* Posts by PickledAardvark

206 posts • joined 14 Mar 2016

Page:

Dual screens, fast updates, no registry cruft and security in mind: Microsoft gives devs the lowdown on Windows 10X

PickledAardvark

Registry Cruft

Back in the days of Windows XP SP2, my colleagues and I were concerned about cruft on student PCs where hundreds of people would log on using roaming profiles in the course of a year. I ran a series of experiments, eventually settling on an automated stress test. Windows XP would startup, logon automatically as a domain test user and load the associated roaming profile (5-10MB), run a brief Office and Internet Explorer etc simulation opening and closing documents, save files to network home directory, then perform a clean logout/restart. I ran the script for several weeks (i.e. thousands of cycles) and observed that startup times, logon times etc were consistent, varying only with network and server loads. Free disk space went down a small amount (>3MB) after each logon and periodically Windows found more free space than the previous logon, more than could be explained for wiping out temp files etc.

A second test was devised starting with much less free space (200MB or so) on the system disk. The free space figure was guesstimated on the minimum for Windows and application temp files. This time, I also copied some data down to the system disk periodically to reduce free space. XP again displayed its mysterious ability to self repair or to run normally in an unusual situation. Startup and logon times remained consistent until free space was down to about 50MB.

I have to admit that I was very impressed that Windows XP performed so well during such abuse. The applications used for the user simulation bit were ones that behave relatively well compared to some of the junk that passes for educational or line of business software (I once promised a Geologist that I wouldn't pretend to know anything about Geology as long as Geologists stayed away from Visual Studio). We concluded that Windows XP itself and mainstream applications contributed little to cruft or performance reduction. When things were going wrong, we had to blame unidentified applications, about which we could do nothing. Annual re-imaging of student PCs, painful as it was, was an essential exercise to recover some of the performance lost over a year.

I've used cruft cleaners on home Windows installations after a mate has installed "something useful" from the internet. Cruft cleaners pick up some of the nasties more quickly than a human operated scan, even if the 3,368 "identified problems" are mostly imaginary. I've never needed one for my own PCs -- if I break them, it takes a lot more to revive them.

Incidentally, when attempting to virtualise a popular science application suite using AppV, we observed that on startup it read in tens of thousands of Registry values, everything that the suite had written. For a virtualised application with the user bit of the virtual registry on a network drive, this was unacceptable for network load and startup time. The application's publishers were unhelpful at resolving the problem. There was no need for the application to load every single Registry value -- some parts of the suite were small applications accessing only a few hundred values. We concluded that lazy programming -- just load it all -- explained it partly. But there was perhaps more. Loading the application suite Registry from a fast local disk still took a minute or two, and maybe that was the point. If you're charging £5,000 per seat for a commercial licence, the vendor needs to make it seem like a lot is happening.

I'm still not that Gary, says US email mixup bloke who hasn't even seen Dartford Crossing

PickledAardvark

OFCOM rejected my complaint

Back in the days when UK telecoms mostly comprised BT and odd ball companies, before mobile telephony was a thing, I had a billing dispute with BT. I wrote to them; BT did not reply. And again.

I pursued this with OFCOM who wrote to me that I needed a letter from BT, the company who declined to write to me, in order for them to follow up. Thanks, OFCOM.

I wrote to BT telling them that I would stop paying my phone bill until the problem was resolved. One Saturday morning my phone line was cut off. I could still phone BT where I spoke to a pleasant operator who reconnected my phone on a temporary basis and contacted the billing department.

When the IT department speaks, users listen. Or face the consequences

PickledAardvark

Re: A modern update

I was called in to setup a new Mac PowerBook after the owner, a hospital doctor and researcher, had allowed the previous one to be stolen. His normally gruff assistant beamed with delight while she explained the disciplinary action he faced for losing sensitive patient data.

In my experience, there are two sorts of doctor: Bright people who assume that they are good at everything, and really bright people who understand that they aren't an expert in every field.

Remember the 1980s? Oversized shoulder pads, Metal Mickey and... sticky keyboards?

PickledAardvark

Re: Irn Bru

... and her most expensive Irn Bru.

PickledAardvark

It's not just the users telling porkies

During a large scale Windows deployment, a technician called me over to look at a PC that "wasn't booting". A quick viewing told me that the PC was booting into WinPE -- very, very slowly. Leave it a week or so and it would have been up.

Me: Have you changed anything?

Technician: No.

