* Posts by Paul Crawford

5636 publicly visible posts • joined 15 Mar 2007

FYI: Today's computer chips are so advanced, they are more 'mercurial' than precise – and here's the proof

Paul Crawford Silver badge

Re: The Spanish Inquisition

Our three methods are fear, surprise, being mercurial. Oh and an almost fanatical devotion to IEEE 754 Standard for Floating-Point Arithmetic!

Damn! Among our methods are fear...

Code contributions to GCC no longer have to be assigned to FSF, says compiler body

Paul Crawford Silver badge

Re: Apple and GPL

GNUradio is not a good example as a project as the code base and build system seems to be made up as they go along by folks with little in common, and often will not build from source! WTF are they doing?

As soon as you see a project that has made its own build-tool instead of a common utility you can see there is crap coming...

VC's paper claims cost of cloud is twice as much as running on-premises. Let's have a look at that

Paul Crawford Silver badge

Re: Where do I start?

The engineering cost is a key factor, but if your business has those folks for other reasons then getting them to spend a small amount of their time on the feeding and watering of your servers makes sense.

But as you say, for small non-tech businesses, or non-core stuff, it can be well worth the cost for a managed service (e.g. non-classified email, accounting package, etc).

US nuclear weapon bunker security secrets spill from online flashcards since 2013

Paul Crawford Silver badge

Re: secrecy

Same in Scotland, usefully signposted...

Big Tech has a big problem with Florida passing a law that protects politicians from web moderation

Paul Crawford Silver badge

Re: How much does a theme park cost?

Step 1 - buy a disused theme park somewhere

Step 2 - ban all Florida politicians who voted for said legislation

Step 3 - profit!

BOFH: But we think the UK tax authorities would be VERY interested in how we used COVID support packages

Paul Crawford Silver badge

Re: Stairwell or Elevator

Suddenly.

India, Twitter brawl in public as latest content rules begin to bite

Paul Crawford Silver badge

Re: Broad brush.

I have been to India once and it is a nice place to visit.

But they have as obnoxious and self-opinionated politicians as they come and with a back story of racial/religious tensions and piss-poor handling of the pandemic in recent months you can see them trying to fight public opinion by attacking the media.

A big factor in this terrible wave of death in India was the resumption of public rallies for the elections. Hubris.

Seeking an escape from the UK? Regulations aimed at rocket and satellite launches from 2022 have arrived

Paul Crawford Silver badge

Re: "we want to be the first country to launch into orbit from Europe"

It also depends on the type of orbit. For GEO you really benefit from an equatorial launch site, for sun-synchronous polar orbits, not really.

Paul Crawford Silver badge

Unclear if 'space' is on the green, amber or red list

Just ask Dr Quatermass...

Apple is happy to diss the desktop – it knows who's got the most to lose

Paul Crawford Silver badge

Re: ridiculous - "Win10 ... is no more inherently vulnerable than Apple or Linux ..."

Comparing vulnerabilities is useful, but ultimately not that important. The real down-side of Windows are (a) its popularity, and (b) the fact that well-managed / secure was never its default configuration, so you depend more on competent sysadmins to use group policies, etc, sensibly to make it so.

You can find examples of Linux systems with default user/password that makes their security a joke, so the underlying OS details are only significant if you really have eliminated the other factors.

Paul Crawford Silver badge

For Linux if you want higher user security you simply mount the user-writeable areas (typically /tmp and /home) on partitions as 'noexec' and then they can only use programs installed via the package manager. Which obviously they cannot use as you have not given them any administrative rights...

https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/ubuntu-18-04-lts

Beijing bashes Bing and lashes LinkedIn over improper data collection and storage

Paul Crawford Silver badge
Big Brother

I feel dirty for liking something the otherwise-appalling Chinese government is doing.

