* Posts by Paul Crawford

5636 publicly visible posts • joined 15 Mar 2007

Bundling ZFS and Linux is impossible says Richard Stallman

Paul Crawford Silver badge
Joke

Re: ReiserFS...

"I hear it murders wives and gets caught"

Neither of which are good traits in a file system developer...

Paul Crawford Silver badge

Re: Simpler solution.

AFIK Oracle was the major contributor to BTRFS for Linux, but that stopped when it bought Sun and inherited ZFS in the process.

Interesting point though, is the effort of brining BTRFS to match ZFS bigger or smaller than finding a way round the license terms?

Paul Crawford Silver badge

Open/Closed

Odd really. A lot of folk accept, and Linux distros offer, closed-source drivers for video and similar. Not a GPL violation it seems.

Where as ZFS is open-source and you can also modify it, hence in terms of the overall goals of GPL, a much better fit. But not compatible because? Because?

I'm guessing its something to do with linking in the kernel rather than loading a driver, but it seems a little odd and almost one of those religious-wars type of reasons (you know Catholic/Protestant, Sunni/Shia, little-end/big-end, etc)

Aluminum-wrapped robbers fail to foil bank

Paul Crawford Silver badge
Joke

Re: Hmm...

Silver opportunity, surely?

[Yes, really aluminium, but you know the colour most commonly associated with uniform-spectrum metallic reflections]

Anonymised search engine page found on 'kid-friendly' search site

Paul Crawford Silver badge

Depending on the time-scale w.r.t. pr0n then "de-pubified" is probably most accurate.

FBI, Apple continue cat-and-mouse game over iPhones in New York

Paul Crawford Silver badge

Re: Pretty weak position for the FBI here

My proposed solution to both the "lawful examination" request and the "dead relatives' phone" problem is to make the key readable by physical means: by desoldering a chip, grinding off its top and scanning the silicon with an electron microscope to read the bits back.

That way its not usable remotely, quickly, or cheaply. Just like old-school investigations that time & cost would focus its use to cases that really matter, and would not be viable for mass surveillance, fishing extraditions, etc.

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

Paul Crawford Silver badge

Re: "lower bumfuckistan"

Have an up-vote for that alone!

Microsoft hopes to shine light on shadow IT

Paul Crawford Silver badge

Yes, when I read "...Cloud App Security is to cover off the data loss danger..." I immediately thought "physician heal thyself".

Power9: Google gives Intel a chip-flip migraine, IBM tries to lures big biz

Paul Crawford Silver badge
Trollface

Intel worries?

No problems, after all in this post-x86 world there is always the Itanium.

Bring on the goats! Apple's cloud failure demands further sacrifice

Paul Crawford Silver badge

Re: Do they?

Surely you encrypt before storing it remotely?

Certainly things like reliability and backups are dependent on the service they make/buy, but again, if possible it would be better to duplicate on two providers so if one goes TITSUP and/or hikes the price too much, you keep the other and migrate to a new "2nd copy" for the next contract negotiation round.

Paul Crawford Silver badge

Do they?

Do they actually need to build out the cloud infrastructure?

What about putting an abstraction layer on other cloud services so they can use whoever is cheaper and/or actually working at any given time? After all, the key selling point is supposed to be "computing/storage" as a commodity, just like power or the ISP networking, and its the data that is precious and needs protection (encryption + backing up) and management?

Done making the big stuff better? The path to Apple's mid-life crisis

Paul Crawford Silver badge

Re: RE:"currently no clear, easily marketable, crying need in mass-market consumer electronics"

Indeed, that is an irritation for many.

However, more penitent is the fact there often never is "no clear, easily marketable, crying need in mass-market consumer electronics" because world+dog would have filled it. What Apple did that made it such a money-spinner was either:

1) Make something that already was well known, like a "PC", but make it suck less than others that were available at the time (i.e. Windows, with all its AV needs and infestations that were the home user's experience).

