* Posts by Paul Crawford

5635 publicly visible posts • joined 15 Mar 2007

Accidental homicide: how VoLTE kills old style call accounting

Paul Crawford Silver badge

And now its the other way round. Such if life...

Paul Crawford Silver badge

Actually anything that marks the death-knell of "premium numbers" and stupidly over-priced foreign calls is a good thing!

It can't be beyond the wit of the telcos to have a reasonable model for data based on some monthly minimum and some reasonable extra for large amounts of data that will keep the lights on. All we need is some honesty in advertising and a regulator willing to beat them until the comply.

Temperature of Hell drops a few degrees – Microsoft emits SSH-for-Windows source code

Paul Crawford Silver badge

Re: Found it!

[citation required]

Paul Crawford Silver badge

Re: Ugh!

"a better way would be to use UTF-16 everywhere in a Windows application"

No a much better way would be some thin compatibility layer for Windows that allows UTF-8 to be used in Windows in place of UTF-16.

UTF-16 is horrible and breaks all of the native C/C++ string handling and all legacy text applications. At least UTF-8 is usable, even if you have the unpleasantness of off characters in old editors and variable length strings for a fixed number of "characters" when outside of the ASCII Latin alphabet.

GCHQ to pore over blueprints of Chinese built Brit nuke plants

Paul Crawford Silver badge

Re: Blueprint?

Unless you have one of those inkjets that refuses to print a B&W document because its low on magenta...

Shoebox-sized satellite enters orbit packing 3Mbps radio

Paul Crawford Silver badge

A lot of polar orbiting satellite use torquing coils against the Earth's magnetic field to off-load momentum wheel speed.

Paul Crawford Silver badge

The problem with a "deployable sail" is the satellite has to be still working well enough to deploy it. Now if you can have a chemical/UV exposure timer with ~4 year period that might be OK...

Paul Crawford Silver badge

Also remember that the speed of development is due to simply bolting together off-the-shelf cubesat bits and not having to design for long life and no single-point-of-failure (since its so cheap, and then they don't care if it fails soon).

The long term consequences of a vast number of short-lived and then (or even by design) uncontrollable small satellites is a serious one. Really, those things should only ever be put in a very low orbit so they will de-orbit all by themselves in a couple of years at most.

US senators lean on ICANN, tell it to quit squirming and open up

Paul Crawford Silver badge

If could vote, I would turf every one of the current board out and appoint a new lot. Ones more interested in the Internet's general well-being and less on their personal fiefdoms.

In addition, I would make it a rule the no board member can stay on longer than, say, 4 years, and all have to have at least some real and recent computer science background (e.g. degree) or experience (e.g. successful management of software-heavy project).

Oh, and a personal unicorn would be nice while I'm at it...

Bug-hunt turns up vuln in LibreSSL

Paul Crawford Silver badge

Re: @GrumpenKraut

Thanks for reminding me of valgrind. Yes, it is not quick but it is a useful tool!

My comment about the efecne library is it has some minor performance hit on the allocation/freeing, but once you have an array it is pretty much full speed and not having to check array indexes on every access as the chip's VM unit will alert on out-of-bounds access. How much that impacts on a program depends on the relative amount of malloc'ing versus amount of array access.

Paul Crawford Silver badge

Enforcing allocation

If you are using malloc & free then you can run the code using the electric fence library (or similar) that uses the system's VM manager hardware to enforce bound checking and will trigger a segmentation fault and thus a core dump for debugging the code. This has very little performance penalty and requires no code change other than linking with the efance library.

What is much more of a pain is the abuse of stack-allocated arrays as they are much more likely to lead to code injection, and often confuse the debugger if the function context (return address) gets trashed.

Anyone know of a simple way to debug that? I.e. some automated way of using an electric fence style of check on stack arrays without a massive code change?

Also it is worth noting that a number of tools like Coverity are quite pedantic about array use from a static analysis point of view and will help find such problems even before you run the code. Not always of course, but use all the tools you have...

Standards body wants standards for IoT. Vendors don't care

Paul Crawford Silver badge

"lack of security for IoT deices results in a negative externality, where a cost is imposed by one party (or parties) on other parties"

OK, simple solution - make IoT vendors liable for the consequences of security breaches if any identified flaw is not automatically fixed within 30 days, maybe forcing them to have some insurance policy to cover it. That liability and/or how the premiums are calculated might just focus the idiots design and marketing minds of having a proper development, testing and support process.

