* Posts by Lee D

4232 publicly visible posts • joined 14 Feb 2013

By gum(stick): Samsung speeds up 970 EVO Plus drive

Lee D Silver badge

Cache is low-write. It's literally picking up "things you use often", writing them once and then reading them lots. That's the job.

Few tasks actually require huge write lifetimes. Active storage in a large array dedicated to nothing but huge amounts of write-able live storage, that's about it.

For ordinary servers, computers, etc. you just aren't generating anywhere NEAR enough data to write that amount over any reasonable lifetime.

1200Tbyte written means that if you can write at 3Gbit a second... what's that? An entire month of constant, full-on, maxed-out, nothing-but-writing, never-reading. It would literally take you a month or more to kill it, on average, in the worst possible kind of destruct test, generating data direct from a CPU and just writing it straight to disk, by writing alone at it's top specification speed (which is an entirely unrealistic scenario).

Nobody's generating data that needs be written constantly at 3Gbit/s onto one of these. If they are, these things aren't suitable and nor is anything except something made specially for that (IBM enterprise SATA SSDs for huge blade storage are in the 3 - 30PB range with 5-year life designs, this is 1.2PB, so approaching what you'd get in a datacenter SSD for a few hundred dollars). Most places will be bursting-writes, swamping constantly with READS (which are "free"), and anything serious will be spreading over hundreds/thousands of such devices.

Honestly, I wouldn't ever worry about SSD/NVMe lifetime anymore. It's now outside any average person's / IT department range for concern and has been for a few years.

I replaced all my client machine's drives with SSD. They are literally not even hitting 1% of their write-life, many years later. I have an EVO 850 in my laptop that gets 24/7 use. It's just hit 3-4% lifetime after nearly four years. In that time, I've replaced DOZENS of hard drives, even RAID-sets, high-write surveillance sets, and just ordinary server drives because of failure. I've not yet replaced one SSD that have been around for as long, if not longer. And I literally bought the cheapest, junkiest SSDs I could, expecting to just bin them as they failed and budget replacements for when I would have more money available. I've not had to.

I can't see me ever buying a hard drive again, unless it's to conform to manufacturer's specifications (e.g. storage arrays that don't "officially" support SSDs, CCTV sets, etc.)

Lee D Silver badge

Why the hell is anyone faffing about with spinning disks any more?

Those numbers are amazing. And 1200Tb written? Wow.

Office 365 enjoys good old-fashioned Thursday wobble as email teeters over in Europe

Lee D Silver badge

Technically, my in-house Exchange has had better uptime than Office 365's Exchange servers.

Same for my AD.

Given that I've had power cuts, people digging through cables destroying leased-line fibre and joining 100kW 3-phase to all the earths in the site with a digger-bucket, etc. not to mention things like server RAID failures, etc. that's quite a poor show on Microsoft's part.

I could understand if it was "the connectivity to the cloud for certain people, but the cloud was up" kind of things, but this is literally "you can't get into your mailbox in any way, shape or form" for large portions of their customers.

Court orders moribund ZX Spectrum reboot firm's directors to stump up £38k legal costs bill

Lee D Silver badge

Re: Two words for you ...

There's a guy who sells fit-into-your-Speccy conversion kits to turn the keyboard into a USB one (with an option to pass along the matrix data direct for some Speccy emulators, or emulate a PC keyboard for each press).

That, and a Raspberry Pi would do a much better job.

If you want handheld like this one was, just buy an old GP2X from about 10 years ago. 200+MHz dual-ARM chips run anything the Speccy used to, in standard ARM Linux binaries (e.g. fuse emulator, etc.) on a AA-battery-powered, portable device that stores on SD card, etc. and can even be touchscreen.

This thing is ten years behind even that, and never made it to production, in essence.

Hell, Google GPD Win if that's what you want (a portable retro-games-console rather than an accurate ZX Spectrum with-keyboard remake). £200 and it runs normal Windows 10 on Intel chips in your pocket, plays Steam games, has "handheld console" controls, and a keyboard in something the size of one of those foldable Nintendo DS things.

This thing was poor, outdated, not-speccy-like at all, and overpriced before you even get into whether it actually existed.

Lee D Silver badge

Re: Two words for you ...

Sinclair were part of the original shareholdings in this company, as were Sky who own the old Amstrad copyrights/trademarks in relevant Speccy things, hence it was officially licensed.

Spectrum Next is neither licensed to use the name/image, nor capable of using the official ROMs (which I believe prohibit pay-for distribution).

Hence, Spectrum Next may well be the "logical" successor of the Spectrum, it can't hold much claim to being a legitimate one, like the RCL mess.

That may or may not be a bonus. But I'd be wary of anything that Sky might decide to clamp down upon if the will takes them, especially if it means they avoid another RCL-like debacle potentially tarnishing their name / IP.

The most annoying British export since Piers Morgan: 'Drones' halt US airport flights

Lee D Silver badge

Re: 500g Drone vs 100 ton airliner

You know how that tiny little stone flicked up by the lorry in front can make a complete hole in a laminated windscreen designed to do nothing more than protect you from such thing, windscreens which are now *structural* components in cars, they are that strong?

Yeah, that's at, even at the worst case, a combined 140mph.

Now an ordinary commercial jet may take off at way over that speed, and thus the physics are equivalent at best, but likely much worse (even if it's hitting a "hovering" stable object, it's still the same, physics-wise). If a little stone is capable of shattering a windscreen, and little drone is also capable. A 10-20kg drone (like the type hinted at at being over London airports that time) can cause catastrophic damage in the same instance.

Have that drone flying towards you at a speed as well, even worse.

Hitting intakes, pitot tubes, engines, control surfaces, etc., even worse. If a tiniest part of that thing gets jammed in a control surface you can crash a plane into the ground, especially if it's just about to land or just taken off, the reaction times just don't allow for those kinds of failures.

There's a reason jet engines had dead chickens fired at them to test - even a bird strike can be serious. And while the plane may "survive", they certainly will cause untold damage. And that's a squishy bird, a thing you could wring its neck and break every bone with your bare hands.

Remember the Hudson River airplane?

"US Airways Flight 1549 was an Airbus A320 which, in the climbout after takeoff from New York City's LaGuardia Airport on January 15, 2009, struck a flock of Canada geese just northeast of the George Washington Bridge and consequently lost all engine power. Unable to reach any airport, pilots Chesley Sullenberger and Jeffrey Skiles glided the plane to a ditching in the Hudson River off Midtown Manhattan."

How many birds out of a flock of geese did that take? I bet they didn't hit them all, so not a lot. And worse because it was on take-off where you are low, fast, and damaged control surfaces or engines have effects that can put you down into the ground in seconds. That pilot had a HOLLYWOOD MOVIE made about him, it was such a miraculous save. All from a couple of geese striking a major airliner on takeoff.

It's serious. It's not just playing about. The CAA, airports, airlines and pilots don't just shut down an entire airport for the fun of it, costing them ALL millions of pounds of business and huge reputational damage.

You might well have a dozen drones hit a plane and nothing happens. But it only takes one unfortunate metal strut to lodge in a control surface, strike the engine, shatter the windscreen or any of a thousand possibilities to cause a complete destruction of the plane and everyone on it, not to mention anyone under the immediate flightpath.

Risk = Chance (maybe low) x Impact (potentially catastrophic).

Stage fright or Stage light? Depends how far you dare to open your MacBook Pro's lid

Lee D Silver badge

My laptop:

- has been used almost 24/7 for the last... five years? Maybe more. Work, home, entertainment, abroad, on a plane, etc.

- is robust. It's taken any number of tumbles off the sofa and survived intact, not to mention being packed into a boot / car / plane.

- is powerful. It does literally everything I need and still out-specs some laptops that people still buy today.

- is full of connectivity - HDMI, VGA, USB, Ethernet, Wireless, Bluetooth, SATA, eSATA, SD card reader,...

- has a huge, bright 17" display.

- has industry-standard OS support, including full virtualisation, for Linux and Windows (ironically, it can virtualise MacOS faster while under Windows than a real Mac can run it with the same resources - and I can assign it what a Macbook comes with with just a slider and still have a ton of power left over for the real OS)

- has a full Numpad and full set of keys on the keyboard.

- has power adaptor, dual-drives and battery that can - and have after many year's service - be replaced and/or upgraded.