2) Imagine something a little different that no one in the tech world thought would sell big-time. Such as the iPad that partly dealt with (1) but was too simple for most technical designers to see the big use for it.

The watch is not such a game-changer. Maybe a TV/PC home entertainment centre convergence that "just worked" and did not have shitty on-screen controls, partly-supported features that get pulled a year or two one, and inconstancies from TV, to streaming, to music, to recording/time-shift, etc, would allow them to mark it up and thus get the big profits they know and love? Who knows...

Adblock wins in court again – this time against German newspaper

Paul Crawford Silver badge

Oh dear, how sad, never mind!

The alternative, that of not having intrusive ads with sound or video, or grabbing focus, etc, has never occurred to them?

Really, they get what they deserve for that. True, they do deserve some finical support for publishing, but not by throwing crap (and potential infection vectors) all over my screen.

Ransomware scum sling PowerShell, Word macro nasty at healthcare biz

Paul Crawford Silver badge

1) Macros were a stupid idea, at least, the idea they could do anything in any way to overwrite or run an executable program, script, etc.

2) Backups.

Really, while getting your machine shafted by a cryptovirus sucks donkey balls big-time, what were your plans for the day your HDD/SSD dies, machine is stolen, or PSU goes on a last bender and takes out several disks in your RAID set?

Spanish launch heroic bid to seize Brit polar vessel

Paul Crawford Silver badge

Re: Not to give offence

Can I sail on Boat69?

Paul Crawford Silver badge
Gimp

Re: The lesson from this story is don't ask the public

It was a mean thing to say.

OK, my deviations are far from standard...

William Hague: Brussels attacks mean we must destroy crypto ASAP

Paul Crawford Silver badge

Re: Dear William Hague

He is a politician, probably both.

Amazon WorkSpaces two years on: Are we ready for cloud-hosted Windows desktops?

Paul Crawford Silver badge

stringent limitations...Windows 7 in a virtual environment

But not on w2k or XP, so I don't feel bad about keeping all my legacy Windows software going for ever more on that.

Security? Well, they ain't on the Internet or used for web/email access...

X-ray scanners, CCTV cams, hefty machinery ... let's play: VNC Roulette!

Paul Crawford Silver badge

Re: NX is getting there but only recently

What, you mean to say administering a *NIX system over an SSH command terminal is new?

Or maybe using ssh -X to allow running an X-windows program’s GUI on your local machine tunnelled over a secured link is also "recent"?

Mud sticks: Microsoft, Windows 10 and reputational damage

Paul Crawford Silver badge

Re: USB to serial converters

I was pleasantly surprised a couple of weeks ago when I tried attaching a USB to RS232 converter to my laptop and all I had to do to make my serial code work we tell it to open /dev/ttyUSB0 instead of /dev/ttyS0. My decade-old code is hard coded for ttyS0 or S1, so I created a symbolic link of that name to the USB device as a temporary work-around until I fix that in a more elegant way. I believe it was using the FTDI chip, but don't know who made the overall converter, and laptop is running Ubuntu 14.04

Back to Andrew's article: sure Windows 10 has a poor reputation but its not just the user interface. That may not be great, but as others have pointed out, its the creepy nature of the telemetry and forced updates that really make me advise against it to anyone who will listen. A shame really as lower down the Windows kernel, etc, has useful improvements.

For Windows-only software that I need (e.g. some CAD stuff) I used VMs and don't have to worry about the "hardware" changing and Windows complaining of activation, etc.

Met police commissioner: Fraud victims should not be refunded by banks

Paul Crawford Silver badge

Indeed, can you imagine the first court case when a suitably clued-up litigant gets the judge's approval for a full and public audit of the banks systems. You know, including those banks still on XP and IE6 because they have internal stuff that demands it?

And the same for Government offices who request you pay on-line to them, will they want to be held to the same standard of public auditing?

You can be damn sure the banks have considered the cost of liability and the cost of mitigating it (and loss of business if folk just stop using on-line payments, etc) and have come to the conclusion the current arrangement is the least-worst option.

