* Posts by Paul Crawford

5636 publicly visible posts • joined 15 Mar 2007

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Paul Crawford Silver badge
Facepalm

Who would have guessed that the stupid complexity of your typical UEFI start-up code, along with little on no peer review, would have lead to security holes?

Brit borough council apologizes for telling website users to disable HTTPS

Paul Crawford Silver badge

Re: Nothing new

Lube! That is pure luxury!

When I were a lad we had to bite down on a bit of stick

China's Loongson debuts processor that 'matches Intel silicon circa 2020'

Paul Crawford Silver badge
Joke

Re: Fake benchmarks though

The Chinese CPU performance will be great - until the running-dog decadent west ports Windows 11 to run on it...

X/Twitter booted out of Australia's disinformation-fighting club

Paul Crawford Silver badge

Re: False premise

Not an issue. Now that major ISPs have site blocking systems in place, it is only a court order away.

Yes, there are several ways to circumvent it and probably small ISPs don't support it, but if it blocks 80-90% of typical twits than it has done its job as far as a financial penalty (i.e. loss of advertising opportunity) goes.

Paul Crawford Silver badge

Re: False premise

Fines are not much of a deterrent if you're not around to pay them.

Blocking of any advertiser revenue is the deterrent.

Blocking the web site might seem a bit far, but they do that for The Pirate Bay and similar who ignore copyright laws, so I don't see why not here. Again, less eyes, less revenue, and shows the world you are prepared to enforce things against those that take the piss.

Paul Crawford Silver badge

Re: False premise

If the fines are not paid on-time Oz should impose a block on any bank or payment service doing business in Oz doing business with xitter or any of its subsidiaries. The only thing that really counts is the money.

Logitech's Wave Keys tries to bend ergonomics without breaking tradition

Paul Crawford Silver badge

Re: Tat

For instance, every mouse I buy, gets its outer coating disintegrate within a year or two. It becomes sticky and unpleasant to work with.

Is this used when visiting speciality websites, perhaps?

Japanese tech startups testing cash incentives for office return

Paul Crawford Silver badge

Re: It would have to be a fucktonne of a sweetner

If you have perfected Weetabix tyres you have another business opportunity!

Data-destroying defect found after OpenZFS 2.2.0 release

Paul Crawford Silver badge

Re: ZFS here we go again

I would not simply pull a hot-swap disk out of RAID and hope for the best. Normally you would identify the failing/faulted disk and remove it from the RAID set first (if not already automatically managed by some NAS appliance with flashing LED to show you it is ready to be pulled, etc).

The main point of "hot swap" is you don't need to reboot the controller to see the new disk.

Paul Crawford Silver badge

Re: ZFS here we go again

ext4 might be "dependable" in terms of mature code and no bleeding-edge features, but it lacks a lot of the data integrity checks that ZFS has. AFIK it only checksums the journal by default, and lacks some of the atomicity guarantees on file replacement (other than a few hacks to detect a move-rename and flush the recently updated file, etc, to keep it in line with the ext3 behaviour).

Paul Crawford Silver badge

Re: Checksums

The insidious problem here is the corrupted data from the bug is then check-summed, written elsewhere, and then appears good on disk.

You can get the same issue from ZFS and the likes if you don't have ECC memory - the block in memory gets corrupted and nobody knows, it then ends up of disk with a "good checksum" afterwards, and has been whitewashed.

Bottom line is it is incredibly hard to write a safe file system, even simple designs have had serious bugs in them.

Paul Crawford Silver badge

Re: ZFS here we go again

ZFS on the other hand only has one single issue: it doesn't support removable devices very well.

To be fair for a FS designed to include RAID as part of its mass storage operation then "removable device" is not a typical use-case.

It's a shame Linux doesn't have a single, decent in-tree file system.

Sadly that is true of most OS (other than the dead-man-walking Solaris, and FreeBSD).

Paul Crawford Silver badge

Re: ZFS here we go again

And your choice of totally safe file system is?

Singapore to deter crypto investors with tactics like those used on smokers, gamblers

Paul Crawford Silver badge

The most dedicated fools will always find a way, but it will reduce the total amount of trouble to society and those friends who sadly are a bit jelly-brained when it comes to these things.

