* Posts by Paul Crawford

5636 publicly visible posts • joined 15 Mar 2007

Big Blue bafflement: Anyone in IBM Storage know which way is up?

Paul Crawford Silver badge

Re: Maybe customers are worried...

Imagine the (potential) customer's conversation:

C: So what is special about IBM storage?

IBM: Er, well, Yes! Its from us, the big computer company you can trust!

C: How long will you be supporting it?

IBM: Er, as long as we have a hardware business, were in!

C: OK...<slowly moves towards to door>

Apple Watch is such a flop it's the world's top-selling wearable

Paul Crawford Silver badge

Re: Who actually wears a watch anymore? And why?

Partly because I always did.

But mostly I do as it lasts for years on one battery (in fact, mine also solar charges) so I can tell the time without having to keep charging my phone every day or two. That matters if you are in the middle on nowhere as far as power points are concerned. It is also "waterproof" (they say 50m depth but reality is a strong shower) and won't fall out of pockets, etc, depending on activities.

Your poster guide: A fascinating glimpse into North Korea's 'internet'

Paul Crawford Silver badge
Joke

Re: Internet Directory

I suspect that 'foreign exchange reserves' would not be the only thing completely drained after such a night of pr0n browsing

Russian billionaire: GET me the ALIENS ON THE PHONE. Do it NOW

Paul Crawford Silver badge

Re: So... what if their not friendly?

Simple, they will find you and make you one of the "actors" in a pluck'em, fuck'em and chuck'em tourist package...

You wake up after being dropped somewhere smelling of cheap booze, with a sore arse, and no one will believe your story!

The Ruskies are coming for you, NSA director tells City bankers

Paul Crawford Silver badge
Facepalm

Re: secure?

Oh the internet is secure.

But once we started with routers/switches attached and "protecting" our interests that have more lines of code for poxy user interfaces than most 70's operating systems had, and then hooked up PCs designed so an idiot could get on-line to browse pr0n, then you have a security problem...

Reg reader? Work at the Home Office? Are you SURE?

Paul Crawford Silver badge

Re: Middle managers

Good point. Lets keep the telephone sanitisers...

Fragmented Android development creating greater security risks

Paul Crawford Silver badge

Re: Isn't the real problem here...

Funny how Linux desktop & server have updates easily applied to any part of them, often while the thing keeps running. Why can't phone makers, who use the same OS as a starting point, achieve this known application technology as well?

WHOA! Windows 10 to be sold on USB drives – what a time to be alive

Paul Crawford Silver badge

Probably shitty UEFI implementations, but I'm not sure when it comes to Windows.

I have only had two problems with Linux USB "live" sticks, firstly with old PCs (think 2006 era) which don't see a USB stick as a simple bootable HDD and often ask you if its a floppy or CD, etc (none of which seem to work).

The other is very new PC motherboards with secure boot that failed to boot Linux but said bugger all about the reason. Only poking about in the BIOS/UEFI settings did I find that secure boot was enabled.

UEFI BIOS writers, a pox on them all!

Paul Crawford Silver badge

Is this a "run anywhere" live USB stick, or just a copy you have to install and separately 'activate' on any PC you wish to use it on?

And how do you make a back-up copy, is it just a 'dd' style operation or will these sticks have some anti-copy arrangement?

Of course, other OS have had this for years and no license restrictions, so lets see how the arguments stack up.

Wicked WikiLeaks leaks considered harmful: Alert over malware lurking in dumped docs

Paul Crawford Silver badge

Or the font-rendering one I guess :(

Paul Crawford Silver badge

As always, view such material in a VM without network connections.

Maybe using Linux as well if most of these are typical win32 malware that was spammed to the now-leaked account, though getting MS docs to render accurately is a challenge (if you just want the info, not such a problem).

Google robo-car in rear-end smash – but cack-handed human blamed

Paul Crawford Silver badge

Re: "and they never get tired, irritable or distracted".

Lets hope the quality of code is better than the Toyota engine management unit:

http://betterembsw.blogspot.co.uk/2014/09/a-case-study-of-toyota-unintended.html

Read it an weep, or at least, not buy a Toyota.

However, who knows how well other suppliers would fair if properly audited. Eh, Ford with your engine stopping problem, or you Range Rover with your door unlocking?