Me, discretely nudging loose case screws and a memory shipping box: Are you sure that nothing has changed?

Technician: No, it is a standard system.

Me: So the mismatched DIMMs fitted themselves?

A History of (Computer) Violence: Wait. Before you whack it again, try caressing the mouse

PickledAardvark

Re: The ways of "The Mouse" are manyfold

A former colleague and University of Manchester mates acquired some intriguing bits in the 1970s. They fired them up using a home brew distribution board which drew feeds from three different floors at their hall of residence.

PickledAardvark

Re: Percussive maintenance

Apple made some very strange choices for hard disk suppliers in the 1980s. Rodime supplied a mechanism for the HD20, a floppy port hard disk for the Mac 512. By standards of the day, it was fairly reliable but if it went wrong, there were no replacements. The first Mac SEs and IIs used internal hard disks from MiniScribe (unreliable, incredibly noisy) then Sony (unreliable and withdrawn under warranty). The same SCSI mechanisms were used in Apple-branded external hard drives.

For all hard drives suffering from stiction, the "fix" is to throw the drive like a discus -- but without letting go. Throw it three times and plug it back in. Note that strange noises do not necessarily mean that a drive is faulty.

Few polite things can be said about Microsoft screen savers. The OpenGL based screen savers of Windows 2000/XP actually increased power consumption when the PC was "idle".

Tearoff of Nottingham: University to lose chunk of IT dept to outsourcing

PickledAardvark

Re: And this means

Korev: "It also means there's no career path for junior and mid-level staff. Eventually, this means that the senior people will be harder to find as there is no obvious path to get there."

Systems such as ITIL or Hay Job (D)Evaluation mean that many staff are up the creek already. Any mechanism that determines the value of a job based on its functional elements rather than the contributions of the job holder reduces career opportunities.

PickledAardvark

Re: On the upside...

The descriptions from Dave K and others match my own experiences in HE. For a university with 20,000 "local" students (full time UGs and part timers, NOT distance learners), there will be about 4,000 staff (everything from porters to professors, including post graduate researchers). Staff turnover is less easy to automate than students who register at known times (although medics and teaching students register before other UGs, and some taught PG courses start at different dates). Staff registration has to be fudged quite a bit because some people are also students or have more than one job. PhD students and the like who are "writing up" without payment from a research council etc have to be retained within various systems.

In the 1990s, most universities wrote their own account creation systems. Nowadays there is a move to off the shelf identity management systems, primarily fed with data from UCAS or HR systems. In the early days of Active Directory, administrators specifically stated that the AD was for authentication to a Windows domain. Feature creep now means that AD authentication is used for library systems, inter university wifi (eduroam), anything that does LDAP -- make your own mind up whether this is always wise.

From a distance, thankfully, I have watched the implosion of an HE identity management project. The external consultants were splendid knowledgeable people, but when it came to things that mattered, in house staff were better informed. Management, largely drawn from outside HE, did not have the institutional background to understand that the project was going wrong and failed to listen to their own employees.

Lies, damn lies, and KPIs: Let's not fix the formula until we have someone else to blame

PickledAardvark

Not a KPI but daft metrics

The marketing manager decided that all staff should have the intranet portal as their default home page for the standard web browser (Internet Exploder). A number of other managers reckoned it was a bad idea, so I was given the task of determining whether/how people switched their default home page after it had been imposed as a non-permanent change. Using logon scripts, I captured each user's URL for "day zero" (actually a few days after the imposed change) and for day 30ish afterwards. All I had to do next was send the data to the manager who had requested it.

First attempt: Send the manager the raw data -- an anonymous CSV file with two columns (day zero, day thirty) and an Excel copy of the same. [Required Excel actions: Alphabetic sort and count.] A junior manager intercepted it and requested something simpler.

Second attempt: Send the raw data and a summary Excel sheet, showing the number of repeated URLs (70% Google search home, unsurprisingly) and number of unique URLs. [Required Excel action: Convert to percentages.] Again, I was asked to simplify.

Third attempt: The summary Excel sheet and a three paragraph summary that 10% of staff had stayed with the imposed change, 70% had switched to Google search, 10% had switched to a different intranet page and 10% had picked something unique. Pretty much the same analysis could have been performed by a crude sort and eyeball of the raw data...

