* Posts by Paul Crawford

3484 posts • joined 15 Mar 2007

Chrome 56 quietly added Bluetooth snitch API

Paul Crawford
Silver badge
Big Brother

Re: Hmmm.

"how much of it is being used for location-based pestering"

All of it. All of the time. Like a jackboot stamping on your face forever.

1
0
Paul Crawford
Silver badge

Re: aaaaaaaaaaaannnnnnnnnnnnndddddddddddddd that's why....

Also turn off Bluetooth as well, unless you really REALLY need it for something (e.g. switch on for car's hand-free support, but probably you are safer just ignoring your phone while driving).

3
0

Microsoft's DRM can expose Windows-on-Tor users' IP address

Paul Crawford
Silver badge

Re: @RAMChYLD

"Well, there are still several drawbacks on Linux"

There are several (at least) drawbacks on Windows. The point is you pay your money (or not) and take your choice. If playing games in more important than privacy and security that is your choice to make. You are not me, your goals and priorities are not mine, so it is up to you to evaluate what matters most to you and to act accordingly.

4
0
Paul Crawford
Silver badge

Re: What? you mean

Just try going to this site:

https://ipleak.net/

It will tell you a lot about what is publicly seen from your computer, and you might want to follow up on the WebRTC aspect... If you are running Linux (or I guess have 'dig' for Windows somehow) then this will do it simply from the command line:

dig +short myip.opendns.com @resolver1.opendns.com

No doubt the El Reg commentards will have many, many more methods to do the same.

0
0
Paul Crawford
Silver badge
Linux

Re: Is it just me

Come now! This started with XP's "product activation" feature and has been growing ever since. If you are still happy to use Windows then you are a hard-boiled frog by now.

Ultimately that is my main reason for choosing Linux - it is MY computer and if I do something fsckingly stupid with 'sudo' then its my choice, my responsibility, but ultimately also my freedom to change/copy/modify/bugger-up whatever I like.

35
3
Paul Crawford
Silver badge

Re: Who in their right mind

Who in their right mind would use Windows if privacy really mattered?

23
1

2016: Snapchat loses $515m... 2017: Snapchat rips veil off $3bn IPO

Paul Crawford
Silver badge

Re: Value for money

The country or the frozen-food chain?

1
0

GCHQ cyber-chief slams security outfits peddling 'medieval witchcraft'

Paul Crawford
Silver badge

Re: Diversion ahead

That is indeed possible.

However, looking at the numerous "advertorial" reports of APT and other malware, often with no real information about the infection vectors, etc, we see from companies selling AV carp, he does have a point that many reported "APT" come down to simple incompetence and a lack of top-level action to deal with it (you know, like budgeting for security and backing up the CSO's policies at a board leve to have them implemented and testedl).

10
0

Microsoft's device masterplan shows it's still fighting Apple

Paul Crawford
Silver badge

Screen quality

Really MS, if you want folk to have a good reason for buying a new PC then hammer home on the OEMs that anything less than "full HD" is simply shit.

And forget about copying Apple: there are plenty of folk who would rather have a 5mm thicker machine with good battery life and decent connectivity (e.g. few USB3, Ethernet, HDMI), not to mention those occasions where an internal DVD drive is useful (like any time you want to carry the laptop somewhere and not a bag of accessories with it).

10
0
Paul Crawford
Silver badge

Re: The future for MS is grim

Outside of gaming where graphics performance is king, running a VM for whatever version of Windows you like is a good solution. You never have to worry about "hardware" changes and can simply migrate it from host machine to host in the future. You never have to re-install your software and find all those damn license keys, configure stuff after installing, etc.

You choice of host can vary, but if you are not using a supported version of Windows then it comes down to Linux or a Mac. Pay your money, take your choice...

6
2

GitLab.com melts down after wrong directory deleted, backups fail

Paul Crawford
Silver badge

Re: Backup is hard. Doesn't mean it should be ignored.

When the time came to ship the backup tape to the disaster-recovery location, no tape drive there could read tapes written by the original drive.

I have also seen this with optical media - readable (probably just) on the original drive, not on another. Probably not after several years either.

As you mention, snapshots are a brilliant idea - instant copy of a whole file system for backing up so (mostly) no inconsistencies, and with copy-on-write like ZFS you only need space for the changes so having many per day is not a high cost. However, as you mention in some cases the on-disk file is not always in a consistent state when a process is using it so having time to do a snapshot with no modifications is also good.

3
0

Imagine a ChromeOS-style Windows 10 ... oh wait, there it is and it's called Windows Cloud

Paul Crawford
Silver badge
Big Brother

Re: Is that Google or MS?

