* Posts by Psymon

266 publicly visible posts • joined 7 May 2008


Irish eyes aren't smiling after govt blows €1m on mega-printer too big for parliament's doors


I had a similar debacle

...But on a much, much smaller scale.

I used to work at the Institute of Hearing Research, and we ordered a giant poster printer. Much like the reasons I suspect they got their massive printer, it was costing the institute a fortune having posters printed (scientific conferences, public engagement, various seminars...) so we decided to in-house the process. It did actually save us a small fortune, and paid for itself.

we carefully measured the dimensions, took into account the weight, but when it arrived we were not prepared for the giant wooden container that appeared to be assembled with railway sleepers and nails forged in the core of a collapsing star.

We had to eventually let the delivery drivers go, and dismantle the box ourselves, then enlist the help of around a dozen strong students to carry the thing up the stairs. Sounds simple enough, but the whole process took two days.

Cheap, flimsy, breakable and replaceable – yup, Ikea, you'll be right at home in the IoT world


Re: I think there are more substantial problems holding back home automaion

"I looked at a system like that at least 20 years ago - IIRC by a Danish company. The important bit was the external sensors. The system learned how the house heat loss correlated with external conditions."

Yes, I've heard about these types of systems for a long time, too. I also looked into them, and while the initial cost was steep, but still feasible, once you added the installation, it was just too pricey.

"Every room now had new power sockets, phone sockets, and aerial sockets to serve many different potential furniture combinations. Unfortunately CAT5 did not exist at that time."

Absolutely. Modern offices are designed with conduits, so that more cables can be pulled or replaced without major structural reworking, and your CAT5 is a prime example of why this is important.

Americans have it a lot easier, because most of their houses are built with hollow wooden walls, and it's not uncommon to see houses with access panels in the floor.

Something as simple as a central vertical conduit linking all the floors of the house (in lieu of a chimney) would reduce modernisation costs of a property drastically. Then a channel running around the edge of each room in the floor, and linked to each other room through the walls would make cabling and piping a doddle.

Of course, gas, water and electricity would need to be segregated, but that shouldn't be a huge engineering feat.

"I have dabbled in IoT and without doubt the one product I thoroughly recommend to anyone would be Nest (closely followed by Hue bulbs)."

Thank you. It sounds pretty awesome. Certainly something I've wanted for some time. I definitely think more people would go for heating automation if it wasn't for the cost of installation.

I also agree with the article in regards to open standards. These systems would be a lot more attractive if your average plumber could just nip to B&Q and grab a "smart radiator valve" off the shelf.


I think there are more substantial problems holding back home automaion

Well, I can so no problems arising from this, at all! The IOT security problem is already becoming an epidemic.

It's an interesting article, though I think that take-up is hampered by a few other factors. Firstly, most homes simply aren't designed for easy routing of cabling between rooms.

This has been a common bugbear for me. Being an IT geek, I've been exposed to this inconvenience a lot longer than most people, but the average Joe is starting to notice the problem when they want a set-top box a different bedroom. It's needlessly difficult and expensive.

These problems have been solved in business buildings with false floors, ceilings, cable conduits and hollow skirting built into the structure at the design stage.

It's high time we saw these technologies adapted and made attractive for homes.

The second is that few of these companies are addressing the truly attractive part of a smart home; heating.

It's all very well switching lights on and off, but that's a gimmick, whereas smartly controlled heating provides genuine benefits such as saving money, adapting to changes in weather, and individually adjusting for each room. Again, this is hampered by cable routing.

Even at its' crudest, this would be a huge improvement over existing heating systems. Everyone knows, especially at this time of year the constant adjustment is a pain. The house suddenly drops cold, takes ages to warm back up again, then you wake up sweating in the morning because you forgot to adjust the timing, or today is warmer than yesterday.

It's relatively simple to set up, too. Obviously you have a central control, a temperature sensor in each room, an external sensor, and a servo on the valve of each radiator.

Putting to one side the expense of controlling the boiler itself, the rest SHOULD be relatively cheap, if it wasn't that most British houses simply aren't designed for easily running new cables.

Instead, running cables requires ripping up floor boards, removing and replacing plaster which in turn leads to redecorating and wildly escalating expense.

You might ask "what's the point in drastically changing architecture for something that happens so rarely?".

In return I ask you this: Why do you think it happens so rarely? How often have you re-arranged a living room and thought "I wish we have a couple more sockets here instead of over there". And I'll wager that's as far as you got, because it's such a pain to move sockets.

Revive revived: Oculus DRM push shattered as DIY devs strike back


I think this is a step too far

At what point can we start calling out anti-competitive behaviour?

It's just a gaming peripheral! This is like a joystick manufacturer trying to block competitors from working.

If this were a case between Microsoft attempting to block Logitech, then there'd be almost no question, but because Oculus are mainstream darlings just like Apple, they can get away with anti-competition.

Japan travel agency fears leak of 7.93 million records, passport deets


Re: I think that this really highlights the weakest point in any security system is the human.

Well, Flash certainly has a lot of security holes, granted, but I was talking more about the actual binary you are downloading being compromised.

Along those lines though, both Flash and Java have some nasty trojans. Since when did blue-chip companies think it's acceptable to try and slip browser toolbars and homepage changes in with legitimate security updates?

We have a few groups of machines where the users have local admin rights due to a combination of technical and political reasons, and I have to run weekly scripts cleaning out the Ask toolbar, Mcafee, and countless other pieces of performance sapping junkware from them.

I suppose in a way, it's good training. If you can't trust names like Adobe and Oracle not to sneak unwanted crap into your machine, then you won't trust anyone. On the flip-side though, I've met a lot of users who have been brow-beaten and conditioned into accepting it as the norm.


I think that this really highlights the weakest point in any security system is the human.

Nearly all infections of end-client systems today use large factors of social engineering, and there is no simple answer to this problem.

The inherent issue is trust. You HAVE to have a degree of trust in everyday use of a computer system. Just like every day, you trust that when you swing your legs out of bed, gravity will allow you to stand on the floor, every day, you click on My Computer (or the equivalent) and trust that it will list your files, and not format your entire hard disk.

But you don't KNOW that. You don't perform tests every morning to ensure that gravitational pull between the earth and your body is still functional, just like you don't parse the binary code through a hex editor every time you open your documents window, and for good reason.

That's because in those two scenarios, it's pretty much 100% certain this will happen as expected, but then we venture into the grey areas.

Say, you've got an old wooden ladder. You've had it years. It's a bit green with moss, but feels sturdy. How long though, before a rung snaps while you're climbing it? When is the point that you stop trusting it?

We face the same conundrum with software on the internet. How do you KNOW that the next Adobe Flash update hasn't been compromised? Where do you draw the line? Just how dodgy does a website have to look before the risk outweighs that useful looking free app? Once you've downloaded and authorised it to install, you've got absolutely no idea what that code is actually doing, no matter what platform.

Process monitoring might have worked in the nineties, but today, software packages are so vast that it's trivial to hide a few discreet actions amongst the flurry of of multi-processed shenanigans. And I'm not talking bloatware, either. Modern software has to cope with networked, multi-platformed, virtualised environments as par for the course.

Microsoft implemented the UAC, which flashes up an alert when a program attempts to do something with elevated privileges, but once you grant he installer permission, you've got no idea what it's actually doing. You can argue for more layered permissions (and on domain machines we can implement them), but in practice there is so much software out there that legitimately needs to modify drivers, for example, you'd just end up blindly clicking more UACs.

I thought Android had the solution when they implemented a permission list at the point of install, but in practice, it's just needlessly scary, and doesn't really help.

"Woah, this gourmet app needs access to internet, my phone, my GPS, and storage!"

Yeah, that's only so it can download the restaurants menus, show you how far away they are, allow you to phone them, and cache details.

There's nothing to stop it using those permissions to say, upload my constant location to the NSA while scanning my photos for nudes and posting them to a Mexican gay porn site, and I'd be none the wiser.

I just have to trust that it's doing what I expect it to, and that trust is based upon my own experience and knowledge, which is considerably higher than the average Joe.

Further improvement has been made now the access permissions are granted dynamically, but Joe really doesn't gain much more control or awareness.

While it still lists the permissions the app needs at the point of install, the actual access isn't granted until the app tries to use that permission for the first time. This adds a little more oversight to the user, giving you a slightly murky view into what's actually happening under the bonnet, but again, it's limited, and it relies on the user having an instinct based on experience for what could be dodgy behaviour.

And there's nothing to stop a coder creating a trojan that legitimately DOES need the permissions it requests, and DOES use them, while also uploading your dick-pics to dirtyamigos.com. An app like that could remain undetected for a very long time. The Flash Keyboard app was only flagged because somebody asked "hey, why does a simple keyboard app need all of those permissions?"

