* Posts by Paul Crawford

3271 posts • joined 15 Mar 2007

Huawei P9 Plus: Leica-toting flagship gets a big brother

Paul Crawford
Silver badge

Re: Barelling

Yes and no. True you loses data and so on, but given the total pixel count of most sensors is way above what is needed for an acceptable image, simply discarding 5% of the edge is fine as long as that is what you see when taking it (i.e. subject framing is correct).

0
0

My Microsoft Office 365 woes: Constant crashes, malware macros – and settings from Hell

Paul Crawford
Silver badge

Re: What does putting my Windows installation in a VM do for me?

2bi) Yes, most browsers support some sort of sandbox protection mechanism. But I quite like apparmor as its a separate protection mechanism (so two steps to p0wning your PC), and it allows you to define *where* the process is allowed to read and/or to write.

That is a nice feature, so you can't have a compromised browser encrypting your files outside of, say, ~/Downloads, nor reading sensitive stuff (say ~/.ssh contents) and sending to some Bad Guy even though it has the same nominal privileges as your own account. Also it can't overwrite your .bashrc file or similar (in your name) and it has two levels to breach to overwrite system files in order to permanently p0wn the machine for a single account or for everyone.

Sure I know its not perfect, but defence is all about layers. Just like Ogres have...

2
0
Paul Crawford
Silver badge

Re: What does putting my Windows installation in a VM do for me?

1) Probably - not had to look at that so far. But VMs also cover OS version/patch-level screw-ups in dependency...

2biii) If you mean opening a web page, no that is fine as email & web on Linux (assuming you sort out a client, of course). If you mean opening a word doc directly from email, maybe that limitation is a blessing in disguise?

3) True, but accepting the generally crap state of AV tools so far, I would rather like the *smart* malware to fall at this final hurdle.

5) For keeping up with new, yes. But what of supporting clients that stick to Office 2003 (or 97)? In that case you may well keep going for new OS but still want to keep an old OS and software on hand.

1
0
Paul Crawford
Silver badge

Re: What does putting my Windows installation in a VM do for me?

1) Allows multiple VMs to avoid the "this version of X won't coexist with that version of Y" sort of shit.

2) You can have email / web on Linux with (for the foreseeable future) less total risk than on Windows especially if you use apparmor on the browser, etc.. Though of course having a Linux VM on Windows could also do that.

3) Deters advanced malware from running if it detects your copy of Word, etc, is running in a VM that could be used for analysis.

4) The VM can be moved across hardware platforms during upgrades without the shitty business of re-registering it with MS.

5) In a decade's time the VM's internals (probably) look the same even though you are 3 generations of hardware down the line so you don't get a "sorry Dave, I can't let you run this OS on unknown hardware" sort of problem.

But for games then dual-boot otherwise performance will suck big time for intensive graphics.

5
1
Paul Crawford
Silver badge
Unhappy

Re: Thunderbird with Lightening

"I was...my Outlook email into a file Thunderbird could read"

That is a damn sight better than Google managed with tools to import stuff to Gmail

6
1

Plenty of fish in the C, IEEE finds in language popularity contest

Paul Crawford
Silver badge
Joke

Re: FORTRAN at 42%

Similar here, I manage to write C programs in python as needed.

0
0
Paul Crawford
Silver badge
Paris Hilton

Re: Shell scripts

ALGO69? Is that what powers pr0n sites?

2
0

What's long, hard and full of seamen? The USS Harvey Milk

Paul Crawford
Silver badge

Re: What would Aubrey and Maturin say?

Why should the ship/boat not be a "she"? Probably as many women like anal sex as men, which is frequently the definition of sodomy. Allegedly.

3
2
Paul Crawford
Silver badge

Re: I am struggling to understand...

I also think you will find that El Reg's commentards will enjoy any opportunity to slip in a double entendre or three, or make bad-taste joke where sex of any orientation (and preferably of all orientations) it connected with big machinery.

12
0

Cyberpunks might not be crooks but they're really very rude

Paul Crawford
Silver badge

Re: And I take objection to *this* article.

Maybe the lesbian version would be a "Cocking Dykelords" instead?

Or maybe the original cyberpunk just needs to take his dried frog pills?

