* Posts by Paul Crawford

5636 publicly visible posts • joined 15 Mar 2007

UK smut overlord declares age checks should protect users' privates

Paul Crawford Silver badge

Re: Time to install a decent VPN

There are many VPN choices but not many that are good. As a general rule you need to:

(A) expect to pay real money, probably £3 - 10 per month for a usable service as otherwise they can't provide the bandwidth, servers, etc, without whoring you Facebook/Google style.

(B) always use a VPN provider in another country, that way your own gov has to make a real effort to get any data (e.g. a competent court order in that country).

(C) do your homework and check the T&C for logging and if you plan on using bit-torrent, etc.

There are some advertorial sites like www.bestvpn.com which are useful, but remember they are tending to push the sponsors. Also some guidance like: https://torrentfreak.com/vpn-services-keep-anonymous-2018/ as another list to consider.

Galileo, Galileo, Galileo, off you go: Snout of UK space forcibly removed from EU satellite trough

Paul Crawford Silver badge

ESA and Galileo are very different even though it is the same basic industry:

All of the countries that pay in to ESA get a moderately equal share of that back via contracts and staff employment, and generally all projects are open to all members to bid. Provided the UK does not do anything even more stupid like stopping this, we still get to bid.

Galileo was driven by EU political goals to be independent of the USA/Russia/China (a later comer) in the area of precision navigation and timing. AFIK there is requirements from the very start of the project that for any work on Galileo (certainly anything to do with the security system) to be an EU national. The UK was part of the process that originally created this. Shortly we will not be EU nationals.

Remind me again why is anyone surprised at this news?

Uber's disturbing fatal self-driving car crash, a new common sense challenge for AI, and Facebook's evil algorithms

Paul Crawford Silver badge

Re: LiDAR doesn't work in the dark? WTF?

The other WTF you missed was that even when the pedestrian came in to camera view the car did not brake even though an AI system should have a reaction time an order of magnitude faster than a human, and should out-brake most humans by knowing full well what is the lock-limit of the wheels (i.e. reaching anti-lock point),

Also as others have pointed out the car was clearly driving beyond its sensor range, again that is something humans do, but is actually against the highway code. Drive to your visible range stopping-distance we are instructed.

So who is going to fall for this: The software engineer(s) who developed the sensor/stopping code? Those who did a safety analysis? The executives up top?

BOFH: Give me a lever long enough and a fool, I mean a fulcrum and ....

Paul Crawford Silver badge

Re: I like the new boss

Depend on whether this new boss is a danger to the IT crew or to other boss' sections.

Could get quite interesting (in the Chinese curse sense) to be in a pincer movement by a top executive and some world-savvy IT "specialists".

El Reg deep dive: Everything you need to know about UK.gov's pr0n block

Paul Crawford Silver badge

Re: given unrealistic expectations of the act

Pizza, is that with anchovies? Or extra cream?

Paul Crawford Silver badge
Facepalm

Re: Cybergumble

I know (in a non-biblical sense) someone who deserves a medal in ineptness for being unable to find pornography on the net.

Turned out his web browser window was too small and all the search results were further down the page and he did not know to scroll.

We need to talk, Brit Parliamentary committee tells Mark Zuckerberg

Paul Crawford Silver badge

Just block Facebook and prosecute anyone doing business with them in the UK.

Sure, you wont get Zuck in jail, but the spooking of investors and the damage to the brand would be priceless...

Leading by example: UK.gov's secure server setup is patchy at best

Paul Crawford Silver badge

Re: To root or not to root

"bad ciphers and config is to make it easier for GCHQ to log data, inject payloads and other shenanigans"

Err, you do know that GCHQ is part of UK gov so they can simply get the data any time they want?

US cops go all Minority Report: Google told to cough up info on anyone near a crime scene

Paul Crawford Silver badge

Re: The other lesson to be learned

I suspect that few murders are planned. And of those that are, very few in total are planned by smart hit men/women.

Coverity Scan code checker's systems crypto-jacked to run cheeky mining op

Paul Crawford Silver badge

I got an email about that but assumed it was simply a scam/phishing trip. After all if your links are like:

https://u2389337.ct.sendgrid.net/wf/click?upn=08onrY...

WTF do you expect any reasonably paranoid software developer to do? I kind of assume it is the more paranoid ones who actually care enough to check their code for programming bugs using the service in the first place, but I may be wrong.

