* Posts by Paul Crawford

3468 posts • joined 15 Mar 2007

Sharing's caring? Not when you spread data across gov willy-nilly

Paul Crawford
Silver badge

Re: rule by decree

In this case I almost agree that parliament should pretty much waive the leave from europe through on the grounds the people voted to leave.

Er, no. The population voted in an advisory referendum to leave the EU. There was nothing about the precise terms of what "leaving" should mean, and since the vote was announced we have had bugger-all in terms of a clear vision and plan for what this move should actually entail. In fact we have had utter melt-down in the Labour opposition and the appointment of Ms May to the Conservatives as the least-worst choice, and that takes some biscuit for sure.

As such it is perfectly right and proper that the current government should present the details to parliament for approval before acting. The fact the don't like/want to do so shows both the arrogance of the prime minister and the utter lack of a coherent plan.

7
2

LAKE OF frozen WATER THE SIZE OF NEW MEXICO FOUND ON MARS – NASA

Paul Crawford
Silver badge

Re: McMars Distillery

Well at least you don't get your water from the depths of Uranus...

16
0

Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking

Paul Crawford
Silver badge

Re: "except for IP addresses"

They *are* the ISP so presumably could have their routers configured to block incoming IP addresses to any customer that should not exist (such as their own internal range, "Martian packets", etc).

Yes, I know, that is a level of security sense that goes one step above the already-failed step of limiting IP addresses in the first place...

4
0
Paul Crawford
Silver badge

To me a "backdoor" is an undocumented and sneaky addition, generally without an option to change its access credentials.

However, having a management port that is properly documented and can be secured is another. Yes, it is a risk but that can be managed by having multiple layers of security.

In this case its a double-fail - first the the login can be found from remote queries without needing the login, and second that such access was not restricted to a trusted and small IP range such as the ISP's own administrative machines (based on the sensibly paranoid approach that no single access method will be free of bugs or brute-forcing).

8
0
Paul Crawford
Silver badge

Re: Why does an ISP need access to your hardware

To be fair, they could also use it to push out updates to fix security vulnerabilities like this before they get comprehensively p0wned, as Joe Average user is unlikely/incapable of doing so. Oh wait...

As for having the management port not locked to their own IP range, as they did in the past, that is just such a stupid fsck-up that some senior people should be getting the boot.

13
0

Apple unplugs its home LAN biz, allegedly

Paul Crawford
Silver badge

Re: Does this mean Time Capsule gets the chop too?

Probably - as they can charge you rental for your data in the iCloud instead.

What do you mean, peasant? You don't have that large a broadband capacity? Doorman, throw him out to the gutter where he belongs!

8
1

Hyperloop One settles hangman lawsuit

Paul Crawford
Silver badge

The people of Dubai wont get to see that, nor the Flintstones movie for that matter!

But the people of Abu Dhabi do...

17
0

Microsoft's cmd.exe deposed by PowerShell in Windows 10 preview

Paul Crawford
Silver badge

I can see MS' point, but then I don't really care as I use cygwin or the better native Linux shells...

Oh dear it is useful for a few, but their number get fewer.

Some day no one will march their at all...

6
4

Surveillance camera compromised in 98 seconds

Paul Crawford
Silver badge

You assume a lot, in that who of they potential buyers knows how to check telnet passwords?

A more sensible approach would be for gov around the world to make default and non-changable passwords that work beyond the firt log-in attempt something that incurs a $1000+ fine per device.

Only then will suppliers not be fsking morons out of the box....

32
0

The encryption conundrum: Should tech compromise or double down?

Paul Crawford
Silver badge

Re: Trump can't force Apple to knuckle under using current law/court rulings

This means is is reasonably practical to ban the use of effective encryption, because it can be shown if you are using encryption that is not permitted.

Simple option is encryption over an encrypted channel, they see the outer breakable encryption due to the connection metadata but not the payload, unless they break and scan everything. That starts to become a serious load on the systems, unless there is a golden key in every router, in which case it will be mere minutes before foreign governments and criminals also have it. Yes, I'll spare you the Venn diagram of those two.

it would be easy to draft a law making illegal the mere possession of software capable of encrypting effectively.

