* Posts by Paul Crawford

5635 publicly visible posts • joined 15 Mar 2007

Microsoft loves Linux so much, its OneDrive web app runs like a dog on Windows OS rivals

Paul Crawford Silver badge

Re: so why not just use Dropbox?

Because they can all spy on you?

If you are going to use cloud storage then go for one of the "zero knowledge" types like Sync, SpiderOak, etc, that allow you to hold the only encryption keys for your data.

Softcat purrs as customers buy early to dodge Microsoft hikes

Paul Crawford Silver badge

In related news, sales of KY jelly reached record levels in December...

Error prone, insecure, inevitable: Say hello to today's facial recog tech

Paul Crawford Silver badge

What?

" the faces of 125 million US adults have been stored in criminal facial recognition databases"

Is my arithmetic, etc, wrong or is that about half the US adult population?

Microsoft delivers secure China-only cut of Windows 10

Paul Crawford Silver badge
Joke

Re: So...

Can we in the west get a choice of who spies on us please?

Linux-using mates gone AWOL? Netflix just added Linux support

Paul Crawford Silver badge

Re: I would expect high quality ripping to be a problem for Netflix

Lets face it, you can already get high quality rips of practically everything on the torrent sites. This is unlikely to change those dedicated pirates one bit.

But for the rest of the world it makes sense, if you can get stuff legally and without hassle its worth paying a modest amount for.

Wang, bang, thank you, mang: Acer exec off to sell PCs for Lenovo

Paul Crawford Silver badge

Good to see the crap-ware has not been forgotten by the decent press.

Maybe Lenovo could look at what users want and are willing to pay for, off the top of my head:

1) No crapware or shitty trials to clean off a new machine

2) Choice of OS perhaps? OK MS stopping Win7 ain't going to help.

3) Good screen size and resolution on laptops. None of the shitty <= 900 lines stuff.

4) Useful connector option: at least a couple of older USB-2 style, HDMI, Ethernet and maybe USB-C reversible types.

5) Some hardware switch to hard disable camera, microphone and wifi/bluetooth. Oh and status LEDs to match in a visible place (same for HDD activity and power LED - wtf were HP doing putting them on the side out of view?) so you know if on or off and don't arse around wondering what software is broken.

DNS lookups can reveal every web page you visit, says German boffin

Paul Crawford Silver badge

Re: RaspberryPi + PiHole

Configurable, surely?

Paul Crawford Silver badge

Re: How do you defeat against your own ISP recording your browsing history?

"But can you REALLY trust those VPN providers to actually have the servers located in the countries listed AND not talk to Five Eyes on the sly?"

In any absolute sense - no

But the probability that they do honour the privacy guarantee is much higher than the probability of my ISP preserving my privacy.

Also I don't really have much to fear from the "five-eyes" style of secret service spying, but I do have much to consider if I end up in some dispute with some petty local bureaucrat who can access my web history and I can't access theirs. That is the whole point - to reset that asymmetry in power that the snooper's charter provides.

Paul Crawford Silver badge

Re: How do you defeat against your own ISP recording your browsing history?

very simple: use a VPN provided from another country, ideally one without odious retention policies.

Don't use the PPTP protocol as its pants in security, ideally use OpenVPN. Then check the VPN is doing its job by visiting one of the test sites (such as ipleak.net or check.ipredator.se etc)

But as others have pointed out, using DD-WRT or similar on your router plus ad-blocking will go a long way for this particular attack. You can even buy routers pre-configured with DD-WRT and VPN in there so all of your home devices get privacy (not too cheap though).

Google Spanner in the NewSQL works?

Paul Crawford Silver badge

Re: What time is it?

Exactly, if you use NTP and lose the time server link you get drift, but if you have local stratum-1 servers (i.e. time-servers that get their time from an atomic clock either directly, or most commonly from GPS time-transfer) that simply should not happen.

Still, all that using 'time' as a marker does is reduce the window of uncertainty in any split-decision issues, its not like an atomic (computing sense) transaction counter or similar that could be used to eliminate it. After all, you will get some variation in packet delays from originator(s) to SQL-like server(s) so time is not an absolute marker for event order in this case, but if you know your worst-case error is only tens of microseconds then you can at least narrow the window of event/decision uncertainty to be resolved.

Also (back to another rant of mine) to Google time-smoothing - that is a bad idea, but only needed or possibly justified if you use time_t / UTC as your system clock. How do you guarantee drift at stable rates? Keeping all system clocks on atomic time (e.g. GPS, or TDT) avoid the leap-second issues and allows reliable syncing to an atomic-disciplined local clock.

A router with a fear of heights? Yup. It's a thing

Paul Crawford Silver badge

Re: Less air to insulate a PSU

Nope, just checked and it is IEC 61000-4-5 for lightning and industrial surges. Category 4 is 4kV / 2kA surge typically modelled with a double-exponential 8us rise time and 20us decay time.

