* Posts by Paul Crawford

3271 posts • joined 15 Mar 2007

FBI boss: 'Memories are not absolutely private in America'

Paul Crawford
Silver badge

"Top of the list was nation state hackers, he said, followed closely by international professional hacking groups that worked for money"

This is probably quite true, and he deserves some credit for putting terrorists at the bottom of the list on the reasonable grounds they have not (yet) achieved very much in 'cyberspace' actions.

But those top two in particular would make mincemeat of any backdoor or key escrow system and he really needs to get that point. Corporate/organisation-wide master keys simply don't scale to the government's desire because (a) nobody trusts them now, and (b) it would make everyone's device less secure when its found, not just a few hundred in any one department.

Defending the USA (or any other country's own) government and businesses interests means you need strong security, properly applied. Yes, it might make catching the odd smart criminal a touch harder, but it leads to less crime overall.

2
0

Kodi-pocalypse Now? Actually, it's not quite here yet

Paul Crawford
Silver badge

Re: As an example of availability problems

This is a key problem (they "you must pay a subscription"), as well as the "not available on your device / in your region" issue. Many surveys of pirate content consumer find two common threads:

1) Most believe that creators deserve some reward.

2) Most cite access restrictions as a reason for torrenting, etc.

While its hard to say Spotify or YouTube provide a decent or fair reward to artists, the appearance of such services has dramatically reduced music piracy. Same would go for movies if you could get them hassle-free and not dependant on where you live. But that geographical licence mind-set is so ingrained it is not moving as yet, just look how streaming services block paying customers using VPNs to avoid geoblocking!

8
0

CIA hacking dossier leak reignites debate over vulnerability disclosure

Paul Crawford
Silver badge

"Weaponizing everyday products such as TVs and smartphones – and failing to disclose vulnerabilities to manufacturers – is dangerous and short-sighted"

And sadly even if said vulnerabilities are disclosed, many supplies will do SFW about it :(

MS get beaten up over taking 90+days to patch (and rightly so given their size and budget) but they are one of the better players around!

2
0

Windows Server ported to Qualcomm's ARM server chip. Repeat, Windows Server ported to ARM server chip

Paul Crawford
Silver badge
Trollface

Re: Famous last words

Up-vote for some quality trolling. But you forgot to mention Windows RT... :)

Still, it is a jolly good thing to have diversity in CPU use (as for OS) as it tends to result in more portable future-proof code, reveals bugs quicker, and makes run-everywhere exploits a touch harder. And that is before we get in to the obvious benefits of a genuinely competitive market on price and service!

Even if MS develop the ARM server market primarily for their own cloudy usage, everyone benefits.

4
0
Paul Crawford
Silver badge

Open BIOS?

Will this mean we can get a server with a genuinely open BIOS so we have a bit more trust?

OK, it is obviously possible for the chips themselves to run opaque and suspect code (*cough* Intel SMM *cough*) but having some insight and control over the boot process would help a lot.

8
0

Looks who's bailed out internet-satellite provider IntelSat? It's... Softbank?

Paul Crawford
Silver badge

WTF?

"connected cars ... latency requirements that are beyond satellite"

Does anyone else in the world think that a car that can't cope with slow on non-existent networking should NEVER be allowed on the road in the first place?

4
0

Success in the bedroom breeds success in the boardroom – research

Paul Crawford
Silver badge
Gimp

Then use some grinding paste instead of lube

3
0
Paul Crawford
Silver badge
Joke

Re: So about prostitutes...

Other way round, if they have a quiet night of answering polite emails and drinking coffee with co-workers...

0
0
Paul Crawford
Silver badge

As Woody Allen once remarked - at least it is with someone you love!

7
0

Redmond's on fire, your 365 is terrified: Microsoft email outage en masse

Paul Crawford
Silver badge

IMAP access to MS-provided email is still Ok in my backwater of the UK.

2
0
Paul Crawford
Silver badge

We will update this article when its spokespeople spokeslizard get back to us.

Fixed it for you...

19
4

That big scary 1.4bn leak was 100s of millions of email, postal addresses

Paul Crawford
Silver badge

"Bounce from SPF? That's new one for me. SPF as specified is meant specifically to suppress impersonation of sender."

