* Posts by Paul Crawford

3297 posts • joined 15 Mar 2007

Linux remote root bug menace: Make sure your servers, PCs, gizmos, Android kit are patched

Paul Crawford
Silver badge

DD-WRT?

Seems no updated for DD-WRT for my TP-Link router since 2013 or so, so the big question* is this bug present in its kernel build?

[*] - Yes, there are obviously much bigger questions out there. Some even with > 3 syllables in more than one location, but in the context of this forum and embedded stuff, this is big enough,

0
0

Microsoft raises pistol, pulls the trigger on Windows 7, 8 updates for new Intel, AMD chips

Paul Crawford
Silver badge
Linux

Embrace the penguin!

Oh, and make sure you have a Win7 VM for all of your Windows-only stuff.

That just leaves Win7 gamers who need high performance graphics and Windows screwed over...

19
2

Official science we knew all along: Facebook makes you sad :-(

Paul Crawford
Silver badge
Gimp

Re: Chicken and egg

Does this also apply to other "social media" such as Fetlife?

Egg definitely beaten by the chicken there.

4
0
Paul Crawford
Silver badge

Re: get off that computer and go outside and play with your friends

Are friends electric?

2
0

Hasta la Windows Vista, baby! It's now officially dead – good riddance

Paul Crawford
Silver badge

Re: It's not all bad news

Lets face it - Facebook is probably the most obvious act of mass surveillance and the morons masses still lap it up. And now we have MS chasing the pair of them to see who can get the most secrets with the lest KY, but also oddly expecting us still to pay for windows.

Except of course for us rats penguins who jumps from that sinking ship a while ago.

18
5
Paul Crawford
Silver badge

DRM

Don't forget that Vista also was a point of a massive increase in DRM built in to the OS, and that also had a serious impact on the resources needed to use it.

8
1

Homes raided in North West over data thefts from car body repair shops

Paul Crawford
Silver badge

Re: oh great.

I have had a couple of calls from a London (02) number about accidents that I never had, and once accidentally pressed the redial option and found it was a non-existent number. Sadly too much other sh*t in life to spend my time following that case up...

1
0

Apple wets its pants over Swatch ad tagline

Paul Crawford
Silver badge
Trollface

"one more thing"

I always though that was Inspector Colombo’s traditional phrase when trolling the guilty party?

What, you mean it might be useful today?

10
0

As you stare at the dead British Airways website, remember the hundreds of tech staff it laid off

Paul Crawford
Silver badge

Re: Why fly?

Personally I take the train whenever possible. Yes, for some distances a flight is the only sane way, but I really, REALLY, avoid connecting flights whenever possible. Like most of central Europe once you land...

4
0

'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

Paul Crawford
Silver badge

Re: Linux botnet?

Its simple really, if you take any OS and put in hard-coded passwords, or have badly configured web servers running with administrator rights, you have a cluster-fsk coming.

As for Winnows vs. Linux on the desktop it is, as usual, a complex question. If one is configured and used by a competent person and the other by a total muppet, you can guess what the outcome is without knowing which OS is which.

If compared on equal terms the two kernels have roughly the same number of serious flaws at any point in time, but Windows "enjoys" a much richer ecosystem of malware to exploit it and sadly many of the past MS decisions to make it easier to use (e.g. hiding file extensions, making execution rights part of the file name, etc) only serve to make matters worse for the average user.

9
0

Dieting cannibals: At last, a scientist has calculated calories for human body parts

Paul Crawford
Silver badge
Headmaster

Amarone please!

0
0

FCC Commish: Hey, don't look at me – Congress should sort out net neutrality mess

Paul Crawford
Silver badge

Re: "Google dominates desktop search"

I think that is the most disingenuous aspect of the FCC's claim - it might be Verizon is biggest in mobile, but in fixed-line often those in the USA have only 1 or perhaps 2 real choices (excluding very expensive VSAT systems).

Also we have the underlying problem of ISPs wanting to be media players as well - so you get the conflict of interest between generic data use and a cable TV competition (and the risk of demoting other TV/video services by pricing or data cap rules).

3
0

Adblock Plus owners commandeer Pirate Bay man's tip jar Flattr

Paul Crawford
Silver badge

Who better?

