452 posts • joined 14 Feb 2013
The best thing ever about my new job (apart from it being quite fabulous in many other way).
There are office staff there nearly 24/7 who'll sign for parcels on my behalf and bring them to my office.
Best damn concept ever, my previous place wouldn't allow it en-masse but this place has staff living on site so they can't really refuse. I've had all my Christmas shopping delivered there.
Queuing at the Post Office is about the bottom of my choices for how to get hold of a parcel addressed to me. I've had enough of it, the incompetence, the timing ("we only deliver during working hours, and our offices are open for collection for about 30 minutes after that"), the queuing, the parking, you name it. There's a reason that Amazon designed their own collection service and hire people to drive around delivering parcels at night.
I'd rather spend a couple of quid extra and get a courier who will deliver the parcel to my neighbours rather than just put things through my door, and who will try to deliver in the evenings and weekends rather than 9 - 5 Mon-Fri.
Whatever happened to the "deliver parcels to the local Tube station" idea?
Methinks we're going to see a lot of attacks from 22.214.171.124 (the standardised IP 6to4 address).
When this website can't even be bothered to put in an AAAA, what chances do the ISP's have of possessing forensic tools able to trace it back?
WPA2 is pretty unbreakable. It's basically AES.
The problem comes from airport lounges. You've joined the network, right? Did you have to enter a WPA2 passphrase into the wireless settings to do so? No. You went onto an open network, then typed some code or a credit card into a splashscreen / signup, then browsed over that same open network. There might, or might not, be some encryption of your data, but to get there you have to join an open network.
That's the classic problem with encryption - key distribution. To join that wireless network, you really need to give out a passphrase that everyone knows or some form of certificate, and then hope they isolate you from all the other uses of that same credentail (which is almost impossible to tell). And typing in a passphrase takes time and is too complicated for most users, and credential setup is hard to enforce on random clients on a public network if you want people to use you. That passphrase/certificate may or may not offer a shortcut into the encryption used to talk to individual clients, but it's certainly not the best solution.
Ironically, a pub that puts the passphrase to their free Wifi on the beermats could easily be more secure than the airport that allows you to "just join" some free Wifi provider.
Re: Power consumption
Encryption is not free, by a long shot. The biggest reason not to push everyone to SSL is certainly the CPU use of the encryption (or specialist devices to offload it to) in the large datacenters. So it's not zero-concern.
However, on a modern smartphone, with specialist instruction sets, built-in encryption anyway, accessing SSL websites and sync sites all the time, and it not mattering that it might take a second or two in the background at the lowest priority to send the message? Yeah, not worth worrying about.
The new name for SMS texts when your carrier thinks it's reasonable to charge you 20p per text to a foreign country, for example.
I know a lot of Italians who live in London - they all have Whatsapp on their phones so they don't have to worry about roaming, pay a small fortune for texts, or have to carry two phones.
I've generally found that, given the amount of trust in IT people, they are in the higher tier of people who actually can be trusted with such data and control. I work in schools and, technically, I have more access to more information, with more "potential" for mischief than anyone else - even the head, governors or bursar combined.
Yet you find that, aside from laziness or incompetence, actual malicious intent is incredibly, extremely rare; almost non-existent.
That said, in job interviews, I'm often asked in true cliche: What is my biggest weakness?
My answer is truthful... it is MY network. I might be running it for YOU and your business and your users, but it's MY network. That's a weakness, yes, as I get protective over my network, access to it, and what changes are made with it. But it's also what keeps "OUR" network running and safe.
If I implement a rule (as I have just done) banning USB sticks, then USB sticks are banned. I don't do such things lightly, or for no reason, or because I like to punish the users. I do it to save the school from legislative issues, or network compromise, or some other requirement that are more important than you needing to put in that £2 USB stick you got from some exhibition to transfer your stuff home because you're too lazy to email or work out how to use Google Drive or similar.
Your sysadmin is protective of your network. It *is* his baby is his eyes. That's a good thing, and a bad thing at the same time, depending on your sysadmin. But if your sysadmin is any good, then let them do that. Let it be their domain, quite literally. Complain when what your business needs isn't present, by all means, but accept that your quick-fix solution is not necessarily the solution the sysadmin needs you to have.
It's like leaving your house with a house-sitter and then complaining that they fixed the gutters, cleared the drains, set all the clocks to the right time, etc. Let it be their house for a while (if not in law, then at least in practice) if they are going to look after it more by it being so. The worst thing in the IT world is complacency because they're not allowed to fix things properly, so they lose interest in fixing things at all.
Stop using ISP DNS
Stop using ISP DNS.
It's that simple.
Just plug several dozen public DNS (google, opendns, etc.) into your computer, or your router, or your servers as upstream DNS's and forget about it. When one doesn't resolve, it'll bounce down to the next and you won't even notice.
Honestly, the days of being dependent on your ISP DNS are over. The only problems now are if the ISP intercepts all DNS (then you deploy DNSSEC to talk to the root servers directly).
But everybody, whether they own just the client, just the ADSL router, or a bank of servers, can just plug in dozens of other DNS's as they see fit and it will not hurt performance in any way. Order them properly and it'll even take your preference into account for you.
Hell, my first DNS is my own VPS - which has my host's DNS, Google, then the roots. My 2nd and 3rd are Google. The rest are random public freebies like OpenDNS. And at the bottom of the list are the ISP DNS. I plug these settings into my ADSL router which hands them out via DHCP, and also hands itself out as the primary (which also just has the list above in it) so all my client devices get them.
Whenever someone cries that Virgin DNS or whatever is down, I've never ever noticed a problem unless there is literally no connectivity to the net at all (at which point, I switch on 3G and carry on, because access to the DNS isn't dependant on using my ISP connection).