True, but if you are impersonating someone you probably are a spammer. So a bounce to tell anyone of mis-configured system that is being spam-filter blocked is useful.

1
0

Shopping for PCs? Ding, dong, the Dock is dead in 2017's new models

Paul Crawford
Silver badge

Re: So just like Apple then!

Unlike Apple they have not dumped USB-2 or HDMI.

Yet.

7
0

RadioShack bankruptcy savior to file for, you guessed it, bankruptcy

Paul Crawford
Silver badge

Re: Solder Repellant

I remember visiting London in the 80s when Edgeware Road (and nearby) had so many electronic shops, some dating back to the 30's (with knowledgeable staff that looked as if they also served then). Remember there was even one shop (Samson?) that specialised in transformers of all sorts of sizes, shapes and use.

Last time I wandered down there it was all gone :(

2
0

Sir Tim Berners-Lee refuses to be King Canute, approves DRM as Web standard

Paul Crawford
Silver badge

Re: And will this DRM realise its been run in a VM and is a chocolate teapot?

"They don't work with 4K discs because they use HDCP 2.0, which uses different keys and IINM forbids the use of splitters."

And yet this device offers HRDCP 2.2 splitting:

https://www.hdfury.com/shop/splitters/integral-4k60-444-600mhz/

(Cheaper than replacing an older 4K TV that lacks 2.2)

3
0
Paul Crawford
Silver badge

Re: And will this DRM realise its been run in a VM and is a chocolate teapot?

Companies like RedFox sell bluray ripping software. Not tried it as I don't have any need for it, but it seems the goal of DRM there has been comprehensibly broken. No mention of 4k capabilities though.

Sadly windows only.

Edited to add, here is a link about 4k ripping from Nov 2015:

https://torrentfreak.com/pirates-can-now-rip-4k-content-from-netflix-and-amazon-151127/

1
0
Paul Crawford
Silver badge

Re: DRM means you don't own your content

Funny how my books and artwork just keeps "working" even when the seller has gone.

Why should digital be any different?

31
0
Paul Crawford
Silver badge
Trollface

Which is why piracy is important, to keep the sellers honest

16
3
Paul Crawford
Silver badge

Re: And will this DRM realise its been run in a VM and is a chocolate teapot?

And yet most bluray/4k stuff appears on torrent site in no time.

That is the thing about DRM, generally it serves to piss of honest consumers and does not stop anyone really wanting to pirate.

43
0
Paul Crawford
Silver badge

Another evil

While the arguments about the need for interoperable DRM will run and run, one outstanding issue with a more universal DRM is the opportunity for advertisers to track your browser use via the DRM serial number/reporting mechanism. All they need is one little DRM-enabled bit on a page and there is a method to find out uniquely who visited.

Google being involved makes me fear the worst...

Sir Tim has a point, but the reality is DRM ought to have certain standards of interoperability and ethics about what is revealed before it comes in to use. For now you would need a plug-in for Firefox, but if it comes with Chrome/(IE|Edge) who is going to bet on always-on and always-reporting?

45
0

Microsoft wants you to plan a new generation of legacy systems

Paul Crawford
Silver badge

Re: Factory automation

A very valid point, but often you get in to a situation where you can't get drivers for the old OS to run new hardware (that happens in every OS by the way).

Problem here is it looks to be security updates only, so unless MS pressure the OEMs to support an older OS' HAL for new hardware, you don't get the advantage of an easy fix for failed hardware. I still use W2K in a VM for some old (and expensive) CAD software to get round this, but I have the luxury of not needing special HW drivers, so the VM delivers never-dying hardware.

But for any such restricted use, you really, REALLY, want to keep them of t'Internet. Privative VLANs only and damn few user's PC/phones/IoT-shit/etc on them...

1
0
Paul Crawford
Silver badge

Re: Satnad trainees under Ellison

"looking for new opportunities to screw their customers hostages"

Fixed it for you...