However, for the model to work it will take someone more informed or serious about the future of news in a civil society than Eyeo or Flattr have so far shown.

That might seem reasonable from a publisher's perspective, but to most end users of the internet adverts have become a plague, blocking up bandwidth, conveying malware, and popping up/flashing/auto-playing video at every opportunity. From that point of view Eyeo (by blocking most intrusive adverts) is still doing a good job.

The supermarket analogy is very good, every major media producer has tried (and mostly failed) to control sales of their goods by legal threats and DRM. And it not really working, while the Pirate Bay may be fading from prominence, most artists are still not getting much from the "legal" replacements such as Spotify or YouTube. And they are not much more than an advertisement vector in many cases.

Nobody really wants to pay for using the Internet, any yet they are - via advertisement or their personal information being whored around - but generally they don't know it. A workable micropayment system and some fair rules for its use (e.g. pay and get anonymity (beyond the pay provider knowing) and no adverts, or free and get infested/whored as usual) could go a long way to "draining the swap" as they say these days, offering artists some reward better than adverts but probably not as much as the big media barons are used to.

So if Eyeo or Flattr are not up to it, who is any better?

13
0

It's 30 years ago: IBM's final battle with reality

Paul Crawford
Silver badge

Re: 286

The article has one significant mistake - the 286 did support protected operation, even the option for "no execute" on memory segments. But as it was designed to be either 'real mode' 8086 compatible OR protected mode you had the fsck-up of having to use a keyboard controller interrupt to bring it out of halt state back to 'real' mode.

The major advances for the 386 were:

1) 32-bit registers

2) The "flat" memory model and virtual memory support (not the 16-bit segments of 286, OK still segments but way big enough for a long time)

3) The option to easily change protection modes.

1
0

Governments could introduce 'made by humans' tags - legal report

Paul Crawford
Silver badge

Re: Illogical conclusion

The motivation for companies is to make money - if that is more effective with robots/AI they will. What they never consider is who is paying customers, it is just assumed that if they lay off some staff, or out-source to some cheaper country, is has negligible impact on their profits as most customers are unaffected.

There is no "joined up thinking" of what happens when every other company has done the same in the pursuit of profit, but government will have to address this or face a very nasty melt-down of society.

11
2

'No deal better than bad deal' approach to Brexit 'unsubstantiated'

Paul Crawford
Silver badge

But is it an incorrect analysis of the situation?

Yes we can walk away with WTO terms, and if we don't reach agreement in 2 years that is our only option (short of the other 26 agreeing unanimously to keep on talking). And while that might be good for the government in terms of appeasing voters fixated on immigration / free movement of people, it would be a serious blow to our industry that has major trading relationships with the EU after 40 odd years.

33
1

Wi-Fi sex toy with built-in camera fails penetration test

Paul Crawford
Silver badge

Re: mobile in their trouser pocket

Especially if its an exploding Galaxy model.

And no, I am not *that* pleased to see you!

4
0

Power plant cyber threat: Lock up your ICSs and SCADAs

Paul Crawford
Silver badge

Re: Really bad design

Air gapping also gets interesting when WiFi or Bluetooth enabled components come into the mix.

That is a rather odd way to think of "air gapping". Really if you are accessible from the outside by wired or wireless means you are more vulnerable. Even with secure protocols it would still be relatively cheap to jam such systems from short-ish distances. Detectable for sure, but easier than getting inside a plant and depending on your attack it might just be enough to magnify the general chaos.

0
0
Paul Crawford
Silver badge

Re: Really bad design

Or does it actually just need the attackers to get someone/something to carry their data into the plant, which is a whole different (and much easier) task, as Stuxnet and others have shown.

And you think some two-bit script kiddie can pull that sort of thing off?

Sure we saw Stuxnet as a major achievement in cyber-attack many ways, but if you have the combined might of USA & Israel determined to do something, it will be done. Or a bunker-buster bomb or three.

1
0
Paul Crawford
Silver badge

Re: Really bad design

Yes, but air-gapping rules out the 3 billion internet-connected devices out there from having a go and forces any would-be attackers to actually physically infiltrate the plant.

And that is a difficult and very high risk approach as whoever is caught (assuming not shot on sight) can't wave their hands and say is was the Russians/Chinese/USA/Israel/etc with little evidence to back it up.

