* Posts by Paul Crawford

5819 publicly visible posts • joined 15 Mar 2007

Administrators have update lessons to learn from the CrowdStrike outage

Paul Crawford Silver badge

I think the single biggest take-away from this is "How can I recover a bricked machine?"

Crowdstrike have been spectacularly bad here, but it is only a matter of time before another screw up, or another form of malware, does the same. So, if the machine won't boot, what is your plan?

You do have a plan, don't you?

SAP system gives UK tax collector a £750B headache as clock ticks on support

Paul Crawford Silver badge

Re: Cost: "highly customised" vs bespoke ?

What would it cost HMRC to produce its own bespoke system - written from scratch ?

That would depend on which set of jokers it contracted the job to...

Engineers fix ESA's Gaia observatory from 1.5M kilometers away

Paul Crawford Silver badge
Pint

Re: "We, therefore, raise a glass"

And I third that motion!

EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft

Paul Crawford Silver badge

TL;DR - don't blame our crappy system for getting in a boot loop, it was a big boy who did and ran away!

CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear

Paul Crawford Silver badge

Re: Will Cloudstrike be held responsible for the damage (financial and otherwise)

It might do, but MS has skipped responsibility for decades, so...

Angry admins share the CrowdStrike outage experience

Paul Crawford Silver badge

Re: Matter of trust ..

Those who still trust MS after many decades of evidence to the contrary?

Reports will be written, "lessons will be learned", and folks will go back to the same old shit again. Fundamentally there are several issues here, but the dependency on specific vendors will mean the cost & trouble of proper fixes is too much. MS know that, as to AV suppliers.

Paul Crawford Silver badge

Re: Modern life

Linux user here but same sentiment: my mobile devices that are likely to get lost/stolen have encrypted disks, my rack-mount kit that is far less likely, and usually needs to reboot automatically, is not using such boot-level restrictions & encryption.

While MS & Crowdstrike are the obvious and justifiable whipping boys here on multiple levels, there is a major aspect of general resilience to be considered that is independent of them on how to recover from an IT disaster of any sort (screw-up, attack, or just natural disaster). So many have a "hope it won't happen" plan.

UK comms watchdog banning inflation-linked mid-contract price rises

Paul Crawford Silver badge

Re: About bloody time the regulator did something

My local fibre ISP is fixed price - no silly buggers.

I had kept on VM largely for the cable TV but when this crap came along at the end of my previous and genuinely fixed deal I dumped them. I had the cable service for around 21 years, starting with Blueyonder...

CrowdStrike file update bricks Windows machines around the world

Paul Crawford Silver badge

Re: In other news

Emphasis on the 'had' perhaps?

Sam Altman sues builder over $27M flooded, sewage-hit 'lemon' of a mega-mansion

Paul Crawford Silver badge

The house built to the same standards as much software...

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

Paul Crawford Silver badge
FAIL

No system, no software, no security protections will ever work 100% of the time.

But some seem to only work 10% of the time.

Thunderbird is go: 128 now out with revamped 'Nebula' UI

Paul Crawford Silver badge

You should not have to. If they introduce a breaking change in data format they should automatically backup the old format so you can go backwards.

They pulled the same shit with 115 as well, and of course when its an automatic update and you don't (a) realise it will break things, and (b) don't realise bugs until a few days and/or don't have that much of a daily/hourly backup you are screwed. Oh for ZFS by default with every updated snapshotted first....

Release the hounds! Securing datacenters may soon need sniffer dogs

Paul Crawford Silver badge

Maybe, you know, fixing the piss-poor security around NFC stuff that allowed cloning in the first place would be a better long term goal?

Here we go again. And again. Musk threatens to pull Twitter, SpaceX out of California

Paul Crawford Silver badge

Perhaps if you are a good parent then your child will happily tell you.

Craig Wright admits he isn't the inventor of Bitcoin after High Court judgment in UK

Paul Crawford Silver badge

Re: Reverse crypto scam

My money is on the real Satoshi having sadly passed away only a few years after the original invention of Bitcoin.

Or they failed to back up their data and lost said wallet contents, and are now too embarrassed to admit loosing a GDP-seized fortune?

Kaspersky culls staff, closes doors in US amid Biden's ban

Paul Crawford Silver badge
Facepalm

Re: Logically

Gee, are you still running Windows (or Apple OSs) if those really are your concerns?

Paul Crawford Silver badge

There is also a deeply fundamental issue with OS design that such access is needed, but that is not going to change so we are left with AV out of necessity.

Agile Manifesto co-author blasts failure rates report, talks up 'reimagining' project

Paul Crawford Silver badge

Re: 'Yeah, forego clear requirements' – why would you want to do that? That's just silly…

you can stuff "get requirements" in the first sprint and have them completely sorted out by the end of it.

Completely? Really? That is the usual reason for ultimate failure, never quite understanding what is needed in real life.

Yandex sells off Russian ops, remaining Euro-biz now Putin itself about as Nebius Group

Paul Crawford Silver badge

I have no idea. But then, the apparent "value" of western businesses that have no sign of profits also astonishes my logic as well.

