* Posts by Paul Crawford

3482 posts • joined 15 Mar 2007

How to remote hijack computers using Intel's insecure chips: Just use an empty login string

Paul Crawford
Silver badge

Re: AMD

From this particular bug yes, but probably they have their own ones...

2
0

Microsoft says: Lock down your software supply chain before the malware scum get in

Paul Crawford
Silver badge
Facepalm

Re: So ultraedit ehhh?

Come on, its bound to be an Adobe package! They love running their own updater process at start up.

3
0

China's first large passenger jet makes maiden flight

Paul Crawford
Silver badge

Why would the EU mandarins have to punish the UK over Brexit?

Our own shower of shit glorious leadership are doing the job or ruining the UK perfectly well without any assistance.

12
2

systemd-free Devuan Linux hits RC2

Paul Crawford
Silver badge

Re: It's fascinating that Linux now has the same problem as Windows

UTF-8 is great, but please don't be a muppet like the systemd lot and have your program crash if a non-UTF-8 character is used in a *comment*...

10
2
Paul Crawford
Silver badge

Re: Easy answer.

"What on earth do they know about producing enterprise ready, stable operating systems? "

Like RHEL 6 that is without systemd, perhaps?

10
1
Paul Crawford
Silver badge

Re: It's fascinating that Linux now has the same problem as Windows

"However, binary configuration files and binary log files are inevitable"

No they bloody well are not!

If, as you seem to think, that English is some imperial conspiracy then why do we not program in binary? Why do all major languages use it? Why is it the most common language in the world (mostly as the 2nd spoken choice)?

And if you need to translate binary to/from some local readable format, why not translate English/ASCII in the same way? Fundamentally providing a language-agnostic system is very hard work and you then lack any simple way to interact with it for development with just a text editor.

26
1

Boffins gently wake the Large Hadron Collider from annual hibernation

Paul Crawford
Silver badge
Pint

Re: inverse knights

A most splendid unit!

I guess another would be drink-related in terms of shots chucked in the general direction of one's mount?

3
0

Loadsamoney: UK mulls fining Facebook, Twitter, Google for not washing away filth, terror vids

Paul Crawford
Silver badge

Strong & Stable

Strong and stable, as in thick as a plank? They are strong and stable.

http://newsthump.com/2017/05/02/eu-dinner-was-strong-and-stable-claims-theresa-may/

(apologies in advance for the click-baity nature of that site's adverts)

2
0

KickassTorrents kicked out again, this time by Australia

Paul Crawford
Silver badge
Pirate

Re: Oh my god

But from a practical point of view:

1) It puts a block for the majority of people who don't understand that Google is not the Internet, or what actually happens when you click on any hyper-link or type in a URL.

2) It avoids the collateral damage of IP blocking if a site uses a shared IP address with other legitimate sites.

3) Those who understand how to bypass (1) would know to use a VPN to bypass (2) as well, so it not much less effective in practice.

4) It fairly cheap & easy.

8
0

Don't listen to the doomsayers – DRM is headed for the historical dustbin, says Doctorow

Paul Crawford
Silver badge

Re: This is interesting...

Doctorow and Orlowski have very differing view points, but that is good for a news site like this. Last thing I want it to be fed opinion from only one side (like more tabloid papers, Fox "news", Russia Today, etc)

7
0
Paul Crawford
Silver badge

Re: Convenience is the enemy of intrusive DRM.

"all major Steam games can also be torrented though, so obviously it's not an entirely effective DRM system"

There is no need for unbreakable DRM so long as the legal offering is good value for money (i.e. just works on any platform you realistically want, in the region you live, prices is OK). Keep the majority paying for the legal version and you as a business will do just fine and few will try hear to break it or share them, piss them off and you will find the torrents become the majority method.

12
1

Not auf wiedersehen – yet! The Berlin scene tempting Brexit tech

Paul Crawford
Silver badge

Re: Commuting time

That aspect is a major factor in how I, at least, would see any alternative location to move to. No point in moving to some city where your employees wast 2 hours or more of their life every day commuting. What is that equivalent to, around 10% of your waking life?