Private Internet Access VPN opens code-y sarong, starting with Chrome extension

Paul Crawford Silver badge

Re: Why not openVPN?

I have only tried a little and for Linux, but few clients are any good (though Windows gets some with much better polish). The issue of a 'kill switch' is not too difficult to do with firewall rules - obviously best done by a script or two so you don't have to remember, but usually that also means admin rights.

This ought to be handled by Linux's network manager which would avoid the old sudo usage, but it is shit and has lots of never-fixed bugs when VPN use is involved (to the point where some VPN provides simply advise against its use - but that is a pain when you want easy wifi connections with saved SSID/password combinations).

Paul Crawford Silver badge

Re: "pirates, paranoids and peruses of particularly pernicious pron"

What a wonderful unholy trinity!

But you are perfectly right: the data slurping by ISPs and the increase in that as the likes of the UK gov demands monitoring, along with attempts to block perusal of perfectly pleasant pr0n, and again with the risks of using many 'free' wifi services that may fiddly your DNS/MITM attack your traffic, will drive a massive up-take in VPN use.

True, you are simply migrating your trust from one entity to another, but at least VPN businesses sell privacy and failure means lost money. Unlike your ISP (possibly no real choice) or those offering WiFi around town.

VPN tests reveal privacy-leaking bugs

Paul Crawford Silver badge

@ DropBear

No, it probably won't show up the sort of flaws found here.

But it is a damn sight better then "installing" some sort of VPN service and assuming it is doing a proper job. So it is a minimum step if you think you need a VPN for any reason.

Also readers of El Reg probably would set up their firewalls (independently of the VPN provider) to allow normal traffic to only go via tun0, and only traffic to the VPN address(s) to go via eth0, etc. Partly to mitigate simple mistakes, but also to prevent leaks if the VPN is dropped.

Paul Crawford Silver badge

Whatever VPN service and/or method you are using, do at least some basic testing yourself using sites like ipleak.net

They also offer a dummy torrent link to allow you to check for that spilling out to your ISP, for those who do that sort of thing, obviously for Linux ISOs, eh?

Developers dread Visual Basic 6, IBM Db2, SharePoint - survey

Paul Crawford Silver badge

It is *just* possible that some folk use more than one method.

Admittedly that is not likely to be the "don’t use version control" group...

Air gapping PCs won't stop data sharing thanks to sneaky speakers

Paul Crawford Silver badge
Windows

Of course slapping a 15kHz analogue filter on all audio ports would also work.

Grumpy old man who cant hear beyond that now =>

Microsoft says 'majority' of Windows 10 use will be 'streamlined S mode'

Paul Crawford Silver badge

Re: Games, anyone?

Nope, very few people "love" Windows. They use it because:

1) It came with their PC (and they could not / would not afford a Mac)

2) They depend on Windows-only software for something important.

News lobsters demand to be let back into the Facebook boiling pot

Paul Crawford Silver badge

Re: Facebook is toxic.

Why should it be regulated?

Obvious really, it acts like a publisher, spreads* all sorts of shit, but likes to have no responsibility or liability. Not even the piss-poor standards that the tabloids are held to.

[*] yes it is the users and advertisers really doing the sharing of shit, but Facebook encourages click-bate and such addictive share actions to keep its revenue opportunities big. After all they could stop most of the rot by only allowing users' own posts and not the "share" feature to spread stuff virally. So in that sense they ARE doing it.

Paul Crawford Silver badge

Re: Scurrilous

It made me think of the Devil giving a very accurate speech about the decline in morality and emptying churches up and down our once-pleasant land. You want to agree with him, until you realise just how big a shit he also is.

Reg man wraps head in 49-inch curved monitor

Paul Crawford Silver badge

Re: Still only 1080 Vertical

I have "only" a 27" 2560 x 1440 monitor and those extra vertical lines really help. If I have the budget/new video card/cleared desk then probable would go for a 40" 4k monitor to get more usable height as much as anything.

Having said that, ANY increase in monitor size is useful, more so than most CPU speed increases* in recent years, and if you often have two windows open side-by-side I can see such a monitor having its appeal.

[*] yes, lets not talk about meltdown/spectre

Mobile World Congress: 5 buzzwords, an homage to Windows XP and a smartphone snorefest

Paul Crawford Silver badge

Re: Really?

The ones which completely dominate the market, you mean?

