* Posts by Paul Crawford

3390 posts • joined 15 Mar 2007

Google turns on free public NTP servers that SMEAR TIME

Paul Crawford
Silver badge

Re: We have also a Google time now?

the speed of light is inconsistent in atmosphere

That is why the military GPS used two frequencies, to compensate for ionospheric electron density effects. You can get the same with newer systems like Galileo and from differential GPS, etc.

But if you need us or better time its a challenge for the OS, etc, to respond and stamp the network packets with sufficient stability. For that sort of job you use PTP instead:

https://en.wikipedia.org/wiki/Precision_Time_Protocol

1
0
Paul Crawford
Silver badge

Re: @Missing Semicolon

How the heck to do test a leap-second event from NTP?

By the power of Google searching, first on the list:

http://support.ntp.org/bin/view/Dev/LeapSecondTest

Or if you are looking for an easy to deploy commercial solution:

http://blog.meinbergglobal.com/2015/02/25/leap-second-test/

0
0
Paul Crawford
Silver badge

Re: Sub-second accuracy

Depends on what you mean by " sub-second accuracy" so NTP over WAN is usually better then 10ms, or LAN usually of the order of 1ms.

1
0
Paul Crawford
Silver badge

Re: We have also a Google time now?

Google could well have added its servers to the NTP time pool

No, no, and thrice no! Because Googles NTP servers will be telling the wrong time for about a day after every leap second.

Now you might not care, and many others don't case, because all they want is some sort of time-of-day indicator. But heaven help you if you need millisecond or better accuracy for anything like financial HFT, log file forensics or any number of science applications.

4
0
Paul Crawford
Silver badge

Re: Frustration

"Unless the OS (like XP and earlier) is at EOL. Or the OS is meant to operate in a fixed, non-upgradeable capacity such as an embedded device?"

You mean the same devices that have been working with leap seconds for years and years now? Lets face it, Windows default is to update the time using SNTP once per week! So it steps time every week and your system just get on with like. So what is the beef about a correctly applied 1 second step every ~18 months?

5
0
Paul Crawford
Silver badge

Re: Smearing

The "smearing" approach is probably the most sensible method in the vast majority of cases.

You mean for those code monkeys who don't know/don't care and don't test?

First point - your software should not crash if time is stepped anyway, what happens then if a machine is off-network for a while and then adjusted to the correct time (manually or by NTP)?

Second point - if you depend on precise time then do it properly! This is not a new issue, it has been documented and implemented in sane systems since the late 1970s. And for those who really need continuous time-scales (e.g. for computing time differences that are correct in any absolute sense) we already have TIA or even simpler GPS time.

2
2
Paul Crawford
Silver badge

Re: Frustration

All sane OS already handle the leap second properly, except when some code monkey changes it and does not test it, and NTP has this built-in (it announces the leap 1 day in advance so the kernel can step as needed without an NTP packet at the precise change point).

No, this is simply a sop to shitty coders who do not understand the basics of precise time-keeping that have been this way for 40 odd years. I.e. for longer than most of them have lived.

6
1

It’s Brexploitation! Microsoft punishes UK for Brexit with cloud price-gouging

Paul Crawford
Silver badge

Re: £490 will get you a WD 16TB raid 0 drive from Amazon. (2x8TB Reds)

"RAID0 can be more reliable than RAID5" is an example of very dubious arguments. The basic points are:

In RAID-0 any drive error is losing you data, and typically a lost HDD means you have to wipe and restore the whole file system. Only upside is you *know* you are vulnerable so probable (I hope?) have a backup and restore plan that is regularly tested.

In RAID-5 you can tolerate one disk fault, be it a whole disk or reported bad sectors. Down side is folk over-estimate the independence of errors and the correct reporting of errors. If using any RAID system you really must do regular disk scrubs to make sure that the inevitable rebuild has a sporting chance of completing OK and not throwing up other errors.

However, if your data really matters than (a) you have a backup anyway, as RAID != Backup, and (b) you should be using something with double parity, at a minimum RAID-6 or better still ZFS RAID-Z2 since it has better write performance (more so with a SSD for the intent log) and additional checksums on the blocks so it can spot HDD lying or disk controller faults, etc. I think btrfs is planned to have a similar scheme (i.e. redundancy and extra checksums like ZFS) and some variants of GPFS (or whatever IBM call it now) has it, but on the payment of lots of extra money.

3
1

Hull surfers cut off by router attack

Paul Crawford
Silver badge

You might be thinking of the Irish ISP:

http://www.theregister.co.uk/2016/11/22/eir_customers_modems_vulnerable/

2
0

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Paul Crawford
Silver badge

Re: Whole-disk encryption is silly anyway

Not so silly - while the OS files & configurations may not be secret, whole disk encryption prevents an "evil maid" style of attack from modifying them because you have to decrypt the disk in the first place.