- can be taken apart with a single standard screwdriver, down to the individual components (which comes in handy when the fans / keyboard need cleaning).

- has parts that I can buy online by Googling the model number and part name from all kinds of sellers. A replacement keyboard cost me £5. A replacement screen is barely £50 (but never needed one).

- has a "real" graphics card and can play 1000+ Steam games.

- has dual-SATA3 drives.

- has an optical drive still, but I may rip that out and put a (slow) SATA drive in there.

- has audio you can hear in a crowded room.

- has unusual little features like a particular USB port that charges devices even when the laptop is turned off (great for charging gadgets while travelling)

- came with Windows 7, also included a free upgrade to Windows 8 Pro (redeemed inside a VM), and both gave me a free upgrade to Windows 10.

- I upgraded the miniPCI wifi card to 802.11ac for about £20.

- I upgraded the drives to 1Tb Samsung 850 EVOs.

- the total cost, including all upgrades is still half the price of any top-line MacBook available even when brand-new, and they don't really match it.

I didn't even TRY and get a top-of-the-line one. It wipes the floor with any modern Mac in terms of raw performance, usability, features, repairability or robustness. About the only thing the MacBook would win on is "higher resolution", somewhat cancelled out by their pathetic 13"/15" screens. It fits in a little-rucksack case that I bought for £10.

I honestly don't understand one jot why people think a MacBook is anything special at all, in any way, whatsoever. It's literally "looks thin and shiny". That's it. You might as well just carry a bit of tin foil with you, for all they're worth, if that's what you want.

Even the Apple "support"... hilariously, Apple are the only company in the world that I've had an employer go from singing their praises to REFUSING to do business with them because they have zero support whatsoever outside of granny taking her stupidly expensive thing back for the young man to press buttons and just give her another one. Literally, zero interest, in £100,000's of business basically handed to them and them alone, to the point where they are on a permanent blacklist for not even bothering to acknowledge or respond to the simplest of complaints (not to mention all the staff I have who have taken their personal devices to Apple "because they'll just fix it for me" only to admit months later that they just bought a new one because they couldn't get any joy because of... whatever reason... too old, stupendously expensive repairs, etc.).

If you bought a Mac, I have zero sympathy. I've removed them all from the company I work for (and that was with me *defending* and trying to make best of their huge investment in Apple for as long as I could). Nobody misses them. I literally now just say "Apple? Sorry, you're on your own" when the usual "Can you have a look?" question comes up now.

One iMac we needed a hard drive upgrade in. Apple wouldn't do it - they had no option or facility to do so. The only third-party who could do it told us why - he has to smash the screen to pieces, remove all traces of the glass, replace the drive while the computer is open, then re-fit a new screen with special glue and pressure-equipment. It was literally the only way to change the drive, if it failed or needed upgrade. It cost more to do that one upgrade than it would have to buy an equivalent PC - but nobody else could even pretend to do it cheaper.

Take it back to the Apple Store. Those are the only people who care a jot about your purchase. Guess why people get disillusioned with Apple support when they try that? Just look at that guy's tweet. They have no interest, and will just charge you for their own faulty work.

They have declared, in a court of law, that Apple devices are only designed to last one year. It was their declaration to get out of providing the mandatory 2-year manufacturer's warranty, as required by law. It failed in court as an excuse, but they declared that point-blank.

Buy your Apple junk. Make Apple fix it. Don't subject your IT guy to it. You're on your own. When it stops working, talk to Apple. Pay Apple what Apple says it will cost to repair. I washed my hands with them, and gave them MORE than enough opportunities to show me where they shine, and so many benefit-of-the-doubts on behalf of my employer, they assumed I was an Apple fan. In truth, I've never owned, seriously used or recommended any of their products in my life. I just managed hundreds of them. That was more than enough.

Struggling with GDPR compliance? Don't waste money on legal advice: Buy a shredder

Lee D Silver badge

Depends.

The frequencies that are used for digital / DVB-T / Freeview now are not exactly the same as those used for analogue TV (471 - 853 MHz in theory but we only had five channels, remember, and so many of those upper channels were never used - I think London TV never went past channel 31 or so, IIRC out of 69).

However, digital TV needs a much better signal than analogue ever did. And even Channel 5 had to have a massive "retune" event pre-launch because not everyone's equipment was set up to receive the frequencies it went out on (VCRs often used the same channel!). So even pre-digital, if you were trying to get Channel 5 you may well find that the aerial you had that had served you for decades was suddenly no use for receiving that, and you'd have needed a new one.

Same happened on digital conversion. Now, all aerials would be "not fit for purpose" if they weren't able to pick up all the digital frequencies (as they change and retune quite often, and you can easily be in the reception area of two transmitters and get two entirely different frequencies from two different directions and try to make the best of what you can receive). Hence, the "digital" aerials aren't any "different" in terms of how they operate but they may well have to conform to stricter criteria and certainly you want the aerial you buy to say digital on it, in case it's a pre-digital aerial that *wasn't* built with those frequencies in mind (it could have been on a shelf untouched for decades!).

Please note I'm able to pick up Hemel and Crystal Palace from my HUGE LONDON TOWN home but I need a signal booster to get anything like decent reception on digital. I even bought a full loft aerial kit, it was actually worse, even with the booster. My neighbours all have the exact same problem. And yet if I swizzle my aerial around, I can pick up both transmitters in near-opposite directions at about the same strength (I do love the mapping now that shows you where they are and where your building is oriented - some of my neighbours are picking up one, some the other, and some are pointing god-knows-where!).

Anyone who was just relying on their old aerial in that area, when digital switchover was happening, would have needed not only a new aerial but also a serious booster, just to get a bare signal.

Currently, tuned to Crystal Palace, I get this as one of my best channels:

Lock (0x1f) Quality= Good Signal= -39.88dBm C/N= 29.03dB UCB= 0 postBER= 0 preBER= 61.0x10^-6 PER= 0

Without the booster, I get no signal lock, and things drop to less than 10dB. With a brand-new-huge in-loft aerial, no booster, I get less than 10dB. With a brand-new in-loft aerial, with booster, I get about 20dB (which means things sometimes break up, and certain channels don't come in at all).

Digital really knocked signal reception for six. A "digital aerial" is a thing that can be vastly different to anything that existed pre-digital. If I tried to pull that stuff it with whatever aerial was here pre-digital, I'd get absolutely nothing whatsoever. But neighbours tell me that analogue TV was fine all the time that was around.

Western Digital deploys heatsink on remodelled M.2 to tempt gamers

Lee D Silver badge

Always been the way: You can't game with Intel.

Unless (like the above laptop) it has nVidia Optimus sitting behind it.

They may change that in future years, but they've been happy with their products being regarded like that for decades.

When you see what something like GTA V is doing, it's a miracle it runs on anything that's not top-end at all.

Read this three-part series:

http://www.adriancourreges.com/blog/2015/11/02/gta-v-graphics-study/

Lee D Silver badge

My laptop is a 2013 model - it was high-end, but not "full-on gaming".

GT540M.

Lee D Silver badge

A SSD makes GTA V playable on machines produced far before it was released. I know, I have one. Before SSD it just paused every few seconds as it read textures in/out of RAM. After, it's smooth as anything. And that was just a SATA-level upgrade, not close to the speeds of NVMe.

Video-editing? Not a chance. 2Tb of raw video is really nothing and you'll spend half your life copying the data to the SSD from some other storage, spend ten minutes editing, and then spend the rest of the time copying it back, even with the fanciest of caching technologies.

And lower-end video is really not benefitting from SSD at all. You can stream HD/4K over the Internet. What do you think having it on a hard drive is going to do?

Get in the bin: Let's Encrypt gives admins until February 13 to switch off TLS-SNI-01

Lee D Silver badge

Re: so you can validate via DNS...

How is that different from any other SSL certificate provider?

Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach

Lee D Silver badge

Re: Well worth doing

You don't need catch-all, just remember to create the address in their management panels before you use it. But even 1&1 and the cheapy 99p domain places don't care how many you have as the number of email aliases doesn't affect a domain host at all, generally.

The solution for the techy people - make a secret format. For example, have the username (before the @ prefix) contain a number with, say, the number of vowels in the username itself (e.g. fred1, barney2, etc.) or some such way of identifying valid emails you've given out (e.g. just prefix them all like valid_username or somesuch). Then just reject ANYTHING that comes in on a username that's not compliant with whatever policy you've chosen.