Based on your comments, do you really think that stopping advertising and promotion of cigarettes was a bad thing? That is has not reduced smoking overall and so the health troubles from it?

USB Cart of Death: The wheeled scourge that drove Windows devs to despair

Paul Crawford Silver badge

But...but...but...we are always told that the NT kernel was a micro-kernel and so did not suffer such driver problems?

Paul Crawford Silver badge

In the mid-2000s I was involved in developing a USB powered radio peripheral that was using the generic MS USB driver for XP to talk to it. One day I managed, via the peripheral's firmware, to crash the XP box so badly it screwed the MBR. Yes, that serious a flaw in their own driver's code. The IT department had to re-image to box. So much for post-Win98 USB support being OK!

Maybe I should have got in to penetration testing instead?

Taxing times: UK missed out on £1.75B because of digitization delays

Paul Crawford Silver badge

Re: Hold senior leaders accountable

Would be an added tourist attraction for the Tower of London - back to the old days...

FFmpeg 6.1 drops a Heaviside dose of codec magic

Paul Crawford Silver badge
Gimp

Re: The intelligence of a stapler

Oh, you also interact with your meat and a stapler then?

How to give Windows Hello the finger and login as someone on their stolen laptop

Paul Crawford Silver badge

Re: Not secure anyway.

News from 2005:

http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm

Will anybody save Linux on Itanium? Absolutely not

Paul Crawford Silver badge

<== THIS!

Itanium was hailed as the 64-bit replacement for x86, then AMD came along with x86 compatible 64-bit support and it was dead in the water. But it shambled along for a lot longer than expected...

Paul Crawford Silver badge

Re: for well over ten years

On related project work, there were Windows NT machines running on Alpha machines, at the time throttled to just below 300MHz (limit for US export control then) and then MS dropped support it along with other non-x86 architectures was a serious wake-up call that MS can't be trusted on new technologies. In fact, on anything...

Paul Crawford Silver badge

Re: It was a DSP

There are more algorithms than FFT/FIR that are well optimised in the libraries.

Paul Crawford Silver badge

Texas Instruments had a VLIW family of DSP processors around the late 1990s that I had the sad misfortune of working on. Again the promise was 1GIPS of performance from a 200MHz or so clock rate (which seems nothing now, but then was seriously impressive), but that was only possible on very specific code segments when the various internal units (integer cores, MACs, loop counters/index, etc) could all run code in parallel. Which was rare. What made it worse was the piss-poor compiler tools that hardly managed to optimise C-code for that sort of a situation, a life way too short to learn its assembly rules, and to cap it off a long instruction pipeline that was dropped, with a serious performance hit, any time there was an instruction branch (i.e. an if statement or break in a loop).

End result was a mediocre performance in reality, and a few years on it was beaten on performance by x86 style chips that had OOE and branch-prediction capabilities. Not to mention far better compilers for PCs, many of which were also free, and greater ease of debugging.

NASA's Psyche spacecraft beams back a 'Hello' from 10 million miles away

Paul Crawford Silver badge

Re: "the significantly tighter waves of near-infrared light mean … more data"

Interesting, but quite hard to make an X-ray telescope / receiver to match (compared to radio / optical)!

Paul Crawford Silver badge

Re: Great work!

Also you might note that the article in El Reg, or indeed the press release, is not say what speeds were actually achieved. Just woolly words about being faster:

“DSOC was designed to demonstrate 10 to 100 times the data-return capacity of state-of-the-art radio systems used in space today”

What makes of radio systems? At what distances? FFS just tell us what speeds?

Paul Crawford Silver badge

Re: Impressive.

You can deliberately diverge the beam to make pointing less critical, but that of course negates the link advantage of using light (wavelength in the um range) instead of radio (in the cm range) for any low rate missions.

And no, at that distance it is not "high rate" by near-Earth standards. For near-Earth use laser comms promises a lot higher data rate than radio as you can have many, many, GHz of modulation bandwidth that is simply not available in most of the usable radio spectrum, here the advantage is the sharp focus of the laser in delivering enough power where (hopefully) you are listening and not elsewhere.