Paul Crawford Silver badge

While this one example is clearly a not-paying-attention driver, Are there any stats to say if these events in total are more or less common than a meatsack driven car?

Space Station 'nauts dive for cover from flying Soviet junk

Paul Crawford Silver badge

Re: Oh those evil Russians...

Only if it was, in fact, part of an old Soviet craft. Which it is.

Recently the worst offender is the Chinese with their anti-satellite test that cause a huge cloud of debris, largely higher than the ISS orbit. Most Chinese scientists were appalled by it, but of course you do as the leaders tell you.

SourceForge goes TITSUP thanks to storage fault

Paul Crawford Silver badge

Re: It's a pile of poo

It is known as "delivering shareholder value"

In buckets.

Feel like you're being herded onto Windows 10? Well, you should

Paul Crawford Silver badge
Linux

@ The Original Steve

Have an up-vote for a reasoned post.

However, a lot of folk here don't like the model of MS pushing changes if you like it or not. Maybe they will relent. Maybe not as they want to be more like Apple (regular OS updates, no support beyond 2 versions or whatever, and LOTS of profits including the app store). I don't know.

All OS suck donkeyballs, really, but in my case I will stick with Win 7 if I need it, and Linux otherwise because I value my freedom to use the software as I want to. That is enough to accept the occasional hairy mouthful.

Tux, because we don't have a donkey icon.

Paul Crawford Silver badge

We are a Linux org mostly, but have a few VMs with XP for some stuff, and a couple of machines running Windows 7 for things with no viable Linux alternative. If you don't monkey with them they are stable & reliable, which is good.

Shame the update process is tedious, last time one machine needed two reboots for no obvious reason. WTF? :(

As others have mentioned, pushing a Win10 advert though the "security" updates is a distasteful trick, and if that is the new corporate model then Win 10 will only be worse for pushing crap you don't want/need upon you cloud-style. Another reason for us to stick with 7 until we see something better.

Paul Crawford Silver badge

Re: Life on the trailing edge...

Just learn to accept it. There are some commentards who downvote (and upvote) for no obvious reason.

Lawyer brands client 'small penis asshole' before challenging him to a DUEL

Paul Crawford Silver badge

Re: The Irish Code of Honour

Considering that nature of the alleged insult, I would suggest speedos and paintball guns at 20 paces. First to squeal like a piggy has lost.

Suse preps for ARM-ageddon: Piles up cans of 64-bit Linux code to feed server world

Paul Crawford Silver badge

I suspect the Linux kernel has the same approach: compile, test, debug as needed. Have you read the release notes for each kernel update? Often there are comments about fixing this on ARM, or that, or reverting some change because problems were found, etc.

Large Hadron SMASHER: Boffins BLOW OPEN the PENTAQUARK's secrets

Paul Crawford Silver badge

Easy - they are the ones signing about gold and carrying axes.

Paul Crawford Silver badge

Re: Five

"If I have seen further than others, it is because I am surrounded by dwarfs standing on the shoulders of giants was defenestrated from a tall building and survived"

Hacking Team spyware rootkit: Even a new HARD DRIVE wouldn't get rid of it

Paul Crawford Silver badge

Re: Open BIOS now needed

You seem to mistake gov & TLAs for simple monolithic organisations with a singular goal. In reality they are complex, contradictory and often plain incompetent.

Some of the gov want back-doors and weaknesses in other people's systems, but most certainly do not want it in their own systems. But outside of the likes of NSA/GCHQ for secret-and-above projects, they all buy off the shelf computers and such p0wnage leaves them as vulnerable to other nations (and criminals) as we are.

Sadly most consumers don't understand and don't care, so they will apply no pressure on Dell, HP, Asus, Gigabit, etc, to offer us coreboot-compatible hardware (or the necessary documentation). My budget is for a couple of machines a year - will they listen?

So maybe having such UEFI malware from this hack out in the field is actually good in the long term as we, and major security vendors, can start asking pointed questions to suppliers about how to secure the BIOS, and how to put in our own more secure versions.

Paul Crawford Silver badge

Open BIOS now needed

It is high time that a few big players, such as Gov/Police/etc insisted on a supply of PCs & laptops with an open and documented BIOS system, so that any bugs can be fixed (not saying they will be, mind) and tools developed to allow the safe wipe and re-installation of any potentially compromised BIOS.

