Posts by Lee D 4797 publicly visible posts • joined 14 Feb 2013
I find targeted ads so incredibly irrelevant that I actually started collecting examples.
I once had, on a Linux site, talking about Linux things, discussing Linux in depth, while running from a browser running Linux... an advert for a child's gymnastic leotard.
I honestly cannot fathom what kind of targetting gave that.
So all we have to do is keep asking the same question multiple times unti it gets it "right" in our view (which we can only verify from other actual sources ourselves), at which point we stop asking and just accept its answer?
Cool. Can't see any problem with that methodology at all.
... and not one of your service tiers is profitable, and most of your users don't even pay you a penny, and you're in a hardware-heavy area, and commited to insanely huge purchases that have affected global markets, then even ads aren't gonna save ya.
I get this all the time.
I don't even use spell-check or grammar-check, I hate it. Not because I'm perfect but because... it's wrong far more often than I am. It wants to reword sentences that I don't want reworded. If you're writting narrative and slip in some deliberately poor grammar or shorten some text ("a'right, luv") it's because you WANTED to do that! Many places try to "correct" my British English to American English (feck off!), and I seem to use a lot of words that are NOT in most dictionaries. Things like "github" and the like.
I asked our helpdesk provider to NOT suggest that my team use AI to respond to tickets automatically or have AI "summarise" (with an S!) tickets for them. It was an uphill struggle to get them to put in an off-switch.
I don't want code-completion in my IDE... unless I ask for it. If I half-type a word and press a shortcut key for it, fine. But otherwise I don't want lists of nonsense suggestions flitting round the screen as I'm typing, especially when they suggest ridiculous completions, and ESPECIALLY if they do that thing where they auto-complete what you're typing and move you onto the next word before you're finished, so you splat the rest of the text into a nonsense repeat. It's like trying to just type code out while being interrupted by an ADHD child trying to complete all your sentences as you're halfway through speaking.
And the crux of the matter is: Not only do I not want to use it, but I don't want it to be in my software at all. And I don't want to pay for it. It's THAT USEFUL to me, that I actually want it disabled or just not present whatsoever. Same for voice recognition. Same for face-unlock. Same for "I'll search all your storage for that file starting with A" because I started to type "A" as part of a filename in a file dialog. Same for all kinds of stuff. If you insist on bundling it, give me an off-switch for it.
Even AMD drivers are now starting to bundle a local LLM install to "help" with their software. 6GB of LLM running on your machine in case you have a question about your graphics driver. Just.... no.
There's a reason that my Christmas present to myself was a Framework laptop so I could run Linux as an officially-supported OS on some new hardware. My computer is fantastically BORING again. It just does what I tell it, and what's absolutely necessary, and nothing more. And not once has it tried to engage me in conversation.
Because "Windows applications", we're fine with.
It's "Windows the OS" that we all hate because it's an atrocious mess nowadays.
I don't care what Windows, the OS, wants me to do. I just want it to load up my .exe file and run it.
On Linux, you can do that.
On Windows, just something that simple can be an absolute mess.
I have no problem with closed-source programs (some of my favourite freeware is closed-source, Windows-only binaries!). I have no problem with running the Windows version of a programme. What I have a problem with is... Windows, the OS, including the start menu, the horrendous updates, moving all the settings every version, the horrendous "search for everything" mentality (it means I need to know the exact name of what I'm searching FOR, for a start), not being able to move the taskbar, forcing Edge and Copilot onto my machine against my will (even intercepting my searches to do so!) etc. etc.
Every problem I have with Windows is nothing to do with the apps (in fact, I insist that Copilot should be NOTHING MORE than an app you install from the store, just like Edge), it's to do with the way the OS makes you work. I have no more time for Windows (the OS). Not one second.
But if I want to run an old Win32 game or a piece of Windows freeware or even just a game on my Steam account... then the OS is irrelevant.
Bought myself a Framework laptop for Christmas. Went for the one with an nVidia graphics card in it.
Technically, it's perfectly capable of running Windows 11, etc.
I installed Ubuntu on it.
I installed Steam on it.
I installed my games on it.
And, I have to say.... it's so BORING. Things just work. Double-click and the games just play. At ludicrous speed (it wants to run everything at 2K @ 165fps and you know what? It just does. And barely even ramps up the fans to do so).
One irony: Wanted to transfer some files from the old Windows 10 laptop I was using. Which had been offline for precisely 2 days at that point. I had to wait 50+ minutes while it applied updates repeatedly (5 reboots) before I could use it.
While it was doing that, I realised that I'd made a mistake installing Ubuntu 24 LTS (the Framework needs a slightly newer kernel and they DO tell you this, I just didn't read it properly), and did an in-place upgrade to 25 instead. This took - no exaggeration - about 5 minutes, during which I just carried on using the machine entirely as normal. Then it prompted me once to reboot to complete the upgrade... entirely at my discretion when, or indeed if, I ever did. Rebooted. It just worked. And then I was still waiting over 45+ minutes for the Windows machine to apply whatever updates it deemed necessary after 2 days of being off.
Boot from fresh? Seconds.
Resume from standby? Instant.
Login from the login dialog? SO INSTANT IT'S JUST NOT FUNNY.
Honestly, it's good to be back. I once spent 10 years with Slackware as my primary desktop and, yes, I miss it. Forced Windows 11 junk made me turn back to that path, and then you realise quite how much you've been "tolerating" on Windows all that time.
