* Posts by Paul Crawford

3273 posts • joined 15 Mar 2007

Intel's makeshift Kaby Lake Cores hope to lure punters from tired PCs

Paul Crawford
Silver badge

Re: DRM is evil

There is always the RedFox software tools to rip/bypass BD disk DRM and let you play what you bought as you want to.

Or simply wait for the 4k files to appear on some torrent, as they always do. Such a shame the movie studios seem not to realise that playing paid-for content should be the easiest and most pleasing experience of all.

36
0

FBI: Look out – hackers are breaking into US election board systems

Paul Crawford
Silver badge

XKCD from the past

Before any other commentard slips this one in:

https://www.xkcd.com/463/

22
0

Chinese CA hands guy base certificates for GitHub, Florida uni

Paul Crawford
Silver badge

Re: You can't trust anybody

You will never stop a SUFFICIENTLY determined and well funded advisory. But the current system is routinely screwed up by incompetence (here), or by a local CA being leaned upon or hacked by a government (see http://www.theregister.co.uk/2011/09/09/gmail_diginotar_security_alert/ for example).

2
0
Paul Crawford
Silver badge

Re: You can't trust anybody

It is a fundamental problem with the whole system. Basically it takes only 1 out of hundreds of CAs to issue a mistaken or malicious certificate and the chain of trust is broken. As such, it is not really anything you can trust at all. CA pinning is an attempt to reduce the scope of such failures, but it is a band-aid to the situation.

But then many folk just ignore browser warnings anyway :(

9
0

Breaker, breaker: LTE is coming to America's CB radio frequencies

Paul Crawford
Silver badge

Re: has to be able to work ANYWHERE

"a life-critical device be doing depending on wireless"

All jolly good for collecting data for reports, etc, assuming its properly encrypted before it even reaches the wifi interface, but not something you should depend upon working for many reasons.

0
0
Paul Crawford
Silver badge

Re: Greed and rubbish regulation.

Exactly. The "a single smart hospital might use up to three terabytes of data per day" claim points to the fact they should have wired the place properly for most devices, and for those needing wireless has numerous low power access points.

Actually, lets revisit that last point - WTF should a life-critical device be doing depending on wireless that could be jammed easily for ill intent, or accidentally by someone’s broken phone they forgot to turn off?

5
0

French, German ministers demand new encryption backdoor law

Paul Crawford
Silver badge
Unhappy

Re: Let's be consistent then.

"Kinda scary to realise we're by default governed by idiots"

Maybe "we", as in the the tabloid-reading generalisation of the public, are getting the government we deserve?

4
2
Paul Crawford
Silver badge

"The fundamental problem is one of lack of trust combined with arguably excessive government authority, or at least power"

That is one of the big issues, the 2nd being simple incompetence or corruption. If you have the secret keys to everyone's private communications escrowed with every gov agency world wide who demands them, just how long until the well funded criminal gangs also find a copy?

So would we then see a special dispensation for the keys to gov ministers or leaders of big business? And would any of those politicians calling for this be willing to bet their own pension schemes on it not going wrong in practice?

Thought not...

9
0

Boffins design security chip to spot hidden hardware trojans in processors

Paul Crawford
Silver badge

Re: But..

The fact you have to have this ASIC built by a totally trusted organisation kind of makes a flaw - why didn't you use them to build your CPU in the first place?

4
0

Kaspersky launches its own OS on Russian routers

Paul Crawford
Silver badge
Stop

Hammer time!

0
0
Paul Crawford
Silver badge

True microkernel approach?

"As a result, the core must be 100 percent verified as not permitting vulnerabilities or dual-purpose code"

That sounds very much like the old goal of a true micro-kernel where the ring-0 stuff is REALLY SIMPLE and thus possible to have near-perfect verification of it. I say near-perfect because you can't rule out buggy CPUs or tools, etc. For example:

http://www.theregister.co.uk/2014/07/28/aussie_droneprotecting_hackerdetecting_kernel_goes_open_source/

The past objection to the micro-kernel approach was the performance penalty of switching in/out of ring-0 to do serious stuff. That is why MS abandoned the pure vision of Dave Cutler original VMS inspired NT3.5 and stuffed video drivers in there, etc, for NT4 (and thus BSOD became a much bigger issue) and Linux never even went there. For a bit more on that debate:

http://www.cs.vu.nl/~ast/reliable-os/

10
0

Facebook backup, anyone?