It's nuts but 'shared' is still shorthand for 'worthless'

Paul Crawford Silver badge

Re: Cheating

It is also very difficult to assess. Did they find out something useful and apply it, or pay for a "mechanical Turk" to do the work they just submitted?

And as others have pointed out, without a basic grasp of roughly what to expect the solution to be, how can you filter the 99.9% of crap found by Google and sanity-check the data in/out the produced it?

Yahoo! kills! more! passwords! with! push! notification! app!

Paul Crawford Silver badge

Use a POP client like Thunderbird, they don't seem to have problems with passwords for that. It also allows a "unified folders" view which is handy when your spam messages come from several accounts.

Paul Crawford Silver badge

Re: "Yahoo! has long been on a mission to kill passwords!"

Odd thing is, they only do the for the webmail interface. I have a yahoo account for spammy stuff and access it via POP, no problems with changing geographic log-ins, etc, for years now.

Same password as the web interface. Same security problems of a password being stolen or brute-forced. Go figure...

Clear April 12: Windows, Samba to splat curious 'crucial' Badlock bug

Paul Crawford Silver badge

Lets face it, most of said SMB equipment would be a strong and resilient as a wet paper bag if you expose the network to world+dog, samba patch or not.

I'm guessing this is more of a risk in small businesses if a malicious actor can get a machine attached (or p0wn one via email, etc). Nobody should have a network share visiable to world+dog and big organisations/companies will have network switches set up to reject unknown machines being attached internally. I hope?

Comms 'redlining' in Brussels as explosions kill up to 30 people

Paul Crawford Silver badge

Re: boltar

CCTV, APRN, etc. Do you think anyone going to blow themselves up cares about detection *after* the event?

As you seem to have not noticed, the blew up the airport *outside* of the security checks where folk were waiting. How far back do you want those checks? Its turtles all the way down...

Reposting 8-second sports clips infringes copyright

Paul Crawford Silver badge

Pro tip - if it has wheels is probably not a horse.

Champagne supernova in the sky: Shockwaves seen breaking star

Paul Crawford Silver badge

Re: Supernova Fusion

I think (but may be wrong) that stars normal fusion process can create atoms up to iron, above that and fusion is not generating energy so the star's fusion engine stalls and collapses. That final supernova burst is what powers the creation of heavier atoms (and, of course, releases all of the stuff above hydrogen/helium that we need to exist out in to space so eventually planets form, life arises, porn is created, etc...).

Cloud security harder than 'encrypt everything'

Paul Crawford Silver badge

Site white lists?

"The problem here is that an attacker's site can also use SSL/TLS, and if it's a user (who clicks on a phishing link, for example)"

I'm guessing most businesses only really deal with a modest number of sites with ligitimate reason from the corporate LAN (as opposed to the separate guest/coffee break wifi, which of course they have on a separate network). So they could have a system where access to a site has to be requested first by the user (with various checks) to add it to the white-list. That way most phishing links would fail and most malware C&C would be blocked.

Unless the users was really, really dumb of course and determined to access some random site.

So where has the legal 'right' to 10Mbps broadband gone?

Paul Crawford Silver badge

I agree with you on the point that rail upgrades all bring major benefits, but I'm unconvinced that £50bn on the HS2 is the best way to spend that pot of money on the UK's rail infrastructure.

What to call a £200m 15,000-tonne polar vessel – how about Boaty McBoatface?

Paul Crawford Silver badge
Linux

Good Ship Venus

It simply has to be, as the penguins has missed out on that nautical fun for too long.

Twitter at ten: The social network designed for 2006 struggles into a second decade

Paul Crawford Silver badge

Expenses?

Can someone explain how they can have "US$2.2billion of revenue" and be losing money?

To my simple view that would pay for a hell of a lot of serves/bandwidth and a decent number of staff to look after it. So where did the money all go?

Facebook, WhatsApp farewell BlackBerry

Paul Crawford Silver badge

More worring

"they don't offer the kind of capabilities we need to expand our app's features in the future"

To me this suggests WhatsApp is going to start shit advert-slinging soon.