Assuming your password is not known to the main, of course...

5
0

UK cops spot webcam 'sextortion' plots: How vics can hit stop

Paul Crawford
Silver badge

Under-reporting

Maybe such sextortion threats would be less of a problem if it were not for the gov going on anti-sex and anti-porn crusades and making legal acts between consenting adults into an illegal possession once you take an image?

18
0

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Paul Crawford
Silver badge

Re: Then what?

Simple - I move myself and my business overseas and some other country get my tax instead.

13
1
Paul Crawford
Silver badge

Re: Open source

Realistically you cannot trust closed source providers any more as they can be notified to change and not tell you. The big players like MS, Google, Facebook, etc, are all business-driven (mostly whoring you to advertisers) so they will just roll over and "follow local laws" no matter what.

I'm not sure how this would go with binaries from an open-source repository - they could ask a UK based company to modify the ones distributed not to match the source but that might get caught. I guess the simple and sad fact is you have to treat any UK-based supplier of software and services as untrustworthy now since they are under this odious law.

14
0
Paul Crawford
Silver badge

Re: In other news...

Why on Earth would you choose a UK-based VPN provider now?

In fact, why would you trust any UK-based company with data that might be of commercial use to the UK/USA given that we have no oversight as to why of if any interception is mandated?

31
0

Confirmation of who constitutes average whisky consumer helps resolve dispute

Paul Crawford
Silver badge
Joke

Re: Blended

Also "Sink the Bismark" goes down particularly well at certain EU meetings..

0
0

A Rowhammer ban-hammer for all, and it's all in software

Paul Crawford
Silver badge

Re: Should't be possible.

Yes, but usually if ECC can't correct (it will often detect multiple bit errors, but can't fix them) your machine will normally reboot.

Not ideal, but they you *know* that something is wrong and it is better than silently being backdoored.

4
0
Paul Crawford
Silver badge

Re: Should't be possible.

I suspect most servers used for serious database work would have ECC DRAM and probably be tested (often called "qualified") that it works without crashing.

My Asus Chromebook, now running Linux, hangs occasionally. When I tried the rowhammer example it hung the same way. Also it hangs on memtest86 unless you use the 'safe' mode, so guess who has crappy RAM?

6
0
Paul Crawford
Silver badge

Re: Memory controller feature

Comes down to money eventually - people want cheaper/faster DRAM and so design margins are inevitably pushed down and refresh arrangements made more 'optimistic' so they don't block I/O too much, etc.

ECC should trap this of course, but again few will pay the ~15% more for ECC DRAM and sadly most AMD motherboard don't support it even though AMD do in the CPU! For Intel you have to pay extra for the 'server' CPUs to use it (except I think for a few embedded CPUs where they grudgingly enable the feature).

Still this approach makes sense as it has little performance hit and the genera idea, of identifying and separating physical RAM regions that care at risk of coupling in a rowhammer attack, could be applied to other OS as well. Assuming they care...

7
0

Ransomware scams cost Brits £4.5m per year

Paul Crawford
Silver badge

And how many users lost data due to failed or lost/stolen machines in the same period?

Off site backup, off site backup,...

0
0

Three certainties in life: Death, taxes and the speed of light – wait no, maybe not that last one

Paul Crawford
Silver badge

Re: A Quickie

Mercury's orbit not matching Newton has nothing to do with the speed that gravity may, or may not, travel at, but everything to do with time dilation close to a massive object like the sun.

Until we can accurately correlated gravity waves (only recently detected) with an optical signature, etc, we won't have any evidence to corroborate the speed of gravity.

5
1
Paul Crawford
Silver badge

Re: Science? What happened to "hypothesis" vs "theory"?

Maxwell's equations wrong? Nope, they just mean that the electromagnetic constants such as permittivity and permeability of free space were different.

In fact, if space-time was of a very different density/size in the early universe I would be very surprised if the nature of "free space" was identical to now. Its just that physics has always assumed that natural constants are, well, constant over time and space. While it seems a reasonable start, we don't have any direct way to verify that, so observations of things from the early universe are possibly the only way to tell.

3
0

BOFH: The Hypochondriac Boss and the non-random sample

Paul Crawford
Silver badge
Gimp

Re: Photography can make you deaf

It can also give you a sore stripy arse.

Though that only seems to happen when I do fetish photography for some strange reason...

6
0

Sharing's caring? Not when you spread data across gov willy-nilly

Paul Crawford
Silver badge

Re: rule by decree

In this case I almost agree that parliament should pretty much waive the leave from europe through on the grounds the people voted to leave.

