Posts by Lee D

I don't claim to be in the upper echelons of IT, but I worked my entire career in it, let me describe to you every piece of functional (i.e. turned on and vaguely modern) kit in my house:

1 laptop (until this week, was 2008 model, now I have a 2020 model!).

3 Raspberry Pis (2 x Pi4, 1 x Pi 3)

A laser printer from 2000 (no exaggeration).

A router from 2010.

A 4G box from 2018.

A projector from 2010.

A smartphone (2020 model, but quite budget).

And that's... pretty much... it.

However this week alone I spent £25k+ on Chromebooks for work, not to mention monitors, PCs, laptops, phones, etc.

The reason is quite simple. When I need to do work, I connect to the work stuff. Which is £100k+ of servers and same again just for the networking. When I'm at home, I just need stuff for me, and to connect to work (where the real stuff is).

Hell, I've been issuing junk to people just so they had something to get online with so they could remote in and use their "real" work PCs and so on. Now I wouldn't expect some IT guru to have *nothing* at home like some people, but they don't need to take all the proper kit home - and if they're dealing with data, they damn well shouldn't be!

And I have done my job entirely from a foreign country using a phone before now. It's not fun, but it's possible. Now that we're in the era of HDMI / USB / Bluetooth on phones, connecting a mouse/keyboard/monitor to one and using it as a full PC is more than viable - they are actually damn powerful nowadays! But you don't need to have a lot at home to log in and use the real kit.

There's actually a psychology at work here. I will in preference issue a merely "technically viable" device, over some shiny new expensive kit. It encourages people to actually go out and get their own if they want something better, while removing all "I can't work from home because the company didn't issue me with anything" nonsense. If you gave them Macbook Pros (or whatever), they'd ALL want one, it would cost a fortune, and anything else wouldn't be seen as acceptable, even for the new kid or the IT guy who already has everything at home.

Give them something that is viable - not just minimum spec, but enough that they can't really complain about it. Then if they want something better, they can shell out for it. But if they have nothing at all, they'll be grateful for it. You save tons of money. Everyone is happy. And the techy guy can pay-for and use what he likes (if you have such a daft policy).

I find laptops, especially, to be a status symbol item. Someone gets one not because they need it but because they want to be seen to need it (they're SO important, obviously, that they've got to have a way onto the system even at 3am, etc.). Then others want them because X has got one. Then everyone strives to get one and kicks up a fuss because "Well, X was given one, aren't I as valuable an employee?". And before you know it you're paying for everyone to have laptops that nobody uses, but that many people break or just use for their home browsing despite it being a corporate device.

If you don't go down that route, or if you stop at the "This is perfectly adequate, and that's all you're getting" line, then it works far better.

Re: Apple said the case was not about "how much tax we pay, but where we are required to pay it."

Did that.

Was made to buy a ton of iPads for a workplace.

Got them from some grey import from Singapore in the end. Damn sight cheaper, and I have an invoice from the usual IT supplier to say we paid for them in full - they're legit, and I wouldn't be liable for any taxation reinspection on them, so it's not my business where they have come from.

Signed them all up, they all worked, for many years - some still in use years later despite my protestations. Never had a problem.

The only issue is that Apple won't support them, but given responses received from Apple's support on a number of issues in the past, that's actually one headache less than if I had bought them in this country.

Our usual suppliers threw all kinds of accusations at the company that supplied them (who we obviously went with because they were so much cheaper), but as a customer, that's not my problem - we weren't dealing with cowboys, so where our supplier gets them is their business, and they were very upfront in emails etc. that they were imports from Singapore.

I'm far more concerned that it's cheaper to buy the same product in Singapore, ship it halfway round the world and STILL undercut all your competitors, than it would be to just buy the product direct in this country. That's the issue, as far as I can tell. And I don't believe that whoever imported them didn't actually pay import taxes, etc., as they were quite openly on the record doing so and it's not easy to import thousands of iPads under the radar, I imagine.

