Posts by Lee D

I work in education IT. I spent ten years going into RM schools, wiping their kit, putting it on plain Windows and Office that they were already licensed for, popping in once a week to keep it all running, charging less than RM did for a more rubbish service, and got nothing but more schools wanting the same after hearing about me.

CC3 was actually an improvement on the Connect 2 (as it was called) networks. CC4 wasn't much better either.

I could list stories for weeks on end. In the end, however, I got bored of taking all these schools under my wing and showing them sense and giving them less IT maintenance hassle (because they literally didn't need anywhere near as much support after I'd done this for them) and still receiving nothing but vitriol and lies from RM-sponsored Borough support outfits.

I went into the private education sector and pretty much every job since, when I mention RM and what I did for a living (and they phone up for references, obviously), they are just overjoyed to have someone who doesn't foist that junk upon them for the sake of "tradition" over just a plain AD setup with decent group policies.

Every job I've had in those years has been word-of-mouth from existing clients, in one form or another.

RM Easymail? Let's not even start. Anyone using it is an idiot to have tolerated it thus far, lack of SSL is probably the most minor issue I've ever seen with it.

About the only RM product that was any good was RM Maths for teaching kids maths, but technically it's still the same old RM shite in a wrapper, it just so happens they got a guy who understands how to teach maths to help write it (I'm a mathematician, so I can see that it's actually valuable as opposed to their talking-parrot-macro-stuffed-into-word that they actually SELL). I believe it's now a web service, as a lot of their software is heading that way.

If you don't know the horrors of everything from Sassoon fonts to CC3 "MSI's" to RM Guard passwords (full access to any RM-controlled client, by a simple formula dependent on the day and hour, and advertised freely on a webpage online that you can save the Javascript to that generates the code and use offline for ever more, on any RM network, ever), then you can't even begin to talk about RM disparagingly enough.

*MEMEMEMERRRRRR*

Wrong.

No such thing in law or otherwise. It's merely international convention not to intrude on a nation's embassy.

Why does digital radio need synchronisation at all is my question?

Surely, if it's digital, the sensible thing would be to just make it a mass-broadcast medium like a multicast channel and put buffers into devices.

Then small jolts of interference barely matter as you're likely sending enough to recover the original digital signal, and a buffer capable of feeding out corrected data while it's still correcting the newest data. You don't need synchronisation. And the delay could be on the order of only a second.

I honestly do not understand why DAB is not just VoIP over 3/4G, with some kind of buffer and multicast-repetition of data, and a data format that allows large amounts of bit-error correction as well as detection.

There's a reason that the only DAB device I own came "for free" with my car. And I never use it. And it still has FM anyway.

Re: Ughh... I would stay away

Most schools that your children go to are teeming with asbestos. I know, I've been working IT in schools for the last 15 years.

So long as you don't disturb it, it's absolutely fine. And the cost of removal/replacement is virtually twice as much as just building whatever it is again (e.g. kitchen ceiling, doors, etc.).

Every school I know has an asbestos register (even if it's minimal and not in child-occupied areas), and all the larger contractors ask to see it if they need to drill holes.

Next time you go to a school, look in the corners of the ceilings for little stickers or other markings. Very few ever pay to get rid of it, and it's only really damaging to contractors (who tend not to be allowed to do such work while children are on-site, asbestos or not).

Re: So many errors in two lines...

Thump, Thump, Thump, Thump, Thump...

New forehead please!

Re: Flash Next?

Working in schools, the swansong of Flash is already being sung.

Flash doesn't work on iPads. Keeping multiple versions of Flash inside multiple browsers up to date is a pain. Most educational content suppliers are moving from Flash to HTML5.

And these are the people who are STILL selling disks they made in the 90's using Quicktime.

But with Flash not on most tablets (Android support stopped a long time ago, iPads have nothing in the way of Flash, etc.), they can't cater to a large sector of their market and get complaints all the time. Their solution universally appears to be HTML5 - and I can't say I disagree. As a coder, I was amazed at what's possible with emscripten, Node.js and even an unaccelerated browser on a cheap iPad, smartphone or Android tablet.

Java's "write once, run anywhere" has ironically been replaced with Javascript in a browser, where it's actually closer to being true. I wrote an SDL app in C99 the other day - a change of compiler name from "gcc" to "emcc" and it turns into Javascript that runs on iPad, smartphone, Android tablets, all major browsers (not IE, but Edge, so that's not a problem), and runs more than fast enough even with business-level unaccelerated graphics cards to play games. Add in SDL_Mixer and it plays sounds through the browser too. Wrap an ordinary service in websockify and it can talk plain sockets to your servers. Put in OpenGL and it becomes WebGL.

