* Posts by Paul Crawford

3297 posts • joined 15 Mar 2007

Horse named 'Cloud Computing' finds burst of speed to beat 'Classic Empire' in actual race

Paul Crawford
Silver badge

Re: But...

Sort of hard reset?

My best friend during university said if he ever had a racing hose it would be called "JK bistable" but I'm not sure why. Wonder what the masses would make of that?

2
0

Mi casa es su casa: Ubuntu bug makes 'guests' anything but

Paul Crawford
Silver badge

Re: Flaky guest account

Well considering the number of things that systemd forced changes upon that were then broken, its a reasonable starting point:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1535840

https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1448924

https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1535854

12
1
Paul Crawford
Silver badge

Flaky guest account

The "guest account" has always been a mixed bag as far as security is concerned, but clearly someone has screwed up here and deserves to be spanked. A systemd-related change perhaps?

On the one hand it is a good idea that guests can use a machine without widespread access, and once they log out their own privacy is maintained by deleting the account. However, there are some aspects that are security issues (I guess why GCHQ advise disabling it):

1) If using a corporate VPN on boot, then they are in without user log in (even if internal resources should be checking credentials as well)

2) Typically the guest area is a fuse loop-back mount in /tmp but that allows execution even if /tmp has been mounted noexec, etc.

3) The implementation creates random-ish UID/GID values but on a system crash (think - person switching off machine without guest logging off) these accumulate as they don't get purged.

See also https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts where they also advise that all usual user accounts should have 'other' access removes (e.g. chmod o-rx /home/*)

6
2

Azure users told they're not WannaCrypt-proof

Paul Crawford
Silver badge

Re: @LDS

Ah - my mistake then!

I just did not read it that way as I never considered that you would disable V2 / V3 but still plan on using SMB V1.

0
0
Paul Crawford
Silver badge

WTF?

If you read the MS advisory you get this statement "Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled." followed by a list of side-effects of disabling SMB V2 & V3. Including stuff that you wonder just WTF is the deep-set interaction of file serving and other networking or services on Windows boxes? Like large MTUs for 10G Ethernet, symbolic links, etc.

Oh well, I guess its not long until systemd has this for Linux...

5
1

You think your day was bad? OS X malware hackers just swiped a Mac dev's app source

Paul Crawford
Silver badge

Re: Lost ?

Biggest risk really is malicious GIT commits using the compromised credentials - they need to be sure the developers check all "their" stuff since the incident until they found out to see that it really was work they did.

3
0

Police anti-ransomware warning is hotlinked to 'ransomware.pdf'

Paul Crawford
Silver badge

Re: We chose not to open the PDF file

Yes...but forgot to put it in the faraday cage.

Oh no, you don't put it in the Faraday cage, that is what your tin-foil hat is for!

You do have one, don't you?

0
0
Paul Crawford
Silver badge

Re: We chose not to open the PDF file

Have you tried booting from a Linux CD and then opening the file?

Is the almost-right answer.

Have you tried booting from a Linux CD, disconnecting the network, and then opening the file?

See, better!

7
0

Yo, patch that because scum still wanna exploit WannaCrypt-linked vuln

Paul Crawford
Silver badge

Re: It's worth following the link in the article

I was more surprised to see 1k machines with W2K on them exposed to t'Internet for all and sundry to have a go. Wonder how many will still be working by next week?

0
0

French fling fun-sized fine at Facebook for freakin' following folk

Paul Crawford
Silver badge

Re: the french??

Same problem as all those sites using Google Analytics, putting the 'anal' back in to web site use without your permission.

10
0

WannaCrypt 'may be the work of North Korea' theory floated

Paul Crawford
Silver badge

Re: Naive Question

Programmers doing "stupid stuff" mostly:

- Not following MS' guide lines (e.g. using undocumented APIs, assuming drive letters & folder locations)

- Using the flavour-of-the month framework (e.g. ActiveX for IE6, recently silverlight...)

- Assuming you are running with admin rights (lots of NT/W2K/XP era stuff)

- Assuming the machine won't have firewalls enabled (bit even MS software with XP SP3)

- If hardware is involved, then MS changes to the HAL layer, etc.

All said, simple win32 program from NT era will generally still work perfectly!

8
0

Do we need Windows patch legislation?

Paul Crawford
Silver badge

Re: Phoenix company solution ...

Create a UK subsidiary

Said company is required to escrow all source code before any more of the mother company's product is allowed to be sold.

1) declare the UK subsidiary which holds the liability for patching bankrupt.

Source code is released under escrow terms for others to fix.

2
0

Uber is a taxi company, not internet, European Court of Justice advised

Paul Crawford
Silver badge

Re: countries with "great" in them?

This provides the answers:

https://www.youtube.com/watch?v=rNu8XDBSn10

1
0

European Patent Office dragged to human rights court – by its own staff

Paul Crawford
Silver badge

Re: They're doing it al wrong!

