Posts by Lee D 4259 publicly visible posts • joined 14 Feb 2013
"If I understood your problem correctly, the solution is simple:"
Yeah. Those obvious, intuitive commands, environment variables passing into other environment variables, etc. etc. etc.
I mean, I understand everything its doing and why. But I wouldn't be able to guess at that in a million years.
That kind of machine, you're going to want VMWare or similar anyway.
That's a waste to use it for just one OS with those cores and RAM, when you can run everything at the same time.
Linux as the base OS, maybe, but good luck getting all the drivers (especially for the RAID etc.).
To my knowledge, an awful lot of phones have never supported recording calls at all, but that's a hardware manufacturer integration. If they don't present the hardware to the Android drivers, then there's no way for the Android API to record it.
But also note:
https://developer.android.com/reference/android/media/MediaRecorder.AudioSource
"This permission is reserved for use by system components and is not available to third-party applications."
Even the latest Android APIs do have an option to do just what you're talking about, but it's never been properly exposed and officially supported. When you use unsupported stuff, that's what happens.
I don't think it's ANYTHING to do with Android. It's to do with people BYPASSING Android. And I think it's to do with manufacturer's not exposing functionality in a standardised way via the Android APIs that already exist and/or not producing hardware that supports such functionality (e.g. a voice-call-handling chip that doesn't provide the voice data to the processor running Android at all).
What's the app?
What's the function that can't be reintroduced?
Is there a single other app anywhere in the Play Store that does the same function (I don't care how, what else, whether it's prettier)?
Because I imagine there's not much that doesn't work in the way you state, when the developer is non-lazy.
You mean the OS where you're not allowed to render a website in any other way than an Apple control.
Google Chrome on iPad / iPhone is just a Safari control in a different coloured box.
I'm not at all sure that "universality" of APIs is an no-questions-asked good thing in and of itself. There has to be something else too in order to ensure you can program against them freely.
Also note, it's impossible to do certain things on iOS programmatically at all, by design. Sure, that saves you a few small security headaches but the amount they MISS tells you that that isn't the end of the story either. And causes huge user interface problems.
Don't even get me started on the junk that is screen-modal pop-up login dialogs that don't tell the user their origin, and go over the top of anything you happened to be doing.
I make about £20 a month out of giffgaff.
I work at a school, they have lots of international teachers etc. They all come to IT for help setting up their phones, skype, etc. to call home.
I don't force it, but I hand out giffgaff SIMs. Every time they activate one, I get cash which gets to my Paypal eventually.
And lots of them do stay on giffgaff because of the "PAYG / Monthly" thing so they can pick and choose and be short of money and knock down their package without obligation. Nobody ever calls for support, so they don't notice giffgaff's is only online.
They really need a "big bundle" though, that I can tether for mobile broadband. 9Gb isn't enough and even the unlimited package is subject to a tethering limit.
I also activate a lot of their cards for things like GPS trackers and GSM gate openers. Run it down on PAYG over a year from about £20, or stick it on the £5 a month one if you want guaranteed service.
All your major services are now proxied through the 4&6 machine at the boundary. All your external connections, webmail, remote, VPN, etc.
If your ISP says "no more IPv4 for you", it doesn't matter.
Internally, you then have ALL THE TIME IN THE WORLD to upgrade, and if you're using web proxy etc. then it's quite seamless. But all your customers and outside services are already up and ready.
You can now deploy 4 machines. 6 machines. 4&6 machines. It literally doesn't matter. You can move services one by one. But your outside customers (e.g. visits to your website) can use both from the second you do it, and your external IPs number... 1 of each.
Your internal workings, IP's, etc. literally don't matter. That's the beauty of NAT.
But what you were telling people was "You have to give every machine, server, printer, phone, etc. a world-routable IPv6 address, from day one, and configure your systems securely to allow that. Oh and NAT IS EVIL AND YOU HAVE TO DESTROY ALL TRACES". That was ALWAYS nonsense. You leave them exactly as they are, IPv6 the gateway, leave everything else on IPv4 NAT and then everything else is done at your leisure.