In a touching show of solidarity with the NBA and Blizzard, Apple completely caves to China on HK protest app

PickledAardvark

Going head to head with someone with whom you disagree

It is easy for Apple to go head to head with Facebook or Google about creepy data collection; Apple collects less personal data about users and has owned up when it fails to meet its own standards. Apple isn't perfect but it is more trustworthy than Facebook or Google when it comes to personal data. It is slightly harder for Apple to challenge democratic governments about encryption backdoors or device unlocking. Apple are still the most stubborn big co when it comes to device privacy.

Apple is in a complete pickle however when dealing with China in political matters. The company has a lot of cash stuck in China. Apple, like many other electronics firms, is dependent on China for assembly and, to a lesser extent, component manufacture. Apple, and others like it, cannot afford to play the same games with the Chinese government that they play in democratic countries. No big tech firm has said NO to Beijing all of the time. All big companies have compromised their ethics in order to stay in business in China.

i suspect that some of the big firms are working out how to reduce their reliance on China. Others might be determining how to put an ethical face on their Chinese business. Getting the business out slowly, widening supply and manufacture chains, makes sense to me. Getting the money out of China's banks may be more problematic...

The safest place to save your files is somewhere nobody will ever look

PickledAardvark

Re: A tale as old as time

Apple didn't design the 400kb floppy drive in the first Macs. Sony determined that it shouldn't have an eject button. Software determines when the disk is accessed for read/write, so it makes sense that software determines when a disk is ejected. I think HP were the first people to use the drive mechanism outside Sony, and they didn't have a problem with the absence of an eject button.

The desktop metaphor of dragging a removable disk to the trash icon was a lousy idea. And almost everyone at Apple thought so at the time.

PickledAardvark

Re: Been there. Done that.

"He had a *proper* freak out on me because I changed the sort order of his documents folder..."

When investigating a Windows user profile or application problem, almost the first thing I do is change the Explorer View settings to unhide System and Hidden files so that I can see what is really there. And I have to remember to restore the View settings, which doesn't happen quite as often as it should.

Over the years I have been amazed by the number of second line support people who don't realise that they should be looking for hidden stuff or files with strange ACLs.

PickledAardvark

Mysteries of the Desktop Folder

When Microsoft designed Windows 95 with a trash can, there was a single desktop folder for the system. If you dragged files from a floppy disk to the desktop, the files were copied to a folder on the hard disk. When you formatted the floppy disk, the files you had dragged to the desktop were still there.

Every Macintosh HFS disk had its own desktop folder. If you dragged files from a floppy disk to the desktop, the files were moved on the floppy disk. When you formatted the floppy disk, poof! the desktop files disappeared.

Hey, I wrote this neat little program for you guys called the IMAC User Notification Tool

PickledAardvark

Automatic User Name Creation

Back in the early 1990s, colleagues at a UK university created a database and application for user names taking data from various staff and student records. The user name was based around initial letters from the given and family names. My colleagues wisely ensured that user names such as COM1 and LPT1 were excluded, plus all of the usual rude words. About fifteen years later, an academic contacted the service desk to request a new user name for a post graduate student, ARSE1. Oops, one had slipped through the net so support staff contacted the student to inform them that a change would be made. It emerged that the student, a non-native English speaker, was unaware that the user name was offensive and had used it for two years. During that time, ARSE1 had established academic contacts and published papers using the email address arse1@embarrassed.ac.uk.

A department at the BBC used a similar user name generation system, based on family name and initial letters from given names. John Wilson, a common British name, would be allocated WILSONJ67. Fortunately for Kim Wan, somebody noticed before his user name was assigned.

Behold the perils of trying to turn the family and friends support line into a sideline

PickledAardvark

I just want to buy a kilostream link

That was a problem for my boss in the 1980s. Phone conversation:

BT man: You are too far away from the exchange.

Boss: How far?

BT man: You are two and a half miles away from us. No chance.

Boss: Look out of your window.

BT man: What?

Boss: Do you see somebody waving at you from next door?

BT man: Err, yes

Boss: That's me.

(A colleague demonstrated that it was possible to micturate from a building too far for kilostream onto the local BT exchange.)

Could you just pop into the network room and check- hello? The Away Team. They're... gone

PickledAardvark

Re: On the phone to SWMBO

Whilst on the phone to a user, I heard a massive bang through the window before the line went dead. Then another flash and bang. The user's building had been hit by lightning twice at ground level... Over the next day, we observed that the strikes wiped out about 500 PCs, 30 switches, various IP phones and mobile devices hooked up for charging. Fortunately we were in the middle of several upgrades so there was replacement hardware at hand for some.