6
4

BT splurges £1.2bn on securing Champions League rights, Sky heads for an early bath

Paul Crawford
Silver badge
Big Brother

Re: "But he added that the latest move could result in costs being transferred to consumers"

" as I want/need a static IP which VM do not offer for residential "

You might want to check out non-UK VPN suppliers who could offer that (in addition to not having your every activity logged).

3
0

America halts fast processing of H-1B skilled worker visas

Paul Crawford
Silver badge

Re: why was this called 'discrimination'

"Quite happy to get us to guarantee the rights of EU citizens in the UK, before getting any assurances of the future of UK citizens in Europe."

So punishing people who perfect legally live, work and now have families here, if their own governments don't play your political football nicely is a good policy?

20
8

Linus Torvalds lashes devs who 'screw all the rules and processes' and send him 'crap'

Paul Crawford
Silver badge

Re: "Does the chip vendor publish enough to let someone write a driver?"

"And why should they? It's their IP, not yours."

To make it work?

The IP is in the chip, not in the API. Unless of course its a bug-riddled pile of sh*t that has many workarounds in the driver code and they don't what that available without a NDA?

30
2

Frustrated by reboot-happy Windows 10? Creators Update hopes to take away the pain

Paul Crawford
Silver badge

Re: Serious question here...

There are probably other fine points I am not aware of, but one fundamental difference is that Linux (and most UNIX) file systems allow a file to be replaced via a move operation while the file is open/in-use. So with a typical Linux update you unpack the update, then move it over the "live" version, and if possible you restart that process.

Now not all processes can be restarted while live, most obvious is the kernel (and related in-use drivers like file systems, etc) and the user log-on system for the desktop, active SSH sessions, etc. In these cases you have a patched machine but the previously running process are not yet updated. So if you start another instance of such a process (OK, not the kernel!) such as a new SSH log-in then you get the patched version.

So to finally apply ALL updated you need a reboot, but at that point in time everything is already done, so you don't get another couple of minutes of "applying updated ... configuring computer" or whatever you see when restarting Windows after it said it was done.

There are also a couple of options for patching the Linux kernel while in-use, but they are not universally in use yet and probably have some limits on how big a change can be done (e.g. basic changes to structures, etc, on major updates) without a reboot.

15
0

Prisoners' 'innovative' anti-IMSI catcher defence was ... er, tinfoil

Paul Crawford
Silver badge
Joke

Re: Look at the bright side...

So cold turkey in both senses?

8
0

Fireball in Tasmania: Possible CubeSat re-entry sparks alien panic

Paul Crawford
Silver badge

Re: Seeking expert knowledge

Same thought here - that looks awful big to be a cubesat of a couple of kg and shoe-box size.

4
0

Uber: Please don't give our London drivers English tests. You can work out the reason why

Paul Crawford
Silver badge

The Knowledge

The original reason for the introduction of "the knowledge" to be a taxi driver in London was the piss-poor performance during some Victorian trade fare around 1865 when visitors got buggered around and generally the drivers failed to get them where they needed to be.

Now you could argue that the in-depth knowledge of London's roads is a bit obsolete in these satnav days, but still many people won't know the postcode or street name of where they want to be, maybe hotel name, or major shop, etc. So it still has some value. But ultimately if the driver can't understand what you are saying it is simply not a safe or satisfactory situation. And that is not specifically about Uber, but they seem to always be scraping the barrel in terms of screwing over thier drivers, etc.

45
0

Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

Paul Crawford
Silver badge

Re: Some things can be done

This really nails one aspect on the head - I don't trust those in power (politicians or civil servants) to either by honourable in their use of such vast powers, nor do I trust them to be competent not to leak the lot on some train, etc, or through bribery or corruption.

And that is before we get in to the practical business of how you make such a system that is technically workable and resistant to criminals (private or state-sponsored) who we have seen to have already broken in and looted massive gov data sets that ought to have been secure.

5
0
Paul Crawford
Silver badge

Better still - make those two come up with a workable solution, one that is passed by those with knowledge in the technical community. Start by laying down the simple rules such as:

(1) that it must remain secure against other nations and any criminals

(2) be scalable and applicable to open-source projects like web browsers, etc

(3) cost less than 0.1 Euro per user to develop, implement and manage.