I'm not shocked by the article.
I am shocked that only 0.5% of non-domain computers with antivirus report an infection. That seems FAR TOO LOW. And considering that NO protection gets you only 2-2.5% infection rate, I'm still not at all sure that the performance hit of antivirus is worth it.
Interesting that they don't publish statistics on "domain" computers (even if they could only find domain computers WITH antivirus) - presumably those machines are much more well managed by the simple assertion of a handful of security settings rather than loading up everything with antivirus.
To be honest, all those stats show are that antivirus is pretty much a waste of money. Use a free one and forget everything else. The free ones won't expire because you haven't paid your Norton tax, and people are much more likely to have installed them in the first place.
I was remote-fixing a machine only yesterday where they couldn't download TeamViewer because of the spam they were getting in their browser whenever they went to a download site. I asked what they ran. Norton. And they were due for a renewal. So I uninstalled it and gave them Comodo Free, given that Norton had obviously not worked at all.
Re: Untrustworthy automatic billing
Agree on the Direct Debit thing. Just phone the bank and cut them off at source. When they call to complain, then you aren't money-down to fight them.
Had to do this with Three, who billed me for a contract phone (and contract) that never arrived. I only knew it hadn't arrived when I phoned up to ask where it was (28 days later). I asked them THERE AND THEN to block the IMEI / SIM. They asked me for the number. I called them idiots, in a roundabout way (how the hell do *I* know what phone you sent me?).
Weeks later they were still billing me. So I phoned my bank. They made it clear what I was doing but they cannot refuse to do it. I cancelled the DD. Minutes later I had a phone call from Three demanding "their" money back. The bank had cancelled AND REFUNDED all the DD payments. That got Three's attention. It didn't stop them trying to get the money though, however my offer to initiate their threatened lawsuit on their behalf finally made the lightbulbs in their head come on, I think. Eventually they sent me a letter where they had "decided to take no further action". Strange, because I'd decided exactly the opposite if they had continued to harass me.
But the banks and DD? Wow. Most co-operative my bank has EVER been.
As per your terms and conditions.
Do you get compensation every time your electricity blacks out for a few minutes?
Do you get compensation if your phone goes off for a while?
Do you get compensation if your milkman doesn't turn up one morning?
Do you even get compensation if your train is fives minutes late EVERY MORNING FOR A YEAR (and some days doesn't come at all)?
Because you don't have it in your contract (express or implied) and it's not reasonable to provide. It's not just Virgin, most companies would go bankrupt overnight if you could automaticallly get out of them anything more than what your contract cost. If your Internet connection, or power connection, or transport MATTERS, you'll have a contract with a cast-iron guarantee written into it. And it will cost orders of magnitude more to compensate. And similarly, it will cost orders of magnitude more when you mess up and it's YOUR fault that it's off but they have to send out an engineer to prove it.
Have you SEEN the prices of leased lines? And invariably they still can't guarantee 100% service. You can still be off for X amount of hours per year and have NO comeback whatsoever. And the law generally holds that, unless specified otherwise, your maximum compensation would amount to the direct cost of the lack of service and not any cost of your reliance on it. So you'd get back, say 1/30th of your monthly cost for a day without it, at most, on a standard home package. What's that? A couple of quid? Everything above and beyond that is goodwill. And I'm betting Virgin have a few more customers than Xilo. So much so that they don't need to provide goodwill payments (but I have, in fact, had one when a pay-per-view movie on their cable service stopped mid-way, and they refunded and gave me a free movie). And I'm on Virgin and it's NEVER down long enough to even suggest faffing about. Last time I rang them it was because the local kids had pulled all the cables out of the their green box at the end of the road and cut off the Internet and TV. It was fixed within the hour.
If you're really that reliant on your Internet, you need to get a proper contract guaranteeing it. But something tells me that you'll whine that you wouldn't be able to afford that and it's totally impractical unless your very life/business hangs on it working. And there's your answer.
Nothing in law entitles you to compensation beyond the "direct loss" of the service (i.e. what you paid for but didn't get) unless there's extreme amounts of negligence or they were aware that it would have a much larger impact on you and still agreed to provide that service.
Compensation is, in fact, extraordinarily rare in any contract unless your dealing with serious amounts of money. And rightly so. Take your money elsewhere, rather than provide the opportunity to use every company and organisation as a honey pot for the slightest mistake one of their employees might make.
Re: We'll never get longer lasting batteries...
"But it must be a conspiracy!"
Please point out any battery technology that comes into the same order of magnitude as petroleum in terms of energy density. You won't find one. There are claims from labs (usually before they've done anything past micro-scale tests on a single tiny cell and extrapolated up), but zero actual products - prototype or real - at scalable / commercial sizes. Because, inevitably, they become unwieldy and impractical very quickly.
Batteries are getting better all the time. You can now run your car or motorbike entirely from a battery. Hardly anybody does, because the charging times are in the same order of magnitude as the discharge times in use. It simply takes that long to put that much power into something that you want to push that much power out over any length of time. It took several million years and billions of tons of rock compressing organic matter to make your petrol, that's the only reason we can take it "for free" and use it almost immediately.
I have a 85KW car engine in my 15-year-old car. Do you have any concept on how much damn power that actually is? You house probably has 240V x standard 100A consumer unit = 24KW at absolute max. My car supplies over three times as much power as my house can take without asking the electricity board to up the incoming line for me. Even if you extrapolate that down from the maximum, my car at 3000rpm is generating levels of power that my house couldn't handle. From petroleum, it'll do it for half a day straight.