Still unlimited aliases. Still all at your domain. Easy to remember/create. Stops all the spam username-guessing. Can be implemented with a manual filter on the end account.

Personally, with the above, going to a server under my control, implementing postfix, postgrey (greylisting), Spamhaus and then forwarding to a third-party webmail service the spam I get is zero except to those addresses that I know are spam (e.g. forum signup accounts). Hell, the underlying account gets spammed more than my domain, and that's not EVER been advertised anywhere (I have no need to). Solution: Block all mail directly addressed to the underlying account that wasn't originating from my server. Or just IMAP into your server mailbox direct (but I don't like the thought of running something like SquirrelMail on my own server for web access, to be honest).

Lee D Silver badge

As a demo, HaveIBeenPwned also lets you search for anything@yourdomainname.

I get the following:

The address I use to report brokenlinks on my website.

The address I use as complete junk that doesn't even deliver any more (just bounces anything incoming email with a rude server message)

About 14 variations of the above junk (with appended letters, cut-off short, etc. so obviously lots of spam software suffers from off-by-ones!)

A handful of addresses given to companies that were compromised (including places like Kickstarter, SolarWinds, 1&1 and Macromedia).

Two addresses used to sign up on forums I used to frequent.

Two addresses used on public Usenet mailing lists

20-30 literal made up rubbish that has never existed at my domain (more off-by-ones, e.g. "real" usernames that are alphabetically close to addresses that do exist, but not at my domain).

Most of these things are just everyday compromises of forums and stuff, and using one GMail address to sign up for them all is just asking for trouble. Presumably at least some of those accounts had their passwords compromised too, not just the email address.

These people can't be trusted to keep your account information secure from spambots or password compromises. So use unique addresses and passwords, and then manage them all from one place, including terminating them if compromised and not using those companies again.

Lee D Silver badge

Stop using one email address.

Buy a domain. Make a new address at that domain for each service. If a service is compromised, throw it away / block it, and use another.

Have them all redirect to... whatever you want. Like a GMail. If that gets compromised, you just point the domain at a fresh account and you don't have to go and change everything.

Costs pennies a year. Takes about 20 minutes to set up even in the worst case. Gives you infinite email addresses (and ones to put in spam forms that you have to supply an email). Let's you keep the same emails on services forever, and change to whatever provider you like at any time.

HSBC suggests it might have found a... use for blockchain?

Lee D Silver badge

Re: Probably different model

Absolutely.

Bitcoins are basically generated by an anti-spam measure to stop one person hoarding all the coins without a proportional expense/effort on their part. You could have literally let people get a Bitcoin just by sending an email to an automated address, if you'd wanted, and used that as the ledger entry.

A ledger itself, though, just needs to know who made the transaction, who signed off on it, who can revoke it, and then put it into the ledger. Importantly, even complete compromise of their key cannot erase the history of what that key did, as each transaction is in effect "signed" by the next (basically the core idea of blockchain).

Think of it not like Bitcoin but like those play-by-mail games of old. You collect the transactions, perform the calculations, and modify the "database" in the middle. Then you send out the results of the next "round", everyone else can see the effects of those new results and "previous moves" but you can't change them.

The only difference is that instead of one person performing the calculations, you're publishing the data, letting everyone do the calculations at the same time, waiting for everyone to agree what the result is, and then having everyone sign off on that result.

Bitcoin does that, WHILE solving a pointless maths problems that's hard to solve (I believe it is literally "hashing the entire existing blockchain with random numbers until the hash results in 00000000000000000000000" - or it certainly was at one point). It's literally a time-effort-and-money-burning exercise so that there's something that has to happen to make a coin.

Lee D Silver badge

Re: immutability provided by DLT

At a minimum, I'd expect that they'd need 51% of co-operating foreign exchanges to recognise the transaction as valid before it could be "falsified" into the blockchain.

Coin-based blockchain attacks are when malicious users own 51% of your blockchain AND you choose to recognise their branch of the blockchain as definitive.

There's two different things at play, and a distributed ledger is going to have a lot more control stopping you getting 51% of the ledger under your control - maybe even by the simple precept of "there are only a hundred master nodes and HSBC control 20, another bank controls another 20, etc.)

Lee D Silver badge

Re: Truth

"To execute the attack, the miner acquired at least 51 percent of the network’s total hashpower, which provided them with temporary control of the blockchain"

Sure, if one malicious entity is able to enter arbitrary transactions against your network without your knowledge, after taking control of half the people able to enter transactions on said network (note, this wouldn't include *users* or people *viewing* the chain to verify transactions, only those capable of making their own).

I think you'll find that any distributed ledger would be vulnerable to attack in such a circumstance.

You're literally asking "half-the-world's foreign-exchange banks" to collude to make a transaction that the others will accept as genuine, in a way that's blindingly obvious, flags all kinds of warnings immediately, and would only proceed if you were stupid enough to not put decent checks in your system and wait for the right number of verifications from trusted entities - at that point, you have bigger problems than what you use to record that transaction.

Army had 'naive' approach to Capita's £1.3bn recruiting IT contract, MPs told

Lee D Silver badge

Re: Actually...

Loads.

They all cost twice as much, because they just account for things properly, so it's seen as a "saving" to not use them, even if people make a royal mess.

What they should do is fund prototype creation, test with users, and do it in a double-blind fashion so that the people using and specifying the system has ZERO idea what it costs, and the people offering the systems have no idea how much the other guy paid.

Then you can literally tie them down to "this works like junk, here, take you £10k pilot investment and get out", "This needs to work in the final product, will it work? What kind of speed?", "I'd like you to implement this change in the prototype, here's another £10k", etc. until people are happy with the system and that it does what they need. Then sign off on it working. THEN get into whether it's value for money only at the very final stage once you've got rid of all the rubbish systems.

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

Lee D Silver badge

Systemd suffers from many problems.

1) It was supposed to "replace all those shell scripts". And it did so. For some of them. With opaque C code that's vulnerable to all kinds of overflow and means you can't simply modify it without being a full-on programmer running a modified systemd binary.

2) It was supposed to "resolve all the dependency issues". Which it does... mostly. But via ways that basically require interpreting plain-text configuration files and spawning processes that could have been done in ANY language... including shell scripts. I see nothing that systemd does in this regard that a suitably intelligent single daemon couldn't manage without having to be tied into EVERYTHING. It uses new-kernel features to do some things like process groups, etc. but that's because they *didn't exist* in the kernel many years ago.

3) It tries to replace, rather than utilise or supplement, every service it touches. From "init dependency", it now replaces entirely your local DNS server, syslogging functionality, NTP, network interfaces, hardware detection, etc. and it just rides roughshod over everything, removes all your existing daemons and doesn't even try to do the rest of their jobs.

4) It replaces logging - in the same way that it replaces init/config... it could have just started with a backwards-compatible plain-text log-file but provided a tool that searches and filters them as per its current way of operating, without replacing the way EVERYTHING logs so that you can no longer just cat a log from /var/logs and expect it to be there, or contain the information you want, without going in and basically telling it to do so manually. And debugging what syslog itself is doing is a nightmare of filtering logs.

5) In the end... my computer used to boot up and work and be configurable and was pretty secure. Now it boots up (usually), works (usually), is pretty opaque (yes, I'm sure there's a way to "do" all those things, but it's nowhere near obvious) and is subject to things like vulnerabilities in a root-level binary process that doesn't drop privileges in order to do things like logging a multi-megabyte syslog message safely. Simple ways to add new startup services etc. are no longer simple, backward compatibility with old init configurations is gone, etc. I literally have no idea what it's going to do in what order any more. And it's literally no faster to boot or operate.

I see no problem that systemd "solved" (maybe some cloud-computing datacenter manager has something useful in there, for me as a mere mortal running networks and using a computer at home) - all it did was replace a system I could read and edit with one that I don't stand a chance of doing so without recompiling the equivalent of "init". For a problem that we could have solved in a bash script, while retaining backward compatibility until the natural advantages of it showed themselves.

As far as systemd is concerned - I just boot my distro. If it doesn't boot, or doesn't boot properly, then that's game over. I can do nothing. I don't see that as a plus in any way. In fact, it makes me nervous on every kernel or systemd upgrade that my distros put out. And I will back all problems in it back to the distro, whether by "not using it" or by making a fuss.

