* Posts by Paul Crawford

3271 posts • joined 15 Mar 2007

2016 just got a tiny bit longer. Gee, thanks, time lords

Paul Crawford
Silver badge

Re: There have been 27 of them since 1971

No, they only need programmed in to stand-alone computers, anything using NTP gets the updates automatically as NTP announces the pending leap-second for 24 hours before it happens.

Similarly if you get time from GPS it has a field that tells you of the coming leap second for days, maybe months, before it is due. Assuming of course you don't have some shitty GPS receiver that hides the information from you because the firmware monkeys just don't understand it...

0
0

Raspberry Pi Foundation releases operating system for PCs, Macs

Paul Crawford
Silver badge

Re: AC

Funny that, we explicitly switched wholesale to LibreOffice because it did that (a) across all of its versions and (b) across all platforms (we mainly use macOS and Linux, but a few less fortunate souls have to use Windows for customer experience testing of our service :) ).

If you can get other in multi-company to change - yes!

But if they are wed to MS Office then you are forced to use the same to get consistency :(

0
0
Paul Crawford
Silver badge

Re: And it appears to be 3D skeuomorphic!

I don't use Office where I work either and nobody that I respect technically in the IT business uses it.

Technical people are not the major use-case for Office, it is business that demands it. Now we can compare its good and bad points relative to LibreOffice and for many jobs I use the free one.

But sadly I have to use MS Office for some projects as its the only one that maintains correct layout. And that also means using the more recent ribbon-infested version because even MS can't achieve true portability between versions of its own damn suite!

32
2

Snapchat coding error nearly destroys all of time for the internet

Paul Crawford
Silver badge

WTF is an App doing quering network time?

Really, what is the Snapchat app doing? Timekeeping is an OS-level task, and only that should be syncing the server/PC/phone/telidildonic dildo/etc to real-time, and user level programs can get their time from the OS by whatever means the OS supports.

44
1

Non-existent sex robots already burning holes in men’s pockets

Paul Crawford
Silver badge
Coat

Re: I want one.

"I don't trust maids."

But you would trust an android sex robot cum cleaner instead?

Just imagine what extra info Google will be able to slurp from its users?

Yes, it is well past the time I should be getting my coat =>

1
0

Did webcam 'performer' offer support chap payment in kind?

Paul Crawford
Silver badge

Re: Love a good pr0n investigation

"Is that like an in-depth analysis?"

Probing deeply in to the nether regions of the PC?

0
0

Strong non-backdoored encryption is vital – but the Feds should totally be able to crack it, say House committees

Paul Crawford
Silver badge

Other option is you make it so the phone's key, for example, is held in an accessible manner internally, but that needs hours of careful, destructive, and expensive time to read out using a scanning electron microscope.

That way if they REALLY need to get in to a phone they can, but the time and cost and physical access needed makes it utterly useless for panoptican surveillance or fishing trips when someone is stopped for a trivial reason.

14
0

Why does Skype only show me from the chin down?

Paul Crawford
Silver badge

Re: @Orv

"In some ways the really old code is easier, because it's less likely to rely on large libraries"

Another factor is they often had all the code on CD or tape, etc. Now if you try to create an old-ish machine often you simply can't get the code from that era because it was all on-line and downloaded then and not archived. Or was, and now has been replaced. Because no one needs to maintain old stuff do they, it has to be new, new, new? And more or less incompatible...

3
0
Paul Crawford
Silver badge

Re: Incompetent admins and migration saboteurs

Even if you can provide better alternatives for everything it offers, people get very fond and possessive of such old systems, and decommissioning can be a nightmare.

More often than not, the problem is it is running some old OS/libraries that special code needs, and that is why you get serious resistance to change. If you can offer it on a VM then mostly its a non-problem, but alas few can run up VMs that emulate old VAX hardware/software, etc.

Yes, I know you should not end up in that position, but academics like to solve something once and move on. At least its not IE6 based...