What, then IoT is too expensive?

Oh dear, how sad, never mind! </Windsor Davies>

Facebook appoints self world police, promises state attack warnings

Paul Crawford Silver badge

Re: Maybe I'm too cynical ...

Exactly. Many moons ago they pestered me to add a p[hone number "for security" as if I gave a monkey's crap about what FB contained. The more info they have on you all the better to whore you from advertiser to TLA to advertiser.

Where will storage go over the next 15 years? We rub our crystal ball

Paul Crawford Silver badge

The only solution to the latency issue is to have you processing "machine" on the cloud-provider's infrastructure. At that point you surrender any security as that machine would necessarily have the key(s) to decrypt your data.

Otherwise you can use cloud for secure storage so long as it is encrypted at your end using a key not known to the storage provider, which is a good options for some situations (e.g. off-site backup).

Paul Crawford Silver badge

Re: What about support?

You have a valid point, that someone has to support it.

Sadly, often the paid-for support is only a little better than what a popular (e.g. FreeNAS) forum has. I'm guessing you can also get paid support for open source solutions like FreeNAS, so its not an either-or option.

Can we have a straw poll on which major storage vendors really provide good support?

Paul Crawford Silver badge

Re: Snapshots have never been a paid feature from NetApp

What about accessing the snapshot'd data?

Paul Crawford Silver badge

@Roj Blake

Do I put my data on public-facing networks?

Am I subject to USA data snooping laws? Would I know if I was subpoenaed?

If I run out of short-term cash will I delete my own data?

Also money is, like AC power, or water, etc, interchangeable. The numeric value of my balance is not something that would be of special advantage for industrial espionage.

Paul Crawford Silver badge

Electricity is a basic commodity, it has no real unique characteristics. Just 230V +/- 10%, 50Hz, (mostly) sine wave here in Europe.

My data is unique which is why it is so much more valuable. Do I trust others to look after it? No!

Sure, I might use a cloud provider to store an encrypted backup, but then if they bugger me around I still have the original, and they don't have access to whore me from advertiser (or TLA) to advertiser. Going cloudy might suit small businesses that have no tech support and limited requirements (say just email & dropbox share) but if you have big demands the cost of the "cloud", and the bandwidth needed to work with, it becomes uneconomical even before we get to data sovereignty.

Will stock market swipe right on Tinder? Match Group files bid to IPO

Paul Crawford Silver badge

"pay to get access to other people's vitals"

The oldest trade, tarted up in the name of romance.

Big Blue lets Chinese government eyeball source code – report

Paul Crawford Silver badge

Re: Not enough

It is a fair point, that with several MLOC and a closed environment for a few dozen folk to review the code, you have very little chance of finding anything.

If, and that is a hypothetical "if", the TLA have had backdoors planted you can be damn sure they are not so dumb as to have obvious code and matching comments to draw attention to it. Most likely it would be some apparent 'typo' that allows an exploit to be deliverer, or it would be some obscure cryptographic flaw (or blind use of closed hardware support) that makes it easy for them and hard for others to exploit.

Job alert: Is this the toughest sysadmin role on Earth? And are you badass enough to do it?

Paul Crawford Silver badge

I think it is that a lot of dog diseases can be passed to seals.

Paul Crawford Silver badge

Re: Wot No Huskies?

At the BAS base at Rothera they have photos of the various dog teams and some letters about what happened to the last set when they went back (I think to Canada) to live out their lives. Most did not live long, probably due to a lack of immunity to diseases on the mainland, but at least they were treated well. Still fondly remembered by the older hands.

Self-driving vehicles might be autonomous but insurance pay-outs probably won't be

Paul Crawford Silver badge

Re: Speaking as one who has fallen from ths sky

Given two choices:

(1) broken ribs, broken vertebrae, punctured lungs, demolished spleen

(2) several months of daily buggery

I think any sane person, of any sexual disposition, would opt for the buggery!

So just what is the third Great Invention of all time?