Even the kids have caught on. 3D games are available in-browser, no plugins required. Go look at the example games on the emscripten website, for instance.

Flash is dead in the face of this. And good riddance.

Re: Think about it...

"Which Countr(y)ies still give you decent interest on savings? Perhaps I could move mine there too?"

If you are investing hundreds of billions, you get much better rates.

Re: Ahh... The ever connected fallacy

The entire point of my virtualisation activities is to insulate myself against change. It doesn't matter where my servers need to move to, or what hardware they actually run on, or what I need them to contain... they are little box that you can move around to keep everything the same for yourself.

As such, "cloud" really plays no part in my virtualisation activities. It's much more about "Whoops, the server has blown up, fire up the replica VMs", or "Whoops, that upgrade went badly... rollback." or "Whoops, the entire place burnt down, nip down to PC World and let's set up shop in the local pub".

Without needing third-party involvement.

I don't need to rely on someone else to do those things, I can just carry my snapshots and replicas and put them wherever I feel like. Whether it's work (Hyper-V) or home (VMWare Workstation), I have a consistent working environment not subject to the whims of some random third-party, or hardware failure.

Luckily, the beautiful thing about hypervisors is that it doesn't really matter if they go away. VMWare Workstation and the images it creates can work on an enormous range of operating systems, covering an awful lot of underlying eras (Windows 7, 8, 10, etc.). And if it really comes to it, conversion to another VM type isn't particularly fraught with danger. Lock down the base OS and it barely matters what VMWare want to do, my copy of the latest Workstation can continue to work for years. If Microsoft get particularly irksome with the Windows 10 stuff, I can just install the Linux hypervisor version instead and remove the problem entirely.

It's sad news. But to be honest, the last couple of times I upgraded Workstation, it was quite expensive and I didn't get much back from it. Sure, they upped a couple of limits that I was NOWHERE NEAR anyway, and maybe fixed a bug or two but the last two/three "major" versions of Workstation only felt like point releases anyway.

I'll be sad to see it go, because I especially like things like VMWare Unity where an in-VM window can appear to be native to the host OS, but it's not the end of the world. And I'm licenced forever to use what I already have. Until literally a base Linux hypervisor for it cannot be installed any longer, my VMs and working pattern will continue untouched. And then I'll probably just convert the VM to another format for another hypervisor and carry on as before.

Re: Lovefest

An unexpected packet.

Technically, that may not be wrong. But it's misleading.

As far as I'm concerned, anything destined for my network that wasn't specifically requested is an unwanted packet. If it bounces off my NAT tables, if it's hit connection limits on SMTP or on a blacklist, or if it's an unrequested probe or ping, that's not something that should be happening.

Classing it as an "attack" is a bit strong, yes, but it's equally unwanted, unrequested and potentially of a attacking nature.

But 200m in four weeks? That's only 82 a second. On any network of any size, I'd be shocked if your SMTP rejects weren't covering that alone. Hell, my personal server rejects several SMTP connections a second and that's with blacklisting, graylisting, and only a handful of personal domains.

Re: Another waste of cash.

You have video everywhere. What's wrong with just a hand-count and then a proper count of any close call?

Every school probably has at least one set of wireless voting buttons nowadays. They cost a few hundred quid for a class set of 30. Multiply it up and you can do a vote in seconds, TV-studio style, for the price of a few Surfaces.

Hell, in one workplace we were once in a meeting where everyone had a bluetooth keyboard given to them and we all simultaneously typed suggestions as the discussion grew and the software just plopped all the suggestions on screen anonymously. Literally, there was a USB hub with some dozens of Bluetooth keyboard dongles sticking out of a machine. (The fact that we were all "suggesting" ways we could avoid redundancy tells you how long we stayed at that employer, however).

There's a myriad ways. And a technical one is probably fine for anything short of "Shall we blow this country up" (where you want to make sure you have some degree of accountability. But still, then, I'd rather a technical system that does nothing but vote and ties Vote X into Device 22, than a collection of hackable, Microsoft-controllable third-party general purpose computers wandering around parliament.

Re: 3D & Hoverboards

By that definition, The Beano is a 3D comic.

Re: Wahoo...

I, too, would call bullshit.