ESA signs off on contracts for lunar data relay and navigation

Paul Crawford Silver badge

Re: Satellites in lunar orbit

The satellites themselves will be much the same size, orbit around the moon probably a little lower but we shall see what they come up with. I suspect not *that* low as they won't want the same sort of constellations size that you see for Earth (~24 active satellites) navigation simply for the cost of putting it up there, and might be willing to accept areas of poor navigation coverage, etc.

Cloudflare stops offering to block LGBTQ webpages

Paul Crawford Silver badge

Re: Religion and porn

Very true!

Though to be fair many more are killed by religion than porn.

Internet Explorer downgraded to 'Walking Dead' status as Microsoft sets date for demise

Paul Crawford Silver badge

You can say the same about Chrome now.

Some sites only work properly with it as the idiot designers don't test anything else, and it comes with Google's prying eyes screwing privacy as well. Not to mention Google using its near-monopoly ability to push through changes that no one really needs beyond Google's own agenda (idiot-brain things like activeX USB and native file system access, for example).

Meet the new bossbrowser, same as the old bossbrowser...

Waymo self-driving robotaxi goes rogue with passenger inside, escapes support staff

Paul Crawford Silver badge

Do you mean a train?

Not keen on a 5G mast in your street? At least it'd be harder for crackpots to burn down 'a flying cell tower in orbit'

Paul Crawford Silver badge
Coat

My GF had a similar problem, but hers is full bras at all times.

Thanks, I'll just get it =>

South Korea orders urgent review of energy infrastructure cybersecurity

Paul Crawford Silver badge

Enact a law to make board of directors liable for any major incident unless they can prove they took every step to prevent it. I.e. reverse the burden of proof.

Then watch the IT budgets transform!

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

Paul Crawford Silver badge

Re: Why?

Is anyone actually able to explain why corporate networks and critical systems coexist on a network - beyond 'stupidity?

Money. Trying to save the cost of duplicated air-gapped/firewalled networks, or the time to manually check/reconcile things.

Stupidity and greed cover the vast majority of disasters.

Paul Crawford Silver badge

When the board of directors get massive fines and/or (preferable) some gaol time for failing to ensure a secure system leading to this sort of thing, only then we might see a bit more proactive security.

Paul Crawford Silver badge

Re: One word:

Only for very high value targets.

Or, of curse, for systems where some muppet allows auto-run on USB drives and for staff to play use critical machines for entertainment. Which is probably more common...

Tesla Autopilot is a lot dumber than CEO Musk claims, says Cali DMV after speaking to the software's boss

Paul Crawford Silver badge

Re: Re:10X

The problem is the "average" driver includes a lot of serious asshattery by a few which greatly skews the results. If you as a responsible sober adult is going to swap control for a computer then you want it to be better than yourself by some measurable amount.

Think of how dumb the average voter is. Now remember half of them a dumber...

‘Staggering’ cost of vintage Sun workstations sees OpenSolaris-fork Illumos drop SPARC support

Paul Crawford Silver badge

Sad but understandable. We have good memories of the Sun SPARC machines of the day, well built and reliable compared to the cheap (and not so cheap) x86 boxes we had. But in time they became too expensive for the performance offered and Linux became pretty good.

Then Oracle took over and it was clear fairly quickly that no more SunOracle kit would be bought or used.

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

Paul Crawford Silver badge

Re: Stupid mistake is a CRIME -- Here's the cure.

13. What can possibly go wrong?

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

Paul Crawford Silver badge
Facepalm

Re: That's why C/C++ should be ditched

Modern compilers and static analysis tools (lint and on-line stuff like Coverity Scan) will find most of the common bugs biting people.

It is just a lot of folk don't use them, or they disable/ignore warnings when compiling because "it works anyway".

Paul Crawford Silver badge

Re: That's why C/C++ should be ditched

Yes, and who is doing the re-writing and bug-testing?

That is the problem with many bits of software, they are not terribly well written but attempts to re-invent them often introduce far more problems than fixing the old ones.