Should keep them occupied until the heat death of the universe...

19
0

You're Donald Trump's sysadmin. You've got data leaks coming out the *ss. What to do

Paul Crawford
Silver badge

@ Farnet

Citations required I think...

There is always the Tempest-style of scanning for any active electronic device's leakage, but that would be hard to do in most working environments with numerous phones and PCs and a general lack of screening causing "electronic fog".

5
0
Paul Crawford
Silver badge

A couple of random thoughts:

1) If you are planning on using a non-company phone to steal stuff, would you not put it in air-plane mode before brining it in? So cell phone scanning won't do much for anyone that dedicated.

2) If data security and privacy matters then the only type of cloud storage in use should be the zero-knowledge type like Sync, Boxcryptor, SpidreOak, etc, and certainly not MS/Google/DropBox and similar.

3) So many data loss incidents seem to be accidental emailing to world+dog, that ought to be a lock-down by default in anyone's system, with special hoops to jump through before you can email more than a few folk (or list) and more so if it has any attachments.

It might just stop corporate drones emailing a multi-MB word document, PDF or power-point slide to everyone in your organisation to say 3 bullet-points as well...

12
0

Git fscked by SHA-1 collision? Not so fast, says Linus Torvalds

Paul Crawford
Silver badge

Re: Common sense approach

I do not quite follow. What exactly would an attacker manipulate in a git repository?

To be honest, I'm not sure. But time after time people find cunning ways of gaming systems that nobody had thought of before that.

Off the top of my head, the obvious thing is you could manipulate somebody's private GIT repository to change code but still have it appearing to match a public trusted one. Sure, if you have that level of access there are a hell of a lot more nefarious things you might do to them, but that would be one possible way of getting a back-door in to a specific company's system based on a otherwise trusted code base.

2
0
Paul Crawford
Silver badge

Re: Common sense approach

Both sides have a valid point:

- SAH-1 is not used as a sole measure of correctness, so no immediate panic.

- Sooner or later, someone will find a way to compromise at least some aspects of some GIT-based project if other attributes of generating a hash collision become easy enough that length and position of fix-up crude become easy to manipulate.

1
1

Autonomous cars are about to do to transport what the internet did to information

Paul Crawford
Silver badge

The point here is the "labour" will be further split, a few very wealthy fleet owners and very poorly paid cleaners who don't need to speak your language (car does that) or have any skill level like a driver's license/ taxi license (hence they can't get a better job).

Welcome to the 21st century's satanic mills...

As for buying an autonomous car, why? It will cost much more to buy, it will have (probably) onerous running costs due to the safety criticality of all those sensors, etc and the need for on going software support. Probably bugger-all resell value as well: Welcome to automotive XP - can't take that on the road sonny, its no longer got manufacturer’s support. Maybe at some point insurance will push you over to autonomous vehicles, but rent-a-fleet makes more sense when your own one is going to sit most of the day and night doing nothing while the rental ones are being paid off in that period.

4
1

Pai, Pai, Mr American spy: FCC supremo rips up privacy protections for broadband punters

Paul Crawford
Silver badge

Re: https

They still see which web sites you visit, even if the page content is hidden. That alone is valuable.

Also they have been guilty of interfering with email security protocols (and others) before:

https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks

https://www.eff.org/testyourisp

Sort answer - if you are in the USA you damn well need a VPN as much, if not more than, us poor suckers in the UK (assuming you value your privacy).

13
0

Mysterious Gmail account lockouts prompt hack fears

Paul Crawford
Silver badge

Re: Happened to me.

Same here this morning, and this if for my phone and I practically NEVER use that gmail account for anything else. Certainly not in the last few months.

Just wondering - are they migrating password hash algorithms and this is a route from SAH-1 to SAH-256 or similar?

4
0

New UK laws address driverless cars insurance and liability

Paul Crawford
Silver badge

Re: Appropriate

I wondered about that, what exactly will those restrictions be?

Some 512 page EULA from the car company about not one roads without XYZ accuracy of GPS maps being created, etc, that you can't practically verify yourself? Or with snow or ice on roads, etc?