Paul Crawford Silver badge

Re: Measurement

+100 for this. Not only the standardised units, but the idea of standard parts (like Whitworth's screw threads) and the resulting interchangeability that led to mass production and, in many ways, the latter part of the industrial revolution and all those affordable gadgets we take for granted (you know pipes and taps for clean water, cookers, etc,).

Radio wave gun zaps drones out of the sky – and it's perfectly legal*

Paul Crawford Silver badge

It unlikely, unless some moron of a designer makes it dependant on having a signal.

Firstly you can disrupt RF comms at levels way below those needed to actually damage electronics, and secondly most body implants have the benefit of flesh around them which works as a useful attenuator at the sort of frequencies these things work at.

Still, if you need any medical electronics to live, best not to play with an ESD simulator or similar...

Fixing Windows 10: New build tweaks Edge, sucks in Skype

Paul Crawford Silver badge

Re: "...huge A3 CAD drawing..."

Yup, some years ago I had to shrink some schematics down to fit A3 and it was only just readable. Now I try to fit on A3 pages and split up the design, which sounds obvious, but then with some packages you don't get that much on an A3 page at normal symbol size :(

No change in US law, no data transfer deals – German state DPA

Paul Crawford Silver badge

Outlook

Cloudy, with some rain in the immediate future

Volvo to 'accept full liability' for crashes with its driverless cars

Paul Crawford Silver badge

Re: how do you steal a car that will drive itself back home?

Probably break it for spares, though I can see some great Darwin awards coming for petty thiefs...

Paul Crawford Silver badge

Re: What ifs

EVERY article ever written on El Reg about driverless cars, someone in the forum pops up with "who's going to pay for it if/when they crash"

I do. And now we have a car company saying quite unambiguously that they accept the blame for faults in their car design or manufacture, and that is a great step forward (subject to getting country laws to accepts such a thing).

As other commentards have pointed out, an autonomous car will almost certainly out-brake a human driver in any obvious impact scenario. Though how well they will deal with odd cases, loss of communications (doh! stupid idea...) and anticipation of kids, etc, playing at the roadside is another more difficult question to be answered.

Finally, can we please have proper audits and standards for car software? It is shitty enough we have cars recalled due to potential hacking via in-car entertainment (e.g. Jeep) and not shutting off (e.g. Ford) but having full control of all aspects of the vehicle offers far more opportunities for a BSOD than so far (e.g. Toyota's "unintended acceleration").

Google's .bro file format changed to .br after gender bother

Paul Crawford Silver badge

Re: perhaps you could name some of your folders as .ass?

So we have:

.vag

.ass

.mouth

.apple-pie

.pigs-head

Its a gift that keeps giving :)

Vodafone joins calls to pry Openreach from BT's hands

Paul Crawford Silver badge

Virgin (no longer owned by the beardy one) bought over past telcos coax networks, they have laid very little since.

It costs real money to do so, and there is not profit in that when there is no universal obligation on them to do so (and bugger-all for openreach putting in fibre outside of VM's areas).

Now even EUROPE is slapping down ICANN in internet power struggle

Paul Crawford Silver badge

Re: ICANN in a death spiral then?

The tech world's FIFA

ICANN: Just give us the keys to the internet – or the web will disintegrate

Paul Crawford Silver badge

I fully agree!

Now about that "biologically impossible" act, I'm sure we all have a few old spare routers kicking around and a jar of Vaseline is well within my limited budget...

4K catches fire with OTT streamers, while broadcasters burn

Paul Crawford Silver badge

Re: Content is everything

I saw a 96" 4k TV in Harrods last week and it looked simply amazing, but the £17k price tag is a touch outside my budget.

Porsche-gate: Android Auto isn't slurping tons of engine data, claims Google – but questions remain

Paul Crawford Silver badge

Re: All cars have split CAN buses

That sounds sensible. But what happened with Jeep's hacking via entertainment system? Seems someone was not thinking security through at all.

As I have commentarded before, its time that in-car hardware and software was audited for this sort of thing and the results published ncap-style so you can choose to avoid dumb/misled designer's results.

EU desperately pushes just-as-dodgy safe harbour alternatives

Paul Crawford Silver badge

I suspect if this starts costing real profits in the US then the "national security" laws will be changed to have the sort of narrow focus and judicial oversight that should always have been present.

At that point some more equitable replacement agreement should be easy.