For some things you do have better, more secure, alternatives already in existence. But if you have a stable working system you are again facing the trade-off of fixing issues in a working arrangement and starting fresh with newer package(s), configuring them, testing that, fixing that, checking client compatibility, etc, etc.

Stealthy Linux backdoor malware spotted after three years of minding your business

Paul Crawford Silver badge

Re: So how can you detect whether your Linux system is infected or not?

First get rid of systemd

Then you can worry about any other malware...

BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw

Paul Crawford Silver badge

Re: "Then calloc() returns an error"

For typical PC code I use a version of the NR vector() function that calls calloc() AND checks the return, forcing a ext if it fails after logging that numbers that triggered the failure. That way my code is neater than lots of in-line tests, etc.

I know there are cases when you want to continue and try a different value, but in most cases if you run out of allocatable memory it is game over for your original planned execution anyway.

Other languages have ways to trap stuff that don't relay on a function wrapper, but equally mine can have a brutal #define vector calloc used if I want simplified code for embedded stuff.

Paul Crawford Silver badge

Re: malloc()

Generally I use calloc() so mistakes fail faster and more dependably, as the overhead of zeroing the allocated memory is not usually high compared to what I am going to use it for and I don't go in for over-provisioning (i.e. asking for loads more than I need and allowing the OS to deal with the fall-out if I and others do need it).

But once again we have code not doing sanity checking, sadly in the key C library. But I suspect the same sort of bugs apply in many other languages, just that C is most common for embedded stuff.

Known software issue grounds Ingenuity Mars copter as it attempted fourth flight

Paul Crawford Silver badge

Re: Ace PFY skills

Typically the watchdog will do that for you. With extreme prejudice...

UK government gives Automated Lane Keeping Systems the green light for use on motorways

Paul Crawford Silver badge

Re: paradigm shift

The current shit state of electric cars could be fixed at a stroke if they were able to slope off autonomously at night to recharge somewhere sensible, and be back by dawn.

Sort of AI dogging parties?

Paul Crawford Silver badge

Re: Naysayer

Don't forget they are piloted as necessary by highly trained individual who go though hours of simulator time to handle the cases when the autopilot hands back control. It does not always work out well (AF447) but it is one hell of a better that road users get.

Also said aircraft are professionally maintained and all actions and parts traceable, with any accidents or near misses being independently investigated. Will we see that for each "self driving" car prang?

Microsoft joins Bytecode Alliance to advance WebAssembly – aka the thing that lets you run compiled C/C++/Rust code in browsers

Paul Crawford Silver badge

Re: Essentially webassembly *is* Javascript

Be careful what you wish for...

FCC gives SpaceX the go-ahead to drop Starlink satellite orbits by 500 kilometres or so

Paul Crawford Silver badge

Better them at 550km and dropping out in 25 years no matter what, then sitting at 1200km for centuries or millenia and denying us safe access to the rest of the solar system (or GPS and GEO injection path).

What is it with Facebook and screwing democracies? Now calls for Prime Minister Modi to resign censored in India

Paul Crawford Silver badge
Facepalm

The situation in India is heartbreaking.

They were doing quite well for some time, but then the hubris of politicians wanting to hold electioneering rallies and religious gathering going ahead for $DIETY knows reasons led to the depressingly predictable outcome.

Starlink creates risk of internet investment doom cycle, says APNIC researcher

Paul Crawford Silver badge

It could be said and it is true.

But if you have put in a fibre run that can take, say, 12 fibre pairs, each of which can easily do 10Gb or more (depending on length, use of WDM, etc) you have one hell of a greater bandwidth than a GHz or so of RF spectrum will allow.

Delivering not just kilowrists of speciality video, but hitting that mythical megawrist barrier.

Chinese officials declare intention to become network superpower, tout glorious 5G rollout that's smaller than local carriers' claims

Paul Crawford Silver badge

Re: Sorry, China.