When we start getting root-level holes in these things because of simple things like "syslogging a large message" then it's really time to abandon it. Keep the config. Keep the syntax. Keep the same binary name, if you like (for compatibility - I never got why ipchains had to be replaced with iptables when you could have just made both be an alias to iptables which converted the older to the newer if it was ever invoked that way - and now it's no longer iptables either, and so on). Take "what systemd does" and get an equivalent that we can actually understand and use and fix easily.

I consider it a little like DBus and NetworkManager. Suddenly huge dependencies on DBus and X-Windows on everything you touch for no real reason, opaque and conflicting processes all trying to do simple things, and no way to really manage what's going on and instead you have to just "trust in the distro". Literally the core principle of open-source is out of the window not through closure of source, but through layers of obfuscation between the user and what the system is doing.

It wouldn't be so bad if it was a tiny collection of small utilities, one per job, that were replaceable and auditable, but it's now hundreds of thousands of lines of C.

Sorry, Samsung. Seems nobody is immune to peak smartphone

Lee D Silver badge

Stopped at the Samsung Galaxy S5 Mini.

When you start putting back things like removable batteries, not terminating Android version upgrades a year after release, putting the headphone ports back in, and none of the ridiculous race-to-the-uncomfortably-thin/fragile/irreparable, then maybe we can talk. Oh, and stop changing the USB connector.

Oh, and make it a couple of hundred quid, rather than several week's wages.

Encryption? This time it'll be usable, Thunderbird promises

Lee D Silver badge

Re: The only reason "everyone" runs Outlook is because "everyone" uses Exchange.

Samba is used for SMB/CIFS file access. It works. And a lot of devices have it (most is pushing it... most Android tablets would never ship with Samba by default, there are apps to be SMB clients, for example - sure, NAS, media centers maybe, etc. but otherwise no).

But that's just one tiny feature - with no authentication whatsoever. That's the "home user accessing the computer that's open to the entire network" feature, not any significant usage of SMB/CIFS that even a basic NAS would implement.

Centralised storage relies on authentication. Authentication relies on Active Directory/LDAP/Kerberos integration. In the case of Samba, those things aren't "standard" LDAP/Kerberos, I believe (correct me if I'm wrong, but didn't Samba have to ship with its own implementations? That may have changed now, but the days of things like LikeWise Open etc. it was necessary to install completely different and separate versions to the LDAP/Kerberos software that came as standard on most distros).

Samba touts itself as:

"the standard Windows interoperability suite of programs for Linux and Unix.... secure, stable and fast file and print services for all clients using the SMB/CIFS protocol... an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member."

You're talking about unauthenticated (or trivially authenticated, i.e. local computer logins) access to a share... but the software is claiming to offer an interoperability suite for Linux/Unix machines, as well as AD integration and domain controllership.

Additionally, although such SMB/CIFS isn't trivial to implement, it's literally just a tiny and necessary first step to any kind of network integration. It's literally not even enough to log into a network shared drive, for instance, rather than a home shared drive. Samba have had "co-operation" from Microsoft enforced by an EU court, not to mention EU funding, and DECADES of developer time put behind them. And they fulfill one tiny component.

Sure, the software gets used a lot for that (basically the equivalent of "smbclient" functionality, as was), but Samba is claiming to be, aiming to be, and has for a long time wanted to be, a lot more than a network filesystem interface. And yet it still can turn into a nightmare to, say, get to \\domain.com\netlogon ... AD auth, DFS, internationalisation, ACLs, etc. all kick in on even the most bare basics of "trying to get your Unix machines to talk to Windows machines".

There are no domain admin tools. Not even an "AD Users & Computers" equivalent. We're told to "just use the Windows tools" (I'd actually pay more for a Windows AD management tool set that worked on non-Windows computers, than I would for a software that let me set up a Windows AD running on a non-Windows computer). So you can't run a Windows-style AD using Samba alone, without having to manage users extremely manually.

The fact is, 27 years after initial release, 15 years after "Active Directory Support" was listed, it's still not there for anything other than a bog-standard, simple-passworded share - something trivially achievable with TFTP, let alone NFS or similar alternate technologies. But we have "Apple Time Machine Support" and Btrfs-compression!

I have created, managed, and decomissioned entire school networks reliant on Samba and projects like Likewise Open (as was, it keeps changing names) - one school we had netbooks that authenticated against the AD via PAM. They "work". If you're prepared to accept a whole bunch of caveats, severely limited functionality and manageability.

The reason is that it's incredibly hard to follow the protocol. Even just keeping the barest of "I'd like to access \\server\folder\filename" functionality working, up-to-date and secure takes up a vast chunk of developer time once it involved integrating with a fast-moving proprietary product that has to be reverse-engineered.

P.S. There's only one command in Window Powershell that I use with any regularity. The modern equivalent of ntdsutil to promote/demote DCs (I never remember the commands and have to Google them each time, that's how often I use them). Given that I administer Windows networks for a living for the last 20 years, using that as an attack on Windows is really quite weak.

Fact is, I can create and permission a user in Windows AD in seconds, including fine-tuned delegation of AD editing rights to the user, and all kinds of settings, group membership, inheritance, etc. It's just not possible in "Samba"... certainly not without an entire swathe of commands typed in on the console - and in a Samba-only environment, I'm not sure it's possible at all (you need AD Users & Computers running from a Windows machine?).

What you have is the equivalent of saying "We have Microsoft Office" when what you really have is a command-line tool like antiword that parses a .docx file for text. Sure, that may be "all most people need" but it's certainly not what's been advertised for the last 15-27 years.

Lee D Silver badge

Re: The only reason "everyone" runs Outlook is because "everyone" uses Exchange.

"OpenChange is a dormant open source project"

"OpenChange is a great proof of concept, but it is not ready for production use."

Nobody's come close to an open-source Exchange compatible replacement, same way that's it's taken DECADES to come up with an open-source AD compatible replacement (and that isn't really something I'd run someone else's business on... maybe my own, knowing what it is, but not something I'd implement for someone else).

This stuff is hard. It tooks decades to understand and code up things to read video streams from MSN Messenger, etc. and none of them were ever any good.

Just because it exists, doesn't mean you can make a compatible open-source equivalent. Even LibreOffice "isn't Office" to most power-users. Sure, it's suffices for 99% of people, but for the 1% that want to use it professionally, they can't.

You seriously overestimate the resources and talent available to code on open-source replacements for proprietary commercial software. Look at WINE, LibreOffice and Samba. It's the three biggest projects that do so, they aren't "there", even if they are usable, and they have more developers and money than almost anything else (you may find web browsers have more money available to them).

That's why most places don't bother and instead end up with an OS "equivalent" (e.g. other directory protocols, etc.) that they have control over, avoid patents for, don't have stupid legacies to tiptoe around, and they can afford to build and maintain.

Um, I'm not that Gary, American man tells Ryanair after being sent other Gary's flight itinerary

Lee D Silver badge

Same problem.

There's a guy with my name with a Littlewoods Ireland account who obviously never pays his bill. I tried a few times to correct them, now I just send them to spam. Had the same with RyanAir and Paypal and a couple of others.

I have in the past written a nice letter to another guy (also in Ireland, my surname is apparently quite common there but I've never been there myself) who signed up for a Paypal account, added a credit card and then got a friend to send him loads of money. I could quite easily have confirmed the account, changed the passwords and spent such money and there'd be little they could do about it (for a start, they wouldn't be able to get back into the account!).

But I'm a nice guy. I wrote a nice letter (all I had that I was sure of was a postal address), got a nice one back, the account got closed a few days later.

But it happens regularly. Plenty of people sign up for things thinking that my email is their email. I don't even bother to chase it now. I just bin them. They're nothing to do with me, and I'm not going to go logging into people's accounts playing pranks in case it gets classed as fraud by misrepresentation.

The funny bit is that not once have I ever used the real underlying account for anything - everything I do is forwarded from my own domain name to a mailbox that just acts as a convenient collection point. And I use a different alias for every company that I deal with.

As such, just binning anything from Littlewoods or RyanAir or similar that arrives in my account without having been forwarded from my domain name is very simple.

Millennium Buggery: When things that shouldn't be shut down, shut down

Lee D Silver badge

I just love it when you have something like this, and they won't let you have scheduled downtime for such actions.

