* Posts by Paul Crawford

3510 posts • joined 15 Mar 2007

Windows Update borks elderly printers in typical Patch Tuesday style

Paul Crawford
Silver badge

Re: "I got myself a Mac and could still use my scanner"

"Anyway drivers are up to the HW maker, you can't really expect an OS deliver drivers for each and every device ever produced. Especially complex ones like scanners or printers which may have "

You can expect an OS not to dick around with the HAL to such an extent that new drivers are ever needed. Indeed, beyond the occasional "big shift" there is SFA reason for hardware drivers to break. Not that FOSS is always much better (looking at Firefox, that recently fucked over useful API's) but you are not so much at other's mercy if it does change...

10
2

Prosecute driverless car devs for software snafus, say Brit cyclists

Paul Crawford
Silver badge

The cyclists have a point, but in a roundabout way: Why should the owner of an automatic car be liable for *any* expense that was not directly of their own doing? Sure they should have insurance for many aspects, but in the event of the self-driving software being at fault to any degree the car company should pick up the whole bill.

Sadly I see moving the costs to the public, via the insurer's premiums, will not result in enough pressure on the software development to deliver something safe and reliable.

I mean look at Google going for this given they never provide anything but 'beta' software, and never guarantee anything in the way of functionality, safety or security.

15
2

Munich council: To hell with Linux, we're going full Windows in 2020

Paul Crawford
Silver badge

Re: "When it's political, technology cannot do anything."

I guess another unanswered question is how many of those 800 programs are supported for the planned Windows 10 roll out?

If they have many legacy issues, which seems to be a root cause, they may find they are in the same situation of various old/unfamiliar systems being kept for widget2000 that barely runs on XP, and only pre-SP3...

14
2

Brace yourselves, fanboys. Winter is coming. And the iPhone X can't handle the cold

Paul Crawford
Silver badge

Re: You're touching it wrong ?

Oh dear, I hope you did not have visions of Garry Glitter Jimmy Savile Kevin Spacy on hearing that...

26
4

BOFH: But soft, what light through yonder window breaks?

Paul Crawford
Silver badge

"But they sometimes get bosses they like!"

Indeed, what is better than a boss who is willing to get his hands dirty for the greater good? One who's aims are *broadly* in line with the BOFH and PFY? Also must come as a great relief to know that it is not only their window that seem to be an H&S trap...

Methinks a few nice new 4k monitors and fast desktops are coming to desks near by, such as shame of one was *caught* with pr0n on it...but maybe the boss is too useful...

3
0

Irish priests told to stop bashing bishops

Paul Crawford
Silver badge
Headmaster

Re: Perhaps what they need is lawyers?

Bend over Sparticus, its poker time!!!

https://www.youtube.com/watch?v=rBhTIoIXoTI

2
0

Intel's super-secret Management Engine firmware now glimpsed, fingered via USB

Paul Crawford
Silver badge
Facepalm

No to mention the plan for USB access via web browsers, wonder if that would somehow allow the JTAG access? Oh the fun we can look forward to...

8
1

Qualcomm is shipping next chip it'll perhaps get sued for: ARM server processor Centriq 2400

Paul Crawford
Silver badge

+1 from here!

I would really like alternatives to 64-bit x86 that were easy to buy and supported on more than one OS (even though it is probably just Linux for my projects in mind).

Competition is good! Much more so if the alternative is not Oracle!

14
1

UK's surveillance regime challenged in landmark European court hearing

Paul Crawford
Silver badge

Gunpowder

I saw the last episode and it looked well produced, but there were aspects that made be doubt its historical accuracy.

I'm not a historian but I think the conversation between Guy Fawkes and King James was longer/more detailed than in the show, and I think the issue of torture and its application was not a "done thing" at the time, instead they had to get the King's permission and he gave it but with the proviso they started with the "gentler" torture and "so on until the worst", but in fact they did not much the first day beyond questioning him then went straight for it and put him on the rack and broke him physically & mentally on the 2nd day or later, though the degraded post-torture confessional signature of Guy Fawkes was a realistic reflection on the brutality of his treatment. Also he did jump (or was allowed to jump?) at the execution but it broke his neck so he was dead before any attempt to disembowel him. Unlike the other poor buggers who did get the hung, drawn & quartered treatment.