What you're asking for is the impossible at the moment, not the result of some conspiracy theory. The guy that fixes the battery problem, plus the associated current-handling problems for a decent time of charging, is a billionaire overnight. Just the patent would be worth billions. There are no patents of this kind even filed, let alone being sat on. There's plenty of research. THOUSANDS of "this will be the next battery". Nothing that scales, no matter how reproducible or well published it is.
I have a 240V 32A "commando connector" (building site connector to you and me) on the side of my house. We use it to power a pottery kiln to 1600 degrees for 12 hours. When we do that, we have to be careful of what else we turn on in the house, because that's the single-biggest current draw we have and very unusual for an ordinary house.
It's not even close to what's required to charge an electric car in any short amount of time. Standard charging units recommended for electric cars are usually in the 80A range. My connector, connected to a top-of-the-range electric MOPED would take a couple of hours to give a full charge that will get me 100 miles at 25mph. Just. Batteries are just atrocious storage units - actually, they're not, only when compared to petroleum do they look puny in comparison.
The next tech is super-capacitors. They don't have the "hours to charge" problem, but instead have immense "current-draw" problems which would blow the *street* fuse if you did what you want to do (charge in 15 minutes). They also lose current still, are stupendously expensive to make, and that amount of power going into and out of a device generates all kinds of issues - not least arcing at terminals, conductor degradation, heating, and actual PHYSICAL STRESS. You can make any high-power device move, click, buzz and bang by flicking the switch, imagine what something an order of magnitude more powerful does.
The world is moving away from oil. The company that holds a patent on a battery technology capable of even a fraction the energy density of petroleum will own the industry overnight. Energy companies, oil companies included, will give their right arm to secure their future as it's looking increasingly bleak for them - everything from pollution to renewable grants to energy prices to wars in oil-producing countries is against them. The first to do so will abandon oil for energy (maybe for plastics, etc.) and push their battery technology into your face and gain billions in worldwide government grants that would make our global oil budget look like chicken feed.
It's not a conspiracy. It's just impossible to pack that much energy into that small a device without doing it on the molecular level. And that's expensive and energy-intensive and difficult to do.
I disable anything that looks like radio, unless I'm using a radio device of that kind.
I don't disable 3G, but if you're not using Bluetooth, NFC, wireless etc. then why would you want them turned on anyway? For the same reason, I turn off Wifi on the ISP-supplied routers and use my own behind it.
I bought S4 minis for myself and my girlfriend. First thing I did - went through, turned all that stuff off (including S-Beam and DLNA and whatever else). Neither of us have missed it. We can turn on Bluetooth if we want to use a headset. We've had no cause to turn either of them on or off more than a couple of times each in the last six months. And NFC only got turned on because I was showing her how you can read info off NFC cards.
Re: The last Windows Server Operating System
What's a tape?
Let me introduce you to the 2010's where we have things called NAS and cloud storage. They backup in a tenth of the time, store ten times as much, and you can put them everywhere - including home. You can run your damn servers OFF them if you buy iSCSI-capable ones (i.e. anything but the very cheapest).
And they're cheap enough to have several of them, dotted around, a small one to take off-site (or even leave off-site on the IT guy's home broadband for live-backups), and push to "the cloud" (i.e. a server in a hosting facility) automatically if you want.
Tape's a bit... well... old. The reason there's no built-in tape support is because the cheapest bunch of NAS, two in each location that you put any backup tape in, will do a better job for less cost and greater reliability. And restore times are ORDERS OF MAGNITUDE better. Tape is the last link in the backup chain nowadays. And only because people are attached to it.
Re: The major problem with W2003
"Just works" - without virtualisation, proper DFS, if you still want your login scripts to be hand-written batch files for most things (drive maps and printers comes to mind), and dozens of other features.
The problem with "just works" is that you're not making the most of what you have. I moved 2003 servers to 2012R2. The difference was amazing. Just the configurability, for a start, but then being able to do proper VM's (stick your old 2003 in the VM's if you're worried!), have reliable failover (2008+ will do automatic DHCP failover quite nicely), etc. was an enormous boost to the places I put it in.
Hell, last time I tried it was an absolute pain to get SCSI drivers for the 2003 machines we used, especially when you got into RAID. If nobody still sells the kit you use, it's a warning about what happens when your server dies and you need to get it running from backups.
2003 just works for only the most basic setups that make almost no changes over the years... tiny offices with a handful of people. Anything larger than that and you are truly setting yourself up for failure. When that thing dies, and you can't spin up a replacement without buying 2012 anyway (and virtualising the old one or running 2012 yourself), you'll find the problem.
To be honest, I can't stand Microsoft. I only hate Apple more. But 2012R2 is pretty damn good and has a core of features that mean upgrading a bank of servers running on a handful of actual physical systems becomes a breeze and the users don't even know you've done it. 2003 is the DOS of today. Sure, some places can still get on with it and do what they need to do. But the second you have to integrate, run external services, or do anything remotely interesting, you'll find that you'll be crying out for 2008 at the very least, and that only for a couple more years.
Re: For some small companies it is.........
If you can't afford a grand on hardware / licensing, and say another grand for someone to install it for you, then you shouldn't really be hiring staff anyway.
One week of sick-days and you'll be dead in the water, unable to hire replacements or do anything else.
This is not about "mom-and-pop" shops. This is about someone who runs a business - and £2k should be a drop in the ocean compared to the ongoing backup costs, Internet connection costs, maintenance contracts, upgrades, software licences, etc. that you already have.
Sure, it's hassle. But it's far from the end of the world. I did a whole school single-handedly over the course of my normal job, from 2003 and XP to 2012 and Windows 8. The servers I just joined, moved services over gradually, removed the 2003 machines when they were no longer doing anything useful. The clients, however, I spent eight weeks upgrading.