8
0

China gives America its underwater drone back – with a warning

This post has been deleted by a moderator

US voting machine certification agency probes potential hack

Paul Crawford
Silver badge

"liberal anti-people propaganda"

Now boy, keep taking them there dried frog pills...

18
1

Oracle finally targets Java non-payers – six years after plucking Sun

Paul Crawford
Silver badge

Come now! Oracle's strategy has always been to make sure your balls are in one of its vices and then to turn the screw every so often to extract more money.

It worked so well for large databases when there was limited competition of any sort, so why would Larry think it wont work again?

34
1

Macbook seized or stolen? But you've set a FileVault password, right? Ha, it's useless

Paul Crawford
Silver badge

Re: Clickbait

Well you could follow the link to the article (PDF hosted on GIThub) and read it there?

However, this attack is not OS-specific in that *any* machine with externally controllable DMA enabled at any time is vulnerable to having the OS and program memory read out for analysis.

In fact the UK gov security advice[1] is to try and buy machines without that feature. I guess Apple are a special case in that they control the UEFI boot loader and so are able to turn off external DMA access until the machine is booted and access is under OS control.

[1] For example https://www.ncsc.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts#risk-owners-summary

2
0

Yahoo! says! hackers! stole! ONE! BEELLION! user! accounts!

Paul Crawford
Silver badge

I believe the author is referring to a milliard, a term that is unambiguous unlike our American cousins "ten gallon hat" scale.

9
1

Give us encrypted camera storage, please – filmmakers, journos

Paul Crawford
Silver badge

Re: Would still be useful

IMHO, storing it on the camera except at the moment of taking pic is wrong idea anyway.

This is exactly what the cameras should be 'avoiding' - the SD card should look like noise no matter what was stored there, or nothing at all. Add to that a plausible deniability of more than one password to reveal different photo sets and it becomes very difficult to establish if the camera has anything on it at all. For example, if I am going out to take any photos of importance I format the SD card first and take a spare just to have more chance of it storing things properly and not having corrupted FAT, etc. So a camera showing no stored photos is not unusual.

As for speed of taking photos, if for example, it was using an asymmetric key arrangement the camera can always encrypt the files without your (stored) public key so no need for PIN/password at switch-on, and only that private key can decrypt it later. It can show the in-RAM copy briefly after taking it for you to check composure, focus, etc, and then its wiped and you need the private key to recover the on-disk copy.

3
0

Reschedule the holiday party, Patch Tuesday is here and it's a big one

Paul Crawford
Silver badge
Trollface

Re: @ Patrician

Or they're are a home user that just doesn't want to spend hours in a Linux command line trying desperately to get some software working

What you mean like:

"ipconfig /release"

"ipconfig /renew"

To get DHCP working again?

3
0

Men! If you want to win at board games this Christmas, turn off the rock music – scientists

Paul Crawford
Silver badge

Re: Says it all

The players were on the highway to hell?

0
0

HPE 3PAR storage SNAFU takes Australian Tax Office offline

Paul Crawford
Silver badge

What was that Skippy? Was it 3PAR kit you say?

Were they taking a leaf from Kings Collage London on this? Unlike KCL they probably will want users to keep thier own records:

http://www.theregister.co.uk/2016/11/15/after_kcl_kills_uniwide_backups_staff_get_order_to_never_make_their_own/

7
0

US-CERT's top tip: Hack your crap Netgear router before miscreants arrive

Paul Crawford
Silver badge

Re: They are running the webserver as root?

Indeed, the 1990s called and want their security blunders back...

2
0
Paul Crawford
Silver badge

Re: Put PR at stake

Welcome to the world of shitware, when every device you buy from $SUPPLIER comes with half-arsed software and bugger-all updates even months after the manufacturer has been told (probably twice, 2nd time in crayon and big pictures) of how crap they are.