Say The Reg had done that? They could just add "IPv6 compatibility" to their front page and all their clients would be happy and think they were "cutting edge". They could be using IPX internally, nobody cares.
NAT and IPv6 were always entirely unrelated.
Only stupid people thought that NAT wasn't the ideal way to transition - convert your NAT gateway to IPv6, bang, job done and no more internal changes required until you wanted to.
The confusion of the two is EXACTLY what held back adoption and instead... ironically... resulted in Carrier-Grade NAT at the ISP in order to keep things moving.
P.S. Maybe The Reg could read the article linked themselves? Because they keep SAYING they're doing something about IPv6 but I've yet to see any movement.
Three suits me fine. I get 30Mbps down, 20 up and it replaces all other Internet connections except my smartphone.
I hate to say it, especially as I nearly sued them at one point, but they do quite well for a decent price on their SIM-only dongle deals.
Happily live my entire online life via them, including all kinds of streaming, without issue.
Vodafone, however, still haven't worked out how to let me order another SIM after the first one never arrived. I can't even sign up for another account on the same card, and the account I have I can't do anything with. They say I can resolve it by going into a shop, but that's not what I expect from a tech company. Shame, as they were my first choice and I was going to buy their addons so all my WhatsApp, iPlayer, etc. traffic wasn't counted, but they were too dumb to even get a SIM to me, or sort out the account problem.
You must be buying some cheap junk SD cards.
My cards been in my dashcam for 2.5 years (since I bought my car) and it's absolutely fine.
The card in my phone has been there for nearly 8 years. Also fine.
I have a card inside a CCTV camera doing a timelapse. That's been six months+ and still fine. In fact the reason they include it is so that you can constant-record to it in case the system goes down, a lot of CCTV cameras do now.
I get that they aren't certified to last forever, but if you're replacing every few months, you have a false economy on whatever junk it is that you're buying and just need to buy a decent card.
Seriously.
Stop giving your call centre and back-office agents general purpose operating systems and/or permissions enough that they can get infected by any random passing malware. They don't need it.
Also, don't give them free reign of the database access. Rate-limit, dial down permissions and make them REQUEST info. Then if one person requests info on a million users, you know there's something wrong.
2018, and we still can't get the very basics of "need to know" and "minimal permission necessary" right.
Breaches — 41 emails found.
Three of which contain an email address that I know to be a service I signed up for (all of which were spammed to oblivion years ago so they were made public before this service even existed). All of which are blocked at my mailservers with a "This email address was distributed without permission, all emails blocked" message. All of them were "give us an email to register" style emails, so nothing of value there, where some employee later sold on the list of emails presumably (one of them that I know for sure was theft of emails by a "former employee" of the company I gave that email and spammed to try to drum up business for their related spin-off...).
Five of which are my "You don't need a real email" nonsense emails "johnsmith@" etc. before I started tying them to the services I had given that address to. They've been spammed to oblivion for years, and could have come from anywhere but certainly don't have any passwords associated with them.
The rest are all made-up, poorly-copied/pasted (e.g. "ohnsmith@" etc.) or just plain nonsense that never existed ("junk_maildd") and seem to have been culled from spam people try to falsely send with my domain as a "from" (I'm SPF'd up but lots of people don't care and I still get bouncebacks).
Ironically, among the list are:
- Adobe/Macromedia
- Disqus
"compromised" emails... which is strange because the emails listed are junk and nothing to do with me, and I have real accounts for those that *aren't* listed, all of them far pre-dating the so-called exposure of the compromised lists.
I'm not at all convinced about the utility of this service at all.
Virus scanners are also REALLY easy to evade.
Take anything from your inbox, even years old, that's malware.