One can dream :(

Linux Foundation serves up a tasty dish of BUGS

Paul Crawford Silver badge

Seems you know SFA about this. Linus Torvalds is only the kernel's lead developer/manager, this is looking at all the other packages that make up a typical (and thus usable) distribution of a system and many of which lack any sort of clear guidance or leadership.

Paul Crawford Silver badge

Re: Help.......

It depends on who you are. Given that 99% or so of malware by simple number is Windows-specific, the odds are pretty low for a drive-by infection. More so if cross-platform stuff like Java and Flash are disabled.

However, if you are part of an organisation that is worth targeting then all bets are off. Most recent surveys have shown the Linux kernel and Windows kernels have similar magnitudes of vulnerabilities, so if someone wants to find a privileged escalation bug for ether then a decent hacker will. Even so, most attacks are started on other programs (web browsers, word processors, PDF readers, etc) which tend to be far buggier than kernels.

Take some time to read GCHQ's advice on securing Ubuntu 14.04 for example, as that looks in to various aspects of security-by-configuration that are not always obvious. The list of guidance can be found here:

https://www.gov.uk/government/collections/end-user-devices-security-guidance

While that is for UK Gov use and so has some assumptions that might not be relevant, most still apply and you should be considering a VPN as well if you travel a lot and have a properly fitted tinfoil hat.

Yes! Windows Phone lives: Microsoft to pump the device Kool-Aid

Paul Crawford Silver badge
Pint

Re: milliGreeks

Thank you sir, another stonking El Reg unit of fiscal impropriety!

Have a pint on me (bought with borrowed money, of course)

Police investigate strange case of doughnut-licking pop singer Ariana Grande

Paul Crawford Silver badge

Oh well, makes a change from toad licking I guess.

All hail the hypnotoad!!!

Java jockeys join Flash fans in the 0-day exploit club

Paul Crawford Silver badge

Re: Writing from a dull place

I have a VM with Java installed just for Webex stuff. While that is an extra resource hog, generally it works fine.

WHAT ARE the 'WEIRD' SPOTS seen on far-flung PLUTO?

Paul Crawford Silver badge

That is a lofty goal, but I think the problem of slowing a probe down to get into orbit around a (relatively) light system is going to be a show-stopper in terms of fuel demands (as you have to get the probe+fuel up there and fast enough in the first place).

An atomic powered ion-engine craft might be possible...

Surviving Hurricane Katrina: A sysadmin's epic DR (as in Didn't Realise) odyssey

Paul Crawford Silver badge

An insightful tale and one we could all benefit from considering.

Personally I know little about disaster sex, but sadly too much about disastrous sex.

Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals

Paul Crawford Silver badge

Re: Question

Most probably, in fact almost certainly. But the earlier one was largely mitigated by Chrome's sandboxing. Not that sandbox technology is anywhere near infallible, of course...

China's STILL holding up the full WD-HGST integration. Why?

Paul Crawford Silver badge

Re: hmm

Some of us cant afford 10TB in SSD

Wow, another NSA leak: Network security code appears on GitHub

Paul Crawford Silver badge

Re: NSA?

GCHQ also provide guidance for securing systems. It is OK and you can sleep safe, they are not a TLA :) See here, but of course read and understand first:

https://www.gov.uk/government/collections/end-user-devices-security-guidance

Black and Latina boffins regularly mistaken for janitors, study finds

Paul Crawford Silver badge

@Mine's a Guinness

You don't know how desperate I am...

Paul Crawford Silver badge

On a more serious note, in engineering in particular there is a shortage of women entering the subject to study (e.g. compared to biochemistry, etc), no doubt due to various factors, but that in turn has an impact on the gender bias of typical engineering companies and university staff (who tend to reflect the entry stats some 5-20 years previously).

Tackling the issues around that at school age would be a good start.

Or just giving us engineers all much more pay, THEN we would have more uptake :(

Paul Crawford Silver badge
Coat

Simple - the women are 5/3 more entertaining to watch!

Thanks, mine is the dirty mac...