I have an S4 Mini, which isn't all that old. It's probably had one update in all the time I've had it (and that cocked up my satnav apps and forced me to reinstall them all). My girlfriend's Samsung phone has exactly the same situation. And, yes, I have JUST pressed software update to check I'm right. Nothing.

I love Samsung but the minute something is no longer "the latest", updates stop.

My Samsung TV had updates available. For about a month after buying it. I haven't seen another in 4 years and I check quite often. I mean, it works, and it's not part of anything that I've be scared of (e.g. downloading network things, etc.) but that's still surprising that it's so perfect that an update isn't ever needed again.

Re: Many a marriage was made via FR

FR used to run a dating site too.

I met my ex-wife on there.

Precisely.

I have CCTV.

My neighbours were burgled not long ago.

I ramped up the CCTV and adjusted angles to cover my neighbour's (with their permission).

They came back a few months ago, did the other neighbour.

I checked on the CCTV... I have a video of a car crawling along at 2mph along the street, looking into all the houses, stopping and starting (presumably to take notes). Incredibly suspicious. I gave the footage to the police.

However, they quite obviously crawled past my first neighbour's and my house, and decided to do the next instead.

Not claiming that CCTV stops anything at all, but it discourages more than nothing at all.

Oh, and both neighbours were broken into by getting round the back and destroying the door frame.

Re: The more they push

I have to say that if you're going to VM, you want the base hypervisor to be something decent. VirtualBox has never really cut it for me.

VMWare is a good base option and will happily offer 3D acceleration to Linux and Windows guests, from a Linux or Windows host.

The money I spent on a copy of VMWare Workstation has paid for itself 10 times over. And I primarily work on HyperV servers at work.

Hell, if you tweak, you can even run MacOS on it. (I didn't say that).

If they force my hand, it'll be a Linux install at the base, a VMWare VM for everything else, and probably even a Linux VM for actual everyday work (because isolating the hardware is good for future compatibility and moving that VM to other machines, and because snapshots/rollback are worth their weight in gold).

Re: I find this one a bit difficult to believe

There are ATX -> AT power convertor cables readily available.

Re: Likely causes....

"Not malicious".

So... that leaves... incompetence. In many forms as you have listed, but still incompetence.

Re: Bah!

I refuse to put an alarm bell on my house. They are pointless, loud, annoying, and... totally ignored. Thus they are useless, even in a friendly neighbourhood. Every time an alarm goes off in my street (and it happens enough that I know this), it's completely ignored. Car. House. Doesn't matter.

So my house alarm just texts me instead. Then I can login and look at the cameras from home. Motion detection on such a setup is pointless and distracting, so there's no point relying on movement being detected in order to alert me. But a door opening, or a window breaking, that means something happened. Possibly. Like the way that the CCTV motion detection going off could mean that it's a bit windy in the garden, the door magnet going off could just be a windy door banging on the latch or a PIR being set off by the cat.

But with a remote control system, I am able to be alerted. I am then able to make a decision, based on the alerts and other remote-accessible data (like cameras, alarm trigger logs, etc.). Then... guess what... IF I SUSPECT a burglary, I can set the house alarm off remotely. And alert the police directly. Or phone the neighbours. Or drive straight home. Or not.

Without a remote home alarm? My alarm would go off, people would all ignore it, and I'd know nothing until I got home. Does having a remotely-controlled alarm put me at a disadvantage or provide an avenue into my home? No. Because it's properly designed and thought out. Hell, even the CCTV can detect if it's being obscured or cut and alert me, because I know for a fact that the CCTV on its own is next to useless to actually preventing the crime.

But a remote home alarm? There's a ton of uses. And it doesn't have to provide avenues for a burglar, or insecure access to your home.

(The other day I found out which damn delivery driver it is who keeps pulling my bins across the front of my driveway so that I can't get my car in without stopping in the road. Because walking into the garden sends an alert and flags the cameras to record, and my home cameras are set up on my monitor at work (and, no, you can't DO anything, just see the camera over a VPN connection))

Re: iPad Mini Mk 1/iPad 2 and iPhone 4S work fine

Chrome on iOS is just Apple's own UIWebView in a fancy front-end. You're not allowed to write your own rendering engine on iPad apps.

Whereas Safari et al use Apple's own WKWebView, which can do a bit more hardware acceleration (check out node.js or emscripten examples in both).

There's no such thing as "another browser" on iPads/iPhones. Even Opera is just a remote VNC-like session to an Opera instance rather than local rendering.