0
0

Canadian court refuses to let Feds snoop on Megaupload servers

Paul Crawford
Silver badge

Re: What's he done wrong that others haven't

In short - not big enough and not American.

Take a look at the complaints about YouTube screwing over artists / producers since its inception and wonder if it did not have Google's might behind it and all that lovely campaign money to US politicians why it survived.

Edited to add: As Adam also raised the point - Google too has the ability to restrict copyright material but only if you sign up for a pittance from their services. https://www.theregister.co.uk/2016/04/14/you_and_your_wellies/

4
0

Mediaeval Yorkshirefolk mutilated, burned t'dead to prevent reanimation

Paul Crawford
Silver badge

Re: Help a foreigner, please

Used to see Æ symbol on older radios for the aerial connection. Oh how I miss my diphthong!

1
0

Is this a solution to Trump signing away your digital privacy? We give Invizbox Go a go

Paul Crawford
Silver badge

Re: VPN providers

Pays your money, places your trust...

Even if they do have a SECRET spying agreement, do you think that would extend to telling your local councillors or school board about anything you / family might have been up to? Do you think that those TLAs would share such spying intelligence with insurance companies or job recruitment agencies?

In short, do you think that would matter to most people's activities unless very dodgy and they have a high security clearance?

1
0
Paul Crawford
Silver badge

Re: VPN providers

"I can't speak for the VPN provider, I personally won't use them because unless they are in the Maldives"

You could do a little research such as:

https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/

https://www.bestvpn.com/best-vpn-services/

(a bit advertorial, but they do cover country-of-origin in the pros & cons)

https://airvpn.org/

https://www.mullvad.net/

It is true that ultimately you are placing your trust in a VPN company instead of your ISP & government, but the flip-side of that is VPN providers depend on trust so they are more likely to honour that than ISPs that are (a) open to whoring you to advertisers, and (b) generally under the thumb of the government.

Which is another reason to ALWAYS get a VPN from another country - even if they do log your activity (against any stated policy) they are virtually guaranteed to demand a proper court order in their own country, and not answering some back-door surveillance law of your government. Oh, and don't forget to test your VPN with one of the many leak-detecting sites out there...

1
0
Paul Crawford
Silver badge

It sounds like a great solution for the technically-challenged that value their privacy.

Lets face it, most people have little to fear from the likes of GCHQ/NSA/FSB/etc because the majority of folk who are likely to be after them or pestering them won't be getting data from such agencies. However, if you are politically important or work high up in a 1$B business that is unlikely to be the same case, but then you would have some competent IT folk to take care of you and you would not use a skanky old Android phone would you?

Sadly many don't realise the long-term consequences of world+dog having all of their secrets on hand to monetize via advertisement or blackmail with down the line...

9
1

Kremlin-linked hacker crew's tactics exposed

Paul Crawford
Silver badge

Re: "...and an endpoint exploitation kit called Scaramouche."

Which is why the EU has invested so much in Galileo! Galileo!

2
0

BMW chief: Big auto will stay in the driving seat with autonomous cars

Paul Crawford
Silver badge

Re: Gotta agree with BMW here

"given Google and Ubers current attitude to regulations"

One major difference is the big software businesses like Google, etc, have never had to write or certify safety-critical stuff.

Just now they hare playing at testing cars on the road but at what point is it all going to be subject to the sort of analysis, testing and approval that companies that write for aircraft systems, etc, have to do? And if not, why not? Why should a motorised object that are more than capable of killing and maiming be programmed by the sort of folk who write web browsers that randomly fall over with "Opps!" messages and they think its ok?

5
0

BOFH: The Boss, the floppy and the work 'experience'

Paul Crawford
Silver badge

He is a student, with nothing to do on a Friday with the BOFH and PFY. Why go to the quicklime trouble when a simple challenge of crawl around the local pubs is going to wipe ant credible story from him?

7
0

Europe to push new laws to access encrypted apps data

Paul Crawford
Silver badge

Re: "you stand out like a sore thumb"

No, you just encrypt before using WhatsApp or similar. Unless they decrypt and check EVERY WhatsApp message then they won't see your message as having any unusual characteristics. By time they do it probably too late anyway.

