nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Paul Crawford

3764 posts • joined 15 Mar 2007

Office 2019 lumbers to the stage once more as Microsoft promises future releases

Paul Crawford
Silver badge

Re: Clippy is now AI?

Nope, it is AS

1
0

Secret IBM script could have prevented 11-hour US tax day outage

Paul Crawford
Silver badge

Very much so.

Most calculations for availability are based on the assumption of independent errors. Things like bug and manufacturing flaws, along with external "stress events" like lightning or A/C failure, are never EVER included as a realistic model.

1
0

That scary old system with 'do not touch' on it? Your boss very much wants you to touch it. Now what do you do?

Paul Crawford
Silver badge

Re: Insurers, banks, board of trade, government...

"actually produces the in-production machine code"

Is a very valid point, and not just from the aspect of someone editing the machine code to fix a minor bug without facing hours of compilation time.

You also have to deal with the problem that very likely what is archived was not the "last" version of what was compiled since not every project has good code management using CVS/SVN/GIT, etc and built-test cycles that are followed.

In one rather sad case a programmer I knew died and several months later the company had wiped and re-used he PC. Then around a year later they realised the in-use executables were build using a version that had been on that PC but had not been checked in to the central repository. Had they only bought a new HDD for the machine...

21
0

Cisco sneaks hardcoded secret root backdoor into vid surveillance kit

Paul Crawford
Silver badge

Re: At this point..

And yet governments seem only to ban Chinese kit due to this sort of allegation...

28
0

Scottish brewery recovers from ransomware attack

Paul Crawford
Silver badge

Re: offsite backup

There are many ways to destroy data integrity, not just the obvious ransom-ware or HDD failure, but also examples of electrical surge, fire, flood or some oik nicking the thing.

Having an off-site copy is a VERY GOOD IDEA and if you want to DIY then you could sync two NAS locally, move one off-site and then have an rsync job (ideally taking a copy of the most recent snapshot so it is all consistent in time).

Of course you also need to check it is working, not just initially but also months down the line, and to try your recovery process as well. You REALLY don't want to find out its not quite right after a major event!

5
0
Paul Crawford
Silver badge

Re: Customer caught

RAID != Backup

But a NAS that supports automated daily snapshots would have had a sporting chance of recovery with but a day's lost data (e.g. the feature on FreeNAS that comes free with ZFS' inherent copy-on-write operation).

14
0

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Paul Crawford
Silver badge

Re: Firewall

why I use FreeNAS

Not to mention it using ZFS with the data checksums and periodic scrubbing to help fix/detect any HDD problems early on.

0
0

Tech to solve post-Brexit customs woes doesn't exist yet, peers say

Paul Crawford
Silver badge

Simple and cheaper still, why not have a small "honesty box" next the a couple of main roads for anyone to put in any customs duty they think is needed?

Could be done on time, will cost less than what is not collected, and might have a slim chance of stopping a return to border bloodshed once more.

38
0

Why waste away in a cubicle when you could be a goddamn infosec neuromancer on £50k*?

Paul Crawford
Silver badge

Necromancer?

Why did I read that as a infosec necromancer? Maybe it is closer to the truth.

2
0

London tipped to lead European data market. Yes, despite Brexit!

Paul Crawford
Silver badge

Re: 33 zettabytes a year?

Not so much cat photographs as pussy photographs. Just ask Mrs Slocombe...

2
0

UK.gov isn't ready for no-deal Brexit – and 'secrecy' means businesses won't be either

Paul Crawford
Silver badge
Facepalm

Or a reason to jump to another country..

35
0

NHS smacks down hundreds of staffers for dodgy use of social media, messaging apps

Paul Crawford
Silver badge

Re: Wow

If doctors had done this on the golf course nobody would care.

The key here is not that it is a doctor, nor that is it a golf course, but that is was a spoken joke that has no permanent internet record to come back and bite you (or anyone else) in 1 day, month, year or decade.

Today's generation of social media users seem not to think even as far as who sees a post immediately, let alone the long term.

6
0

Python joins movement to dump 'offensive' master, slave terms

Paul Crawford
Silver badge
Gimp

Re: The terminology is not the problem.