Somewhere I remember reading that generally normal 220V/240V main is limited to around 6kV peak in any case as the wiring and sockets, etc, tend to flash over if you get more than that incoming (say farm at end of long overhead wires).

Paul Crawford Silver badge

Re: Less air to insulate a PSU

Its voltage gradient that matters, i.e. (volts)/(distance). Going from 2000m to 5000m typically involves a 48% increase in creepage and clearance distances for PCB design, etc.

Edited to add @imanidiot - its not just the operating voltage, which can easily peak to a significant fraction of 1kV in a SMPUS, but also the need to pass a 6kV lightning surge test for typical safety reasons. That is why most distances are several mm (e.g. 8mm or more) for mains clearance, etc.

Paul Crawford Silver badge

Re: Less air to insulate a PSU

Wrong, the ionisation voltage drops with pressure until you get really low (like near-vacuum) when it rises again. Its a risk for satellite HPA design, for example, as high-Q filter coils and similar with high voltages can arc wile it de-gasses, but stops once it really is a space-level of pressure. Which is why neon bulbs are at low pressure...

https://en.wikipedia.org/wiki/Paschen's_law

Also of note is the Chinese safety standards (stop laughing at the back!) specify to 5000m, not the more usual 2000m for UL.

Bloke cuffed after 'You deserve a seizure' GIF tweet gave epileptic a fit

Paul Crawford Silver badge

Re: settings-autoplay=off

There was a time, I distinctly remember it, when web browsers had simple menu options to disable autoplay and animations. Opera was very good at that sort of nicety.

Until the went as a chrome re-skin, of course. And Mozilla decided to chase Google in the "lets dumb down the browser" competition.

An under-appreciated threat to your privacy: Security software

Paul Crawford Silver badge

Pays your money, places your trust...

Same for many aspects of security & privacy, a lot comes down to who you can place some trust in to help keep your own stuff safe.

When using a VPN then do you trust the provider more than your ISP? Maybe, depends on your ISP and gov of course. More than "free wif-fi"? Almost certainly if its a half-decent paid provider. But in every case you would still use an encrypted link like https or SSH, wouldn't you?

When using any AV or end-point service capable of seeing inside your network and gathering data with admin privileges? It a much higher bar to meet, you really have to trust them to:

1) Not screw up and bork the OS

2) Actually stop malicious actors with a high probability

3) Not to leak your secrets deliberately or through incompetence

Intel touts bug bounties to hardware hackers

Paul Crawford Silver badge
Joke

"Intel Security (McAfee) products are not in-scope of the Intel bug bounty program"

Why the surprise? Probably would have bankrupted them...

Canonical preps security lifeboat, yells: Ubuntu 12.04 hold-outs, get in

Paul Crawford Silver badge

Re: On the plus side

They only support version to version, or LTS to LTS, so you can't skip one.

So 12.04 -> 14.04 works, but not 12.04 -> 16.04

Or 12.10 -> 13.04 but not 12.10 -> 13.10

Paul Crawford Silver badge

Re: On the plus side

The distro-upgrade usually only works if you have a fairly simple mount arrangement, I have tried it and sometimes it works a charm, other time it failed miserably on machines with odd mounting setups and/or MD RAID in use.

My advice is always put /home on a separate partition, and if you have the space leave a blank ~50GB one as well. Next distro comes along, install it in the unused partition, and once working edit its /etc/fstab file to mount your old /home partition again.

Once happy, you can overwrite your old root partition when yet another new distro is available.

Paul Crawford Silver badge

Re: Same old story

16.04 is the obvious way to go...but it has stupid systemd-related problems that are still not fixed "out of the box" a year on. Such as:

NTP failing because ntpdate is taking longer https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1577596

Shut-down/reboot scripts hanging for ~1m30 https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1594658

Stuff added in /etc/modules being ignored because its in a blacklist (e.g. watchdog drivers) which is fscking stupid - blacklisting is supposed to only apply to auto-detected modules. https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1535840

Zombie webcams? Pah! It's the really BIG 'Things' that scare me

Paul Crawford Silver badge

Re: @ Solarflare

Ah, so that is where all those Martian packets are coming from...

Paul Crawford Silver badge

Access Denied

Thing is there is ABSOLUTELY no reason for any SCADA-style system EVER being visible on the Internet. It should be behind firewall and VPN like access, and with some 2FA system as well.

Sadly the most productive way of dealing with this risk is to make the bosses of companies liable for any serious failings, and more over to have some system in place where finding a SCADA system gets both the company fined AND the finder rewarded from that money, no questions asked.

Guess how many SCADA systems would still be visible a month after that law came in to play?