0
0

Windows 10 pain: Reg man has 75 per cent upgrade failure rate

Paul Crawford
Silver badge
Linux

Re: Linux system upgrade may not be much better

I have found that distro upgrades are flaky if you have any unusual partitioning or RAID set ups.

As another penguin-botherer mentioned, always put /home on another partition as then you can simply re-install the OS partition without significant risk to your own data. Often better, when creating partitions in the first place, is to create one for / of say 20GB and another of about the same that you keep for a future upgrade, and then one for swap, (maybe one of 10GB for /tmp as well) filling the remainder for /home.

5
1

Google tells Android's Linux kernel to toughen up and fight off those horrible hacker bullies

Paul Crawford
Silver badge

Patching speed is probably the issue

While it is great that Google are improving the security architecture in general, if 90% of smartphones using Android still fail to patch things is a growing clusterfuck as ever.

Really, why can't the core OS and libraries be auto-patched for security as most Linux distos do?

9
0

IPv6 now faster than IPv4 when visiting 20% of top websites – and just as fast for the rest

Paul Crawford
Silver badge

Re: RS485 / RS232

Serial is still common in very low power devices as the overhead to implement a UART and the matching software stack is trivial in comparison. Seriously, work out the power used to be listening and able to respond quickly in both cases and you are in for a big surprise.

Also simplicity makes for reliability/security as you are only point to point and not having to fend of the barbarian hoards when someone forgets to properly firewall your system.

3
0

Don't use a VPN in United Arab Emirates – unless you wanna risk jail and a $545,000 fine

Paul Crawford
Silver badge

Re: Interesting

Not all VPN systems are good at making sure your DNS queries are also tunnelled, so it may well be getting local look-ups that Google is using to decide on your location.

Proper privacy / anonymity on t'Internet is surprisingly hard to achieve, as the occasional arrest of folk who piss off those in power (or those funding them e.g. the RIAA, etc) find out.

4
1

Airbus doesn't just make aircraft – now it designs drone killers

Paul Crawford
Silver badge

Re: They Are Only Effective If The Operating Frequency Is Standard

Realistically this is for "stupid", both in terms of idle morons doing stuff near airports, and similarly stupid jehadies wanting to re-purpose commercial stuff for terrorism.

Of course, there might be a 2nd step of action if the RF deterrent is not working...

0
0
Paul Crawford
Silver badge

Re: Citation?

Realistically there is more to worry about with simple stupidity around airports and similar situations.

4
0

Is digital fraud big in UK? British abacus-botherers finally have some answers

Paul Crawford
Silver badge

Re: Rethink time

Exactly. So much of the problem is simply crap software.

This is made more crap by the mind-set that software is expected to be shit, so bugs are accepted, vendors not held to account, and people simply click on "OK" without reading that pop-up asking of shaftmewithatoastingfork.exe should be allowed to run.

Second aspect of a lot of this is the lack of 2FA for important stuff, or the "two factors" both relying on a single device like a phone that may already be compromised.

1
1

IETF boffins design a DNS for digital money

Paul Crawford
Silver badge

At last! Now I can have my robot monkey butler!

0
0

Nope, we can't find dark matter either, says LUX team

Paul Crawford
Silver badge

Re: 371kg of cold liquid xenon

At least you did not go for anything kryptic...

2
0
Paul Crawford
Silver badge

Re: 371kg of cold liquid xenon

I should react to that, but seem to find my shell full just now.

9
0

We're not looking for MH370 in the wrong place say investigators

Paul Crawford
Silver badge

Re: No One Wants The Flight Found

Really? Other than a handful of nut-jobs, everyone in the area of science and technology wants to know what happened so there is a better chance of it not happening again.

This is not some shitty OS that crashes and people just shrug their shoulders, reboot, and try to redo the last hour or twos lost work. Here it really matters!

Even if it turns out to be a human fault, or even a deliberate action, we can learn and make it less likely in the future. As already pointed out, the lack of a squawk that said something useful about location and status is something that is trivial to remedy, but some other failure scenario may be present but no one has seen it yet (other than the poor souls on board MH370) so knowing that would allow something to be done.

16
1
Paul Crawford
Silver badge

Re: MH370 and MH17 were organised by the same people

Too much schnapps, too little dried frog pills.