Depending on how any back door is implemented the cost of decryption could be made very high, for example to thwart mass surveillance but keep to the letter of the law, so they would need to have prior knowledge of suspects to check and then you are back to square one - to crack the 2nd level of encryption you need to arrest them and so on to obtain the key, so its no longer usable for surveillance as the suspects know they are being followed.

5
0
Paul Crawford
Silver badge

This is the European Commission speaking, largely a mouthpiece for the various EU governments. As such the tech companies should call their bluff and force it to a vote on a law (with explanations of how such a back door won't be discovered and abused) to the European Parliament. Many MEPs don't share the same authoritarian streak and it might just get kicked back when the public realise how their own privacy is being screwed over.

26
0
Paul Crawford
Silver badge

It wont. Not one bit.

What it will do is try to pacify politicians screaming "something must be done!" to appease Daily Fail-style readers all over Europe.

31
1

Windows 10 Creators Update: Clearing the mines with livestock (that's you by the way)

Paul Crawford
Silver badge

When I read that my WTF meter went in to the "Oh, this is going to be fun (for a non W10 user)" region. Have we got enough popcorn standing by for those poor users who find they can boot their machine after some weasel-worded upgrade?

1
0

Virgin Media suspends 4 staff over misreporting connections

Paul Crawford
Silver badge

Re: My experience with Virgin Media has been reasonable

If you really want something stable and under your control - don't use any ISP-supplied router / wifi point.

Get something half-decent that supports an open firmware such as DD-WRT or Tomato (say Linksys WRT1900ACS or similar, maybe also a switch or fancier device to do both) and spend an hour or so reading up on it, installing and configuring it.

Don't forget to set up a separate IP range for "guest WiFi" so your visitors and any dodgy devices (like most Android phones...) are not on any moderately trusted internal LAN's range (also you can bandwidth limit that so they don't throttle your business use). You can also set up a VPN on such a router if you value your privacy, but depending on your usage it might be better to keep the VPN option for mobile devices and/or any machines you use for sensitive data and don't need top-speed or the fixed IP address.

0
2

BDSM sex rocks Drupal world: Top dev banished for sci-fi hanky-panky

Paul Crawford
Silver badge

Salem reunited

So we have an example of beliefs being used against someone, but because its not, for example anti-Semitic or anti-Muslim there is little legal challenge of it not any apparent need for those in charge to fully justify their actions. Even the accusation of witchcraft these days will get little mention.

Has his interest in Gorean role-playing caused any harm? Have there been any cases of play-partners presenting stories of abuse? If not the Drupal team should shut-the fsck up and get on with developing software, not acting as moral police for communities who are probably able to make their own minds up (no matter how odd it seems to most of us).

121
3

Ex-military and security firms oppose Home Sec in WhatsApp crypto row

Paul Crawford
Silver badge

Re: @ MNGrrrl

If I could up-vote you 100 times I would!

The sad thing is we are dealing with vain and ignorant politicians who want to appeal to the tabloid-reading masses and thing that a "technological solution" like backdoors will make that quick and cheap.

It won't, it will fail in its prime goal and cause untold damage to the millions of innocent law-abiding people who have a right to privacy and to secure business dealings.

11
1

Manufacturers reject ‘no deal’ Brexit approach

Paul Crawford
Silver badge

Re: It'll be fine

"European Council, in agreement with the Member State concerned, unanimously decides to extend this period"

And you can see all of the EU members doing this to help the UK out? Really?

26
0
Paul Crawford
Silver badge
Facepalm

Re: Speculating

EEA is the least-worst option for UK industry.

But it will piss off the right-wing voters who (largely) wanted Brexit and they are Mrs May' voter base for now.

What do you expect a politician to do? What is best for the country, or what keeps themselves on the gravy-train?

15
3

Trump's America looks like a lousy launchpad, so can you dig Darwin?

Paul Crawford
Silver badge

Re: Cubesats == more space junk

If put in low 250-350km-ish orbits they won't be up for so log to cause a junk problem.

Sadly many are in the 600-800km altitude range where they will be for decades or longer :(

2
0
Paul Crawford
Silver badge

Re: Fuel + oxidizer = thrust

If you look around you should find:

http://library.sciencemadness.org/library/books/ignition.pdf

Its an informal history of the development of liquid rocket fuels. It is an eye-opener of a read for anyone with interest and even a basic grasp of chemistry. Some of they stuff their considered and even tried just beggars belief! But given the original goal was to deliver terminal global nuclear destruction to the Earth I doubt the toxicity or handling problems were very high on the agenda of the day...

