* Posts by Paul Crawford

3482 posts • joined 15 Mar 2007

UK oversight body tipped to examine phone snooping tech in prisons

Paul Crawford
Silver badge

A well-designed system would triangulate the phone's position and if its outside the prison area ignore it.

But that would add cost, of course...

6
1

Tesla to stop killing drivers: Software update beamed to leccy cars

Paul Crawford
Silver badge

Re: Mansfield bars

They won't stop an impact at 70mph, they might help trigger airbags (again, not much help if your upper torso is getting chopped off), but more importantly they would make the truck + trailer more visible under difficult conditions.

Personally I have serious doubts about the ability of car companies to make this work well enough, given they are still doing recalls for dumb stuff like engine management cheating (VW), air bag sensors not always working (Ford), engines running out of control (Toyota), etc, etc. Sure they can out-break a meatbag under good conditions, and are probably better then a drunken idiot whose reactions and attention are shot to shit, but we see here just one of many odd conditions that are just not noticed.

11
7

When you've paid the ransom but you don't get your data back

Paul Crawford
Silver badge

"A further 60 per cent claimed they were able to recover the data from back up files"

That is a depressingly low proportion of businesses. Oh well, I guess in future years it will improve as the once-burnt lot learn, the encryption threat will no longer be profitable, and ultimately less companies will suffer when hardware faults take out machines.

9
0

QANTAS' air safety spiel warns not to try finding lost phones

Paul Crawford
Silver badge

Re: aren't as bad as Chlorine Trifluride

Few things are as bad as ClF3 it must be said. Oh, maybe Dioxygen Diflouride

2
0

Sex is bad for older men, and even worse when it's good

Paul Crawford
Silver badge

Re: Correlation does not imply causation

Indeed, and how does it compare with say jogging or playing 5-a-side football or similar?

14
0

Microsoft thought of the children and decided to ban some browsers

Paul Crawford
Silver badge

Re: Think of the market share

You seem to forget that MS had > 95% of all desktop/home computing at that point in time. That is why they were thumped down and not Apple (or Sun, SGI, etc, who were minor players at the time).

They still have the majority of PCs sold, but obviously not total computing devices now with Android taking the lion's shore of the smart phone market.

8
1
Paul Crawford
Silver badge

Re: Hmmmm....

https://en.wikipedia.org/wiki/Pascal%27s_Wager

1
0

4G hits 1.9Gbps

Paul Crawford
Silver badge

HSDPA promises up to 337.5 Mbit/sec but I rarely see more then about 1-2Mbit/sec on my phone.

So in reality is 4G going to give me something like 10Mbit?

0
0

'Hey, Elon? You broke it, you bought it' says owner of SpaceX's satellite cinder

Paul Crawford
Silver badge

Re: Space travel is always risky

Not always - sometimes the premiums are so high (due to the risk - oddly enough) that companies decide to go without and make that gamble themselves. But usually though just for the first flight or two of a new design of rocket, etc, where the risk is high/unknown.

8
0

Intel's makeshift Kaby Lake Cores hope to lure punters from tired PCs

Paul Crawford
Silver badge

Re: DRM is evil

There is always the RedFox software tools to rip/bypass BD disk DRM and let you play what you bought as you want to.

Or simply wait for the 4k files to appear on some torrent, as they always do. Such a shame the movie studios seem not to realise that playing paid-for content should be the easiest and most pleasing experience of all.

36
0

FBI: Look out – hackers are breaking into US election board systems

Paul Crawford
Silver badge

XKCD from the past

Before any other commentard slips this one in:

https://www.xkcd.com/463/

22
0

Chinese CA hands guy base certificates for GitHub, Florida uni

Paul Crawford
Silver badge

Re: You can't trust anybody

You will never stop a SUFFICIENTLY determined and well funded advisory. But the current system is routinely screwed up by incompetence (here), or by a local CA being leaned upon or hacked by a government (see http://www.theregister.co.uk/2011/09/09/gmail_diginotar_security_alert/ for example).