Evidence for Moon caves emerges as humans hunt for hospitable hideaway under lunar surface

Paul Crawford Silver badge

Clangers

Need I say more?

Is Teams connector retirement a tweak to fit EU laws, or a sign of price rises to come?

Paul Crawford Silver badge
Gimp

TL;DR - before you were expecting to be reamed, now Microsoft are charging for the lube as well.

The graying open source community needs fresh blood

Paul Crawford Silver badge

Closed source community?

There are serious issues in getting and educating new talented staff. While open source's problems are apparent to world+dog, how does this compare to closed source equivalents?

Based on the piss-poor quality of MS products (and patches) in recent years I suspect not much better, but has anyone got insight as to how the development models actually compare in practice?

Trump threatens to send Meta's Mark ‘Zuckerbucks’ to prison if reelected president

Paul Crawford Silver badge

Can we please have a revised cage fight before the election?

Whoever gets beaten does not really matter...

Twitter grew an incredible '1.6%' since Musk's $44B takeover. Amazing. Wow

Paul Crawford Silver badge

Re: It is probably really a decrease

I just stopped visiting once he made it necessary to log in for any sort of useful access. Same as Facesbook links, why bother?

America's new Sentinel nukes mushroom 81% in cost. Pentagon says it's all good

Paul Crawford Silver badge

Re: Why do we need new nukes?

Probably because everything in the rockets and ground command systems is ageing and contains obsolete parts. You get to a point when you might as well replace it as restart many, many obsolete part production lines to get new spares to continue support.

Other old weapons like the B52 bombers have had several major and very expensive refits of avionics over this time-scale.

China's APT40 gang is ready to attack vulns within hours or days of public release

Paul Crawford Silver badge
Facepalm

Re: This would make every vulnerability a 0 day vulnerability

because it'll be too risky to wait weeks before patching

Now if only they could trust MS not to break things with updates...

Texas court blocks FTC noncompete ban, and you can blame SCOTUS

Paul Crawford Silver badge

"The role of an administrative agency is to do as told by Congress, not to do what the agency thinks it should do."

Except congress knows bugger-all about many of the subjects it is supposed to rule on.

The TL;DR version of SCOTUS is "we don't like rules against business and want more business for lawyers".

Db2 is a story worth telling, even if IBM won't

Paul Crawford Silver badge

Lets talk GPFS...eh, what?

Time Lords decree: No leap second needed in 2024

Paul Crawford Silver badge

Re: The negative leap second

Is it really such a big deal? For logs, etc, you already have the ordering of entry in the storage system that gives you a large degree of causality, and you know exactly when a leap-second is added/subtracted so you know of a specific 1s window when the UTC time stamp might be repeated.

Also many computer systems based on Windows, and some on Linux using crude time-adjustment methods instead of NTP-like daemons, can't keep sub-second accuracy by default so if worrying about remotely logged time you have such issues today.

The only big issue are folks using time-wasting loops, etc, rather than tested library calls for such matters, they might get in to difficulties if time steps backwards. But people test their code don't they? Don't they? Oh...

Chinese Gen AI researchers snagged more patents than everyone else combined since 2013

Paul Crawford Silver badge
Terminator

I wonder how many of the AI patents have been written (in part or whole) by AI?

Tech luminaries warn United Nations its Digital Compact risks doing more harm than good

Paul Crawford Silver badge
Facepalm

Re: That horse has already bolted

Governments I'm sure couldn't do any worse.

Don't be on it.

Despite OS shields up, half of America opts for third-party antivirus – just in case

Paul Crawford Silver badge
Big Brother

Re: Complete non-sequitur

Hint, it is not for your security! Hint, DRM

FreeDOS and FreeBSD prove old code never dies, just gets nifty updates

Paul Crawford Silver badge

Re: Why?

We used DOS & dosemu on Linux to run old DOS software (no surprises there...) that is specific to some old ISA cards for controlling hardware.

This has the advantages over actual DOS or Windows 95/98 in having security of any sort, network stability, time-keeping accuracy, etc. It also has advantages over the Windows 32-bit NT series (NT, w2k, XP, 7) in security to a large degree, but in our case you can configure dosemu to "punch through" the usual hardware protection so the DOS software can directly access specific I/O addresses as needed to work with the old hardware.

Yes, we could have re-written the software as a proper Linux driver & application but that would take a lot of time and cost, and end up doing exactly the same job.

Google Translate now fluent in 110 additional languages from Abkhaz to Zulu

Paul Crawford Silver badge

Re: I wanted to gitve it a go with afrikaans

Navaho isn't on the list

Do the native American languages have written forms? I know the oral traditions are impressively detailed, but I do wonder how such a computer translation would work if no easy way to write it down.

Antitrust cops cry foul over Meta's pay-or-consent ultimatum to Europeans

Paul Crawford Silver badge

So...everyone who has been harvested for the past decade or two is then due 10 Euro per month from having been signed up prior to this offer?

Beijing says state owns China's rare earth metals

Paul Crawford Silver badge

Re: Biter bit?

I think you will find that practically everything in Chine involving the USA (or others) also has strings attached these days.