Otherwise what do they need to add? It already does chat and photos/video sending, plus group support to help arrange parties, etc. It is all I want in an IM app and I really don't want any other "features" to track me or serve up shit adverts.

Feds raid 'extortionist' IT security biz Tiversa, CEO put on leave

Paul Crawford Silver badge

Re: I'm wondering how the FBI made its selection

"Find one of the inevitable vulnerabilities and extort money from either the vendor or the vendor's clients."

Maybe the FBI chose to investigate them because they did not find one of the inevitable vulnerabilities, but still chose to pressure for paid services?

Microsoft will rest its jackboot on Windows 7, 8.1's throat on new Intel CPUs in 2018 – not 2017

Paul Crawford Silver badge

Re: Use the Disc?

How many laptops and, indeed, desktops still ship with a DVD drive?

Also will Widows just bork half way through the installation if it discovered it can't switch from BIOS/UEFI loading from the disk to native hardware access because it lacks some driver support?

Get ready to patch Git servers, clients – nasty-looking bugs surface

Paul Crawford Silver badge

Fuzzing tools - throw all sorts of sh*t at the program until it breaks then take a look at what the breakage reveals.

Steve Jobs, MS Office, Israel, and a basic feature Microsoft took 13 years to install

Paul Crawford Silver badge

Lets face it MS should have spent the last 15+ years fixing the damned thing (and not supporting main stream languages like Arabic and Hebrew is a bug to me, not a "feature request"). What did they do? Piss around with the the ribbon, and generally make most versions shittier than before.

Only recently I found that equations pasted from Windows version of Word to Powerpoint won't work on Mac Powerpoint. And MS fans bitch about LibreOffice not being "compatible", etc?

A pox on them all! May the fleas of a thousand camels infest their groins!

Brits shun nightclubs and CD-ROMs for lemons, coffee and woman’s leggings

Paul Crawford Silver badge

I found I got a better sound out of the drill, but that is just be. not so much "musically challenged" as musically defeated.

TLS isn't up to the job without better credential protection, says RFC

Paul Crawford Silver badge

IP then domain authentication?

Given the privacy implications of ISPs storing domain names, and some servers front many domains so you usually can't get away with the IP number alone, what about having two layers?

The first is a certificate, etc, for the numeric IP address so you know the URL will be secured, and the second is the same sort of thing for the URL to authenticate that the domain name matches. That way all a snooping ISP can see is the numeric request, such as 104.20.24.212, and nothing more personal such as www.theregister.co.uk

Assuming El Reg gets round to security at some point...

Here's what an Intel Broadwell Xeon with a built-in FPGA looks like

Paul Crawford Silver badge

Re: One thing I don't understand is, why?

"That's partly because embedded hardware designers have no clue whatsoever about programming languages."

I don't think so. It seems to be down to (usually) having only one choice of tool, that blessed by the FPGA supplier, and they have little incentive to do any better. I really hope you are right and programmable hardware accelerators become popular enough to have multiple vendors competing to supply the tools, but I double it will come soon.

Paul Crawford Silver badge

Re: One thing I don't understand is, why?

As someone else pointed out, for things like software-defined radio where you need lots of small integer-like operations performed essentially in parallel to process the signal as it is shifted in frequency and sample-rate. Those steps can be implemented in dedicated chips, but there are only few of them off the shelf and often not quite what you wanted. So being able to push the "simple but massively parallel" tasks to FPGA and keep the "complex but slow" stuff on the CPU makes sense.

Except that programming tools for FPGAs suck donkey balls big-time. Really, you think that developing for C is a pain, just try VHDL with tools that lack any sort of usable context-sensitive help for the vast number of uber-pedantic problems you will encounter. And weep....

Shock: Russian court says Russian court is right in slapping down Google monopoly

Paul Crawford Silver badge

Much as I hate to say...