Though not in the £50k/hour area, I had a similar situation before Christmas... updates had been postponed to an internal system because "we can't take the system down". Updates postponed a second time because "X needs to do Y so you can't update yet", and so on.

There are only a few windows in the year where I can update without everyone whining, and every time "someone" different had to do "something" important and it was always something that I, or they, felt couldn't be left half-done when updates were applied (which included database schema updates of the databases they were using, etc.).

So it got to December. Where I had a three week holiday booked. And so I stated that the update NEEDS to happen. There was much wailing and gnashing of teeth but I got it scheduled in two days before I finished (I'm not an idiot! Never do updates on your last day in!). I got agreement from everyone, a bit of "Oh alright then", but it got scheduled in, and notified, and notified, and notified. And then a day before, someone kicked up a fuss because they realised that there was yet another "something" that couldn't ever possibly be done completely before or wait until after the updates. Of course, that's in their opinion.

Speeding up their schedule to get it done before the updates "wasn't an option" (despite the fact that they'd had MONTHS to do it in). Putting it off until after the updates "wasn't an option". Doing it while the updates were happening wasn't physically possible and certainly wasn't sensible.

I didn't even attend the meeting. I just sent an email saying "It's been postponed multiple times, while it wasn't critical, and now it's critical. I will be updating". There was uproar. Not least because someone then went and told *some* of the users that because of the updates the system would be down on the wrong day anyway (I suspected an attempt at sabotaging the update from happening). And obviously the other users had all been told that it would be down on the scheduled day.

It was then that the emails started getting personal, wondering why I was allowed to have holiday (because I'm human?!), why they were being taken over Christmas (because most of Christmas is compulsory holiday anyway, and there were never originally any updates scheduled for Christmas, and I wouldn't schedule updates over Christmas normally anyway? Literally triple/quadruple-postponements are the problem, not that your IT guy isn't working over Christmas when you do no business anyway), wondering why the works weren't scheduled in (they were), wondering why we had to schedule in downtime for updates at all (which would be a fair point, if it wasn't for the fact that the software in question can't be running on any client when you apply updates to the server, and all clients have to have the same version number as the database they use), wondering why we couldn't pick a "more appropriate time" (I did! Several times! And people not doing their job postponed it again each time!), wondering why "someone else" couldn't do the updates (erm... because it involved both Finance and HR data, so nobody else should be privy to that information, plus nobody else on staff is qualified to do so - or even close! - plus you don't listen to the guy who CAN do the updates, so you can literally go find a new IT guy if you let someone else touch that system / access / password).

Turned out... we did the updates... as originally scheduled... nobody was affected... I was there a few days to check it all went okay... everything was fine... nobody (not even the users) shouted. A lot of fuss over nothing.

And now I can look forward to a discussion about "Scheduling all future updates". Which I do anyway. But now it will always mean "making sure my original schedule lets me throw people off the system", not just polite announcements. Because my schedule takes into account far more than their last-minute "I haven't been doing my job" reasoning ever does. So I checked the calendar for 2019 for when the system can go down. It looks like I have maybe a day in a week in March. And a few windows in July. Let's hope that a) no critical update is required, say for the new financial year or Brexit, b) not one user "has to" need the system in those windows, c) when I schedule it, people don't suddenly remember that ultra-urgent thing that they've put off all year must be done in that day because they're too lazy to do it before then.

Putting off the updates for every whim basically now means that you don't get the option to put off the updates. Ever.

To say that making a fuss over such a non-event was counter-productive isn't the half of it.

Your mates vape. Your boss quit smoking. You promised to quit in 2019. But how will Big Tobacco give it up?

Lee D Silver badge

Re: Look out

An early death costs huge in terms of taxes returned over your lifetime, not to mention effect on any children, etc.

The insurers may want you to die early, but the NHS will still have to fund you for treatment, and you won't be paying back student loans, debts, mortgages, taxes that you've been given (e.g. to fund your education, etc.).

"What an insurer wants" is vastly malaligned to "what's good for society".

Lee D Silver badge

Re: Look out

Imagine for a moment.

Someone makes a biscuit. It's fat-free, sugar-free, non-damaging.

People start to buy it and eat it a lot.

Now you discover that the people eating it LITERALLY refuse to go without the biscuit. A huge portion of the population are buying the biscuits and refusing to stop ever doing so. When they try, they have to take biscuit supplements that have the addiction of the biscuit without having to pay for the biscuit itself. The government starts funding these supplements because the problem of people spending their pay packet on the biscuits is all-too-common, and despite a tax of many times the actual value of the product, people are still buying the biscuits.

People get cranky when you suggest they give up the biscuits. They can't go more than a few days without the biscuits. Over Christmas they all vow to give up the biscuits but by new year they are all back on them.

The problem with this stuff isn't the health effects (though they are horrendous, devastating, expensive, and both self-inflicted and inflicted on others against their will). It's the addiction.

Caffeine addiction isn't anywhere near as bad. Nor is sugar addiction (sugar tax has ONLY just been considered, and that's because of obesity and availability, not because people spend most of their pay packets on sugar).

Nicotine literally turns you into a mindless child who can't do without a substance that they would never have been exposed to in natural life. I regularly make bets with friends or co-workers who are smokers (or vapers) who claim they can "give it up any time". The longest one lasted a handful of weeks and was so cranky in between that I had to take them to one side and tell them to do something about it - they had an arm-ful of nicotine patches. The shortest one literally latest 24 hours, and lied about it, until I demonstrated that not only had they smoked but that they'd done it directly in my field of vision.

Nicotine turns grown-adults into addicted children about something which has zero health benefits, nutrition or anything else for them - it doesn't even provide a "high"... research shows that "nicotine highs" are really just a return to normal levels of hormones because nicotine withdrawal makes you hormonally substandard.

That smokers are moving to vapes is a start to keeping them alive, and honestly their health is the last thing on my mind. It doesn't stop the expense, or the "skills" of rolling / coils / whatever which they are so proud of. I've witnessed an hour-long conversation over wattage and coils and batteries between two people who previously wouldn't have known a AA from a C cell.

It's also not "friendly" as a habit to others. Your stuff STILL stinks. Ever walked past a Lush? That's what you smell like, constantly. Sure, better than stinking of smoke (my ex could smell if I'd been in my parent's house that day, even without them ever lighting up when I was there), but still obnoxious. I once was in a beer garden eating a meal with 20-30 other people and one guy on a distant table had a vape so obnoxious and sickly everyone complained, moved tables and stopped ordering food because it tainted everything. At one point, a guy LITERALLY disappeared in the cloud of vape in the outside beer garden - walking through it just as the guy exhaled - and he couldn't be seen in the ensuing cloud.

Vaping is still a bad habit, and still can be obnoxious to others. From the smoker's view, it's still a waste of money, addictive, causes mood swings, and is unproven (sorry but inhaling some shite that's going into your lungs, is viscous enough to produce a visible cloud, congeal into a fluid, and that may have been bought from China and mixed with lead paint for all you know is never going to be healthy for you!). Those are your concerns as a smoker, though. From a society part of view, you're still substance-addicted with extreme difficulty to quit, to an expensive habit, that's unnecessary and doesn't actually do anything positive for you above "just not smoking anything".

I didn't think I'd ever say it, but I have more respect for cannabis smokers than vapers. At least they are getting something out of it that's not available elsewhere - and rarely do it in your face in a public restaurant.

Racing at the speed of light, Sage superhero bursts through the door...

Lee D Silver badge

Re: Deeply concerned about staff downtime

Much more concerned that there's no central update mechanism, GPO or scripting to run the client update, or even RD so you do the entire thing from one place.

RUNNING around is a sure sign that you don't understand IT and are about to break something much more important than a bunch of shirt buttons.

Hundreds of machines, thousands of users, and I've run more because "some guy just tried to plug in an unauthorised USB stick on the other end of the site" than anything else.... ever.

You better watch out, you better not cry. Better not pout, I'm telling you why: SQLite vuln fixes are coming to town

Lee D Silver badge

Re: Not sure if I read this right...

You'd be amazed at the places that use SQLite.

I've seen it everywhere from access control products to website to educational software.

It's usually bulletproof. Because even when you allow people to throw arbitrarily corrupted databases and any SQL query you like at it, if you properly secure it, it's almost invincible.