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk

Paul Crawford Silver badge

Generally we also use the UFW rate-limiting option on SSH access. Yes, sometimes you can't login as others have borked it for you through attacks, but in this sort of scenario it keeps the Barbarians at bay.

Just checked and 20.04 is not impacted, nor is the version of Rasbian I'm using.

Juniper Networks flings out emergency patches for perfect 10 router vuln

Paul Crawford Silver badge

Your network might get juiced...

What do CTOs hate most about GenAI? Tool changes that break stuff

Paul Crawford Silver badge
Trollface

Oh come on, so obvious! Just ask the AI to fix the problems.

Indonesian government didn't have backups of ransomwared data, because DR was only an option

Paul Crawford Silver badge
Facepalm

Money well saved! Oh wait...

Paul Crawford Silver badge

Don't these data centres support snapshots? Not a replacement for backups if the data centre itself is destroyed or has catastrophic hardware failure, of course, but for ZFS (and I guess other file systems like the NetApp one, etc) they have very little cost/performance penalty and make winding back in time really easy.

CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust?

Paul Crawford Silver badge

C *has* been improved (more than once); one of the winners in that competition was C++;

I would argue that improvements in compilers and test tools are as significant if anyone actually uses them. gcc has flags that make it very verbose about possible risks, they are helpful (if occasionally wrong/irrelevant) in finding mistakes, much as lint and similar tools would do. Probably the most useful these days is the ability fo check printf() strings match the arguments and the ability to also apply that checking to variable-length functions of your own.

https://gcc.gnu.org/onlinedocs/gcc-9.2.0/gcc/Common-Function-Attributes.html#index-Wformat-3

And yes, that variable-length stuff is a suspect construct but so often is needed, at least for maintaining code.

The other tools are the likes of valgrind and the electric-fence library to dynamically check for memory abuse. If you can run your code's test suite with either of them, and said test suite has your Bobby Tables gibberish inputs as well, you are well on your way to avoiding memory bugs.

But remember boys and girls, there are so many other bugs out there to try! How many CVE are down to hard-coded passwords or other lack of input sanitation style of errors?

Paul Crawford Silver badge

Re: The Rust Evangelism Strike Force...

a good reminder that non-memory-safe, legacy languages are not going away

Very much so! While it might have been better not to have written some projects in low-level languages, they exist and re-writing is a massive undertaking that may well introduce other logic bugs. Better use of development effort would be tools and actually using them to fix some of the critical existing code out there.

Microsoft tells yet more customers their emails have been stolen

Paul Crawford Silver badge

The Rabbit R1, an AI-powered … thing

Here was me thinking Ann Summers and maybe the R1 was actually a good thing...

American interest in electric vehicles short circuits for first time in four years

Paul Crawford Silver badge

Re: How much is "who" and how much is "what"?

I'm not entirely shocked at the argument that people buy or don't buy specific vehicles based on (e.g., Elon Musk's) image

Have you ever seen a car advert made in the last 20-30 years? They tell you bugger all about the car's performance or capabilities, it is all about image, either a lone image-conscious tosser or a happy-clappy family driving around deserted roads rather than real world city traffic jams and limited parking place. They know people buy on image, which is why Elon's antics have had such an impact, not just his politics but also the general lack of trust.

Bill Gates says not to worry about AI gobbling up energy, tech will adapt

Paul Crawford Silver badge

Oh yes, 640MW is enough for anyone!

Windows: Insecure by design

Paul Crawford Silver badge

Re: I hear you loud and clear

I guess I'd have to have a second work laptop. And no, I'm not going to VM Linux into my Windows or vice-versa. I'm not a systems administrator.

Dual boot?

Really running in a VM is easy provided you don't need any specialised hardware support or fancy graphics acceleration. These days I run Linux as my desktop and spin up one of a handful of Windows VM for specific software as needed.

Linux is not totally trouble free, but the more I see the decline of windows post-XP onwards (with 7 as brief respite) the happier I am not to have much to do with it.

ISS 'nauts told to duck and cover after dead Russian sat sprays space junk

Paul Crawford Silver badge

Re: "a debris-generating event in Low Earth Orbit."

Stored energy.

Sometimes a fault results in a battery over-charging and exploding, or similar for any left over propellant in attitude thrusters. If a satellite is fully functional at the time it is deemed end-of-life then you can usually vent all fuel and disconnect batteries, etc, but things don't always go to plan, and faults might just cause batteries to fail anyway.

Nothing specific to Russia here, the American NOAA-16 weather satellite has a similar fate (fault/end of life, some time later broke up).

Microsoft makes it harder to avoid OneDrive during new Windows 11 installs

Paul Crawford Silver badge

Re: Is Microsoft worse than TikTok?

The Chinese and Russians don't seem to have a problem wandering in to MS cloud storage when they need to...

Reddit hopes robots.txt tweak will do the trick in scaring off AI training data scrapers

Paul Crawford Silver badge
Trollface

Re: Poisoning the honey pot

...feed them a pile of gibberish, misinformation and random garbage

Cunning, but some sites already provide that as their core activity?