Apple accused of counter-revolutionary pricing in Russia

Paul Crawford Silver badge

In soviet Russia the price fixes you.

Germany to Facebook, Twitter: We are *this* close to fining you €50m unless you delete fake news within 24 hours

Paul Crawford Silver badge

Facebook share/like

..is the problem. Most crap on facebook that resulted in me deleting my old profile (used mostly to share photos of hill walking trips, etc) was not written by any of the "friend list" individuals, but it was re-posted by the share or like options. In fact very little original materiel, only maybe the day's bowel movement times, was written by many of them.

That is why crap spreads so fast: most of the asshats on FB don't bother to check what it is, who posted it, or what it might result in. I know one guy who was 'liking' posted by the UK's far-right Britain First mob, when I pointed this out he was surprised and apologised for spreading it. Then about a month later back to his asshattery by re-posting stuff without checking or thinking...

Time crystals really do exist, say physicists*

Paul Crawford Silver badge

Re: How many Time Crystals are required...

Sorry, I don't have enough time to compute that just now.

Intel swallows Tesla-hating self-driving car biz Mobileye for $15bn

Paul Crawford Silver badge

Yes, and Intel's acquisition of McAfee has brought so much to the world of PC security...

Facebook, Instagram: No, you can't auto-slurp our profiles (cough, cough, border officials)

Paul Crawford Silver badge

"But the public stance by Facebook is a welcome one in increasingly worrying times for those concerned about internet privacy, or the lack of it."

Would any of those users be on Facebook in the first place?

MAC randomization: A massive failure that leaves iPhones, Android mobes open to tracking

Paul Crawford Silver badge

Good point. If you do the birthday problem approximation for 16.8M address you get 1% probability of a clash at 579 addresses. That is still big by most single-point wi-fi coverage regions.

Paul Crawford Silver badge

Its a physical layer thing - how many wifi spots can see anything even approaching 16M devices to worry about collisions?

Public IPv4 drought: Verizon Wireless to stop handing out static addys

Paul Crawford Silver badge

So you get this static IPv6 address for your web server, OK.

Now how do customers in many places that have ISPs only offering IPv4 talk to you?

Brit ISP TalkTalk blocks control tool TeamViewer

Paul Crawford Silver badge

And without even emailing their own customers in advance to keep them informed...how hard would that have been?

FBI boss: 'Memories are not absolutely private in America'

Paul Crawford Silver badge

@Adam 52

You have a good point that there are various options, but none are scalable for tens of millions of devices sold to the public and not managed by some competent trusted IT group.

However, one approach that would answer some of the criticism is to make the cryptographic key stored in the chips in such a way that you could gain physical access by grinding down the package and using a scanning electron microscope to read it. The advantages of this approach are:

1) You need physical access, so its not a remote hack that anyone can pull off. Thus there is no master key to be leaked or shared with undesirables[*].

2) It is expensive and destructive, so you need a good targeted reason to use it. That puts it beyond trawling for evidence, and out of the reach of common criminals.

3) The customers of said phones, etc, largely have put faith in not losing the device, and if lost, it is not in the hands of a highly resourced thief, rather than a company that might be pressured to share master keys with practically every government and police organisation in the world.

[*] undesirables may vary, check your country and current political climate for the recent list.

Paul Crawford Silver badge

"Top of the list was nation state hackers, he said, followed closely by international professional hacking groups that worked for money"

This is probably quite true, and he deserves some credit for putting terrorists at the bottom of the list on the reasonable grounds they have not (yet) achieved very much in 'cyberspace' actions.

But those top two in particular would make mincemeat of any backdoor or key escrow system and he really needs to get that point. Corporate/organisation-wide master keys simply don't scale to the government's desire because (a) nobody trusts them now, and (b) it would make everyone's device less secure when its found, not just a few hundred in any one department.

Defending the USA (or any other country's own) government and businesses interests means you need strong security, properly applied. Yes, it might make catching the odd smart criminal a touch harder, but it leads to less crime overall.

Kodi-pocalypse Now? Actually, it's not quite here yet

Paul Crawford Silver badge

Re: As an example of availability problems

This is a key problem (they "you must pay a subscription"), as well as the "not available on your device / in your region" issue. Many surveys of pirate content consumer find two common threads:

1) Most believe that creators deserve some reward.

2) Most cite access restrictions as a reason for torrenting, etc.

While its hard to say Spotify or YouTube provide a decent or fair reward to artists, the appearance of such services has dramatically reduced music piracy. Same would go for movies if you could get them hassle-free and not dependant on where you live. But that geographical licence mind-set is so ingrained it is not moving as yet, just look how streaming services block paying customers using VPNs to avoid geoblocking!