And one of the first things I did was run my games via Steam/Proton, and run some favourite freeware via Wine/Winetricks. It just worked.
I don't claim it's perfect. I'm sure there are problems out there waiting for me to find them. But, you know what, I will actually look forward to solving them because at the moment the expensive shiny new machine is just... boring. It just works.
(Hint for future adventurers: ABSOLUTELY ignore anything to do with snap packages, they are inherently out-of-date, buggy and can't be upgraded. Don't install Steam from the Ubuntu store. Install it as Steam tell you to - download the file from their site and just install it from there. Same for everything. Every "snap"-installed package was buggy and out-of-date and I had problems with. I went back to "traditional" .deb etc. packages and never had a problem again.)
Working for a school which was in "special measures" for student behaviour and it was in the process of being taken over by one of these superheads (the scam behind them is too big for a single Reg post).
Anyway, one of their first decrees - you will merge the IT department with 3 other sites, you'll buy what we tell you and you'll buy this "new" remote virtual workstation system.
After we saw them off on the merger bull (by being able to outperform their "experts" in literally every metric they could supply us), they made us trial this workstation thing.
Basically, an early Linux-based cloud virtual desktop. Unfortunately for them, I knew Linux inside out.
They were claiming that it would "run everything" (via Wine) and it would all work... INCLUDING our workstation security software. Yeah, that AD-integrated, Windows-specific, lock-down-your-logon-screen, impose permissions on Windows applications, etc. software is just going to run unmodified on Linux and push the same settings... sure... that's gonna happen.
Anyway, because I knew Linux far better than anyone else in the department I was asked to trial it and come up with a list of issues. Which I did. Including things like "You're illegally using the Microsoft Office icons to load OpenOffice applications" and all kinds of other problems.
But the biggest problem came to light when the company said that I hadn't supplied them with a list yet.
"Yes I have."
"No, we haven't got it."
"Okay, log into your Linux server that's running all this system. Go to your root home folder. Look in there".
Yep... the permissions on the LIVE SYSTEM (it wasn't a demo system, they'd created a user for us already on their live system that they were making a bunch of other schools use and pay for) were so lax that you could just get a terminal, cd up a few folders, see ALL their users at ALL their sites, and even pop into other school's folders, play with configurations, and... yes... put files into the root home folder.
I'd left a text file in there with a laundry list of about 120 items, including the above, that they'd need to fix before we'd even consider touching them.
Whoops.
The ultimate irony came when all that was shoved to one side and we were NEVER asked to deploy that software (gosh, the owner was... a golf buddy of the superhead... strange that), but they stole our kids for the day to take the system to BETT (a UK educational conference) and have them "demo" it by just sitting on it and playing it. Not only had the kids never seen it, but we were never going to deploy it at that school anyway and they didn't use it, but they were made to pretend to. Instead, the kids compromised it within an hour, and then they were all telling the people at the conference how crap it was.
Strangely, that company is dead now but I bet they made a lot of money from those kinds of deals before they went bust, and I bet the owners and shareholders (including the superhead) pulled out before it collapsed.
There is/was a major school MIS provider who provide a feature within their software which, when used, executes the given command as a plain SQL statement against the underlying main school database as a full administrative user.
I discovered this one day at random by being sat in someone's office while they were troubleshooting a minor pupil-data error in the database and they were instructed by the software support line to enter this menu, and I heard "DELETE * FROM" as it was read over the phone to them and they repeated it back as they typed.
I was horrified that their support staff were instructing otherwise ordinary users to type plain SQL direct into a dialog that was then EXECUTING... including, I found out when I dived over the table to take the phone from, things like dropping tables, changing schemas and removing rows.
And there were no logs of this, no controls on it, the support staff reading out the commands were oblivious to their actual danger (just reading off a script for a given problem), they were then getting users who knew nothing of SQL syntax to type this in over the phone, and there was no attempt to ensure backups had been taken (this was on-prem!) and no attempt to even enclose the statements in a transaction.
The next year we went cloud because... they can sort that out when it all goes horribly wrong, I'm not taking responsibility for it!
Whenever I use the e-Passport gates they can never recognise me.
And that's with me saying "I am this person", "I look like this" (by supplying my passport) and then it being in specially-chosen lighting conditions on a dedicated device.
So, honestly... go for it. If it works, maybe sell the tech back to the airports.
I suspect, however, that it will generate so many false-positives with a database the size of the UK passport database that it will be basically worthless and result in a bunch of wrongful arrests.
My OS is already not just an OS, and already far too much "not an OS" at it is.
It's why my next OS isn't going to be Windows.
Back to relive the days when I ran Slackware for 10 years on my main desktop because, quite literally, the other OS did not want to do what I require of an OS. Which is to offer a selection of my chosen applications, and then get the HELL out of my way.
The Foundation's resources are SHITE for teaching unless you're already an RPi (and other electronics) expert.
Sorry, but it's always been true.
25+ years working IT in education, and no matter how many times you give that stuff to even ICT teachers, they don't consider it of much value at all.
Okay, so I "beta" tested the RPi 1 back in the day, and my kit was used to help diagnose the early USB/SD bus-sharing problems directly with Broadcom.
The early ones weren't AMAZING but they were still pretty good.
I now run my house from a rack full of Pi's, doing all kinds of jobs, and have no association with Broadcom/RPi. In fact, Pi 5 will likely be my last due to commercialisation and selling out (not the original purpose).
They are incredibly stable and very low power. A rack full of them runs off my homebrew solar setup and costs nothing to run.