10
0

Official: AMD now stands for Avoiding Miserable Death

Paul Crawford
Silver badge

Open?

Now if only AMD would open up the management processors, etc, so a proper audited open-source BIOS could be offered for matching motherboards we might be able to use less tin foil for our millinery needs.

7
5

GOP delegates suckered into connecting to insecure Wi-Fi hotspots

Paul Crawford
Silver badge

Interesting. Wonder if those networks deliberately interfere with VPNs, or maybe VPN traffic is just less tolerant of shitty networks?

0
0

The cloud ain't making it rain for Intel right now: Tech giants pause server chip sales

Paul Crawford
Silver badge

Re: Data estimates

"autonomous car .. about 40GB a minute of data"

Very likely in its own sensors, but almost bugger-all of that will be hauled back to the cloud as the radio bandwidth is simply not available for the huge number of cars in most cities (along will all of those trying to use youtube on mobiles, etc).

Sure they might sell CPUs for on-board processing but most likely it will be ARM for lower power and cost if the car companies have anything to say about it.

3
1

Microsoft to rip up P2P Skype, killing native Mac, Linux apps

Paul Crawford
Silver badge

My first thought was this is so they can slurp your data to whore you to advertisers (and paying gov departments) just like Google do. And Win10 does.

Having thought about it a bit more, that is also my 2nd thought.

Edited to add: What are the real alternatives to Skype these days? Something that is cross-platform and not dependent on a big data-slurping company? Might be useful to know.

29
2

WhatsApp goes to Rio (again), but the battle is far from over

Paul Crawford
Silver badge

"a bill to regulate services like WhatsApp, including a requirement that services maintain a local office and enable lawful intercepts"

That might work for something like WhatsApp, assuming they are willing to do an about-turn and break any pretence of privacy and encryption to stay and set up offices there. Which I kind of doubt given they are not exactly making money off use but from slurped metadata and a mass exodus of users to another would make that much, much less useful. Also it might become a political hot potato if the masses of current users are unhappy about all of this.

However it is kind of pointless move because it sends the message that businesses can't use secure encryption, only what is approved for state snooping on. Also I am sure we will simply see the rise of P2P apps that are all but impossible to block at a network level (e.g. use same ports as web browsing or other apps, no single IP range to central servers to block, etc).

3
0

WhatsApp gets another Brazilian whack as magistrate blocks it again

Paul Crawford
Silver badge

Re: No central provider.

"way around E2E encryption should be compromising the physical endpoints"

This is very likely to be possible with any phone, including those featuring in the current criminal cases, given how crappy the software is. But it much simpler and cheaper to shoot the messenger, isn’t it?

1
0
Paul Crawford
Silver badge

Re: I love how

The judge is indeed asking that messages (for the "criminals") be recorded before encryption and handed to authorities. Well, not asking... ordering.

Is this on-going (i.e. a request to change it) or for an case on trial where they want stuff that it is too late to change?

And no, she is not trying to bypass parliament, as the law that allows her to demand such things already exists.

I think the point is this does not already exist for WhatsApp, and the system was designed that way to avoid criminals, spooks and nosy ISPs from listening in. In effect she is demanding that a change is made to back-door the system for surveillance purposes. The question is whether or not there is an existing law that applies to over-the-top suppliers like WhatsApp that mandates such access. Do they clearly fall under telecoms regulation, for example, where this is often that case, or not?

If not she is trying to make properly functioning encryption in software illegal by the back door of punishing a supplier for not having the ability to sneak in to its customers data, and not by parliament making that an explicit aspect of law.

0
0
Paul Crawford
Silver badge

Re: I love how

The two options are:

1) The judge is a technical incompetent and unable to comprehend how properly implemented encryption works.

2) They are trying to bully WhatsApp in to creating a back-door but without going through the Brazilian parliament, etc, to do so in an open and properly debated manner (such as having a telecoms regulation that explicitly covers over-the-top providers like this).

The motive for (2) is probably not wanting to alienate the population or businesses that then see proper encryption as illegal and not something that protects you from the multitude of criminals (private or "state") who also want your information.

2
0

Opera sells open-source Chromium browser for $600m to Chinese bods

Paul Crawford
Silver badge

Re: The you-know-who is warming up backstage

"Given the Chinese USA government's constant attacks by the People's Army hacking units NSA and others, running Chinese American closed source software represents an unacceptable risk."