Re: Ah yes, spaces and phone support.

What sort of idiot tech support lets a user type a line like that anyway?

I was in a teleconference a while back, sitting next to a few users, while we phoned tech support and others. I was only supposed to be there for tech stuff and they were on line to solve a problem with a database not being up-to-date (nothing techy at all, just them not entering data), so I was basically reading whatever was on their desk while the tech guy on the phone blathered out and pointed out the obvious to the users.

There was a bit of back and forth and one user was just typing what the tech guy said into their software at our end and clicking where they were told to. Until, at one point, to fix a problem, the tech guy on the other end just said:

"Okay, now go into Script Runner."

Our user responded "Okay"

"Now type 'DELETE * FROM..."

It was at this point that I realised Script Runner was, in fact, just a hidden direct admin-level SQL interface to our database via the program, and I rugby-tackled the user to the floor to perform some damage limitation because they could start to type.

After berating the tech guy for such a dangerous command, and allowing users to have an interface to such a dangerous command, and reading out such a dangerous command, and not even bothering to check there was a tech guy this end who had taken a backup before he started playing like that, and not even bothering to do this in a transaction or similar that we could roll-back, I typed the command for them and told the users to NEVER go into that menu again (removing the menu from the user's lists shortly afterwards).

I don't blame the user's. I had backups but for sure I wasn't going to take blame if that command had gone wrong. Nobody knew what SQL syntax was but me and the tech guy the other end, and I damn well was never told that "Script Runner" was just a direct SQL interface. If that had gone wrong, whether I was present or not, that's ENTIRELY the fault of the tech guy on the other end.

More importantly? It's been two years and they STILL haven't managed to get their "remote application support" working for us either, so they still can't perform those things themselves. I'm both glad, and disappointed by that. It means they can't tinker without our co-operation, but it does mean every tiny data change needs phone-based hand-holding rather than a click done for them.

Re: Common sense

Is it really just me?

Why the hell are you sharing rides on your bike with the world in the first place? I mean... why? Isn't that like the old slide-projector enthusiasts who just show you every detail of their trip when you go around their house? Why?

Just... WHY?

(Why?)

Re: Too Hard?

Sorry, but it's time to get with the times.

Companies like iZettle will sell you a black-box solution for a hundred-or-so pounds. You can get a smartphone-connected thing that will set you back £70 but relies on the security/compatibility/availability of a smartphone. The rates are quite low, the gadget is one-off, it's Chip&PIN-capable (and also magstripe if you deal with foreigners) and can tie into accounting apps for you.

Last time I went to an antiques / bric-a-brac sale, most stalls took cards using things like iZettle and clearly advertised so. Sure, you may have needed to spend £10 to make it worth their while, but rather £9 from a transaction than nothing because you didn't have the cash. If your profit margins aren't already taking account of such things then you aren't going to be in business long, mom'n'pop or not.

Cheque fraud went through the roof in recent years - cheques nearly aren't accepted by BANKS any more, and the fallback when they bounce costs the retailer a lot more - why do you think they charge for that? Cash is expensive and risky to handle. It's much more likely those using those methods are actually able to not declare that income, in fact! Card payments? A cheap one-off purchase of a black box from a website, swipe the card and it pops into your bank account - with accountability, complete records, instantly revoked if stolen, you know they have the funds available, and a charge of fraud if it's misused by the owner.

Hell, I bought an iZettle for my girlfriend for Christmas so she can sell her pottery. She fires up the kiln maybe twice a year. Mom'n'pops have no excuse and shouldn't be handling cash or cheques nowadays.

Re: What would be required (technically)

The question is not whether you use a UK-based ISP or not.

It's do you trust the connection, and to what extent?

I trust my browser.

I trust my machine (that may be misguided, but I think I'm generally okay there).

I trust my local network connections.

I trust my router.

All good so far.

What they are saying is that I can't trust transit between my router and ANYWHERE ELSE ON THE NET. That seems... pretty normal to me. Plain DNS is unencrypted, sniffable, and anyone at my ISP or in the path to the DNS server of choice can sniff, modify and insert traffic.

As such, the solution is not "move abroad" in terms of your connection, but realise what you are trusting that you shouldn't. DNSSEC is better, you can't "fake" or modify a DNSSEC response.

But even better is to not give anyone - the ISP or anyone else - the opportunity to monitor your unencrypted traffic. That means end-to-end encryption (HTTPS over DNSSEC loookups, because TLS etc. does in fact TRUST the DNS response to be authoritative and correct!) or VPN to a trusted location.