In terms of businesses with the need for a server (more than 2 employees, at a rough estimate), £2k should be nothing and part of the ongoing costs of having IT. Hell, you can spend that on a photocopier.
Re: For corruption checking
CRC checks are not as infallible as you might think.
When I studied Coding Theory, it was explained that there are a number of errors which you need to be able to compensate for and how you do that depends on what you design it to compensate for.
As such, ISBN's (the final digit of which is a checksum, and X = 10) are actually designed to withstand the swapping of any two numbers within them as well as detecting single-digit errors. That's because you expect a human typing in the code to make a mistake.
Similar properties exist that you can design for that take account of other errors - until you get up to the standards of the Voyager spacecraft which can compensate for something like 999 errors in every 1000 bits, or something ridiculous.
CRC isn't *as* suitable for spotting recurring data corruption, bit-flipping, etc. MD5 may not have been designed with such things in mind but certainly fits the criteria due to the extreme unlikeliness of such errors resulting in the same MD5 hash. You *REALLY* have to play with an MD5 to get it to stay the same, and even changing all the bytes of the code may not be sufficient by accident.
CRC, though useful - as evidenced by its use in ZIP and thus PNG, DOCX, etc. file formats - is not necessarily the best use for data integrity checks. It was back when computing power was very limited and that's where its strength lies. It's very easy to make with basic boolean operations.
However, given modern power, I'd trust an MD5 much further than CRC. And neither should be used for security purposes.
Hashes have many uses, some of which have no security impact at all.
Consider data integrity hashes on your own stored data. If a malicious agent could get access to your backups and their hashes, that's game over anyway. But if a hash differs on one of your backups to the others, you know there must be data corruption or loss somewhere.
It doesn't render MD5 useless, just insecure. There's a difference.
I put in the MD5 routines into the game OpenTTD, for instance (the code has long since changed, I believe). It checks that you have a copy of the original GRF (graphics data) files from the original game and whether you have the demo or full-version, and DOS or Windows palettes for them based on the hash. Unknown hashes flag up a warning. Someone who WANTS to feed in a fake GRF would be pointless.
But we found a lot of people who had corrupt copies of the original GRF's from their old backups that were generating support tickets that nobody could fathom. For most, it meant that they then knew they'd got dodgy backups and they just replaced it with the originals. For others, it meant they'd been modifying the GRF's and so generating tickets because of their own mistakes. Despite their arguments, when they are the only ones on the planet with the GRF files corresponding to the hashes they posted, you know immediately they are either using a corrupt or edited GRF rather than the supported original GRF's.
Obviously, if they wanted to fake a support ticket, they could just say that the program never warned them, in the same way someone could edit a kernel log to remove references to the taint flags. It's not "secure". But it is useful.
Re: Another solution
Certainly don't host your content on them.
Host it somewhere else under your control and link it in, then you never lose anything but exposure.
All the companies I know that do social networking post to one place that is sucked in via RSS to all their Facebook, Twitter, etc. and usually just links with shortlink to their "official" website.
That way you can be "removed" but not silenced.
Re: Depends on perspective
I still have a rejected comment submission on my profile on here because it happened to diss a famous recruitment agency that was pushing sponsorship The Reg's way.
I was most miffed at that. I thought The Reg was better than to censor comments in such a fashion.
Re: I just don't get these new TLD's
The days of someone owning the .com and wildly guessing that to be so are long gone. You google them, nowadays. I remember when novatech.com was actually a military supplier whereas novatech.co.uk was the company that sells computer stuff. After the third time you do that, you no longer assume and you Google or remember the domain.
Hell, people don't even know how to type in addresses any more, they just google them - I'm not joking. People will Google "GMail" and then click the link they know works.
Domains are dead. Certainly owning the .com for a brand is not guaranteed by a long shot. And the home idiots are googling what they want, rather than typing in the address anyway.
In that climate, there's absolutely no need whatsoever for a domain name besides vanity. Let's call these what they are - vanity domains. And bought by the same people that want to own B1TCH as a number plate.
I can't remember the last time I actually bothered to type in an address that wasn't written down exactly (e.g. in an advert), or well-known to me. Nobody takes a stab at .com addresses "just in case". That's a perfect way to end up on a scam site.
Re: Economic incentives
What teething problems? We've had several IPv6 days. Every server OS and service you can think of support IPv6 out of the box.
And if there's a problem moving a service to IPv6 - that's what IPv4 is still around for. Nothing stops that working, but IPv6 just gives you another new avenue to try out.
Honestly, the teething troubles are long gone. People just need to start turning it on. Your mobile phone already uses IPv6 if it's anywhere near modern. Unfortunately, some places - like this very website - can't be bothered to add IPv6 to the list of modules and reboot their servers.
But no Register yet?
Told you guys - you can do an article on IPv6 when you start publishing a single AAAA record.
Re: does this fix anything?
And that's exactly what Microsoft doesn't want.
If you have to pay by year, they guarantee their finances for decades to come.
If you can not bother to go to Windows 8 and not pay them any extra, then you won't.
Re: I have a small metal key
If you're installing such systems, at least one lock should be fail-open, rather than fail-shut. Otherwise what happens if you get a fire in your electrical cupboard?
But the cheap solution is even more simple - buy the cheapest, junkiest UPS you can buy. At access-control wattages it'll probably do 8-10 hours, if not a lot more. That's why your burglar alarm has one inbuilt - it can still go off up to 24 hours after the power goes out, and attract attention or phone you.