Change the javascript / whatever around a bit, to produce pretty much identical code but breaking the existing signature (usually, the lines nearest the "exploit vector" itself are most heavily detected - jumble them up and introduce some intermediate variables, etc.). Upload to VirusTotal. Watch it sail through every commercial antivirus in the world, while still capable of performing a (years old) exploit.
What things like VirusTotal show you is that anything can be a virus, and also that even the things that packages think are viruses aren't necessarily (e.g. an awful lot of apps are detected as "malware"... everything from sysinternals tools to scripts from Microsoft's own knowledgebase. Because they have, or could, be used maliciously).
I'm fairly sure I could knock up a self-replicating drive-wiping virus in a few hours. A bit of tweaking and I bet I could get it past VirusTotal with a clean slate. Should it ever run rampant, and end up on the signatures list, I could make a variation in minutes that would slip past the same scanners again.
Generally speaking, I'm the one telling Sophos that something that came into work is a virus, not the other way around.
And there are private and manufacturer-supported tools that do exactly this - have a VirusTotal-like equivalent sandbox for people to check their apps aren't going to be blocked on release, to submit and test things that might flag, etc. And you can guarantee that the bad guys have the exact same services available to themselves (hey, they don't even need to worry about licensing the antivirus, do they, really?).
The number of actual malware websites is pitifully tiny, and obvious the second you hit them. Any modern browser is defended by "Don't hit download and then run the program it downloads". The browser DOM does more than antivirus, or low-privilege sandboxing setup programs, ever did.
Though it could be helpful, there are browser extensions that do just what you say already. But it's a false sense of security. A VirusTotal check will happily let you download all kinds of crap, but will stop you getting basic admin tools off microsoft.com and things like that.
Stop using just one email address for everything, the same way you should stop using one password for everything.
I can't look up my details on that site because I own the whole domain, and I have thousands of unique email addresses at that domain.
And it's really easy if your details are compromised then - even if you have a complete email and password, that combination won't work on ANY OTHER WEBSITE. Even if you get smart and think "Ah, maybe he uses otherbankname@hisdomain.com with the same password". And I can literally just turn off an email that was used without my permission (e.g. signed up for spam) without affecting any other service.
I have to explain "coding" (as it's now called) to children in the school I work.
Given that I'm the only person on-site with even a remotest possibility of being able to be thrown into a language and knock up working code without having to copy/paste examples or spend hours doing so (and I'm not even a teacher), coding is a dying art.
It wasn't because we had all the resources. It's because we DIDN'T. All I started on was a Sinclair BASIC manual. Outside of that there was NOTHING. It wasn't until years later I got started on INPUT magazine and could actually see other people's code. By then, I was tinkering with assembler, and not long after was playing with C, DOS programming (Ralf Brown, I love you, a single, off-line, downloadable list of interrupts and what they did!), etc. etc.
But it's because we didn't have Google, StackOverflow, cut/paste, etc. We had to work out what we were doing and make it work without help. There were no debuggers to speak of, there was a huge time penalty on each test you did, and you had to learn how graphics, sound, data loading, and all the other parts actually worked.
I glanced at an 11-year-old's Python script from a distance a year or so ago and spotted syntax errors, loop bounding problems, type-conversion problems, etc. all in a tiny glance.
Running coding clubs with the IT teachers (who can sort-of-program but you wouldn't be able to get anything productive out of them and it would take them forever without IDE assistance and copy/paste examples), it's obvious that precisely one child I've seen in 20-years of working in schools could have a career in actual coding.
They don't get what's happening behind things like "physics engines" (they love the word engine, they hate that I just explain it just means "bit of code"), 3D matrix transforms, HID device inputs, SIMD instructions, etc. They just don't understand that everything is manipulation of numbers, that's all, and so they need to work out what number that joystick is going to send, what number to act upon, and what to do about it. You don't need maths, necessarily, but you do have to work out "well, how is a 3D object represented as just numbers?", and they can't. They struggle with the concept of bitmaps and RGBA. They don't get that the physics is just numbers applied to simulate velocity, acceleration, mass, force, etc. They don't get that audio decoding involves things like Fourier transforms and conversion to frequencies and then oscillations at those frequencies.