(Note the PDF won't show correctly in Firefox but looks OK in evince or probably other PDF readers of your choice)

10
0

Bloke whose drone was blasted out of sky by angry dad loses another court battle for compo

Paul Crawford
Silver badge

Re: I had my Glock on me

I suspect if you had just shot down some knob-end's toy you might be wary of a visit by said knob-end and some of his "hard when in a group" friends.

Personally I think America's gun laws are damn stupid, but when in Rome do as the Romans do...

8
0
Paul Crawford
Silver badge

Here was I thinking he was a simple knob for buzzing a family with his toy. Now it seems he has gone that extra litigious length to prove he is really a "grand knob of the 1st order".

152
4

Carnegie-Mellon Uni emits 'don't be stupid' list for C++ developers

Paul Crawford
Silver badge

Re: Oh, goodie!

"FORTRAN is basically a universal assembler"

Not really. While *ALL* compiled languages eventually result in assembly-level instructions, C is a slightly special case in that it allows quite easy means of arbitrarily addressing memory locations and interacting with asynchronous events such as signals/interrupts. It also has many bit-wise sort of options in terms of manipulating integers, bit fields in structures, etc, that are useful for hardware driver I/O, etc.

That is not part of the usual FORTRAN syntax nor (I presume, not used) COBOL. E.g FORTAN 77 had no memory allocation support, you had to define fixed-size arrays at the start.

0
0
Paul Crawford
Silver badge

Re: Coverity is decent

It is also available free to FOSS projects.

While there are numerous warning that can be ignored, the golden rule for all such code-profiling tools is to make sure you understand the nature of the warning before you fix it or ignore it.

Also worth a mention are some free (at least on Linux, maybe others?) memory checking tools like valgrind and the good old electric-fence library. While not checking your source code as such, they do help with detecting run-time memory errors such as double-free, leaks, etc.

1
0
Paul Crawford
Silver badge

Re: That's why an OS shouldn't be written in C/C++

Oh yes, most of the OS kernel should as it needs that sort of memory wrangling and I/O poking sort of thing.

Most of the user-land tools and utilises probably not...

3
0
Paul Crawford
Silver badge

Re: Oh, goodie!

Remember this: C is basically a universal assembler, created to allow an OS to be written in a largely machine-independent manner. As a result it allows all sorts of potentially dangerous actions (in particular pointers, but not helped by some of the more odd/obscure syntax that sticks around).

Rule #1) If you can't program in assembler with any degree of success then don't use C

Rule #2) C++ adds some better features, and adds some worse features

Rule #3) If safety is more important than performance or universal support use another language.

Rule #3.9999999) Don't use flaky Pentium FPUs

16
2

Microsoft loves Linux so much, its OneDrive web app runs like a dog on Windows OS rivals

Paul Crawford
Silver badge

Re: so why not just use Dropbox?

Because they can all spy on you?

If you are going to use cloud storage then go for one of the "zero knowledge" types like Sync, SpiderOak, etc, that allow you to hold the only encryption keys for your data.

7
1

Softcat purrs as customers buy early to dodge Microsoft hikes

Paul Crawford
Silver badge

In related news, sales of KY jelly reached record levels in December...

2
1

Error prone, insecure, inevitable: Say hello to today's facial recog tech

Paul Crawford
Silver badge

What?

" the faces of 125 million US adults have been stored in criminal facial recognition databases"

Is my arithmetic, etc, wrong or is that about half the US adult population?

1
0

Microsoft delivers secure China-only cut of Windows 10

Paul Crawford
Silver badge
Joke

Re: So...

Can we in the west get a choice of who spies on us please?

20
0

Linux-using mates gone AWOL? Netflix just added Linux support

Paul Crawford
Silver badge

Re: I would expect high quality ripping to be a problem for Netflix

Lets face it, you can already get high quality rips of practically everything on the torrent sites. This is unlikely to change those dedicated pirates one bit.

But for the rest of the world it makes sense, if you can get stuff legally and without hassle its worth paying a modest amount for.

16
0

Forums

Biting the hand that feeds IT © 1998–2017