They are both whoring your privacy now, its just that Google has a head start on MS.

That aside, I have given a "technically challenged" friend a Chromebook and they love it as it is simple and has none of the pissing around with AV and Windows popping up warnings, etc. They know they are being whored by Google but are willing to trade it for the simplicity of something they have (almost) not broken yet.

7
0

Human memory, or the lack of it, is the biggest security bug on the 'net

Paul Crawford
Silver badge

Re: Trusted computer

A trusted computer/device for a password manager is the key problem. While my home PC/laptop might be fairly trustworthy, I would not put them up there as unhackable. As for my Android phone - please, just don't go there!

A possible solution is something like the old RSA key-fob that could be used to salt+hash some account detail to provide a complex password. As it is off-line it is practically impossible to hack without an agent physically compromising it, and it is small enough to be carried with your house/car keys, etc, where ever you go. Many UK banks use card reader things to the same ends, but a more general purpose one would be good.

USB style devices are all very well, but need the PC to be cooperative (so no play on corporate locked-down machine) and your fscked if you bought a new Macbook and forgot your fist full of dongles.

2
0

Free smart fridges! App stores in fountains! Plus more from Canonical man

Paul Crawford
Silver badge
Stop

Can we have a strait jacket for this guy?

Seriously, WTF should you be doing with a lift that is not already done by going from floor to floor on demand. Adding all that complexity, risk and need for constant patching so you find it takes several seconds less to reach the door when you arrive?

23
0

NHS reply-all meltdown swamped system with half a billion emails

Paul Crawford
Silver badge
Facepalm

Re: Not Accenture

The problem was caused by people hitting "Reply All"

And would that happen to be the default choice by any chance?

As an aside, I have seen email groups where reply address is set to be the list, so even if you hit "replay" and not "replay list"/"reply all" you still end up spamming everyone and you have to manually copy/paste the sender's email address if you simply want to reply to them.

4
0

We don't want to alarm you, but PostScript makes your printer an attack vector

Paul Crawford
Silver badge

Re: Maybe I'm thick...

Because you used Google' cloud print service instead of any sane choice like printing directly from the device?

It is most of the whole IoT shit-storm really. Printers and any other not-secure and not-updated devices ought to be on a separate sub-net that has firewall rules that (a) have no ability to go out the the internet, and (b) can't initiate connections to your main PCs. OK it makes discovery at little harder, etc, but one machines are known it greatly reduces the impact of something stupid like this happening.

15
0

Ransomware avalanche at Alpine hotel puts room keycards on ice

Paul Crawford
Silver badge

I guess they were trying to figure out how much they could extort before the hotel would simply bite the bullet and get the machines cleaned, etc. At €1,500 its probably worth a throw of that dice, at €15,000 probably not.

But they should be commended for going public - hopefully others will learn the lesson (repeated often enough here) to keep your critical systems off the network that has web/email access.

8
0

'Maker' couple asphyxiated, probably by laser cutter fumes

Paul Crawford
Silver badge

Re: CO-opt

Many are sold with ~7 year life and built-in lithium battery that lasts that long so no maintenance really (beyond occasional test and replacement when due).

1
0
Paul Crawford
Silver badge

Re: CO-opt

Really? Usually it is smoke detectors that use a radioisotope source. CO detectors are typically a chemical process at heart:

https://en.wikipedia.org/wiki/Carbon_monoxide_detector#Sensors

11
0

VPN on Android means 'Voyeuristic Peeper Network' in many cases

Paul Crawford
Silver badge

Re: Free?

I wonder how many of these Free apps are funded by security agencies

Never attribute to malice that which can be adequately explained by stupidity.

Really the TLA have little to worry about if this paper's review of VPN apps it anything to go by: the vast majority fail on the most fundamental security issues (e.g. encryption, DNS & IPv6 leaks) so provide little problem for them, but possibly do enough to get past content-blocking which is probably a main motive for most folk.

1
0
Paul Crawford
Silver badge
Trollface

Re: How do you think those "free" VPN services pay for it?

Better still, fill your dummy address book, etc, with entries to the NSA, FSB, etc, and see how they get on trying to sell/use that information for advertisment :)

2
0

Ooops! One in three tech IPOs now trading below their starting price

Paul Crawford
Silver badge

Why?

some the biggest jumps were seen by Facebook (up 249 per cent), VMware (up 95 per cent), and LinkedIn (up 199 per cent)

VMware at least makes something useful, but WTF is the real value of Facebook or Linkedin? Is whoring your users from advertiser to advertiser really that profitable?