And they're running everything from Plex to HomeAssistant to BirdNet-Pi to tvHeadend to Traccar to FlightAware to RTL-433 (three of them, pulling in different frequencies for different purposes including home-automation) to netboot.xyz to Apache to DNS, DHCP, VPN, etc.
They're pretty bulletproof.
Now you can criticise them for the shit that was "this is for education" (I work in education, they've never given a damn and their resources are worthless for teachers). You can criticise them for still running with pathetic RAM capacities and increasing prices (sorry, but going DOWN to 1Gb is ridiculous... they really should just make nothing less than an 8Gb version nowadays), for selling out to industry (so much stuff is just a Pi in a branded box nowadays, and they always prioritise stock to those rather than to the hobbyists that helped launch them, it was almost impossible to get a high-memory Pi 5 for over a year), for failing to care about any other OS than Raspi (Ubuntu - any version - still can't run the DVB-T hat reliably because it doesn't bundle the correct kernel driver and NOBODY has fixed it for years now), etc.
But the kit itself? It's pretty reliable and stable now.
Shame is that it's getting too expensive, and obtaining the one you want is often difficult. My next may well be a clone in the same footprint and then starting to replace the Pi 2, 3, 4's that I still have in active service (and several Pi 1's that work just fine but just aren't powerful enough nowadays).
Always been the case.
Though, to be absolutely fair, the licences permit that. So it's hard to say that the companies are doing anything wrong.
It's like putting out a sign that says "Help yourself! No charge!" and then getting annoyed that people just take things you put out there and ignore the little honesty-box that you put out there next to it.
They still haven't managed IPv6 yet, despite over a decade of "it's coming soon", and yet still keep writing articles about how the world's going to end unless websites get on board and support it.
The sad fact is that, I suspect, almost all tech journalists aren't actually that techy. And I suspect that may have been true for longer that I would like to admit, for all those decades of reading ZX Spectrum magazines right up to the PC Magazine and PC Pro tutorials I used to hoard.
£430,000,000
There are 1,115 ASDA stores in the UK.
That's £385,650 per store, thus far.
You could have literally just gone to any other provider and said "Hey, give me a new system" for that price, and put on-prem servers in literally every store and rebought every POS system in every store in the country.
Hey Microsoft, can I have $10bn for my solution please?
Use a constant in the code, e.g. STRING_FILESYSTEM_ERROR_43287.
When you want to print that message, you use that constant.
Have a bunch of separate files that define that constant for each language and/or can change that "constant" on the fly if the user is switching languages. Like a variable.
At no point then do you have to reference the original English string ever. You just reference the constant.
If you need to update the English, or the Guatamalan, or whatever translation... you can do that at any time without having to keep reference to what it used to say, and neither do you have to lock down the translation in perpetuity in order to keep track of it.
Hell... you could keep the translated files in something like a .po file....
(Seriously: What a dumbass way to handle translations).
I'm still waiting for Ubuntu (from the official installer) to support the DVB-T hat (the official product) on the RPi 5 (official product) properly.
In other RPi OS, it "just works". On older Pi's it "just works". On Ubuntu (any version whatsoever in the last few years) with a Pi 5, the DVB-T driver just crashes and from that point on it can't tune or do anything and just spams dmesg logs with errors.
Everything I find tells me "Oh, it's fixed, oh no it's not" and basically just says don't use Ubuntu.
It's a kernel module driver problem, but Ubuntu can't be bothered to actually fix it with any official update even on the latest supported LTS versions, etc.
I once did something similar.
We were required to move the servers from one electrical circuit to another while some work was performed to bring in a new electric line into the server room (ironically, to prevent downtime).
As this would mean significant downtime while the work was completed, and as I didn't want to have to deal with the fallout from users and even the bosses that had ordered this new electrical line, I came up with a better solution.
I got a long extension lead, and a long patch cable.
Due to the magic that is LACP and redundant power supplies, I was able to plug in the server from quite a distance into a distant room, then remove the old cables one by one, then move the server, then plug the extra cables back in in the new location. Rinse and repeat.
I was aided in this by the fact that the cabinet was a very nice IBM-branded wheeled cabinet (the servers weighed an absolute ton), the server a very nice and highly redundant IBM blade server (4 PSUs, and it could run on just one), that the rest of the power was up (and I understood cross-phasing but was very careful and with redundant power supplies and a UPS in between one of them, it wasn't an issue - the servers basically only see the resulting DC current), and that all switches were LACP capable and the server had been configured to LACP all ports when first purchased (foresight for the win).
Once the electrical work was complete, we reversed the procedure and put it back where it was supposed to be, zero downtime.
I still love that, in 2025, explorer just freezes/hangs if you have a network path that's unavailable ANYWHERE on your drive list.
You'd think that kind of stuff could have had a separate thread farmed out to check the connection and the explorer window say "Loading...." or something while it did but still remain otherwise responsive but no... we're just going to hang up all explorer processes (including file save/open dialogs) until we ascertain that all mapped drives are online, spinning up the storage unnecessarily, even though that's not what the user is looking at, and we're not going to let you do a damn thing until they are.
Honestly, it was kind of forgivable in Windows 3.1. Windows 95 should have fixed it. But here we are... in 2025... and it STILL does that.
And UK law, particularly, states that a customer should never pay more in interest in the entirety of such a finance contract as the original loan amount.
So once you'd paid enough months to have bought ANOTHER handset, they were breaking the law to keep applying that interest.