Paul Crawford
Silver badge

Even so, your FB "friends" or possible trawling (or trolling) buy others (potential spouse or employer, etc) still wont see those old embarrassing photos or stupid drunken posts.

0
0
Paul Crawford
Silver badge
Trollface

How quaint, the idea that a facebook profile is actually valuable enough to pay to back it up!

Normally my advice is to delete your profile every year or so, create a fresh one with a new (disposable) email address, and then invite the few friends who were the least moronic posters from your last incarnation.

4
1

'Second Earth' exoplanet found right under our noses – just four light years away

Paul Crawford
Silver badge

Re: Tidal locking

However, that also means the night life never ends either. So lets PAAAARTY!

11
0

EU ministers look to tighten up privacy – JUST KIDDING – surveillance laws

Paul Crawford
Silver badge

"Outlawing encryption would only disadvantage the law abiding and ignorant"

You mean the majority of people? Makes you wonder how much is to do with any real threat and how much to do with general economic espionage and allowing councils to spy on those putting rubbish in the wrong bins or sending kids to school outside of the catchment area.

20
1

Fujitsu: Why we chose 64-bit ARM over SPARC for our exascale super

Paul Crawford
Silver badge

SPARC future?

What will this mean for Oracle & SPARC in the long term if Fujitsu has decided to move away from it?

0
0

Das ist empörend: Microsoft slams umlaut for email depth charge

Paul Crawford
Silver badge

Re: @AC

Maybe there is - maybe it works correctly if you somehow set they keyboard at log-in, but in the cases I have had to do it, I could not find any (obvious) way to do so. A couple of the German engineers said the same.

0
0
Paul Crawford
Silver badge

Re: @Steve Davies 3 - Please!

"Microsoft didn't test German-language options properly?"

Remember this is the company where the OS (win7 is latest I have used) would allow you to change the language of the keyboard. Per application.

FFS! Who in their right mind thought "you know what, when someone using a German PC plugs in a UK keyboard and sets the keyboard mapping to match, lets make them do it for every fsking program they try to use, mkay?"

4
6

IPv6 tipping point

Paul Crawford
Silver badge

50% of mobile fine, but how much of wired?

1
0

FireEye probes Clinton foundation hack: Reports

Paul Crawford
Silver badge

Politics?

Maybe I am just being dumb here, but what do the Russians have to gain by bringing Clinton down?

How is the prospect of Trump getting in somehow in their favour?

0
0
Paul Crawford
Silver badge

Re: Blame the Russkies

"Mocking, victim blaming and traditional unrestricted capitalism have all failed to win this war."

The thing is it is unwinnable, just like we still have home burglaries and cars stolen. And it won't get any better because nobody is working to reduce complexity and improve security in any meaningful way. Most of what we get in terms of new stuff is aimed at whoring us to advertisers (thank you MS for following Google) or selling us IoT tat that rarely adds real value but almost certainly adds to the attach surface.

Will we ever see security being held above convenience or fashion?

0
0

Is security keeping pace with continuous delivery?

Paul Crawford
Silver badge

"Is security keeping pace with continuous delivery?"

Is continuous delivery ignoring/marginalising security because it gets in the way of trendy practice and management targets?

4
0

Password strength meters promote piss-poor paswords

Paul Crawford
Silver badge
Facepalm

Don't forget site that demand all of the restrictions in terms of mixed case, punctuation and numbers, along with a minimum length, then email it back to you in plaintext!

Happened to a friend who filled in for Landlord Registration central online system for Scotland. Doh!

7
0

Windows 10 needs proper privacy portal, says EFF

Paul Crawford
Silver badge

Re: MS made me download software...

Custom hardware is an issue, but that is a fairly small sector for most people. Of course, if its RS232 or fairly standard USB then virtualisation is fine for all but very high performance applications.

Latest games - maybe, but are they really worth whoring out your privacy for? Thus sticking to Steam for Linux, for example, would also tell the games industry that you are not happy with MS' new direction.

7
1
Paul Crawford
Silver badge

Re: Even Enterprise spies on users

I can't be arsed reading the win10 EULA because I won't be running it, but if anyone has maybe they can say if they promise any privacy at all?

If not you have to assume they will spy upon you at some point.

6
1
Paul Crawford
Silver badge

Re: MS made me download software...

"OS is nothing, it's the apps that influence users' choices"

Indeed, and that is where a VM is really useful - put your slave-ware in that and for everything else that is not tied to an OS that is against you, simple run it on your Mac or Linux box.