Honestly, if you have even a CCTV DVR or an access control system, £50 for a UPS that runs them all is a drop in the ocean. And handily will give you a serial-cable notification of the power going out so you could, for example,instruct it to unlock the doors in an hour's time if you're not home when it happens but will need to get back in.
Extended blackouts are one of the high factors that attract opportunist crime. Just keeping the little blinky lights on your alarm at that moment would be enough to deter most such opportunism. You don't pick the house with the big noisy alarm and flashing lights when everyone else's house is in pitch black and dead silence because everyone else is waiting for the power to come back on.
Re: I have a small metal key
Keys, as an access mechanism, have sufficed for thousands of years.
However, they require physical conferral of the device in question, which is a security risk. Note the numerous mentions of house guests, parcel deliveries etc.
It's useful to have a way to allow a random person in, on your authorisation. You can tell someone a PIN over the phone, you can't give someone a key.
And 3D-printing may well make keys dangerous. A quick photo or even video of your average key, let alone a few seconds of physical access, will give you enough information to make a viable copy, and lock-bumping basically makes 90% of the locks out there key-less with about an hour's practice on a box of old locks. There's also a reason you should change your locks after you've misplaced a key, whether it's returned to you or not.
I'd rather have electronic access. But this is too much. And, yes, at least one of my doors would be accessible by an old fashioned unpowered lock, in the case of an emergency. Though I'd make it the one that requires the greatest faffing to get to, i.e. jumping the fence etc.
If you buy cheap junk, yes.
There's nothing stopping you fitting some serious hardware around even the cheapest of locks to hold it in though. London bars etc. can be adapted to strengthen even the crappiest of locks and, don't forget, your hinge is probably the weak point by that time anyway (especially if you have only two, one top, one bottom, leaving the point of greatest leverage unbolstered).
Personally, I'm quite impressed at basic locks. Even mag-locks are now quite serious. £20 can get you a 500kg holding force mag-lock that put a handful of watts. That's pretty impressive. And, yes, I have hung off one fitted to a metal gate at work to see if it was true. And, no, I don't think you'd open it short of cutting the power which generally requires cutting through an armoured cable or steel fence post anyway.
The problem with security, as always, is not to make the door unkickable, but to make it the least likely alternative. Anybody wanting in will get in, through a window, or just bringing a sledgehammer and making a hole in your side-alley (you could kick any half-decent brick wall down if you tried and had good boots). It's not about absolute security, it's about the effort and sometimes noise/suspicion required to do so. And, like car security, how long you'd be there trying to do it.
I doubt most people even have a front door that would stand up to a few good kicks anyway. The point is that doing that is risky, noisy, obvious and attention-attracting and might still leave you with an aching leg or splinters in your thigh. And so smashing a window is an easier way in.
There's a reason the police have those door-opening battering rams that can be operated from a standing position in one hit. But it's not because that's the best way to gain entry. It's because it gets entry into almost every house and can be repaired quite easily afterwards and there's much less chance of showering someone in glass shards.
I can buy a whole-house access control system based on business use for that price. Maglocks on the doors, control units, RFID readers, PIN-pad entry, the works.
Even on a cobble-together budget with those products you're looking at over a grand before you even start fitting.
Get a couple of mag-locks for your gates, and the various entry locks (they normally just replace the lock on the door-frame side of the lock) for the house, and a simple controller (there's a PIN-pad and RFID - in whatever combination you like - one on Amazon for £10 with 12V relay control...). You've already had to build a Fritzbox and run a relay cable to remote control it, so you haven't lost any functionality.
And, my biggest question about doing all this (as I have the parts and the know-how and have considered doing it on my house) is what about the insurance? House insurance typically demands a certain standard of lock and access control does confuse things on non-business premises.
Hell, I had SMS / telephone-controlled relays rebooting the ADSL modems at my previous employer - one 3G stick, a pre-pay SIM, one physical "button", one Velleman K8055, an old car relay and anything you can be bothered to put on the other side of it. My employer used to be able to reboot the modems with a text message (with customisable PIN, or other commands!) from anywhere in the when the VPN fell over.
Either cobble-together cheap components, or buy an expensive all-in-one solution. Don't cobble together expensive components.
Not got anything to do with the leased fibre line my employer bought through them, which they spent six months doing nothing about. Then turned up on site with two men who drilled a hole. Literally one hole. Even phoning their boss to check that was correct. The next guy ran a fibre tubing following the existing telegraph lines and left it dangling on the first building it hit, some dozens of metres from the point of actual installation.
Then a month of shouting later another guy came and ran some fibre tubing but only brought half as much as was needed. So left three hodge-podge parts of tubing he had leftover in the van to try to get to where they needed to go. Then a month later another guy came, looked at it, and realised they weren't able to join it back on the main street anyway. Then the re were promises, promises, promises and arguments and before long our November order which had become an April install was into September with nothing more than a piece of plastic tubing and a hole to show for it, with promises it might be ready for the next November.
At that point, we phoned up and cancelled the order. The next week an OpenReach guy was asking for access to the site. We told them where to go.
Their competitors? Currently digging a 200m trench to get to us, with guaranteed December delivery, faster speeds, cheaper prices and constant contact.
I wouldn't mind but I work for private schools. I can't imagine that's a bad class of customer to have for an always-on Internet connection - several hundred high-paying pupils all wanting to show video online, totally dead connections overnight, and a gigabit fibre that we can ramp up the speed on any time we have the money.
OpenReach was a farce. It cost them a couple of other school's too as we spread the word. A year taken to drill a hole and push a pipe through it, and they didn't realise they never had space enough to fit the fibre anyway.