13
0

Windows 10 networking bug derails Microsoft's own IPv6 rollout

Paul Crawford
Silver badge

Re: "but Android doesn't support that"

Where does Android come into play?

Where? Well, lets have a short talk about who in the phone and app business supports Windows on phones these days...

26
2

Credential-stuffers enjoy up to 2% attack success rate – report

Paul Crawford
Silver badge

Re: Aha - for once somebody correctly stating that it's the user-name/password combination reuse...

Email as user-name may be a bad idea in terms of re-use, but it has two great advantages:

1) Users remember it

2) It is, by definition, unique. So they only have to go though the hassle of "johndoe123", nope that names is taken, OK then "johndoe124", process the once.

The practice of checking against known easy or spilled passwords is a good idea, as is allowing long passwords that are phrases (and checking for horses & staples as well).

0
0

Kill it with fire: US-CERT urges admins to firewall off Windows SMB

Paul Crawford
Silver badge

Re: Samba can disable SMB1 as well

the loyalty lock-in that XP still seems to have

Fixed it for you...

1
0

UK's lords want more details on adult website check plans

Paul Crawford
Silver badge

Re: ....risks breaking international human rights law

As Adam 52 said. In fact, the 3 guide lines for choosing a VPN are:

1) Always go for another country. It forces your own country's petty bureaucrats to get a proper court order in another land - raising the bad against fishing for things on you.

2) Do your homework, read reviews and comments but remember one pissed off customer may not be representative.

3) If possible use the OpenVPN protocol, but if not at least avoid PPTP as its security is crap.

0
0
Paul Crawford
Silver badge

Re: ....risks breaking international human rights law

Or do you pay Johnny Foreigner to deal with all of that and just trust that they aren't going to do anything devious with your data after it pops out the other end of the VPN tunnel?

I trust Johnny Foreigner more than my own MPs these days, which is a very sad state of affairs. But looking at their own corruption, attempts to impose moral censorship, and the clustefuck of Brexit, its hard not to.

You can of course look to reviews of such VPN providers as well, before deciding, and review payment options, etc:. For example:

https://www.bestvpn.com/

https://vpn-services.bestreviews.net/

Etc, though they are a bit advertisement-like in some case.

8
1

Apple sings another iTune following Brexit as prices rise by up to a third

Paul Crawford
Silver badge

Re: For Once

Ah yes, democracy - taking power from the corrupt few and handing it to the incompetent many.

The funny thing to consider is how would the same vote go now that people are seeing the consequences? Yes, I know this is what the experts predicted, but the public was apparently tired of them.

5
0

Facebook pimping for politicos despite fake news 'purge'

Paul Crawford
Silver badge

Re: Oooh, I see a BIIIIG problem here....

Two bigger problems for the UK are

1) Voters have proved to be morons, in the sense of voting with little or know knowledge and seeming not even to care. The "tired of experts" comment should have seen Gove ridiculed and forced to stand down, but no it was proven "right".

2) The UK's first-past-the post system is seriously sensitive to small changes, and indeed has been getting worse over the years. Covered here https://www.youtube.com/watch?v=r9rGX91rq5I

2
1

Nielsen, eat your heart out: TiVo woos admen with prediction engine

Paul Crawford
Silver badge

Re: Is that why TiVo boxes are so slow?

I was going to as the same - why is the TiVo user interface so shit in so many ways?

First it is dog-slow, and I mean a dog that can't be bothered to even lick its own bits, let along anyone else’s.

Secondly so many of the user interface aspects are really badly thought out - like lists not wrapping round so going from A-Z is even more tedious because you can just go backwards from A to find Z in one step.

Thirdly the skip feature is hardly great, in particular why is skipping back 30 sec do broken? Why can it go back to the point you just skipped forward from when you realise in 1s that you overshot?

And to wrap it all up, WTF is it doing while booting? I can boot about 4 other Linux boxes in sequence before my VM-supplied TiVo has got the the point of showing TV.

0
0

Pirates, pirates, whatchu gonna do? Advertisers cop a visit from PIPCU

Paul Crawford
Silver badge

"but simply visiting the sites can put the public at risk of malware, viruses and click-through scams"

Oh, what you mean like visiting The New York Times, Reuters, Yahoo!, Bloomberg and YouTube?

http://www.theregister.co.uk/2015/08/27/malvertising_feature/?page=3

25
0

Opera scolds stale browsers with shocking Neon experiment

Paul Crawford
Silver badge

Re: RAM usage and Opera 12

Seriously - you should not be using XP for anything Internet-related now.