(Yes... if you're in debt... and you've paid 100% of the original cost out in interest again on that agreement... the loaner is required to cancel the debt.)
My university back in the day had a leased line, while I was struggling along with a 56K modem at home (and they were only 33K upload, remember).
I used to go into university out of hours and at weekends sometimes, download everything I needed, and then bring it home on floppy disks (pkzip span commands are etched into my brain) and later ZIP disks (because the university computers all had ZIP drives for some reason).
This was fine but, increasingly, I was running out of storage and I would have to download things there and then, zip them up and then get them off my account. So I would spend far too much time out of hours trying to download what I needed just to take it home. What I wanted to do was download stuff throughout the week while I was already there, and then take them home the weekend. But...
After a while, a bunch of emails were sent out to students where they said they were monitoring disk usage to save costs (the implication was that there was a direct link between disk usage and people downloading, etc. too). I didn't want to get caught out by that, so I moved everything off my storage as soon as I could. The emails started to come every week and listed the top offenders, who would get spoken to. Then I noticed something. The warning emails were sent at a very particular time and included enough information to determine the time at which the scan had taken place.
So now I knew when NOT to have data sitting on my account. So I was able to ensure that I never had much space being used.
That worked well. But it was then that I got greedy. My elder brother had gone through the same university and had, at one point, been given larger allocations in anticipation of studying there further. But he didn't take it up. He told me his username password and... yes... I was able to FTP into his account. I have no idea why it was still allowed to be active, but it had unlimtied storage. So I added almost unlimited storage (at least, for back in the day) via that. It was still subject to the flagging, but I purged it before the scans took place each time too. But it meant I could spend all week downloading stuff, shoving it through my account and my brother's, and then on the evening/weekend come in and do NOTHING but copy it all and delete it.
I did that for the whole of the 3 years I was there. Was never once flagged. Must have used INORDINATE amounts of their resources for just one person. And I bet they were scratching their head where everything was. Management tools for networks weren't great back then and it would have been difficult to narrow down the networking usage, or analyse the traffic, and without knowing when/where to look, they wouldn't have seen the storage fluctuating, especially shared across two accounts.
Never got caught, and still have a huge binder full of CD-R and DVD-R's that I burned of everything I downloaded.
I'll say it again:
If you're running products anywhere near their EOL and don't have a full and tested migration plan already in action (up to a year or more before)... then I'm sorry but you're simply not cybersecurity-compliant, I'm amazed that your insurance companies would bother to cover you, and you're really failing - as a business - to stay up to date, plan and secure your business-critical systems.
There is no excuse. This will never stop. You will need to keep doing this over and over and over again until the day you retire, and then someone else will need to keep on doing it. Every 3, 4, 5 years. Every year in some instances.
So I have little sympathy. I mean, none of us WANT to have to upgrade everything all the time. It's messy, costly, breaks stuff, and the NUMBER of arguments you have to have with finance department, etc. are never-ending. But you can't NOT do that now. Those days have passed. Still running some air-gapped thing from the 90's? Then you're on your own. But still running obsolete Office / OS on Internet-connected computers with access to business critical data used by ordinary users? Sorry... no sympathy. And I would not want to be the person insuring you against a cybersecurity incident.
It's just not acceptable any more. Upgrade. Or keep VERY quiet, cross your fingers, and accept the consequences of that decision.
Early MPEG cards did the same. Is this really "surprising" to anyone?
The early RealMagic MPEG decoder accelerators, and even WinTV cards, and some early GPUs worked in this exact way.
Show a particular colour. Have the video-out signal loop through the accelerator card... that card replaces any purple/green/whatever pixels in the image with the video stream it's trying to render.
0% CPU usage, the accelerator card does all the work, no complicated software or trying to pass more info down the very-limited ISA/PCI/VLB bus speeds of the time. With the advanced ones, they even detected the size of the overlay area to replace with video, and resized the video to fit (so I could resize my TV window to be in a tiny box in the corner of the screen while I got on with other things). The "TV app" was basically just an always-on-top purple window. You could just use Paint to do the same, or even a large box inside Write/Wordpad/whatever.
I've seen cards with literal VGA In/VGA Out that work that way, ones that used PCI bus mastering and DMA to do it, etc.
Pick up any old RealMagic or Hauppauge WinTV card and they work this way. I think early Voodoo's worked this way too.
Literally how I presented cybersecurity to a school's management, staff, etc.
We can't defend against it. We absolutely cannot. We can do some stuff but so much is just generic computing nowadays that I'm far more reliant on staff not clicking an email than Microsoft not screwing up the system. Our security is literally in the hands of untrained random people.
We can only hope to "outrun the other guy being chased by the bear". That's it.
If we were ever particularly targetted... we're dead in the water. Even our cyberinsurers agree on that. All we can do is hope to stay under the radar, not give off "we have dumb IT" vibes on our websites and services, and cross our fingers.
The only real solution is a return to actual, limited, permissioned IT. You want to add a student record? Press 1. You want to Edit? Press 2.
If you don't limit the interface, but instead every doughnut is running a full Windows OS with a thousand apps and programs, with access to huge Sharepoints and OneDrive and clicking on thousands of emails in a program that automatically opens them in whatever it feels like.. it's already game over.
The old terminal system I used in an international haulage firm 30+ years ago as part of my work experience was infinitely more secure than anything we have nowadays. You could only press certain buttons. You could only do certain things. You could only do that from certain locations. It worked. Everyone had what they needed and nothing more.