For the pelbs you might be right, but governments have a habit of listening to businesses that stand to lose billions due to security breaches and they sure as hell won't be happy with such an approach.

2
0
Paul Crawford
Silver badge

Re: Please allow law enforcement access

Maybe that is the best argument?

Ask USA politicians if they are happy with giving Chinese and Russian courts the technological access to their communications because it follows due legal process for possible terrorism or money laundering claims.

9
0

KCL staff offered emotional support, clergy chat to help get over data loss

Paul Crawford
Silver badge

Re: counselling for data loss????

Well, lets look at the hard facts...

OK, praying is no less efficacious then KCL's previous data protection plans.

10
0

Low-end notebook, rocking horse shit or hen's teeth

Paul Crawford
Silver badge

Re: Chromebooks

Shops don't like them - no opportunity to sell AV software and MS Office* on the back of the machine's purchase. Otherwise they great for those wanting a keyboard and a pain-free way of getting Internet access.

[*] Which is actually useful, but the majority of people don't need more than the "free" Google docs or similar.

4
0

Google and Facebook pledge to stop their ads reaching fake news websites

Paul Crawford
Silver badge

Re: Bit late now

Some thought that social media would mean an improvement in the freedom of ideas without 'traditional media' and its agenda of money and politics.

Sadly what we see is "Idiocracy" turning out to be a documentary on how we as a population can de-educate and vote ourself in to oblivion.

20
2

UK NHS 850k Reply-all email fail: State health service blames Accenture

Paul Crawford
Silver badge

@RW

Worse - those stupid email clients that reply with any attachments also included in the endlessly growing email list.

1
0
Paul Crawford
Silver badge

Re: The usual suspects

Sadly I have seen both issues in use.

Case in point #1: one club that has 'reply' set to reply to the list because some folk felt it too hard to choose 'reply all' if they really meant it. As a result, you actively have to copy/paste an individual's email address if you don't want to spam to group.

Case in point #2: Where I work the number of (apparently educated) numpties who 'reply all' to stuff that has no real need of informing the original recipients is depressing. Even worse there were groups set up that allowed a replay-all to everyone, with the expected dumb outcome. At least those distribution lists now only allow a few people to post to them (the actual content is worthless, so its not a great loss).

3
0

Pay up or your data gets it. Ransomware highwaymen's attacks on small biz octuple

Paul Crawford
Silver badge

Re: You can reduce/eliminate the risk yourself

You speak like a Windows admin person who tries to stop this. For other OS the GCHQ advice says much the same:

https://www.ncsc.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts

Basic stuff: deny user-writeable locations execute permissions, deny command prompt and scripting unless really needed, and use apparmor to limit internet-facing programs' ability to hose your data.

But back to the real point: What if your machine really dies? Or the building gets flooded or burns down (probably not at the same time)? What if your laptop gets lost/stolen/driven over by some monkey in a humvee?

For those cases and crypto viruses you need off-premiss backups that can't be trashed by ANY account.

0
0

Married man arrives at A&E with wedding ring stuck on todger

Paul Crawford
Silver badge

Come now! Everyone knows that men reach the age of 5, and then the bodies keep growing.

2
0

Australia teases binning x86 for Power CPUs in new supercomputer

Paul Crawford
Silver badge
Trollface

Re: "Windows Server tends to outperform Linux in many HPC scenarios"

Ah, 8 hours passed with 2 down-votes so far, and yet not a contradictory fact in sight :)

4
0
Paul Crawford
Silver badge
Trollface

Re: Old fogey mode

Alpha was 64-bit always, but NT ran very nicely indeed on them. Until it was cancelled and we had to explain to a major European space organisation just how trustworthy MS were in terms of portability and cross-platform support. So much for the promises they made when we went down that road.

