Posts by Nigel Whitfield.

Re: Why a PC?

Well, it doesn't have to be a PC, of course. To a degree, this is one of those sort of projects that you can do with whatever you happen to have lying around. The first time I tried out OpenBSD (a very long time ago) was when I wanted to press an old SparcStation into use, and it was about the only OS I could find that would support the hardware.

So, if you happen to have a SparcStation sitting in your junk room, or a Raspberry Pi, or a spare old PC, as long as you can get an OS onto it, you can probably get by with that - as I said in last week's part, you don't need a huge amount of oomph to run a mail server.

In this case, I used a x86 system because a) I had previously been using one and b) a new one (the Revo One) turned up to review at just the time I needed it, and is a nice compact bit of kit.

There are some BSD flavours available for the Pi, so you could give it a go with that, and much of the Postfix / Dovecot instructions here will be applicable on other OS flavours too (with key differences in things like how to add packages, or start and stop services).

The one caveat I would mention with regard to less mainstream platforms is that the less popular your platform is, the more likely that you will have to compile some parts of the system yourself, rather than simply downloading pre-compiled packages. That's not exactly a hardship, and the Ports system on BSD makes it pretty easy, but it will make things slower.

Re: It's minicabs not black cabs that are at risk

I'm sure the service from individual Uber drivers (notwithstanding the various complaints of gay passengers being harassed or thrown out of cabs in London) is often ok. I don't see any equivalence with a six year old just deciding, on no evidence, that something is nasty.

It's a principle for me of not wanting to support a race to the bottom that sees huge numbers of people - not just in transport - de-skilled and existing on less and less money, and not feeling comfortable supporting a company that, in my personal view, has dubious ethics, as reported in numerous pieces about Uber.

Re: It's minicabs not black cabs that are at risk

I've never used Uber, and I don't intend to start. We have a local minicab firm (<a href="http://www.premiercarsandcouriers.com/>Premier Cars</a>) that gives good service, and has an app of their own.

Most of the time, I can go where I need on public transport. If I'm arriving at the Eurostar late or after a long trip, I book with the local firm to come and get me, in advance. I'm sure there must be other operators in different parts of London, and elsewhere, who have the same ability.

If I'm in town and need, for example, to get my mother from a museum or restaurant back to Waterloo for her train, I'll hail a black cab.

Perhaps Uber would be cheaper; I don't know. I've never looked. But then I also buy my real books from the local bookshop rather than online. Sometimes, price isn't the same as value.

Re: It's bloody chinese owned now anyway so who gives a hoot!

Honestly, I can't say I've undertaken a statistically relevant survey.

Equally, I can't see why the nationality of the drivers should particularly matter. Black cab drivers are, pretty much by definition, self employed people, working in London.

Re: It's bloody chinese owned now anyway so who gives a hoot!

Goldsmith's claim about the low wages was referring to Uber drivers.

The people I referred to as self-employed are the black cab drivers.

Well, there's certainly an argument for choice. But if we have regulations about safety, or insurance, or even a minimum wage, we shouldn't simply allow a company to sidestep all those just because they've got an app and some clever accountants and lawyers.

And what if "the price they want" means that ever increasing numbers of people aren't earning the minimum wage, let alone the London Living Wage?

Disruption appears to mean that we ditch a regulated system of drivers that are definitely insured, and knowledgable, for one with far fewer checks, a company syphoning as much cash as it can out of the country, and people working for a pittance.

Once the black cab trade dies, and local minicab firms are struggling, we can all relax in the free market joy of Uber and their surge pricing which will - I would take a bet - become more frequent once they have a near-monopoly. But it'll all be ok because it's disruptive, and internet connected and all sorts of other Brave New Bollocks.

Black cabs aren't for everyone; nor are minicabs. But at different times, and for different reasons, they do all fulfill different needs. London (and other cities) is best served by having a range of options, not by a race to the bottom that mostly achieves and offshoring of profits and a growing class of people who can barely afford to live here.

Re: It's bloody chinese owned now anyway so who gives a hoot!

The cabs may be made by a foreign owned firm, but the drivers themselves are largely self employed

There are, on some of the sites, give-aways in the descriptions and the way things are worded that would sound alarms for people reasonably well acquainted with the intricacies of the industry, but will pass many people by.