Then of course, you have heuristic malware scanners. These are basically anti-virus programs that look for dodgy behaviour, rather than a direct mug-shot of a know virus, but this technology has been around for decades, and has never caught on because it's AI is not much better than the average joe, flagging more false alerts than real threats, and often causing users to break software because of panicky false flags.

Maybe heuristics will improve, but looking at the progress of the last decade I don't see it becoming our saviour any time soon.

Is Windows 10 ignoring sysadmins' network QoS settings?


Re: Self appointed Mythbuster to the rescue!

The example you gave was an already installed piece of malware using BITS as the mechanism to download other malware. Although the article doesn't state the initial point of infection, the overwhelming odds are that it was from a compromised Apache server using an Adobe Flash vulnerability, as that's is 90% of attack vectors in use today.

As with any operating system ever created, once the malware gains elevated privileges, it can subvert any internal component it wants, hence the huge swathes of compromised Apache servers spewing their SQL tables to world + dog.

This is not an example of a man-in-the-middle attack that has successfully poisoned a genuine windows update. There has not been a report of a successful attack using said means.

As for your assertion that this must be a larger problem, I think we need to apply a venn diagram principle to this matter.

For this to be a problem, the following criteria must be met:

1) No WSUS and/or no domain. I obviously concede there are a great many places that have just one or two standalone computers, but this on its own is not enough to cause a problem.

2) An asynchronous internet connection that is erratic enough to repeatedly trick the Akamai servers. Like the vast majority of data transmission protocols, the Akamai server slowly increases the RWIN (Receive Window - the number of packets the server transmits before waiting for an ACK, or Acknowledgement packet). This is to reduce delays introduced by the RTT, or Return Trip Time, which is basically just waiting for a response, which places an artificial cap on the maximum bandwidth, because if it has to wait for an ACK for every tiny packet, both ends sit needlessly twiddling their thumbs. That's why UDP is faster than TCP, but I digress.

So, the Akamai server increases the speed until the client says "hey, slow down!" and they dial it back, just like optical drive reading speeds. This won't cause a problem on a consistently slow connection, as both ends will agree on a transmission 'speed'. Nor will it cause a problem on an internet connection that slows down, as they will re-negotiate a slower speed.

No, the precise circumstances require the connection speed to go up and down like a yo-yo, and it has to do so often enough to repeatedly trick the Akamai server into increasing its' RWIN with enough frequency to cause packet flooding at the clients router end. Again, this is certainly possible, but affects only a percentage of slow internet connections. This technique is pretty standard practice, to negate the inherent flaws of TCP.

3) Finally, Both Windows Auto Tuning, and Windows Scaling Heuristics need to be fooled into believing the internet connection is much faster than it is. These algorithms are more reliable than Akamai, as they are closer to the users router, and use a broader average to guestimate bandwidth. This is usually caused by a misconfiguration in the network settings, or poor reporting from router hardware.

The vast majority of users report these two technologies SLOWING bandwidth, not the other way round, so it's possible that Heuristics has been disabled. A common novice error, disabling swathes of services because they think they don't need them, and then usually complaining to me at dinner parties that their computer is "broken", and do I have a spare minute to look at it...


No, you can install WSUS on any Windows computer, and continue to use that machine for its original purpose


Re: Self appointed Mythbuster to the rescue!

@Simon Hobson

"So in fact, it's useless as the vast majority of computers that are domain joined are likely to be better managed, but domain joined computers are in a minority anyway. Most small businesses don't have a domain etc ...

So if you are correct, MS have gone to a lot of trouble for nothing, and this won't help the majority of people who could actually use it."

You don't need a domain to mitigate this problem, as I pointed out in the original posting. Yes, peercaching is a great feature, but if a half-competent sysadmin wants to prevent the large packets from Akaima, and has zero budget, then he/she simply needs to do the one thing they should have done right from the start.

Install WSUS. It's free. You don't even need a domain controller. You can install it on any Windows client, and configure the other machines to pull updates from it instead of the internet. There you go, problem resolved. Microsoft provided this option about 15 years ago.

Seriously, this is from page 1 of Networking For Dummies, and should be the very next step after setting up DHCP and DNS if you've got more than 3 computers in the building.

Oh, and of course, the patch packages are also signed. That goes without saying.

@A Ghost

"Thanks for confirming that Microsoft actually ARE using some KIND of peer to peer distribution bespoke software, to redistribute their malware, without asking. That's not just rude. It's against the law. If I did that to a machine on your network, are you telling me you would not report me and my IP to the Police? I think you would. Especially if you had asked me to stop, on 'several' occasions."

I think your tin foil hat must have slipped, because the lizard people appear to be controlling your thoughts again.

What part of having to configure peercaching makes you assume that somehow your next door neighbours computer is secretly slipping updates to you? This is only for domain joined computers (or Homegroup, if you fiddle a bit) and is disabled by default.

I despair sometimes when I read the comments on articles like this, which highlights the dire lack of training in IT "professionals" who are running small networks, and blaming their failings on the tools.

Remember, these are security updates. I'm no longer surprised at Microsoft's aggressive stance on pushing them out, when all I see in comments is bemoaning having to do your job properly and shoddy security practices.

I only wish the open source community enforced this kind of mandatory update regime. It seems I only need to sneeze while filling in a web-based form, and 5 random Apache servers dump their username and plain-text stored password tables for all to see.


Self appointed Mythbuster to the rescue!

Firstly, Microsoft are *NOT* using bittorrent to distribute their updates. Nor are they using bittorrent protocols between clients. It's Microsofts own technologies, called BITS and Peercaching

This is actually a technology to help poor souls who have poor internet connections in remote offices. If you have a small office in say, Bora Bora, you simply configure that site to allow Peercaching. Then, once one machine on that site defined subnet has the update, it shares it with the other machines, negating the need for them to all phone home, alleviating the strain on that sites internet connection.

This is not a security issue, as the clients will only trust domain joined computers, which are validated by their AES256 certificates, so to inject malicious content, the hacker would have to obtain a certificate AND spoof being on the same subnet. It's much easier to just use a Flash vulnerability.

Of course, if you are using a 3rd party patching system, and have NOT configured WSUS to be disabled, then naturally, those machines will be oblivious to the fact, and will attempt to patch themselves regardless. I genuinely wish that every product had a centralised patch management system as advanced and FREE as WSUS, but it's relatively trivial to point the clients update service at say,, or enable the option "Do not connect to any Windows Update Internet locations" in:

Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update

Few of these technologies are very new, most of which were available in Win7, and it's been the case since XP, that you can set throttling scheduling for the Background Intelligent Transfer Service. Peercaching can be configured separately. You can also define the behaviour of BITS on costed networks.

Also, if you have not correctly configured your Active Directory sites (which also allows you to specify bandwidth scheduling), then those machines will not know the difference between a computer on the desk next to them, and one 30 miles away on the other end of a piece of wet string.

When it's all been set up correctly, these technologies do a damn-sight better job of nursing your precious bandwidth than most other products, including the *nix derivatives.

While I do have some sympathy for those home users stuck on poor ADSL and even dial-up, the larger downloads is an industry-wide trend, not limited to MS. I frequently see the likes of Firefox, Java, and Sophos pulling 140MB updates, and yet none of these products have options in the corporate market for proper throttling.

This is in fact why our smallest branch sites have a ban on Firefox, Chrome, and Java. We've even switched antivirus to MSE, because it obeys the throttling rules. Since we removed 90% of non-MS products from said sites, we've seen dramatic improvements in overall performance.

I am speaking from actual, genuine experience. We configured the sites properly, got rid of the 3rd party crap, and things got better. It's that simple.

You may now commence with your "shill" comments.

Brits don't want their homes to be 'tech-tastic'


Very little to tempt

That's entirely unsurprising. I mean, I'm one of the geekiest tech-heads I know, and even I have very little interest in a lot of the gadgets out there. So far, the Internet Of Things hasn't come up with anything truly compelling, and if they can't sell an idea to a guy who runs a 5TB file server in his own house, it's got to make you wonder.

An internet connected kettle? Really? The internet connected fridge might be useful if you could quickly check how much mayonnaise was left while you were at the shops, but the technology just isn't there yet. I've seen some demos, and the faff of scanning items in and out of the fridge seems to be more work than simply picking up the items you forgot from the corner shop.

The fridge that automatically orders online also seems rife with problems. Ordering online from who? One of the big supermarkets will pay big bucks to get preferential treatment. What if I only bought that item because it was on offer, or tried it and don't like it? Do I want it blindly re-ordering? Isn't my consumer choice one of the few freedoms remaining, so should I trust that freedom to a robot?