On another occasion, I was talking to a user who calmly stated that he was going into anaphylactic shock and could I phone one of his colleagues. Thankfully the user was a medic working in a building full of medics.

Buying a second-hand hard drive on eBay? You've got a 'one in two' chance of finding personal info still on it

PickledAardvark

Re: Securely erasing data

Shortly after Y2K when my organisation decommissioned its Vax systems, I observed that the secure paper disposal outfit were feeding an RL02 pack through their lorry-mounted shredder. It took a long time.

I have seen commercial hard drive shredders in action and they are stunning in the way that they munch a disk. An hour each way to drive to the facility and ten minutes for a mountain of drives to disappear. I also discussed the environmental and economic cost of shredding with the Eco person at a UK Tier Two PC supplier. The company's policy for re-using PCs was to scrap the disk owing to overall cost of a secure wipe. More recently, a multinational enterprise PC supplier quoted a £1 fee (never actually charged) to allow the owner to retain disks replaced following a service repair.

Is that a stiffy disk in your drive... or something else entirely?

PickledAardvark

Disassemble before applying brute force

Experience beginning with Shugart 5.25" drives taught me that you should always remove a drive and strip it down sufficiently to see what was stuck. On average, it was quicker than inserting needle nose pliers and yanking. I once found road grit intentionally pushed through the flap. For computers with auto-eject floppy drives (Macs, Unix boxes), pulling on stuck media would drag the heads out of the drive resulting in a £200 replacement bill (cf £30 for a quality manual-eject drive). Syquest and Bernoulli drives were too expensive and complicated for desktop disassembly. We took them back to the workshop and had two pairs of eyes on the job.

User secures floppies to a filing cabinet with a magnet, but at least they backed up daily... right?

PickledAardvark

Re: Don't underestimate users...

"This is why sensible OSes save all your files in /home (or equivalent) instead."

Microsoft technology isn't always bad. You can split up the user profile (default save location for everything) to use network shares, roaming profiles (network stored), offline storage and all sorts of combinations. Data, of course, should reside on a robust network share or in an offline folder (backed up) waiting for reconnection.

You can use group policy or a local policy to define a default save location. You can use policies or application settings to override the global location. Most importantly, you can split up the stuff that really matters (data) from the stuff the user cares about (application settings which are cheaper to re-create than data).

It is hard work. Some of the combinations aren't the ways that Microsoft and partners work internally, so you may find that your scenarios are not the ones tested by them. You'll have some ridiculous conversations with Microsoft tech support. But there is a happy spot which you have to find for yourself.

PickledAardvark

Re: Historical inaccuracy ...

2.4MB total for two 1.2MB high density disks? That would place it in the mid to late 1980s. Our IT support colleagues in Japan at the time worked with a 1.4MB 5.25" floppy disk standard, for which they deserve our sympathy and respect.

Sirius PC? Maybe an Apricot Sirius PC with 3.5" disk drives but not 2.4MB capacity per disk.

PickledAardvark

Re: On a side note

This event happened in the 1990s when floppy drive mechanisms and the media were pretty reliable when treated properly. A colleague copied data to a 3.5" disk (I watched her), ejected disk, tripped on carpet and dropped disk. A one metre (three foot) flight was sufficient to make the disk unreadable.

At that period of time, I visited hundreds of Mac and PC users each year with my collection of 3.5" floppies and I can recall only a few occasions when a drive screwed a disk. My experience with 5.25" floppies in the 1980s was a bit more problematic. Ignoring the difficulties caused by different disk formats and related compatibility problems, there were an awful lot of dodgy drives.

All good, leave it with you...? Chap is roped into tech support role for clueless customer

PickledAardvark

Re: What?

"To this day it still happens, I walk into IT dept to talk about one thing an hour later I've have 6 different conversations about other tasks and issues."

Spot on, Olaf. Unless I have to be somewhere else in 30 minutes, I assume that a visit will take as long as it takes. My colleagues don't complain because they understand that while I am dealing with the trivial stuff, I'll try to pick up some gossip. Who is shagging whom, how much surplus in the software budget (that we know they'll spent on something mindbendingly awful if left to their own devices), that they are completely dependent on application X which they promised to desist using, that my bosses told them something completely different to what we agreed with the bosses...

So Windrush happened, and yet UK Home Office immigration data still has 'appalling defects'

PickledAardvark

Re: Umm..

