* Posts by Paul Crawford

3392 posts • joined 15 Mar 2007

WhatsApp gets another Brazilian whack as magistrate blocks it again

Paul Crawford
Silver badge

Re: I love how

The two options are:

1) The judge is a technical incompetent and unable to comprehend how properly implemented encryption works.

2) They are trying to bully WhatsApp in to creating a back-door but without going through the Brazilian parliament, etc, to do so in an open and properly debated manner (such as having a telecoms regulation that explicitly covers over-the-top providers like this).

The motive for (2) is probably not wanting to alienate the population or businesses that then see proper encryption as illegal and not something that protects you from the multitude of criminals (private or "state") who also want your information.

2
0

Opera sells open-source Chromium browser for $600m to Chinese bods

Paul Crawford
Silver badge

Re: The you-know-who is warming up backstage

"Given the Chinese USA government's constant attacks by the People's Army hacking units NSA and others, running Chinese American closed source software represents an unacceptable risk."

Any different?

11
1

Windows 10 a failure by Microsoft's own metric – it won't hit one billion devices by mid-2018

Paul Crawford
Silver badge

Re: "run MS Office"

Appears you can use Office365 using a Linux based web browser:

http://www.sdselite.com/7351/2015/04/15/working-with-office-365-and-linux/

7
1
Paul Crawford
Silver badge

"run MS Office"

Options appear to be:

Find one with Win7 (or a spare install licence) and lock it to block win10 updates, living with the EOL risk.

Get a Mac and use the Mac version of Office

Use a VM on Mac/Linux to host Windows & Office. That way you can deny it network access and use, for example, the VMware shared folders so stuff can be up/down loaded by email.

Use Linux and on-line Office365, after all it will be based on web standards?

21
2

Coup-Tube: Turkey blocks social networks amid military takeover

Paul Crawford
Silver badge

Re: There's more!

I think you mean "by spreading obvious bollocks through the moron-net in a manner that even the Daily Mail and Morning Star would be ashamed of".

8
0

Empty your free 30GB OneDrive space today – before Microsoft deletes your files for you

Paul Crawford
Silver badge

Re: Not quite $0 per month ...

So £38/month for around 12TB of protected storage (i.e. 400 times the original MS offer) assuming RAID-5 on each of your NAS and then they are mirrored somehow, and with gigabit access speeds and no dependency on foreign government policies.

Hmm, how much for the same size and speed from a cloud provider?

7
0

Windows Server-as-a-service: Microsoft lays out Server 2016's future

Paul Crawford
Silver badge

Re: So a major price increase then...

Sad, but predictable.

Many years ago when I was using w2k and then XP I was pleasantly surprised when MS decided to go per-processor licensing as we saw the first multi-core x86 appear, instead of some complex and ultimately rather pricey per-core formula as Oracle and the rest of the "old guard" pushed.

Now that practically all my software development is for Linux first, with Windows support as an after thought for "the old guard" perhaps I shall not care...

1
1

You can buy Windows 10 Enterprise E3 access for the price of a coffee

Paul Crawford
Silver badge

Re: @DainB

"Excel is a swiss knife type tool every accountant knows on a level you would not master in years."

Very true, but why do people assume that a general migration to Linux means EVERYTHING must be Linux?

In my own limited experience, most folk are happy with Linux for many things, and the few business-critical programs you really must have can often be run in a VM of Windows. Said VM can be minimal, have limited network access, and generally is a very secure way of doing things (given that a lot of smart malware avoids running in VMs to evade analysis).

Sure it is an extra training step for those users, but my 75 year old and largely computer-illiterate father was able to master VM use for a specific genealogy program. I'm sure your accountants, etc, would manage it fine if given a couple of minutes tuition and a cheat-sheet of things to remember.

2
1

Florida U boffins think they've defeated all ransomware

Paul Crawford
Silver badge

Re: ...or use honeypots

Use a server with something like ZFS that supports snapshots and is copy-on-write. Then seeing massive disk use between snapshots is a clear sign of bulk modification, plus you can go back to previous snapshots to recover the data quickly.

Try FreeNAS on, say, a bottom end HP Microserver with, 4 * 6TB disks or similar and 12GB or 16GB RAM. Under a grand for a system with 12TB of well protected storage. OK, you need to make damn sure that snapshots are on and *WORKING* (hint - make sure 'recursive' is ticked) and that control over the NAS is secured so malware cant go in and disable stuff or simply wipe it. But that is kind of basics anyway.