Sadly the west's appetite for cheap tat and out-sourcing to give bigger bonuses to the management says otherwise. How many companies or countries actually do anything against the Chinese government's increasingly authoritarian stance?

I rather suspect the UK will suck up to them again when Boso needs some trade deal or someone to fund new power stations, etc.

God bless this mess: Study says UK's Christian beliefs had 'important' role in Brexit

Paul Crawford Silver badge

Re: Love your neighbour

Well, by the French for a start.

Harassers and bullies succeed in tech because silence is encouraged

Paul Crawford Silver badge

Re: Rednecks incoming.....

Anyone who uses "woke" in a sentence that does not include having a shower and breakfast deserves no respect. Either claiming to be one or denigrating others for it.

Do you expect me to talk? Yes, Mr Bond, I expect you to reply: 10k Brits targeted on LinkedIn by Chinese, Russian spies

Paul Crawford Silver badge

Well it seems Linkedin has some use after all.

Ever wondered what it's like working for Microsoft? Leaked survey shines a light on how those at the code coalface feel

Paul Crawford Silver badge

Oh I think the regulars have no issues working at Microsoft

Working with Microsoft, now that is a different ball game...

It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US

Paul Crawford Silver badge

Re: The Russians are coming

Well as long as they use some Kleenex, I don't want sticky patches under my bed again. Mutter, mutter...

Pigeon fanciers in a flap over Brexit quarantine flock-up, seek exemption from EU laws

Paul Crawford Silver badge

Re: Brexit.

English man: "I say, do you say a payer before evening meal like we do?"

French woman "Non! We know how to cook"

Paul Crawford Silver badge

Re: Brexit.

Not to mention the fishermen who thought it would be no-quotas AND the same EU market to sell to.

Of course the whole of the fishing industry contributes less to the UK's GDP that the (pre covid) west end theaters of London, and in the late 60s my grandfather (who was a fisherman then) was already telling folk that the seas would soon be emptied by the industrial-scale trawlers that were coming on the scene, so this particular tragedy of the commons was not unexpected

UK's National Cyber Security Centre recommends password generation idea suggested by El Reg commenter

Paul Crawford Silver badge
Coat

Re: Rainbow Tables

I thought they went to 11!

Mine has a copy of Spinal Tap =>

SpaceX's Starlink: Overhyped and underpowered to meet broadband needs of Rural America, say analysts

Paul Crawford Silver badge

Re: 5 years

The lifetime is not just in-orbit.

They actually have to keep going in terms of solar panels, battery systems, attitude control system, TT&C and of course the actual broadband payload. I seriously doubt that more than 70% will still be fully functioning after 5 years.

Airline software super-bug: Flight loads miscalculated because women using 'Miss' were treated as children

Paul Crawford Silver badge

Re: And this is why air travel is so safe

And on the other hand we have self-driving cars...

South Africa's state-owned energy firm to appeal after court rules Oracle does not have to support its software

Paul Crawford Silver badge

Sadly most of El Reg's commentards know this is the cost of touching Oracle products.

They don't even give you complementary tubes of KY.

Imagine your data center backup generator kicks in during power outage ... and catches fire. Well, it happened

Paul Crawford Silver badge

Re: This would never have happened at a certain broadcaster I used to work for.

Indeed there have been some remarkable two-stroke diesel engines developed, such as this beast:

https://en.wikipedia.org/wiki/Napier_Deltic

In their day an astonishing power to weight ratio, but reliability not on par with modern expectations.

Turns out humans are leading AI systems astray because we can't agree on labeling

Paul Crawford Silver badge

What would happen if a self-driving car is trained on a dataset with frequent label errors that mislabel a three-way intersection as a four-way intersection? The answer: it might learn to drive off the road when it encounters three-way intersections.

Clearly that is not intelligence at all. You have faulty software because you did not have a complete grasp of the programming of it. Some might even say a negligent approach as you assumed the Mechanical Turks provided valid data, and you did not verify it yourself.