I guess so. They may be dominant but the are not really that good.

Paul Crawford Silver badge

Re: Latency? In my self-driving car?

"Rock is transparent to some frequencies."

It also lacks the ability to warn self-driving cars about its presence on the road after a land slide. Same for the lack of rock (AKA pot holes). So this goal of "ability to see round bends" won't apply to the first car (or maybe 2nd, depending on the system) that blindly speeds along safe in the knowledge there are no meatbags driving and hits it...

MIT gives one-star review to Lyft, Uber over abysmal '$3.37/hr' pay

Paul Crawford Silver badge

Re: Judge by what people do, not what they say they want.

Tim Worstall's conclusion is interesting:

"It prevents large numbers of people doing what they’d like to do, sell their labour for less than $7.25 an hour. We’ve the proof of this, large numbers of them are doing exactly that when they’re able to, as self-employed Uber drivers."

I am pretty sure they don't want to sell their labour for less than $7.25/h but are doing so either because (a) they have not worked out just how little they are earning, or (b) there is not enough local work (they are qualified for?) to get a minimum wage job.

Either way is sounds a lot like VC-funded "illegal dumping" on the taxi job market.

US Supremes take a look at Microsoft's Irish email slurp battle, and yeah, not a great start

Paul Crawford Silver badge

Re: The solution is simple.

"US believes it can access any data stored on systems owned, or under control of any US entity"

So basically that means Windows 10 then as the EULA and design permits data access?

Will be interesting if this comes to pass and the whole of Europe it basically told that using Windows on any internet-connected machine for any personal data is now a breach of privacy laws.

Huawei guns for Apple with Mac-alike Matebook X

Paul Crawford Silver badge

Re: Looks good

As opposed the to usual sort that make it look as if you are avoiding eye-contact by always looking "down" below it?

Short of a screen-centre camera, you can't really win...

When clever code kills, who pays and who does the time? A Brit expert explains to El Reg

Paul Crawford Silver badge

True, but then who is responsible for setting up the AI?

Really it comes back to the first commentard's point - always hold the vendor responsible, otherwise they have no incentive to get it right and fix bugs as they are discovered.

For example, why should my autonomous car insurance premium depend on the performance of the vendor's AI in crash avoidance? Flaws and problems and financial consequences should stop at the car company in this case.

Paul Crawford Silver badge

Re: @ Oliver Jones

That is an interesting but also seriously flawed argument:

1) While parents are not held responsible for their children, companies are held responsible for the actions of their employees in the course of work (which is closer to the vendor/software model)

2) When they are adults (and to some extent before then), children become liable for their own actions and can be punished by the courts. Unless AI has some concept of reget or self-preservation that is not available.

Of course threatening to reprogram its data banks with an axe might just work...

Tor pedo's torpedo torpedoed: FBI spyware crossed the line but was in good faith, say judges

Paul Crawford Silver badge

Re: My sympathy meter is broken

These sort of cases are rather worrying. Not that anyone much has sympathy for those promoting child rape, etc, but more that by initially being used for such cases it allows dubious legal practices to be "normalised" for other investigations.

Paedophilia is in many was the new witchcraft: where simply being accused is enough to lose one's job, family rights, etc, and even if it all turns out to have been a case of mistaken identity, etc, you won't ever get your former life back and the tabloid headlines won't be shouting about your innocence. And this is not just a theoretical concern:

https://arstechnica.com/tech-policy/2010/08/disgruntled-brit-plants-child-porn-on-bosss-computer-calls-cops/

https://www.nytimes.com/2016/12/09/world/europe/vladimir-putin-russia-fake-news-hacking-cybersecurity.html

So while we all want the police to investigate and prosecute cases of child abuse, they have to do so with great care to establish the integrity of the process is beyond doubt and that they don't go in guns blazing (perhaps literally in the USA) to the wrong house due to some screw up with IP address resolution, shared wifi / weak passwords / etc.

UK.gov's Brexiteers warned not to push for divergence on data protection laws

Paul Crawford Silver badge

Re: All thats missing

The "red white and blue" Berxit is so mixed up it is very much turning out a brown Brexit.

KFC: Enemy of waistlines, AI, arteries and logistics software

Paul Crawford Silver badge

Re: Have I missed something?

"Just as i finished typing the sentence last sentence it occurred to me: roadworks but then again surely any roadworks could have custom (doesn't have to be a sign) transmitter to inform the car of the rules of traversing any ongoing works."