It's all very well wiring up appliances so they can be switched on and off by remote, but we've had that technology for decades, and the reason it hasn't caught on, is because you STILL need to physically walk up to the device to put something in it, like water in the kettle, bread in the toaster, clothes in the washing machine, etc. The only one that does make sense with is the cooker, but almost every model sold today comes with some sort of delay timer built in already.

The most attractive element is smart heating. That I can understand the benefits of quite easily, as I'm sure most people can, but it's not cheap to install. Especially if you want to maximise efficiency, which includes independent radiator control and automated windows. Depending on your usage, that install cost could take a long time to recoup.

The roomba-type vacuums seem the closest to a proper product, but they strike me a under-powered, and unless you live in an obsessively tidy house, the damn thing will spend most of it's life stuck in a corner.

Then there's the smart home products like Nest. A collection of cameras, motion sensors, light switches, and sockets that all use ethernet over mains to simplify the install.

Tempting from a security standpoint, until you discover that these devices are riddled with security vulnerabilities themselves. Ironically, making your house easier to hack into.

Troll seeks toll because iPhones work


Let me get this straight....

You're a patent troll with a weak claim, and you decide that your first target should be one of the wealthiest companies on the planet that since the death of SCO, has the most vicious, underhanded, money grabbing, uncaring, vitriolic legal departments of the modern world?

Best of luck with that! I hate patent trolls, but I actually feel sorry for these guys. I'll be surprised if they leave the court room with all their internal organs.

The 'new' Microsoft? I still wouldn't touch them with a barge pole


I'm not so sure it's ALL Microsofts hubris

While I agree with Trevor's points, and I certainly understand his view, I'm not entirely convinced it's Microsoft's arrogance that's entirely to blame. Don't get me wrong, there's still a whiff of it, but I think the fault is deeper.

I think a great deal of that arrogance got knocked out of them back in 2003, when their collective ego took a huge hit from the sasser worm fiasco. Famously, Bill Gates wrote the "security, security, security" email, collectively slapping his entire company. I also sensed a bit of change in their attitude from that point, too. Certainly from a sysadmins point of view. I think there was a slow realisation in the upper echelons their products were used by every fortune 500, and combined with the EU monopoly sanctions, they were no longer a completely invulnerable, and with each new release, I got the strong feeling of improvements aimed at us specifically.

I think that the problems Trevor has pointed out, could possibly better explained by the companies complete lack of a rudder since Ballmer took over. They're like a dog suffering from ADHD on a bouncy castle that just had the contents of a ball pit dumped in it.

Their zig-zagging path is littered with the corpses of "nearly there" and "so close" projects that could have been something truly special with just a little more development, or even patience, because the market wasn't ready.

"Hey, what that Apples doing? Quick, everybody in that direction! Wait, is that a cloud service?!?! Everybody, drop what you're doing and come this way!!! Oooh, mobiles! We must do something now! I don't know what! Buy something big!"

I certainly agree that from Trevors perspective, certain departments have their own flavour of ego stroking, but I believe that culture's probably been allowed to grow due to a lack of strong leadership.

I think Microsoft needs another Bill Gates, or even a Steve Jobs like character, as long as he/she realises Microsoft's bread is buttered in the corporate world. We can but dream...

Oculus Rift review-gasm round-up: The QT on VR


There are some fundamental problems with VR

I never quite understood the hype surrounding this. VR headsets are as old as the hills, with Virtuality doing pretty much all this in 1991. The only thing that makes this headset different, is the high resolution and more accurate head tracking. But this tech has been round since the early nineties, and never caught on, due to some fundamental issues. If it was going to catch on, then Google Cardboard when have been a much bigger success that it was. After all, Googles solution gave you about 80% of the oculus experience, for the price of a pint of beer.

The primary problem is that while wearing it, you're blind to the real world, so unless you either have a huge empty flat space, or are happy smashing your shins on the coffee table, you're fixed in one spot. You also can't keep spinning round, because at some point you'll strangle yourself with the cord. While being able to look around 180 degrees is nice, it doesn't deliver on the REALITY part. If you're playing this in a room with other people, at best they're pulling faces and waving fingers at your unseeing face. At worst, they're making plans to set fire to your hair.

Another minor point is that this limits your in-game abilities to your real-world physical dexterity. In a shoot-em-up, you can spin 360 degrees and sniper a bad guy in a fraction of a second with a mouse. Your neck would seriously suffer trying the same in this kit, and don't we play games for escapism? When was the last time you played a game where the hero protagonist hobbled about complaining about a trapped nerve?

No, the real tech to keep an eye on is HoloLens. This really is something new, and has great potential. Augmented reality with astounding accuracy. Imagine creating a game of Worms 3D with your mates on your coffee table?

Suddenly, an empty pizza box becomes your battleground, a crushed beer can a strategic sniping point... Create your own Little Planet, or Lemmings map using DVD boxes and see how they work?

Proper holographic calls where Grandma in Sydney is sat in a chair in your own living room. The potential is almost limitless.

Apple had more CVEs than any single MS product in 2015, but it doesn't really matter


Interesting discussion on weightings

Just throwing this one into the mix.

Weighting of CVE severity certainly makes the numbers a bit more sensible, but being devil’s advocate, perhaps to tell who has the worst record for code sloppiness, we should also factor in market share?

One of the key trends we have seen when it comes to vulnerability discovery and exploitation is that it correlates closely to the number of machines in the wild, and there is strong evidence to show causation.

Hence the term "security by obscurity". We all know that (with the exception of government spy agencies) hackers and virus writers only target systems with a large enough pool to make it worth their time. After all, 90% of malware is written for financial gain.

The MS platforms and Adobe Flash are obvious targets because of the sheer numbers, and the potential bounty that can be retrieved en-mass from the compromised machines. Hence, more beady eyes scrutinising the code for weaknesses.

I'm not a statistician, and have no talent with numbers, but in a very generalised manner, I can say that factoring this in would make Adobe's case look a little better, but would place OSX in a very poor light, indeed, given its very tiny market share.

On the other hand, this meteoric rise to vulnerability infamy for OSX could also be a short one?

Just like Windows XP back in 2003. The very sudden explosion in broadband connected machines meant a glut of vulnerabilities that had been dormant for years, (in the NT code) but were not exploitable in any practical way. Once exposed, Microsoft worked very hard, and quite successfully, to improve the security of their OS.

Perhaps a similar story is playing out with OSX? Until very recently, there was no real financial incentive to go looking for bugs to exploit in OSX, due to the very small numbers, but with the success of the iPhone, mac numbers have swelled dramatically, and therefore has become a viable target.

Maybe Apple will wake up and start taking security seriously? Maybe it'll take an iSasser worm to shake them out of apathy?

Predictable: How AV flaw hit Microsoft's Windows defences


Re: The MS platform is pretty robust these days, but it only takes one bad Apple

The only place perfection exists is within theoretical mathematics. While I understand your point that the monitoring and management layer could be targeted, any system without management and monitoring is more susceptible by factors, and therefore less secure by factors.

It’s an engineering compromise. Just as perfect security would require putting several bullets through the hard disk of the device. Even air-gapped computers are vulnerable if the human that gains access is compromised, but knowing that a compromise is occurring, or that a vulnerability has just appeared is vital information.

I think your back door analogy is somewhat flawed, because the two motivations are radically different. The proposal to put a back door in existing encryption technologies is not to ensure that the encryption technology itself is functioning properly, just as the monitoring and maintenance software does not tell me what the user is typing into word right now. One is aimed at bypassing the inherent security, while the other is geared to ensure it stays up. Therefore, using the former for malicious intent is a lot easier.


The MS platform is pretty robust these days, but it only takes one bad Apple

Watching the last decade play out in the IT world, I think the biggest surprise for me is just how much I like MS products. Yes, Redmond have made huge leaps in security technology, and in many ways the Windows OS is superior to some, but I’ll tell you where TRUE security comes from, and it’s not down to writing code that checks for buffer overflows.

Rewind to the start of the millennium, and if you so much as mentioned Bill Gates to me, the room would be filled with the palpable taste of tin as my rage and vitriol spewed forth. I hated the company for stifling the software ecology, killing the shareware culture, and stamping out the competition with unfair practices, forcing me to use their inferior products.

I think the first twinkle of change began with Win2k. At least when it crashed, I could restart the explorer process. Woo hoo! Then XP came along, and I was actually very impressed with it’s multiple display capabilities. I became a sysadmin shortly after that. It was then that my eyes began to open. You’ll never really fully understand the power and flexibility of the MS platform until you’ve played with Group Policy Management in a domain environment. It’s only then that the tip of the iceberg reveals itself to you, and you begin to understand the point of the registry, and what all these “useless” services running in the background are for that you keep disabling.