2
0
Paul Crawford
Silver badge

Re: You can't trust anybody

It is a fundamental problem with the whole system. Basically it takes only 1 out of hundreds of CAs to issue a mistaken or malicious certificate and the chain of trust is broken. As such, it is not really anything you can trust at all. CA pinning is an attempt to reduce the scope of such failures, but it is a band-aid to the situation.

But then many folk just ignore browser warnings anyway :(

9
0

Breaker, breaker: LTE is coming to America's CB radio frequencies

Paul Crawford
Silver badge

Re: has to be able to work ANYWHERE

"a life-critical device be doing depending on wireless"

All jolly good for collecting data for reports, etc, assuming its properly encrypted before it even reaches the wifi interface, but not something you should depend upon working for many reasons.

0
0
Paul Crawford
Silver badge

Re: Greed and rubbish regulation.

Exactly. The "a single smart hospital might use up to three terabytes of data per day" claim points to the fact they should have wired the place properly for most devices, and for those needing wireless has numerous low power access points.

Actually, lets revisit that last point - WTF should a life-critical device be doing depending on wireless that could be jammed easily for ill intent, or accidentally by someone’s broken phone they forgot to turn off?

5
0

French, German ministers demand new encryption backdoor law

Paul Crawford
Silver badge
Unhappy

Re: Let's be consistent then.

"Kinda scary to realise we're by default governed by idiots"

Maybe "we", as in the the tabloid-reading generalisation of the public, are getting the government we deserve?

4
2
Paul Crawford
Silver badge

"The fundamental problem is one of lack of trust combined with arguably excessive government authority, or at least power"

That is one of the big issues, the 2nd being simple incompetence or corruption. If you have the secret keys to everyone's private communications escrowed with every gov agency world wide who demands them, just how long until the well funded criminal gangs also find a copy?

So would we then see a special dispensation for the keys to gov ministers or leaders of big business? And would any of those politicians calling for this be willing to bet their own pension schemes on it not going wrong in practice?

Thought not...

9
0

Boffins design security chip to spot hidden hardware trojans in processors

Paul Crawford
Silver badge

Re: But..

The fact you have to have this ASIC built by a totally trusted organisation kind of makes a flaw - why didn't you use them to build your CPU in the first place?

4
0

Kaspersky launches its own OS on Russian routers

Paul Crawford
Silver badge
Stop

Hammer time!

0
0
Paul Crawford
Silver badge

True microkernel approach?

"As a result, the core must be 100 percent verified as not permitting vulnerabilities or dual-purpose code"

That sounds very much like the old goal of a true micro-kernel where the ring-0 stuff is REALLY SIMPLE and thus possible to have near-perfect verification of it. I say near-perfect because you can't rule out buggy CPUs or tools, etc. For example:

http://www.theregister.co.uk/2014/07/28/aussie_droneprotecting_hackerdetecting_kernel_goes_open_source/

The past objection to the micro-kernel approach was the performance penalty of switching in/out of ring-0 to do serious stuff. That is why MS abandoned the pure vision of Dave Cutler original VMS inspired NT3.5 and stuffed video drivers in there, etc, for NT4 (and thus BSOD became a much bigger issue) and Linux never even went there. For a bit more on that debate:

http://www.cs.vu.nl/~ast/reliable-os/

10
0

Facebook backup, anyone?

Paul Crawford
Silver badge

Even so, your FB "friends" or possible trawling (or trolling) buy others (potential spouse or employer, etc) still wont see those old embarrassing photos or stupid drunken posts.

0
0
Paul Crawford
Silver badge
Trollface

How quaint, the idea that a facebook profile is actually valuable enough to pay to back it up!

Normally my advice is to delete your profile every year or so, create a fresh one with a new (disposable) email address, and then invite the few friends who were the least moronic posters from your last incarnation.

4
1

'Second Earth' exoplanet found right under our noses – just four light years away

Paul Crawford
Silver badge

Re: Tidal locking

However, that also means the night life never ends either. So lets PAAAARTY!

11
0

EU ministers look to tighten up privacy – JUST KIDDING – surveillance laws

Paul Crawford
Silver badge

"Outlawing encryption would only disadvantage the law abiding and ignorant"

You mean the majority of people? Makes you wonder how much is to do with any real threat and how much to do with general economic espionage and allowing councils to spy on those putting rubbish in the wrong bins or sending kids to school outside of the catchment area.