CIA hacking dossier leak reignites debate over vulnerability disclosure

Paul Crawford Silver badge

"Weaponizing everyday products such as TVs and smartphones – and failing to disclose vulnerabilities to manufacturers – is dangerous and short-sighted"

And sadly even if said vulnerabilities are disclosed, many supplies will do SFW about it :(

MS get beaten up over taking 90+days to patch (and rightly so given their size and budget) but they are one of the better players around!

Windows Server ported to Qualcomm's ARM server chip. Repeat, Windows Server ported to ARM server chip

Paul Crawford Silver badge
Trollface

Re: Famous last words

Up-vote for some quality trolling. But you forgot to mention Windows RT... :)

Still, it is a jolly good thing to have diversity in CPU use (as for OS) as it tends to result in more portable future-proof code, reveals bugs quicker, and makes run-everywhere exploits a touch harder. And that is before we get in to the obvious benefits of a genuinely competitive market on price and service!

Even if MS develop the ARM server market primarily for their own cloudy usage, everyone benefits.

Paul Crawford Silver badge

Open BIOS?

Will this mean we can get a server with a genuinely open BIOS so we have a bit more trust?

OK, it is obviously possible for the chips themselves to run opaque and suspect code (*cough* Intel SMM *cough*) but having some insight and control over the boot process would help a lot.

Look who's bailed out internet-satellite provider Intelsat? It's... Softbank?

Paul Crawford Silver badge

WTF?

"connected cars ... latency requirements that are beyond satellite"

Does anyone else in the world think that a car that can't cope with slow on non-existent networking should NEVER be allowed on the road in the first place?

Success in the bedroom breeds success in the boardroom – research

Paul Crawford Silver badge
Gimp

Then use some grinding paste instead of lube

Paul Crawford Silver badge
Joke

Re: So about prostitutes...

Other way round, if they have a quiet night of answering polite emails and drinking coffee with co-workers...

Paul Crawford Silver badge

As Woody Allen once remarked - at least it is with someone you love!

Redmond's on fire, your 365 is terrified: Microsoft email outage en masse

Paul Crawford Silver badge

IMAP access to MS-provided email is still Ok in my backwater of the UK.

Paul Crawford Silver badge

We will update this article when its spokespeople spokeslizard get back to us.

Fixed it for you...

That big scary 1.4bn leak was 100s of millions of email, postal addresses

Paul Crawford Silver badge

"Bounce from SPF? That's new one for me. SPF as specified is meant specifically to suppress impersonation of sender."

True, but if you are impersonating someone you probably are a spammer. So a bounce to tell anyone of mis-configured system that is being spam-filter blocked is useful.

Shopping for PCs? Ding, dong, the Dock is dead in 2017's new models

Paul Crawford Silver badge

Re: So just like Apple then!

Unlike Apple they have not dumped USB-2 or HDMI.

Yet.

RadioShack bankruptcy savior to file for, you guessed it, bankruptcy

Paul Crawford Silver badge

Re: Solder Repellant

I remember visiting London in the 80s when Edgeware Road (and nearby) had so many electronic shops, some dating back to the 30's (with knowledgeable staff that looked as if they also served then). Remember there was even one shop (Samson?) that specialised in transformers of all sorts of sizes, shapes and use.

Last time I wandered down there it was all gone :(

Sir Tim Berners-Lee refuses to be King Canute, approves DRM as Web standard

Paul Crawford Silver badge

Re: And will this DRM realise its been run in a VM and is a chocolate teapot?

"They don't work with 4K discs because they use HDCP 2.0, which uses different keys and IINM forbids the use of splitters."

And yet this device offers HRDCP 2.2 splitting:

https://www.hdfury.com/shop/splitters/integral-4k60-444-600mhz/

(Cheaper than replacing an older 4K TV that lacks 2.2)

Paul Crawford Silver badge

Re: And will this DRM realise its been run in a VM and is a chocolate teapot?

Companies like RedFox sell bluray ripping software. Not tried it as I don't have any need for it, but it seems the goal of DRM there has been comprehensibly broken. No mention of 4k capabilities though.

Sadly windows only.

Edited to add, here is a link about 4k ripping from Nov 2015:

https://torrentfreak.com/pirates-can-now-rip-4k-content-from-netflix-and-amazon-151127/

Paul Crawford Silver badge

Re: DRM means you don't own your content

Funny how my books and artwork just keeps "working" even when the seller has gone.

Why should digital be any different?

Paul Crawford Silver badge
Trollface

Which is why piracy is important, to keep the sellers honest

Paul Crawford Silver badge

Re: And will this DRM realise its been run in a VM and is a chocolate teapot?

And yet most bluray/4k stuff appears on torrent site in no time.

That is the thing about DRM, generally it serves to piss of honest consumers and does not stop anyone really wanting to pirate.