I was running a medium sized school network at the time when the Sasser worm struck, which triggered Bill Gates’ famous “security security security” email that changed the companys focus. When the Sasser worm struck our network, it was unable to cause any damage. The details are a little hazy (it was a long time ago), but it was due to my disabling of certain services and file permissions via group policy, that prevented it from being able to install.

Even back then, it began to dawn on me that as long as you worked professionally, the MS stack was the least of your worries. The first warning shot was Firefox. Yes, when you compared them on a technical level at that time, Firefox was faster, more secure, and had more features. What it didn’t have was central management. You couldn’t even define the home page centrally, let alone restrict what plugins it could use, and this factor proved more important than any other, especially when you had over a thousand school kids hammering away at your security, visiting dodgy sites.

IE7 may have been riddled with ActiveX vulnerabilities, but you could create a white list of sites that were allowed to call them, and even restrict plugins like Flash to only running on specific sites. You could also spot at a glance in WSUS if any of your computers hadn’t installed any security updates that were being actively exploited. Firefox on the other hand, was a black hole on your network. I was once called by a teacher who said certain website weren’t displaying correctly. Turns out, he refused to update from Firefox 1.0, because he liked the look. Naturally, his laptop was infested.

Fast forward to today, and this situation is even further polarised. MS have been so focused on security in the last decade, their products are the least of my concern. It’s the unholy trinity of Java, Acrobat and Flash I have to worry about. Ironically, I keep them patched using a combination of Ninite, and SCCM to deploy the patches. And now, we have the Internet Of Things to worry about.

Historically, Unix may have been a superior network platform, and hence the various ‘nix flavours had a technical advantage, but this means diddly squat in the real world. Where is Samsung’s version of WSUS, to alert me that the smart TV hanging in the foyer is unpatched, and could pwn my network at any minute? Or the HP printers? Or the Canon Scanners? Or the Linksys access point the sales team bought with their own budget?

Even when they do have some management/patching tools, with weary inevitability, I find myself thinking something me of ten years ago would be horrified to hear. “I wish this was as good as Microsoft.”

Every single OS and software product has vulnerabilities waiting to be exploited. The real only security is in central monitoring, and control.

Apple's design 'drives up support costs, makes gadgets harder to use'


This what I've been saying for years, now.

Apple have been dragging the entire industry down the wrong road in interface design.

Microsoft, who are legendary for lacking any form of imagination have been aping their ethos, which has led to the disastrous Win8 UI. It only works well if you already know how to use it. From my many years of working in the IT industry watching users painfully navigate various UIs, there is no uncertainty that this is the wrong approach.

A good example of this minimalist ethos gone wrong is win8 swipe in from the edge of the screen. It's actually really useful, and quick way to access options and switch between apps, but, guess what?

There are absolutely no clues, visual or otherwise, to indicate that this is something you can do! I've been using computers since I was 5 years old, and when I got hold of my first Win8 fondle slab, it took about 10 minutes for me to discover that feature.

If it took me 10 minutes to find it - by accident, then my grandma has no hope at all. Ever. I was overjoyed when touch screens started to become common place, along with powerful 3d graphics capabilities. The UI designer in me knew this was a huge step forward in intuitive design, but then Apple decided to take a huge step backwards, and being flavour of the month, everyone else did, too.

It was like the emperors new clothes. Microsoft threw away the transparencies in Win7. An idiotic move. Transparencies allowed you to see that there was another window or box behind the one you're looking at - a genuinely useful UI feature on the cluttered desktop of a busy days work. The 3D effect and drop-shadows aren't just there to look pretty and waste resources, they are visual clues to indicate at a glance which window is on top, and which is selected, and they work intuitively, because they mimic visual clues we use in the real world to perform the same visual identifications.

Then there was the loss of one of the greatest UI helpers of all time. The roll-over. This is more due to the change to touchscreen, but the Apple ethos didn't allow for any means to compensate for its loss.

I can't emphasize strongly enough how important the roll-over was. If you weren't sure that "thing" on your screen was actionable, you simply moved your mouse pointer over it. If it was, either it, or your mouse pointer would change.

This was so fundamental to our learning of new UIs, the loss of the roll-over should have prompted the entire industry to frantically come up with new and different visual clues to aid the touch screen user, and initially, we did. But then Apple decided it was too messy, and besides, everyone now knows how to operate touch screens, so let's throw all that junk away.

And like idiots, the rest of the industry followed.

Well, here's the thing. The rules haven't changed, because you're still designing for human beings. If it's supposed to be a button, then make it LOOK like a button. You have to give them clues that they're supposed to press it, and that they have pressed it successfully.

Don't just assume the user already knows how to do it. Right, I'm off to clumsily fumble with a Samsung monitor trying to switch it on. Now, is that power symbol on the front a touch screen style button, or is it to indicate that there's a mechanical power on that edge. Or on the back? And is there a second mechanical switch hidden somewhere I have to turn on before I can...

Shocker: Adobe patches critical Shockwave remote hijack hole


Wait, who the hell still uses Shockwave?

I was once a shockwave developer, alas it is a dead and wholly extinct, unsupported platform, now.

Macromedia Director. Ah, those were the days. Learnt it back in '97. Of course, back then it was for Multimedia interactive CDs. Macromedia began shoe-horning web technology into it around the same time they began shoe-horning coding abilities into Flash to make it interactive.

Of course, because Director was designed from the ground up for interactive coding in Lingo, it was a far better IDE than Flash, which is still tea party level eccentric, due to its legacy as a simple animation tool.

Shockwave was far superior to Flash for a good while, able to produce games with richer graphics and complex coding, but its Achilles heel was the size of the plugin. It was monstrous for slow net connections back then, and never got bundled with the OS by default, so you always had to install it if you wanted to see shockwave content.

This crimped its popularity to such an extent web developers began jumping ship to Flash, which only exacerbated the problem since users were less likely to have already installed the plugin due to it being used on fewer sites.

The writing was on the wall for Director/shockwave, and by 2003, it was obviously a dead duck.

You should have upgraded to a different operating system at least once since then, so the big question is who are these 450 million user who have installed an extinct plugin?

Jellybean upgrade too hard for Choc Factory, but not for YOU


Can you spell irony?

Microsoft must be sitting there thinking "Five million lines of code, and an out-of-control branching development cycle? Awwww, that's so quaint!"

That's also SO 2003.

Suck it up, and fix your own problems, Google. Don't just foist the risk onto the 3rd party developers. Your mess, your responsibility.

The 'fun-nification' of computer education – good idea?


I'm on the fence a bit with this one

Unfortunately, we a still direly lacking in the IT education, in terms of teachers skills. I'm all for bringing the opportunity to a younger level, but before that is possible, we'd need teachers who can code.

On the matter of making it mandatory, while I certainly see the possibility of it causing some negative effects, I'd also like to point out this analogy:


While the writer of the article has a very valid point, it reminds me of a possibly similar misconception best personified in Disneys' Ratatouille:

"In the past, I have made no secret of my disdain for Chef Gusteau's famous motto, 'Anyone can cook.' But I realize, only now do I truly understand what he meant. Not everyone can become a great artist; but a great artist *can* come from *anywhere*. "

Surely, widening the trawling net is would improve overall skills? Even if it's only for the next generation of teachers?

'Windows 9' LEAK: Microsoft's playing catchup with Linux


Re: Meeeh

The customer is NOT always right. Especially not in groups. We only need glance at the bland, boring and inane releases of the focus group driven car designs during the turn of the millennium.

At the end of the day, the final decision needs to be made by one person who is brave enough to stick to a vision. It's what saved Apple from their floundering inwardly collapsing business.

I see by your attitudes you are clearly mired in the 90s, and still hold resentment against 'Microshat' for what you deem to be his evil deeds that held down the "clearly superior" operating system, which would have OBVIOUSLY been the dominant OS of choice in business...

Except, that isn't the case, is it? Apple had Jobs (on and off, and it really shows his influence was what made the company a success), Microsoft had Gates, who, admittedly, did let the sheer scale of the monster he'd created get the better of him for a while, but in 2002, really started to turn it around.

Linux has what? Linus? Not really. While I may have respected him some time back, he's merely a self centred bully, and really doesn't have the vision or the power to pull the meandering behemoth in the right direction.

"Linux can now support 1024 CPUs!"

"Great. Will it finally work with the wifi card in my laptop?"

It's truly ironic how this article has picked up on a somewhat redundant and gimmicky feature and said "Hey, we had this for ages!" Personally, I look at the Linux GUIs as "nearly there", and "not quite". And, it's not just me. Corporations aren't stupid. There's a reason they pay gigantic licence fees for Microsoft products.