Really, it should be simple:

1) It is manual - drive it yourself

2) It is motorway use only where simple lane tracking is OK (i.e. enhanced cruse control)

3) It actually drives itself and you don't have ANY responsibility for its actions beyond setting the destination.

5
0

Motorola's modular Moto Z: A fine phone for a weekend away

Paul Crawford
Silver badge

I'm still on spinning rust, FFS!

Me too with my ~3 month old laptop. Unfortunately for my work I need ~500GB of data sets on it and just can't afford/justify the resulting SSD price tag.

1
0
Paul Crawford
Silver badge

"There's 4GB of RAM, 64GB of storage and the chance to add more in a micro-SD card slot. The 5.5in screen offers 2560 x 1440 resolution"

Sigh, better than most laptops...

2
0

BOFH: Elf of Safety? Orc of Admin. Pleased to meet you

Paul Crawford
Silver badge

Re: OOOOohh

Or the boss come to an "arrangement" with the BOFH in terms of dealing with problems he has versus supplies of new equipment and the odd jolly to conference events in high-alcohol areas?

15
0

Your future boss? An employee-interrogating bot – it's an open-source gift from Dropbox

Paul Crawford
Silver badge

Re: One afternoon in Hawai...

Hi bot,

Yes its a new ultra-secret project codenamed FUCKITOL to improve the NSA's compliance with the US legal system and constitution.

Yours, Edward.

p.s. Please delete all references to this as you are not written in Ada so are not approved for that level of classification.

3
0

Amazon goes to court to stop US murder cops turning Echoes into Big Brother house spies

Paul Crawford
Silver badge

Re: Legal precedent - and business model

But the point is still valid - if they collected evidence of a crime and it is accessible to Amazon, they should hand it over. The iPhone case was very different, it was not accessible to Apple and they were being asked to assist in breaking the device's security which has much wider implications as it changes what other's get.

Sure, this might become a snooper's gold mine, but following the court case people should know the truth. If Amazon are recording all of this and storing it and that creeps you out - don't get one. Sadly this is likely the reason for the fight - money, not rights.

3
1

Ad men hope blocking has stalled as sites guilt users into switching off

Paul Crawford
Silver badge

Re: I bought your tshirt.

Where did "Cash'n'Carrion" go?

Used to have some nice mugs, radioisotope powered glow-in-the-dark keyring, etc.

5
0

Radioactive leak riddle: Now Team America sniffs Europe's skies for iodine isotope source

Paul Crawford
Silver badge

Re: Whisky

Nah, will be from Laphroaig. It would explain the TCP+ash tray taste...

1
0

KCL external review blames whole IT team for mega-outage, leaves managers unshamed

Paul Crawford
Silver badge

You are right that HP probably were the cause of the primary failure.

However, the disastrous consequences of such an array failure lies squarely with the management and IT teams for not having a working DR system in place (that includes making sure *all* data is backed up, and that the backups are tested regularly). Even if HP didn't fsck-up, failures can and *do* happen all by themselves.

But the blame shone on the IT team is worrying, but maybe to be expected from this sort of commissioned report. I'm sure all of us have made mistakes, and all of us have jerry-rigged systems to get by, but not having proper DR in place for an organisation-wide storage system is a likely a management failure in terms of not funding and/or not asking the right questions (or being prepared to hear the true answers).

5
0

More brilliant Internet of Things gadgetry: A £1,300 mousetrap

Paul Crawford
Silver badge

Re: Homebrew

Improve the flavour of what, the mouse or the cider?

3
0

London Internet Exchange members vote no to constitution tweak

Paul Crawford
Silver badge
Joke

Re: Abandon all Hope. They are all gagging for it.[1]

"Perhaps, in the future, we can move to the Exclusively Thumbs Up System instead and get a better idea about people's opinions."

What like Facebook?

8
0
Paul Crawford
Silver badge

Most countries have legal intercept laws but that is not the problem. What is the issue here is the massive scale, lack of legal oversight in what is gathered, and gagging orders about even the fact of such an order being served.

Look to other countries as well that have less oppressive laws, say Sweden, Iceland, etc.

10
0

Forums

Biting the hand that feeds IT © 1998–2017