Phone thieves to face harsher penalties for data theft

Paul Crawford Silver badge

Re: Irreplaceable photographs

The only way this law makes sense is if the criminal then goes on to use/abuse the phone's data.

If your phone is nicked that’s not good, but if there is no violence/injury its only a phone. If you have irreplaceable data on the phone that is valuable then you should not deserve any more compensation (or the scrote any more punishment). After all it could easily fail or be wiped by some botched upgrade and you would get bugger-all back from the EULA even if it were generally dismissed by a court.

Surface Book: Microsoft to turn unsuccessful tab into unsuccessful laptop

Paul Crawford Silver badge

1TB storage?

How much for the 1TB storage option?

Edward Snowden denies making a deal with the Russian secret service

Paul Crawford Silver badge

Re: Interesting comments here

Oh I don't know, Europe has plenty of trolls, and not just under Scandinavian bridges doing a bit of goat-bothering.

Just put up something with a political or religious slant and they come out of the woodwork. Logic and reason are not required, in fact, really take away from a good rant.

Paul Crawford Silver badge

Really, this is no place to admit to being a traitor and liar. Though quite why you think "This" is such a state secret I can't quite fathom.

What is money? A rabid free marketeer puts his foot in lots of notes

Paul Crawford Silver badge

Re: Gold Standard

Sensibly used fiat money allows for better management of the economy as Tim points out, but if gov are stupid then gold is a buffer to stop that.

So what is best? Maybe if we stopped any index-linking of politicians pensions, or better still linked them to the economy as a whole, we would see a bit more prudence...

Ten years on: Ronnie Barker, Pismonouncers Unanimous founder, remembered

Paul Crawford Silver badge

Re: Let me be the first to say...

When he died one of the papers had a cartoon sketch of his coffin with a couple fork handles on them and an irate vicar saying "No, I said four candles!"

Some how I think the late, and missed, Ronnie Barker would have approved of that.

Ex-Autonomy CEO Mike Lynch sues HP for $150m+

Paul Crawford Silver badge

Can anyone point to an HP acquisition that is a success?

You lucky devs: It's Microsoft Office 2016 ... and VBA lives on

Paul Crawford Silver badge

Security?

Will this open another can of worms in the "documents can do stuff" theme that resulted in the various pop-up warnings from Office about risks from allowing macros to run, etc?

FATTIES have most SUCCESS with opposite SEX! Have some pies and SCORE

Paul Crawford Silver badge

Re: BMI

I know excess drinking is bad for you, but a pint of Hg? Strewth!

Tear teardown down, roars Apple: iFixit app yanked from store

Paul Crawford Silver badge

Re: Information wants to be free!

Ironic really, given the Apple logo was based on the symbolic apple from Genesis story of God kicking out Adam & Eve for tasting the forbidden fruit of knowledge. Now they do the same...

Arabic-speaking cyberspies targeting BOFHs with crude but effective attacks

Paul Crawford Silver badge

Re: Thank you Captain Obvious

Yes, but normally they target the wonks in accounts because they often have lots of access but lack the nous one normally assumes a BOFH has by the bucket full.

Not, it would seem, here...

Diskicide – the death of disk

Paul Crawford Silver badge

Re: "post-dedupe"

As soon as folk start talking about compression or de-dupe, they are up to something, and that something is usually a lie.

Compare RAID-protected capacity & cost. Note the IOPS difference, then decide.

Not all work loads benefit from compression or de-dupe to make the extra CPU load and/or RAM usage worthwhile, so leave that to the customer to see if there is some advantage.

Will IT support please come to the ward immediately. Weeeee have a tricky problem

Paul Crawford Silver badge

Re: in ye olde days

Did the same, but promptly unplugged and ran the keyboard under the hot-ish tap for a bit to clean it out, then left is end-up on the to dry overnight. Much to my surprise it worked fine for several years more, and was cleaner then any other in the building!

Get on with it! Uncle Sam's right-hand man schools ICANN powwow

Paul Crawford Silver badge

Re: Unprofessional. Irresponsible.

Yes - probably best option is to nuke it from orbit.

Start again, new board, rules that stop them plying silly buggers, and if they are OK in a years time then job done. After all, most of the Internet would function perfectly well without ICANN, certainly for the time it takes to wipe and re-install.