Having multiple desktops is cute, but Microsoft's Clipbook algorithms have been so far in advance of everybody else', we don't even think of it as a feature anymore. The Linux community should be collectively hanging their heads in shame. It's over a decade since I had to admit that it was the best at copy and paste out of all the OSs, and they've remained ahead of the game since.

"What do you mean, I can't right-click an image in a webpage, copy it, then flick to a remote desktop, and paste it directly into a random third party application running on a machine the other side of the world?"

Linux has a great, and brilliantly designed core, and given its royalty-free, which has allowed it to survive almost exclusively as the core that runs the Internet Of Things but guess what? Microsoft are catching up, FAST!

Linux might always have the Free thing, but as we are now seeing, the vulnerabilities in IOT devices are starting to become a real problem, and when it comes to security, Microsoft have been leading the world for quite some time...

Microsoft: You NEED bad passwords and should re-use them a lot


Re: Disposable passwords for disposable accounts

I heartily agree.

After 20 years of surfing the web, for someone to suggest I use a different password for every single forum or website that demands registration is ludicrous.

For someone to even expect me to remember what websites I've ALREADY REGISTERED with, is just as daft. After 20 years of surfing the net both personally and within my profession, I can no longer count the number of times I have gone to register on some poxy little website to download a driver, or access some page, only to be told "this email address has already been used".

I sit there for a moment, like Gandalf in the caves of Moria, thinking "I have no memory of this place", before trying the default password I always use, and being greeted with "Welcome back, Wibble Wobble!"

I always used to register with dummy names and my old student address, and prior to sites requiring validation of the email address, I always used "f*ckoff@nospam.com" (please excuse my French). These days, I use an old Hotmail address.

Quite frankly, there are a huge number of sites out there demanding too much information. This is going to come back to bite them on the arse, as they are legally required to protect it, and if they do get hacked, the punitive measures could sink more vulnerable SMBs (who coincidentally are the ones without the resources to focus on security). But I digress...

In reality, you only really need a 2 tier password system, and re-use should be fine in both. Here's why: The upper tier sites with valuable information such as email, paypal, banking, facebook et al, are extremely strong on their security these days. They have to be for both practical and legal reasons. They are constantly under attack. Microsoft are at the very forefront of security within the industry, so they know what they're talking about. If you want to jeer at this statement, you'll first need to find a time machine and go back 12 years to when your attitude was valid.

Any bank worth its salt uses a 2-tier password system, anyway, so obtaining the initial password won't help.

In the (highly) unlikely event that one of these is compromised, They are also legally obligated to raise the alarm immediately. Ebay is a case in point, and that wasn't even the paypal account.

LG unfurls flexible SEE-THROUGH 18-inch display


Transparent display for vehicle HUD

I know there have already been several Heads-Up-Display solutions already, but none have so far been able to utilise the entire windscreen..

It's still not up to scratch, UK law requires 70% transmittance - which also includes the glass.

The other niggle, which I believe Google are working on, is lining up the display aspect with the drivers eyes. I think they use a facial recognition camera to determine the drivers eye-line so that the super-imposed imagery lines up with the real world on the other side of the glass.

This raises the question of what the passenger will see. From the passengers perspective nothing will align, and could potentially cause motion sickness. This can be resolved using polarised filtering.

Polarised screens already installed in top-end Range Rovers, so that the centre console screen displays a movie for the passenger, and the sat-nav for the driver.

Once these issues have been resolved though, it would be a quantum leap in satnav technology. The direction, street names, and even what lane you should be in, all highlighted on the real world.

Obviously, speed, rev and other displays can be moved up there too. HUDs improve drivers attention to the road, by reducing eye movement away from the road, which is why they were invented for fighter pilots in the first place

SCRAP the TELLY TAX? Ancient BBC Time Lords mull Beeb's future


Very interesting discussion

Yes we moan about the licence fee, but what's the alternative? Watch ITV? I'd rather sh*t in my hands and clap!

We've got enough detritus on TV with Big brother, Strictly come dive with me, Jeremy Kyle, mind numbing soaps (they should seriously have a health warning stating long term exposure will turn you into an ignorant drama queen), and enough cooking and "talent" shows to numb the mind of even Steven Hawkins.

Certainly, by far and away, the BBC has the greatest wildlife and science documentaries in the world by several light-years. The factually tepid rivals, such as the penguin movie voiced by Morgan Freeman simply highlight how lucky we are. No matter how much money other enterprises from other countries throw at their own attempts, there is always that tangible stain of "dumbed down" that decades of catering to the lowest common denominator always leaves.

I would be out on the street with Molotov cocktails if they attempted to take one penny away from these. The vast majority of outspoken complainers simply don't know how lucky we are. If you'd like an education, try watching American TV! You'll be kissing the ground in Heathrow airport and offering up your first-born to David Cameron to get back in after a week!

I certainly agree that the BBC does need more focus, though. In the technology fields, there does seem to be a lot of wheel reinventing.

Intel ditches McAfee brand: 'THANK GOD' shouts McAfee the man


They all have different personalities

Norton never stopped a virus. It just told you your machine was infected by disabling itself in the system tray.

The software equivalent of curling up in the corner and crying "Not in the face! Not in the face!"

Mcaffee ground your machine down to such a crawl, that it was literally too slow to catch a cold.

AVG is schizophrenic. The resident shield runs as a system service, and therefore can detect viruses locked away in system restore snapshots, screaming bloody murder when it does, but since the triggered scan runs under your account it sees nothing and reports "dunno what you're on about, mate", only for the resident shield to scream "VIRUS!" a few minutes later.

Sophos is the mega paranoid tin foil hat wearer, flagging almost anything you download as "suspicious behaviour"

MSE by contrast could be advertised like a feminine hygiene product. "You won't even know it's there"

Tube be or not tube be: Apple’s CYLINDRICAL Mac Pro is out tomorrow


Re: I thought I'd seen it all...

No upgrades, eh? I assume you don't work in post-video production, or have you not moved into 1080p yet?

Actually, we've seen a very steady and constant move across all the creative industries away from Apple. The music industry has been one of the last Stalwarts. This is in part because they are one of the last to have certain packages available ONLY to Apple, but also because well, how can I put this delicately? Musicians aren't in general best known for their IT literacy, and so as a rule of thumb, appreciate an OS that treats them like they don't know what they're doing.

As a former independent 3D artist I can assure you, that Dusty Bin here will give you the LEAST bang-for-buck, having built my own pizza-box render farms in the past, bulk buying old machines from schools is a great way to get massive power for little cash. It's also very friendly on the old leccy bill. I only needed to fire them up with a WOL script when it came to render time. Hell, that's how Google got started!

Photoshop users require acres of RAM and fast swap files (still not in the same league as video editing) You can either pick up faster kit for the same price, or simply save yourself a bucket load of cash by buying something that doesn't have that little silver badge on it, and get a wider choice in cheaper software.

And the design? Come on! It really isn't that clever, it's impractical, and finally, let's not forget we're talking about a company that was on the verge of bankruptcy YET AGAIN before they produced a funky little mp3 player. After which, their PC business became barely a tertiary interest.


I thought I'd seen it all...

What an utterly stupid design! Pro my arse! I real pro buys rack-mount kit designed to maximize power in the smallest space, while keeping the price-per-watt down.

A REAL pro doesn't care what the outside looks like. A real pro requires a powerhouse that can be upgraded with off-the-shelf parts, contains redundancy, while packing as much power as possible into the smallest space, while keeping the price-per-watt to a minimum.

You waste money firstly by buying it from Apple, who overcharge for Intel components. You waste money because this stupid non-standard round case will require that the Intel upgrades be customised to fit the Apple case. This stupid thing won't even fit under your DESK without wasting space!

Oh, and of course if you opt for the 12 core variant, I assume you've factored in the overhead of upgrading the power supply to your desk, the added air conditioning strain... What's that? You've already allocated that budget for the server room requirements?

Well, I'm sure your friendly BOFH would have loved to accommodate your shiny new Mac hardware in one of his server racks, except.... IT WON'T BLOODY FIT!!!!

Just like every other Apple product when offered up to the corporate market, Apple have designed a round peg for a square hole.

BAN THIS SICK FILCH: Which? demands end to £1.50-per-min 'help' lines


Re: So misinformed it has to be trolling from Which

I'm not exactly sure how you can claim that I am wrong, when in your very next paragraph you confirm everything I have said. Perhaps you skim-read?

As you point out, "Most people have bundled minutes as part of their contract". The over-charging issue is between you, and your phone service provider. THAT is the only component which has changed, and Ofcom knows this.