By all means keep it for stuff that still works off-line, or maybe even convert it into a VM so you can move it to other machines down the line (host OS either a supported version Windows, or if you value your privacy Linux and not Win10), but just don't risk something like a poisoned image hosing your machine because its not been patched for years.

1
1
Paul Crawford
Silver badge

Re: Any attempt to get people to use a VPN is welcome...

One issue with Opera's "Turbo" mode is that to compress pages, etc, for less bandwidth they have to MITM your https connection. Of course, they can use their own certificate when doing so so no complaints seen in the browser. But that means whoever controls the Opera servers can see all your "secure" traffic passing by in plain-text. No idea if they avoid doing this for banks, etc, to avoid any liability, but it is a concern.

A plain VPN is a great idea, but again, they have to pay for it somehow. What is being sold?

3
0

Oi, Mint 18.1! KEEP UP! Ubuntu LTS love breeds a laggard

Paul Crawford
Silver badge

Re: Linux Noob question

Companies failing to document or support their chips on non-Windows platforms is sadly quite common, and you often don't find out until actually trying it. If you have one of the Broadcom chips (e.g. some HP laptops like one I bought recently) then it is sometimes mis-detected as acer so this is a solution to consider:

http://askubuntu.com/questions/798312/ubuntu-16-04-wifi-bcm43142-doesnt-see-nearby-networks/

For a whole list of potential issues and work-arounds:

https://sites.google.com/site/easylinuxtipsproject/internet

It is rarely as simple as one distro having poorer hardware support than another, but that can also be a factor.

5
0

Oh Britain. Worried your routers will be hacked, but won't touch the admin settings

Paul Crawford
Silver badge

Re: Automatic firmware updates?

All are or have been solved. Signed updates? Yup, already done in all serious OS and no need for remote admin capabilities. Even Windows can do that.

Avoid crashing mid-update? Can be done so long as you have enough disk/flash to store the system image twice - create new system in the 'spare' half and finally swap the entry point as an atomic operation, that way you either boot to new or to old, but never to something half-arsed.

Or with less space have a simple boot loader that at least allows recovery from local file and is not updated so low risk of corruption.

2
0
Paul Crawford
Silver badge

Why the surprise?

If you said 53% of El Reg readers had done nothing, I would be shocked.

To find out that the majority of Joe Public have little knowledge or interest in *how* they access the internet is really no big surprise. This is where the law should be hitting the suppliers of piss-poor security devices, but somehow they all get out on EULA style arguments.

32
0

New Windows 10 privacy controls: Just a little snooping – or the max

Paul Crawford
Silver badge

Re: @Orv

For most people, what's fantastic about Outlook is it works with the systems provided by the people who pay them a salary.

So use MS Windows & Office at work only, and your employer pays to have their privacy violated. What is the big deal?

If you are doing your own PC then its up to you what you are willing to trade in terms of privacy versus compatibility with office work. Very few home users will be accessing Exchange, and as for calendering then you can get it free (with similar privacy violations) from Google - shared calendars and an email every morning outlining the day ahead, etc.

3
0
Paul Crawford
Silver badge

Re: "Just don't use Windows 10 on-line."

No problem AC just you go and ask MS to respect your privacy. Or maybe take them to court? Really you and anyone for whom you provide help have only a few workable choices:

1) Use windows and bend over for whatever MS decide to do.

2) Use an alternative arrangement and accept its more trouble for certain things.

3) ? Underpants & profit ?

If you actually have a better, more workable, suggestion than mine (Linux host, windows in restricted VM) please let all us commentards know.

6
2
Paul Crawford
Silver badge

Re: @ Triggerfish

You seem to have missed this bit:

"or you can run Windows in a VM that has no Internet connections if you meed Windows software in parallel with internet access."

7
0
Paul Crawford
Silver badge

Rule number 0

Just don't use Windows 10 on-line.

As already said, you can dual-boot with Windows configured for no network, since for web & email Linux is just fine, or you can run Windows in a VM that has no Internet connections if you meed Windows software in parallel with internet access.

11
2

It's now 2017, and your Windows PC can still be pwned by a Word file

Paul Crawford
Silver badge

For most people PC = single user, and so such a flaw can still encrypt their own files which is all that matters. The OS, etc, can be hosed and re-installed, but few have backups and most Joe Public find out when its too late.