...the Russians have a point. Almost exactly the same point as the past MS anti-trust investigators found with the bundling of IE and similar on Windows to leverage the near-monopoly that MS had with OEM deals for Windows at a "competitive price" on the hardware.

Of course the US investigation folded before anything useful was done (you know, like breaking MS in to separate OS & apps companies to compete openly, a la MySQL now...) and the EU took ages to pick that up and it was all to little and too late.

Will Russia have enough clout to force Android licensing and app compatibility to be free of Google's slurping? OK Yandex slurping maybe not be much better, but choice is kind of a good thing.

Polite, helpful? Stop it at once in the name of security

Paul Crawford Silver badge
Trollface

Re: Security helpful...?

"ask yourself whether you'd break down the door of your secure data store to rescue the guy inside in the event of a fire"

Depends, did you set the fire?

Hey Windows 10, weren't you supposed to help PC sales?

Paul Crawford Silver badge

Re: Improve PC Specs

Or maybe some laptops with better displays for other than DVD watching, you know like Google pixel, etc?

Paul Crawford Silver badge

Re: My next machine will be a desktop.

But more, much more than that, you can have a screen that is better that "HD", or the sub-HD pish the push for most laptops under £500 or so, and more like the resolution a good CRTs could manage around y2k

Facebook can block folks using pseudonyms in Germany – court

Paul Crawford Silver badge

Re: why the difference in how they're treated?

Oh let me guess - because it involves real property and real money?

Or because your bank is not going to post/share your details pretty much publicly with stalkers, ex's, and friends-of-friends you would not wish to ever meet again?

How the FBI will lose its iPhone fight, thanks to 'West Coast Law'

Paul Crawford Silver badge

Re: "Law can't defy science."

The UK tried "evidence based policy" on the risks of drugs in society but found it did not tell them what they wanted (or more accurately, what the tabloid papers were pushing). Dr David Nutt was in charge and knows his stuff (you know, life time of research, etc), but that counted for nothing ultimately:

https://en.wikipedia.org/wiki/David_Nutt#Dismissal

Google gives ringing endorsement to US VPN providers with 'right to be forgotten' expansion

Paul Crawford Silver badge

Better solution?

The original complaint was if you searched for a given person's name, the page it found was for some sort old page showing court action of many years previously. Why can't google deal with this personal privacy by using an algorithm that simply limits the time of a search if it is a personal name, and no other details (e.g. the name of the court, etc)?

That way if you are looking for a specific case, you still find it, but if you are simply trawling (or trolling) for dirt on someone then old sins are quietly forgotten.

Norman Conquest, King Edward, cyber pathogen and illegal gambling all emerge in Apple v FBI

Paul Crawford Silver badge

Re: No - it's binary

No, its not exactly binary. True, if you make software vulnerable then suddenly everyone's phone and tablet can be accessed, probably remotely, and with very low cost or discoverability. That will open the doors to more abuse of such powers in exactly the same way the NSA, GCHQ, etc, decide that spying on all of us "just in case" was OK.

What if the key could be accessed by physical forensics, e.g. by grinding the top off a chip and using an electron microscope to read it out? Bingo! The law can access the phone if it is important enough but the time and cost, along with the need to basically destroy the phone physically, means it can't be massively abused in the way a permanent backdoor (key escrow) or software bypass (as the FBI are currently requesting) can be.

We suck at backups. So let's not have a single point of failure any more

Paul Crawford Silver badge

Re: Independent backups

And if the Linux admin's password or SSH key is leaked?

This problem is not OS-specific, though most victims so far have been Windows users. The solution is, equally, not an OS choice (even if it helps the odds) but having some arrangement that when the admin's key is leaked it is not enough to trash everything.

This means probably multiple keys for different areas of a system, but more importantly (in my humble view) that you have something else, something physical or fundamental to a bit of hardware design, that prevents trashing of all backups along with the primary data.

Having different roles/accounts for backing-up separate "root/admin" is a start. But you have to start with the assumption that someone has got complete control of the victim machines and so can undo any permissions on those machines.