That's what I'm getting at - not a judgement about the price, but the fact that many people will unaware that what they're getting is not legit.

As part of a presentation on the Irdeto stand, they showed visitors five websites, each offering IPTV services, and asked people to guess if it was a legit service or a pirate one. I won a sheriff hat (I'll spare you the pictures) for getting five out of five - but only four people managed that day.

These things can look very plausible and, where a few years back the UI on the boxes (often low cost Android streamers) would have been decidedly on the shonky side, that too is much more impressive now.

Re: Is it just me or does this seem like a lot of effort and risk?

I wouldn't necessarily recommend buying a new server; this article was prompted by the new Revo, certainly - largely because it happened to turn up just when the old system wents tits up.

So I agree, an old machine will probably work pretty well, and that's one reason why I thought it was worth using the cheap Revo here, to show what you can do without a massively specced machine.

If you stick with the generic OpenBSD kernel, too, you can probably get away with building this on an old machine, and then if you want to replace it, popping the drive into a new system and not having to do much more than tweak the settings for the network interface, which may have a different name depending on chipsets.

Re: Fixed IP?

@Vic

Yes, I wouldn't necessarily recommend doing that, unless you really have a compelling reason to. The best way to do this is to have the fixed IP, rDNS and so forth that you'll get from a friendly and wise ISP.

Of course, while that's effectively what I'll be describing, hopefully there'll be plenty of info for anyone who wants to do the same sort of thing, but with their mail setup elsewhere, whether that be a small office, or a dedicated server that you'd prefer to set up yourself, not least because unlike using, say, Plesk, it won't all suddenly fall apart and sulk just because you looked at it wrong.

Re: in normal use, the load average is around 1.1.

I could probably bring it down a little with some tweaking - for instance, the screenshot shows a lot of Perl running, which is the various Amavisd-new child processes. Tweaking that down, and also the maximum number of simultaneous SMTP connections allowed would probably get it a lot lower.

Normally, I also have a couple of IMAP clients signed in continuously. And clamd is a bit of a hog too, at times. So, yes, I could tweak this down - but 1.1 on a system with two cores is perfectly livable with, and not really in the region where I need to worry about tinkering.

Re: Is it just me or does this seem like a lot of effort and risk?

A good few hours effort, for sure. Depends if you think the benefits outweigh that.

In terms of risk, probably less than there used to be - with a modern MTA, I think it's a bit less likely that you'll accidentally set up an open mail relay without intending to, whereas with Sendmail and some other old software, it was very easy to do that unwittingly.

Re: Nice to See an Article About This

Personally, I do have IMAP over SSL available from everywhere, and also authenticated submission on port 587.

Generally, that doesn't seem to have caused any problems; looking at the number of failed SASL attempts in the logs, most days there are fewer than ten; a busy day still comes up with fewer than 50.

I have the remote submission port because I have SPF set up fairly strictly on some of my domains, and I still want to be able to send messages from anywhere, so my phone (using Maildroid) sends everything that way.

I could use a VPN instead, and I do have one of the other systems on the network set up to allow access that way, but it's fiddly to have to use all the time, and of course some networks I might connect to block VPNs.

I wouldn't say I've ever noticed any significant attempts to connect to the IMAP server over the years; certainly, you get nowhere near the hammering on your hardware that you do when you have a SIP server!

Re: Helps to reduce spam

Yes, you can use the Razor-Agents, which is the non-commercial version of Cloudmark to been this up. I may, however, have to leave that as an exercise for the reader, let we end up with a series that doesn't finish until Christmas

Re: Mysql & amavisd-new

Yep, the config I'm using at the moment (as in the block diagram) does use amavisd-new, which is what summons ClamAV as well.

I did install Postfix with MySQL compiled in, and used that in a previous iteration of the system when I provided a load of mail aliases for a client, and it was easiest to tweak them that way. Now I have far fewer, so they're all in the text file instead. Space permitting, however, I will include notes on how you can use a database to handle one of your domains.

Re: Greylisting

I use PostGrey at the moment, and that comes with a file called "postgrey_whitelist_clients" that lists specific domains that should be automatically whitelisted, because they either don't retry at all, have weird patterns, long delays, or big pools of sending addresses that make normal greylisting problematic.