6
0

Crumbs. Exceedingly good cakes, meat dressing price hike in wake of the Brexit

Paul Crawford
Silver badge

Re: @AC

For 2017 NI income is £127 billion (apparently http://www.ukpublicrevenue.co.uk/breakdown)

Expenditure is Public Pensions = £157 billion and National Health Care = £143 billion

So if you thought that NI alone covered it, and not a significant chunk of general taxation, you are in for a rude surprise.

10
0
Paul Crawford
Silver badge

Re: @ Cynic_999

So here is your politician's choice when faced with a tax shortcoming:

1) "Or we could keep those things the same and instead cut back on illegal wars, vanity projects such as millennium domes, excessive pay rises for civil servants and unnecessary HS railways"

2) Cut back on NHS and public pensions?

What do you really expect them to do?

13
0
Paul Crawford
Silver badge

Re: it's easy to resolve...

cut fuel duty as oil in any form is the root of just about everything in modern life

So much less tax for like paying the NHS and pensions, etc?

21
4

NGO to crowdfund legal challenge against Investigatory Powers Act

Paul Crawford
Silver badge

Re: Pledged...

Any spare cash you have could be spent on a decent overseas VPN! Some related site that might help:

https://www.bestvpn.com/

https://vpn-services.bestreviews.net/

https://torrentfreak.com/vpn-anonymous-review-160220/

First two are sort of advertorial, but have some useful guides and comparisons. Last is focused on BitTorrent file-sharing so anonymity to avoid the likes of ACS:Law from chasing you matters, or the draconian penalties being proposed in the Digital Economy Act where you can get more jail-time than, for example, glassing someone in an unprovoked pub fight.

1
0

St Jude patching Merlin@home heart kit

Paul Crawford
Silver badge

Re: How about we be given the option of audits…?

Both open and closed source projects have equally shitty histories when it comes to security, though at least with open source ones you have the *chance* to find/fix stuff even if its out of support or the vendor has lost interest, gone bust, etc.

Nope, sadly the only answer is to make legally enforceable standards for software that can have any serious physical or financial impact, and for those creating systems around them (e.g. putting plant controllers in t'Internet in order to save maintenance costs without a secure, tested, VPN systems in place, or an insecure radio connection, etc).

Once said PHB realises he could face jail-time for badly managing system security (e.g. not having it audited by someone competent and/or acting on said feedback) then action might be taken.

0
0

Like stealing data from a kid: LA school pays web scum US$28,000 ransom

Paul Crawford
Silver badge

Re: @d3vy

So you discover the infection three days in, your SAN has been encrypted for the last 72 hours and as a result the 3 backup sets you have for those days are also encrypted, your source control and all of the developer VMs are unavailable.

So your SAN has no (regular) snapshots? Generally I use/prefer NAS instead of SAN as few things need block storage and there is always iSCSI, and for that FreeNAS, which is free and pretty good, uses ZFS with easy options to enable snapshots and its a very valuable feature indeed.

Or your SAN (or snapshot mounting) is administrable from infected PCs?

While your point is valid - that if your are royally screwed then paying up might be the least-worst option, it is doubtful that having provisions for data protection are more expensive. Also what if your SAN had some KCL-style screw-up?

1
0
Paul Crawford
Silver badge

Re: Live and learn, the hard way

Well designed crypto ransomware can take out backups as well

Only on not-well-designed backup systems. For a start your backup machine should not be administrable by any account on any target machine, and ideally be of another OS (so simple privilege escalation tricks can't be reused all the way).

Secondly use frequent snapshots on a copy-on-write file system like ZFS on your fileservers - they take no additional space themselves, and if you do get a crypto attack you see the disk space plummet as everything gets changed. Due to the small space usually taken by snapshots and common file usage patterns you can often leave them for months. Such snap shots also make backing up to tape or rsyncing for replication to another server much easier.

Then if you do get attacked: Isolate infected machines, clean, and make a new snapshot from the good one (just in case it gets hosed a 2nd time), and finally resume.

2
0
Paul Crawford
Silver badge

That is a very good point, unless the payout was for the failure of a backup system to be working well enough to restore it (again, that ought to be based on it having been tested and so on to the insurer's satisfaction).

3
0

How Apple exploded Europe's crony capitalism

Paul Crawford
Silver badge

I think the biggest single point is that Apple saw the "phone" as a computer that made calls, while most others saw it as a phone that could do the odd bit of computer work. As Andrew pointed out, the main "customers" of Nokia, etc, were the mobile networks and they were adverse to anything that would *use* those networks to any useful degree and with poor bit rates we had WAP to make it usable, but that was really a misery to use.

13
2

Forums

Biting the hand that feeds IT © 1998–2017