Again this is not the exact issue, it is the serious disconnect between the claimed ability of AI to deal with the real world that meat-bags do a half-passable job of in order to work for the decades it will take to transition from drivers to robots on the road.

If your AI can't tell a KFC and STOP sign apart, just how good/safe will it be? Even if you think "oh just put up a transmitter for robocars at road works" how will they deal with any other sort of outage/problem that meat bags could deal with by using their (admittedly often limited) intelligence to work around? Finally when there is a a fatal/serious injury crash involving a megacorp's robo car and some lawyer can show such shitty AI discrimination of the obvious, do you think the fines for knowingly unsafe design will be Ford Pinto style or not?

Developer recovered deleted data with his face – his Poker face

Paul Crawford Silver badge

"No, it is specifically prohibited to delete . or .. and has been since at least the first version of POSIX."

My comment is not about deleting the current/parent directory, but that it will follow them. For example, try this in your home directory as a non-destructive example:

ls -R .* | grep '\.\.' | grep -v $USER

You would expect it to show you just your own hidden files? But you might be surprised by what is also there when you filter out the obvious (1st grep looks for the double-dot parent style of name, 2nd grep should ignore your own files, but of course it is not just your hidden file it is matching either!).

Paul Crawford Silver badge

"rm -rf recurses into mounted directories"

You must also be aware that if the matching pattern/regex includes '..' it will go UP a level and then down from there!

At least the time I almost suffered from that, it was a recursive chmod command on '.*' to change hidden files/directories permissions from my home location. And I did it as myself, so when it tried to go up and down in to all other's home directories the standard permission bits stopped it.

But for the grace of $DIETY go I...

Paul Crawford Silver badge

@ Prst. V.Jeltz

The UNIX equivalent command waiting to do this is 'dd', also known as destroy data for an obvious reason. dd can be used to copy whole physical HDD as well as to wipe them be reading /dev/zero (or /dev/random for the more paranoid) as the source of data to write to the HDD.

Just be very, VERY, sure you get the if= and of= options the right way round.

Very slightly less risky but equally odd/comparable to robocopy is the rsync command. It won't by default delete files, but the behaviour in whether it copies/creates the main directory is depended on the trailing '/' in source and destination paths in a way I always seem to forget. So the --dry-run option is always my initial addition until I see roughly what it will attempt to do.

If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast

Paul Crawford Silver badge

Re: Thunderbird != Outlook

Thanks for that insight, but all of that is really a feature of exchange I guess, and not of the "email client" as such.

Paul Crawford Silver badge

Re: Thunderbird != Outlook

Serious question here: Why is having a calendar in your email client a good thing?

Every time Outlook is discussed this comes up as its main advantage - and I just don't get it. Sure I see that having some good calendar functionality is useful, but its not something I ever see as related to email (reminders being sent to your inbox being the obvious exception).

Facebook gets Weed-whacked: Unilever exec may axe ads over social network's toxic posts

Paul Crawford Silver badge
Linux

I always want to substitute penguins :)

They would do better than out national football team...

BOFH: We want you to know you have our full support

Paul Crawford Silver badge

I tried deleting /etc but it did not make things any better...

LISA Pathfinder sniffed out gravitational signals down to micro-Hertz

Paul Crawford Silver badge

Re: PicoHertz?

Indeed, even 1uHz = 11.6 days, 1nHz = 31.7 years period. Of course you could have 800pHz as around 40 years and still be well within advertising standards...

Of course it might also be related to the time-derivative of gravity (units anyone?!) where it may be something like 1pico-g per second or similar.

Long haul flights on a one-aisle plane? Airbus thinks you’re up for it

Paul Crawford Silver badge

Re: Single aisle transatlantic is not news...

"Because thats less than the price for me to get a train to London!"

Thanks in no small part to airlines not paying tax on fuel...

GCHQ unit claims it has 'objectively' made the UK a less desirable target to cybercrims

Paul Crawford Silver badge

Re: Another outsourcing agency?

To be fair, they do publish some useful guides to making your systems more secure and mitigating some of the more common attack/vulnerabilities. For example:

https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts

Dori-no! PepsiCo boss says biz is planning to sell lady crisps

Paul Crawford Silver badge
Facepalm

My sordid imagination was profoundly disappointed to learn that "lady crisps" were not any sort of anatomical reference.