I remember them - at the time - trying to show off their new (Windows 95/98?) machine and how it was the future of their business and even as a geeky kid back then... I was thinking, that's not a great idea. So now everyone is "running as admin", everyone can modify all files on that drive, and it's full of nonsense like Active Desktop and loaded up with games, etc. I honestly had to do a kind of "Yeah, that sounds... interesting" thing when they kept crowing about how wonderful it all was that they would have different desktop backgrounds etc. And all I could think of was the number of times that my classmate and I had compromised my school's 3.1 / Netware / 95 network repeatedly with some stupendously simple things (literally "admin-rights" on Netware and complete control of the machines... I'm not joking).
Sorry, but general purpose computing and cloud computing too... they are basically just huge great bullseyes on all our backs. We're not going to get away from that. It's like trying to lock up a prisoner who is allowed to do anything they like, and roam anywhere they like, and interact with anyone they like, and bring in any visitor they like...
I used to do a Friday Funny email at a previous workplace. It was a rather harmless "X said something funny" kind of thing, if there was anything that had happened worth telling that week.
It got a good reaction and people enjoyed it.
I stopped because after a change in management people with absolutely zero sense of humour clearly didn't want a single non-business email being sent whatsoever.
The same people who stopped a trade magazine subscription that was put in the staffroom, who took a television out of the break room, who turned Christmas lunch from an amazing community event with everyone dying to go to it (crammed in against each other elbow to elbow), in lovely surroundings, with great food, party games, music etc. into "there's a chip van in the yard, you only get something if you pre-booked on Google Sheets", the same people who basically destroyed any sense of humanity in the place. The same people who literally told me off as a manager repeatedly because - on their/our break! - a cleaner would come to our office by choice because he loved socialising with us. They literally tried to dictate who could come have a cup of tea with us when we were all on break. (I responded appropriately to this, which consisted of building that small 3-person quick tea into a gathering of 5-6 people including some senior management and utterly ignoring the repeated instructions to disband it). Oh, and that's not forgetting all getting invited to a huge posh "glad-handing" event with clients, on a Saturday, where they were charging £150 per head. Including staff. Yes, charging staff. Some of whom they said attendance was compulsory. And then they stuck ALL the staff on a table out the back where they couldn't be seen, and made them clear up after everyone had gone.
Oh, or the time that someone was leaving and NOBODY liked them (and they'd only been there five minutes) but the employer told everyone that they were going to take £10 out of their salaries to pay for that person's leaving gift and it was "opt-out" not "opt-in". Literally everyone opted-out. Sorry, but you're an employer. Why don't YOU put £10 into a budget every year for each employee so that you can afford to buy them a leaving gift when they go.
Oh, and the time they literally HIJACKED a social event that I created because THEIR social event was entirely unplanned and they only realised when they didn't have time to plan it, and my little "gang" (as they were referred to) had decided weeks before that we really didn't want to be part of their nonsense so we organised our own private thing instead. And then they literally invited the staff to it. They invited everyone to OUR private event. And *then* complained when it wasn't what they wanted it to be and that I shouldn't be allowed to organise "next year". Don't worry! I didn't organise THIS year. Not for you guys, anyway!
Oh, and the time their longest-running member of staff retired and they literally couldn't be bothered to give them a decent leaving gift so they tried to hijack our leaving gift (we'd had film photos taken and developed of the entire workplace - not easy in this day and age! - and spoken to the person to get all their memories and take photos of all the people they liked, and all the places those stories took place, etc. and had it artfully presented). I told them to get lost... they weren't hijacking our PERSONAL gift to this specific person. I literally withheld our gift until after they'd done their little leaving do. Which was a dozen people, most of whom didn't know the person, a quick drink, presented her with a glass bowl (found in a cellar as an unwanted gift that they'd tried to give one of the previous bosses years earlier), and then everyone back to work.
And then they had the cheek to repeatedly complain that nobody was willing to attend social events, that the friendly culture of the place was disappearing, that people weren't networking enough, people where going home at the exact time their shift ended, etc. etc. etc.
I've honestly never seen a friendly work culture so meticulously dismantled piece-by-piece and then the result complained about.
No different to now.
Most deployment systems consist of some WinPE systems (often of an older and more basic version of the OS) booting in order to run the installers in order to install the newer version.
Whether that's PXE or disc or USB or even driect off the net... you're basically still doing the same now as you were then, and have been since the days of WDS.
But apparently, I "don't know what I'm doing" and their "expert network team" were geniuses. The same geniuses who trashed our SAN in the middle of the day by stomping over IP addresses on a reserved subnet, the same geniuses who couldn't deploy a webfilter onto a Chromebook over WEEKS and said - quite literally - that it was impossible to do with the kit that THEY THEMSELVES had bought, and implied it wasn't possible with any kit. They said they'd never seen a project "so set up to fail" and basically accused me of sabotage (again!). (Presented with this fact by my boss, I took out a fresh Chromebook out and configured it in five minutes in front of the senior management and showed them that it was working... they took it away and confirmed it themselves and presented it to the MSP who were forced to admit they were wrong). The same geniuses, in fact, who remotely booted our in-house team out of remote desktop while we were working on the servers, logged in themselves as the user we'd given them, and for some insane reason decided to APPLY all checkpoints on the VM cluster. Not delete... not housekeeping... not tidying... they APPLIED them. Without warning, reason or permission. Rolling the entire network back months in the middle of the working day. Then denied it. By which point I was already on the phone to my boss telling them what I was watching happening as we spoke and they came and witnessed it. Restore from backup was required. Of the 2-node S2D cluster that they'd forced us to migrate to. Oh, with 1Gbit networking that was run off the motherboard network port, which then failed.
