Posts by Paul Crawford

Re: What about non-connected computers?

If all you need is XP/7 application support, and not special hardware, then running Windows in a VM is a good solution.

OK for the typical end user its a little more training/understanding of the whole "computer in a computer" arrangement, but it allows you to totally decouple the application+OS you depend upon from the hardware you have. You also can lock it down so web/email is from the host, and the VM has only the internet access it really needs (which could be zero). Finally, as a lot of malware now avoids running in a VM to evade analysis, and you are probably not exposed so much, you can drop a lot of crappy AV software and rely on other methods of recovering from an infestation (as AV is pretty shit generally at that job).

For myself I have XP and 7 VMs for CAD software, Office, etc, and use Linux for my host machine. No need to rent, no need for cloud unless I want it, no need to sign up to a MS account, etc.

Would a better approach not be to have a system where all of the stuff they access on-line is included in the submission the examiner gets?

That way you can mark how well they "used" google and check for simply asking the question and/or using google to go to a 'mechanical Turk' site for a solution.

OK, would make marking a bit more tedious, but maybe the knowledge that their search operations are assessed would make for a more focused approach.

Re: Told you so!

"your child's child likely will have no need of handwriting"

So they can't sign things and thus we all have to be corralled in to a biometric future like cattle, all suitably tagged and compliant.

Re: @Vimes

"http://www.teamdrive.com/

Problem = solved."

Not really. While the "Professional Starter 5 Server" looks as if it provides your cloudy store & share, it still leaves open the whole issue of how you secure access to your own server to host it (assuming that you have the need for enough data to make them hosting it uneconomical or too slow, so you want only some data synced but lots more on-demand).

Also you might have software on a home/work machine you need to run remotely (maybe its tied to MAC address or whatever for licensing). That was why the issue of choosing & configuring a router/VPN was mentioned, as it could drastically reduce the chances of other having a pop at your server, etc.

Re: We must finally outlaw hardware without publically documented interfaces

Yes, fines should be large and enforced otherwise bugger-all will change.

How said companies chose to respond is up to them. It would be better for free software and probably cheaper for them to cooperate in making specifications fully public, also it would help build trust that nothing dodgy was added. But sense seems to be a rear thing these days.

I don't see the logic here, if they are using phones to simultaneously trigger bombs then by time you know about it all said bombs have gone off. And if your aim is to detonate other bombs a bit later, you have timers and/or the ability to notice the network has gone dead for that.

The only situation where it would make any sense, and probably it is the reason for them wanting the document kept secret, is for demonstrations and similar where you would not want the organisers to be able to re-route a march, etc. And then it starts to look rather undemocratic.

Doh, me being stupid again! Why would they presume the people should have any say in their government's actions?

Re: 120%?

They are allowing for the Spinal Tap Hacking Crew.

Re: re: Windows XP was the first PC operating system to drop the MS-DOS

I think he meant the first consumer-facing system. They ran in parallel with 95/98/ME and were intended for serious applications (proper 32-bit programs, multi-user, etc).

Sadly in the push to make consumer & professional lines converge and be fast enough for gaming, compatible with older badly written software (some of it MS' of course!), etc, a lot of dumb decisions were made w.r.t. security, etc.

Re: High Wage and High Cost Economies

"That affects the price of everything"

Yes, but it also pays for better standards of health, hygiene and public safety. Where would you rather live, a poor-to-middle region of the UK, or poor-to-middle of Indonesia?

(nothing against Indonesia as such, but its your example)

Re: hmmm

Indeed. As the apocryphal survey found out: 90% of men masturbate and 10% are liars.

Re: SaaS Bubble

At least if you are using a synced-to-the-cloud system and the supplier goes off line one day forever, you still have a local copy of your data.

@h4rm0ny - down votes

There is often no rhyme nor reason for commentard's voting actions.

They might not like the practice and chose to down-vote you as the messenger, or maybe they have some petty grudge based on some other posting of yours they didn't like. Or maybe their underpants were on too tight. Who knows?

Actually I'm betting on the underpants.

Sadly we, the populous, were given a chance to vote on at least some revision to the first-past-the-post system and we rejected it. Why you ask?

Maybe due to the Tories & Labour pushing to keep the system in place that has served both of them well since WW-2.