You can, of course, tweak the list yourself, if you find specific problematic senders. Postfix does now also include a tool called PostGrey that can do things like RBL checks before a message even hits the SMTP server, and checks similar to PostGrey. That can, apparently, reduce the load by getting rid of a lot of problems before a message even gets as far as being fed into SpamAssassin. I intend to experiment with that, however since my present experience is with postgrey, that's what I'll be using here.

Re: Port blocking?

Yes, it defeats some of them, but not all - for some people, simply aggregating all their accounts in one place, or having a searchable archive, is the main reason.

Generally, though, yes unless you're using Fetchmail or equivalent, you will need to have at least port 25 open, and that will depend on your ISP.

That need to have some ports exposed to the net is one of the reasons I'm using OpenBSD for this project - there's not going to be anything installed and listening, unless you've set it up to do that.

Re: Check for blacklists

Good point; see my earlier answer about "Boutique ISPs", where you're probably less likely to have this problem.

And also, there are services that automatically check against RBLs for you. The one that I use is RBL Tracker, and their free tier will check a single IP address every 48 hours for you. You can get a notification via Twitter DM (and other means) if your server's found on a blacklist.

Again, for a small home or home office, 48 hours is probably sufficiently frequent, but I would definitely recommend some sort of monitoring like that.

Re: Fixed IP?

For preference, a fixed IP is going to be best, so that messages can be delivered over the internet directly to your mail server.

However, if your concern is more about, for example, having your own IMAP store so you can find any messages you want, then you could add Fetchmail to the mix, which will grab messages from external mail accounts and feed them into your server. You'd then simply ensure the server has a fixed IP on your local network, which your own clients would connect to (and perhaps use a dynamic DNS system if you want remote access). Outgoing mail would, in that scenario, probably be routed via your ISPs mail server.

A fixed IP will certainly give you much more flexibility, and that's what I have - in fact, I have a routed network on my ADSL.

I don't generally have problems with messages being rejected, because the IP range is allocated to me; ok, it costs a little more than a bog standard domestic broadband, but I work at home and figure it's worth it.

For ISPs that will make this easier, I suggest you check out the article (and the comments) that I did earlier this year about "Boutique ISPs".

Re: It's nice to see someone normal for a change

For a small home setup, you could also consider using your NAS; there are package for things like Synology that will add a mail server, though I've not used them in anger. That will give you more or less point and click configuration.

And certainly, for some people that's all they need. But this is The Register, and if I walked people through a setup with a friendly point and click wizard, I'm pretty sure a lot of you would feel we could have done much more.

Re: Replacement, not collaboration

Yep; photographers have long gone. Which is silly, because in the old days, the press photographer going round the flower shows, sports days and so on was one of the things that helped encourage people to buy a copy of the paper, and tell Auntie Flo to get one too, so she could see little Jimmy.

The Hampshire Chronicle office in Winchester used to do a good trade in prints from the pictures, I believe. Sadly that's now just another branded website with the same look as the Echo. Never been the same since they got rid of the ads on the front page...

The heads of companies like Archant and Newsquest seem to be able to trouser huge amounts of cash, while paying staff a pittance. With so few people on the ground, they're reduced to trawling twitter and asking people for permission to use photos that have been posted.

Shifting to a subscription model is very unlikely to happen in a short time frame, and may well be kicked down the road until the next charter review.

That's because it will require a replacement of a huge amount of equipment, as Freeview kit doesn't support the card readers required. I talked about this in July's Breaking Fad. Obviously, not all Reg writers have the same view of the BBC.

My argument there is that, whatever you think of the BBC, a shift to subscription (at least in the short term) may well be the death knell for Freeview. How so? If people have to replace equipment in order to pay for a subscription service, why pay to do so out of their own pockets? I suspect that a substantial number of people would think "Well, if we have subscribe anyway, let's get some extra stuff too" and jump ship from Freeview to Virgin or Sky, both of whom will also jump at the chance to reel you in with a free box.

If the proportion of people doing that is significant, given the audience share the BBC presently has on Freeview, it may be the case that the other channels on the platform will decide to cut their losses, rather than pay for expensive distribution to a dwindling market. That would, of course, suit the mobile companies who want to grab the spectrum, as well.

Would ITV and C4 be enough to keep Freeview going, on their own? I doubt it, frankly.