5
0
Paul Crawford
Silver badge

Re: ECHR 1581

"So UK government has essentially ignored the ECHR ruling"

Well until Brexit and they no longer are allowed to handle EU citizen's data and companies complain about lost profits. That might be heard, even though actual British citizens being screwed over is ignored...

5
0

Oh Brother: Hackers can crash your unpatched printers – researchers

Paul Crawford
Silver badge

+1 up-vote for the AC

Always treat your printers as vulnerable devices to be kept on their own little subnet without external internet access and unable to initiate attacks upon traffic to your main machines.

3
0
Paul Crawford
Silver badge
Facepalm

Re: Tip of the iceburg...perhaps.

So 3D printer on internet, shit security, what do you do expect those discovering it to do:

1) Try to inform the owner/supplier of the problems?

2) Use said device to attack others within the company network?

3) Send it files of 3D penises to print out?

9
0

$10,000-a-dram whisky 'wasn't even a malt'

Paul Crawford
Silver badge
Trollface

Re: @Big John

"Yes, we are aware there are self-haters among us"

You don't have to feel so bad about yourself, just cheer up and let your feelings go!

7
0

ICANN gives domain souks permission to tell it the answer to Whois privacy law debacle

Paul Crawford
Silver badge

I am no lawyer, but I expect the incoming EU rules don't allow a privacy-breaking contract. I.e. you can ask if someone wants to allow something such as whois entry, but not prevent them from doing business if they demand their privacy is respected.

So probably EU-based registrars could have an opt-in tickbox, but if you opt out then they still have to manage your domain but with a private registry entry. Which is sensible, but probably against what ICANN's lobbyists want.

8
0

French senator demands public inquiry into Microsoft military deal

Paul Crawford
Silver badge

"Good luck with anyone here in the UK giving a crap..."

Well post-Brexit we will face a review of our suitability for holding and processing data on EU members and won't have the national security get-out clause to defend it, so UK business might well give a monkeys. Whether on not that makes it through the clueless politicians and home office data-fetishists is another matter...

9
0

Tor blimey, guv'nor: Firefox to try on privacy tool's Canvas gloves to leave fewer fingerprints

Paul Crawford
Silver badge

Real question here

Why do we need browsers to reveal so much?

I mean I can see that time-zone is useful, and maybe a general browser identifier for handling the stupidity of IE6, etc. But why should you report any more than the "essential" fonts, if at all? Why, oh, why, report what plug-ins you are running?

It seems a lot of this privacy issue would go away if browsers had a Sparticus mode that just reported the basic build and time-zone so anyone with a vaguely current system would have something like 4 OS choices, maybe 4 browsers, and a timezone, so less than 1k permutations for everyone in the world.

Not quite perfect, but knowing you are a Firefox/Windows/UK-time-zone users only narrows you down to a few million (ignoring the obvious issue of IP address by assuming you care to use a VPN).

6
0
Paul Crawford
Silver badge

Re: Sailing not surfing

AFIK canvas fingerprinting uses small differences in GPU, compiler optimisation, etc, to show up as a different hash for the same nominal drawing.

So why not add a 0.25 pixel random dither to the drawing? Not enough to change the rendered image to the human eye, but enough to swamp the machine-dependent differences and every drawing on the same machine is then different.

5
0

F-35s grounded by spares shortage

Paul Crawford
Silver badge

Ah, so the USA does have a 'welfare state' but only for defence workers?

20
0

Why are we disappointed with the best streaming media box on the market?

Paul Crawford
Silver badge

Re: Personalisation

A bit like those adverts for stuff you have already bought, based on the fact you searched for it before buying something.

10
0
Paul Crawford
Silver badge
Pirate

Re: What does it do...

"Many providers won't allow HD or 4K content on PC without a protected media path."

And for those cases we have The Pirate Bay...

10
0

BOFH: Do I smell burning toes, I mean burning toast?