They have a total disconnect between what it is doing, and how computers work.
An example I like to use... and I don't claim this is a good way to do things, but most people will figure it out. I'll write it in pseudocode ("because that's like a language, is this correct pseudocode Sir? Can I get a pseudocode compiler?"....):
function Switch_Player()
{
current_player = 3 - current_player;
}
Kids just can't parse it. They don't get what it's doing. They don't understand how it works. They can't infer it.
But when I was their age, I used tricks like that all the time to reduce the byte-size of code that switched players on things like TI-85 calculators and the ZX Spectrum. And, without them being anything genius, I often made my own tricks without referencing anything else, to do things I needed to do by sitting and working them out (e.g. the correlation between pits on a dice and the binary representation of a number, a way to shuffle a pack of cards stored in an array, etc.)
It's all "old-hat that they'll never need", agreed, but I'm more worried about the loss of the discovery process. If you aren't in an intellectual struggle, if you aren't challenged, if you can just pull down an API that does it all for you, you aren't going to get the impetus to learn things deeply.
I have a career in IT because I've spent my life understanding computers, and getting them to do what I need even when that's not available with anything in front of me. They won't have that kind of impetus or creation, and that's quite sad.
Especially when you see what passes for "coding" these days (e.g. flowchart boxed things with graphical characters being used at GCSE / A-Level).
No.. the burglars just make sure they bring a bigger gun, like they make sure they bring a weapon against a defenceless old woman now if they are intent on using harm to commit their crime (most aren't, by the way).
And then you end up with a war of escalation.
Guns do not stop events. They amplify the response to those events. What was a mugging turns into a shooting. What was a burglary turns into murder. What was a shop-theft turns into grievous bodily harm.
And here's the rub: It doesn't matter who brings the gun. You. Them. Police. It just amplifies the response, not changes it.
This is in general, of course, rather than specific events. But US crime rates are no different / are significantly worse than Britain's in this regard. Your policy has evidence from countries all over the world where gun ownership shows either no correlation or a negative correlation to crime reduction, especially when it comes to the seriousness of basic crimes.
Guns do not stop. They amplify. They escalate. That's all they can do. And if you all have them, it's amplified much further. And then you all become accustomed to that escalation and realise that you haven't solved anything, so you need MORE and BIGGER weapons. It's not until the law steps in and says "No, now you're being silly" that it actually stops. We all know at least one local nutter who owns everything he legally can, plus a lot of things he can't, and who would park a loaded tank on his drive if he was allowed to.
If you think that guns solve anything at all, you need to seriously look at other countries where there are none. Where the crime rates are lower, the seriousness is lower, and the culture is more gentle. The US murder rate is 5 times that of the UK, adjusted for population sizes, and gun ownership is vastly higher. That's not a coincidence, even if it's not directly and linearly causative (some controls have guns and proper gun control, and their rates are much better than the US).
Guns do not stop. They amplify. You hope that you amplify it out of the other guy's comfort range, but then next time he tries that, he's going to try to ensure that he is comfortable no matter what he faces. It's a literal arms race.
You're honestly blinkered by rhetoric, "what your parents thought", and unthinking loyalty to a piece of machinery if you think otherwise.
ISP, not a chance.
But I bet Draytek are working on it for their routers, etc.
TP-Link and cheapios... maybe, maybe not depending on whether they think the chip can do it.
More importantly - you'll probably need a Windows / Android update for it to work on the clients. By comparison, getting it going on the router is positively easy.
So obviously, you just delete all the certificates in your OS/browser upon installation and when it then presents as an unknown certificate, you verify it as you would an SSH Key and only then do you add it to your certificate store, right?