Windows users can soon ditch Bing, Edge, other bundleware – but only in the EU

Paul Crawford Silver badge

Re: UK workarounds ?

Nope, it is deliberate to force you to eat their dog food.

BOFH: Monitor mount moans end in Beancounter beatdown

Paul Crawford Silver badge

Re: "Fewer bells", Shirley

noun Hollow metal musical instrument, usually cup-shaped with a flared opening = fewer bells

noun Brand of Scottish whisky = less Bell's

Child psychiatrist jailed after making pornographic AI deep-fakes of kids

Paul Crawford Silver badge

David Tatum, 41, found guilty by a jury in May, has been sentenced to 40 years in prison and 30 years of supervised release

Just how long do they expect this guy to live to and still be a risk to children?

Late Qualcomm cofounder teleports $200M into SETI to bankroll hunt for alien life

Paul Crawford Silver badge
Pint

A toast to Franklin Antonio for doing something creative with his legacy =>

Whether they find, or don't find, evidence of alien technology it will enhance the knowledge of our species.

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections

Paul Crawford Silver badge
Facepalm

I'm guessing if it came to it, most browser companies will produce an EU version that meets this law, and a World version that has trusted/vetted CA certificates. Perhaps just a configuration setting apart (assuming web browser designers grasp there is more than a google search box needed)?

No sir, not identifying any secret certificates. But sure, if you are outside the EU only use these ones that we trust...oh what is that Skippy? Those EU CA companies are being dropped world-wide due to a lack of trust? Oh dear, how sad, never mind!

Android VPNs to get audit badges in Google Play Store if they aren't comically crap

Paul Crawford Silver badge

Re: There is no "safe" VPN

It comes down to who and what you are defending against. I often use a VPN just to make it that bit harder for advertisers and busybodies in local authority (not necessarily TLAs) to follow me, and also to have a relatively fixed IP address when travelling so I don't get pestered with 2FA and other annoyances to prove who I am every time.

We're getting that fry-day feeling... US Army gets hold of drone-cooking microwave rig

Paul Crawford Silver badge

Re: Hmmmm..

Indeed you can design a drone to resist frying tonight, but then you are not getting the cheap off-the-shelf parts to build from and suddenly thay are $M+ a pop, not $1-10k a pop and that makes a massive difference to the tactics and options to supply. That alone makes this sort of defence valuable.

Paul Crawford Silver badge

Re: Hmmmm..

Inverse square law applies to an unfocused point source, not a focused beam.

No, it applies to anything in the far-field zone. Depending on your beam source that can be from few mm to several km distance, but eventually it always is square-law.

Cybercrooks amp up attacks via macro-enabled XLL files

Paul Crawford Silver badge
Facepalm

Whether MS Office is inherently insecure is up for debate

Oh I think that debate was settled year ago

Microsoft's 11-year itch: The uncelebrated anniversary of Windows 8

Paul Crawford Silver badge

I just don't really see the point getting my panties all in a wad over something that I stopped noticing in a week. That seems like a very unhealthy fixation if you ask me.

So you are happy to spend whatever time it takes to support employees, friends & family who do see problems introduced by pointless changes?

You are happy to re-write documented processes to keep up with the whims of some idiot who decided to break things for the sake of a "modern" look?

Clearly it's so easy, and all Microsoft had to do was just consult someone like you, so...

They could have kept the old options, just like XP allowed "classic look" to keep win2000 look and feel. Just how hard would that have been? After all if you tried doing anything with w8 and similar sooner or later you would find the jarring change to an old control panel menu, etc.

Paul Crawford Silver badge
Trollface

Still in aerogems we can see that when the morale-improving beatings are taking place, at least one will be saying "Thank you, master!" all the way through.

Intel dumps its silicon photonics bells and whistles into Jabil's lap

Paul Crawford Silver badge

So one again Intel bets the farm, dog, and wife on x86 and prays. Oh brother, pray for Intel's salvation! Pray!