Ah, you mean a visit to Spiny Norman? That will fix him...

3
1

How to remote hijack computers using Intel's insecure chips: Just use an empty login string

Paul Crawford
Silver badge

Re: I used to be excited about AMT

Come now, no one in their right mind would put a iLOM / DRAC style management port on t'Internet! At least they are (usually) on a separate physical port.

If you do want remote management you should be jumping in through a VPN first as a minimum as they are notoriously buggy and insecure.

Also not mentioned: Is this Intel vulnerability also exposed over WiFi? Could add a whole new set of fun & games available on public WiFi hot spots!

1
0
Paul Crawford
Silver badge

Re: AMD

From this particular bug yes, but probably they have their own ones...

2
0

Microsoft says: Lock down your software supply chain before the malware scum get in

Paul Crawford
Silver badge
Facepalm

Re: So ultraedit ehhh?

Come on, its bound to be an Adobe package! They love running their own updater process at start up.

3
0

China's first large passenger jet makes maiden flight

Paul Crawford
Silver badge

Why would the EU mandarins have to punish the UK over Brexit?

Our own shower of shit glorious leadership are doing the job or ruining the UK perfectly well without any assistance.

12
2

systemd-free Devuan Linux hits RC2

Paul Crawford
Silver badge

Re: It's fascinating that Linux now has the same problem as Windows

UTF-8 is great, but please don't be a muppet like the systemd lot and have your program crash if a non-UTF-8 character is used in a *comment*...

10
2
Paul Crawford
Silver badge

Re: Easy answer.

"What on earth do they know about producing enterprise ready, stable operating systems? "

Like RHEL 6 that is without systemd, perhaps?

10
1
Paul Crawford
Silver badge

Re: It's fascinating that Linux now has the same problem as Windows

"However, binary configuration files and binary log files are inevitable"

No they bloody well are not!

If, as you seem to think, that English is some imperial conspiracy then why do we not program in binary? Why do all major languages use it? Why is it the most common language in the world (mostly as the 2nd spoken choice)?

And if you need to translate binary to/from some local readable format, why not translate English/ASCII in the same way? Fundamentally providing a language-agnostic system is very hard work and you then lack any simple way to interact with it for development with just a text editor.

26
1

Boffins gently wake the Large Hadron Collider from annual hibernation

Paul Crawford
Silver badge
Pint

Re: inverse knights

A most splendid unit!

I guess another would be drink-related in terms of shots chucked in the general direction of one's mount?

3
0

Loadsamoney: UK mulls fining Facebook, Twitter, Google for not washing away filth, terror vids

Paul Crawford
Silver badge

Strong & Stable

Strong and stable, as in thick as a plank? They are strong and stable.

http://newsthump.com/2017/05/02/eu-dinner-was-strong-and-stable-claims-theresa-may/

(apologies in advance for the click-baity nature of that site's adverts)

2
0

KickassTorrents kicked out again, this time by Australia

Paul Crawford
Silver badge
Pirate

Re: Oh my god

But from a practical point of view:

1) It puts a block for the majority of people who don't understand that Google is not the Internet, or what actually happens when you click on any hyper-link or type in a URL.

2) It avoids the collateral damage of IP blocking if a site uses a shared IP address with other legitimate sites.

3) Those who understand how to bypass (1) would know to use a VPN to bypass (2) as well, so it not much less effective in practice.

4) It fairly cheap & easy.

7
0

Don't listen to the doomsayers – DRM is headed for the historical dustbin, says Doctorow

Paul Crawford
Silver badge

Re: This is interesting...

Doctorow and Orlowski have very differing view points, but that is good for a news site like this. Last thing I want it to be fed opinion from only one side (like more tabloid papers, Fox "news", Russia Today, etc)

7
0
Paul Crawford
Silver badge

Re: Convenience is the enemy of intrusive DRM.

"all major Steam games can also be torrented though, so obviously it's not an entirely effective DRM system"

There is no need for unbreakable DRM so long as the legal offering is good value for money (i.e. just works on any platform you realistically want, in the region you live, prices is OK). Keep the majority paying for the legal version and you as a business will do just fine and few will try hear to break it or share them, piss them off and you will find the torrents become the majority method.

12
1

Not auf wiedersehen – yet! The Berlin scene tempting Brexit tech

Paul Crawford
Silver badge

Re: Commuting time

That aspect is a major factor in how I, at least, would see any alternative location to move to. No point in moving to some city where your employees wast 2 hours or more of their life every day commuting. What is that equivalent to, around 10% of your waking life?

8
0
Paul Crawford
Silver badge
Gimp

Re: Why Berlin?

Don't forget the "Speciality clubs" that Berlin is famous for. Allegedly.