You can turn such "trust" into your "ideal" SSH concept in seconds, just clear out the trusted certs. All of them. And the first time you go on The Reg you add its cert to the store. It's no different.
But, hey, it sounds really convenient and just what everyone will immediately do, I'm sure.
I see it the other way - it's not that because Verisign said its secure that I can trust it. It's that PayPal (or whoever) have chosen to use Verisign (or whoever) and therefore assume the risk when it all goes wrong. I still check that Paypal are who they say they are via HSTS, key pinning, secured DNS, etc. Who they choose to certify with is up to them.
Please note: No certificate authority is capable of sniffing encrypted traffic of the certificates that it signs. That's not how it works. They might be able to generate a FAKE certificate, but they can't sniff info you've sent to PayPal using the proper cert. And any fake certificate should flag immediately with any modern browser.
Summary:
The AI cheats, and still loses.
On a level playing field (where it has to issue commands via a mouse / keyboard protocol with appropriate simulated human latency, and interpret the screen as per what's visible to a human rate-limited to the same extent as a human), it would get its backside kicked.
"AI" is still not AI.
IBM just admitted they can't even work out how to sell Watson or what to do with it that's useful. Machine learning etc. plateaus REALLY quickly and then it's almost impossible to untrain/retrain it.
But even on a single, simple game, it has to cheat, and still loses to humans.
You say that - I was around in that era. And my batch files for boot really pushed the boundaries of what was possible (PC Magazine AMENU, CHOICE, 4DOS, etc. etc. etc.), we were constantly shoving hardware in and out (ah, the joys of top-opening hinged, unlocked PC beige cases!) and yet I never once had an IRQ conflict. It's not hard... Soundblaster on 7, everything else on default (given that you went for IRQ 5, and CDROM.SYS there's your problem!).
P.S. I had a boot menu, from which you then selected a config, which then loaded config.sys/autoexec.bat as appropriate, and you could get anything from 638Kb of free RAM (with just mouse and MSCDEX and a lot of loading-high and other tricks if I remember rightly) through to a FORTRAN environment with RAMDisk, EMM386, etc., on especially for certain versions of Windows (3.1, 3.11 with networking , etc.) and a handful of specific-game ones that were really finicky about exact configurations to work properly. Even one for a parallel-port daisy-chain which, with the right TSR, pretended to be a (slow) IPX-capable Ethernet card which we used to game over using Quake! We upgraded to 10Base2 and then T eventually, though...
It was hilarious on an IRC forum once when someone tried to convince my brother that he'd got into our computer and "could read our AUTOEXEC.BAT". Go on, then, we said. Show us. He just copy/pasted the default MS-DOS one, and we fell about because our AUTOEXEC at that point called something like 20+ other batches files and had text menus and all sorts in it. Obviously he wanted us to "run this program that I'll DCC you to fix everything so other people can't get in".
I wonder how many people have a voice ID of:
"Oh, feck off with your nonsense biometric bull-shizzle"
Personally, I tend to just keep silent at things like that and see what the computer makes of it. Voice ID is no more secure than anyone being able to hear any such conversation, ever, which is basically "not secure".
But to be honest, why have 5.1 million people had to call HMRC should be the real question.
Has Apple issued a statement to say they are GDPR compliant yet?
They have put a lot of rhetoric that SUGGESTS so but they don't seem to have any definitive statement of conformance.
But then, they never had one for the DPA either and even a month ago their policy still said "we could store your data anywhere at any time".
The Volvo wouldn't have emergency-braked until 1.something seconds from impact anyway, which means a very late decision at 40+mph (18m/s, so 18m of travel)
"In Uber’s self-driving system, an emergency brake maneuver refers to a deceleration greater than 6.5 meters per second squared (m/s^2)"
At best, it would have hit her at 11.5 m/s or thereabouts (24mph), even with everything turned on.