What, that seems like a poor plan engineered by useless management?

Boston Dynamics teaches robo-dog to recognise speech, respond using ChatGPT

Paul Crawford Silver badge

Re: "Fetch!"

More likely:

Man throws ball "fetch!".

Robo-dog runs after it.

Robo-dog returns with the ball, still held by the now-detached arm of a child who picked it up.

Paul Crawford Silver badge
Gimp

Re: "This illusion was enhanced by adding silly costumes to the gripper and googly eyes"

I should have ignored the siren's call to search for that, almost the first hit was "6 Best Robot Sex Dolls In 2023" suggesting not just that they existing in more than one guise, but this is not the first year they have run such a review.

Well, obvious really =>

Just one in ten UK orgs have significant AI investment plan

Paul Crawford Silver badge

Re: Plan for ... what?

I suppose some companies could be figuring out how to use AI to provide (even more) atrocious customer service very cheaply. AI may well be able to do that .... in a few years ... probably.

Most likely.

Sadly even when you get a human after some utterly useless voice-operated call screening (that only works for a small set of voices), you often find they are also ones who fail the Turing test.

Boffins find AI stumbles when quizzed on the tough stuff

Paul Crawford Silver badge

Re: GPT-4 model managed to score 700 out of 800 on the SAT maths exam

That is a truer test, like getting it to write, debug and test a program instead of copy/paste stack-exchange, etc.

But the reality is most humans 'train' on past paper examples, etc, and most academic institutes keep the same approach as making the exam harder more realistic in terms of problem-solving would cause an unacceptable drop in pass rates. And skulls mean money, not brains...

Microsoft seeks EU Digital Market Acts exemption for underdog apps like Edge

Paul Crawford Silver badge
Big Brother

Re: you cynics should try it

You mean its a chrome-clone pre-loaded at boot to give that impression?

A pox on both of them for advert whoring!

On-by-default video calls come to X, disable to retain your sanity

Paul Crawford Silver badge

Year Two of X is shaping up to be interesting - maybe it'll be the last?

Well maybe something might be better in 2024...

Boffins say their thin film solar cells make space farms viable

Paul Crawford Silver badge

Re: only expected to work for a year

Here on earth, CdTe panels have completed a 25 year endurance test.

Without the harsh UV and ionising radiation, I expect...

It is 20 years since the last commercial flight of Concorde

Paul Crawford Silver badge

I think it was the only flight I have been on that half the passengers didn't really want to get off immediately on landing!

My ticket was not cheap, but around a month to my flight i looked up alternative first class flights out of curiosity and they cost more.

Paul Crawford Silver badge
Pint

I was fortunate to fly once as I bought a ticket when they announced its withdrawal as I realised it was never going to happen again. It was a marvel of engineering and I feel that BA was rather spiteful in ensuring no flyable craft were left, at the very least it could have flown at air shows like Spitfires, etc, even if not flying commercially due to the withdrawal of manufacturer support.

Comfort-wise it was fine, and while not as luxurious as first/business class flights today, it was only 3 and bit hours, not the gruelling 8+ hours if cattle class most of us endure if we need to get to the states.

A toast to the numerous engineers and scientists that made it work, really it was the UK/France equivalent of the Apollo program =>

GNOME Foundation's new executive director sparks witch hunt

Paul Crawford Silver badge
Pint

I wish her all the best. Really if she just to stops stupid happening and listens to users it will be good.

Shucks Chuck, how many employees pay = one Cisco CEO?

Paul Crawford Silver badge

Gee, if only the spent a bit of that looking for and swiftly fixing security bugs...

Progress towards 'Gigabit Europe' is slow, with UK also lagging

Paul Crawford Silver badge

Wi-Fi in practice* is never going to be as fast as Gigabit ethernet. Also in my area of UK you get FTTP with a choice of speed/costs so in my case I went with "up to" 300Mbit rather than "up to" 900Mbit as more than enough and half the cost. So far I see close to max speeds most of the time, suggesting fairly low uptake of the contended segments.

[*] As in through walls and with every other bugger in your (and neighbouring) block of flats also running Wi-Fi.