No the safe word is FLÜGGÅӘNKб€ČHIŒßØLĮÊN and is covered here:

https://www.youtube.com/watch?v=8GmDl0Tp4DI

4
0

Arms race: SiFive, Hex Five build code safe houses for RISC-V chips

Paul Crawford
Silver badge

Actually I often think "Is there a CPU without any 'secure enclave' features that would allow me to know my machine has no BIOS or microcode-level root kit?"

0
0

Tor(ched): Zerodium drops exploit for version 7 of anonymous browser

Paul Crawford
Silver badge

Re: Supposedly

I don't know of any product the Vultures describe as secure. I guess it comes down to any product that claims to be security-related is given the "allegedly" treatment here.

Still, this is Yet Another Lesson in the need for layers of security, you know like an Ogre has. Or was that an onion?

0
0
Paul Crawford
Silver badge

Re: Javascript XOR Security

Remember the 90s when you were told "don't run unknown software on your computer" at every point in a security lecture? Well now we do it every day in our web browsers.

And mostly its there for shitty advertising reasons...

5
0

It looks like tech-savvy drivers will have to lead connected car data purge

Paul Crawford
Silver badge

"Whether the DVLA would be willing to accept a privacy regulating role that's outside its remit is questionable"

They don't need to have a regulation role, just to provide a stable and well-documented API that allows the car companies to automatically wipe personal data on ownership change of a given VIN.

Then make it clear that the car companies are liable under the GDPR and the prospect of being sued a percentage of global turnover will focus their minds magnificently.

29
0

make all relocate... Linux kernel dev summit shifts to Scotland – to fit Torvald's holiday plans

Paul Crawford
Silver badge

Re: New! It's the elReg trip advisor

Edinburgh hotels can be a bit expensive and hard to find during the fringe festival, but there are many good places stay and see. If you can only do a couple of days stop-over in Scotland then Edinburgh is probably the place to go. It is even worth going on one of the open-top tourist buses to get a quick overview of the city.

If you have some more time then a trip to Glasgow is worth while (historic rival to Edinburgh) as it has plenty of good restaurants, night-life (and low-life if you like that sort of thing), and a trip to the highlands for the scenery (weather permitting, but that can change on an hourly basis).

For most of the highlands then a car is really needed, but if you don't want to drive then it is easy to get to Avimore by train (also has a historic steam train line if you fancy that, or the funicular railway up Cairngorm mountain) and the east coast train from Glasgow to Malaig has some amazing scenery (including the Glenfinnan Viaduct that featured in the Harry Potter movies) but you really should stay over at Malaig, not just for the peaceful experience but also as as it is not practical to go there and back in the one day.

11
0

Neutron star crash in a galaxy far, far... far away spews 'faster than light' radio signal jets at Earth

Paul Crawford
Silver badge

And maybe also the answer will reveal time.

16
0

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Paul Crawford
Silver badge

And for the rest of the world?

Thing is if the 5-eyes get together and demand that companies in these regions give them this back door, what will the rest of the world do?

1) Say "Its a fair cop, we trust you, here you go gov'ner"

2) Say "No 5-eyes software or services here" and thus provide a gov-mandated alternative for EU/Russia/China/India/etc

19
0

Google is 20, Chrome is 10, and Microsoft would rather ignore the Nokia deal's 5th birthday

Paul Crawford
Silver badge

Re: For all your searching

My search engine of choice due to its fairly anonymous behaviour (and one of the first to use https from the browser's plug-in).

But I still go to Google for cases when I actually want to see stuff to buy as they seem to do better at returning UK based adverts/shops then DuckDuckGo even though they have me down as UK-based.

6
2

Thousands of misconfigured 3D printers on interwebz run risk of sabotage

Paul Crawford
Silver badge
Terminator

What, to 3D print penises in 12" size?

How Pintsize sees himself =>

1
0
Paul Crawford
Silver badge

Alternatively...

Some ne’er-do-wells could just upload files of penises in all imaginable (and some unimaginable) sizes and shapes just to the lutz

Not that I, as an upstanding member of society, would suggest thrusting such a prank on an already suffering world.

15
0

Go Pester someone else: TSB ditches CEO over bank's IT meltdown

Paul Crawford
Silver badge

Re: still expected to take away about £1.7m

Sadly you probably have to be jailed for that.