5
0

P0wnographer finds remote code exec bug in McAfee enterprise

Paul Crawford
Silver badge
Trollface

Reassuring to see McAfee's software for Linux is just as crappy as their software for Windows.

19
0

ESA to try tank-to-tank fuel switch on sat that wasn't designed to do it

Paul Crawford
Silver badge

Re: What were the other tanks for?

At a guess I would say for attitude control thrusters that unload momentum from the reaction wheels to keep their speed within sensible bounds.

Some satellites use torquing coils to do that instead of chemical engines (basically pull against the Earth's magnetic field as needed) - not sure if there are any special reasons for XMM not using that, or maybe it has both and they managed to hardly ever use thruster fuel?

6
0

Real deal: Hackers steal steelmaker trade secrets

Paul Crawford
Silver badge

Re: Trade Secret Wars

Probably pricing information and profit margins, that is the sort of thing that wins business deals.

2
0

Santa says you've been nice kids: OpenVPN to get security audit

Paul Crawford
Silver badge

Good to see this being done, we (as in privacy-conscious individuals or businesses throughout the world) will benefit from a VPN technique that has no major shortcoming to allow mass surveillance. PIA deserve kudos for doing so.

Of course, if other organisations would ditch PPTP for once and for all it would also be a great step forward!

6
0

Qualcomm, Microsoft plot ARM Snapdragon-powered Windows 10 PCs, tablets, phones

Paul Crawford
Silver badge

Re: ME

If you are worried by the privacy & security concerns of Intel's ME system, why would you buy a Windows 10 device?

(Think - its going to be secure boot and no other OS like RT was)

4
2

Firmware freakout sends Epson Wi-Fi printers into reboot loop

Paul Crawford
Silver badge

Re: update?

I set my router to block external network access from my printer anyway - it should only EVER need to talk to my PC for print jobs.

If there is an identified problem that a fix would benefit me then I will apply an update, once its been around for a few days an not broken things...

8
0

Crims using anti-virus exclusion lists to send malware to where it can do most damage

Paul Crawford
Silver badge

Massive AV fail

WTF do AV companies need an exclusion list for well known vendors like citrix, etc? Why don't they have the program checksums already so they know they are genuine?

Same question with the borking of Windows itself by AV vendors from time to time - where is MS' master list of SAH-1 or whatever checksums so every genuine Windows exe/dll is recognisable?

6
0

In the three years since IETF said pervasive monitoring is an attack, what's changed?

Paul Crawford
Silver badge

Re: Just one cotton-picking minute there

You forget that organisations like the NSA and GCHQ have a split personality to deal with, as on the one hand the goal is to spy on everyone of interest to their respective country’s government (sadly today that means "everyone") and for that knobbling encryption is a useful trick to pull off.

But on the other hand their goal is to protect the interests of their country and that means stopping other governments and/or criminal gangs from spying and hacking business and individuals personal information. For that they need good encryption and secrecy.

Back to the old saying that Regan & Gorbachev used "trust, but verify" perhaps?

7
0

Icelandic Pirate Party asked to form government

Paul Crawford
Silver badge

Re: Enquiring minds want to know..

There was a short story with this theme. Wife kills hubbie with a frozen leg of lamb, then cooks it.

Tales of the Unexpected "Lamb to the Slaughter"

http://www.imdb.com/title/tt0717455/

0
0

DDN claims burst buffer bashes 'past 1TB/sec bandwidth'

Paul Crawford
Silver badge

El Reg units?

So what is 1TB/sec in kilowrists?

Inquiring onanists minds want to know!

0
0

'Toyota dealer stole my wife's saucy snaps from phone, emailed them to a swingers website'

Paul Crawford
Silver badge
Trollface

Well the good folk working at KCL are hoping so, as the IT system's backup failed to fit it.

0
0

Google turns on free public NTP servers that SMEAR TIME

Paul Crawford
Silver badge

Re: We have also a Google time now?

the speed of light is inconsistent in atmosphere

That is why the military GPS used two frequencies, to compensate for ionospheric electron density effects. You can get the same with newer systems like Galileo and from differential GPS, etc.