Re: Faraday cage
Mine's in an under-stairs cupboard. The cupboard is used for routing my cables through. I predict that a fair amount of Cat6 cable in there is likely to interfere with anything trying to get out wirelessly, as I already struggle to grab a mobile signal in the house, let alone in those dark depths in the middle of the house.
And I was originally intending to put my Wifi in there - it seemed nice and central - but the signal was atrocious before I started putting cables through it.
I'm not saying I'd go out of my way to make it not work, but I think they'll struggle to make it work even so. And, sorry, but you're not going to relocate my meter just on the basis of that. The meter's been there for decades and the house designed around that and I'll be damned to have something hanging off an exterior wall and blocking my side-alley.
Cyber-warfare is being used as the next excuse for real warfare.
It's incredibly easy to "blame" the Russians or the Chinese or whoever the flavour of the moment is for such attacks. It would also be incredibly easy for any nation state to fake or proxy such an attack coming from the country of their choice. To say that any one nation is responsible should be taken as seriously as saying that they put spies in the White House, or something similar. It's a serious accusation that needs serious proof to back it up. Saying the packets were traced to China, or hinting that you think the Russians don't like you at the moment is not proof.
And there have been several statements from representatives of large nations drawing a parallel between a cyber-attack and a real one and offering retaliation in non-digital forms. This is a slippery slope.
Now imagine there's a world leader who WANTS to start a war. What excuse do they now need past getting some Chinese spam on their systems or some script-kiddies proxying from China? It's dangerous.
If your network is THAT BAD that you can't work out who's attacking it or stop them attacking it after three weeks (classified or not), then the problem is yours. You can't go mentioning nations that you don't like and blaming them for it, or even hinting they could be behind it, until you can prove that. Which, generally speaking, you can't.
Stop trying to create an excuse for a real war from an handful of bits coming to your computer.
Re: Pay seems to be going down
Cheap labour is cheap labour, and the going rate is at that price because it still gets the applications in. You and I know that it means you hire a lot of monkeys, but IT is so flooded in "I know a bit about computers" people that the rates plummet.
I don't think in my last 8 years of jobs have I been paid the advertised wage for very long. The rate at hiring was either more than the advert, or it was re-negotiated soon after. Get them to want you, then talk money. You'll be surprised how flexible they'll be at that point - they've already committed to you in their heads and will take (and expect!) a few grand hit to actually getting the candidate they want.
Last place I went to asked me what I wanted. I hate that. I always undersell myself. But got previous wage + promised (but undelivered) raises at old workplace + 20% as the starting salary.
The problem you have is that it's not a problem you can solve. If people are willing to pay 18k for a permanent member of IT staff, they know what they are getting or will soon find out. If everyone is doing that, there's a reason - it's good enough for them in the long run. Hence, there's little point challenging it. The job market is just flooded in people who will do that job, to a similar standard, for those prices. If you can differentiate yourself, then moving to a tighter job market is the only other solution.
However 1300 applications is incredible. There's something wrong there. I left my last employer back last September. I immediately applied to a temping agency and started looking around for jobs. I had applied to two by the time I'd been offered a permanent position (it didn't start immediately, but the paperwork was there and ready to go). I spent six months temping, and never had a day out. I bounced from one place to another while the agency found me something, and ended up staying at the last for five months. Hell, they gave me a leaving present when I went. Sure, it was temp work, and it was several grades below my normal level, but it was enough to be getting on with.
I can only imagine that your expertise is quite specialist, or that you lived in an area devoid of all work (not just IT).
I don't think the job market is any worse than it ever was. People say that, but the previous generation had worse trouble and got through it. I just think that schools are giving unrealistic expectations and not enough realistic training. The people you can pluck at even minimum wage and who'll do a good job and progress are few and far between. And a lot of them aren't even worth minimum wage (I agree with the concept of minimum wage entirely, I mean that they don't step up to justify even paying them minimum wage compared to others being paid the same).
IT definitely has a lot of paid monkeys, that's for sure. But I'm not sure it's as cataclysmic as it's made out to be - or employers would actually be paying more.
I would judge that person more than someone who's not had any IT work at all in their lives.
With VM's, tech previews, evaluations and a ton more, I would worry about someone who's not only allowed themselves to get stuck in a rut and can't poke their head above, but also complains about lack of training when they aren't doing stuff themselves. And when you get into stuff like Linux, free Hyper-V hypervisors, etc. there's really no excuse for not having tinkered with something. That your employer didn't want to actually deploy it is neither here nor there.
I'm not saying that's you, I'm blowing up one comment to become a persona here, but I worked as a "roaming tech" (I hate the word consultant) for many years - zero equipment beyond what the place had already, no budget to get new stuff, emergency cases in dire situations, stuff I've never had to deal with before and need to learn "on the job", and then "oh, can you just make it do this" and I came through without any "training" of any kind. In fact, where offered I actively refused because it was unsuitable and/or only trained me on what I already do day-in, day-out.
I never expect anyone to have used a particular product, or feature, but I expect them to have an outline of what it is, have played with similar features and - even if it means clarification like "Hyper-V is a virtualisation hypervisor" - that they can then pick up on it and go "Oh, right, well, I've played about with some of the ESX / VMWare stuff and I've done a bit of Xen for my own stuff but I haven't touched Hyper-V personally".
The answer "Nope, I've never deployed it outside my personal test environments, but I think I have a grasp of what's involved because I've done a lot of tinkering on my personal test network at home" is actually VASTLY informative to an employer. It means you're happy to admit holes in your knowledge, happy to play and tinker, able to do these things off your own back, have some experience of the concept, have taken the time to learn on your own time, and are not scared to say "Never done it 'for real' but I'll have a go if you're okay with that".