8
0
Paul Crawford
Silver badge
Gimp

Re: Why Berlin?

Don't forget the "Speciality clubs" that Berlin is famous for. Allegedly.

6
0

Stanford Uni's intro to CompSci course adopts JavaScript, bins Java

Paul Crawford
Silver badge

Re: Just teach them Python

Python looks to me as a good choice. But it, along with JavaScript, both have one serious aspect that is lacking - strong (maybe any) data typing.

Yes, it is really handy not to worry about small details like is it integer, float, character string, etc, when you still have to grasp the basic concepts (maths, branching, subroutines, not to re-implement libraries) but I have met people programming in C++ with "more than a year experience" and they don't understand the fundamentals of what types mean to the CPU, etc.

Get my day's rant in early!

10
1

Would you believe it? The Museum of Failure contains quite a few pieces of technology

Paul Crawford
Silver badge

Re: Betamax - Betamax quality wasn't actually that much better.

Really the success of VHS was down to more suppliers of VHS players (Sony licensing I guess) and so video hire shops (remember them?) stocked way more VHS titles, leading to positive feedback. Same for availability of grumble flicks. Er, allegedly.

On notable failures we should also list Sony for its various attempts at forcing propitiatory tech on the world in the face of better/cheaper alternatives:

1) Mini-disk player, good idea in many way but way too expensive. DRM. Struggled to displace audio cassettes. Both died when SSD came along.

2) Memory sticks.

12
0

systemd-free Devuan Linux hits version 1.0.0

Paul Crawford
Silver badge

Re: It is not that clearcut

It is a shame that Canonical gave up on 'upstart' as it was almost what was needed: an init process that could handle parallel start-up and dependencies. It could also be run as a user PID if users wanted an event-drives start-stops system, say for removable storage. And there it stopped, as it only wanted to be 'init' and not an octopus.

19
0
Paul Crawford
Silver badge

@ lpcollier

"A change of init system isn't something we should be doing more than once every couple of decades, but systemd seems very good to me."

The problem is systemd is not JUST an init system, it adds in binary logging, time setting, module loading/blacklisting, and all sorts of other stuff that were pretty much already solved and workable. And in many cases it adds bugs/issues that seemingly just don't get fixed if they are not in line with Pottering's personal outlook.

If it were just a paralleled start-up system there would be far less issues, but instead we have fsking *desktops* like GNOME has become that have systemd as a dependency, WTF?!

42
0

PACK YOUR BAGS! Boffins spot Earth-size planet most likeliest yet to harbor alien life

Paul Crawford
Silver badge

Gravity well problem

While it is a pointless technicality given we can't get there in any foreseeable time or technology, it is worth a moment to consider that at 7 times the Earth's mass you could not escape its gravity well using chemical rocket engines.

But if you made it there in the 1st place you would be using some nuclear system or something we have not imagined (or maybe just considered possible) yet, so a technicality really.

For more on chemical engine limits: https://www.nasa.gov/mission_pages/station/expeditions/expedition30/tryanny.html

2
0

UK.gov survey shines light on cybersecurity threats to businesses

Paul Crawford
Silver badge

To be fair, they do have some useful (and moderately readable) guidance:

https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach

https://www.ncsc.gov.uk/guidance/macro-security-microsoft-office

https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts

2
0

Chap 'fixes' Microsoft's Windows 7 and 8 update block on new CPUs

Paul Crawford
Silver badge

"I don't see the point of installing linux so I can run windows in a vm when I can run windows natively"

Err, wasn't the point of the article that you won't be able to, unless you got to Win10 or stick to old hardware? A pretty good reason to virtulise in my book.

Also easier to change hardware (no re-licensing as Windows won't see the change) and less malware problems as many of the nastier sort don't run in VM environments to thwart analysis, and there is a damn sight less* for Linux in the first place if you use it for email and web browsing.

[*] less != none, you still have to patch Linux boxes and not to do dumb stuff.

17
0
Paul Crawford
Silver badge

"Many alternatives support limited range of hardware and are missing specialised functions"

Is this hardware connected via USB ports or RS232?