When the profit margin for all involved happily ships expensive containers of heavy, valuable items around the world and still wins, there's something wrong with the business model.

Re: So, IPv4 addresses are like petroleum

A condition of 4G/5G and DOCSIS cable standards are IPv6 support.

Google gets a ton of IPv6 queries - something like 25+% of their searches are on IPv6.

People are just too lazy to actually deploy it.

(Hey, Reg, any AAAA records yet? About the 6th/7th year of "we're working on it?"

If the biggest stumbling block is people asking how do we abuse the system, chances are it's a good system.

Re: Free Vs Paid

Same, all the time, but sometimes it works out.

We bought a very expensive access control system. It provided only the very barest of reports, in ancient HTML, generated from a Java server-side applet, and they were basically unchangeable.

One of the things we wanted was a firelist - just a list of who is "in" or "out" of the building. It's literally, in coding terms, "what was the last transaction today for each user". Did they last tag out? Or tag in? Or have they not tagged in at all today? That lets you know if someone never came in, if they came in but have definitely left, or if they came in and are still milling around somewhere. All three are important because you often got "Oh, but I've seen X today." - yes, you did, but they've gone since.

Anyway, the software report was useless. It couldn't be triggered at a particular event or time. It had to be accessed with a web browser. It was clunky, took many logins and clicks, and sometimes Java just fell over - oddly if you specified criteria to narrow it down, it used to fall over more often (i.e. "I only care about John"... crash. "Okay, give me EVERYONE." Report comes back just fine).

So I'd been working with the same software at a previous employer and I had written a script. The software was based on a Firebird database (a bit like SQLite - a single flat file is your SQL database, so no install dependencies, etc.). So I just installed a small command line tool to query the database and wrote a script to query everyone's last transaction for that day. Took me about an hour. Ran that software for about 10 years now, over two different employers.

The beauty also is that because you can just make it a "one-file" script, you can make the access control software run it on a particular alert, which you couldn't do with their own reports. So when the fire / lockdown alert is triggered on the system (which would normally open or lock the doors respectively), you can get the software itself to run the script which can print out / email the report automatically. Generally speaking, before we've even got out of the building or - sometimes - before the alarm is even audible in some buildings (there seems to be a slight delay in the fire alarm networking, but I don't touch that) you get an email with everyone's name and what they last did.

Hell, I bought thermal receipt printers and each building gets an automatic printout within seconds. You can literally hear the alarm, RUN for the doors (not that I would recommend that) and on your way out, there'll be a printout ready for you to grab and check off names. (Note that we're not *reliant* on that, but it's a far quicker way to check than manually checking the staff lists that are taken out as part of the fire procedure).

Anyway, did this at one employer. Moved onto the next. Discovered they had the same software (and were serviced by the same friendly engineer! Love that guy). Checked with the employer and implemented the same system again.

Obviously, in those years, people have constantly asked if there's a "supported" method. There is. Pay a fortune to the manufacturer for a "firelist module" for the software, that's not as good, produces a rubbish hard-to-read report, can only print on A4 (you wanna wait for the laser printer to warm up?), is several pages long, etc. etc. Told them to stick it. Free script has worked better for a decade.

The best irony, however, was when my old employer tried to replace the system that I'd left there with the official one. They hated it. Demanded the company change it. A bit of history: I left that employer under such a cloud that I reported them to the authorities (I discovered they were doing illegal things) and many senior managers were forced out of their jobs because of my and other's reports and within a year almost nobody on the staff remained of the original employees and there were a dozen unfair dismissal lawsuits from people like me because they'd basically tried to sack all the dissenters. So they basically tried to scrub everything I'd ever put in place. Anyway...

The access control company were told they needed something better, so they went through all their channels. They told my previous employer that they didn't have an official module but that they could get something working. Something that one of their engineers had seen at a client's place. Said engineer was my friendly engineer. Said client was my new employers. Said system was MY system. That the old workplace literally had before they started changing everything.