Still, good to know that MBAs are providing value to their employers.

OpenWall unveils kernel protection project

Paul Crawford Silver badge

Re: I am skeptical

I think the key point is the kernel (in fact, most OS stuff) is simply too big and complicated to be correct. And so they are proposing a much simpler system to look for changes that should not happen as an indication of bugs or exploits being used. It is unlikely to stop the likes of GCHQ/NSA/FSB's best, but it is not a bad idea if it is small and reliable. A bit like Apparmor for additional protection against badly behaved (or compromised) daemons, web browsers, etc.

Of course those in favour of provable microkernels will be gloating at this point, but they still have the problems of (a) lower level faults (CPU bugs, non-proven libraries, etc) and (b) no one really uses them for the sort of big jobs we generally want. That is dominated by Linux (monolithic monstrosity) and Windows (microkernel virginity long since lost).

Morrisons launches bizarre Yorkshire Pudding pizza thing

Paul Crawford Silver badge

Re: Obligatory pulled pork?

Is that also on offer from ones those who wave to you from the windows in De Walletjes

Electric cars to create new peak hour when they all need a charge

Paul Crawford Silver badge

Re: EV manufacturing costs

It is not the "rare earths" in electronics or big DC/brushless motors that is the non-green aspect for EV, it is the old Devil himself - the battery.

Range issues, pollution on manufacture, recycle issues, risk of fire/explosion on crash - all come down to battery design. Yes it is getting better with time but it is NOT like the "Moore's law" expectations most have for electronics etc. Probably this will improve, but every year or two we hear of breakthrough technology that apparently came to nothing (most likely engineering issues, I don't believe in the "big oil" hiding it conspiracy theory).

Paul Crawford Silver badge

Re: problem is real but pretty easily solvable

"At the heart of this, we have blokes (and it is almost entirely blokes) who just don't want the world to change."

No, most of the commentards here are pointing out that we don't have the infrastructure to support a massive EV fleet and unless the cost of that, and the tax "benefit" governments currently reap from car use are addressed, the current advantages of EVs are moot and optimism unfounded.

Yes, they produce little pollution at point of use (ignoring dust from break & tyre ware)

No, they are not 100% green due to the (1) the manufacturing costs and impact of the battery technology used, and (2) because practically no where is fully renewable (without biomass use, obviously) so some pollution is generated elsewhere.

Also the cost - for now EV users are getting big subsidies to promote this, sooner or later that will have to change and EV costs will be higher than current IC figure.

Will we eventually be electric? Probably, but most likely we will have to give up on the idea of everyone having an EV car of their own due to the charging problems (grid capacity, location of charges in areas of terraced houses, etc). Most likely the future will be EV autonomous taxis.

Serverless: Should we be scared? Maybe. Is it a silly name? Possibly

Paul Crawford Silver badge

Re: how much will it cost

Not just "how much will it cost?" but also "how long will it continue to work before some numpty at the cloud/serveless/whatever provided decides to change your interface/data structures/supported APIs and break it?"

Ever had the sad misfortune to rely on any Google's forever-beta products? If so you will realise your fancy new product won't last a generation, a century, nor or strange aeons, but 1-2 years tops.

Playboy is suing Boing Boing over Imgur centrefold link

Paul Crawford Silver badge

Re: Puh-leeze...

Sir! You can search for ISBN 1452161038 if you prefer to look slightly more innocent.

Until you actually find the book, then your URL history will be mildly tainted. OK, that is "mild" compared to some of the sordid stuff that I allegedly look for...

Unfortunately my favourite purveyor of books (abebooks) seems to be throwing odd web site errors just now. Probably knows my disgusting intentions...

Europe waves through Qualcomm's NXP slurp

Paul Crawford Silver badge
Unhappy

Bad news

I suspect that many of NXP's less-profitable product lines will be culled much to the detriment of the electronics industry as a whole.

Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication

Paul Crawford Silver badge

Re: @Cuddles

Quite the opposite - I might have several gmail accounts for various different aspects of my life, I don't want to make it trivial for Google to tie them all together by the one phone number, nor to buy multiple disposable phones for 2FA. Also those accounts are of low value to me anyway.

Red Hat slams into reverse on CPU fix for Spectre design blunder

Paul Crawford Silver badge

"Thanks Redhat Intel"

Fixed it for you...