But apparently... little old me, with my strange ways, and my lack of certifications (just a degree and 25+ years experience) was the dumb one who just "didn't understand anything" and their "expert dedicated teams" for security, networking, servers, implementation, etc. did. I wasn't "trained" like their teams of experts. No.. I just built and ran the exact servers they were lecturing me on using, I just designed the network and told them exactly how and why it worked and watched them fail repeatedly. I just realised that if you have two paths to the Internet, then you need to cover both. And so on.
So after we'd dropped some £200k+ on these idiots, they were finally let go after an absolute screaming match where they decided it was a good idea to yell at our only senior management who understood IT and had been brought in specifically to mediate and clear up the confusion (i.e. me telling and demonstrating that these people were idiots, and the MSP playing their roles as idiots perfectly). He calmly replied things like "No, that's absolutely not true, though, is it? That's not how it works, or could ever work." (on technical matters) which basically convinced the entire senior team that actually I'd been right all along.
I asked for a reasonable raise. Was denied. Got a 20% raise elsewhere within HOURS. Went back to them. Nothing. Quit.
I hear they're now employing another MSP, under the charge of the senior manager who had a clue about IT. At significantly more cost than ever before. And they have had to seriously dial down their expectations of the network that were given them when I was running it. You think that a tiny team of in-house staff running EVERYTHING with response times in the minutes was your problem? Okay, see how you deal with an MSP with 40 staff that won't even respond to a ticket same-day most of the time, and who just pass stuff off or back saying it's not to do with them all the time.
Little ol' untrained me. Now working at a bigger place, earning more, actually working less (hours, holidays, systems that were budgeted for appropriately, etc.) and under comparatively zero pressure, with no sign of an MSP (and no intention to get one).
My previous employer decided that they wanted to bring in an MSP.
We were INCREDIBLY understaffed and this was their solution to "Well, actually, you're just too busy to spend time babysitting the boss when he can't open Teams, so we need more" and rather than hire, they decided to try to get an MSP. With an unstated and repeatedly-denied purpose of replacing in-house IT, I'd like to add. It was so blatantly obvious.
Anyway, they brought on an MSP, despite my objections, and that MSP proceeded to lecture me on my job, and claim to know better than me about everything, and tried to take over everything (it was clear that their brief was "take over the IT" while that was always denied in meetings, etc.).
So... I let them. Not without objections, and clarifications, and pre-warnings and I-told-you-so's, but I let them do it.
It turned out hilarious.
One of their "network team" (they had a "team" for everything, but those teams were always busy with whatever they did, which meant that the slightest query always went back to the MSP, lingered for days, then came back half-hearted with no time spent on it, a bill for doing that properly, and "no, our other guy you're paying can't do that, it has to be the network team") literally lectured me on NTP servers. One of the most trivial and relatively unimportant things ever... we had no need of time sync beyond basic domain operations. But they decided we were "wrong" with our "non-standard" deployment, because we were using a local NTP server and one of our remote NTP servers was one they hadn't heard of.
What they failed to take account of? The local NTP was a literal Bodet NTP radio clock sync device, the kind used in stock exchanges and railway operations. It was designed for site-wide sync and someone (*cough* me *cough*) had bought it as part of an all-site tannoy-like system because it synced time for free to all the units, used GPS and radio for timesync, and provided a local network NTP server that was certified to some ridiculous accuracy. We never needed it, but it was already there and cost us nothing... why not use it?
No, apparently, we had to use time.windows.com.
Then they argued about the remote service and demanded we replace it with NTP Pool servers. They gave me some huge bluff piece on it, and there was a LOT of time wasted on this, especially for something that we absolutely did not need. That's why they tried to lecture me on how NTP works and why the pool was better, and how to configure our NTP. In the middle of which they specified settings which were both insecure but also... that included a particular NTP pool server (in an incorrect way to address it, I'd like to point out). I let them argue with me some more. Then I told them. That's my server. It's literally mine. I operate it. I joined it to the pool. It's been there for over a decades. It's one of the more reliable in the pool. It handles more NTP traffic than the entire commercial network we were using for that employer. Every day. It's literally my personal server that I operate outside of work. You're telling me to use MY server. Then you're telling me how MY server is configured and how it works and that I should use it.
And the fact of the matter is... we already were, via the use of NTP pool. They just didn't understand how it worked.
I had similar run-ins with them on all kinds of issues. They replaced our perfectly-functional intra-site VPN with one that literally didn't work. I know why it didn't work. I told them. I had even pre-warned them, and dropped hints at every opportunity and told them explicitly half a dozen times. But their "network team" never understood that they had to route additional subnets over the VPN or those subnets wouldn't work on the remote site. They were trying to pretend they could interpret Wireshark traces. They were trying to pretend our networks were undocumented (I literally pointed them at the existing, working configuration in plain text). They were trying to pretend that we were doing something completely impossible (It's bloody working already!!!!!). Etc. Etc. But if you don't route those additional subnets over the VPN... then the VPN isn't going to bother to route that traffic.