Sorry, but local and national number categorisation still very much exists, even if most phone service providers offer flat rates. Again, this is nothing to do with the underlying structure, just a sweetener like the Family & Friends schemes, or Virgin-to-Virgin calls offered by your service provider.

The 'revenue sharing' element is a red herring. It's a symptom of your phone providers overcharging, not the cause. While 7p a minute might be a welcome kick-back, it's a drop in the ocean when running a call centre, and wouldn't even cover the tax on the buildings lease, let alone the massive bandwidth pipes, call routing software/hardware or staffing costs.

Almost all call centres are classed as cost centres. The only exceptions are cold-call sales, such as double glazing or PPI nuisance calls. This has nothing to do with your bank or tech support being evil or greedy, and if done from a landline costs no more than any other phone call not covered by a special deal.

You need to take a step back and look at the bigger picture. Landlines are cheaper because they are unpopular. Because almost everyone has a mobile, selling a landline is a cut-throat market, and almost all hardwired phones are sold in internet bundles, hence landline charges were the first to hit the chopping block.

As their popularity increased mobiles have been next in the price war, with the X number of minutes bundles, and similar offers to landline services.

And therein lies the crux. 0845/0870 numbers from a landline cost what they have always cost (obviously adjusted with inflation). They only seem expensive because most phone providers/ISPs exempt them from the ubiquitous deals, and with the exception of British Airlines it seems, all call centres will allow you to use the normal phone number to take advantage of said deals.

So, we are left with one glaring exception. The charges from mobile phones. And who decides the charges from mobile phones?


So misinformed it has to be trolling from Which

0845 is local rate, and 0870 is NATIONAL rate, NOT international. In fact, 0845 SAVES you money, as it is charged at local rate no matter where you call from within the UK. Both of these numbers cost the company for you to call them. To claim they make a profit is idiotic at best.

It is only numbers beginning with 09 that are premium rate, £1.50 being the legal maximum that can be charged. The laws are very strict. You cannot be held in a cue (it will either ring, or you will get an engaged tone - you will never be charged until you are actually accessing the service), and maximum call duration is 20 minutes, which they are required to tell you the moment they pick up the line. You cannot be forwarded in any manner whatsoever to a premium line.

There is no company that uses a premium rate number for customer service or complaints, this is again banned by law. Violations of any of the above can result in the immediate removal of the 09 service, and can be prosecuted under CRIMINAL law.

The whole Which article smacks of trite sensationalist Daily Mail-esque trolling.

The only services allowed to be run on premium numbers are those which you have to pay for, such as sex lines, and non-warranty software support. The latter, I know from experience just barely covered the cost of running a 24/7 line, staffed round the clock by techies on a average wage of £20k.

By all means, complain to Ofcom, but the target of your complaints should be your mobile service provider who has made the very deliberate decision to exclude 0870 and 0845 from any deals within your contract. Both of these numbers were firmly established long before mobile phones, so who are the scammers?

Pink Floyd blasts Pandora for 'tricking' artists with petition


Re: Music was the Greatest Bubble ever...

While I agree with the overall sentiment, I can't agree totally with the notion that this was a unique bubble, the likes of never seen before or to be seen again.

Mozart was one of the megastars. Contrary to popular belief, he did not die a pauper. This is a misconception that sprang up from what seems like his rather small and insignificant grave. In Venice though, having a grave AT ALL is a sign of being in the upper echilon. It's just that the tourists look upon his tombstone, and then the the much grander vaults further up, which were royal family members only, and assume he passed away, forgotten, poor and unloved. Of course, the truth is he was a rich, pampered rock star living the finiest life that 18th century Venice could offer. Of course, 18th century Venice offered disease and an early death more readily....

For every Mozart, Bach and Beethoven, there are a thousand names of budding composers which have been long lost in the sands of time, and for every one of those anonymous composers, there are another thousand orchestra players, who would have died destitute, and spent more time begging than playing.

As for the loss of taste, I feel that's probibly another cyclic pattern. I mean, how else can you explain George Formby!?!? And he's the famous one, which means by definition, he must have stood head and shoulders above the rest! Just this thought makes me weep for humanity! If George Formby was the pinnicle of talent during that era, then his supporting act would have made gangnam style look like Beethovens 5Th!

I don't believe these fashions come back in exactly the same form, just like clothing fashions repeat, but with minor differences. The height of the money tower pyramid created by the birth of the record industry is probably one of those moments in history that will stand out as unique, but I very much doubt we've seen the last of the megastars

Flash flaw potentially makes every webcam or laptop a peephole


Re: Surprise!


I mean, come on! Nobody can be this stupid, surely?!?

You sir, have to be trolling, but in case you aren't, I shall explain for the hard-of-thinking. Flash is Adobe, Chrome is Google.

No Micorosft products listed here, good sir!

Wow. They walk among us!

The gaming habits of Reg readers revealed


Re: No suprises in any of that.

I clearly detect some bitterness in this comment. I'm afraid there's no getting around the immutable fact that no joypad offering has yet come close to the speed an precision of a mouse and keyboard.

I used to be a UT champion back in the day, and watching people play COD on the consoles, it's like they're swimming through treacle. I used regularly spin 180 degrees mid jump and instagib 2-3 players, and I wasn't the fastest! The console world is a far cry from this, as sweaty thumbs mash away at laughibly inaccurate "analogue" nipples, and turning a full 360 takes longer than reading the sunday supplement. This is why they seperate PC from console players in the vast majority of online gaming.

The other genre which console players seem to be laughibly oblivious to their unweildiness is racing games. I really enjoy a good blast round a track now and then, but do so rarely because it means I HAVE to unpack the steering wheel. I won't play without.

I've even had people try to argue that the joypad is superior. If the joypad really was better, or even if it wasn't suicidally dangerous, someone would have fitted a real production car with one, as the novelty value would sell.

If the thought of someone using a playsation controller to guide a 1 ton vehicle down the outside lane of the motorway give you cold sweats, clearly you're not a serious gamer of you use one for the digital variety.

No, the real reason the PC is in decline is because the serious gamer is in decline. A PC gaming rig is expensive to buy, and maintain, requiring constant upgrade, so requires serious incentive to invest. Now look at the games market. Nothing but repetetive sequels as the games giants are too afraid of taking risks, due to the massive cost of development these days.

Victoria and Albert museum in narrow escape from Napalm Death


Was I the only person who read this article, and heard the voice of Nathan Explosion screaming "It's gotta be brutal!"

PC World ordered to rip up promo for next-day repair promise


Unfortunately I've dealt with enough of these types of customer service issues...

to know with almost abolute certainty, that the customer in question here is your typical ignorant arsehole.

He will have been the kind who in general doesn't listen to simple instructions, has no clue how to operate a computer, and will have installed a million browser toolbars, 6 unintended antivirus programs, and every peice of crapware available on the internet within minutes of plugging the dam thing in.

He then phones some poor hapless call centre support bod, and shouts for fifteen minutes demanding a brand new computer.

This all too typical genus is incapable of learning, because he/she refuses to accept just how useless they are at using a computer (never actually reading a message that pops up on the screen before clicking wildly in the hope of getting a new screensaver), and therefore makes the call centre bod's extremely difficult job simply impossible.

I mean, it takes incredible diplomacy to explain to someone who's patiently listening "the reason it's messed up again, is basically because you're an idiot" without offending them. Our poor call centre tech bod (not generally known for their social skills) would stand no chance with Mr. shouty here.

Some of you may think I'm being a little harsh toward the customer, but the evidence is in the story itself. An intelligent, patient man would be more interested in getting his computer working. While obviously annoyed by the unnecessary trip, would chalk it down to a simple misunderstanding, and hey, the PC is here now, and they're willing to fix the problem, so what's the problem?

Microsoft latest to 'fess up to Java-based Mac attack


I'm surprised Mac fanbois aren't proud of this moment

I mean, it's almost as if Somebody out there now considers a Mac to nearly be a real computer!

I mean, somebody's actually sat down, and made the effort to write a virus for it. Why? That's the real question. I mean, what are they going to gain? A huge collection of sepia toned pictures of hipsters drinking latte?

No, this is a sign. It's a sign that there's finally something of worth contained within them! Perhaps...

Tool time with Trevor: 'Organic' sysadmins' spice mush still pretty edible


very good, but there are some schoolboy errors in the design

The first and foremeost, is that users are allowed ONE email address, no more.

This was a disaster when our corporate policy dictated a change in our default email reply-to address.

Firstly, as soon as a user emailed the helpdesk with their new email address (Spiceworks didn't seem to pick up the change in active directory) it generated an entirely new user.

