Posts by Paul Crawford

Re: Writing from a dull place

I have a VM with Java installed just for Webex stuff. While that is an extra resource hog, generally it works fine.

Re: Question

Most probably, in fact almost certainly. But the earlier one was largely mitigated by Chrome's sandboxing. Not that sandbox technology is anywhere near infallible, of course...

Re: hmm

Some of us cant afford 10TB in SSD

Re: NSA?

GCHQ also provide guidance for securing systems. It is OK and you can sleep safe, they are not a TLA :) See here, but of course read and understand first:

https://www.gov.uk/government/collections/end-user-devices-security-guidance

@Mine's a Guinness

You don't know how desperate I am...

Indeed. Once we step beyond the ethics of what this company does (did?) and those who exposed the data, it will be interesting to see some proper analysis of the techniques used and if they relied on zero-day bugs, or Trojan installs, or maybe even state-instigated installation by suppliers/ISPs, etc.

Re: Another scare tactic to charge more money

Did you miss out the joke icon by mistake?

Either that or you have no understanding of what the "32-bit" aspect of IPv4 addressing actually means and presume its a string of ASCII text somewhere.

Re: If American cars suck, how about this one?

That report about Toyota's software is truly shocking - so many mistakes that are in the "just out of Uni and never worked on something serious" level and a corporate arrogance (or ignorance) that the system fails on so many of the safety guidelines in the automotive industry's own MISRA standards.

Re: vendor pools

I think the goal of NTP's guidelines is to stop a major supplier hard-coding "generic" pool servers in to their product, as correcting any problems later is a major problem.

So what they are asking is vendors create their own pool (maybe providing their own servers as well, but I don't know if they have to, as they could be aliases of other pool servers) so the hard-coded server addresses are unique to their product(s). That way any problems it can be throttled or blocked, etc, without impacting on anyone else.

As for software projects defaulting to the generic "pool" of NTP servers, I kind of feel they should not - that anyone choosing to install such software should be made to configure it. Of course, when such software is part of an OS or application, you are back to the vendor issue again and it should be pre-configured with the vendor's pool of server names.

Incidentally, in this day and age why are ISPs not providing NTP servers and offering the address via DHCP?

Re: A very narrow, shallow and poor case for Windows retention

If you follow El Reg and have read other articles by Trevor Pott you would know he simply speaks his mind on what has worked for his business and that may, or may not, be a MS-based solution. He is certainly not a "pathetic shill" as you suggest.

Re: Many VPN's suck for other reasons

Probably your best/most secure option is to have the VPN in your router and keep away from the oddity that is VMware's own network stuff.

Re: GPS...

Of course they do - they don't have problems with this by design.

Its only the ground based software that is implemented by folk who (a) don't know what they are doing, and (b) don't test things that cause problems.

Fsck'em - why not have leap seconds +/- every week and occasionally do two in the same direction on consecutive events? That way stuff will be tested and fixed because the code monkeys can't argue "oh it only happens one per 2 years or so".

Re: "... Chromium, the open source sister of Chrome ..."

Chromium is the open-source part of the web browser project, and Chrome is Google's version with additional propitiatory stuff built-in (flash, other spyware).

That is what has kicked off the storm, that Google had modified the open source part to download a close-source (and pretty creepy) feature for voice recognition.

Re: @Ken Hagan

AFIK it has nothing to do with the license, but that MS never attempted to port the ntvdm to 64-bit.

Most likely for the same reason that 64-bit dosemu is different to 32-bit and that is down to the 64-bit mode of the CPU not having the VM86 instruction to make life easier.

However, as you say a VM will do for your remaining 32-bit Windows (provided you don't have hardware dependency).

Re: Never attribute to malice what can be explained by incompetence.

You also forget the 3rd possibility - that both malice and stupidity is involved.

Re: Lack of 32-bit Server platform

The real problem is if you have 16-bit Win95/DOS era software as that won't run on 64-bit Windows. OK you may also have driver problems as well for older hardware under 64-bit (remember how crappy 64-bit XP support was?). Sometimes it will run on Linux emulators (Wine, or dosemu, etc) but that is a significant gamble.

Now you might be saying "Who runs 16-bit any more?" without realising there is a lot of small speciality software from that era that works, and changing the software to a newer version is a major PITA for various reasons:

1) New software license costs

2) Maybe no longer compatible with old, special, and very expensive hardware

3) Different file formats so you cant read/write previous data

4) Different work-flow so you have to re-jig lots of scripts and re-train users.

5) All of the above often gets you nothing more than "supported OS" status as it will do exactly the same job as the old one (maybe better, maybe more buggy).

So while using old servers for general stuff is barely excusable, there are some VERY GOOD reasons why it won't happen for many. But as other commentards have pointed out, you should be working on the assumption that ALL systems can be p0wnd (old & new, Windows & Linux) and planning how you detect that and restore to a clean state when it happens, not IF it happens.

Re: Tweets??

I think the official El Reg unit should be in kilowrists, the measure of simultaneous pr0n film streaming performance.

Re: @Tom 13

Firstly all these remote locations don't need access to a lot of data at any one time, so the database server ought to rate-limit requests and queries to a reasonable amount per authorised machine/user.

Secondly having something where the leak is so significant really ought to have raised the question about how many sites really need to access it, and for them you could have deployed specific machines with dedicated hardware encryption in the network card (or a dedicated secure router) to tunnel the data to/from the server.

None of them having any simple path to the outside world so an attacker would need multiple physical access aspects to begin hacking past the user account and rate-limiting aspects. Anyone needing to access the data base would find those PC(s) in a reasonably secured room, log on and do their job, then go. Room could be CCTV'd so any attempted tampering would be on record, etc.

It is all perfectly possible, but it costs money to do (much less than the hack is going to cost, I'll bet) and adds some inconvenience, but still much easier than the old days of paper files. So its not really *that* inconvenient.

Re: Why also 15" models?

Well there are old people or others with vision defects where an 11" retina screen is utterly a waste of money.

A lot of folk use a laptop as a semi-permanent thing because its smaller than desktop + monitor and can be tided away fairly easily. For them a 15" or 17" screen is just so much nicer to work on, and the size and weight are not the same issue as those always travelling with it.

Re: rewriting history

I think in most cases the issue is not that you could search for a person's past events using specific knowledge, but that Google would return all sorts of older stuff with just a person's name.

Surly a technical company such as Google could implement a filter that only returns recent (say past 12 months results) when the search is a person's name, but only recovers such issues if you really go digging deeper with specific searches and date ranges (like you once had to do before t'Internet came along)?