4
2
Paul Crawford
Silver badge

Re: Not listening ...

He could run said win7 VM on a laptop as well you know.

10
2

Oracle campaigns for third Android Java infringement trial

Paul Crawford
Silver badge

What, did all the perfumes in Arabia not cleans those hands?

3
0

Cops break up German sausage fight between pair of Neubrandenburgers

Paul Crawford
Silver badge
Paris Hilton

NRA angle?

Has no one said yet that if you prise our sausages from our cold dead hands then only the bad guys will have sausages?

Paris, as she is allegedly fond of some good sausage =>

1
0
Paul Crawford
Silver badge

"tomato-shape ketchup containers"

That was the Bunfight at the O.K. Tea Rooms:

https://www.youtube.com/watch?v=7bu69cnv0iU

6
0

Ford announces plans for mass production of self-driving cars by 2021

Paul Crawford
Silver badge

Interesting times

Lets just hope their electronics and software has improved a bit by then, mkay?

http://www.theregister.co.uk/2015/07/02/ford_recall_software_bug/

5
0

Russia is planning to use airships as part of a $240bn transport project

Paul Crawford
Silver badge
Flame

No problem, just use hydrogen...

4
0

Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc

Paul Crawford
Silver badge
Alien

Re: take me to your leader

For an internet-facing PC port (e.g. firewall) that makes sense, but behind NAT you really don't want a log of all 192.168.0.0/16 packets!

9
0

Instagram hackers add porn links and snaps to pwned accounts

Paul Crawford
Silver badge

Re: Time

Have an up-vote! I was going to the same really, that now Instagram and Twitter might be of some use or interest.

2
0

Thailand plans to track non-citizens with their mobile phones

Paul Crawford
Silver badge

In addition, they need not leave the phone switched on either.

Will they also ban VoIP as well? Given the often usurious cost for roaming the use of WhataApp or similar on any available wifi is appealing for many reasons.

0
0

London's Met Police has missed the Windows XP escape deadline

Paul Crawford
Silver badge
Trollface

Yes, probably there will be XP VM still going strong.

But maybe not later versions of Windows that need periodic product activation checks, eh?

2
0
Paul Crawford
Silver badge
Linux

Re: Perhaps not entirely surprising...

There are now on-line guidelines to hardening various popular* OS for gov work here:

https://www.cesg.gov.uk/eud-guidance

Most of the advice is also sane for business users, etc, as well so worth taking 5 min to read it. And yes, they do have guidance for Ubuntu as well =>

[*] That includes Win10, which is not so popular in these parts due to the forced upgrade policy and telemetry. But of course the guide assumes you have the most expensive enterprise edition where you still get the right to disable most of that.

1
0

US Politicians tell DEF CON it'll take Congress ages to sort out how to regulate crypto

Paul Crawford
Silver badge

Re: @Charles 9

Sure the plods will simply target points "outside the envelope" but that takes significant effort to do so. For example hacking a phone, or installing listening devices in cars, etc.

All are possible and known spy/surveillance technologies and I don't worry too much about that because it is expensive and time-consuming to do, that alone means it has to be targeted at important stuff. A far cry from the abuse of easily intercepted stuff we see done by spy agencies, councils, border control, etc, etc.

0
0
Paul Crawford
Silver badge

Re: Doughnut Eaters

Agreed, there should always be real evidence, not just a phone's contents (which could be planted if the phone is hacked or insecure by default). In Scotland there has always been (I'm simplifying a bit, and this might change though..) a requirement for corroborating evidence, i.e. a second aspect that is necessary for a trial to proceed, let alone to secure a conviction.

The problem with asking a policeman what they want is they will ask for whatever makes their job easier. That is basic human nature. And given most of them are honestly trying to solve crimes, they usually dismiss suggestions it can and will be misused because they (i.e. the one you are asking) is not planning on doing that.

Sadly though not all police are honest and trustworthy and once politicians are involved you are dealing with a proverbial moral slime-pit of self interest and dodgy dealings, and of course there are criminals out there as well.

That is why I am in favour of decent end-to-end encryption by default, everywhere, because you just can't trust people, of any profession or any reputation, to not fuck up deliberately or unintentionally and use whatever powers they have wrongly. They can already get the metadata of who talked to who, etc, and that should be enough for a proper investigation of the suspects in the old way of getting out there and gathering physical evidence.

8
0

Mars' 'little green men' buried alive by merciless meteorites – new theory

Paul Crawford
Silver badge

Re: maybe there never was life on Mars ...