6
0

Stanford Uni's intro to CompSci course adopts JavaScript, bins Java

Paul Crawford
Silver badge

Re: Just teach them Python

Python looks to me as a good choice. But it, along with JavaScript, both have one serious aspect that is lacking - strong (maybe any) data typing.

Yes, it is really handy not to worry about small details like is it integer, float, character string, etc, when you still have to grasp the basic concepts (maths, branching, subroutines, not to re-implement libraries) but I have met people programming in C++ with "more than a year experience" and they don't understand the fundamentals of what types mean to the CPU, etc.

Get my day's rant in early!

10
1

Would you believe it? The Museum of Failure contains quite a few pieces of technology

Paul Crawford
Silver badge

Re: Betamax - Betamax quality wasn't actually that much better.

Really the success of VHS was down to more suppliers of VHS players (Sony licensing I guess) and so video hire shops (remember them?) stocked way more VHS titles, leading to positive feedback. Same for availability of grumble flicks. Er, allegedly.

On notable failures we should also list Sony for its various attempts at forcing propitiatory tech on the world in the face of better/cheaper alternatives:

1) Mini-disk player, good idea in many way but way too expensive. DRM. Struggled to displace audio cassettes. Both died when SSD came along.

2) Memory sticks.

12
0

systemd-free Devuan Linux hits version 1.0.0

Paul Crawford
Silver badge

Re: It is not that clearcut

It is a shame that Canonical gave up on 'upstart' as it was almost what was needed: an init process that could handle parallel start-up and dependencies. It could also be run as a user PID if users wanted an event-drives start-stops system, say for removable storage. And there it stopped, as it only wanted to be 'init' and not an octopus.

19
0
Paul Crawford
Silver badge

@ lpcollier

"A change of init system isn't something we should be doing more than once every couple of decades, but systemd seems very good to me."

The problem is systemd is not JUST an init system, it adds in binary logging, time setting, module loading/blacklisting, and all sorts of other stuff that were pretty much already solved and workable. And in many cases it adds bugs/issues that seemingly just don't get fixed if they are not in line with Pottering's personal outlook.

If it were just a paralleled start-up system there would be far less issues, but instead we have fsking *desktops* like GNOME has become that have systemd as a dependency, WTF?!

42
0

PACK YOUR BAGS! Boffins spot Earth-size planet most likeliest yet to harbor alien life

Paul Crawford
Silver badge

Gravity well problem

While it is a pointless technicality given we can't get there in any foreseeable time or technology, it is worth a moment to consider that at 7 times the Earth's mass you could not escape its gravity well using chemical rocket engines.

But if you made it there in the 1st place you would be using some nuclear system or something we have not imagined (or maybe just considered possible) yet, so a technicality really.

For more on chemical engine limits: https://www.nasa.gov/mission_pages/station/expeditions/expedition30/tryanny.html

2
0

UK.gov survey shines light on cybersecurity threats to businesses

Paul Crawford
Silver badge

To be fair, they do have some useful (and moderately readable) guidance:

https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach

https://www.ncsc.gov.uk/guidance/macro-security-microsoft-office

https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts

2
0

Chap 'fixes' Microsoft's Windows 7 and 8 update block on new CPUs

Paul Crawford
Silver badge

"I don't see the point of installing linux so I can run windows in a vm when I can run windows natively"

Err, wasn't the point of the article that you won't be able to, unless you got to Win10 or stick to old hardware? A pretty good reason to virtulise in my book.

Also easier to change hardware (no re-licensing as Windows won't see the change) and less malware problems as many of the nastier sort don't run in VM environments to thwart analysis, and there is a damn sight less* for Linux in the first place if you use it for email and web browsing.

[*] less != none, you still have to patch Linux boxes and not to do dumb stuff.

17
0
Paul Crawford
Silver badge

"Many alternatives support limited range of hardware and are missing specialised functions"

Is this hardware connected via USB ports or RS232?

If so you can probably use a Windows VM for driving your telescope/camera/etc since most emulators allow for simple connection of common PC I/O ports.. Then you don't have underlying hardware platform issues and can easily save the VM and move it to another machine as needed.

9
0

Will the MOAB (Mother Of all AdBlockers) finally kill advertising?

Paul Crawford
Silver badge

"People don't hate adverts, just awful adverts"

That kind of sums it up, along with the observation that the awful sort is basically virtually everything.

Had the advertisement industry kept to low-bandwidth and discrete side bars that did not distract the user, act as a malware vector or soak up all usable bandwidth/CPU/screen area most users would not bother with ad blockers. But they didn't, and now here we are in a world where many web sites are pretty intolerable without an ad blocker.

What is the solution though? We have such a race to the bottom in web funding and nothing viable in sight that would make most people chose another means of supporting sites. Many have talked about micropayment options instead of the sordid world of on-line advertisement, but none have taken off.

