Posts by Paul Crawford

Re: I wonder...

Do the mic jack plugs physically unplug the built-in mic? If so you could simply plug in a shorted connector.

Re: The Trump Effect?

Sorry but you have made a school-boy error: you have assumes that the Americans you know, who probably are from the educated and outward-looking section who deal with people outside the USA as colleagues, will suddenly change as if infected by some zombie virus.

They won't. But that is the tragedy of the whole situation, and that mirrors the same thing in places like Egypt, Iraq, etc, is you will find the majority of people are decent folk simply trying to get on with their lives. The problem with Trump or any other extremist character is it brings the nutters out of the woodwork, folk who are doggy already but not shown their true stupidity until called. Those are the ones to worry about.

Re: It does look like the companies development and distribution servers have been compromised

Don't worry, it will soon be in systemd as well.

Re: "CMOS" as a sample test query?

I always use "Soapy Frogs"

Re: Do the linkin scrape

"...about Facebook, I find that 100x more useful than Linkedin. It serves no purpose for me whatsoever."

So basically 100 * 0 = 0 still?

Sounds about right.

Re: Typical ex-"anything"

I think the current head of MI5 is saying nothing because (1) it is part of the job, and (2) because its not good to upset your paymasters even if they are complete morons.

Re: @Slay

"run proper Office, not the macro-shy Mac versions"

You mean the version that offers all those extra security holes for free?

Great isn’t it that MS can't make their flagship cash-cow run consistently on a non-86-Windows platform?

Re: I'm working on Bitcrone

Why not use the set-up Wizard to help you?

Re: So for personal backup...

Just as Lee D said: Get yourself a small NAS for fast local backup (some sort of RAID for reliability, and and ideally one that has regular snapshots in case of crypto malware, like FreeNAS supports) and then have some way of making an off-site copy for a major disaster.

That could be encrypted copy synced to some cloud provider, or the odd external HDD kept away from home. One nice thing about having file system snapshots is you can sync a consistent copy from a snapshot over long time periods even while new data is being written to the NAS.

Re: "Should have gone to System76"

UK options for Linux machines are Entroware (www.entroware.com - offer Ubuntu /MATE, for example, pre-installed) and Novatech (www.novatech.co.uk - offer OS-free laptops).

I have a Casio Waveceptor watch, it has solar charging, sets the time from LW transmissions and is waterproof to several metres depth, all for around the £100 mark. Had it now for over 5 years and no battery change needed, and never run out of power to tell the time accurately. Sure I can dig my phone out but a wristwatch is far more convenient.

Now if someone could add a useful smart feature and keep that sort of power budget they would have something worth buying.

Re: Blind support

Please! It is "innocent unless proven guilty", you should not presume that an arrest will automatically lead to conviction as that is (or should be) the jury's decision.

Of course, there is no such thing as absolute security (indeed pretty much no "absolute" anything, except perhaps vodka).

So running your own VPN server, or the option to use a VPN service provider, comes down to stacking the odds in your favour against whatever bogeyman you worry about. I think it is pretty much true that if you have the likes of GCHQ/NSA/FSB seriously targeting you then those odds are pretty poor, but that is not the vast majority of people and not the reason that many would want a VPN service.

Take the UK for example, the odious 'snooper's charter' now means you whole internet history is recorded by your ISP and accessible to practically any petty bureaucrat for practically any reason. In the USA we have various ISPs injecting adverts and doing the same for commercial reasons. Use any half-decent VPN provider and that goes away, even if the three-letter agencies can snoop on you, they are hardly likely to tell anyone unless you are a really high-value target because that snooping ability would be more valuable information than most of what they snoop. Finally, you ought to be using end-to-end security as well, so https at least for web sites, and SSH remote log-in to any machines, etc, because you still can't totally trust a 3rd party VPN provider.

Rolling your own VPN server gets round that aspect, but has the disadvantages that (1) a 3rd party host can compromise the machine, and (2) you don't get the anonymity benefit of sharing a few IP addresses with hundreds/thousands of other users, (3) you can't choose a country-of-exit for geoblocked services, and finally (4) generally costs more.

At a guess of 10M customers and £6B & £7 / month its about 7 years.

Other guesses are available...

I could hardly contain my excrement

Re: "We always toe the line with other nations' laws"

"Governments will moan and complain and bleat, but be unable to act due to public opinion concerns"

Is that not the idea behind democracy?

Re: This is why you want anonymous payments

You mean like cash?

Re: "Only three percent of commentards talk bollocks"

"that leaves you with at least tens of thousands of drug dealers, pedophiles, and so on, using the service specifically for criminal purposes"

As they also use cars, roads, postal services, PCs, KY jelly, bread, etc. Same argument for security testing tools: some are used by hackers for criminal ends, others by site admins to check their own defences.