0
0

Nukeware: New malware deletes files and zaps system settings

Paul Crawford
Silver badge

Re: @asdf

"your main web browser should not even have access to a file system containing your personal files"

Except for everyone needing to upload and download email attachments if using web-mail, PDF data sheets, photos up to FB (for the vain and/or with family who pester them enough to bend over for a Zucking), etc?

Of course if you are properly paranoid you will already have an AppArmor profile for Firefox set to only allow read-only access to specific directories (e.g. 'photos') and only read/write to a sane place or two like 'downloads'.

0
0
Paul Crawford
Silver badge

Re: Linux mint and no longer have this sort of problem

For now.

You see, if you can run arbitrary software on ANY platform, then you can encrypt your own files (as pointed out above).

Sure it is less likely on Linux and one reason I migrated, but if you are properly paranoid about this then you will (A) have an isolated backup anyway as that covers hardware failures and "gross administrative misconduct", and (B) set user-writable areas to non-execute so you can't accidentally run something unpacked from an archive (because your were drunk and it promised good pr0n).

2
0
Paul Crawford
Silver badge

Re: This is why...

Not having admin rights should be the norm, but it only take one of many privilege escalation bug in ANY operating system to be back to having your machine toasted.

Really the only sensible mitigation technique is a working, tested, backup system that is not a simple extension of the main PC's file system. Also works for lost or damaged PCs as well...

6
0

VPN provider claims Russia seized its servers

Paul Crawford
Silver badge

Re: "every provider must log all Russian internet traffic for up to a year".

Why would law makers care about the costs that the public ends up paying?

Of course, if all web browsers suppliers added a "poke random web sites every 30 seconds" by default you could see those logs grow by a factor of hundreds and maybe then the big ISPs would have to make a noise.

4
0

SCADA malware caught infecting European energy company

Paul Crawford
Silver badge

Re: Never as easy as it seems from an armchair

But all of the vendors are like this and SCADA systems are niche products so where do you go to buy a system that wasn't designed by idiots?

This is why we need the law to step in and for security folks to draw up regulations, including things like operating in a VM as an essential attribute, otherwise no sale (and no insurance or license for a business which fails to follow the rules).

Sure there will be a lot of bitching at first, but niche market or not, we need a nice big stick to beat them with so all of the usual software good practice is followed. Things like forcing a declaration on matters like hard-coded passwords, support back-doors, operation with AV/VM tools, respect for proper multi-user practice (i.e. no need for interfaces to run as admin), 10 year or more support that will include replacing any protocol or SSL certificate found to be weak or compromised, etc, etc, etc.

2
1
Paul Crawford
Silver badge

Impressive analysis, but infection vector not apparent

Seems they do a lot to avoid VMs and sandboxes, so why are they not in more common use for security sensitive systems anyway? After all, the actual controllers are dedicated hardware boxes and the SCADA PCs just Windows machines to supervise them. Any reason why those PCs can't be run in a VM?

But how were those machines infected in the first place?

Why were they internet connected?

When will we see serious personal fines and jail time for managers who fail to put sufficient security design, monitoring and management in to critical infrastructure?

Trusting some AV or firewall vendor who said they would stop trouble is just not good enough. Unless, of course, they are offering to pay the fines and do the jail time if they fail.

13
0

Microsoft's cringey 'Hey bae <3' recruiter email translated by El Reg

Paul Crawford
Silver badge

Re: Every time I see "<3"...

Ah, the double polaroid moment:

https://www.youtube.com/watch?v=0ofl_UP3apM

5
0

Microsoft: Enterprise Advantage will be 'a step in quite a long journey to modernize our licensing'

Paul Crawford
Silver badge

You ought to be questioning why you use MS in the first place?

7
1

European Patent Office palace coup bombs

Paul Crawford
Silver badge

<cough> ICANN

5
0

Microsoft's Windows 10 nagware goes FULL SCREEN in final push

Paul Crawford
Silver badge

Re: A final throw of the Minty dice before

But at the present, I would NEVER install Linux - either Ubuntu or Mint on my Aunt Lucy's PC. Her old desktop could just not take the excitement of those interminable problem fixes via a list of arcane and lengthy commands.

Quite the opposite, I have put Ubuntu on father's laptop and friends' home PCs and it gives me FAR less support trouble than Windows and the inevitable AV that still fails to stop infestations. Oh yes, and none of this in-your-face nagware or the privacy violations MS are now pushing having conveniently forgotten all about the "Scroogled" campaign.

73
7

Isis crisis: Facebook makes Bristol lass an unperson

Paul Crawford
Silver badge
Trollface

@fandom

Yes, the The Register has a "down button"

5
5
Paul Crawford
Silver badge

Better still, express your displeasure by leaving Facebook and doing something interesting in real life.

