Posts by Lee D

Mac OS legitimately? No.

But my 8-year-old laptop has a VMWare virtual machine on it with MacOS from my "proving" the same thing to somebody else.

With that OS, running inside a Windows 7 hypervisor, I can allocate 25% of the laptop resources and enjoy BETTER performance inside the VM than on a real Mac. While also getting real-work done and even virtualising other OS (I have Windows, Mac and Linux VMs running on a Windows machine, all picking up the same codebase and all compiling via Eclipse and running the result to test it works, in case you wonder why.)

Granted, it was a couple of years ago that I last did this specifically to prove the point, but my laptop is EIGHT YEARS OLD. And it can virtualise MacOS in one-quarter of its resources, faster than Mac native hardware. Seriously... go try it. VMWare Workstation and a couple of UEFI config file tweaks to make it boot.

Honestly, that same 8-year-old laptop still beats out this Mac Mini! It's Intel i7, 12Gb RAM, dual-drive bays with 1TB in each (but I later replaced one with a 1Tb SSD - however the tests above were NOT done when it had an SSD) and has nVidia graphics (I think it's a 960M, to show you that it's hardly top-of-the-range even back then!).

If you don't realise that MacOS is clever-tricks and showmanship and NOT actual performance, then you've not looked into it. The slippy-slidey menu at the bottom is a perfect example. You're led to think it's scaling those icon in real time. It's not. They are pre-cached bitmaps in a variety of sizes. It's giving you a GIF animation, basically. On the VM I made, you can knock the allocation down to a single-core and it still does slippy-slidey quite smoothly, but every performance metric of "real work" (e.g. loading apps, browsing websites, compiling code, etc.) falls below on the actual Mac hardware compared to a VM experience.

MacOS is designer shine on a hardware turd. Sure, it's "clever" in its way, but it's entirely snakeoil.

Honestly - if you have VMWare (I don't think it works in anything else as it has a serious UEFI integration), go Google how to do it, load MacOS up and run it. If you dial-down the resources allocated, you'll instantly spot what's snakeoil and what's actual performance. And your PC will still kick the Mac's arse.

Honestly, the only reason to own MacOS is if you need to cross-compile to Mac, where you can only reasonably do so via an up-to-date XCode, which usually needs and up-to-date MacOS, no matter what compiler / development environment you are using. I use Eclipse and the CDT, and the only sensible way to cross-compile to Mac is to load Eclipse on MacOS, configure it to load the XCode etc. compilers and libaries, and then make that do the compile.

Re: Office 364?

To downgrade is simple.

Just update to the newest version of Office each time it's released.

Less features, less reliability, the perfect downgrade.

I had a rather interesting conversation with a client lately where they demanded to know why our staff webmail was only running <old but still-fully-supported version> and not the new-new-newest.

"a) it works, b) it's not insecure, c) it's supported, d) we have no need of any upgrade" was the gist of my answer.

Re: John C Dvorak

Actually, it wasn't anything to do with 5G.

He was equating 5G with millimetre wave (which is, in itself, dubious as 5G will be at least partly on "ordinary" frequencies already in use and the millimetre wave frequencies haven't even been auctioned yet). And not just a few particular frequencies but basically EVERYHING above a certain frequency.

He was then equating cellular millimeter wave with... well... some tosh about your eyeballs and skin frying. Complete lack of coherency or understanding about the difference between frequency and emitted power.

It was an incredibly dubious, incredibly unprofessional, incredibly misleading and incredibly badly-researched article (which basically tried to use the argument "nobody uses it, so we don't know what it does, so obviously it's gonna fry your brain" - despite the fact that this kind of stuff is deployed all over the world in radar systems, military applications, site-to-site wireless links, etc.) which was pulled because it was written to try to smear 5G (and ONLY 5G) with such tosh.

Honestly, though I remember the guy's name and probably read thousands of his articles in my time, reading that one really put him firmly in the "ignore everything he's ever written" category for me, it was just that bad.

Re: when you charge more per hour

When I was self-employed, my phrase was:

You don't pay me by how many hours I press buttons for you.

You pay me to know which buttons to press and when.

Have gladly charged a customer a full-day's rate for the simple matter of turning up, pressing Enter on a screen that said "Press Enter to continue..." and then going home.

The question is not "am I being paid for pressing one key?", it's "was I willing to press that key, understanding the consequences, and take responsibility for whatever happened after I did?".