Pluto probe brain OVERLOAD: Titsup New Horizons explained

Paul Crawford Silver badge
Pint

Better with a watchdog though

Even though it caused an upsetting event here by being a touch too sensitive, it is still much better than Clementine's computer that lacked a watchdog and paid for that blunder in a serious loss of science after it got into trouble and wasted its fuel:

http://www.ganssle.com/watchdogs.htm

A nice beer for the folks looking after the probe

Hacking Team hacked: Spyware source code torrent blurts govt customers

Paul Crawford Silver badge

Indeed. Once we step beyond the ethics of what this company does (did?) and those who exposed the data, it will be interesting to see some proper analysis of the techniques used and if they relied on zero-day bugs, or Trojan installs, or maybe even state-instigated installation by suppliers/ISPs, etc.

Paul Crawford Silver badge

Normally I would be against the hack & dump approach seen here, but in this case I just keep thinking "Live by the sword, die by the sword" over and over again, for some odd reason.

US Feds investigating Prenda Law, say Pirate Bay co-founders

Paul Crawford Silver badge

Don't forget ACS:Law

Best not to forget what happened in the UK. This article covers the background and is essential first reading.

http://arstechnica.com/tech-policy/news/2010/09/amounts-to-blackmail-inside-a-p2p-settlement-letter-factory.ars

Then enjoy this:

http://torrentfreak.com/acslaws-anti-piracy-downfall-sends-hitler-crazy-101004/

Export control laws force student to censor infosec research

Paul Crawford Silver badge
Joke

Just tell Google - they will then tell MS and give them 90 day to fix before publishing it.

North America down to its last ~130,000 IPv4 addresses

Paul Crawford Silver badge

Re: Another scare tactic to charge more money

Did you miss out the joke icon by mistake?

Either that or you have no understanding of what the "32-bit" aspect of IPv4 addressing actually means and presume its a string of ASCII text somewhere.

UK TV is getting worse as younglings shun the BBC et al, says Ofcom

Paul Crawford Silver badge

The CBBC lot has produced some genuinely good programs in recent years, "Horrible Histories" and "Young Dracula" stand out just off the top of my head.

But all else on cable and broadcast has gotten shittier as more adverts are stuffed in, and more channels means less spent per channel on anything worthwhile.

Mastercard facial recog-ware will unlock your money using SELFIES

Paul Crawford Silver badge

So when you want to purchase something with only a crappy GPRS link available (or none at all), what then?

Ford recalls 433,000 cars: Software bug breaks engine off-switch

Paul Crawford Silver badge

Re: If American cars suck, how about this one?

That report about Toyota's software is truly shocking - so many mistakes that are in the "just out of Uni and never worked on something serious" level and a corporate arrogance (or ignorance) that the system fails on so many of the safety guidelines in the automotive industry's own MISRA standards.

German army fights underground Nazi war machine hidden in Kiel pensioner's cellar

Paul Crawford Silver badge

Unexploded ordnance I can understand, by all means stop people hoarding stuff that might go kaboom.

But removing the tank?

Congratulations! You survived the leap secondocalypse

Paul Crawford Silver badge

Re: vendor pools

I think the goal of NTP's guidelines is to stop a major supplier hard-coding "generic" pool servers in to their product, as correcting any problems later is a major problem.

So what they are asking is vendors create their own pool (maybe providing their own servers as well, but I don't know if they have to, as they could be aliases of other pool servers) so the hard-coded server addresses are unique to their product(s). That way any problems it can be throttled or blocked, etc, without impacting on anyone else.

As for software projects defaulting to the generic "pool" of NTP servers, I kind of feel they should not - that anyone choosing to install such software should be made to configure it. Of course, when such software is part of an OS or application, you are back to the vendor issue again and it should be pre-configured with the vendor's pool of server names.

Incidentally, in this day and age why are ISPs not providing NTP servers and offering the address via DHCP?

Paul Crawford Silver badge

Re: Old Debian boxes had issues

You need a watchdog setup then.

We had no problems, other then an elderly solaris box that was out by a second for an hour or two. Our oldest Linux boxes are typically Ubuntu 10.04 on 2.6.32-74 kernel, and they had no problems.

Paul Crawford Silver badge

Re: Alternatives

I prefer my own suggestion - make the insertion and removal of a leap second very frequent, say once per week, but arranged so they correct on average for the amount we need.

That way software developers will be forced to test their own damn code and the problems will be found and fixed.