82
4

Chinese gambling site served near record-breaking complex DDoS

Paul Crawford
Silver badge

That sure is a lot of pussy!

1
0

Man sues YET AGAIN for chance to marry his computer

Paul Crawford
Silver badge

Re: square hole

An amusing (but NSFW) take on the square hole / round peg idea:

http://oglaf.com/annuitcoeptis/

0
0
Paul Crawford
Silver badge

Re: I'm sorry Dave...

Oink!

13
1

Fear and Brexit in Tech City: Digital 'elite' are having a nervous breakdown

Paul Crawford
Silver badge

Indeed, as this parody shows:

http://youtu.be/-a6HNXtdvVQ

3
0

Brexit-bored Brits back to bashing the bishop after ballot box blues

Paul Crawford
Silver badge

Re: Says everything that there is to be said

I forget who said it, but: democracy takes power from the corrupt few and hands it to the incompetent many.

28
0

Bacon is not my vodka friend

Paul Crawford
Silver badge
Gimp

Re: Okie is a strange place

Gotta protect our wimmin from seeing something more interesting...

2
0

No means no: Windows 10 nagware's red X will stop update – Microsoft

Paul Crawford
Silver badge

"valuable feedback on how people use the OS so Microsoft can improve it even more"

Ah yes, so that is why Windows 8 & 10 are so much loved and respected by the users?

As for blocked updates for Win7, if the fsckers had not been abusing the update mechanism for this there would NOT be blocked!

16
0
Paul Crawford
Silver badge

Re: Charles 9

Eh? You can, and generally should, set Linux to automatically install security updates.

Unlike the "new Microsoft", that does just that patches stuff without major changes (like the old MS). If you actually want to do the equivalent of an OS upgrade you can (though it is not 100% successful in my experience when unusual partitioning / RAID is in use, etc). You are warned to back up and be sure before starting, etc, etc. Or you can simply tell it never to offer such an upgrade again.

2
0

You can be my wingman any time! RaspBerry Pi AI waxes Air Force top gun's tail in dogfights

Paul Crawford
Silver badge

"forces to be deployed without human loss of life"

On your side. While that is generally a good thing, if it makes politicians more trigger-happy it is probable not.

37
0

You know how that data breach happened? Three words: eBay, hard drives

Paul Crawford
Silver badge

Re: Formatting has two options

Lets face it, if you worry about a TLA recovering data you should have been using an encrypted file system with the HDD when in use, so not only do they have to try and undo the overwrite, but they also have to know your encryption key as well.

3
0
Paul Crawford
Silver badge

Re: "don't work properly"

Thing is, you need an order of magnitude greater skills to get data out of those areas, and probably you are looking at a tiny fraction of what was once stored on the HDD.

Deleted via recycle bin? Piss-easy to get back.

Formatted? Not too hard if standard structure used and/or you use a scanning tool looking for recognisable data (word doccuments, JPEG images, etc)

Overwritten with zeros? Damn hard without low-level HDD access below the usual SATA command set (possibly even custom forensics hardware & software).

Physically destroyed with thermite? No chance.

Considering the effort and possible desire to get some 2nd hand value/use, simply doing a full disk wipe or using the "secure erase" option is plenty good enough.

5
0

Visiting America? US border agents want your Twitter, Facebook URLs

Paul Crawford
Silver badge

Re: Of course, given a choice...

Greece was looking like a good cheap holiday option with ancient historical sites to visit and fantastic food.

Not so cheap from the UK now, of course...

1
0

25,000 malware-riddled CCTV cameras form network-crashing botnet

Paul Crawford
Silver badge

Re: IoT and it will get worse?

Have an up-vote!

"I wonder how many of these aren't supported by anyone including the manufacturers of them?"

Fixed it for you...

9
0

SPC says up yours to DataCore

Paul Crawford
Silver badge

Re: Why use and array of any type anyway?

I can think of a few very good reasons for centralised storage, such as (1) simplifying the task of recognising, protecting and managing your data (snapshots, data replicated to off-site store and/or tape robot), and (2) allowing common data/programs to be updated in one go for everyone who needs access, (3) allowing applications on differing native OS to share data.

However, (1) it will never match local storage for speed on any comparable basis, and (2) you get a degree of redundancy in your company that one central fault won't take down everything.

So really depending on what attribute matters more you you will go for one, the other, or maybe a bit of both (e.g. fast data local, central for share/replication/off-site transfer).