(P.S. when you plug heaters into an extension that also runs "the server" - not my idea! - and the server turns off, and you hide the heater and just press the server power button, you should know three things. a) the server was set to "Press Enter to continue" on the BIOS, which if you'd done, it would have just booted up, b) your heater stays warm for a long time afterwards, especially if you try to hide it away in a cupboard, c) if I had been paid by the hour, I could easily have spent hours on figuring out the cause if I hadn't been lucky and observant... or you could have just owned up to it and I could have solved it in seconds for free over the phone)

Re: And this is news how?

Not sudo. setuid.

X was setuid in every distribution for DECADES. Some of them still are. X itself runs as root no matter who you are in those distributions, then downgrades itself to the user's level.

Here's a shock - apache does the same thing. You have to run as root to enable you to bind to any port number less than 1024 as a server. So apache starts up as root, binds the port, drops privileges, and runs the rest of its life as "www-data" or whoever while holding something that only root could have obtained. X does pretty much the same, or did. There are ways not to, but pretty much X has spent more of its life starting as root than anything else. Same as "ping", I believe. You have to be root to send ICMP messages. So ping is "setuid root", so whoever runs it is actually running it as root. (Things may have changed in recent years, I don't delve into it myself).

Because of that... anyone on those affected distros (i.e. all but the most secure) is running X as root for a period of time. Which wouldn't be a massive problem if it didn't allow you to specify arbitrary files as the log, and then let you control what's logged. Basically, that's using X as a proxy to read/write any file on the filesystem. In this case, it just happens to set a root password by overwriting the password storage file (shadow).

Yes, it's a dumb idea to run as root when it's not necessary. Fact of the matter is, there's almost ALWAYS a point at which it becomes necessary. Windows has a SYSTEM user, Linux still has root. If they weren't required, those accounts wouldn't even exist. (It actually goes back to the micro-kernel argument of old, where you shouldn't need one user able to "join" all those systems, but if you want sufficient performance, you often have little choice without switching between 20 different subsystems and handing off state information 20 times to achieve something basic).

But it's not an incredibly dumb idea so long as you are very careful and drop privileges as soon as you've done the necessary. In this case, the former failed and - while still root - X allows unsanitised user-specified data to be utilised in the name of a filesystem file which it then gains root write access to, and again to allow the user to specify more unsanitised data which can end up in that file.

Wrong... the answer to the trolley problem is "there is no right answer".

You have no capability to assess two options quickly and conclusively in a short time, nor does a computer.

Both options are bad and, in reality, most people won't blame you for "choosing" either but the fact is you won't get to choose - it's essentially random in any crisis situation. Even choosing between "hitting the fence and taking the pedestrians out" versus "not smacking into the oncoming HGV myself" is a no-win situation of which people take both options all the time or, again, the third option "AARGGGH!" and bouncing off the truck because you couldn't decide and ricocheting into the people anyway.

The fact is that any reasoning applied is largely arbitrary (why would you save rich people instead of poor people?), thus such reasoning is pretty unnecessary anyway.

The only options to decide are "do something" or "do nothing". And the answer should always be "do something", which should be "brake". Where you're steering when you brake is largely undetermined anyway - try to change that too much and you skid and make the situation worse.

All the computer should do is ask itself "do I need to stop?" And that's it. Anything else is going to cause as many deaths as it saves.

Re: Snake oil sales men

Honestly never understood such things anyway.

Does anyone ever click and check them from those icons?

Is that in any way secure anyway (if the website wasn't in the first place)?

How many people who don't understand the SSL certificate highlights in browsers, who then go to click on the Verified By... thing then have the first clue about checking that that's actually genuinely FROM the SSL provider in the first place?

If only all the information required to verify the certificate was somehow included in the certificate itself, and somehow showed itself in the browser as soon as you visited such a secure website, eh?

To be fair, they would be subject to wear-levelling.

It's just a matter of waiting long enough.

Re: Ecuador could solve this in about 3 minutes

They really don't need to even do that (and he wouldn't evacuate anyway, would he?).

Just phone the police and say "I invite you to come arrest Mr Assange at your earliest convenience".

The ambassador wouldn't even need to leave their desk.

Re: Cloud based services

It isn't really cloud, though, is it?

Not if one data storage thing going offline causes the whole thing to fall over. It's more like a Drip. Maybe a Puddle.

Whether or not it's "cloud"... where's the failover? And I mean failover, not just "oh, have some stale data and we may be able to restore a backup"... but live storage somewhere else ready to take over. You'd think $7bn might be able to buy something like that, no?