Paul Crawford
Silver badge

The BIG red switch

Thing is who, when charged with "testing the backup power", actually goes to find the BIG red switch that disconnects the whole building from the incoming grid supply?

Its the only way to be sure. So if you want to really know, hire an Igor and ask them nicely to pull the switch.

Yes, the third switch!

15
0

The UK's super duper 1,000mph car is being tested in Cornwall

Paul Crawford
Silver badge

Re: Why so called?

Whippet? Whippet good?

With apologies to Devo...

2
0

NSA bloke used backdoored MS Office key-gen, exposed secret exploits – Kaspersky

Paul Crawford
Silver badge

Re: Kaspersky AV

"Sure and not your porn stash"

Don’t be ridiculous! Who has a porn stash that can be fitted on a floppy?

23
0

Oracle ZFS man calls for Big Red to let filesystem upstream into Linux

Paul Crawford
Silver badge

Re: Not going to happen

Oracle lawyers - yes, they might/probably will stop this

Red Hat - who cares? They are not "Linux" even though they are the biggest commercial outfit.

To add to the tale our work bout a ZFS appliance from Sun just before they were bough by Oracle and it was a disaster, but mostly not for the underlying ZFS system. The majority of stupid problems came from a combination of the Frankenstein "modified, not quite Solaris" version of the OS, the appallingly bad appliance management software, and the fail-over cluster system that mostly would not fail over except for a kernel fault (so it could be locked up, not serving files, but it STILL did not fail over). It had great promise, and feature-wise it was excellent, but the system management daemon was fragile and unresponsive (much more so if there was actually a fault) and simply not fit for production.

9
3

'We've nothing to hide': Kaspersky Lab offers to open up source code

Paul Crawford
Silver badge

Re: Broken Clock

True, both hands will point at precisely the place multiple times, but only at 12:00 will that coincide with the numeral indicator.

1
0

Legacy kit, no antivirus, weak crypto. Yep. They're talking critical industrial networks

Paul Crawford
Silver badge

Re: But who's doing this?

"We loved air gapped systems. people thought they were soooo secure."

This is often brought up when people point out the risks, but the reality is air-gapped is MUCH harder to jump than some womble's decision to put their machines on t'Internet for ease of access, cost savings, etc. Nothing is perfectly secure, it is all about manageable risk.

But some of the original points about out-of-date OS, lack of patching, no AV, etc, are all a distraction - in many cases you simply can't change the systems due to the cost and risk for the on-going production process. So you really are back to the old-school approach of not letting every muppet on Earth access your network. There are plenty of ways involving segregated networks, firewalls/VPNs, etc, and that has a cost and effort associated with it, but nothing like that of having your plant rodgered by some ne’er-do-wells who stumbled across your unprotected assets.

2
0

Hate to break it to you, but billions of people can see Uranus tonight

Paul Crawford
Silver badge

Innuendo

The Italian brand.

4
0
Paul Crawford
Silver badge

Re: "Which Zodiac sign is it in?"

Well start with your date of birth...

1
1

BOFH: Oh dear. Did someone get lost on the Audit Trail?

Paul Crawford
Silver badge

Maybe the BOFH sees the auditors as "useful idiots"?

You know when they find irregularities with some boss' expenses, but strangely enough their own have just been accidentally shredded due to some unfortunate mistake when old documents due for secure disposal were piled on top of the original copies requested for audit...

3
0

Neglected Pure Connect speaker app silenced in iOS 11's war on 32-bit

Paul Crawford
Silver badge

Re: Evidently never heard of escrow...

"I'd have to upvote Microsoft at this point for maintaining 32-bit compatibility with their 64-bit operating system"

Have you actually used the 64-bit version of MS Windows C/C++ compiler?