Er, no. The population voted in an advisory referendum to leave the EU. There was nothing about the precise terms of what "leaving" should mean, and since the vote was announced we have had bugger-all in terms of a clear vision and plan for what this move should actually entail. In fact we have had utter melt-down in the Labour opposition and the appointment of Ms May to the Conservatives as the least-worst choice, and that takes some biscuit for sure.

As such it is perfectly right and proper that the current government should present the details to parliament for approval before acting. The fact the don't like/want to do so shows both the arrogance of the prime minister and the utter lack of a coherent plan.

7
2

LAKE OF frozen WATER THE SIZE OF NEW MEXICO FOUND ON MARS – NASA

Paul Crawford
Silver badge

Re: McMars Distillery

Well at least you don't get your water from the depths of Uranus...

16
0

Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking

Paul Crawford
Silver badge

Re: "except for IP addresses"

They *are* the ISP so presumably could have their routers configured to block incoming IP addresses to any customer that should not exist (such as their own internal range, "Martian packets", etc).

Yes, I know, that is a level of security sense that goes one step above the already-failed step of limiting IP addresses in the first place...

4
0
Paul Crawford
Silver badge

To me a "backdoor" is an undocumented and sneaky addition, generally without an option to change its access credentials.

However, having a management port that is properly documented and can be secured is another. Yes, it is a risk but that can be managed by having multiple layers of security.

In this case its a double-fail - first the the login can be found from remote queries without needing the login, and second that such access was not restricted to a trusted and small IP range such as the ISP's own administrative machines (based on the sensibly paranoid approach that no single access method will be free of bugs or brute-forcing).

8
0
Paul Crawford
Silver badge

Re: Why does an ISP need access to your hardware

To be fair, they could also use it to push out updates to fix security vulnerabilities like this before they get comprehensively p0wned, as Joe Average user is unlikely/incapable of doing so. Oh wait...

As for having the management port not locked to their own IP range, as they did in the past, that is just such a stupid fsck-up that some senior people should be getting the boot.

13
0

Apple unplugs its home LAN biz, allegedly

Paul Crawford
Silver badge

Re: Does this mean Time Capsule gets the chop too?

Probably - as they can charge you rental for your data in the iCloud instead.

What do you mean, peasant? You don't have that large a broadband capacity? Doorman, throw him out to the gutter where he belongs!

8
1

Hyperloop One settles hangman lawsuit

Paul Crawford
Silver badge

The people of Dubai wont get to see that, nor the Flintstones movie for that matter!

But the people of Abu Dhabi do...

17
0

Microsoft's cmd.exe deposed by PowerShell in Windows 10 preview

Paul Crawford
Silver badge

I can see MS' point, but then I don't really care as I use cygwin or the better native Linux shells...

Oh dear it is useful for a few, but their number get fewer.

Some day no one will march their at all...

5
4

Surveillance camera compromised in 98 seconds

Paul Crawford
Silver badge

You assume a lot, in that who of they potential buyers knows how to check telnet passwords?

A more sensible approach would be for gov around the world to make default and non-changable passwords that work beyond the firt log-in attempt something that incurs a $1000+ fine per device.

Only then will suppliers not be fsking morons out of the box....

32
0

The encryption conundrum: Should tech compromise or double down?

Paul Crawford
Silver badge

Re: Trump can't force Apple to knuckle under using current law/court rulings

This means is is reasonably practical to ban the use of effective encryption, because it can be shown if you are using encryption that is not permitted.

Simple option is encryption over an encrypted channel, they see the outer breakable encryption due to the connection metadata but not the payload, unless they break and scan everything. That starts to become a serious load on the systems, unless there is a golden key in every router, in which case it will be mere minutes before foreign governments and criminals also have it. Yes, I'll spare you the Venn diagram of those two.

it would be easy to draft a law making illegal the mere possession of software capable of encrypting effectively.

For the pelbs you might be right, but governments have a habit of listening to businesses that stand to lose billions due to security breaches and they sure as hell won't be happy with such an approach.

2
0
Paul Crawford
Silver badge

Re: Please allow law enforcement access

Maybe that is the best argument?

Ask USA politicians if they are happy with giving Chinese and Russian courts the technological access to their communications because it follows due legal process for possible terrorism or money laundering claims.

9
0

KCL staff offered emotional support, clergy chat to help get over data loss

Paul Crawford
Silver badge

Re: counselling for data loss????

Well, lets look at the hard facts...

OK, praying is no less efficacious then KCL's previous data protection plans.

10
0

Low-end notebook, rocking horse shit or hen's teeth

Paul Crawford
Silver badge

Re: Chromebooks

Shops don't like them - no opportunity to sell AV software and MS Office* on the back of the machine's purchase. Otherwise they great for those wanting a keyboard and a pain-free way of getting Internet access.

[*] Which is actually useful, but the majority of people don't need more than the "free" Google docs or similar.