20
1

Fujitsu: Why we chose 64-bit ARM over SPARC for our exascale super

Paul Crawford
Silver badge

SPARC future?

What will this mean for Oracle & SPARC in the long term if Fujitsu has decided to move away from it?

0
0

Das ist empörend: Microsoft slams umlaut for email depth charge

Paul Crawford
Silver badge

Re: @AC

Maybe there is - maybe it works correctly if you somehow set they keyboard at log-in, but in the cases I have had to do it, I could not find any (obvious) way to do so. A couple of the German engineers said the same.

0
0
Paul Crawford
Silver badge

Re: @Steve Davies 3 - Please!

"Microsoft didn't test German-language options properly?"

Remember this is the company where the OS (win7 is latest I have used) would allow you to change the language of the keyboard. Per application.

FFS! Who in their right mind thought "you know what, when someone using a German PC plugs in a UK keyboard and sets the keyboard mapping to match, lets make them do it for every fsking program they try to use, mkay?"

4
6

IPv6 tipping point

Paul Crawford
Silver badge

50% of mobile fine, but how much of wired?

1
0

FireEye probes Clinton foundation hack: Reports

Paul Crawford
Silver badge

Politics?

Maybe I am just being dumb here, but what do the Russians have to gain by bringing Clinton down?

How is the prospect of Trump getting in somehow in their favour?

0
0
Paul Crawford
Silver badge

Re: Blame the Russkies

"Mocking, victim blaming and traditional unrestricted capitalism have all failed to win this war."

The thing is it is unwinnable, just like we still have home burglaries and cars stolen. And it won't get any better because nobody is working to reduce complexity and improve security in any meaningful way. Most of what we get in terms of new stuff is aimed at whoring us to advertisers (thank you MS for following Google) or selling us IoT tat that rarely adds real value but almost certainly adds to the attach surface.

Will we ever see security being held above convenience or fashion?

0
0

Is security keeping pace with continuous delivery?

Paul Crawford
Silver badge

"Is security keeping pace with continuous delivery?"

Is continuous delivery ignoring/marginalising security because it gets in the way of trendy practice and management targets?

4
0

Password strength meters promote piss-poor paswords

Paul Crawford
Silver badge
Facepalm

Don't forget site that demand all of the restrictions in terms of mixed case, punctuation and numbers, along with a minimum length, then email it back to you in plaintext!

Happened to a friend who filled in for Landlord Registration central online system for Scotland. Doh!

7
0

Windows 10 needs proper privacy portal, says EFF

Paul Crawford
Silver badge

Re: MS made me download software...

Custom hardware is an issue, but that is a fairly small sector for most people. Of course, if its RS232 or fairly standard USB then virtualisation is fine for all but very high performance applications.

Latest games - maybe, but are they really worth whoring out your privacy for? Thus sticking to Steam for Linux, for example, would also tell the games industry that you are not happy with MS' new direction.

7
1
Paul Crawford
Silver badge

Re: Even Enterprise spies on users

I can't be arsed reading the win10 EULA because I won't be running it, but if anyone has maybe they can say if they promise any privacy at all?

If not you have to assume they will spy upon you at some point.

6
1
Paul Crawford
Silver badge

Re: MS made me download software...

"OS is nothing, it's the apps that influence users' choices"

Indeed, and that is where a VM is really useful - put your slave-ware in that and for everything else that is not tied to an OS that is against you, simple run it on your Mac or Linux box.

4
2
Paul Crawford
Silver badge

Re: Not listening ...

He could run said win7 VM on a laptop as well you know.

10
2

Oracle campaigns for third Android Java infringement trial

Paul Crawford
Silver badge

What, did all the perfumes in Arabia not cleans those hands?

3
0

Cops break up German sausage fight between pair of Neubrandenburgers

Paul Crawford
Silver badge
Paris Hilton

NRA angle?

Has no one said yet that if you prise our sausages from our cold dead hands then only the bad guys will have sausages?