It doesn't matter whether it's cloud or not - it's SHODDY. Storage failures should never get to the point where they affect users, because you should have enough redundant storage mirrored up to date, and via a versioned filesystem so even a "delete all" command can be undone, for it not to matter.

If you're basing your business on their services, immediately review that decision. From the looks of it, they are just running off stale caches at the moment. That might mean they have no data actually up at all.

Re: I'll never buy another

I bought a bucket of the cheapest Crucial junk SSDs I could find, lobbed them into any machine in work that couldn't take our >4Gb RAM upgrades (which tells you the age of those machines! They run 64-bit WIndows but the motherboard can't take more than 4Gb RAM) - so half the machines are 4Gb with an SSD, the other half are 8Gb with a normal hard drive.

Bear in mind that I *never changed a single option* - none of this caching rubbish, no "tool" running to optimise the SSD, no overprovisioning, no disabling of swap, etc. - literally a byte-for-byte image of whatever was on the same computer before the upgrade...

1) I've not had to replace one in over 4 years.

2) If I did, they are the cheapest things to replace, and literally replaceable because nothing is stored on the HD, just the OS and roaming profiles.

3) They would be much swapping harder than the 8Gb machines.

4) They OUTPERFORM the 8Gb machines, by a large margin. People use them in preference.

5) When I *do* runs the tools, there are zero failures and the estimated life is still 5 years +

6) These machines are hit hard every day, in use all through the working day, way into the evening, and sometime 24 hours a day in some locations. They get dozens of users a day sucking down their entire profile and then pushing back to the server, and doing all kinds in between and "Switch User"ing between half-a-dozen users all the time rather than logging off.

I honestly can't fault them... I have a Samsung in my personal stuff but they were a test to see if they were viable and whether I'd have to replace them every year, and they are still flying. If I had to replace them every year, I really wouldn't care at this point.

P.S. You should never lose data. Literally never. If you can afford one drive, you can afford two half the size and something to RAID between them, even if it's only a pathetic mirroring. And you shouldn't be storing anything critical on any machine that can't do that (we call those clients, they shouldn't be storing files on them and you should be able to code up a bare-metal machine to a working client with all your software and domain in minutes).

Now, if you'd said Seagate and hard drives - I'd be right with you. I burned through EVERY SEAGATE DRIVE in the workplace in that same time. Literally everyone failed, and every RAID resync with more Seagates inside them was a cross-your-fingers-and-check-your-backups moment. Every single drive that failed was Seagate (whether SAS or SATA, client or server or storage). Every Seagate drive has failed.

But the cheapest, junkiest, more useless, sacrificial Crucial SSDs... they are so impressive, I've worked out what I'm upgrading next rather than RAM.

Re: A standard dating back to 1987?

I still contest that a WinTV card plugged into a decent aerial put onto a computer (via the old purple-overlay-on-screen-with-a-cable-passthrough trick) was some of the best quality TV images I'd ever seen. I was enjoying full-screen, smoothed-but-sharpened progressive-and-deinterlaced TV at HD res long before HD was a thing.

Hell, teletext was also a dream - it cached EVERY page of teletext on the entire channel, so you literally clicked around it on the three-digit page numbers like hyperlinks.

Re: Or the fourth option...

This is always brought up about such things.

The regulators really wouldn't care very much. They get paid either way. And they can claim it's "opening up the market" (which is what you want such regulators to do, really, isn't it?). Also, every Google competitor will jump behind them and claim that they were just protecting "the small guy" and love them for it.

The biggest answer really is "Would you like to lose 50% of your revenue from one of the largest markets in the world?" Often the answer is no. Because people forget that annoying the EU has major ramifications for any international company, because it's often the second biggest market they trade in, if not the first. Nobody's stupid enough to throw away 50% of their worldwide revenue for the sake of a bit of legal work. Did you see company's responses to GDPR? Even US-only companies were diving for cover.

Re: Not just residential

We have a VM leased line. That stayed up.

We also have a VM-managed, but BT-supplied leased line. That one was down on the timing in the article.

We also have half-a-dozen staff complain that their Internet was "really slow" at home last night (quite what they think I can do about that, I'm not sure!)... almost all of the BT.

I'd be inclined to think that this is at least partly "BT equipment not joining to VM network" rather than just VM on its own - a lot of their connections are now just ordinary BT-resell stuff, not VM at all.

Re: Not Surprised

It's the only reason that locks and British Standards clauses exist.

