussy photographs. Just ask Mrs Slocombe...

2
0

UK.gov isn't ready for no-deal Brexit – and 'secrecy' means businesses won't be either

Paul Crawford
Silver badge
Facepalm

Or a reason to jump to another country..

35
0

NHS smacks down hundreds of staffers for dodgy use of social media, messaging apps

Paul Crawford
Silver badge

Re: Wow

If doctors had done this on the golf course nobody would care.

The key here is not that it is a doctor, nor that is it a golf course, but that is was a spoken joke that has no permanent internet record to come back and bite you (or anyone else) in 1 day, month, year or decade.

Today's generation of social media users seem not to think even as far as who sees a post immediately, let alone the long term.

6
0

Python joins movement to dump 'offensive' master, slave terms

Paul Crawford
Silver badge
Gimp

Re: The terminology is not the problem.

No the safe word is FLÜGGÅӘNKб€ČHIŒßØLĮÊN and is covered here:

https://www.youtube.com/watch?v=8GmDl0Tp4DI

4
0

Arms race: SiFive, Hex Five build code safe houses for RISC-V chips

Paul Crawford
Silver badge

Actually I often think "Is there a CPU without any 'secure enclave' features that would allow me to know my machine has no BIOS or microcode-level root kit?"

0
0

Tor(ched): Zerodium drops exploit for version 7 of anonymous browser

Paul Crawford
Silver badge

Re: Supposedly

I don't know of any product the Vultures describe as secure. I guess it comes down to any product that claims to be security-related is given the "allegedly" treatment here.

Still, this is Yet Another Lesson in the need for layers of security, you know like an Ogre has. Or was that an onion?

0
0
Paul Crawford
Silver badge

Re: Javascript XOR Security

Remember the 90s when you were told "don't run unknown software on your computer" at every point in a security lecture? Well now we do it every day in our web browsers.

And mostly its there for shitty advertising reasons...

5
0

It looks like tech-savvy drivers will have to lead connected car data purge

Paul Crawford
Silver badge

"Whether the DVLA would be willing to accept a privacy regulating role that's outside its remit is questionable"

They don't need to have a regulation role, just to provide a stable and well-documented API that allows the car companies to automatically wipe personal data on ownership change of a given VIN.

Then make it clear that the car companies are liable under the GDPR and the prospect of being sued a percentage of global turnover will focus their minds magnificently.

29
0

make all relocate... Linux kernel dev summit shifts to Scotland – to fit Torvald's holiday plans

Paul Crawford
Silver badge

Re: New! It's the elReg trip advisor

Edinburgh hotels can be a bit expensive and hard to find during the fringe festival, but there are many good places stay and see. If you can only do a couple of days stop-over in Scotland then Edinburgh is probably the place to go. It is even worth going on one of the open-top tourist buses to get a quick overview of the city.

If you have some more time then a trip to Glasgow is worth while (historic rival to Edinburgh) as it has plenty of good restaurants, night-life (and low-life if you like that sort of thing), and a trip to the highlands for the scenery (weather permitting, but that can change on an hourly basis).

For most of the highlands then a car is really needed, but if you don't want to drive then it is easy to get to Avimore by train (also has a historic steam train line if you fancy that, or the funicular railway up Cairngorm mountain) and the east coast train from Glasgow to Malaig has some amazing scenery (including the Glenfinnan Viaduct that featured in the Harry Potter movies) but you really should stay over at Malaig, not just for the peaceful experience but also as as it is not practical to go there and back in the one day.

11
0

Neutron star crash in a galaxy far, far... far away spews 'faster than light' radio signal jets at Earth

Paul Crawford
Silver badge

And maybe also the answer will reveal time.

16
0

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Paul Crawford
Silver badge

And for the rest of the world?

Thing is if the 5-eyes get together and demand that companies in these regions give them this back door, what will the rest of the world do?

1) Say "Its a fair cop, we trust you, here you go gov'ner"

2) Say "No 5-eyes software or services here" and thus provide a gov-mandated alternative for EU/Russia/China/India/etc

19
0

Google is 20, Chrome is 10, and Microsoft would rather ignore the Nokia deal's 5th birthday

Paul Crawford
Silver badge

Re: For all your searching

My search engine of choice due to its fairly anonymous behaviour (and one of the first to use https from the browser's plug-in).

But I still go to Google for cases when I actually want to see stuff to buy as they seem to do better at returning UK based adverts/shops then DuckDuckGo even though they have me down as UK-based.

6
2

Thousands of misconfigured 3D printers on interwebz run risk of sabotage

Paul Crawford
Silver badge
Terminator

What, to 3D print penises in 12" size?

How Pintsize sees himself =>

1
0
Paul Crawford
Silver badge

Alternatively...

Some ne’er-do-wells could just upload files of penises in all imaginable (and some unimaginable) sizes and shapes just to the lutz

Not that I, as an upstanding member of society, would suggest thrusting such a prank on an already suffering world.

15
0

Go Pester someone else: TSB ditches CEO over bank's IT meltdown

Paul Crawford
Silver badge

Re: still expected to take away about £1.7m

Sadly you probably have to be jailed for that.

27
1

Black holes can briefly bring dead white dwarf stars back to life

Paul Crawford
Silver badge

Re: Unintelligent design

I think most would root Jezebel

3
0

Forums

Biting the hand that feeds IT © 1998–2018