If so you will discover that part of the 32-bit compatibility is the fact that most normal types like 'long' are still 32-bit! Yes, you have to explicitly ask for 64-bit variables so porting a program and expecting 32-bit memory limits, etc, vanishing magically is going to be a surprise unless you have been very pedantic to always index using size_t or similar. This level of incompetence (or "easy of backwards compatibility" depending on your viewpoint) extends to some OS API where they still use 32-bit "time_t" even though that is one type that is now 64-bit in both 32 and 64 builds. See more here (also not this reported bug is over 10 years old now):

https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/674d34c9-b6f6-4380-bc7b-181eae99847a/timeval-struct-incorrect?forum=windowssdk

2
1

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Paul Crawford
Silver badge

Re: Missing the first basic step

"The problem with that is that a block of encrypted information does not look the same as a block of random data"

Only if the encryption is utterly incompetent.

Sure there might be systems where the encrypted file/partition has the odd header / magic number for file type identification, but those are not really a good idea and it does not change the statistics of encrypted block(s).

15
0

VPN logs helped unmask alleged 'net stalker, say feds

Paul Crawford
Silver badge

Re: Interesting, very interesting

"So using a VPN does not prevent the few competent flatfeet from connecting the dots, only slows them down."

Using a VPN prevents mass surveillance as it then takes some degree of effort to follow an individual but, as seen here, it is not some magic tool that makes you invisible in perpetuity. Same issue with logging: many VPN say they don't keep routine logs and that may well be true, but if they receive a court order in their jurisdiction (and more probably if it is in connection with a genuinely serious case) they will probably find some bits of information have mysteriously been left on their systems that might be of some assistance...

22
0

Schrems busts Privacy Shield wide open

Paul Crawford
Silver badge

Re: Waste of time

"And neither Europe nor anybody else can do anything about it."

Don't know about that, only takes a couple of cases that show its illegal in the EU and a swarm of no-win no-fee lawyers to start suing USA corps in Europe and things might start moving.

And before anyone says "you don't need to use Facebook" you might want to look at how so many companies are using it as their main portal / contact method to put it in to the 'effective monopoly' position that MS and Google have/are finding themselves being bothered with fines for abusing. Sure, if they have no business interest in the EU there is not much to do, but most of the big players are making money over here.

4
0

HPE coughed up source code for Pentagon's IT defenses to ... Russia

Paul Crawford
Silver badge

Re: Did I understand this right?

"Not that that would help them at all, since they can't be sure that the source code they check is the same as the source code that's used to create the binaries. Or the tools to create them."

Actually you can in any sane build system - if the binary matches your own build, its the same code UNLESS the compilers or libraries have a hidden trust issue (a la Ken Thompson).

And for the second point you can build open-source compiler tools independently using differing compilation tools, so unless someone managed to infect every available compiler in such a subtle manner, you can verify that side as well.

3
0
Paul Crawford
Silver badge
WTF?

"The Pentagon spokeswoman added that US military doesn't check off-the-shelf code it buys from vendors, trusting the manufacturer to get the security of its systems right"

Ha ha ha ha ha! Ha ha ha ha ha! <cough> Ha ha ha ha ha!

54
0

Patch your Android, peeps, it has up to 14 nasty flaws to flog

Paul Crawford
Silver badge

Re: "I'd go for user education"

Sorry, that simply won't work. The only thing that will make suppliers & importers take notice is liability for unpatched flaws after a certain time. You know the sort of thing that would happen in the traditional hardware world of cars, etc, when some safety factor comes to light.

Much as I distrust government meddling in technology, having some legal standards for, say, 5 years after the sale of any "connected device" would be a more workable answer. Sure those companies will bitch about profitability, etc, but the reality is they are currently shitting on the consumers by not doing it right in the first place (and by "right" I mean having a proper system for support and patching planned for and used, as some bugs are inevitably going to happen).

9
0

BYOD might be a hipster honeypot but it's rarely worth the extra hassle

Paul Crawford
Silver badge

Re: Break Your Own Defenses

"But it's not a corporate device. It's a private device. That's the whole point of BYOD."

Apologies if not clear, but I was responding to the assertion from Amos1 that "Of course, corporate-owned isn't much better"

4
0
Paul Crawford
Silver badge

Re: Break Your Own Defenses

There is a simple fix for that, as its a corporate device you practice a monthly test of wipe-reinstall so only corporate synced data remains long-term. And you TELL the users this will happen and send a reminder a day or so before the appointed test cycle.