"spend that money on something more useful, here on Earth."

What, you mean like Facebook valued at $245 billion instead of the NASA budget of $18 billion?

(2015 figures)

19
0

Power cut crashes Delta's worldwide flight update systems

Paul Crawford
Silver badge

Re: @Novell time

And long before that we had ephemeris time (1952), and then TDT (1976), and then GPS from 1980 using continuous time with a leap-second offset rather like a time-zone.

As I keep saying IT IS A KNOWN FEATURE and if your code can't handle it gracefully you are incompetent due to either:

1) Not using tested system libraries to handle time, delays, etc.

2) Writing or modifying said libraries without knowing what you are doing.

And most of all NOT TESTING YOUR DAMN CODE! Really, just set up a fake NTP time server and have it generate leap seconds regularly backwards and forwards and see if your code works.

7
0
Paul Crawford
Silver badge

Re: Leap Seconds

"Will people be ready for that one?"

Well the one that followed the aircraft-bothering incident went with practically no issues at all. Simply because folk had woken up and tested things for the inevitable occurrence of another leap-second.

In fact the Linux bug mentioned had been created by somebody modifying already-working time related code and not testing the damn thing for this situation. As others have already said, leap seconds and means to deal with them have been with us for decades already so its not new stuff. But every new generation of code monkeys seems to be able to break things...

7
0

NTP bug gives IOS a wedgie

Paul Crawford
Silver badge

Cisco's great web site:

"An error occurred during a connection to blogs.cisco.com. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP"

0
0

BBC detector vans are back to spy on your home Wi-Fi – if you can believe it

Paul Crawford
Silver badge

Re: "Which you should, by the way"

"if you actually watch it"

Given the iPlayer is their own web site, why not just tie access to the TV licence?

You know, allow a couple of IP addresses or player ID strings, etc, per day from a given license and job done. Most UK broadband users will still be behind IPv4 NAT anyway so multiple devices in a home will appear as a single IP address.

8
2

Microsoft: You liked Windows 10 so much, you'll get 2 more in 2017

Paul Crawford
Silver badge

Re: Windows 7 and prior to that, XP and 2000 and even NT4 have been quite good

Sadly yes, I also remember NT4/2000 fondly.

But the rot started with XP and "product activation" for me, the first sign that MS believed they controlled your PC and you now needed permission to repair/change hardware.

8
0
Paul Crawford
Silver badge

Re: New Feature List

Squee! Squee!

4
0

Email proves UK boffins axed from EU research in Brexit aftermath

Paul Crawford
Silver badge

Re: Thank you Mr.Farage

"in a democracy the will of the majority is sacrosanct"

Yes, and also in a lynch mob

36
5

Jeep hackers: How we swerved past Chrysler's car security patches

Paul Crawford
Silver badge

Really there is a need for new regulations to make sure that certain critical systems are simply not modifiable in any way via on board communications.

At one time the "emergency brake" had to be a physically separate mechanical system to deal with the possibility of hydraulic failure (in the days of single circuit brakes). That seems to have been relaxed but really now it seems there is a single point of failure in the on-board computer and that should not be allowed.

Same goes for power steering, so far my cars have only had independent hydraulic systems for that and the range of things that can go wrong, and go wrong suddenly are pretty low. I really don't want to change that.

0
0

Windows 10: Happy with Anniversary Update?

Paul Crawford
Silver badge

Re: 1) No need to defrag

At least NTFS never needed to run fsck every n days because it isn't sure if the file system is OK... when ext got journaling?

ext3 has had journalling for 15 years now, long enough to be "distant past".

As for NTFS, how come every time I have checked the output of chkdsk on XP and 7* machines' system disk it say it is fixing "minor inconstancies" even when there has been no (apparent) system crashes?

[*] thankfully I have not had much need of sorting out Windows 8.x or 10 as yet.

1
0
Paul Crawford
Silver badge

6) All software updated centrally.

Not sure I understand this one; there is Windows Updates in Windows you know?

That is true for Windows and Office, and if you use the (rather bare for now) Windows app store. But sadly you get loads of shitty updaters running for Adobe and most other software that you want to make use of Windows legacy of genuinely useful win32-based stuff.

With Linux you normally use the single updater with multiple repositories so even 3rd party software is managed centrally by the machine (i.e. the app store model, but without the 30% fee).

9
2

Forums

Biting the hand that feeds IT © 1998–2017