44
0

How to breathe new life into your legacy kit now you've gone hybrid

Paul Crawford
Silver badge
Joke

"Reusing five-year-old network string is a flogging offence"

Would that be with the CAT-6 of nine tails?

7
0

Profit with just one infection! Crook sells ransomware for $175

Paul Crawford
Silver badge

Depends on how 'mature'.

Btrfs supports snapshots and is supposed to be production ready now. ZFS works well but you have the licensing issues (if you care) and again you get copy-on-write snapshots so they take little space for most (i.e. non-changing) files.

So try one of those and set up a cron job for snapshots. FreeNAS offers that in the GUI as it uses ZFS, but you have to make sure you tell it to do the whole file system tree - so check it is actually snapshoting what you expected!

0
0
Paul Crawford
Silver badge

Which is another good reason to run Windows in a VM!

That and not having to re-license it if the motherboard dies, etc.

And the ability (in some cases) to snapshot the VM before doing anything potentially damaging.

0
0
Paul Crawford
Silver badge
Thumb Up

Re: Backups

RAID (or replication) != Backup

Exactly, it deals with service continuity in the event of hardware failures, etc. Not against deliberate trashing (though regular snapshots on replicated storage goes a big way towards it).

0
0
Paul Crawford
Silver badge

Yes, but a proper backup system comes in to your PC, so you don't have any access rights (normally) on the backup system. After all, if your admin rights are compromised on the PC in the first place to run the nastier sorts, then it can go after backups as well.

Of course, without any backup there is nothing stopping your account from permanently trashing your own files, which is one of the key reasons ransomware works - you don't need a sneaky zero-day privilege escalation, simply the ability to trick the user in to executing something by ANY means.

Setting user-writeable areas to no-execute may be a useful step...

2
0
Paul Crawford
Silver badge

Backups also help for other problems like: hardware failure, lost/stolen machine, user deleting something and wanting it back days later, having a moment of "gross administrative misconduct" at the root prompt, etc...

1
0

Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs

Paul Crawford
Silver badge

Re: Money first, patches later

Lets face it, Oracle dose not give a flying fsck about any hobbyist.

When Sun did well with Solaris it was when they engaged with universities, etc, to practically give it away so a generation of computer science students left knowing and generally liking it. Oddly enough that translated in to future sales when they got jobs in the real world.

Those days are long gone and not coming back, now its only Windows & Linux/Android.

4
0

Large UK businesses are getting pwned way more than smaller ones

Paul Crawford
Silver badge

Re: I'm a computer security "expert".

"So the question is more how do you make RDS access more secure?"

Again, I'm no expert but I would start by looking for cheap-ish routers (i.e. affordable to a small business) like some DrayTek ones that support a VPN and at least you have another access layer before the world+dog can have a go at the server's remote log-in port. Not sure if they support using a certificate for VPN log-in but that at least gets away from piss-poor password choice.

0
0

eBay threatens to block Australians from using offshore sellers

Paul Crawford
Silver badge

Re: Netflix tax

Netflix do a good job of stopping you accessing them from the "wrong country" via a VPN to pay for stuff, so I'm pretty sure its easy for them to identify and pay any local taxes that are due.

1
0

Alert: Using a web ad blocker may identify you – to advertisers

Paul Crawford
Silver badge

Re: Sorted.

That has been my thought, we need a browser that deliberately randomises things like canvas drawing and reported fonts, plugins, etc, so every site you visit has something a bit different.

OK, your IP address is an issue but you can use an IP-sharing VPN to anonymise that if you really need to and typically IPv4s get shared in many cases as a few machines behind NAT, and ISPs typically change them anyway.

IPv6 could be a whole nasty bag of worms though if folk get a fixed block so advertisers know that they can ignore the bottom 16 bits and the rest is basically fixed by your ISP and not CG-NAT'd or anything..

0
0

Good job, everyone. We're making AI just as tediously racist and sexist as ourselves

Paul Crawford
Silver badge

Re: @ Infernoz

Sounds like a relapse is occurring, please keep taking the dried frog pills.

7
1

Deeming Facebook a 'publisher' of users' posts won't tackle paedo or terrorist content

Paul Crawford
Silver badge

Thing is, you could achieve much the same with small fines, just a hundred quid or so for each post not taken down in reasonable time, and same for each appearance of fake/misleading adverts, and suddenly Google, Facebook, etc, would manage to deal with most of the crap.

After all, they are pretty good at following users with targeted adverts, so how hard is it to develop a "this users is an angry moron" sort of profile and limit their ability to post/share shit?

12
1

Drupal sci-fi sex scandal deepens: Now devs spank Dries over Gor bloke's banishment

Paul Crawford
Silver badge

I think he is referring to the orange one's misogynistic "pussy grabbing" tenancies.

10
0

Forums

Biting the hand that feeds IT © 1998–2017