Nothing is secure. Any front door can be taken down in under 60 seconds, as can any car. What matters is that you can't do *without damage*. Insurers want to see signs of forced entry, or no-payout.

Nobody even tries to pretend that your car is secure. It's a mobile device like any other. That's why we put GPS trackers and stuff on them. But I don't have any involvement with Ford to open my car door. I press a button, or I put the key in the lock, it CANNOT talk home - it doesn't even have any method by which to do so.

The difference is - I'm not relying on my car locks to secure my car from theft. They can't. They secure it from "opportunist" opening of my doors and nicking whatever is in the footwell/centre console. I also don't leave anything in my car overnight. What I do is, I take it out... and put it in the house. Because forcing entry to my house is a) harder, b) more obvious, c) much more likely to attract attention (not just mine, but mine's the only one that matters), d) can't be had as a quick getaway.

But, certainly, my car and my house have something in common - you could easily get in if you really wanted to, but you would have to leave evidence of doing so... and that means my insurance pays out. If the Yale lock decides to just randomly open, or they get hacked and an "open all customer's doors" command is sent, I have precisely zero recourse to my insurers (seriously, read your policy... "forced entry"), though I might be able to sue Yale (though it's unlikely I'd get full compensation for anything that was taken even then... more likely Yale would go bankrupt first!).

Re: Monitor

"Clearly the above commentators have never had the fun* of having their 'known good' hardware killed by whatever was causing the original problem."

So you mean.... you change one part. No change. Then you have to move your diagnosis further up the chain, until you find a dodgy item (i.e. a PSU that doesn't work on TWO motherboards, or that you swap out and it powers up), or until you *test* an item more than a quick check of "does it function immediately and perfectly in all regards"... by, say, sticking a PSU tester on it.

I have in fact had MUCH more complex diagnoses than that (recently someone put a digger through a 450KW supply cable and blew up £20,000 of hardware, that we restored by diagnosing and replacing only £3000 of parts that were ACTUALLY faulty). And you ALWAYS start with the same diagnosis. In that scenario. I wouldn't have got through more than two motherboards or PSUs before I suspected a much more serious problem. In fact, likely one PSU and maybe two motherboards - when the known-good MB is replaced on the same PSU and doesn't work, I'd suspect the PSU, replace that, and then when that didn't work, I'd go once up the chain (checking the power sockets and cables by using a known-good one of those).

Then when you know that it's the MB/PSU end / combination that's at fault... pull both, check one level up to make sure the power isn't blowing the PSUs, put something else in place, allow the user to continue work, and then carry on your diagnosis of the faulty parts back in the IT office (e.g. with a £10 PSU tester) before you do any more damage. In fact, at that point, I'd put the previously-known-good MB back on a known-good PSU, realise that it must have actually BROKE during testing despite being known-good, and ditch the PSU that did it, testing it only for curiosity.

Four PSUs and three motherboards again reeks of "I didn't narrow it down sufficiently and just kept guessing / throwing hardware at the problem".

Honestly, the second the "obvious" swaps don't work, I'm replacing the entire kit to shut the user up, breaking out multimeters and testers back in the office (where there's an isolated mains and network circuit, because you are playing with 240v and PSUs!). There's a reason I have a drawer full of nothing but cheap PoE testers, mains socket testers, multimeters, PSU testers, network cable testers, battery testers, discriminating continuity testers, telephone line testers, etc. And that drawer cost me an awful lot less than even the price of the cheapest replacement motherboard. (I am not one of these people who wants/needs £1000 high-tech testers... if it doesn't pass a basic test I don't want it, and if it needs £1000 of tester to tell you if it works, but £50 to replace it, I'll just replace it.).

P.S. Yes, we do all our own cabling. We manage and repair all the PCs and devices on-site. Hell, we do the CCTV, access control, and everything else you can imagine ourselves. We do not have a huge stock of spares (currently about 0.1% of the deployed hardware) or parts. I don't have a huge test suite or dozens of techs - 1 per 500 devices. I don't have a stupendous budget, or warranty support etc. on anything but the server-side. The way we cope (more than comfortably) is by proper diagnosis.

Re: IPV6

Sounds like a good way to make sure you don't use Edge or Windows Store to me.

Noted for if/when I ever upgrade to Windows 10... turn off IPv6...

Re: Still amazes me how oblivious/stupid some companies are

Once they're inside, how they get the data out is really a secondary concern. NAT isn't going to help them or hinder them.