Oh well, not that MS matters that much to us now. Hey, MS uses, just how are those price-hikes going down? [hence troll icon]

3
0
Paul Crawford
Silver badge

"Windows Server tends to outperform Linux in many HPC scenarios"

Really? Facts please, like how many Windows machines are in the top 500 supercomputers?

9
2

Google's new VR Daydream View will cripple your phone

Paul Crawford
Silver badge

Re: Photo

Typical, eh? Crashes just as you get to the money shot climax of the VR experience.

0
0

Russia shoves antitrust probe into Microsoft after Kaspersky gripes about Windows 10

Paul Crawford
Silver badge

Now, now, can't have some non-USA product flagging our own agency-generated malware can we?

3
0

Retiring IETF veteran warns: Stop adding so many damn protocols

Paul Crawford
Silver badge

Re: Bloat

You would like to think that standard libraries are known, fixed and tested. Not when it comes to the IoT world where the mbed implementation of gmtime() is broken! And not fixed in over two years!

Says a lot about how well they develop and test IoT stuff, eh?

https://developer.mbed.org/questions/75856/Who-will-fix-the-mbed-system-gmtime-func/

https://github.com/ARMmbed/mbed-os/issues/1098

2
0

Brexflation: Lenovo, HPE and Walkers crisps all set for double-digit hike

Paul Crawford
Silver badge

Brexploitation

A great new word, shame its needed though

20
0

Hitler's wife's lovely lilac knickers fetch £2,900 at auction

Paul Crawford
Silver badge

Re: One word: Bootnotes.

Surely Jackbootnotes?

3
0

China passes new Cybersecurity Law – you have seven months to comply if you wanna do biz in Middle Kingdom

Paul Crawford
Silver badge

But what will the USA actually do?

The Chinese now have their factories and most production process/IP by the balls.

1
1

CERN also has a particle decelerator – and it’s trying to break physics

Paul Crawford
Silver badge

Next question...

Does antimatter fall down?

Of course that is what is expected from all theories, but AFIK it has never been experimentally verified.

8
0

Adblock overlord to Zuckerberg: Lay down your weapons and surrender

Paul Crawford
Silver badge

Re: "We’ll strike back," he promised.

What can the ad-blockers Facebook do that can't be easily undone by Facebook the ad-blockers?

Is more to the point. Unless FB runs adverts from their own servers just like user posts, its still easily separable. And if they do that they can't rely upon 3rd party advertisement houses for revenue.

That is, of course, quite possible. But then the second step is for ad-blockers to disable any animated image/video by default. So FB still punts ads, but they are now neutered in terms of bandwidth and annoyance so really the user has won by not being force-fed any more shit that their "friends" on FB normally punt at them.

18
0

Windows 10 market share stalls after free upgrade offer ends

Paul Crawford
Silver badge

Re: "printer manufacturers"

Generally you will find that (1) any postscript printer works just fine, and (2) most HP models work fine (if you can forgive them over the recent deliberate stuffing of 3rd party ink cartridges that is).

So the quickest test is will it work on a Mac? If so it probably will for Linux, but a little bit of looking around will often show user's experience of the whole thing, for example: https://www.openprinting.org/printers

8
0

Researchers tag new brace of bugs in NTP, but they're fixable

Paul Crawford
Silver badge

Re: Inexpensive fix

Using a cheap GPS for accurate time is not quite so trivial though, as you need to set it up to use the 1 PPS timing signal as an additional input, since the RS232 messages have a significant delay and lots of jitter (tens of ms or more). Here is one example of doing so, but I have not tried it myself:

http://www.rjsystems.nl/en/2100-ntpd-garmin-gps-18-lvc-gpsd.php

0
0

Uber drivers entitled to UK minimum wage, London tribunal rules

Paul Crawford
Silver badge

Re: Will this do anything...

Will also be interesting how a driver-less taxi can deal with disabled passengers who need assistance to board and/or load luggage.

Will they argue they can only take orders from the able-bodied?

Or that somehow taking payment for travel is not making them a taxi service?