If so you can probably use a Windows VM for driving your telescope/camera/etc since most emulators allow for simple connection of common PC I/O ports.. Then you don't have underlying hardware platform issues and can easily save the VM and move it to another machine as needed.

9
0

Will the MOAB (Mother Of all AdBlockers) finally kill advertising?

Paul Crawford
Silver badge

"People don't hate adverts, just awful adverts"

That kind of sums it up, along with the observation that the awful sort is basically virtually everything.

Had the advertisement industry kept to low-bandwidth and discrete side bars that did not distract the user, act as a malware vector or soak up all usable bandwidth/CPU/screen area most users would not bother with ad blockers. But they didn't, and now here we are in a world where many web sites are pretty intolerable without an ad blocker.

What is the solution though? We have such a race to the bottom in web funding and nothing viable in sight that would make most people chose another means of supporting sites. Many have talked about micropayment options instead of the sordid world of on-line advertisement, but none have taken off.

45
0

How to breathe new life into your legacy kit now you've gone hybrid

Paul Crawford
Silver badge
Joke

"Reusing five-year-old network string is a flogging offence"

Would that be with the CAT-6 of nine tails?

7
0

Profit with just one infection! Crook sells ransomware for $175

Paul Crawford
Silver badge

Depends on how 'mature'.

Btrfs supports snapshots and is supposed to be production ready now. ZFS works well but you have the licensing issues (if you care) and again you get copy-on-write snapshots so they take little space for most (i.e. non-changing) files.

So try one of those and set up a cron job for snapshots. FreeNAS offers that in the GUI as it uses ZFS, but you have to make sure you tell it to do the whole file system tree - so check it is actually snapshoting what you expected!

0
0
Paul Crawford
Silver badge

Which is another good reason to run Windows in a VM!

That and not having to re-license it if the motherboard dies, etc.

And the ability (in some cases) to snapshot the VM before doing anything potentially damaging.

0
0
Paul Crawford
Silver badge
Thumb Up

Re: Backups

RAID (or replication) != Backup

Exactly, it deals with service continuity in the event of hardware failures, etc. Not against deliberate trashing (though regular snapshots on replicated storage goes a big way towards it).

0
0
Paul Crawford
Silver badge

Yes, but a proper backup system comes in to your PC, so you don't have any access rights (normally) on the backup system. After all, if your admin rights are compromised on the PC in the first place to run the nastier sorts, then it can go after backups as well.

Of course, without any backup there is nothing stopping your account from permanently trashing your own files, which is one of the key reasons ransomware works - you don't need a sneaky zero-day privilege escalation, simply the ability to trick the user in to executing something by ANY means.

Setting user-writeable areas to no-execute may be a useful step...

2
0
Paul Crawford
Silver badge

Backups also help for other problems like: hardware failure, lost/stolen machine, user deleting something and wanting it back days later, having a moment of "gross administrative misconduct" at the root prompt, etc...

1
0

Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs

Paul Crawford
Silver badge

Re: Money first, patches later

Lets face it, Oracle dose not give a flying fsck about any hobbyist.

When Sun did well with Solaris it was when they engaged with universities, etc, to practically give it away so a generation of computer science students left knowing and generally liking it. Oddly enough that translated in to future sales when they got jobs in the real world.

Those days are long gone and not coming back, now its only Windows & Linux/Android.

4
0

Large UK businesses are getting pwned way more than smaller ones

Paul Crawford
Silver badge

Re: I'm a computer security "expert".

"So the question is more how do you make RDS access more secure?"

Again, I'm no expert but I would start by looking for cheap-ish routers (i.e. affordable to a small business) like some DrayTek ones that support a VPN and at least you have another access layer before the world+dog can have a go at the server's remote log-in port. Not sure if they support using a certificate for VPN log-in but that at least gets away from piss-poor password choice.

0
0

eBay threatens to block Australians from using offshore sellers

Paul Crawford
Silver badge

Re: Netflix tax

Netflix do a good job of stopping you accessing them from the "wrong country" via a VPN to pay for stuff, so I'm pretty sure its easy for them to identify and pay any local taxes that are due.