1
0
Paul Crawford
Silver badge
Headmaster

Re: "UPS costs $1,000"

I guess it should be uW per IOPS (or SI alternative) given that IOPS is I/O per second, and energy per I/O would then be energy/second = power.

1
0
Paul Crawford
Silver badge

Re: "UPS costs $1,000"

Just. It is a Lenovo X3650 M5 Server and a Dell PowerVault MD1220 Storage Array which have PSU rated for 900W+600W = 1500W but allowing a bit of margin for PF not exactly 1.0 you would really be looking at a 2kVA UPS (even though average power is likely a bit lower). Oddly enough the SPC benchmarks have $/IOPS but not pJ/IOPS or equivalent indication of actual power consumption which in this day is likely to factor in to the overall ownership cost as well.

p.s. I guess you missed the joke icon?

1
0
Paul Crawford
Silver badge
Joke

"UPS costs $1,000"

You are seriously underestimating the cost of a UPS for that sort of system, why it is likely to be MUCH higher, probably around $5,000 which will make an impact of almost 4% to the $/IOPS cost!

1
0

NASCAR team red-flagged by ransomware attack

Paul Crawford
Silver badge

Re: No backup, no commiseration.

I thought Dropbox provided snapshots? What went wrong with that?

2
0
Paul Crawford
Silver badge

Re: re Backup

Squeal like a piggy boy, squeal like a piggy that ain't got no back-up copies! Squee! Squee!

7
0

'Leave EU means...' WHAT?! Britons ask Google after results declared

Paul Crawford
Silver badge
Facepalm

Turkeys voting for Christmas on the basis its not halal, now asking what Christmas means for them.

50
9

Judge rules FBI can hack any time, any, place, anywhere

Paul Crawford
Silver badge

"The act of hacking it, shows its backdoored that they exploited a flaw in firefox to reveal the machine's local IP address."

Fixed it for you. Please check the facts of this case before making such general assertions.

6
1

Revive revived: Oculus DRM push shattered as DIY devs strike back

Paul Crawford
Silver badge
Trollface

Re: this will just cost Oculus a fortune

Oh I do hope so :)

13
0

Tor onion hardening will be tear-inducing for feds

Paul Crawford
Silver badge

Apparmor?

If Firefox is run under an apparmor profile would that achieve much the same?

After all that is what CESG recommend:

https://www.cesg.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts

1
0

Pressure mounts against Rule 41 – the FBI's power to hack Tor, VPN users on sight

Paul Crawford
Silver badge

Re: fingerprinting

What the web browser dev should be doing is fixing this, not endless dicking around with GUIs or finding ever smarter ways to whore us to the advertisers.

We should have browsers that only yield the minimum of necessary information back to a web site, and that tricks like canvas rendering hashes, etc, are deliberately broken by inducing some ~1/2 pixel random dither in the drawing so now two hashes are ever the same.

And that is before we get in to the unholy mess of SSL certificates and the half-measures like pining to try and catch MITM by state level actors.

19
0

Not smiling for the camera? Adobe's Creative Cloud suite can fix that

Paul Crawford
Silver badge
Gimp

Re: Airbrushes worked fairly well

Indeed, one can help a lot.

Ah, that odd half hour spent with the GIMP touching up a friend's daughter...

7
0

Kremlin wants to shoot the Messenger, and WhatsApp to boot

Paul Crawford
Silver badge

Re: Is this even practical....?

Also if you are not "doing business" in Russia by making the app free and not whoring for profit with their advertisers, who do they fine?

Yes, they could start a Great Firewall of Russia to try and block apps that are not on the good list but a little use of P2P technology and/or making use of ports like 443 that always look encrypted will make that whack-a-mole game a bit harder.

0
1

New York decides not to tinker with vendor lock-down for now

Paul Crawford
Silver badge

"It is made deliberately difficult if not impossible to repair."

That is why we should have 5 year warranties on electronics. Then they would have to consider the repair cost or replacement cost when designing it and one way or another you would see up front what the true cost of a gadget is likely to be..

0
0

Apple's 'lappable' iPad Pro concept is far from laughable

Paul Crawford
Silver badge

And you know this via....???

Why, by the 9" already mentioned!

1
0

Snoopers' Charter 'goes too far' says retired Met assistant commish

Paul Crawford
Silver badge
Gimp

Mind you, that could work another way if browser coders decided to undermine that sort of system by randomly connecting to anything/everything in the background. Suddenly everyone's ICR logs are massive and expensive to maintain, and everyone looks equally suspicious and has plausible denyability about looking at any odd site.

You know those sites only too well =>

1
0

Forums

Biting the hand that feeds IT © 1998–2017