Everything on the main subnet... fine. Everything on another VLAN/subnet... never transited the VPN. Access control stopped working. Telephones. Printers. Digital signage. Anything on another subnet didn't work on the remote site from the second they put in the totally-unnecssary VPN of theirs. The irony was... their VPN box was literally just a VPN box. To operate, it had to sit behind the routers at each site that... had been running the VPN between those sites. So we had had to turn off the VPN functionality on the router, install two expensive boxes behind them, configure port-forwarding etc. for VPN ports on both ends, and then have the boxes route the VPN traffic... badly and incompletely.
After six months, my employer got tired of the constant arguments and people complaining to me about stuff not working at the remote site (and I just filed tickets with the MSP... not my problem!) and told me to back it out. Ten minutes later (I had saved the config), the VPN worked and all traffic routed properly and we threw away the VPN boxes they'd made us buy. I mean... I had literally told them what was necessary and told them that we routed several subnets over there... not once did they ever put in any additional config to route those other subnets.
Similarly, they installed an new high-availability router device. Massive, expensive rack-mount thing. I asked how they intended to deploy it. They said it had to sit directly behind the main gateway. Okay. Well... we have two gateways, you know. Because we have two leased lines to the Internet for redundancy. And we use both in failover. They said it had to sit directly behind the main one. But what happens when we're in failover? We get no internet, that's what. Again, "the network team know better than peons like you and they've spent months designing this and you're just a guy we intend to put out of a job".
(shrug). Okay.
Because of power and other problems, that site would failover about once a week. There was a reason we had two leased line, two routers, at either end of the site, on independent power supplies. So within weeks, it failed over to the other device. I asked why it wasn't working was still in place. But obviously they couldn't contact their device. Everything else was still working (because we designed the network to work like that, and they were well aware of that) but the router was now entirely out of the loop, sitting on a dead gateway. Worthless.
There were MONTHS of that. Literally MONTHS of accusations flying around about how we must have turned it off deliberately (I honestly didn't need to sabotage the idiots, they were doing quite well by themselves!). But ultimately, they realised... this wasn't going to work. Not only had they spent months putting in a device in a terrible configuration, but even the "HA" portion of it literally never worked. Not in a single demo. Not once. Never. They even made us run 100Gbps fibre between the routers SPECIFICALLY for HA heartbeat. Fibre was fine. HA never worked.
They did something else similar. Bought an IDS/IPS. Attached it to one gateway. It never detected anything. Literally nothing. I kept complaining. And complaining. And complaining. And it kep getting escalated but they assured me it was all working. I got it in writing. MONTHS this went on.
It was at that point that I pointed out that the device they were supposed to install was still sitting in the rack, uncable and unpowered. They'd racked it. And that was it. Then they tried to blame me, but I had not only a trail of evidence, but I'd deliberately pointed it out to my boss who had - sensibly - not said a word and let them drop themselves in it.
When they did cable it and turn it on, it didn't work. Why? It was only monitoring one gateway. Fine while that was the active one. Useless when it wasn't. Our network was unprotected 50% of the time. They claimed that it was fine and they'd checked with the manufacturer and it was a supported config. Strange that. Because I had a written statement from the manufacturer (thanks BlueDog!) who had agreed to talk to me when they realised I was the customer, that they had SPECIFICALLY warned that MSP (the reseller) that they would need at least two such devices, and it would be worthless without. They sent me the email chain. Where the MSP dismissed that and just ignored it, repeatedly, against BlueDog's advice.
Whoops.
The primary reason to remove code is maintenance burden.
Every time you want to change some underlying API, or migrate to a new primitive, or introduce new locking, you have a bunch of old code that receives really quite devasting changes that can't be automated... and there's nobody using or maintaining that code to check it still works properly in all possible instances. Then some pillock boots it up on their NAS products as part of their natural firmware upgrades, and it starts trashing customer's NAS data because of some niche side-effect, and now you have a major NAS vendor telling its customers that Linux isn't reliable and just trashed all their customer's filesystems.
As soon as something falls out of active maintenance, it has to be marked for deprecation to let people know not to use it, and if nobody steps up to maintain it, it gets removed.
Lack of maintenance is literally the primary reason for code removal in the Linux kernel. Things that should have been removed decades ago were still actively maintained, so they were allowed to stick around until the last maintainers left (not the last users!). Similarly, things that were brand-new but didn't have adequate maintenance were removed and pushed back out of tree. In fact, one of the main reasons for being refused to be pulled in-tree is that someone then has to maintain it forever. And that's a huge burden for code they may not understand, so it can take DECADES to get code into mainline simply because you have to break it down and get every piece in and slip it past all the maintainers before you ever get close to actually merging the final product, and then you have to prove that enough people will use it so that enough people will be around to maintain it so that kernel maintainers aren't spending half their life trying to fix issues in other people's code that they don't understand.
And this severely affects security. One locking or permission change, and if you don't go updating all your code you are leaving security holes in the kernel. That can't be allowed. And if there's nobody around to say "Yeah, I've fixed bcachefs against this new novel attack that we're seeing throughout the kernel code" then it gets removed. Quite rightly.
People think it's personalities, or technicalities, or some desire to just move into every new thing and throw away every old thing (which is utter nonsense, Linux supports some ridiculously antique stuff still), it's not. It's about maintenance. The one thing Linux lacks is good maintainers with time on their hands to do that job, usually for free! Those are the most valuable and precious resources. And, as things like NTFS filesystem support *cough* Paragon *cough*, whole-kernel mass-patches that nobody is willing to break down (*cough* grsecurity *cough*) etc. have found out... it doesn't matter how great your code is, if people aren't willing to maintain it you have a decades-long uphill battle to get it into the kernel, let alone keep it there.