But a default-allow on outbound packets is the silly thing. Possibly acceptable for a home machine, certainly not for any major service.

Re: Can someone tell me why?

There's no such thing as a credit score.

It's literally a number made up by a single entity, and has no standardisation or correlation to any other number. You can't compare them, you can't predict them, you can't even choose a threshold (GDPR says that a human must now evaluate if the customer demands, not a computer score). They are literally a fabrication and any website that claims to tell you your credit score is no different one telling you how many you rate out of ten on the sexiness scale.

As such, no credit decision is taken on the basis of "at least 900 on your credit score". It doesn't exist like that, and isn't processed like that, and when you do a minimal/statutory/DPA request from the credit agency, that number never appears.

Because the data they hold (what you pay for, when you pay it, how much you owe to whom) is the data that decisions are based on and every single credit-giving entity has their own criteria based on that data that has nothing to do with the credit reference agencies or any made-up "score".

The reason they won't lend to someone like you with 999/999 is precisely stated in your comment: You don't have any credit, and "You're never missed a payment". You're not profitable to them. And even no credit history at all is a red-flag so they won't lend to anyone who doesn't already have some form of credit history. It's a reputation score of "would he pay me back" - when someone who's never needed credit in their life suddenly asks for a loan, the risk is enormous - you have no idea if they're just gonna cut-and-run.

I made my "score" on one website drop from 700 to 100 by asking for a Vodafone SIM three times, and never receiving / activating any of them. Literally, I did nothing else, owe nobody any money, never even got to give payment details but "multiple credit requests" is considered a sign of desperation, so they hurt you for it so they don't put themselves at risk.

Credit scores are made-up nonsense. Credit references are basically subjective and there to profit companies giving credit. Actual credit for daily life shouldn't be required except for the major unaffordable items (housing is about the only thing). That someone asks for credit for home or car insurance - that's a red-flag. They can't afford to pay an annual lump sum, but they're keeping their car in good nick are they? Credit shouldn't be required for that. But we've taught our kids that that's okay (I blame Direct Debit a bit, but most essential DD's are actually zero-interest and cheaper than the annual payment). Telephones and mobile - I covered that. No. Buy.

But in all these other places you're ASKING for credit, when you could operate without credit. You're asking the gas company to lend you £200 for gas and you'll "pay them back next month". That's what you're doing. It's perfectly justified but also not strictly necessary. Nowadays pre-pay with a smart meter means you are on a monthly recurring pre-pay "contract" that you can cancel at any time and never get into debt for. That's no worse than a DD of credit on your account, in effect.

I'm not saying it's not the norm. I'm saying all those things - apart form housing - you do actually have a choice on, but instead choose to pay money to credit reference agencies and credit middle-men who are paying for your car / phone / etc. and then taking their percentage on top.

100 years ago, you literally didn't have a choice. You had the money or not, and lenders were not to be used for minor things. Nowadays, every 18-year-old fights for a credit card, phone contract, monthly car insurance deal, car finance, etc. the second they are of age to do so. Sorry... no sympathy.

(P.S. I have credit agreements. I'm no martyr here. But I do everything I can to ensure they're affordable, as well as ensure they are necessary and that I have a backup plan should something happen - lose my job, etc. And, no, that doesn't mean payment protection insurance! If you said to me tomorrow that you're cancelling all my credit agreements that I have in place... you'd take my car from me and have to give me back more than enough to buy several new cars, or I could dip into what I have and buy it from you - and even that is *literally* because I was forced to move out and live on my own, doubling my expenditure, and therefore spending the money I had put aside to pay off the rest of the car... halfway through the credit term).

Re: <Title is optional>

Could just as easily be better backhaul, or more towers, or just better prioritisation.

They're never going to know from crowd-sourced data, and the mobile operators aren't going to discuss internal technical affairs.

To be honest, speed isn't so much an issue. I'd happily halve my "max speed" if I could more data for the same price.

On a Three mobile broadband SIM, I get more than enough bandwidth even at peak periods to watch all my telly over it, what I don't get is enough data to cover what I want to do.

And Vodafone (the only people who give more data) are still too stupid to allow me to order a SIM despite the fact that they have a better deal with all the TV channels and big websites not counting towards your data allowance. I can't do anything on two accounts I "registered" and ordered a SIM on until I activate the SIM, but haven't seen any SIMs at all, and signing up with another email just starts the process again.