"stopping posting their shit to Facebook"

Last time I looked, Facebook is still almost complete shit so I don't think that has changed...

Re: Hash browns... or fried potatoes

Agree with hash browns or fried potatoes, but bread should be toast on the side, with real butter (spread while hot) and a decent chunky marmalade.

Re: This is worse than backdoors into encryption

This is something different. Access to the whole device and, therefore, the plaintext it sends/receives via any encryption product as well as contacts, call logs, calendar, porno apps, etc. Essentially it's a rootkit.

That is true, but equally as such it taints any evidence. Will be interesting to see how evidence gathered this way is challenged in court, and if the courts will side with any prosecution call to have the collection methods withheld from the defence team.

The way this reads, they're expecting to find a welcome mat on my phone. On your phone. On everybody's phone.

You mean they expect the current level of "push this shit software out now" development skill to continue?

If they can't already put it on any phone they want to then expect legislation to mandate manufacturers to pre-install it.

That comes down to how much, for example, a non-USA government can influence Apple or Google for phones, or Apple/MS for desktops. With fully open source systems they can't put it in without it being available to world+dog, and their methods disclosed, so its really not going to work. Sure they can try to outlaw free software and try to impose such things on imports, but only the likes of China can succeed as the population are used to such behaviour and the market big enough (and most hardware built there) to allow others to do the dirty work. The rest of the would is going to have a bigger fight as it comes down to either the USA going against its constitution and forcing multi-billion dollar companies to commit commercial suicide first, or other countries trying to get it imposed on imports with the inevitable kick-back.

Where as exploiting crap software is a tried and trusted method that we have seen used by criminals and spies for decades, so what is going to make suppliers try harder now?

Re: "Making the pirate experience less fun is part of the strategy."

"Name an enforcement strategy you could live with"

Steam for games seems to work: not too intrusive, not limited to very small subset of PC/consoles/etc due to dumb DRM hardware restrictions on what monitor you can use, etc. Basically you pay your fee and can play on a mates machine or whatever you want by means of your account sign-in (and out of elsewhere of course). Why can't anyone just pay a fee of £1-2 or whatever and see any GoT episode they want? Oh yes, geo-restrictions, channel bundling...

Nothing will stop the most determined pirate, but there comes a point when the effort/legitimate-user-pain to stop rips appearing is more than many otherwise honest people will put up with.

Re: AE1B

"what could possibly go wrong?"

You did not have a tested working & encrypted off-site backup?

Same here, Python is really handy for many tasks that otherwise would mean something like MATLAB or worse.

"If you can do C well then even Assembly comes fairly naturally" may be true, but even truer is that C is really a universal assembler - there are very VERY few cases when assembly is justified, and even in those cases the fact that it can be in-lined in many C compiler's extensions is good.

Re: Reaping what you (don't) sow.

It is not just the down-time of a reboot, as at least that can be scheduled, but you have the cost of some fault causing failure as well. Proper redundancy in the hardware/software should allow a painless continuity for both planned and unplanned events.

Re: Possible deadly flaw - compromised software

"1) Encryption is compromised in some form at the moment.

2) The head of GHCQ was both incompetent and poorly briefed."

I doubt it, far more likely are:

3) Metadata on who is talking is more valuable for threat detection

4) Compromising most phones/PCs is easy as piss for them (just look how well WannCrypt spread, etc, using an exploit their mates at the NSA were hoarding) and yields the plain text with ease

Re: Moxie Marlinspike, what a noob

"the Signal protocol doesn't pad and obfuscate traffic allowing attachment stripping."

Sure we all want each text message to be a minimum of 2MB so we can hide images occasionally...

Re: UK space launches

"The Minister of State for Trade and Industry, Frederick Corfield, announced the cancellation of the Black Arrow project in the House of Commons on 29 July 1971", the UK joined the EC (later the EU) in 1973

As for heavy industry, all gone to CHEAPER countries. Same in the USA and most of Europe. How do you get that back without slashing worker pay and conditions to 3rd world levels to gain a foothold in that area again?

WTF are you on, maybe you should check your facts first.

Re: You said it, man.

Not even Mary Magdalene?

Re: Trump is a Troll.

"And its under threat from politicisation. Net neutrality"

Eh? How, exactly, is net neutrality a threat to the internet?

A threat to ISP profits perhaps, but hardly a threat to the functioning of the internet. Quite the reverse really.

Re: "Let me introduce the Sex Gauge"

Well El Reg already has already invented the "kilowrist" as a unit of bandwidth:

https://www.theregister.co.uk/2008/11/12/arizona_boffins_grasp_fat_pipes/