This immediately fractured the ticket history. Secondly, you cannot now update the original users email address, as it has to be unique, and there is a freshly created user (with no details other than email) now reserving said address.

OK, so you delete the newly generated user, sacrificing the associated ticket, and change the address in the original account. Nope. Deleting a user doesn't remove it from the SQL table (just marks it as hidden), and it continues to reserve the email address. So you've lost the ticket, and still can't fix the problem of the incorrect email address.

This is when you have to get your hands dirty in the SQL tables. Deleting the newly generated user record allows you to update the original user account in Spiceworks, but now the helpdesk crashes.

It didn't take long to figure out why (although the Spiceworks logging is pretty woeful compared to most MS products).

To completely fix it, you have to do a search and replace for the erroneously created user ID in the comments, ticket_involvements, and tickets tables. Replacing any reference to ID with the original.

Of course, if a user then decides to use a different one of their email aliases (they all have several options) the whole fiasco will begin again.

I really like Spiceworks. I really like the fact it's free, but I would have some very serious reservations about paying for something with such fundamental issues. Especially now that I've seen under the bonnet!

Why do Smart TV UIs suck?


Re: Media Center and their extenders

@stu_ekins – Yes, I do have a TV licence again. Posting anon though, due to references to download activity, which I continue to do simply because the legal alternatives don’t provide the same quality of services.

Indeed, there are some good products out there, but you have to wade through an enormous pile of dross to find them. On top of this, brown goods documentation is notoriously light on technical info, making your purchase decisions all the more difficult, and to be frank there is no financial incentive for the manufacturer to provide additional support and upgrades once you’ve purchased the item, so the many comments here indicating an industry wide dearth of firmware updates, while sad, comes as no real surprise.

One major gripe I have is the complete gamble you have to take with HDMI CEC support. Because it was only an optional component of the standard, the features that work on it are almost random. Sony barely support it at all, as they have their own solution (which only works on Sony products).

Try finding the supported range of CEC commands of your next TV/HiFi/DVD player before purchase! I used to work as a multimedia technician, setting up everything from lecterns for presentations to turn-key kiosks, and the very first thing we learned was that if you wanted to make the installation work properly, be idiot-proof enough for unassisted use, and future-proof for new features, you had to use a PC.

If something on a PC doesn’t support a certain feature, doesn’t work in the required manner, or doesn’t integrate with your pre-existing configuration, you can change it. Without a computer as the hub, all the individual components that make up your desired solution are a bit like the shapes and holes puzzle. Except that all the shapes were moulded by the same toddlers the puzzle was aimed at. You will get things to fit eventually, but it will never be seamless.

My parents, both in their 70s are not complete luddites, but they struggled so badly with their Smart TV/DVD/PVR/Set-top box/Hifi and the many remotes (oh, god, the remotes!) that I offered to set up an alternative.

Now, with a single remote, they can easily navigate their TV/streaming and catch-up/music/pictures/recordered and 1.4Tb of moveis, TV shows, Documentaries and Stand-up through a single unified interface.

Seriously, have a look on youtube at mediabrowser 3. I’ve tarted it up a bit more than the videos, so it looks even prettier, and is astonishingly easy to use.

And I haven’t even touched on the low cost of upgrades to support new features. This all started with a conversation about them buying a new TV to get DVBT-2 support. They now have this, AND blu-ray, for less than the price they were intending to pay.


Re: More grunt and customisation needed.

Never buy Sony!

This is not a new problem, and a very deliberate tactic. Bare in mind, Sony are the single biggest muscle behind the War On Piracy (ironic since their tape recorder very nearly didn't get released because of the exact same legal actions).

Since the start, Sony CD players haven't recognised various flavours of recorded CDs, their DVD players plead ignorant if you put a disc in them that isn't exactly the right colouration to be legit, and support for any digital format that could be linked to non-payment downloading is suspicious by its' absence.

Add to that their woeful support of HDMI CEC (preferring to try and foist their own proprietary solution, and lock you into all Sony kit) and the fact that their reputation for quality has far exceeded their ability to deliver for the last 20 years…

Software sucks these days - and just maybe it's all YOUR fault


I'd agree with Paul 87 and therums about the Internet, but I'd like to submit XP as another factor

My reasoning is thus:

Before XP, home and professional markets were completely separate, and their two methodologies as alien to each other as carbon and silicon based life forms.

If you were designing software for NT, then your target market was clearly identified as a networked, business environment, and you designed your software appropriately.

This meant compliance with networking and security standards. Your software had to be resilient and flexible enough to cope with the myriad of network configurations, ACL restrictions, and of course, you are answerable to your multinational client with its army of lawyers.

If you were writing software for the home market, on the other hand, it was much more of a Wild West. Games were dumped in the root of C: so that they could be quickly navigated to in DOS, and rules were merely standing in the way of you gleaning a couple more FPS out of your game.

You were actually rewarded for bypassing standards, blitting the hardware and taking shortcuts.

Along came XP, and these two worlds collided with such force, we are still feeling the chaotic repercussions today. When the NT kernel became the platform for both, XP was flooded with rule breaking games, and hastily banged out code by teenagers in their bedrooms.

This quickly gave rise to the situation we are all familiar with. You had to run as nothing less than admin for all your software to work. This quickly bore a vicious circle, with small developers, lacking the resources to fully research all the intricacies of the NT platform, simply making assumptions that this should be the norm.

As evidence I submit my time as sysadmin in a school, 5 years on from XP release. The niche software, sometimes written by programming teams of one, would make a security consultant break down in tears, often storing config files in the windows folder, ignoring the registry, making assumptions about profile folder rights…. I could go on… and on…

Even Mozilla are guilty of many similar faux pas, which is why you don’t see any real corporate take-up. The sudden influx of lazy and/or hacker coders gave birth to a compromised NT environment that lasted more than a decade, giving rise to an entire new generation of coder who believed that this was the way things should be done.

I’ve only recently seen a change in trends with the proliferation of Win7. If the UAC comes up at any time you’re not installing NEW software, the programmer has done it wrong. End of story. The UAC is embarrassing a lot of corporations to go back and write it the right way, but we’ve still a long way to go.

Perhaps Win8s Android-esque declaration of rights at install time will push things further in the right direction?

Microsoft offers Internet Explorer 10 preview for Windows 7


If you try to suggest to any knowledgeable IT heads that they switch their corporate usage to Firefox or Chrome, you will be laughed out of the office, and rightly so.

Neither Firefox or Chrome can be centrally managed to any level even close enough to warrant a few seconds consideration. They are barely even written correctly for the windows platform.

Until only a few revisions ago, Firefox used to store its internet cache in the roaming profile folder, and Chrome used to install itself in the application data folder.

These are primary school mistakes that barred them from any serious network infrastructure on their own, but it doesn't end there. How do you set the corporate homepage? While the bigwigs in management might be allowed to play, how do you lock down all the configuration options so the plebs in the call centre don't drum up hundreds of support requests a day? How do you restrict Java so it can only be used on your intranet?

You can't even prevent them from installing crippling browser toolbars. When you've got 30,000 workstations to run and maintain on multiple sites, these aren't inconveniences. These issues will bring the world crashing down around you.

As a network administrator, priorities most often run by uptime of services, and then security. Where are their central update services? How do we ensure that every copy on every workstation has been patched against the vulnerability which has just gone wild?

In just the user section of Group Policy Management, IE has 801 configuration options, allowing you to customise everything from the proxy, homepage, activeX filtering, AJAX cross document messaging, autocomplete, plugins, allowable downloads and a miriad of others that could potentially be security vulns.

These options can be applied based on the user, the computer, a safe list of websites, IP range, certificate validity, and more, or any combination of the above to provide such granular control that a good sysadmin can lock down the browser to almost read-only levels when entering the wild, yet allow unprecedented access within intranet applications, without the user being aware.

By comparison, an unmanaged copy Firefox can do as much damage as a virus.

Oh, and if you want to moan at someone for the lingering existence of IE6, look unto your own profesion. Do you think we enjoy our users moaning about that crappy old version? Or that we like being out-of-date on patching? It's because the sprawling corporate intranet hasn't been updated to cope with the newer versions (and certainly won't work with Chrome!).

I'm not calling your ilk lazy. Naive, yes. That intranet is probably tied into 100,000 POS systems whos OS is hard coded in such a way to make it unfeasable to upgrade.


I'm by no means against the basic principle add-ons. Plugins, filters, bolt-ons, themes and extensions have been the saving grace of many applications. The problem comes from too many, or badly designed add-ons that cripple performance or cause instability in the host application.

Another feature I quite like in IE9 is the way the add-on manager not only keeps you alerted to changes, but also displays the performance hit you accrue with each one.