1
0

Alert: Using a web ad blocker may identify you – to advertisers

Paul Crawford
Silver badge

Re: Sorted.

That has been my thought, we need a browser that deliberately randomises things like canvas drawing and reported fonts, plugins, etc, so every site you visit has something a bit different.

OK, your IP address is an issue but you can use an IP-sharing VPN to anonymise that if you really need to and typically IPv4s get shared in many cases as a few machines behind NAT, and ISPs typically change them anyway.

IPv6 could be a whole nasty bag of worms though if folk get a fixed block so advertisers know that they can ignore the bottom 16 bits and the rest is basically fixed by your ISP and not CG-NAT'd or anything..

1
0

Good job, everyone. We're making AI just as tediously racist and sexist as ourselves

Paul Crawford
Silver badge

Re: @ Infernoz

Sounds like a relapse is occurring, please keep taking the dried frog pills.

7
1

Deeming Facebook a 'publisher' of users' posts won't tackle paedo or terrorist content

Paul Crawford
Silver badge

Thing is, you could achieve much the same with small fines, just a hundred quid or so for each post not taken down in reasonable time, and same for each appearance of fake/misleading adverts, and suddenly Google, Facebook, etc, would manage to deal with most of the crap.

After all, they are pretty good at following users with targeted adverts, so how hard is it to develop a "this users is an angry moron" sort of profile and limit their ability to post/share shit?

12
1

Drupal sci-fi sex scandal deepens: Now devs spank Dries over Gor bloke's banishment

Paul Crawford
Silver badge

I think he is referring to the orange one's misogynistic "pussy grabbing" tenancies.

10
0

Linux remote root bug menace: Make sure your servers, PCs, gizmos, Android kit are patched

Paul Crawford
Silver badge

DD-WRT?

Seems no updated for DD-WRT for my TP-Link router since 2013 or so, so the big question* is this bug present in its kernel build?

[*] - Yes, there are obviously much bigger questions out there. Some even with > 3 syllables in more than one location, but in the context of this forum and embedded stuff, this is big enough,

0
0

Microsoft raises pistol, pulls the trigger on Windows 7, 8 updates for new Intel, AMD chips

Paul Crawford
Silver badge
Linux

Embrace the penguin!

Oh, and make sure you have a Win7 VM for all of your Windows-only stuff.

That just leaves Win7 gamers who need high performance graphics and Windows screwed over...

20
2

Official science we knew all along: Facebook makes you sad :-(

Paul Crawford
Silver badge
Gimp

Re: Chicken and egg

Does this also apply to other "social media" such as Fetlife?

Egg definitely beaten by the chicken there.

4
0
Paul Crawford
Silver badge

Re: get off that computer and go outside and play with your friends

Are friends electric?

2
0

Hasta la Windows Vista, baby! It's now officially dead – good riddance

Paul Crawford
Silver badge

Re: It's not all bad news

Lets face it - Facebook is probably the most obvious act of mass surveillance and the morons masses still lap it up. And now we have MS chasing the pair of them to see who can get the most secrets with the lest KY, but also oddly expecting us still to pay for windows.

Except of course for us rats penguins who jumps from that sinking ship a while ago.

18
5
Paul Crawford
Silver badge

DRM

Don't forget that Vista also was a point of a massive increase in DRM built in to the OS, and that also had a serious impact on the resources needed to use it.

8
1

Homes raided in North West over data thefts from car body repair shops

Paul Crawford
Silver badge

Re: oh great.

I have had a couple of calls from a London (02) number about accidents that I never had, and once accidentally pressed the redial option and found it was a non-existent number. Sadly too much other sh*t in life to spend my time following that case up...

1
0

Apple wets its pants over Swatch ad tagline

Paul Crawford
Silver badge
Trollface

"one more thing"

I always though that was Inspector Colombo’s traditional phrase when trolling the guilty party?

What, you mean it might be useful today?

10
0

As you stare at the dead British Airways website, remember the hundreds of tech staff it laid off

Paul Crawford
Silver badge

Re: Why fly?