Any different?

11
1

Windows 10 a failure by Microsoft's own metric – it won't hit one billion devices by mid-2018

Paul Crawford
Silver badge

Re: "run MS Office"

Appears you can use Office365 using a Linux based web browser:

http://www.sdselite.com/7351/2015/04/15/working-with-office-365-and-linux/

7
1
Paul Crawford
Silver badge

"run MS Office"

Options appear to be:

Find one with Win7 (or a spare install licence) and lock it to block win10 updates, living with the EOL risk.

Get a Mac and use the Mac version of Office

Use a VM on Mac/Linux to host Windows & Office. That way you can deny it network access and use, for example, the VMware shared folders so stuff can be up/down loaded by email.

Use Linux and on-line Office365, after all it will be based on web standards?

21
2

Coup-Tube: Turkey blocks social networks amid military takeover

Paul Crawford
Silver badge

Re: There's more!

I think you mean "by spreading obvious bollocks through the moron-net in a manner that even the Daily Mail and Morning Star would be ashamed of".

8
0

Empty your free 30GB OneDrive space today – before Microsoft deletes your files for you

Paul Crawford
Silver badge

Re: Not quite $0 per month ...

So £38/month for around 12TB of protected storage (i.e. 400 times the original MS offer) assuming RAID-5 on each of your NAS and then they are mirrored somehow, and with gigabit access speeds and no dependency on foreign government policies.

Hmm, how much for the same size and speed from a cloud provider?

7
0

Windows Server-as-a-service: Microsoft lays out Server 2016's future

Paul Crawford
Silver badge

Re: So a major price increase then...

Sad, but predictable.

Many years ago when I was using w2k and then XP I was pleasantly surprised when MS decided to go per-processor licensing as we saw the first multi-core x86 appear, instead of some complex and ultimately rather pricey per-core formula as Oracle and the rest of the "old guard" pushed.

Now that practically all my software development is for Linux first, with Windows support as an after thought for "the old guard" perhaps I shall not care...

1
1

You can buy Windows 10 Enterprise E3 access for the price of a coffee

Paul Crawford
Silver badge

Re: @DainB

"Excel is a swiss knife type tool every accountant knows on a level you would not master in years."

Very true, but why do people assume that a general migration to Linux means EVERYTHING must be Linux?

In my own limited experience, most folk are happy with Linux for many things, and the few business-critical programs you really must have can often be run in a VM of Windows. Said VM can be minimal, have limited network access, and generally is a very secure way of doing things (given that a lot of smart malware avoids running in VMs to evade analysis).

Sure it is an extra training step for those users, but my 75 year old and largely computer-illiterate father was able to master VM use for a specific genealogy program. I'm sure your accountants, etc, would manage it fine if given a couple of minutes tuition and a cheat-sheet of things to remember.

2
1

Florida U boffins think they've defeated all ransomware

Paul Crawford
Silver badge

Re: ...or use honeypots

Use a server with something like ZFS that supports snapshots and is copy-on-write. Then seeing massive disk use between snapshots is a clear sign of bulk modification, plus you can go back to previous snapshots to recover the data quickly.

Try FreeNAS on, say, a bottom end HP Microserver with, 4 * 6TB disks or similar and 12GB or 16GB RAM. Under a grand for a system with 12TB of well protected storage. OK, you need to make damn sure that snapshots are on and *WORKING* (hint - make sure 'recursive' is ticked) and that control over the NAS is secured so malware cant go in and disable stuff or simply wipe it. But that is kind of basics anyway.

0
0

Nukeware: New malware deletes files and zaps system settings

Paul Crawford
Silver badge

Re: @asdf

"your main web browser should not even have access to a file system containing your personal files"

Except for everyone needing to upload and download email attachments if using web-mail, PDF data sheets, photos up to FB (for the vain and/or with family who pester them enough to bend over for a Zucking), etc?

Of course if you are properly paranoid you will already have an AppArmor profile for Firefox set to only allow read-only access to specific directories (e.g. 'photos') and only read/write to a sane place or two like 'downloads'.

0
0
Paul Crawford
Silver badge

Re: Linux mint and no longer have this sort of problem

For now.