I offered to sell them my "supported" version of the same system, for slightly less than the price that the manufacturer would charge for their rubbish firelist module. They then got wind of where it had come from, and sadly didn't take me up on the offer. I was very pleased because I didn't really want anything to do with them, but would have greatly enjoyed having to go back to that place to show them how to put my own system back how it had been when I'd left... at great expense.

Re: So why do people print stuff out still?

You find an answer to that, you let me know.

I just had to tell a school teaching department that they are using three times the printing of the next nearest department.

They were wondering why they don't have a budget. Because of covid, etc., the budget for the entire subject is now literally less than their printing budget on its own.

Bonus: It's not even Art or English or something that you might expect to do a lot of printing.

Modern 2020 school, with huge fees, complete remote operation for the last few months, and yet we're paying thousands upon thousands for printing, and churning through dozens of trees.

In one of my previous schools, there was one printer. That was it. Everything went to the one printer. And because you had to walk to the printer to pick things up, and large jobs tied up the printer, nobody ever used it or needed to use it.

Re: Typical

Most of them won't address you by name or even include the account number in the email now. Just in case an email goes astray to the wrong address and they get done under GDPR, one assumes.

My Amazon Mastercard is like that. The emails are non-descript and, rightly, just ask you to log into your account to view your statement.

Re: Use offline encryption/decryption

We have encryption with perfect forward secrecy (so even the encrypted text and the stolen-afterwards private key does not reveal what the message contained).

Any criminal who's just paying a French company for a "secure phone", the same as his mate's "secure phone" is the low-hanging fruit of those who are communicating secretly and don't wish the police to know about it.

Re: Assertions that ME is a backdoor

Irony: Some idiot will buy one of these and then slap an antivirus program on it.

Re: Won't be shopping in John Lewis any more...

"I'm going to pay a middle-man to employ the same staff I used to employ, pay the same tax and pensions as I would have to, to provide the same service, but subject to *their* service levels (i.e. 5pm, we're done mate), when they have dozens of other customers, then add on 20% for their profit margins, who after a year will get rid of all the expensive staff and replace them with minimum wage drones."

Sorry, but outsourcing never made any sense to me at all, unless you're the outsourcing company and getting 20% for doing a job that someone else could have done for themselves anyway.

It's like a homeowner paying a guy to put out their bins. More money than sense.

Re: Could this become the official UK postcode and address database?

I'd really rather myself (or my courier/parcel) be "lost" within a few hundred metres of my destination because we confused some similar-sounding words than quite literally be unable to determine where on the planet it should have gone without any accuracy at all.

Close verbal matches isn't the problem (you just eliminate "bat" and don't include it or any rhyming word in the system). It's that there's no *order*. "band" and "banana" should be close together, but sound completely unique.

And as soon as we get into such things, then grid references make far more sense for all purposes.

To be honest, you can pretty much text anyone a GPS lat/lon now and they can usually click on it and load it in Google Maps, or a satnav app. Why we needed an extraneous system to "simplify" that in three out of 40,000 possible words (to cover the ocean), each of which is 5+ characters long, I can't fathom.

It's like domain names and IPs. Nobody needs to type in a domain themselves nowadays, or use an IP address. You just send each other a contact detail with the info and let the computers do the work for you. That's kind of their purpose.

Introducing non-ubiquitous, app-requiring, proprietary formats of any kind to add to that confusion is just silly.

Have literally never sent, received, needed or even seen a real-world use of W3W. But I can text my dad a lat/lon and my GPS tracker sends me a Google Maps link with the same info (even inside a .kml if it's live-tracing), and all my favourites on my satnav are shared to the cloud, and all my contacts on my phone have their address so I can just navigate to them if necessary.

It's yet-another-service that the people you want to have it just won't have.

Re: Look, they couldn't even cobble together a...

If you mess up a government project, they pay you more to carry on fixing it.

If you keep messing it up, nobody else will touch it so you have a guaranteed income for life.