It also detected her as a vehicle, a bike and a pedestrian within six seconds, each with different predicted paths / speed, so it wouldn't have necessarily applied any other braking / evasion until the inevitable was detected.
Chances are it still would have hit her, it just may not have been instantaneous death.
https://www.ntsb.gov/investigations/AccidentReports/Reports/HWY18MH010-prelim.pdf
Quite.
I use my phone as much plugged-in as I do unplugged.
There's a reason I have chargers by my sofa. It's not that it *wouldn't* work on battery, but then I can use it unplugged at work all day if I want (or plugged in in my office), plug it in the evening when I'm using it, and it'll be ready for the next morning / later that evening.
For sure I wouldn't buy a wireless charger for... car... office... home... anywhere else I leave it... plus a new battery pack to charge it on the move when outside of civilisation, etc. Not for the sake of them omitting a 50p socket.
My explanation I use with railway companies, etc:
If you were sorry, you'd do something about making sure it wouldn't happen again.
Any "by-proxy" apologies mean absolutely nothing to me.
You apologise to say "Yes, that was our fault, it shouldn't ever have happened". No other reason. If you're not apologising to admit fault, then it's pointless. If you're apologising and then having to apologise for doing that same thing over and and over again, then it's pointless.
The fact that the wording "we will be reviewing our systems and making sure this doesn't happen again" has become so cliche is a really damning indictment of modern companies and their attitude to problems they cause.
For such things, that I feel out of my comfort zone, I work on the basis of:
- I don't *want* to do that, it's not my core job. Get someone who can do it in.
- I *can* do that, if it's necessary, but to be honest I'm not confident at doing it. You could train me for a million years and I'll never be very good with a power tool.
- If you *make* me do that, I'll do what I can but I make no promises. Save it for when a "quick fix" is all you need, not a long-term solution. If I feel something's too risky (ladders, drilling through certain walls, etc.) then I will just refuse.
- Likely whatever I do will work. But if you complain that it's ugly then I really don't know what to do about that except try again and likely end up with more holes/problems.
- If I mess up like this guy did, which is quite likely, don't say I didn't warn you.
I have to explain to my workplaces "Yes, I happen to work within the huge category that is IT. But that doesn't mean I will crawl up antique clock towers and put in a perfectly invisible bunch of Cat5 with pristine in-keeping containment, perfectly angled cables, and the tiniest of discrete holes to poke them through. If you must make me, rather than just calling a company to do that, I pretty much guarantee that you'll get Gigabit. That's about it."
Basic rule: If it involves a powertool, you don't want me doing it. I'll happily put up shelves, curtains, I have laid a loft floor, and built sheds. They are all perfectly acceptable. To me. But in work, I will defer to a guy more skilled than me: the maintenance guy, or someone you get in.
P.S. They couldn't do my job in a billion years, as nice as they are. So don't be surprised that I won't do theirs when they are infinitely better at it than me.
That's what Amazon Today's Deals is for.
The days of me idly flicking through Maplin's, Argos, etc. catalogues are now instead spend going "Oh, that looks cool" and ending up on Amazon, GearBest, Wish, etc. and building up a huge wishlist of items that people then buy me for Christmas if I don't buy them first.
"Impulse" shopping was always limited to a pack of sweets, for me. And usually just because I fancied one so I would have bought it at their competitors if it wasn't in front of me. Pretty much I've never spent more than a couple of quid "on impulse".
Maplin's bargain bins were the only exception to this rule, but they vanished years ago. Last thing I bought from one was a Video Backer, which kinda tells you how long ago that was.
I'd rather not have any company tax-dodge, and still use online sites in preference to people taking my money to pay for a big store on a high-street that is closed for 90% of the time I could in theory get to it (I work 9-5, it's open 9-5, maybe I can do ABSOLUTELY EVERYTHING on a Saturday?)