Paris, as she is allegedly fond of some good sausage =>

1
0
Paul Crawford
Silver badge

"tomato-shape ketchup containers"

That was the Bunfight at the O.K. Tea Rooms:

https://www.youtube.com/watch?v=7bu69cnv0iU

6
0

Ford announces plans for mass production of self-driving cars by 2021

Paul Crawford
Silver badge

Interesting times

Lets just hope their electronics and software has improved a bit by then, mkay?

http://www.theregister.co.uk/2015/07/02/ford_recall_software_bug/

5
0

Russia is planning to use airships as part of a $240bn transport project

Paul Crawford
Silver badge
Flame

No problem, just use hydrogen...

4
0

Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc

Paul Crawford
Silver badge
Alien

Re: take me to your leader

For an internet-facing PC port (e.g. firewall) that makes sense, but behind NAT you really don't want a log of all 192.168.0.0/16 packets!

9
0

Instagram hackers add porn links and snaps to pwned accounts

Paul Crawford
Silver badge

Re: Time

Have an up-vote! I was going to the same really, that now Instagram and Twitter might be of some use or interest.

2
0

Thailand plans to track non-citizens with their mobile phones

Paul Crawford
Silver badge

In addition, they need not leave the phone switched on either.

Will they also ban VoIP as well? Given the often usurious cost for roaming the use of WhataApp or similar on any available wifi is appealing for many reasons.

0
0

London's Met Police has missed the Windows XP escape deadline

Paul Crawford
Silver badge
Trollface

Yes, probably there will be XP VM still going strong.

But maybe not later versions of Windows that need periodic product activation checks, eh?

2
0
Paul Crawford
Silver badge
Linux

Re: Perhaps not entirely surprising...

There are now on-line guidelines to hardening various popular* OS for gov work here:

https://www.cesg.gov.uk/eud-guidance

Most of the advice is also sane for business users, etc, as well so worth taking 5 min to read it. And yes, they do have guidance for Ubuntu as well =>

[*] That includes Win10, which is not so popular in these parts due to the forced upgrade policy and telemetry. But of course the guide assumes you have the most expensive enterprise edition where you still get the right to disable most of that.

1
0

US Politicians tell DEF CON it'll take Congress ages to sort out how to regulate crypto

Paul Crawford
Silver badge

Re: @Charles 9

Sure the plods will simply target points "outside the envelope" but that takes significant effort to do so. For example hacking a phone, or installing listening devices in cars, etc.

All are possible and known spy/surveillance technologies and I don't worry too much about that because it is expensive and time-consuming to do, that alone means it has to be targeted at important stuff. A far cry from the abuse of easily intercepted stuff we see done by spy agencies, councils, border control, etc, etc.

0
0

Mars' 'little green men' buried alive by merciless meteorites – new theory

Paul Crawford
Silver badge

Re: maybe there never was life on Mars ...

"spend that money on something more useful, here on Earth."

What, you mean like Facebook valued at $245 billion instead of the NASA budget of $18 billion?

(2015 figures)

19
0

Power cut crashes Delta's worldwide flight update systems

Paul Crawford
Silver badge

Re: @Novell time

And long before that we had ephemeris time (1952), and then TDT (1976), and then GPS from 1980 using continuous time with a leap-second offset rather like a time-zone.

As I keep saying IT IS A KNOWN FEATURE and if your code can't handle it gracefully you are incompetent due to either:

1) Not using tested system libraries to handle time, delays, etc.

2) Writing or modifying said libraries without knowing what you are doing.

And most of all NOT TESTING YOUR DAMN CODE! Really, just set up a fake NTP time server and have it generate leap seconds regularly backwards and forwards and see if your code works.

7
0
Paul Crawford
Silver badge

Re: Leap Seconds

"Will people be ready for that one?"

Well the one that followed the aircraft-bothering incident went with practically no issues at all. Simply because folk had woken up and tested things for the inevitable occurrence of another leap-second.

In fact the Linux bug mentioned had been created by somebody modifying already-working time related code and not testing the damn thing for this situation. As others have already said, leap seconds and means to deal with them have been with us for decades already so its not new stuff. But every new generation of code monkeys seems to be able to break things...

7
0

Forums

Biting the hand that feeds IT © 1998–2017