"Yes, the most incompetant Home Secretary in recorded history..."

I'll treat that as "living memory" rather than "recorded history". In my living memory there has been one great Home Secretary, Roy Jenkins, who used the job to kick off the society we live in. There have been a few other competent ones -- Callaghan, Whitelaw, Hurd -- but mostly awful and illiberal. John Reid sticks out in my mind for unsuitability for the job, or for any role in public life. Far less able and temperamentally suited than May.

Thanks to most of the contributors in this discussion for their considered thoughts.

What did turbonerds do before the internet? 41 years ago, a load of BBS

PickledAardvark

Re: Oh yes..

You could also get fake green stickers for imported modems...

PickledAardvark

I missed the beginning and almost the end

I first tried using a BBS in 1995 using the 14.4 kb modem I'd bought to access the internet at home. There were a few hobbyist resources that hadn't moved to the internet and some were better on BBS. But that changed quickly.

Back in the late 1980s, some work colleagues used a dialup connection to access hensa.micros, a big UK freeware/shareware software archive on JANET. Was this a direct connection or did some BBS operators have gateways?

HENSA: Higher Education National Software Archive, I think.

Crash, bang, wallop: What a power-down. But what hit the kill switch?

PickledAardvark

Re: Beware the Chairman of the Bank

Perhaps a communication failure by the marketing team, or those who fed them their spin?

When talking about disaster recovery, getting back to normal performance within X hours, etc it is imperative to stress that recovery is VERY expensive. And a disaster is different from somebody pressing the Big Red Button.

PickledAardvark

Re: Not Unique...

No problem. You just hold the Reset button down for as long as the PC takes to complete its job...

A colleague set the Turbo button in on his 486-66 for months without noticing. As I understand it, the Turbo button set the ISA bus clock speed into a compatibility mode for legacy ISA cards. My colleague's PC had a VL Bus graphics card and a 3Com ISA Ethernet adapter, neither of which seemed to be affected when running Windows 3.1. He noticed something after installing Linux and pressing the wrong button at some point.

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

PickledAardvark

Re: The Usual Response...

"I'd rather not. I keep mine on paper hidden in a book."

My sister's husband followed my advice to record his passwords in a private notebook. When he died in an accident, we recovered the passwords for his business and private investments. My sister would not have been affected immediately -- enough money around in current joint accounts. But the business could not have traded without stuff being written down.

Sysadmin’s plan to manage system config changes backfires spectacularly

PickledAardvark

Re: Automation does have its place

"Automation scripts should be considered as nothing less than production apps and subject to the same controls: peer review and source code check-in and check-out to name a few."

In the old days, we used to talk about things with colleagues. Even if you have a change management process, you still have to talk informally with colleagues -- including people who have a different outlook. When you take a day off and things go wrong, somebody else needs to understand more than you wrote in comments and a change report.

Support whizz 'fixes' screeching laptop with a single click... by closing 'malware-y' browser tab

PickledAardvark

Re: At one place I worked, they had speeded this up

Deleting user profiles worked for quite a while -- until drive-by hackers realised that they had to put the payload somewhere else. When Windows 7 arrived, I recall resetting ACLs on a bunch of shared document/photo/video directories accessible to all users. I changed the ACLs before we deployed Windows 7.

Consultant misreads advice, ends up on a 200km journey to the Exchange expert

PickledAardvark

Re: If...Then...Else

"Because that's the kind of instruction that never fails to confuse its audience. First they get "you don't need to" followed by "but you can if you want" and that invariably results in "now should I or should I not?"

IF

THEN

ELSE

IF my audience doesn't comprehend THEN my audience has failed computer logic, and we need a chat.

I don't like bossing people around.

PickledAardvark

Re: Mini brakes

"IIRC which can come in two varieties depending on whether you need to expand or contract the circlip to fit it in place."

In the application of a mini brake cylinder (not a master cylinder which is bolted to the bulkhead), a slave brake cylinder retainer clip clip should be removed by a blunt-ish screwdriver. Maybe by needle nose pliers. Not your decent screwdriver for obvious reasons.

PickledAardvark

Re: click this

"You need to get over it. Language evolves."

No. Evolve doesn't mean what you suggest.

If you apply Darwin ideas, a word would change to survive in usage for the mere purpose of survival. Words aren't organisms. Words don't evolve.

People change and language changes. And sometimes people get it wrong.