I have to agree with your last paragraph. But if you've been in a position for 3 years and not progressed in some way, I judge that person just as much for not having stretched themselves, done things on their own time, etc. I'm not a "management" sort, except in job-title. I'm purely functional and hands-on. But I worry about people who need "training" to have booted up something in VMWare and played about with the new features. Hell, when a new OS comes out, I pretty much compete with those around me to find the holes and the problems in it as soon as the first public preview is available.
The best teams I've worked on, are basically competition over who's deployed some new technology before. Then you become the "virtualisation guru" of the team because you've done it a bit at home. Then someone else starts putting in some HA functions into your hypervisors to beef them up and "beats you" because they read something on Google and try it on the test network. I've had competitions over who could deploy a PHP-enabled web server first back when PHP was new to us, and one of us did it on Linux and one of us heard it was possible on Windows. The thing never went into service, but the curiosity was there.
Sure there are some dead-end jobs, but the point of IT is that like most other professions (as opposed to just "jobs") you HAVE to keep on top of it. A doctor who doesn't research a strange condition he comes across or a lawyer who doesn't bother to read the new legislations would be out of a job soon too. Or stuck doing only the stuff people tell them to do.
Please note, I have no industry certifications. I have a degree in mathematics. But I have had a career exclusively in IT for a decade and a half. Because when someone says "Our servers are a little overworked, there's a bottleneck here, what can we do?", I go research the answer.
Don't expect training in IT. It doesn't happen. Because those who need it you won't want to give it to them (a little knowledge is dangerous) and those who you might want to give it to don't need it.
You mean when my employer pays thousands for me to sit in a conference hall listening to waffle, while some old guys drag the session back to basics and I'm led through a click-through tutorial of what menus I need to click on in the new versions of Windows?
I'll stick to the "We need this" - "Right, we'll need to set up DFS, install new hypervisors, we should look into failover clustering, this 2012R2 feature looks nice, wonder how well that integrates with Windows 10, we need to work all this out by the end of the month so we can start deploying" method of training, thanks. Seems to have served me well for over 15 years.
There's a reason that I don't automatically sign up to certain things just because I've bought a new phone and they look "cool".
I think about the consequences if it goes wrong. Not deliberate or malicious attacks, just what could happen if a server somewhere decides to go muppet and link my ID to someone else's or something.
When I bought myself and my girlfriend an S4 mini each the other month (having given it sufficient time to bed-in as a cheap stable device), I went through all the options, turned off or "skipped" anything that I could see going wrong. I have to say, reliance on outside servers features heavily. There are still half-a-dozen apps that prompt me every time I do an "Update All" because I don't agree with their permissioning and don't even want them anyway.
Linking in the Samsung Account - never even did it. Find My Phone was pointless against the in-built Google one (and I do have a Google Account, and did see value in putting it on the phone). However, even there I disabled the remote-wipe / remote-lock features while still retaining the phone-tracking (lost my phone the other day - if the battery hadn't been completely dead, it would have been very handy - as it's proved itself when I've lost it in the past).
The Samsung stuff is just junk. All the Samsung apps I've hidden or just completely uninstalled. About the only one I ever used on a previous phone was the Memo app but that's complete junk and over-complicated now, especially compared to Google Keep.
There are reasons that I just don't turn on this kind of stuff, and lock down the settings so only I can use the device anyway. This kind of vendor-reliant junk is not only open to attack, but just open to cock-up too. I'm not saying that I'm immune, but these features are really just a problem waiting to happen.
Internet-activated remote-wipe. God. I can see the use in business, where anything critical is backed up, all the devices are passcoded and encrypted, and when something goes missing you KNOW it's gone missing, can wipe and rebuild in a few moments if it's brought back. But for your own mobile? No. Not nowadays. Just encrypt. Without the encryption key, nobody can do anything with it. Inform your telco and get the IMEI blocked and forget about it unless you want to go and hunt it down.
I think the news is not that people who haven't updated bash are vulnerable. That much is obvious.
The news is that there's another major sector of programs handing off to bash in order to do the simplest of things (read the mutt post above). While that appears fine, it's something that not many are aware of, and means pulling in a huge codebase into the path of your external network functions that just increases the attack vector and makes it harder to effectively audit the code.
The problem, ironically, is systematic - not bash - in that we're relying on the shell to do far too much. The "one tool for the job" mentality of UNIX is falling apart where we've done this, and nobody noticed for quite a while. I wasn't aware that mutt or Apache were pulling in full bash shells to set environment variables, were you? It would have rung alarm bells for me if I'd known that, even on a casual, personal-use basis.
Where else are we pulling in unnecessarily powerful tools to do simple jobs that might be better achieved somehow else? Are those places vulnerable to outside attack? Have they been audited? Are people aware of the possibility? And, most importantly, someone somewhere must have known about these things - imagine the SELinux people, for example. They are generating signatures of exactly what a program needs to operate, including if it executes other programs, and either allowing or disallowing it. But yet nobody noticed that there might be a problem existing in bash for DECADES if it's used in this way.
I love Linux, but we seem to have strayed from the UNIX philosophies too far - we shouldn't be allowing software to pull in entire other programs to do simple tasks. Hell, why is there not just a "set" program that we can pull in when we need to set environment variables and that's ALL it can do? Why are we using full bash from our web servers which gives us the potential to embed (and successfully execute) a ping command, or any other, from a remote HTTP request?
The bash patch is just the sticking plaster over the wound. But we've been doing dangerous things for too long, and we need to look and change. It's not just a matter of "update bash", we're finding that this affects almost every remote service we offer and is a gaping security hole - and it's time we looked into what the security distros are doing in allowing it, and what we can do to make sure that the mutt author, for example, doesn't feel the need to pull in the full bash just to set an email address into an environment variable.