At least with Amazon, you have absolutely no way to hide the tax dodging. My card paid their bank and there's an electronic record of the product, its origin, its delivery, etc. I bet a lot more tax dodging happens in retail stores (e.g. certain coffee chains) where they just ship all the money out of the country, and deal mostly in cash.
"I can do without TV for a day" would be my response.
Shops are dead. My town is actually rebuilding all the town centre to replace the shops with a single shopping centre and lots of flats.
I only ever used such stores to do the hands-on free trial. How big is that fridge? Oh, it's got this sticky-out bit? That'll never fit in our kitchen, then. What's that TV look like? Yeah, that'd work with our wall colour. How much washing could I get in that machine? Yeah, look, it looks huge on the pictures but it only goes as far as elbow deep.
Then Google the model and buy it cheaper and delivered to your door next day.
I haven't bought any products from them in decades. They then took to making "exclusive" models that you couldn't Google but they were just normal models with tiny tweaks and number changes. At that point, I stopped using them even for that.
It's the 21st Century. Order a product at work, get it delivered that evening, pay a guy to lug it up the stairs and fit it, if it's not what you want / doesn't fit / wasn't the right bracket, just send it back. Paying someone to maintain a huge glass-front monstrosity selling products at massive markup with four idiots wandering around trying to advise people on a USB cable? No, I'd rather pay a company that stocks products, reduces overheads, employs people to do a worthwhile job and works outside of 9-5 when I'M DAMN WELL WORKING TOO.
Last appliance I ordered online was a washer-dryer. It was cheaper than EVERY SINGLE MODEL in the local shops, despite being the same brand-name. I checked out the specs, measured my kitchen to see if it fit, ordered online. adding on the "we fit for you" option (£10? Wasn't much, certainly), selected a delivery day, paid for it. It turned up one evening, was carried to my door and up a flight of stairs, was fitted and tested with me there, and the old one removed and carried away for me.
Same with grocery shopping. Press a button. Some poor sod at Tesco's has to collate 100 separate times including a bunch of soft drinks (because I order 10 if I order them online), pack them, load them, drive them to my house, unload them, maybe even carry them upstairs and unpack them for me (I tend not to and instead operate ultra-efficient "throw it all on the floor / table, I'll tip it all out, then you can go have five minutes in your van before your next job while I stick it straight in the fridge" methodologies). And it costs.. what? £2.50 if it's a late-night slot? £5 at peak? It costs me that to drive there, mess about with bags, physical labour, packing, unpacking, etc. and an hour out of my free evening.
I don't want to pay for their ginormous new supermarket 100 yards from their "Express" supermarket. I don't get why there isn't really a supermarket "brand" that doesn't have actual supermarkets. Amazon Fresh is really just Morrison's in the UK.
I will happily pay the "online saving" difference in extra delivery charges etc. and not having to go to a shop, any day. It's 2018. I already don't get much free time, and what time I spend working I do so such that I can make most use of my free time. I'm not interested in maintaining big flashy places with enormous heating/cooling/lighting bills that add that price onto the bottom of my receipt.
PDF is a WORM format, as far as I'm concerned.
We use it in work to say "This is it, this is the document, this is how it looks, nobody change it" and then offer that to customers knowing it will look the same no matter what they open it on and it can't be tweaked. Yes, we know you *can* edit them, but you can't edit them easily or nicely or guaranteeably.
Draft in Word, publish in PDF.
It's a great format for that. This is the version, no changes. Sign it if you have to. Beyond that, it's really just another format.
I refuse to buy Acrobat, though. I paid for Nitro once when it was cheap and that serves all my needs. For years (and still currently), I used PDFCreator and other freebie Ghostscript-based things to create PDFs if I needed them.
I don't see that the format needs much extension.
However, I was recently asked how to "stop people stealing our pictures out of PDFs" (and also website images). My solution was "don't put them in there" because you can't beat an analogue hole (screenshot tool) and PDFs you can suck the content out any time you like. They can't restrict "reading" permissions.