27
1

Black holes can briefly bring dead white dwarf stars back to life

Paul Crawford
Silver badge

Re: Unintelligent design

I think most would root Jezebel

3
0

UK getting ready to go it alone on Galileo

Paul Crawford
Silver badge

Re: More to the point

We can't "disable" it but there was talk of withholding an export license for any new satellites, etc.

I suspect it would just be added to the Brexit divorce bill if we did as I guess we were contracted to supply it and *we* were the ones who decided to pull out of the agreements.

8
1
Paul Crawford
Silver badge

Re: UK has the resources

In principle eLoran is not nearly as accurate as GPS-like systems, but in practice it is good enough for many activities where 10m or so is sufficient (like not being lost at sea).

Main advantage is the high power low frequency system is harder to jam over any significant area, and it would not cost billions to cover the UK. But using it world-wide has the problem of enough ground based transmitters and their running costs (maintenance, power).

As a fall-back for accurate timing and frequency control in the event of GPS outage for whatever reason it would be great, but again with a small market it is unlikely to be developed and unless it is forced upon operators of critical infrastructure then they won't spend the money to add resilience.

9
0

Windows 10 July update. Surface Pro 4. Working fondleslab. Pick two

Paul Crawford
Silver badge
Trollface

You see this is what happens when you use hardware that was never developed in close cooperation with the OS supplier. Oh wait...

37
1

Unpicking the Pixel puzzle: Why Google is struggling to impress

Paul Crawford
Silver badge

Re: Beta?

If Google was serious about its phones then it should give every employee one and insist they use it, and it alone. Then enough internal feedback might just get the bugs fixed...

16
3

Dropbox plans to drop encrypted Linux filesystems in November

Paul Crawford
Silver badge

Re: /tmp noexec

If it uses the package manager to update then the Debian guide has stuff to re-mount as exec just for the time during updates: https://debian-administration.org/article/57/Making_/tmp_non-executable

2
0
Paul Crawford
Silver badge

Better choices out there

If they are saying to change file system, why not migrate to another cloud provider that actually gives you privacy with "Zero-Knowledge" user encryption? A quick search has Sync.com, pCloud, SpiderOak One, Tresorit, and MEGA as listed "best of" for 2018.

28
0

'Can you just pop in to the office and hit the power button?' 'Not really... the G8 is on'

Paul Crawford
Silver badge

Re: Long ago.

We have 5 nominally identical machines used for "industrial control" use, all around 6 years old now. But one of them turned out to crash at roughly 2-6 month intervals. Memory tests, etc, revealed nothing. Second time it happened it was at 9.30pm on a Friday night while I was out for a beer or three and I had to persuade the security guy to let me in and up to the top floor to push the reset button.

After that we put watchdog daemons on all of them (and quite a few other machines as well) and in practically every case it has saved physical intervention to restore operations.

Top tip - edit your settings so the machine just fixes any file system anomalies and continues, and is not sitting there prompting you to decide on the action. For example:

http://xmodulo.com/automatic-filesystem-checks-repair-linux.html

In general most modern file systems will be OK for any automatic repair, if not then you were going to have to reformat and restore your backup anyway...

18
1

Porn parking, livid lockers and botched blenders: The nightmare IoT world come true

Paul Crawford
Silver badge

Re: You're Doing Corporate WiFi Wrong

Any sane company has at least two wifi systems: one for user's own phones / visitors / IoT crap / etc, and a 2nd (or more) that is more locked down and only for approved corporate devices that need to access internal systems.

18
2

Now that's a dodgy Giza: Eggheads claim Great Pyramid can focus electromagnetic waves

Paul Crawford
Silver badge

Re: A wavelength of 200 ... metres

It was on 200kHz originally, but shifted a LONG time ago to be 198kHz as a multiple of the 9kHz AM band spacing.

We still have an old QuartzLock 2A off-air frequency reference that provides an accurate 10MHz from that LW transmission. Shows a little of the general wobbles (about 3E-8 at 1s interval) and day/night changes though, but if compared to the recent very stable GPS-based QuartzLock E8000 reference they agreed to better than 1E-10 over a day or two averaging.