8
2

Microsoft goes back to the drawing board – literally, with 28" tablet and hockey puck knob

Paul Crawford
Silver badge

Re: Windows 10

A few minutes removing the crud from the start menu, a quick search and the unwanted applications are gone with some powershell scripts and then sort out the snooping (as much as you can).

Now if only MS had the technical expertises to do that and not have but a few skilled users like yourself enjoying the non-shitty version...

2
0

PayPal patches bone-headed two factor authentication bypass

Paul Crawford
Silver badge

Re: 2fa choices

A lot of UK banks use your debit/credit card and a "card reader" gadget that allow them to send you a code (on web page) and you then answer with a hashed version that provides a means of checking its you and the amount you wish to transfer, etc. I'm guessing the code they send and the maths involving the amount makes it hard to MITM modify enough to easily abuse your account even if your PC is hopelessly compromised.

Also you used to get the RSA key fobs for email (and sometimes banking) where you get a random 6 digit number every minute and that sequence can be checked at the server end to see if its likely to be you attempting a login, etc. But then RSA got compromised (pretty bad for a security company) and as they kept the master keys to keep businesses paying, all of their customers were also compromised. Had each end customer managed their own keys, etc, the damage would have been much lower.

2
0

Microsoft's Surface Studio desk-slab, Dial knob, Surface Book: We get our claws on new kit

Paul Crawford
Silver badge

Nice hardware, but...

So it like an iMac, but with a privacy-slurping OS that gains you a few more programs you could use on it?

4
11

IBM Australia didn't stress-test #censusfail router and blocked password resets

Paul Crawford
Silver badge

Re: Turn it off and back on

But sometimes it does the opposite - you find that config was updated in memory and not saved, so it comes up broken. Either way, it is really stupid that they did not test a complete reboot/power cycle of the system.

2
0

The cloud is not new. What we are doing with it is

Paul Crawford
Silver badge

Commoditisation

One issue with commoditisation or the more general "utility supply" model for IT is it is rather different from most other things we have. Take electricity or gas as a good example, unless you are in the middle of nowhere or have some absolutely critical system you don't have your own generator, and only proper IT places even consider a UPS to allow for glitches in supply and orderly shut down. The reason of course is that the supply of such things is to a simple standard and with very little difference its the same from any utility world wide. Same for food, we are pretty much omnivores so can easily change to what food is on offer from any supplier.

But with IT we have the continued issue of lock-in, either from APIs that only one vendor supports (properly and fully, maybe not even that) or from a growing archive of unique data that becomes a major issue to migrate. And no one is really up for paying for two redundant cloud suppliers "just in case" the brown stuff meets that rotating air mover. In sort, we can't simply move from one supplier to another with ease, except for a few very basic cases like backup storage.

Sure with on-site stuff we still have a form of lock-in as its rarely simple to replace stuff without changes, but we are not normally in a position of an external supplier being in control of what we can do with it. With the cloud they can (and often do) make changes that you have no control over, and can shut you down or price you out of competition more easily because they have your data.

11
0

'Biggest ever' Linux release

Paul Crawford
Silver badge

Re: "commits"

perpetrate or carry out (a mistake, crime, or immoral act)

Well that kind of summarises a lot of the pointless GUI changes and removal of useful features that seems to be today's norm.

2
0

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

Paul Crawford
Silver badge

Re: Cupertino is ...

What we need is heavy-duty sandboxing so that *when* the application is compromised, the miscreants don't have much in the way of resources to play with.

We already have this - its called apparmor

However, its not usually configured because it "gets in the way" and you also have the problem that many developers don't give a flying fsck about looking after a sane access profile. See also:

https://www.ncsc.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts

1
0

Is this the worst Blockchain idea you've ever heard?

Paul Crawford
Silver badge

Blockchain technology for music payment seems a dead end, but there is a valid point that the world could well do with some form of micropayment system that dose not involve the septic tank of on-line advertisement networks.