As stated, even this flaw isn't possible if someone bothers to read https://sqlite.org/security.html and follow its advice.

The question is not "OH MY GOD WE ALLOW PEOPLE TO EXECUTE SQL IN THE BROWSER!" - it's "what security model is it executing that in?". Fact is that running SQL inside the browser is a very popular, useful and desirable feature (just because you see the potential security problems with them , it doesn't mean that the FEATURE to be able to do things isn't desirable).

And SQLite is pretty rock-solid. That's the first ever serious flaw I've ever seen in SQLite ever mentioned. Look at their security page above... do they sound like they are messing around and just slapping things together?

No software is fully bulletproof. But SQLite comes damn close. And is incredibly useful. Why operating systems don't offer centralised database functionality as part of the OS, I never understood. Everything from users to configuration files to program installation manifests should really be a database, meaning something DESIGNED to be query and modified like a database. MSIs and things do contain databases but not in the same format. A generic, OS-wide, database feature (even down to filesystems, remember the WinFS promises?) is something sorely lacking.

Bookmarks in a browser already use such a database (Opera's bookmarks were a plain SQLite file for what? Nearly the last 20 years? Not much software has that kind of testing behind it). You may disagree with the concept of WebSQL but it's not a Chrome-exclusive feature, and if you're implementing it, I'd damn well rather they used SQLite than MySQL or (ARGH!) MS SQL!

Note: I've banged on the SQLite backends with some programs I've written myself. A school full of kids sitting tests in a custom bit of software, each client literally spin-locking a central network SQLite database to add and query their results on the fly. It worked like a damn dream and was rock-solid. I'd rather ditch the entire rest of Chrome and keep SQLite than the alternative, any day.

If most punters are unlikely to pay more for 5G, why all the rush?

Lee D Silver badge

Re: Well, if they can secure it, then it's okay, I guess

"More secure"

Than a handset?

Than a VPN over any public broadcast mechanism?

I doubt it.

If you worry about security, you don't care about the medium - you care about the measures necessary to secure it.

5G, in that regard, like all its predecessors would always be an untrusted medium for data, and most definitely for voice. It can *be* secured. You just VPN/SIP over it to a trusted endpoint from a trusted handset. Same as anything else.

Selling 5G on "security" is the worst idea possible. Nobody who cares would use it, nobody who uses it would care.

UK spam-texting tax consultancy slapped with £200k fine

Lee D Silver badge

Re: So Tax Returned Limited

I think they introduced a law very recently which combats exactly that.

Specifically the ICO, I think, asked for it so they can chase directors and assign personal liability if the company has been declared bankrupt and avoided the fines they've imposed.

Qualcomm all ye faithful: 5G's soon triumphant... like 2020 soon. Really

Lee D Silver badge

5G may be overhyped. But it's an inevitable requirement for the future.

It's only sensible to assume that, in the next 10-15 years, we will:

- Have more cellular devices online.

- Have more cellular devices per person/household (e.g. smartphones, smartwatches, GPS trackers, cars, smart meters, etc. etc. etc.)

- Those cellular devices will thus be more densely packed and need to share bandwidth.

- Some of those cellular devices will require greater speeds than are available today. Whether that's people streaming 4K movies, playing VR, website HTML sizes increasing, more live-streaming of video, or whatever, it's a reasonable assumption that they will use - on average - more data than today.

As such, 5G is necessary. For nothing else than it's capability to support more devices in the same areas using more frequency bands, with the total speed available to share out from each mast having to be more than at the moment.

It's not that people are complaining - people are satisfied. But you only need one "fad" (think "Pokemon Go / Tamagotchi / etc. but with something cellular-based") and if you have failed to prepare, the whole network will collapse for even today's use. And naturally there will be more things online tomorrow than today. Fail to prepare for that, and everyone's current capacity drops in proportion to the number of new devices. How long before you're buying a "Netflix box" or Amazon Fire Stick that directly streams over 4/5G and doesn't need to connect to your wifi at all? Especially with eSim technology, they could easily do that, and thus bypass issues with other cellular providers or their backhaul providers.

It's an inevitable and necessary upgrade. Hence, why people would hype it up, I can't understand.

I live my life via a 4G Wifi box and a smartphone. I literally do not have a landline connection (despite there being one in the property, it would cost more to activate and use, to provide a slower connection than I already get over 4G). If I can live your entire digital life without ADSL/VDSL/Cable today, then 4G is already viable to do this on. 5G just means that EVERYONE would be able to do so. I game, I stream, I have a SIP phone, etc. etc. Nobody even notices, you just join my wifi from a little box and you're "online". They even question the need for the box because I could just "hotspot" from my phone, they say. They know that... they use it themselves.

5G could easily make your "Internet" connection travel with you (so you can check your plane tickets from work, for instance, without filters getting in the way), and make landlines obsolete. It's far from a useless leap in technology (unlike, say, 4K/8K/HDR/etc. which will still sell millions of devices alone).

Literally, my only hope is that, with the new speeds and high-capacity, data prices will drop. I can get 40Gb for £22 a month. I actually use 90Gb a month on that package (it doesn't include certain streaming services). I really could easily burn through 400Gb in a month if I had the money to do so. There's no technical reason in the way of me doing so at all, even in the middle of a large city inside the M25, sharing the "connection" capacity with all the neighbours and anyone who walks past with a smartphone.

But if 5G gives me bigger data allowances, greater speed, and a more resilient connection using more frequencies, I'll buy into it. Whether that's a 5G SIM in my existing 4G box, or whether that's buying a special 5G Wifi box with eSIM, I know that I'd end up getting it.

Lee D Silver badge

Re: A warning, really.

Same old story:

When I can buy it, in a shop, at a decent price, with a reasonable chance of working. Then, and only then, do I bother to look at whether it's something that I want or need.

Until then it doesn't matter if there's one chip or a million that does the job, one mast or a million, one handset or a million.

Until I can buy it as consumer hardware, through ordinary channels, and it's advertised to me as an available product (i.e. 5G will work on my usual telecoms company, etc.) then it literally doesn't matter.

Same as every battery advance, "electric car", stupendous CPU, amazing new tech, or whatever else.

For fax sake: NHS to be banned from buying archaic copy-flingers

Lee D Silver badge

In the UK both are.

You just may have to retain the original in order to prove its origin via headers etc.

(Hint: There's a reason that Exchange has a "legal retention" functionality. If they weren't binding, they wouldn't be able to form evidence of any kind).

There was a time when fax was accepted and email not, but when I moved house last year, I signed a lease agreement electronically, no problems. I pull my suppliers up on their failures via email records, no problems.

A country that doesn't have email as a binding contract now (provided, as with any medium, that the content is actually received and stored properly... anyone could fake a fax from any number the same way anyone could fake a fax from any email address) is probably a bit backwards.

If you'd accept it in court as evidence (and everything from Facebook posts to emails have done that in all kinds of jurisdictions), then it's fine.

With things like Exchange and the proper retention / audit options, it would also be almost impossible to claim you hadn't received it, too. Hell, a president is just about to be put behind bars and that'll come down to emails at some point, you can guarantee.

The question of "legal service" by email is slightly different, and that has been resolved (positively) for a long time.

Tech support discovers users who buy the 'sh*ttest PCs known to Man' struggle with basics

Lee D Silver badge

Re: The right attitude

Agreed - most of the time.

If you say "press the button on the corner of the screen" to someone that grew up without computers, then they are going to look for a physical button on the display itself, not a virtual "button" in the corner of a non-tactile lit display.

But users can also be absolute morons too. I have more-than-one user for whom it has taken four years to grasp that they can use the scroll wheel rather than having to hunt down the window edge, find the half-greyed-out miniature and ever-changing box, click and hold and then drag down the screen, instantly jerking 50 pages at a time and spending an age trying to get it back to the page they were looking it.

And STILL, it's not their first action when they need to scroll, they don't get that they have to be in the right window (if you have ten scrollbars, how's it going to know what scrollbar you're scrolling?) and so when you have a scrollbar in a textbox on a webpage, the farce continues no matter what method they use.

Don't get me wrong, they're lovely people, just not the most computer-literate. But I wouldn't start by assuming they just *know* how a computer works.

My staff induction process consists of a first series of questions which are "What level would you like me to pitch this training at? You okay on computers? Happy for me to go at Warp Nine and you stop me if you don't understand, or you want me to lead you through it?"