6
0
Paul Crawford
Silver badge

Re: struggle to get good reception

Today, yes, mostly due to broadband interference and shit el-cheapo SMPSU.

But more seriously due to Radio Luxembourg stopping AM transmissions some years ago.

5
0
Paul Crawford
Silver badge
Gimp

Re: It was aliens wot did it

Oh dear, am I at risk of being penetrated by a Pointy Mummy now?

11
1

UK cyber security boffins dispense Ubuntu 18.04 wisdom

Paul Crawford
Silver badge

Re: Good idea.

A major factor is there is no root account. So you have to guess both the account name(s) that have sudo rights AND a matching password. If you ever look at your SSH/auth logs without any tight IP restrictions you will see lots of attempts to log in with names such as: root, admin, pi, test, oracle...

7
0

Another German state plans switch back from Linux to Windows

Paul Crawford
Silver badge

Remote use?

I find the argument that home users are "used to Windows" is odd these days, most non-technical folk I know of use tablets and rarely touch a laptop/desktop (gaming aside). At one point MS argued that the stable and predictable GUI was a big reason to stick to them, and for Win95/98/NT/2k/XP (without the Fisher-Price style, which was a simple option to select) that was true. But given the general fscking of the user interface over the last decade or two (from 'the ribbon' the the disaster that was win8) that is long gone.

Sure you can lock down a remote device, but that would not be a home user's device but a corporate laptop. Who would allow their work to administer and lock down their own laptop? To restrict the pr0n-browsing opportunity?

9
1

NXP becomes N-nixed-P, Apple snubs Qualcomm modems for Intel chips

Paul Crawford
Silver badge

Good to see NXP still there

The trend for borging semiconductor houses is bad for all: they asset-strip the acquisition for its most profitable lines and dump the rest. Not because they are not in-use by designers world-wide and valuable to many, but simply because they are not "profitable enough" for the new owners.

5
0

Windows Server 2019 tweaked to stop it getting clock-blocked

Paul Crawford
Silver badge

Re: david 12

It is true you could install a 3rd party NTP build for Windows for some time now (e.g. from Meinberg), but it has taken a LONG time for Microsoft to get with decent time-keeping.

But you are wrong about 90s UNIX systems, we had Sun machines in the mid 90s that had microsecond format clock reporting (via gettimeofday() calls) even though I think they actually used the RTC oscillator so had 30.5us tick steps from the "watch crystal" used behind them. So better than 100us there. However, it is possible that older Linux boxes were millisecond ticks but I did not have much experience of those until the mid 2000s by which time they were us resolution.

Also this was in a university setting so we had a 2Mbit WAN and reasonable delay stability in the 90s, though of course small businesses and home use was still often dial-up until the 2000s and that would set a significant limit on time setting.

0
1
Paul Crawford
Silver badge

NTP & networks

Incidentally it is not symmetric network delays that cause errors for NTP and similar, but asymmetric ones. NTP knows the round-trip time so it knows if the server is correct what the maximum ambiguity is, and with several servers (always recommended) a bad clock or strange delays on one path can be seen and rejected.

However if you have a system with an asymmetric delay on all paths (e.g. your ISP) then all clocks sources are biased by the same amount and so your server is set to a slightly wrong time. For example my home cable broadband system seems to have an asymmetry of around 3ms when compared to a local GPS-based server. As your round-trip delay is reduced (e.g. NTP server on LAN instead of over the WAN) then such errors are reduced.

PTP is not a "magic" solution to this dilemma, but as it runs on the LAN only and normally via switches that are designed to accurately transfer delay information and with network cards employing hardware time tagging you get greatly reduced errors in all of the locations that NTP sees as one 'blob' of delay, leading to much higher accuracy.

4
0
Paul Crawford
Silver badge

Re: Wellyboot

We already have well defined time scales for all cases, its just that many computer programmers don't know or care to use them.

For a smooth linear atomic time scale we have TIA where there is a fixed epoch and time is simply atomic transitions from that point. No Earth-related movement is considered at all. Internally GPS uses a similar idea, but its epoch matched UTC in 1980 and the offset GPS-UTC (which changes with leap seconds) is part of the broadcast information.