Given the amount of time I spend using web-based systems, disabling Java made a huge improvement. Alas, the only way I could streamline the browser any further would be to disable the AV add-on.

I only re-enable Java when I have to deal with certain network switches and printers etc. I can't remember the last time I stumbled on an actual website that required it.

The real attraction of IE for me is that I no longer NEED the miriad of add-ons that were prerequisits in the past. Back in the glory days of FF, websites weren't such resource hogs, and therefore if your browser was a little flabby round the mid section, it was barely noticable.

It still amazes today how much of a drain a website can be on your system. I've frequently seen browser instances of all 3 top 300Mb memory usage. With this in mind, streamlining makes a lot of sense


actually,in terms of security, resources and stability, Firefox is now about the worst at the moment.

IE 8 introduced the accelorator feature, which is pretty awesome once you know how the get the most out of it.

IE9 the introduced the pinned sites feature. This is a major boon, as a pinned site acts more like an installed application than a webpage. Sites that support this feature, such as facebook, outlook etc. can display notifications on their taskbar icon. This is an extremely useful feature for webmail!

Oh, and who wants yet another browser slowing plugin (FF, I'm looking straight at you!) like adblock, when you can import the ad list URL into inprivate browsing to achieve the same result?

By comparison, other browsers have demonstrated little or no new innovations that have really been game changers for me, at least. Firefox came close with the new tab management system, but while I was quite excited initially, my usage of the feature quickly subsided, consigning it to the 'gimmick' catagory.

Mozilla have screwed up royally to lose their userbase to Chrome so badly.

Don't get me wrong. I used to be a devout FF user for many years, until later versions became slow, unstable and a massive resource hog. I also hate the combined URL/search in IE and Chrome! I've gone through the gamut of browsers over the years. These days when I need raw performance for something like a flash game, I load the site in Chrome. But I soon start to miss the notification indicator and the ease of quick searches using accelerators, so it's not long after the game I revert to IE9. If IE10 delivers on performance, then Chrome will get kicked to the wayside too.

I do pity those who can't keep up with the times. Sorry, but 90s called asking for your opinions back.

Sophos antivirus classifies its own update kit as malware


Thank goodness for SCCM

Thankfully, I managed to create a custom task sequence to fix all the clients.

Using file inventory, I managed to create a collection query that listed all the machines containing the agen-xuv.ide.

I then advertised a task sequence that ran:

net stop savservice

It then deleted said file (several caveats for differing install locations, x64 etc.)

net start saveservice

ALUpdate.exe" -ManualUpdate

This filtered through and cleaned 6k worth of clients in about 2 hours. I'm just glad I have VPN and RDP on my massively oversized Android phone. I had 90% of the solution in place while I was still on the bus to work.

Our poor email server is another matter - thankfully, not under my care!

Windows 8? Nah: Win Phone 8 should give Apple the fear


All fanboi-ism to one side...

I held off getting a smart phone for a very, very long time. Firstly it was the data plans/contracts. A smart phone is just a very expensive (and bulky) phone if you can't use a data connection, so until infinite data contracts fell into line, I wasn't interested.

By which time, WinPho7 was on the horizon. Being a sysadmin of a largely MS estate, the idea of having the same OS on my phone as my managed network appealed greatly, conjuring dreams of vastly improved integration and manageability. As any sysadmin will tell you, mobile devices have steadily encroached into our lives like an unmanaged viral outbreak. Blackberry doesn’t go as far as we would like, and Apple are just a joke for Sarbanes–Oxley.

WinPho7 also appealed on a home level, with aspirations that my phone would seamlessly tie into my homegroup, unifying my media and communications experience

When WinPho7 arrived though, the reality fell far short of the dream. It is NOT related to Win7, as we all know.

So, I plumped for Android for my personal choice, and our corporate mobile policy rattles on, muddled and semi isolated from the rest of our infrastructure.

While I do really like Android on my HTC Sensation, I’ve already seen the adverse affects that market fragmentation has had on Googles OS. The problem is that the end device specs vary wildly. I wish I’d held out a little longer, and got the One X, like my friend. Ever since installing the Ice Cream Sandwich update, response times have been just a little sluggish, and occasionally grind to a crawl when too many apps get left open. On the other end of the spectrum, it seems that there are a great many apps that could have had a little more polish, but you get the distinct feeling the developer was going for compatibility with lower specced models.

I loath to admit it, but side-by-side, the facebook app on IOS is just that little bit nicer and more responsive, and this loses me vital bragging points down the pub against my much loathed apple touting comrades.

Two things in my mind make Win8 stand out. Firstly, it is essentially the same OS that desktops and laptops will ship with, so should tie into a server 2012 domain very nicely. Obviously optimistic speculation, but in theory, group policy management, centralised updating, and unified message integration should be as easy to manage as the desktop estate. In the home, MS have already done a wonderful job of making Win7 home computers play nicely together, so hopefully they’re planning to up the game even further in Win8.

Secondly, MS have chosen to tightly control the hardware specs. While this does reduce opportunities for innovation, it makes the lives of app developers a whole lot easier, and should in turn mean a smoother, slicker experience for the end user.

It’s still early days, and much dust to settle. While some commenters have expressed their scepticism about how much influence this legal wrangling will have, it is not the only variable on the battlefield. MS have got a lot of catching up to do, but they have a lot of promise. Perhaps while the two giants are fighting, it will give MS enough elbow room to push ahead?

Apple urged to defy China's one child policy


I can think of a solution.

It's even green. Soylent...

Thanks ever so much Java, for that biz-wide rootkit infection


Re: Lets not just blame java here

"In how many other OS's could a virus get in through a NON priviledged account"

The OS did NOT let the virus in, the JVM did. If I remember correctly, the last worm to successfully exploit a Windows vulnerability to actively spread from one machine to another without user intervention, was the Blaster/Sasser worm. Even then, I was running a school at the time, and although the Blaster successfully exploited the RPC vulnerability, the students machines were so heavily locked down via group policy that the process elevation attempts failed due to certain services being disabled.

There have been activeX exploits, but any sysadmin with half a brain can lock this down using the internet zone group policy settings.

Since then, almost all viral infections have either used social engineering tricks, or the unholy trio. Acrobat, Flash, or Java.

The Windows platform of today features ACL control over Filesystem, registry, and active process utilisation of such granular detail that it far outstrips any nix variant. It features Address Space Layout Randomisation that is superior to that offered by Linux or OSX. It has a very capable firewall built in and enabled as standard. Almost all network traffic is PKI encrypted by default. Hard disks can be hardware encrypted to FIPS 140-2 compliant levels.

But, a chain is only as strong as its weakest link. The problem with the MS platform today is not the underlying OS, but the plethora of badly written software that requires diligent sysadmins to punch dirty great holes in these security features to make them work.

And running any platform without some antivirus software is reckles at best, idiotic at worst.

Why Java would still stink even if it weren't security swiss cheese


Java is an elegant language on paper

But the VMs and general implementations are shockingly bad.

I've managed a fair few IT systems within schools in my time, and therefore have been introduced to "educational software". From what I gather, this term means "The developer is trying to educate himself in basic coding practice". And is usually sat at the back of the class with a dunce cap on his head.

Yes, you guessed it. Out of all the many appalling, steaming piles of useless code that crossed my desk, the worst examples always contained large chunks of Java. It doesn't even matter that much if the developer has some semi-decent skills, as Sun/Oracle will manage to screw it up with the next release.

I totally agree completely with foo_bar_baz. Because of its inevitable unreliability, java should always remain within static environments like a printer BIOS or on a server.

New nuclear fuel source would power human race until 5000AD

Thumb Up

Re: Do we need to talk about radiation?

Thankyou sir for that truly epic Godwins Law reference!

I spat my coffee clear across the desk!

Radioactive Hitler! We're doomed!

Deadly pussies kill more often than owners think


The reason they leave the liver/kidney

It's the same reason they can be so picky about the food they eat. Their upper palette is extremely sensitive to amonia, which is given off by decaying and potentially harmful/poisonous meat.

Cats are truly magnificent predators. They are one of the few species on this planet whos digestive tract is optimised purely for a carniverous diet. You'd be surprised how many "carnivores" or "herbivores" that can actually eat alternatives. Even pandas show a preference for carrion when they can find it.

Their entire body is optimised as the perfect predator.

Hearing with directional/distance location accuracy only suprassed by the barn owl.

Natural camouflage in their coats.

retractable claws and soft paw pads allowing for incredible stealth.

Vertical slit iris optimised to detect rapid horizontal movement.

Reflective retina for night vision.

To name but a few evolutionary specialisms in one of the most successful mammalian predators on the planet