Total Inability To Support User Phones: O2 fries, burning data for 32 million Brits

Lee D Silver badge

Re: Not just O2

Station guard?

No it's more akin to complaining to the ticket office, and then being told "Not my fault, mate, we hire the ticket machine from Job Bloggs Ltd. I'm working for <insert rail company here>. Not my problem."

If you bought a product or service from O2, your only legal, financial and customer-service recourse is to them, or an ombusdman of their industry. I don't care WHY they're having problems (whether that's that they haven't paid their bills, that their suppliers are useless, that their contractors didn't turn or, or that heavy snowfall in the Outer Hebrides stopped the consultant coming out today). That's up to their business processes to handle.

My only interaction with them would be via the service they are contracted to provide, and are failing to do so.

In the same way that no court would entertain someone saying "Well, my contractors didn't deliver the goods, so I couldn't give them to the customer who sued me" (they'd just tell them that's their issue, and irrelevant to the case, they are still bound by the contract whoever their goods come from), customer service, returns policies, etc. work the same. They would actually get sued by the customer, and then they would have to sue the supplier to get their money back if that was the case.

You only have to deal with the people you bought the good or service from. You NEVER have to deal with any one of their contractors or manufacturers. Otherwise quite literally you'd be given the run-around between 50 different companies who all do one bit of the work, in order to fob you off as long as possible.

Bought phone from shop and it doesn't work? Take it back to the shop. It's up to them to argue with Samsung/Apple.

Bought phone service from O2 and it doesn't work? You shout at O2. They can blame anyone they like, it's their responsibility, choice of contractor and problem to resolve, not mine.

Otherwise, you'll literally end up being told "Yeah, well, your local mast is run by Bloggs Masts Ltd, who we paid to run it. We don't care. Speak to them."

Lee D Silver badge

Re: Not just O2

"The Down Detector page for O2 is full of outraged people having a go at O2, but in reality there's nothing O2 can do except wait for it to be fixed."

They could switch to their backup system.

Oh... you mean "nothing they WANT to pay to have in place for just such an occurrence that'll drastically affect their ability to operate if it ever happens"?

To be honest, if I were coding things, I'd make sure that when the accounting etc. database was down, that data was still kept active anyway (it's run from leased lines on the masts, not from some central location) - yeah, you might get people use data unaccounted for while you're having issues but an unannounced "we've not counted some of your data because of a problem on our end" is far better than "Oops... everything's down for everyone and there's 'nothing' we could have done about it".

This is a company with millions of customers that doesn't want to spend on a separate, isolated, failover database that doesn't get software-updated in tandem with their primary database. I have zero sympathy.

Gimme my data, or stop running a telecommunications firm. Either way, stop running it like some mom-'n'-pop outfit without any way to fail back when the primary database falls over.

Incoming! Microsoft unleashes more fixes for Windows 10 October 2018 Update

Lee D Silver badge

Yeah, tell me when they at least bother to put out an update without any "known issues" (documented or not).

Then I might look at testing it.

Until then, my decision to stay as far off Windows 10 as possible seems to have been worthwhile. I might have to deploy it next year. If so, then this issue might (finally) be fixed by then. But likely I'll still have to do everything in my power to stop updates deploying without consent.

SEAL up your data just like Microsoft: Redmond open-sources 'simple' homomorphic encryption blueprints

Lee D Silver badge

As a mathematician, this kind of thing interests me greatly.

But in terms of practical use it's very limited.

For instance, though it's *possible* to query an encrypted database... "It must be noted that... the authors have... used simple and non secure homomorphic scheme and still it takes a huge toll on the performance. For e.g. a 16 bit multiplication takes approximately 24 minutes."

This seems inherently impractical and it doesn't look like something we can parallelise in order to speed it up, or anything that any sufficiently large database (to be useful anyway) would be able to utilise in a general fashion for everyday queries.

Sure, you could farm off the database and all such computation to the cloud (that is after all the point - you ask an untrusted third party to do work on a database that they hold but cannot ever determine results or data from), but I can't see it being practical any time soon.

If a 16-bit multiplication takes 24 minutes, imagine how long any kind of complex SELECT statement is going to take, let alone whole-database UPDATE WHERE operations, etc.

Sysadmin’s plan to manage system config changes backfires spectacularly

Lee D Silver badge

Re: Automation does have its place

@Anon The guy in question was a highly-paid specialist IT consultant brought in to do disaster recovery on their systems... he had a year, a clean slate, virtually unlimited funds, new kit (everything from network switches to PCs to tablets to servers from the ground up), all the time in the world, and absolute control of anything he wanted.

He was brought in as "the expert" to set the tone for the system. I was hired later as the guy to "keep it ticking over" day to day. It took 6 months to turn that situation on its head.

Lee D Silver badge

Re: Automation does have its place

The "admin who does things like it was 30 years ago" is surprisingly common.

When I started here, there was no computer imaging process - each one was manually cloned from one of its nearby machines and then manually re-configured. There were duplicate SIDs and unlicensed software everywhere. There was no user-management - each one was set up manually each time, so half of them were missing something or other. And home folders were manually made and permissioned for each user on creation*. Everything was done with copy-paste batch scripts that he didn't understand, which everyone ran on every login, and which literally carved out exceptions (e.g. IF %username% = "fbloggs", to map drives, printers, etc.). The console windows were still visible minutes after logging on as they churned through it all every time.

AD was literally a shock to the guy beyond "create new user". And he was being paid by the hour (not the reason for his lack of process, at least not directly, but he literally didn't have the knowledge).

Within a week, and without spending a penny more than had already been spent, I introduced F12 PXE boot to WDS (which meant imaging took 20 minutes from bare-machine to domain-ready client with the base software in the worst case), group policy (which meant that user's printers, drive maps and settings, and machine's specific software and settings were installed after a couple of reboots of any fresh machine, controlled centrally and changed and cloned easily), and the MSKB article which shows you how to permission the root profile folders applied so that users just logging in would create their own profile folders if they didn't already have one.

Literally the guy was stuck on using things that had "worked" for him on Windows 2000 and never bothered to update knowledge in all that time. That you could deploy a printer from a GPO was new knowledge. That you could image machines from a clean template. That you could centrally control updates. That you could map drives. That you could have a proper tree of users and groups (rather than just leaving everything in the default users and groups folders) and have "Users" settings apply to everyone, while "Users\Office" people also got office settings, that you could modify policies on the domain other than "Default Domain Policy" (literally EVERYTHING was in there). That you could target a policy at users, groups, or even things like Windows versions or machine types.

It took me a few weeks to go from utter unmanaged chaos to "F12, new image, reboot, right-click in AD, clone an existing user (even disabled) of the same type, set password, bang... everything comes down".

It's alright, it's not like we were a school or anything, with 500+ pupils, ~100 staff, all with different settings and permissions, ~100 leaving and ~100 joining users every year, and all needing central control for things like web filters (enforced proxies), etc.

Literally, his "web proxy setting" was a Regedit script for Mozilla Firefox run from a login batch file. Press Ctrl-C and it never got applied. Unapply it after login and it bypassed everything. And, no, not even a "catch-all" transparent filter.... literally relying on that batch file to be all your security.

I honestly never asked what the rest of the junk in his batch files was and just started replacing them from day one. There were things in there playing with Word/Office, activation, antivirus warning disabling, ActiveX permissions, desktop icons (copied from the central server every logon), all kinds of stuff. I just switched them off for a few test machines and then resolved the issues that occurred in a more proper manner.

(*To this day, years later, I'm still finding folders that don't have inheritable permissions and/or have things like "Administrators" - the group not the user - as the owner. There were also a ton of legacy folders, including user profiles, that literally the user could access but administrators couldn't. The only way to fix is to take ownership of all files with recursion, then repermission with recursion, then put the file owner back as it should have been).

P.S. He didn't last long.

Stats model: UK small biz overpays for stealth mobile plans

Lee D Silver badge

Re: Pah - what's the point ?

If someone has to buy your business, it's obvious that:

- They know their original price was just there to scam you and until you complained, nothing happened. They don't care whether you get a good deal, they just want your money.

- They can't compete against the others in a fair comparison.

- Your company doesn't care about what they actually use, preferring to lay their business at the hands of a fancy dinner for the CEO.

All of the above are only ever symptoms of the same kinds of "who-cares" management.