Of course, there are other ways a move to subscription could pan out, especially if it were phased in well in advance - essentially if it was decided now, for instance, that it would happen in ten years time, then natural equipment replacement would probably ensure most people had suitable kit before it was required.

But if not, then in my view, given the current share of free to air viewing that the BBC does have, changing it to a subscription model might well have be sufficient to kill off quality free TV in the UK altogether.

Re: Its not smart to buy a smart TV

I did think of touching on security, but the main focus of this piece was driven by that latest crop of kit to have services withdrawn, and IoT security has been covered in some other articles on here lately.

But yes, I agree, there is often sod all thought put into some of these things, and they can be surprisingly simple to hack. By setting up a Squid proxy on your own network, for instance, you could grab the pages used by the original VieraCast sets, and ultimately serve alternative ones, as described here.

While there are certainly insecurities, and it may be possible to exploit them in interesting ways, I suspect that a lot of the time it's going to be relatively speculative for now, because of the number of different platforms out there. Where this may become ripe for exploitation is if a single platform comes to dominate the world of 'smart tv', allowing mass exploitation much more easily. (Or, in other words, if Android TV takes all, we're probably all screwed)

Re: 4K support

One of the reasons for my choice of AV Amp (a modest Yamaha) was that it will take composite (from the laserdisc player) and component (from my Toppy pvr) and upscale those to 1080p for delivery via HDMI.

Re: And stop serving ads!

Sadly the TV doesn't even need to be that smart for that... remember some of the Panasonic sets that used the Guide+ EPG for Freeview, which included adverts. Horrid idea.

Re: When most people are happy...

I don't know anyone who gets a new phone every year these days, and certainly not at that sort of price.

The point is, we're being sold TVs that have particular functionality built in. That functionality is often pretty poor, badly supported, and in some cases withdrawn after as little as two years.

As aspects of that functionality become more central to people's viewing, don't you think they should expect something better than being told "You've got to spend another £50 to carry on with what you had?"

If you want to watch House of Cards, or Unbreakable, or the forthcoming car show from Amazon, no you're not going to get that at your local library any time soon. Just because we are fortunate enough to live in a developed country does not mean we should simply shrug off planned obsolescence - especially when the companies behind it could quite easily use some of their massive cash piles to avoid the situation.

You may be happy being bent over the barrel of shareholder value and firmly rogered by a sneering corporate, but I'm not.

I'll get my rogering somewhere else, of my own choosing.

Re: *Facepalm* You don't invest in proprietary standards

*snort*

I think that's the first time I've ever seen "DLNA" and "moderately well defined" in the same sentence. Even they admit, interoperability isn't what it should be, because of the lack of mandatory codec support. It pretty much just guarantees two things can see each other.

(Though, with later revisions to the standard and VidiPath, about which more after next month's IBC show, they are making strides towards actually doing what you suggest).

Re: HiFi separates equivalent

The first DVB-T2 broadcast demo was at IBC in 2008; that's a decade after the launch of DVB-T in the UK, and it was a couple of years before there was actually a service launch, so it was hardly straight after.

And there's no special HDR version of DVB-T2; it's a transmission system, and you can stuff any sort of picture you like down it, whether using MPEG2, H.264 or HEVC. So, you could quite easily use it for a profile of HEVC that includes HDR or an extended gamut.

As for the 2008 Mac, as I said, updates are available for it. The only reason I've not installed them is because while free, I will probably then have to spend money on updating other software to newer versions.

Re: Now you need a TV license, a SKY sub, Amazon Prime, Netflix, BT, etc ad-bleedin-nauseum

@dotdavid

Well, of course I was being a touch sarcastic, but in regulatory circles there has been at times the free market idea that competition is always a good, and should therefore be promoted.

The Communications Act 2003 gives Ofcom certain statutory duties, one of which is

"to further the interests of consumers in relevant markets, where appropriate by promoting competition”

At times - as with things like sports rights - it's seemed that the competition that's promoted is most definitely not in the interests of consumers. Sure, you have a choice of where to get some of your football matches from, but that's not much help if you end up having to buy more packages.

Likewise, the idea of competition on the railways may not further the interests of consumers, if it really means that you just have the chance of being fined because the ticket you hold is for the wrong train company.