It's really just a case of following the money. Capita, Serco, etc. - all those places that supply such services operate on the same basis. Get the contract. Throw something out. Spin it down the road long enough that they have moved over and can't abandon it, then provide "fixes" for just slightly cheaper than it would cost to throw the whole thing out and start again. Guaranteed income for decades.

Government Gateway, HMRC, DVLA, Universal benefits, the NHS, schools, all kinds - all in the same trap. And all kept there because certain government ministers can't write a get-out-clause in a contract, especially when they part-own the company in question.

HS2 heading the same way. The NHS app.

If you write something and it actually works, and is good, clean, transportable code, then they could go to ANYONE next year. Write a piece of junk and jam it in quick enough and you have a company income guaranteed for years to come.

Re: Any news of a Libre_mail client

I would like to know too.

I'm still running Opera 8 (?) purely to collect and sort email (I moved on to other things for my browser, and the "new" Operas have basically abandoned mail functionality.

Massive SQLite database underneath it with 20 years worth of email over a dozen accounts, searchable in a trice.

Tried everything - even Pegasus Mail at one point. Can't find anything that I can get on with or that is as fast when searching that amount of email. An LO alternative to Outlook would be great.

Re: I wonder why?

No problem.

You be nice to everyone and then take responsibility for when your sign-off appears on a 0-day, root-level compromise of the entire world's back-end systems.

Or when it BUG()s in the middle of a driver code because the driver author was too lazy to use the proper path to print debug information (hint: BUG instantly crashes the kernel, with no hope of recovery - no production driver should EVER contain the macro BUG for anything). Which was literally one of those patches commented as such. Yes, that one-line debug script would literally instantly stop millions of machines at a random time if it had hit mainstream deployment, which means data loss on an epic scale, not to mention loss of service.

Sorry, but if you can't handle criticism of such idiocy - however delivered - when you're in charge of even a small part of the world's most widely-deployed and widest-scope OS, then that's the least of your problems.

Especially when - in every case listed - such stupendously ridiculous code was pushed through several levels of review and maintainers and ended up nearly being pulled into the kernel before it was noticed how ridiculous some of it was (e.g. including their untested code in every single kernel config by default because they didn't know how to make a patch, and nobody bothered to check, etc.)

Re: Low-voltage DC is just USB now

There's a reason for that - 24W is barely enough to turn those kinds of things on, let alone operate-and-charge at the same time. Even my old laptop would fail to charge on certain 19v chargers - it would accept them, but if you did anything vaguely interesting, the battery charge would fall WHILE it was running on mains... you just need more oomph.

Now, granted, it should warn about that scenario, but there's no way on earth you're ever going to power a laptop in any fashion from an ordinary 500ma/1A/2A USB cable. The voltage is only 5v, for a start, which is not enough to charge a 17/18v battery at all, no matter the current - the physics just isn't there. There's a reason we have 19v chargers and why USB-C's high-power mode is 20v. You'd actually be better off with a PoE charger... at least that can hit 47v!

Phones generally only have a 3.7v or thereabouts battery. That's why they can trickle-charge from just about anything. Hell, you could arrange three AA's and it would charge.

Without voltage transformers (which cause even more loss of power), there's no way "ordinary" USB can charge something like a laptop, especially not if it's running at the same time.

You need the "full" charger, as you say, which is one that provides the 20v negotiation. Not all chargers, cables or devices are capable of utilising it - it was a much later standard and required complete hardware redesign and extra chippery to manage it.

Re: How is this STILL a thing!?

You mean like repeated emails to the postmaster address, a grace period during which only the owner can renew it even if it goes offline, and an appeal process?

This only happens when people are not just incompetent but government-department-incompetent - signing up with an employee email who leaves, or literally never checking the postmaster mailbox, and not having anything as simple as a calendar entry which would warn the appropriate technical staff.

Don't forget - someone, somewhere is running a server with that content on. Was that still being paid for? Was it hosted in-house? Or was it terminated as part of the same contract as the domain? Who was responsible for it? Who was maintaining it? Who was updating it? Which datacentre did it reside on? Why did they not notice when the domain went into a grace period? Nothing even as simple as one of those free "is your website still working today" automated tests? Were they still paying for it on the server end?