Failure to comprehend the distinction between uninterested and disinterested amazes me. Are we supposed to toss away the difference because the two words are "about the same"? 'Cos some people muddle them up?

Uninterested: I live in Wigan and follow Rugby League. I am uninterested by Manchester United because I have no interest in Association Football. Not bothered.

Disinterested: Owing to my acute eye sight, I earn a living as a tennis umpire. The sport bores my tits off so I am uninterested. I watch the players and when I proclaim that somebody played a foul, I am disinterested.

Evolution isn't change.

PickledAardvark

Re: Caution

"If you don't do something, you end up with systems that are 10-15 years old because they just run and you run out of support."

The roles of managers are to keep the stuff created in-house up to date and to keep the out-of-house stuff within bounds of support. If managers aren't doing that, you are in a problem organisation. Companies can run ancient systems for years -- as long as they are properly managed.

It is unlikely that any of your positive actions -- at sys admin level -- will change organisational direction unless a manager is on your side. But they might be the right things to do.

PickledAardvark

Re: Spoilers in Tech Docs!

I had a quick look at the oldest documentation I could find for GUIs -- Lisa 7/7 for the Apple Lisa 2 -- and it uses terminology similar to that described by Jason Bloomberg. It actually says things like "click OK".

So the convention has been around for at least 34 years... It still bugs me.

PickledAardvark

If...Then...Else

My documentation explained that an automated process would clean up some artefacts from the installation process within 15 minutes. The artefacts were harmless but annoying. Users didn't see them. I was cleaning up because I am conscientious. And you have other things to do on the PC which take more than 15 minutes.

My documentation explained that IF the process didn't clean up (2% failure rate), THEN the next run would do it. Or the one after that. ELSE that fails too or you are in a hurry, in which case you can delete the files manually.

So why are you on the phone after 16 minutes asking what to do?

PickledAardvark

Re: Spoilers in Tech Docs!

I hate the expression "click this". "Click" is an onomatopoeic verb or noun; "click" is the noise that a mouse or trackpad button makes when it is operated.

The GUI should be a metaphor for the physical world. In a GUI, users press buttons, slide controls, grab objects or select objects etc. When visiting friends, do you click the doorbell or do you press it?

Bright spark dev irons out light interference

PickledAardvark

Almost everyone seems to put kitchen knives into knife blocks resting on the blade. If you put them in the other way, the knife block isn't damaged and the blade stays sharper.

UK ruling party's conference app editable by world+dog, blabs members' digits

PickledAardvark

"The solution of the true BOFH in this situation would be to keep track of which devices attempted to edit the data, and once each device has tried to save the changes, to present JUST that device with the edited data and keep the data unedited for everyone else."

This solution requires various factors which may or may not work:

* The OS of a mobile device doesn't change the exposed MAC address.

* Nobody uses more than one device.

* Mobile devices have fixed IP addresses.

* Tokens assigned to a device/app which cannot be copied.

Tokens seem promising but Facebook's recent embarrassments suggest that tokens are difficult to implement.

Rookie almost wipes customer's entire inventory – unbeknownst to sysadmin

PickledAardvark

Re: ...then there's backup stories...

"So then we found out that NONE of the tape backups was readable!"

I've been there too on NetWare/ArcServe.

Write-only backups are secure. You can toss the tape in a bin and nobody can steal your data...

PickledAardvark

Re: One simple trick...

"Can't you enter a command to abort the wipe?"

Maybe. But you still have to work out what got deleted.

On the first Unix system I used, an admin configured the rm command with a system alias so that rm required a confirmation. Annoying after a while but handy when learning.

When you are reconfiguring a system, delete/rm is not the only option. Move/mv protects you from your errors. If the OS has no move/mv, then copy, verify before delete.

Bug? Feature? Power users baffled as BitLocker update switch-off continues

PickledAardvark

Re: Really?

We have a problem here.

Hells bells -- Microsoft supports a virtual TPM for virtual OS instances. The point about a TPM was/is that it was a bit of unique silicon wrapped in plastic. Theoretically, you couldn't make up responses from a TPM.

PickledAardvark

Re: seen it

Hold the power button down and count to ten. That should force a shutdown with a cold-ish reboot. But you already knew that.

Users shouldn't need to jump through hoops. Users should be able to reboot a Windows PC if that is what they want to do.

A Windows PC in a domain should normally take 60 to 120 seconds to boot to a login prompt, and login should take less than 30 seconds until an uninterrupted (non-jittery) desktop. Those are dreadful response times, but common targets.