Back with Ofcom, I continue to struggle to understand why a directory enquiries service with dozens of companies, all with their unique pricing structure that ensures it can be almost impossible to know what a call with cost, is any better for the consumer than a single number that's easy to remember. But the single number was a monopoly (and once upon a time, free), whereas the proliferation of numbers is competition and so apparently good for us.

Re: Now you need a TV license, a SKY sub, Amazon Prime, Netflix, BT, etc ad-bleedin-nauseum

@Vehlin

in the name of competition I end up paying more

That's because competition always works in the best interest of the consumer, apparently.

Re: Yes ,

That's what Sony tried in the 80s with their Profeel range.

Re: DTT and LTE cannot share spectrum?

Some of those channels in the nether reaches of the EPG are either data-based, and so don't consume much bandwidth, or are part-time, using space where another channel doesn't broadcast overnight.

If DTT goes, I think it would at present be very damaging for the structure of UK broadcasting. It is the primary reception mechanism for those who want free tv and has no simple mechanism for subscription, without replacing everyone's boxes.

If those boxes have to be replaced then, as I argued last month a lot of people will probably go to people who'll give them a free box, ie Virgin or Sky. And that will make it much, much easier for a government to nudge (or push at the end of a bayonet) the BBC towards a subscription model.

Yes, some people might just put up a dish and buy a Freesat box, but I suspect many more would be tempted by free kit. And if we suddenly have a media landscape in which the majority of homes have the ability (if not the desire) to be charged for the channels we watch, I suspect it would not be that long before other channels decided that they may as well encrypt and get a bit of cash from the gatekeepers too.

So, in my view, DTT as presently operated in the UK is one of the things that is helping to ensure that we do have a rich range of free to air channels. Lose that, and we would very probably have a completely different media landscape within a few years.

Re: What Mage said.

The US and 7 other region admins are pressing for an allocation at WRC-15, between 618 and 698MHz - that's enough votes to prevent the adoption of a common 'No Change' position, which is what we have in Region 1.

If there were to be a co-primary allocation in even part of the UHF band, and pressure to make that global in the interests of harmonisation, then it would be very damaging for DTT in Region 1, and in particular in Europe where it's a well established distribution method.

I'm not quite sure what's unreasonable about the way things are being done in the EU (I presume you mean Region 1, really, since it's handled at a rather broader level than the EU). Many people do rely on terrestrial broadcasting, which has already given up a huge amount of space to the shysters of the mobile industry. They're after even more, despite not having used up all they've been given so far.

Long term, of course, the LTE gang have desires to supplant technologies like DTT for broadcast, Bluetooth for short range and WiFi as well, all of which have been mentioned in various articles here before. Personally, I don't think that's a brilliant idea (and people in broadcasting really don't think LTE is going to be as efficient as DTT either).

Re: easy enough to fix

@Mahatma Coat

While there might be merit in changing the presentation, in reality that's all you'd do, as you'd be mapping something non-standard onto the underlying email system, because you have to remain compatible with older systems that work on those header field.

Sure, the actual headers in a message are (mostly) informational rather than directional, but not exclusively so. If you designed fields like Cc and so on out of an email client to make the interface clearer - and I'm not quite sure how you could do that - you'd confuse plenty of people who wouldn't be quite sure what's going on.

At worst, you might accidentally re-invent X400 ;)

Re: easy enough to fix

History. They have them because that's what used to be on inter-office memo forms when everything was done by typewriter and the internal mail.

Re: Simple solution

Wouldn't it be lovely if there were admins around to help out with this sort of stuff, or at least enough of them?

One of the problems with that, of course, is the utterly simplistic way in which we look at NHS funding. The instant someone says "X% of staff are non-clinical" then someone starts wailing about too much management, when money should be being spent on patient care instead. And, hounded by tabloid dogs, administrators at the top of the tree decide not to replace people lower down. Then, you end up with clinical staff wasting time filling in forms to order drugs, or people who don't have the right skills looking after things like sending out email newsletters or departmental email servers.

(And, I daresay, once lots of money from an IT budget has been squandered on a big "joined up" project that ultimately goes nowhere and gets cancelled, there's probably not as much left around to sort out things like this, either).

I remember when we first got company wide email at a publishing company in the 90s, the utterly trivial stuff we'd get, like "has anyone seen my tea tray," and the subsequent moans.

Aaargh. So glad I work at home.