If you buy a virtual server, pretty much the web filtering on those isn't present. They aren't classed as ISP's so they don't filter sites, play with DNS responses or limit access. They are much more concerned with billions of spam emails or you trying to spoof an IP. As such, the cheapest virtual servers, at home or abroad, can be hand for a few pounds a months and you can configure your router to VPN to them and route all traffic through them. Voila!

Or, as you suggest, you can just a VPN host that you trust and do the same.

But the problem really stems from so much stuff still being plaintext and unencrypted. Email. DNS. HTTP. Even DHCP (how do you know it was your ISP that gave you that IP address and that you weren't shifted to a different IP by some blackbox that your ISP was forced to install?). The solution is to move to DNSSEC, HTTPS - we don't have a solution for email yet because people apparently don't think that billions of unencrypted-by-default emails matter - and encrypted-by-default protocols everywhere. Also, VPN access.

My phone can do VPN access to my virtual server. I wouldn't join a hotel wireless network without it. And I can provably connect to ONLY my VPN server, with no middle-man, or not connect at all.

Re: James is a dick...

Personally, I couldn't approve of deliberate sabotage but:

It sounds like it's just not something that occurred.

Someone else would presumably have to take over his day-to-day responsibilities, someone else would be watching what was going in/out the IT budget, he wouldn't be the ONLY person to know about the existence of such a line - hell, accounting should have queried it a LOT earlier!

As such, it's a reasonable expectation that someone (maybe even the IT Manager that "left" soon after) was responsible for it and clearing up loose ends. And for that I wouldn't be able to fault them.

Deliberately not telling them when you're AWARE it's going to go unnoticed until it hits the hundreds of thousands is being just as dick-ish as DELIBERATELY making that happen.

But I can quite envision that this was unintentional and all those people who walked or were made to walk had responsibilities that were just ignored for the sake of cost-saving, and the accounts department were so unaware of what was happening that they didn't question anything at all. Their incompetence couldn't be his fault. But his deliberate ignorance of a potentially large problem would be. Even if it's slightly more blameless than, say, deliberately running up a huge bill before he left.

Re: In-house solution

1) That's what DND functions on telephones are for.

2) That's what junior techs are for (literally: Stand there, touch nothing, tell people to go away).

3) In-house stuff is under your control. You can spin up "something" quite quickly, even if it's just rolling back to a snapshot or similar. Azure, you are at their mercy.

I'm assuming (not really looked into it as my place won't touch cloud things) that you can have in-house AD talking to Azure AD and vice-versa, like any other directory, no? If not, I don't understand why you'd touch it. But Azure going down in that case could still cause problems with remote-workers and other services, I imagine.

Redundancy, people. Cloud is fine. But what's your backup? If you can't answer that satisfactorily, you have to think if you're doing your job properly. We still don't live in an age where people can't put diggers through fibre lines.

Re: HEVC

Or... just give up on the whole radio broadcast thing, allocate the frequencies to Wifi and 5G tech, and then stream everything over a standardised IP service.

Much simpler all around. Everything else is only putting off the inevitable.

Re: Verity

Mathematical proofs are perfect.

However, what you are proving is what's important. Most times, you end up mathematically proving that your code fits a standard or performs a certain calculation without error, only to find that the standard/calculation is doing the wrong thing anyway. All you've then proved is that you are doing the wrong thing every time, compliant to the standard.

As such, it's not a panacea. It's a long-winded, difficult, expensive process to show up the flaws in your standards, the result of which you can't DIRECTLY implement in "real" code anyway. And your production code produced from it, or even your compiler of that code, may well make assumptions or mistakes that you have no control over (e.g. whether it wraps bits, stores in big/little-endian, whether division is within a certain margin, etc. etc. etc.) that you didn't account for in the proof.

So it's mathematically proven. But any possible real-world implementation of it will not be. And that doesn't mean that what you've proven is USEFUL or CORRECT in itself, just that it's the inevitable mathematical conclusion of the assumptions, calculations and possible data that you plugged into your proof.

"Some of these puns are absolutely dead-ful."

Of corpse they are.

Re: Cheap datacenter providers ......

The Register originally, I believe! If not, Slashdot.

Article was about the company that the contractor was working for being fined into oblivion by the HSE.

http://press.hse.gov.uk/2015/engineering-and-facilities-firms-sentenced/