But if you need us or better time its a challenge for the OS, etc, to respond and stamp the network packets with sufficient stability. For that sort of job you use PTP instead:

https://en.wikipedia.org/wiki/Precision_Time_Protocol

1
0
Paul Crawford
Silver badge

Re: @Missing Semicolon

How the heck to do test a leap-second event from NTP?

By the power of Google searching, first on the list:

http://support.ntp.org/bin/view/Dev/LeapSecondTest

Or if you are looking for an easy to deploy commercial solution:

http://blog.meinbergglobal.com/2015/02/25/leap-second-test/

0
0
Paul Crawford
Silver badge

Re: Sub-second accuracy

Depends on what you mean by " sub-second accuracy" so NTP over WAN is usually better then 10ms, or LAN usually of the order of 1ms.

1
0
Paul Crawford
Silver badge

Re: We have also a Google time now?

Google could well have added its servers to the NTP time pool

No, no, and thrice no! Because Googles NTP servers will be telling the wrong time for about a day after every leap second.

Now you might not care, and many others don't case, because all they want is some sort of time-of-day indicator. But heaven help you if you need millisecond or better accuracy for anything like financial HFT, log file forensics or any number of science applications.

4
0
Paul Crawford
Silver badge

Re: Frustration

"Unless the OS (like XP and earlier) is at EOL. Or the OS is meant to operate in a fixed, non-upgradeable capacity such as an embedded device?"

You mean the same devices that have been working with leap seconds for years and years now? Lets face it, Windows default is to update the time using SNTP once per week! So it steps time every week and your system just get on with like. So what is the beef about a correctly applied 1 second step every ~18 months?

5
0
Paul Crawford
Silver badge

Re: Smearing

The "smearing" approach is probably the most sensible method in the vast majority of cases.

You mean for those code monkeys who don't know/don't care and don't test?

First point - your software should not crash if time is stepped anyway, what happens then if a machine is off-network for a while and then adjusted to the correct time (manually or by NTP)?

Second point - if you depend on precise time then do it properly! This is not a new issue, it has been documented and implemented in sane systems since the late 1970s. And for those who really need continuous time-scales (e.g. for computing time differences that are correct in any absolute sense) we already have TIA or even simpler GPS time.

2
2
Paul Crawford
Silver badge

Re: Frustration

All sane OS already handle the leap second properly, except when some code monkey changes it and does not test it, and NTP has this built-in (it announces the leap 1 day in advance so the kernel can step as needed without an NTP packet at the precise change point).

No, this is simply a sop to shitty coders who do not understand the basics of precise time-keeping that have been this way for 40 odd years. I.e. for longer than most of them have lived.

6
1

It’s Brexploitation! Microsoft punishes UK for Brexit with cloud price-gouging

Paul Crawford
Silver badge

Re: £490 will get you a WD 16TB raid 0 drive from Amazon. (2x8TB Reds)

"RAID0 can be more reliable than RAID5" is an example of very dubious arguments. The basic points are:

In RAID-0 any drive error is losing you data, and typically a lost HDD means you have to wipe and restore the whole file system. Only upside is you *know* you are vulnerable so probable (I hope?) have a backup and restore plan that is regularly tested.

In RAID-5 you can tolerate one disk fault, be it a whole disk or reported bad sectors. Down side is folk over-estimate the independence of errors and the correct reporting of errors. If using any RAID system you really must do regular disk scrubs to make sure that the inevitable rebuild has a sporting chance of completing OK and not throwing up other errors.

However, if your data really matters than (a) you have a backup anyway, as RAID != Backup, and (b) you should be using something with double parity, at a minimum RAID-6 or better still ZFS RAID-Z2 since it has better write performance (more so with a SSD for the intent log) and additional checksums on the blocks so it can spot HDD lying or disk controller faults, etc. I think btrfs is planned to have a similar scheme (i.e. redundancy and extra checksums like ZFS) and some variants of GPFS (or whatever IBM call it now) has it, but on the payment of lots of extra money.