Nobody wants to babysit your code in perpetuity, especially if... when a new maintainer is required... not one competent, trusted person is willing to step up and say "I'll do that".
Paying ransom is prima facie money laundering.
Ask your auditors.
You're paying a unidentified 3rd party huge sums of money in order to appease a crime, with no record of the transaction's destination.
There is no way to distinguish "we were attacked and paid a ransom" from "hey, brother, I have a plan... you pretend to attack my company, I'll pay you the ransom via an anonymous payment method, then we split the proceeds 50-50 when the dust settles".
I bring this up regularly when my employers talk about potential responses to ransomware. Paying them is money laundering. Because I can't tell if I'm paying that money illicitly to the CEO's brother, or some guy in Russia. Any audited account should be all over that with flashing red alarm signals going off at the very mention of such.
It's already criminalised. We're just not enforcing that law. Another law isn't going to help.
The problem is not even that.
The problem is that a major critical utility like an airport shouldn't be running on general purpose operating systems running on commodity hardware connected to the wider Internet.
At all. Ever. It never should have got that far at all.
We've totally lost sight of what these systems need to be secure, and instead lobbed them at the cloud, managed by a bunch of people who can't understand anything that isn't fully remotely accessible with full admin rights on a GUI desktop.
There shouldn't even BE an opportunity for a system like this to get ransomware, even if specifically targeted.
I recently bought heatpumps, electric heaters and a towel rail and went for a smart model of each.
However, in each case I made a very big point of also making sure that I can:
- Operate the device without any subscription.
- Control all the useful functions from the bog-standard infrared remote control.
- Control all functions from the device itself.
Now, if I *want* my heating to come on at 2 in the afternoon... I can do that from work. Very useful. Especially when Octopus announce a free energy session.
But if it doesn't work, or the service disappears in ten years time, or I'm in the bathroom myself anyway... I can just press the button to do that same thing.
AI and "smart" stuff is just automation. That's all it is. I don't need automation of every possible conceivable scenario. As you point out... I tend to use one. My washing machine is "dumb" and has arrow stickers pointing to the only program I ever bother to use. My dishwasher is the same. My oven literally has a child-proof cover over the temperature gauge because I don't need to change it 99% of the time and I was tired of it moving just because I brushed past it. My heatpump operates - now that it's configured - in two modes. Heat and cool (aircon). That's it. That's all I need. It's useful to turn them on remotely occasionally (e.g. coming home to a toasty house on a winter's day), and things like schedules, but that's it.
My brother has just bought a smart washing machine. I really don't see the point in that. Because you have to load the washing machine anyway... so you have to physically be there and do something. Sure, you can schedule it for late and night and it can tell you when it's done but... you can do that with much simpler things than smart functionality (e.g. timer and beeping). It's not like it can unload itself when you're not there. A bit like "remote start" car engines. Literally the next thing I do is sit in the driver's seat, surely, so... what's the point (P.S. it's illegal in the UK to leave a running car engine unsupervised, so no, "pre-warming" the car isn't legal). Or remote unlocking. I've unlocked the car... the next thing I do is... approach the car anyway. What did I achieve? Nothing.
If you want to automate things, that's great. But smart/AI has so little role in anything I ever do that I can't fathom why I'd ever specify it or pay for it.
I'll show you how convinced I am about Microsoft's repeated and persistent attempts to crowbar Copilot into literally everything without my consent or often knowledge...
I've just priced up a laptop for myself with explicit Linux compatibility.
I don't need AI, I have no use for AI and I don't want AI. And that should be respected, whether you *agree* with that or not. But Microsoft don't even want to respect that much.
Along with the Windows 11 horrid revamps, and the same old decades-old pathetic problems... I've had enough. Again.
Previously spent 10 years on Slackware (which ironically made a far-better desktop GUI at the time that almost everything else because... it just did what I told it to), no problems. The irony at the time was I was managing Windows networks while running only a Slackware home/work shared laptop for myself.
Now I'm doing the same again.
And I've been auditing the software I use casually as I've been considering this and... there are no blockers. Everything already works. Bye Microsoft.
Honestly, it's the constant UI "innovation" (i.e. "remove 99% of the options and you WILL have your taskbar centered") and the AI push that have pushed me away this time. Last time it was things like instability (e.g. Windows 95) and blue-screens and driver and performance problems, but this time it's purely trying to shove things down my throat that I don't want. It started with Edge (still prompts me and tries to intercept Chrome downloads and tell me Edge is better), and OneDrive (I have no interest in paying to store my files, thanks, that's why I have network storage), and now it's pointless UI changes and AI and things like forced updates and constant prompts to upgrade, etc.
And in a world where things are almost all web-based... it's a really dumb thing to be pushing people off your OS.
You're an OS. In fact, you're not even that, you're just a shell (for most of those things that interfere with my operations). You're there to do what I tell you to do. That's it. I don't want AI backchat, things telling me "you can't" or things popping up to tell me what they WANT me to be doing instead.
You only have to browse the Linux device driver's code to realise:
So much shite only works in extremely specific circumstances, and so many things require quirks, workarounds, to pretend that you're Windows, to do things in a very particular order, identifies as another device entirely, has the same model/serial as something else that clashes, etc. etc. etc.
So little hardware actually complies to the specification that for some class devices (especially anything widely available and cheap like HID mice), there are often more workarounds than there are compliant devices.
And it applies to everything from plug in USB mice, to Bluetooth devices, to PCIe cards and even mainboard chipsets.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