For Earth-related work we have always used one of the UT scales (UTC, UT1 and UT2) as they are related to mean solar time, and for as long as humans have bothered with time keeping the cycle of day and night has *defined* our sense of time and date. It is only in the last century or so that we have had access to clocks that are better then the Earth's rotational rate as a time base. Now we have some people saying:

"Keeping track of leap seconds is too hard for computers to do (i.e. lazy programmers ignoring the long history of time keeping) so lets get rid of them as who cares if mean solar time is no longer mid-day?"

But many people do care, and many systems relating to astronomy or satellite use already exist that are based around the previous internationally agreed definition of UTC being kept within 1 second of the Earth's rotation, so they would be broken by such a change.

7
0
Paul Crawford
Silver badge

Windows get proper NTP

Really what they are saying is Windows server 2019 gets the sort of NTP based time keeping support that *NIX systems have had from the 90s?

OK, the PTP support is a newer thing with most systems based on the 2008 spec but it also needs switches/routers that support it if you are doing it properly. As for Google's fugly fudge of time-smear - don't. Please just implement time keeping properly and actually test your systems on the infrequent but inevitable leap-second events.

8
8

Windows 10 IoT Core Services unleashed to public preview

Paul Crawford
Silver badge

Re: Updating

Also what guarantees that the upgrades in 5-10 years will still fit the storage on budget IoT devices built now?

1
1

'Fibre broadband' should mean glass wires poking into your router, reckons Brit survey

Paul Crawford
Silver badge

Re: Is it important?

Point is with FTTP there is no practical bandwidth limit on the infrastructure: change the end point transceivers (assuming enough backbone capacity) and you can get 1GB or possibly 10GB symmetric speeds. At least and order or more of magnitude faster than last-run over copper.

25
0

Indictment bombshell: 'Kremlin intel agents' hacked, leaked Hillary's emails same day Trump asked Russia for help

Paul Crawford
Silver badge

Russia has viable opposition parties?

11
2

Two-factor auth totally locks down Office 365? You may want to check all your services...

Paul Crawford
Silver badge

Re: 2FA?

Another big factor (if you pardon the pun) is the number of people using their phone for both the internet access part (i.e. user-name/password entry) AND for the 2nd factor (e.g. text message code) so once again the phone becomes a single point of failure in security terms.

14
0

US drug cops snared crooks with pre-cracked BlackBerry mobes – and that's just the start

Paul Crawford
Silver badge

Re: Symptoms of misguided policies

You are right about "collateral costs" but also we can look at the biggest addictions (smoking and alcohol) and see how they are managed around the world. Generally they are legally available so the quality is mostly 'safe' but with restrictions on sale, use (e.g. smoking bans in public buildings in many places), and advertising along with various campaigns to promote more responsible use.

Now it is not a complete success but overall it seems to be better to manage and tax it than to have prohibition and funding organised crime.

21
2
Paul Crawford
Silver badge

Re: Warrants

Ah yes, the 9/11 case that killed something like 1/10 of a year's worth of USA gun accidents (or substitute "road traffic accidents" if you are a NRA member).

Also it is pretty obvious in that case the perpetrators should have stood out like a sore thumb but human failings and department rivalry largely had them ignored, which is exactly the same sort of reasons why powers tend to be abused if no checks & balances are applied.

32
3

United States, you have 2 months to sort Privacy Shield ... or data deal is for the bin – Eurocrats

Paul Crawford
Silver badge

Re: unfortunately...

You seem to make the common mistake of thinking of the EU as a single body.

The EU commission is largely made of gov wonks and tend to do the same sort of shady back-room deals that most governments do, but at least their masters can join the tabloids in blaming the "Evil EU" for making them do what they were lobbying for in the background anyway. Just like the UK gov and the telco data retention directive, for example. These are the ones trying to put a plaster on the current EU-US deal.

Then you have the MEPs who actually do a public debate and (mostly) democratic vote as they don't have much of a party-political goal scoring agenda like most lower houses. These are the ones who seem to be standing up for individual rights, just a shame our own MPs seem to care for none of it.

It would be even better had we (the UK) not voted in wasters like Farage who, whether you are pro-EU or anti-EU, did SFA to help any UK interest in any debates or votes.

4
0

The Register - Independent news and views for the tech community. Part of Situation Publishing