If there's a stack of updates queued up, boot time will be long, even longer if updates have mutual dependencies. No matter how admins patch Windows, users have to reboot periodically. It is essential that admins provide a relatively painless boot experience when Windows doesn't need patching. Users have to accept that a reboot is good for them -- or acknowledge that they shutdown when they go home.

Queuing up patches create problems. Stacked up patch procedures disable/enable BitLocker and interact with others. A bit of a pickle.

PickledAardvark

BitLocker Drive Encryption Control Panel

Using the GUI, any Windows user with Administrator privileges (or elevated rights through other mechanisms) can use a standard control panel to Disable BitLocker. It means the volume is encrypted but that at subsequent boots the encryption key can be read from the boot volume without TPM, PIN or USB key device intervention. The facility is provided so that admins can perform maintenance on a PC without being in attendance all of the time.

Any program running as Administrator can access BitLocker APIs to disable/enable BL in the same way as the Control Panel. Windows Update runs as Administrator.

Whatever is going on is a horrible bug. Probably in Windows Update failing to reset flags after a reboot. There's nothing to suggest that there is a backdoor key.

WWII Bombe operator Ruth Bourne: I'd never heard of Enigma until long after the war

PickledAardvark

Standard German and Dialects?

I'm presuming that formal official messages would have been composed in Standard German (or the equivalent of the time) with the stilted jargon which permeates organisations. Would there have been other messages -- banter between operators -- in dialect or vernacular German?

Tesla undecimates its workforce but Elon insists everything's absolutely fine

PickledAardvark

Re: Unfortunately necessary

"I believe Tesla Inc. needs to survive."

That's like saying that Charles Duryea made a decent buggy so we don't have to try harder.

Tesla is in a pickle; it doesn't earn cash and investors aren't sure whether Tesla is a long term brand or owns substantial intellectual property.

Two companies who made the first internal combustion engined cars exist today: Daimler and Benz, who merged in the 1920s.

PickledAardvark

Contradictory to the Musk business model?

I have read many times that Musk's managers pay attention to details. Teslas are designed so that they use the minimum number of types of fastener -- it means that a factory requires fewer tools or employs tools which can be reused. Everything is supposed to be as efficient as possible.

But the firing of 9% of white collar workers suggests that Tesla is inefficient. Or maybe people were employed in the expectation that Tesla would be building more cars? Either way, it doesn't look good.

Have to use SMB 1.0? Windows 10 April 2018 Update says NO

PickledAardvark

Re: smb 1

"Even if you disable SMBv1 on Windows 10, it will either use SMBv2 or if possible then SMBv3"

As Microsoft note on one of their support pages, disabling a particular version of SMB in an environment with mixed versions of Windows is a right kerfuffle -- and this really is the URL:

https://support.microsoft.com/en-gb/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and

Replacing old NAS devices sounds like a good idea most of the time.

I recall working with a £x00,000 NAS device which had been written according to the CIFS/SMB standards of the time. We were dumping files generated on Windows XP systems for an OS upgrade. The official spec for SMB 2.0 -- as interpreted by the NAS vendor -- was that some extended file attributes were optional, so the vendor did not support them for SMB 2.0 file transfers. If a file with certain extended attributes was transferred to the NAS from a Windows 2008 R2 server, the file was rejected. However the file was deemed valid when transferred by SMB 1.0.

The NAS vendor suggested a very long timescale for a fix. So we turned off SMB 2.x on the intermediary Windows servers and progressed at a s-l-o-w-e-r pace.

No doubt that bug/misunderstanding is fixed, but there'll be different bugs or the need to go back in time which require SMB 1.0.

Don’t talk to the ATM, young man, it’s just a machine and there’s nobody inside

PickledAardvark

Re: Staff don’t care about access to the computers

"Staff never used to and in most cases still don’t care about who has physical access to computing systems."

I have a similar sad experience. I turned up at a hospital to set up some student teaching PCs. I found the IT support office quite easily -- behind a rather thick locked door. Helpfully, there was a notice on the door providing a phone number for anyone wishing to speak to IT support staff. In search of a phone, I opened an adjacent door to find myself in the machine room housing some generic servers and Sun boxes.

Perhaps the management were ahead of their time, avoiding social engineering attacks by locking up staff who would have been more vulnerable than a physical attack on servers ;-)

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020