Something where you could pay of the order of 0.1p per music/video play directly (more or less) to the folk who did the work. Cheap and painless so folk don't mind paying for a clean experience (and probably well above what they get from YouTube...)

20
0

Open-source storage that doesn't suck? Our man tries to break TrueNAS

Paul Crawford
Silver badge

Re: The dated interface

Please, please don't make it into another sucky "modern" style! OK?

Keep it functional and discoverable for users who rarely touch the box.

2
0
Paul Crawford
Silver badge

Re: Fail over?

You don't need a cluster for fail-over, only if you want no outage at all.

With two heads you can operate active-active or active-passive depending on the number of shares (1 share = active-passive only). If once goes down the other takes over that pool of data after a moderate time.

3
0
Paul Crawford
Silver badge

Fail over?

What are the reasons that will trigger a fail-over, and do the heads have some watchdog to force a reboot/fail-over in case one head gets sick?

I ask this as someone who has suffered from the Sun Oracle ZFS appliance that would only fail over on a kernel panic of the other head. But the other head would invariably get stuffed in such a manner as to stop serving storage but not so screwed that it stopped the heartbeat links that arbitrated between them. We ended up using our nagios monitoring machine to check for usable NFS mounts and if that went bad for a while it would SSH in to the active head's ILOM to kick it in the NMI button.

2
0

Report: UK counter-terrorism plan Prevent is 'unjust', 'counterproductive'

Paul Crawford
Silver badge

Re: Demonisation

Look around, look back over recent history, and you will always see the "other nation/religion/colour are top blame" as the reason of choice for morons and the politicians craving their support or following an agenda where it suits them.

9
2
Paul Crawford
Silver badge

Re: Display

If you "follow procedure", it doesn't matter how horrific the consequences, you are free of all responsibility for your actions.

They thought differently at Nuremberg

9
2

Ubuntu 16.10: Yakkety Yak... Unity 8's not wack

Paul Crawford
Silver badge

The Gnome devs have ripped out the most useful ... conform to the current Gnome group-think on UI design (which says that the way to make things easy to use is to simply not have any useful features).

Do they ever actually use their own software for real? You get the impression they are bored teenagers who will do anything but bug-fix their own code.

6
0

SHA3-256 is quantum-proof, should last BEELLIONS of years, say boffins

Paul Crawford
Silver badge

Re: Hash functions

The problem they worry about is not the inevitable collisions in the mind bogglingly vast 2^256 numeric space of the hash function, it is the ease (or otherwise) of engineering such a collision so that you can fake a digital signature for nefarious purposes.

13
0

US government wants Microsoft 'Irish email' case reopened

Paul Crawford
Silver badge

Re: users don't control where data resides?

Of course, Google, MS, et al could simply offer a user tick-box choice of data centre jurisdiction and side-step that argument.

But more realistically the best option is not to store any important data on US companies' servers unless you hole the encryption keys. So no web email, etc, where it has to be plain text at the cloud end to access.

14
0

Dutch govt ordered to use open standards for comms from 2017

Paul Crawford
Silver badge

Re: German city coucil

That get trotted out time and time again, mostly because a new mayor complained in 2014. However I see no news of any actual change back, For example the time line here cover that (with some references to check up on):

https://en.wikipedia.org/wiki/LiMux#Timeline

Also you have a chicken and egg problem, if everyone is using something like docx which is not-quite-standard you have compatibility issues (a bit like MS has with differing versions of Word but to a smaller degree). By mandating odt standard you get an impetus to improve behaviour both in LibreOffice and MS Office (which can do odt, it just bitches about it to discourage its use).

7
0

Email security: We CAN fix the tech, but what about the humans?

Paul Crawford
Silver badge

Re: "Not really. What you can do, they can UNdo"

But it makes it harder. And that is ALL you can hope for, as perfect security is simply not possible.

Step 1) Make it harder for the bar stewards.

Step 2) Have a tested, off-site recovery process.

Step 3) Underpants! Profit!

1
0

Forums

Biting the hand that feeds IT © 1998–2017