Sorry, but if this happens to you, then you necessarily should not be running Internet-facing servers, especially for government services. It's a symptom of a complete lack of maintenance and interest.

And, more importantly, who authorised the .org.uk in the first place when they could have had a .gov.uk that could not possibly expire? Why was it anything but a redirect for all those years? Why did the *real* gov.uk site not get anywhere near as many links as the original .org.uk for all those years?

It goes far beyond "we need a way for people running small businesses to renew their domain at the scheduled time", and no scenario like that would fix it.

Re: Idiot-tax ...

"Ancient recycled old rubbish soon loses its comedy value and..."

sells for 3-4 times the price of other kit just because it has an Apple logo on it.

It's hard to write good copy, especially in keeping with your target audience. Do you read every article? No, but someone has to write every one and if the article just said "Apple will enable encrypted DNS", you'd quickly get bored and go elsewhere.

There are thousands of IT news sites out there. I like a little informality. I don't really care about cliche, it doesn't hurt or hinder me. If you're here for original comedy with every article, I really think you've chosen the wrong kind of site.

And I use the words idiot-tax for all kinds of things - parking tickets, speeding tickets, designer gear, etc. etc.

Re: Legal jurisdiction

If you hacked, say, the Playstation network in Japan and exposed millions of credit card numbers...

... would you not expect Japan to file an extradition request so you could stand trial in the jurisdiction the offence was committed, rather than one that has no law, evidence or jurisdiction about you breaking into *Japanese* systems?

This is literally the definition and the necessity of extradition.

And Assange is accused of conspiring (at minimum) to hack into US military systems. Which, in at least once instance, resulted in success for a short time, with Assange being the person who published the articles in question.

Re: Meh, sounds, animated effects, transparency

Yup.

And install Open-Shell (formerly Classic Shell).

But to be honest, I turn off the music as the very first action in every game I ever install.

Oh, and my desktop is a plain blue background.

Re: A subscription fee for email‽

"All" emails at my domain exist - I don't have to create accounts/aliases.

It doesn't mean that they will go anywhere useful until I authorise them to, however. They get held in limbo/quarantine until I allow that alias to deliver mail onwards to the real inbox.

Catch-all on the domain, mailbox storage on the catch-all, forwarding only for listed aliases.

I literally do <companyname/code/made-up-on-the-fly-names>@mydomain.com and email always gets delivered (I have a 5-minute greylisting on new aliases, so obvious-made-up spam rarely delivers even into the holding mailbox).

The worst I ever have to do is override the greylisting if I'm bored of waiting the 5 minutes that they are asked to wait before retrying delivery.

Re: What's the true cost ?

I'm not convinced the expense and security is worth it. If you can open the door, or turn on things, it's only a short hack, or an off-by-one error in a customer database somewhere, away from that happening without your will/knowledge.

You're burgled. You tell them the door is under cloud control. There's no other obvious sign of forced entry. (shrug) Uninsured. You have no idea what actually happened or didn't.

And this stuff is going out to the cloud, or your phone wouldn't be working it. And likely even when you're only on local wifi. There was nothing wrong with a local X10 setup but now everything is configured or proxied via cloud-based apps. It just doesn't seem right. The surface area of attack just rose enormously because you have some crappy lightbulb on your 2.4GHz wifi, with all the keys etc. plugged in, and talking home to some random Chinese server to interface with Google Home or whatever.

And though lights and things are fairly harmless, when you start putting heating and other stuff on, you get to the point where things can be extremely expensive and/or dangerous if people can switch them on and off.

I'm a tech guy. If I want a light to go on and off, I'll fit a timer or a PIR that detects movement. If I want the heating to compensate for the patio door, there are literal thermostats that will detect such situations and alert you (even over text if you want). At no point do I need to involve my wifi network, Apple or Google to do such things.