3
1

Hull surfers cut off by router attack

Paul Crawford
Silver badge

You might be thinking of the Irish ISP:

http://www.theregister.co.uk/2016/11/22/eir_customers_modems_vulnerable/

2
0

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Paul Crawford
Silver badge

Re: Whole-disk encryption is silly anyway

Not so silly - while the OS files & configurations may not be secret, whole disk encryption prevents an "evil maid" style of attack from modifying them because you have to decrypt the disk in the first place.

Assuming your password is not known to the main, of course...

5
0

UK cops spot webcam 'sextortion' plots: How vics can hit stop

Paul Crawford
Silver badge

Under-reporting

Maybe such sextortion threats would be less of a problem if it were not for the gov going on anti-sex and anti-porn crusades and making legal acts between consenting adults into an illegal possession once you take an image?

17
0

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Paul Crawford
Silver badge

Re: Then what?

Simple - I move myself and my business overseas and some other country get my tax instead.

13
1
Paul Crawford
Silver badge

Re: Open source

Realistically you cannot trust closed source providers any more as they can be notified to change and not tell you. The big players like MS, Google, Facebook, etc, are all business-driven (mostly whoring you to advertisers) so they will just roll over and "follow local laws" no matter what.

I'm not sure how this would go with binaries from an open-source repository - they could ask a UK based company to modify the ones distributed not to match the source but that might get caught. I guess the simple and sad fact is you have to treat any UK-based supplier of software and services as untrustworthy now since they are under this odious law.

14
0
Paul Crawford
Silver badge

Re: In other news...

Why on Earth would you choose a UK-based VPN provider now?

In fact, why would you trust any UK-based company with data that might be of commercial use to the UK/USA given that we have no oversight as to why of if any interception is mandated?

31
0

Confirmation of who constitutes average whisky consumer helps resolve dispute

Paul Crawford
Silver badge
Joke

Re: Blended

Also "Sink the Bismark" goes down particularly well at certain EU meetings..

0
0

A Rowhammer ban-hammer for all, and it's all in software

Paul Crawford
Silver badge

Re: Should't be possible.

Yes, but usually if ECC can't correct (it will often detect multiple bit errors, but can't fix them) your machine will normally reboot.

Not ideal, but they you *know* that something is wrong and it is better than silently being backdoored.

4
0
Paul Crawford
Silver badge

Re: Should't be possible.

I suspect most servers used for serious database work would have ECC DRAM and probably be tested (often called "qualified") that it works without crashing.

My Asus Chromebook, now running Linux, hangs occasionally. When I tried the rowhammer example it hung the same way. Also it hangs on memtest86 unless you use the 'safe' mode, so guess who has crappy RAM?

6
0
Paul Crawford
Silver badge

Re: Memory controller feature

Comes down to money eventually - people want cheaper/faster DRAM and so design margins are inevitably pushed down and refresh arrangements made more 'optimistic' so they don't block I/O too much, etc.

ECC should trap this of course, but again few will pay the ~15% more for ECC DRAM and sadly most AMD motherboard don't support it even though AMD do in the CPU! For Intel you have to pay extra for the 'server' CPUs to use it (except I think for a few embedded CPUs where they grudgingly enable the feature).

Still this approach makes sense as it has little performance hit and the genera idea, of identifying and separating physical RAM regions that care at risk of coupling in a rowhammer attack, could be applied to other OS as well. Assuming they care...

7
0

Ransomware scams cost Brits £4.5m per year

Paul Crawford
Silver badge

And how many users lost data due to failed or lost/stolen machines in the same period?

Off site backup, off site backup,...

0
0

Forums

Biting the hand that feeds IT © 1998–2017