Personally I take the train whenever possible. Yes, for some distances a flight is the only sane way, but I really, REALLY, avoid connecting flights whenever possible. Like most of central Europe once you land...

4
0

'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

Paul Crawford
Silver badge

Re: Linux botnet?

Its simple really, if you take any OS and put in hard-coded passwords, or have badly configured web servers running with administrator rights, you have a cluster-fsk coming.

As for Winnows vs. Linux on the desktop it is, as usual, a complex question. If one is configured and used by a competent person and the other by a total muppet, you can guess what the outcome is without knowing which OS is which.

If compared on equal terms the two kernels have roughly the same number of serious flaws at any point in time, but Windows "enjoys" a much richer ecosystem of malware to exploit it and sadly many of the past MS decisions to make it easier to use (e.g. hiding file extensions, making execution rights part of the file name, etc) only serve to make matters worse for the average user.

10
0

Dieting cannibals: At last, a scientist has calculated calories for human body parts

Paul Crawford
Silver badge
Headmaster

Amarone please!

0
0

FCC Commish: Hey, don't look at me – Congress should sort out net neutrality mess

Paul Crawford
Silver badge

Re: "Google dominates desktop search"

I think that is the most disingenuous aspect of the FCC's claim - it might be Verizon is biggest in mobile, but in fixed-line often those in the USA have only 1 or perhaps 2 real choices (excluding very expensive VSAT systems).

Also we have the underlying problem of ISPs wanting to be media players as well - so you get the conflict of interest between generic data use and a cable TV competition (and the risk of demoting other TV/video services by pricing or data cap rules).

3
0

Adblock Plus owners commandeer Pirate Bay man's tip jar Flattr

Paul Crawford
Silver badge

Who better?

However, for the model to work it will take someone more informed or serious about the future of news in a civil society than Eyeo or Flattr have so far shown.

That might seem reasonable from a publisher's perspective, but to most end users of the internet adverts have become a plague, blocking up bandwidth, conveying malware, and popping up/flashing/auto-playing video at every opportunity. From that point of view Eyeo (by blocking most intrusive adverts) is still doing a good job.

The supermarket analogy is very good, every major media producer has tried (and mostly failed) to control sales of their goods by legal threats and DRM. And it not really working, while the Pirate Bay may be fading from prominence, most artists are still not getting much from the "legal" replacements such as Spotify or YouTube. And they are not much more than an advertisement vector in many cases.

Nobody really wants to pay for using the Internet, any yet they are - via advertisement or their personal information being whored around - but generally they don't know it. A workable micropayment system and some fair rules for its use (e.g. pay and get anonymity (beyond the pay provider knowing) and no adverts, or free and get infested/whored as usual) could go a long way to "draining the swap" as they say these days, offering artists some reward better than adverts but probably not as much as the big media barons are used to.

So if Eyeo or Flattr are not up to it, who is any better?

13
0

It's 30 years ago: IBM's final battle with reality

Paul Crawford
Silver badge

Re: 286

The article has one significant mistake - the 286 did support protected operation, even the option for "no execute" on memory segments. But as it was designed to be either 'real mode' 8086 compatible OR protected mode you had the fsck-up of having to use a keyboard controller interrupt to bring it out of halt state back to 'real' mode.

The major advances for the 386 were:

1) 32-bit registers

2) The "flat" memory model and virtual memory support (not the 16-bit segments of 286, OK still segments but way big enough for a long time)

3) The option to easily change protection modes.

1
0

Governments could introduce 'made by humans' tags - legal report

Paul Crawford
Silver badge

Re: Illogical conclusion

The motivation for companies is to make money - if that is more effective with robots/AI they will. What they never consider is who is paying customers, it is just assumed that if they lay off some staff, or out-source to some cheaper country, is has negligible impact on their profits as most customers are unaffected.

There is no "joined up thinking" of what happens when every other company has done the same in the pursuit of profit, but government will have to address this or face a very nasty melt-down of society.

11
2

Forums

Biting the hand that feeds IT © 1998–2017