Or maybe because the morons out there felt it better to "punish" the Lib-dems for failing to hold back the Tory's education cuts & fees, than to make for a better and more representative future.

What do they say about getting the government you deserve? :(

Re: Chromebook?

The big saving comes from the almost complete absence of malware for a chrome book, and the inability of BYOD style kids bringing them in infected with that, or other general crap that might be disruptive installed.

Re: meh

"HFT isn't the issue"

Really? Being fooled by proposed sales that don't ever take pace, and you say that is not a fundamental failure?

What he may (or may not) have done may be dubious, but the real issue is just how much those automated traders were taken in by momentary data of sales that did not complete. You would have thought after one or two incidents they would have learned, but no, it seems to have been profit for years if the allegations are true...

+1 for that.

Really, the note about UL is the only sane thing but it misses the point - there is a need for standards of software/systems not being shitty that are legally enforced. If your kit fails the UL standards then AFIK you can't sell it in the USA/Canada and if you do you can be prosecuted.

We need something similar for software: a requirement that best-practice (e.g. MISRA coding standards, etc) is used when writing it and the security aspect is properly considered, and finally that timely bug-fixes are provided for free (i.e. covered by the intial sales cost) and are practical to install for 5 years or so after the product family is last sold. Some legal stick is also needed, e.g. making the supplier liable for the consequences if not patched effectively after say 30 days of a vulnerability being reported, and obstructing security testing/auditing of your products to be illegal.

Yes, I know that costs money to do, but if it is a requirement on ALL businesses then doing it right is no longer a cost-penalty compared to the shitty state we currently see.

Oh once he has come down from the drugs he will be discharged

Re: Wrong conclusion to the report

The funny thing is stupidity seems to increase quickly with alcohol consumption.

The whole printf() family should always be regarded as suspect because (1) a lot of compilers can type-check the format string against the variable argument list, and (2) you don't always know if the destination string(s) are long enough to hold the result(s).

These days gcc can format-check, and most decent static analysis tools also do this, but I have seen too many projects with shed-loads of compilation warnings that were obviously ignored. And most modern libraries have 'nprintf' variants where the target buffer can have its size passed in to stop buffer overruns.

As with a lot of these problems, the solutions are already out there if only they would use them :(

What is worse is that some folk do seem to succeed by using the “Hi, wanna jiggy?” approach, and that leads to the tragic reality of Darwinism:

"Survival of the fittest" is often misunderstood to be about strength, cunning, health, etc. It is not, it is about the ability to out-breed your opponents by any means.

@Rebecca M

The majority of HDD errors are indeed detected by the controller and/or reported by the disk itself when a read request cannot be honoured. That is what classical RAID protects against.

With a periodic "scrub", where the system attempts to real all HDD sectors so errors are seen and re-written to hopefully fix the problem via sector reallocation, you get a good chance of not ever suffering from known RAID failure under normal conditions (data read, or more commonly when a HDD is replaced and a rebuild is needed).

But today where you might have massive data sets you can't ignore the problems of "silent errors" where the HDD's correction/detection system, or any one of a number of other sub-systems, has mess with your data. You might want to read this paper on the subject:

http://research.cs.wisc.edu/wind/Publications/zfs-corruption-fast10.pdf

(There is another from CERN but I don't have the link to hand)

I suspect such side-channel attacks are only a real problem for remote equipment, or DRM applications where the end user/customer/dupe also "owns" the hardware that is intended to oppress them.

If you are enough of an intelligence agency target to have probes attached to hardware in your own business or home, I doubt the finer points of hardware design will be your biggest problem...

Re: How hard can it be?

Firstly it was most likely a Windows system.

Secondly while you thought you were being smart, you just gave yourself a false sense of security - what about /tmp /var/tmp (probable some others under /var as well), and /run/shm which are by default world-writeable and support execution?

Re: Depresses me that consideration for UK areas...

Scotland had/has some collocation of hydroelectric generation and high-consumption industries like aluminium smelting. I'm pretty sure you would get a good deal on power and no cooling problems in those locations. Getting top-notch connectivity might be an issue, but I guess it depends on what your budget is and what the ratio of data to processing load in the centre is.

However, understanding the locals can be a challenge, even for those born in Scotland but 50 miles away...

GPL as "complex" really?

Its quite simple really: I give you my code with the condition that if you modify/improve it for distribution, you make said changes available to others. That way we all benefit.