4
0

Google and Facebook pledge to stop their ads reaching fake news websites

Paul Crawford
Silver badge

Re: Bit late now

Some thought that social media would mean an improvement in the freedom of ideas without 'traditional media' and its agenda of money and politics.

Sadly what we see is "Idiocracy" turning out to be a documentary on how we as a population can de-educate and vote ourself in to oblivion.

20
2

UK NHS 850k Reply-all email fail: State health service blames Accenture

Paul Crawford
Silver badge

@RW

Worse - those stupid email clients that reply with any attachments also included in the endlessly growing email list.

1
0
Paul Crawford
Silver badge

Re: The usual suspects

Sadly I have seen both issues in use.

Case in point #1: one club that has 'reply' set to reply to the list because some folk felt it too hard to choose 'reply all' if they really meant it. As a result, you actively have to copy/paste an individual's email address if you don't want to spam to group.

Case in point #2: Where I work the number of (apparently educated) numpties who 'reply all' to stuff that has no real need of informing the original recipients is depressing. Even worse there were groups set up that allowed a replay-all to everyone, with the expected dumb outcome. At least those distribution lists now only allow a few people to post to them (the actual content is worthless, so its not a great loss).

3
0

Pay up or your data gets it. Ransomware highwaymen's attacks on small biz octuple

Paul Crawford
Silver badge

Re: You can reduce/eliminate the risk yourself

You speak like a Windows admin person who tries to stop this. For other OS the GCHQ advice says much the same:

https://www.ncsc.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts

Basic stuff: deny user-writeable locations execute permissions, deny command prompt and scripting unless really needed, and use apparmor to limit internet-facing programs' ability to hose your data.

But back to the real point: What if your machine really dies? Or the building gets flooded or burns down (probably not at the same time)? What if your laptop gets lost/stolen/driven over by some monkey in a humvee?

For those cases and crypto viruses you need off-premiss backups that can't be trashed by ANY account.

0
0

Married man arrives at A&E with wedding ring stuck on todger

Paul Crawford
Silver badge

Come now! Everyone knows that men reach the age of 5, and then the bodies keep growing.

2
0

Australia teases binning x86 for Power CPUs in new supercomputer

Paul Crawford
Silver badge
Trollface

Re: "Windows Server tends to outperform Linux in many HPC scenarios"

Ah, 8 hours passed with 2 down-votes so far, and yet not a contradictory fact in sight :)

4
0
Paul Crawford
Silver badge
Trollface

Re: Old fogey mode

Alpha was 64-bit always, but NT ran very nicely indeed on them. Until it was cancelled and we had to explain to a major European space organisation just how trustworthy MS were in terms of portability and cross-platform support. So much for the promises they made when we went down that road.

Oh well, not that MS matters that much to us now. Hey, MS uses, just how are those price-hikes going down? [hence troll icon]

3
0
Paul Crawford
Silver badge

"Windows Server tends to outperform Linux in many HPC scenarios"

Really? Facts please, like how many Windows machines are in the top 500 supercomputers?

9
2

Google's new VR Daydream View will cripple your phone

Paul Crawford
Silver badge

Re: Photo

Typical, eh? Crashes just as you get to the money shot climax of the VR experience.

0
0

Russia shoves antitrust probe into Microsoft after Kaspersky gripes about Windows 10

Paul Crawford
Silver badge

Now, now, can't have some non-USA product flagging our own agency-generated malware can we?

3
0

Retiring IETF veteran warns: Stop adding so many damn protocols

Paul Crawford
Silver badge

Re: Bloat

You would like to think that standard libraries are known, fixed and tested. Not when it comes to the IoT world where the mbed implementation of gmtime() is broken! And not fixed in over two years!

Says a lot about how well they develop and test IoT stuff, eh?

https://developer.mbed.org/questions/75856/Who-will-fix-the-mbed-system-gmtime-func/

https://github.com/ARMmbed/mbed-os/issues/1098

2
0

Brexflation: Lenovo, HPE and Walkers crisps all set for double-digit hike

Paul Crawford
Silver badge

Brexploitation

A great new word, shame its needed though

20
0

Hitler's wife's lovely lilac knickers fetch £2,900 at auction

Paul Crawford
Silver badge

Re: One word: Bootnotes.

Surely Jackbootnotes?

3
0

China passes new Cybersecurity Law – you have seven months to comply if you wanna do biz in Middle Kingdom

Paul Crawford
Silver badge

But what will the USA actually do?

The Chinese now have their factories and most production process/IP by the balls.

1
1

CERN also has a particle decelerator – and it’s trying to break physics

Paul Crawford
Silver badge

Next question...

Does antimatter fall down?

Of course that is what is expected from all theories, but AFIK it has never been experimentally verified.

8
0

Forums

Biting the hand that feeds IT © 1998–2017