You see, if you can run arbitrary software on ANY platform, then you can encrypt your own files (as pointed out above).

Sure it is less likely on Linux and one reason I migrated, but if you are properly paranoid about this then you will (A) have an isolated backup anyway as that covers hardware failures and "gross administrative misconduct", and (B) set user-writable areas to non-execute so you can't accidentally run something unpacked from an archive (because your were drunk and it promised good pr0n).

2
0
Paul Crawford
Silver badge

Re: This is why...

Not having admin rights should be the norm, but it only take one of many privilege escalation bug in ANY operating system to be back to having your machine toasted.

Really the only sensible mitigation technique is a working, tested, backup system that is not a simple extension of the main PC's file system. Also works for lost or damaged PCs as well...

6
0

VPN provider claims Russia seized its servers

Paul Crawford
Silver badge

Re: "every provider must log all Russian internet traffic for up to a year".

Why would law makers care about the costs that the public ends up paying?

Of course, if all web browsers suppliers added a "poke random web sites every 30 seconds" by default you could see those logs grow by a factor of hundreds and maybe then the big ISPs would have to make a noise.

4
0

SCADA malware caught infecting European energy company

Paul Crawford
Silver badge

Re: Never as easy as it seems from an armchair

But all of the vendors are like this and SCADA systems are niche products so where do you go to buy a system that wasn't designed by idiots?

This is why we need the law to step in and for security folks to draw up regulations, including things like operating in a VM as an essential attribute, otherwise no sale (and no insurance or license for a business which fails to follow the rules).

Sure there will be a lot of bitching at first, but niche market or not, we need a nice big stick to beat them with so all of the usual software good practice is followed. Things like forcing a declaration on matters like hard-coded passwords, support back-doors, operation with AV/VM tools, respect for proper multi-user practice (i.e. no need for interfaces to run as admin), 10 year or more support that will include replacing any protocol or SSL certificate found to be weak or compromised, etc, etc, etc.

2
1
Paul Crawford
Silver badge

Impressive analysis, but infection vector not apparent

Seems they do a lot to avoid VMs and sandboxes, so why are they not in more common use for security sensitive systems anyway? After all, the actual controllers are dedicated hardware boxes and the SCADA PCs just Windows machines to supervise them. Any reason why those PCs can't be run in a VM?

But how were those machines infected in the first place?

Why were they internet connected?

When will we see serious personal fines and jail time for managers who fail to put sufficient security design, monitoring and management in to critical infrastructure?

Trusting some AV or firewall vendor who said they would stop trouble is just not good enough. Unless, of course, they are offering to pay the fines and do the jail time if they fail.

13
0

Microsoft's cringey 'Hey bae <3' recruiter email translated by El Reg

Paul Crawford
Silver badge

Re: Every time I see "<3"...

Ah, the double polaroid moment:

https://www.youtube.com/watch?v=0ofl_UP3apM

5
0

Microsoft: Enterprise Advantage will be 'a step in quite a long journey to modernize our licensing'

Paul Crawford
Silver badge

You ought to be questioning why you use MS in the first place?

7
1

European Patent Office palace coup bombs

Paul Crawford
Silver badge

<cough> ICANN

5
0

Microsoft's Windows 10 nagware goes FULL SCREEN in final push

Paul Crawford
Silver badge

Re: A final throw of the Minty dice before

But at the present, I would NEVER install Linux - either Ubuntu or Mint on my Aunt Lucy's PC. Her old desktop could just not take the excitement of those interminable problem fixes via a list of arcane and lengthy commands.

Quite the opposite, I have put Ubuntu on father's laptop and friends' home PCs and it gives me FAR less support trouble than Windows and the inevitable AV that still fails to stop infestations. Oh yes, and none of this in-your-face nagware or the privacy violations MS are now pushing having conveniently forgotten all about the "Scroogled" campaign.

73
7

Isis crisis: Facebook makes Bristol lass an unperson

Paul Crawford
Silver badge
Trollface

@fandom

Yes, the The Register has a "down button"

5
5
Paul Crawford
Silver badge

Better still, express your displeasure by leaving Facebook and doing something interesting in real life.

82
4

Forums

Biting the hand that feeds IT © 1998–2017