If you're signing up for multiple years on the above basis, it's game over, nobody is ever going to change that in the contract term and then the "renewal" can be to ANYTHING else and still win praise ("It will cost us more, but that's because we're not locked in any more", "I found a better deal for us", "I negotiated with our usual supplier and got a discount", etc. etc.).

I've learned to just ignore it. These people have elevated themselves to a position where their failure doesn't matter, even if it appears as a huge percentage of the costs on the balance sheets. They could literally spend company money on moving manure around in a box and nobody would care, because they "make enough money" even with that. Totally ignoring that they could make *more* money if they didn't.

Every sufficiently large organisation ends up going this way, and there's pretty much nothing you can do about it except start your own company and cut that stuff out yourself.

Personally, every single clawing salesman I ever see is just a warning sign - if you want my business that badly, there's something wrong. The more you crawl and discount, the more you're just trying to play the human rather than the numbers, and the lower those numbers could have always been ALL ALONG.

I've actually got into arguments with salesmen about such things and told them I wouldn't do business with them ever again. They can't understand it, and all they care about is their commission.

Personally, my workplace has several dozen mobile phones with a provider who just resell Vodafone contracts. We are paying way over the odds for pathetic amounts of data, text, minutes, etc. and nobody cares. We don't have any special requirements, we have a handful of "SIM-only" things for GSM equipment, and we're paying £30+ a month for 48-month contracts with only 100Mb of data in some instances. We also pay through-the-nose for a "device fund" which we can use to get them to send us a new phone. They obviously scrape the interest off those as we pay all the time but only rarely request a new phone. They never have the phones we want. New phones are ALWAYS locked to their network. They take ages to deliver. They send a SIM separately days later (presumably direct from Vodafone in a way we could do ourselves!). The SIM never fits the handset. We phone up and then they send us a multi-SIM. Then we have to wait for that to arrive. Then we have to phone them back up and give them the SIM, IMEI etc. and they lock them all together. And they NEVER have records and I have to faff and keep track of SIMs, numbers, IMEI's etc. for them.

And yet, in my personal life, I deploy exactly the same kinds of devices, either on a £5 a month minimum rolling payment I can stop at any time, or a £25 one-off payment and pennies per text (for the GSM ones, guaranteed not to cut to you off just because you don't use them much). Unlocked handsets. SIMs that I don't have to tally at all. I could literally slice the organisation's monthly mobile phone bills by at least 5/6ths if I was allowed to, plus spend only half what they do on devices, and there'd be no difference in service (only positive), and I'd even move the numbers over if it was necessary. For that you'd get TEN TIMES more data, probably free phone calls, etc. and none of the lock-in problems.

But they continue to use them for reasons I can't fathom.

OneDrive is broken: Microsoft's cloudy storage drops from the sky for EU users

Lee D Silver badge

Re: Ah the Cloud

"Where does rain come from?"

Nice try...

***A*** cloud, or clouds.

Not ***THE*** cloud. Unless you live on Planet Cloud which just has a single blanket coverage.

Lee D Silver badge

Office 352 - 360 depending on where you live, I think.

Put it this way... it ain't five-nines:

SLA level of 99.999 % uptime/availability gives the following periods of potential downtime/unavailability:

Daily: 0.9s

Weekly: 6.0s

Monthly: 26.3s

Yearly: 5m 15.6s

It's closer to 2-nines or less:

SLA level of 99 % uptime/availability gives the following periods of potential downtime/unavailability:

Daily: 14m 24.0s

Weekly: 1h 40m 48.0s

Monthly: 7h 18m 17.5s

Yearly: 3d 15h 39m 29.5s

Montezuma's Revenge can finally be laid to rest as Uber AI researchers crack the classic game

Lee D Silver badge

I'm still not seeing AI.

As in... at all.

It's basically given a simplified graph (these keys in these rooms in this order) and path-finds down the tree to work out how to get there.

It's human-written heuristics guiding a very-limited-scope "AI" which wanders aimlessly (nothing wrong with that... A* is basically a random walk at times) and then scores itself based on a human heuristic for those "cells".

It's not AI, learning, or anything close to that at all. If this is really "best of breed" in terms of AI, then it shows what I've known all along - we don't have AI and won't have for a long time to come.

Microsoft suffers the Tuesday shakes as Exchange Online continues to be wobbly for UK users

Lee D Silver badge

Re: Is Daz in sales ?

"I put all my eggs in someone else's basket and have no idea where the basket is or what's happened to my eggs but I'm assured that I can get them back and look at them any time I ask to..."

Yeah... poor Daz, my backside.

At the very least you need it as an EXTENSION on in-house/on-prem, but not a replacement. That's just stupid.

Fortunately, the exact thing that Daz is suggesting (outsource the IT department to Microsoft) is likely the exact thing that will happen too. Not only is it "how to put all your eggs in someone else's basket", it's also "how to put myself out of a job even if everything worked 100% as I expected".

Openreach names 81 lucky locations to be plugged into its super-zippy Gfast pipe

Lee D Silver badge

Re: "Up to"

And yet, as a mathematician, I know that what you're suggesting is basically just a charge per gigabyte.

And everyone would moan like hell about that.

If you pay, say, £30 a month, you might get 300Mbps / 300Gb for that. But you're unable to use it all because of the speed, so they charge you proportionally... then that basically means you're paying £10 a month for 100Mbps / 100Gb (because you couldn't have used all the data in the time you're given, so the speed and bandwidth are basically equivalent) and so on.

What speed you did it at is basically irrespective if you want to allow them to let you pay proportionally.

But sell someone a Internet connection on the basis of "we'll provide a connection, we won't tell you what speed it could reach, but you'll pay 10p per gigabyte" and nobody would touch you.

Sure, it might encourage them to up speeds as much as possible, but it wouldn't be long before people realised that actually they don't want that at all and they'd rather the kids couldn't run up a thousand pound bill because of them leaving Bittorrent running.

Much like happened with cellphone roaming charges, for instance. Which are... pay per Mb. Same thing, different scale.

Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'

Lee D Silver badge

Re: Would have expected this from a luser.

You'd think an infosec consultant would be able to install something to, say, monitor login accesses to her computer, or at the very least record footage on the webcam or something.

Because it would be really hard to go to court when your own evidence basically says "Oops, that happened when I pressed Ctrl-Alt-Delete to logoff not knowing that usually means 'reboot' in Linux", or "Nobody but me ever went near the machine".

A rumble in Amazon's jungle: AWS now rents out homegrown 64-bit Arm server processors

Lee D Silver badge

I have 10+ ARM powered devices in my house, and I don't even try to buy them.

Two smartphones (not iPhone).

One GP2X (I used to develop for it).

One tablet.

One RPi.

One TomTom (defunct)

CCTV NVR

...

With the exception of the GP2X, these are hardly far from consumer items. I deployed 50 Intel Atoms a few years ago - they worked fine for office tasks, no problem at all. A lot of people who have Intel Atom don't even know they do.

P.S. Intel Atoms suck for low-power usage. I know of precisely one "RPi-competitor" board that they brought out to try to capture that bit of the market, and it's very unpopular. Even Mini/Nano-ITX with laptop chips did a better job 10 years ago.

Power = heat. Heat = cooling. Cooling = expensive. A rack full of ARM chips in the proper layout will reduce costs and, so long as it runs PHP and Wordpress, that's a vast, vast potential saving right that just for a bog-standard hosting provider. And, yes, you can get Intel Atom dedicated servers. Check out OVH/Kimsufi (same people, first/second-hand kit - it's second-hand because someone used them for years already).

Maybe not your use-case, but I'd happily pay for an ARM-powered PC with PCIe, SATA, etc. connectivity and Linux.

Not to mention things like Spectre and Meltdown. I think you miss that some of the most powerful chips that people use today are from ARM. Most people never max out their CPUs and when they do, Intel stuff just dials down to ridiculous speeds nowadays (Intel are still selling machines which are clocked at 1GHz as "4GHZ" machines... they can maintain 4GHz for only seconds under normal cooling arrangements). But their phones and other gadgets are doing tons in software and ramp up past those speeds just for playing with silly graphics filters.

While you were sleeping, ARM owns the mobile phone market, tablet market, is already inside the Chromebook / mini-book market, the games console market, has Microsoft making Windows for it, basically has the IoT market to itself, and is now edging into the server market quite happily.