I'm not one of those paranoid "I won't use Chrome" people - I have to trust that Google treat my data in accordance with DPA, GDPR, etc. and anyone who can override that is breaking the law and/or is the law themselves. But the chain of dependency, and the unnecessary third-parties, I just find dodgy.

Then you start adding in cameras, and before you know it, any one of several thousand employees at Google/Apple not only can see your front door and when you left for work, but they know where you hid the key, or have a button to open the door (or even the rear patio), and a mate who lives down the road who's short of money.

Hell, I'm suspicious of airport parking - those people have my name, address, and know exactly when I'll be on holiday and when I'll return. I find that disconcerting. It's not that I don't trust Stansted, but that I have to trust *every* employee in the chain with access to that information, who may never get traced even if they discover they have a major breach of confidentiality on their hands.

Now the guy at Stansted would have to go look at my house and figure out a way in and wouldn't know if I had an alarm, a neighbour staying there, or remote cameras or whatever, so they probably wouldn't take the risk and are no better off than any burglar. But the guy who's got a slog-job at Google or some contractor, has access to all that information and devices and is required to sit at a desk all day doing some boring analysis/customer support work and decides to go rogue? Him I worry about. And his mates.

This stuff is fun and gimmicky. There are uses (don't doubt it - when I get old and infirm, I ain't getting up from the sofa to switch on the light! I've actually argued that all homes should have central-computer-controlled lights, heating, etc. rather than switches and cables pulled through every part of the wall). But the cloud-interjection and run of your local network is unnecessary.

I'm actually more tempted to buy a bunch of dumb remote switches and sensors (433MHz or whatever) and a control module for a Pi and do the logic myself (even have voice control with certain built-for-home-automation distros).

Software babysitting your child's Internet access is not parenting.

I can't convince my ex-wife to let my 11-year-old have a smartphone on their home Wifi (no SIM) enough so she can chat to her friends on a social network, while the ex- and her family are in the room. And the kid is THE MOST sensible kid I've ever seen (not parental bias, she just is).

If software lockouts are necessary, it's actually encouraging lazy parenting and blame-shifting ("Well, Apple should never have allowed that webpage to work on their iPad!" is a literal word-for-word phrase I've heard from a parent in the school I work in, when their child managed to get on a website at home, on their personal iPad, on their home Internet... no supervision, they just expected "Apple" to sort it out so it wasn't possible).

So I disagree with the concept of net-nanny software. I think parents should have supervision. In fact, I think "parental control software" should be a remote view of whatever their child's smartphone is showing currently, with a log of programs run, keys typed, etc. Otherwise, it's useless. And I think Internet access for vulnerable groups should be done in an open and supervised session, much like they're made to in school.

It's like expecting nightclubs to offer a safe-bus for kids under 12 to get home at midnight from the town centre, when what should be happening is the damn kids shouldn't be out at those hours, in those places, at all. Sure, we're "helping" and "doing the right thing" in getting them home safe, but it just shouldn't be an issue at all.

Re: RIP Hackintosh

Got nothing to do with people discovering that MacOS is just shiny interface over poor hardware, then?

I ran a MacOS VM inside VMWare for years - allocating it all the resources of the Mac hardware that people were running it on, it looked very slick. But it's all looks. Sure the slidey bottom back was smooth as silk (pre-generated cached bitmaps in a range of sizes to make it look like it was shrinking/growing the icons in real-time distortions). But under the hood it was pathetic in performance.

In reality, the hypervisor running that VM had something like 3-4 times more resources, and laughed at running MacOS in a VMWare box that out-specced anything Apple were selling at the time. And it was running on a laptop. A second-hand laptop. A nice one, no doubt, but not some £3000 monster. And it could virtualise MacOS with equivalent specs while I encoded video and played games in the background. It laughed at what MacOS required and the MacOS VM still worked faster than a real Mac.

MacOS was all show, and it wasn't that long ago that I did it.

I'm not sure that there is a serious hardware person out there who thinks Mac hardware is well-specced, certainly given the price. Going to Intel showed just how far behind they were.