As a useful side-effect, you know the remote wipe works, and the phone is unlikely to fall over due to it being stuffed with cat videos (insert your own entendre about "pussy or cougar?").

10
3
Paul Crawford
Silver badge

Re: No hassle here.

"As our entire platform is Android (as most of the world is Android), we don't have any app compatibility headaches, and we can lock out really old Android devices that aren't patched to at least a reasonable level"

So its your kit then? Employees are free to buy whatever they want for themselves to use and keep it as long as they feel its worth using, and if its not compatible then you provide an alternative?

So how is this BYOD?

23
0

Brit prosecutors fling almost a million quid at anti-drone'n'phone ideas

Paul Crawford
Silver badge

Re: Trained Pigeons

Fool! You should be genetically engineering sharks so they can fly, then you add the laser.

14
0

Have MAC, will hack: iThings have trivial-to-exploit Wi-Fi bug

Paul Crawford
Silver badge

Re: Now I'm Confused

Its simple choice really:

1) Upgrade now and break your applications and get lots of annoying new bugs

2) Don't upgrade and get you machine screwed over by miscreants

9
0

My name is Bill Gates and I am an Android user

Paul Crawford
Silver badge
Gimp

Re: "it should be shoved down his throat"

How kind you are! Some other less considerate commentards might have suggested different, er, I/O ports to be used...

3
0

IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS

Paul Crawford
Silver badge

Re: do not ask for whom the monkey masturbates

Er, how is having a stupid default user-name/password and no patching policy on an Internet-of-Shit device the fault of the lead kernel developer?

23
0

Ah, good ol' Windows update cycles... Wait, before anything else, check your hardware

Paul Crawford
Silver badge

Re: I'm confused

It has nothing to do with the bus-width, but related to features that newer CPUs have and often only work in the CPU's 64-bit mode, or were only added to the 64-bit version of the OS. As others have pointed out, some techniques such as ASLR are more effective the greater the possible virtual address space that is available (irrespective of actual usable RAM).

But even beside that, you usually get a modest speed advantage (I have seen ~30%) in 64-bit mode for numeric-heavy software just because you can do more in a single bus operation, and the 64-bit mode for the x86 series has more CPU registers that allows better code optimisation when built for it.

1
1
Paul Crawford
Silver badge

Re: Hardware Refresh

Well being charitable about the article: It does make a lot of sense to consider a major OS shift as part of a hardware refresh cycle, and that applies more or less to everything (Windows, Linux, Mac, etc).

Certainly for bigger organisations on the basis that you don't want the pain of a change in OS/application behaviour, testing, and fixing any more often than around 5 year intervals and by that point your hardware is due for a change anyway just to keep the failure rate down. Said new machines probably have SSD which is a genuinely useful speed-up (if you can tolerate the cost/storage ratio).

But personally I don't really want Win10 and its spying in all but the most expensive enterprise version...

2
1
Paul Crawford
Silver badge
Trollface

Re: Sponsored

No, this is much better than the usual web adverts because we all get a chance to bitch about it.

9
1

Google's Big Hardware Bet: Is this what a sane business would do?

Paul Crawford
Silver badge
Joke

Re: Good plan

"If Google can design and control the manufacture of both, they should be able to respond to problems and get a resolution faster."

You mean like Microsoft and the various Surface problems?

8
2

UK PC prices have risen 30% in a year since the EU referendum

Paul Crawford
Silver badge

Re: Hmmm

"have just used this as a bloody good excuse to increase margins and shaft UK punters at the same time."

Brexploitation

Heard it first on El reg, though a price rise was inevitable given the way the pound tanked when the markets realised what a lot of wombles we are.

13
0

Mad scientist zaps himself to determine the power of electric eel shocks

Paul Crawford
Silver badge
Joke

Re: One bit of history I've remembered

Rectum?

It sure did! They could not sit for days!

8
0
Paul Crawford
Silver badge
Boffin

Re: 960 Ohms

Ah, but did it have a gold band for 5% tolerance?

Experimental error should be properly characterised...

8
0

Forums

Biting the hand that feeds IT © 1998–2017