The biggest problem with Adobe is all the plug-in shite that tries to put such limitations and other DRM on you. I have one that literally interferes with EVERY PDF you print by watermarking it, whether or not it was part of the purchased PDFs that had that DRM. We stopped buying that stuff, fortunately.
Keep it to a display format. I mean, use the forms stuff if you have to but even that's a security risk (running Javascript and talking to outside websites, etc.). Anything more is really a nonsense and won't be used and will contribute to the long-term death of the format.
PDFs are fine. I mean anything would be fine, but XPS. But Adobe can't be making much money out of them at all.
In the modern age, it's really easy.
Make sure all your stuff is electronic.
Then just keep all your emails.
I signed my last lease agreement, my mortgage, my divorce, etc. all electronically. Employment contracts - If they aren't already electronic, I scan them in and email to myself.
My email account goes back to about 2000. I have the email accounts before that in a file somewhere (it's only about 1Gb). In work, I have policies that basically all result in "if you want this, file a ticket, fill out a form, put it in an email" and then helpdesk tracking of everything and EVERY EMAIL ever sent or received from my account since I started there.
It's really not that hard, in the modern era.
Rule #1:
Always keep a record.
Your boss wants you to do something stupid? Keep a record. Get their name on it. Make a fuss if they won't do it. Keep records even if they won't sign off. Who said what, when, how, and where? Get to the point where they just scribble a sign-off or fire off the email which says "Yes, dammit, I said do it!".
You're getting complaints? Keep a record. Record what the complaint was. What the stats and systems said about the claims in that complaint. Keep the email logs. Keep recordings. Keep all available context.
You're making a complaint? Keep a record. Record everything. Their response. Check if they have fixed it regularly.
Certainly if you are reporting publicly and therefore likely to run into situations like this.
I can show you any number of Android phones with pre-loaded apps that not only get force-installed every time you go to Google Play, but that you can't remove (not even an option), can't disable (not possible), can't "uninstall" (the option is there, but all it does is install the STOCK version of the app, it doesn't actually uninstall at all). And Force Stop only stops it running "now", and it's free to restart itself at any time.
Try and uninstall something like the Android WebView or some internal service. Then you'll see that it's possible to have apps like that. And carriers, and manufacturers (like Samsung in particular), preload their apps in this way, and there's obviously co-operation with Google to force-install their core apps on those models. No factory reset, restore, removal, uninstall, disable or anything else will rid you of them.
The only way to get rid of them is to totally wipe the OS with something like LineageOS.
I think "security compromise through using outdated browser's to submit all their clients tax information via an online website and outdated browser" costs both time and money.
The excuse you're looking for is "laziness / ignorance". Running a business, taking cards, doing finances on the computer, connected to the Internet? You have a responsibility to your customers to keep your system vaguely up-to-date.
By which I mean, at least a supported version of Windows, preferably written this decade.
There is NO EXCUSE for this, and if you lose customer/finance data you'll be nailed to the wall by the courts.
Solution: £300, new PC from PC World, maybe a couple of hundred to upgrade your finance software, a few quiet afternoons moving from one to the other until you're confident you can switch.
If you're big enough to hire staff, any staff, in any role, you're big enough to keep your computers up-to-date.
Love the "we're losing millions" one.
Shame, with all those millions, that you didn't think to use another service, another location, a backup, a failover, etc.
If your restore process is JUST THAT COSTLY, then you need other live hot/warm sites ready to go. All the time. And it'll cost you much less than "millions".
Whenever I see that, I have so little sympathy for whoever thought that kind of setup was a good idea that I think those people SHOULD be made to pay for their mistakes.
Azure is one cloud. You could run your own cloud too. You could use another cloud. And you could use multiple datacentres in entirely different continents for each cloud. And then you could join them together and have them failover. It's really NOT that difficult.
But, nah, just sling Microsoft a couple of grand and obviously everything will be alright even if being down for three hours will cost you "millions".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