(P.S. No, just because you have a 100Gb SIM does not mean that you can tether / mobile broadband for 100Gb, and I use my SIM as a broadband replacement for the home network, not watching all my TV/movies on tiny phone screens tied into 36 month contracts).

But the fact that I can use a 4G SIM in a cheap Huawei box off Amazon to run my entire household is pretty impressive and shows you that the "max speed" doesn't really mean much nowadays. Even my Steam downloads happen just as fast as when I used to have a broadband line.

RHEL is always behind the times.

RHEL 6 is based on Fedora 12 from 2010.

If RHEL don't support it - then they don't support it and you're on your own.

Fact is, they support older versions only.

Blame RHEL, not OO (and I'm no fan of OO!), and take that blame and use it to influence your decision next time you use / pay for a distro (i.e. go to ANY of the other distros that supports the full version of modern OO if that's what you want...)

Re: Security? We've heard of it.

"Regardless of all the stuff about VLANs, you could check out the building remotely and use the information to find out the best route and time to break in, and delete the evidence afterwards."

No, you just wear a balaclava. Done.

Nobody in their right mind will break into a building and then try to hunt/destroy the cameras. Mostly because they'll almost always be synced to off-site storage, cameras often comes with SD cards inside to double-record all footage nowadays, and the actual reliance on "roll the camera back" is fading fast in favour of "the camera just texts me when it detects movement on an internal camera, with a copy of the last 30 seconds of the footage" (note: all perfectly viable without third-party cloud servers).

Honestly, if it's an average private home, the police don't even have the time to obtain footage and unless they pull up with their car number plate facing the camera, or look up into the camera, you stand precisely 0% chance of identifying them. (Source: Three police incidents of burgled neighbours with captured footage of vehicles and burglars).

If it's any property that you need to keep more secure, that footage is stored in a secure location and mirrored (you tell me where that network cable I plugged into the camera is actually recording TO... could be anywhere in the world, synced to an off-site backup, sitting in a cabinet anywhere on site, accessed live over a VPN, etc. etc. etc.). You'd have to smash all the cameras you passed (which is why they are vandal resistant), pull them off the wall, destroy the cards inside them, find the NVR (or NVRs!) on-site, destroy them too, and hope that in all that time it never got to send out a single message, alert, alarm signal, footage or backup off site.

P.S. any modern NVR has "camera blackout" alerts that can detect obscured / disconnected cameras and alert you in a number of ways. You have from the time you smash the first camera, until the time the security company van arrives to destroy all traces of the CCTV system.

P.P.S. CCTV is not there to roll back and see what people did. That's just one function. It's there to alert someone to something unusual. Like burglar alarms - there's no point getting home and the light is flashing and it's been going off all night and everyone ignored it. At that point you KNOW you've been burgled. You fit a burglar alarm to alert someone who'll do something about it quickly - like your neighbour (highly unlikely), a security firm (better, but expensive), the police (yeah, right, they don't even come out for persistently-ringing alarms any more, they tell you to call Noise Abatement), or... the best option in the world... you. By texting your phone and saying "Internal camera detected movement" or "Lost contact with Front Camera".

You have to notify the only person in the world who care about your property - which is you. That's the function of CCTV, burglar alarms, car alarms and anything else. Everything else you might "think" will happen is a nonsense. I hear a car/house alarm literally every night. I do precisely zip about them. As do all my neighbours. (Source: three house burglaries, nobody "heard anything", several site intrusions, vandalism, burglaries, thefts, not a single one caught in the act or discovered until the next morning).

I supply CCTV footage from large sites to police. Pretty much, it's useless and nothing comes from it. (Source: Three house burglaries, plus dozens of site burglaries and vandalism: convictions - zero, arrests - one [a teacher that was arrested for restraining a teenager from beating his mate up, I kid you not, the guy was never able to work in a school again], time spent - literally MONTHS of hunting footage).

The reason it's on the wall is so that people can see we're watching, and so that the guy who's in charge of the site at night can see whether the banging outside is a gang of kids, or a loose fence panel before he puts himself in harm's way. I guarantee if there's someone actually doing something, he will call the police, but only after he checks the LIVE footage. The historical footage is there for a court many months in the future, if necessary, and is usually so pitiful as to be useless.

If you don't know this, I suggest that you've never managed CCTV or been asked to provide footage to police after an incident. Note also: Approximately 70-80% of the thefts, break-ins, vandalism, intrusions, etc. that I've ever dealt with in my professional life - there is ZERO CCTV footage, even with dozens and dozens of cameras around all the places I've worked.