I'm amazed the thing isn't shot to holes already.
Moving at that speed, and through the unknown spaces between all the planets and beyond, it's bound to have picked up an awful lot of collateral damage from space debris.
To be honest, I'm surprised it's still in one piece at all.
Kinda puts into context those plans about moving to another solar system.
It took two years to get to Jupiter.
30+ years later, it's still not hit one light-DAY away from us.
And the nearest star is, what, eight light-YEARS or something?
So it would be 365 * 8 * 30 years = 87,600 years before Voyager gets there with it's headstart.
Sure, it's not got a huge propulsion, but it makes you wonder how you intend to keep something powered and propulsive for decades or even centuries.
Honestly, we're kind trapped in the solar system. And we're even kind trapped on one planet at the moment. About time we took care of it, or started to get ways off it...
I think it's not just "bulb" LED's that are the problem here.
LED TV's haven't taken off.
OLED's have died a death.
And traditional LED's (such as the superbrights, RGB LED's, SMD5050, etc.) are so cheap and mass-market now as to make virtually no profit at all, I imagine.
I've worked in a few schools that went all-LED for their Sports Hall lighting and things like that. Very impressive and bright, but you don't actually save all that much once you get into the long run, plus the initial cost.
I think, as a whole, the entire LED segment of electronics is on a spiral to the cheapest possible way to do things, and that doesn't generate a lot of profit for anybody.
I agree that a SIM in an embedded device is probably on the way out. They serve little purpose now and there's no reason we can't replicate what they do in software or some embedded chip. We don't even bother trying to save our numbers to them any more, instead using cloud services and the phone storage themselves which are infinitely more useful in what / how much they can store.
The problem is that I imagine when SIMs start to go "soft", the EU etc. will step in to make sure that they offer the same service as before - i.e. being able to block SIMs and being able to move your SIM between carriers easily. And, like the USB-charging debacle, Apple will no doubt try to wheedle it's way out again.
Losing the SIM card in GPS trackers, home alarms, phones etc. is no loss. In fact, SIMs are so ubiquitous that it tells you that yourself. I got at least 8 from giffgaff after I signed up the girlfriend and myself and they still keep sending more when we get rid of those to friends and family. And bootsales, newsagents, etc. are full of free ones. At this point, carriers are throwing a ton of money at printing millions of the things and then most of them never get used, so they're probably quite glad to go to a soft-SIM.
The problem I see? A soft-SIM will be even more hackable, to those interested in playing with them. But at least you might be able to have a dual-SIM phone without having to buy some stupidly expensive foreign piece of junk to do so.
Re: It's not calls from the UK that are the problem
Stop using landlines.
There's no reason to, nowadays. Businesses should be on VoIP / SIP / etc. and the filtering there is trivial. Home users are guaranteed to have more mobiles than landlines near them. And most smartphones nowadays have Caller-ID by default (no extra charge), allow you to block unknown numbers, and allow you to blacklist individual numbers.
The landline companies honestly don't care. That's why they charge extra for those services. They couldn't give a toss until you pay them to care, and then they make no guarantees whatsoever. And enforcing valid Caller ID even internationally, and penalising companies that do not pass valid Caller ID through properly (by removing their ability to dial your numbers) is the only sensible solution. And it's not happened and we've had Caller ID for, what, 20+ years?
Nobody cares. So stop using their spammy products.
Sounds like a pretty bog-standard lock-in to me. Can't say it's anything horrific, but it's no surprise that Apple plays that kind of game anyway.
Can't even write an app for Apple without paying annual recurring subscriptions and having to buy one of their devices to do it legally.
Definition: Until we decide not to let you any more.
SSL* by default is inevitable.
Though this is a good first step (well done CloudFlare!), eventually these base SSL certificates will be so cheap as to be ridiculous. Hell, I bought 5 years of SSL certificate for my domain for something like $50. If you have any reason to have SSL, even a popular forum requiring login, then SSL is a drop in the ocean against hosting, bandwidth and even just simple management costs.
The certification authorities wouldn't allow this (specifically the wildcard domains) without knowing that the money they get from them is going to plummet soon anyway. That's pretty much why they want to push EV and like it when Chrome drops support for 1024-bit, etc. They can give the old stuff away for free while pushing the stuff that won't be warning in your browser next year.
And there are already "free" SSL certificates out there on this level, you just have to dig for them.
And, to be honest, where we need to worry is things like SSL on email, etc. which is disgustingly easy to configure nowadays if you own any domain SSL certificate (or even a self-signed one). I'm pretty sure my SSL cert is running not only my domains, but my email, DKIM signature and things like SSH etc. (with different passphrases in some instances, granted).
(*Please replace SSL throughout with TLS etc. as I'm pretty sure my servers don't accept SSL 2.0, 3.0 or anything else nowadays).
And if MS in the EU complies with the US demands without due EU process, they will be in court in the EU.
Given that the EU is actually larger than their US market, it will hurt.
It's not a question of what MS (US) wants to do, or gets told to do. To comply, someone in the EU has to be complicit - either by doing it themselves, or knowingly allowing it (which is a failure of Data Protection obligations).
The US can order what they like. The guy in the EU who provides the facility or does it for MS (US) will be up before an EU court from the second he does it (or allows it).
Ignorance of the law is no excuse, and allowing the US arm of a company to access EU-stored personal data is illegal. It's considered export of that data. And if MS (EU) are asked to do something on the order of a US court, they are legally obliged to ignore it.
It's not as big, or as rare, an issue as some places like to make out. Such orders happen. And then they are ignored. SpamHaus was one particular example where they stupidly responded in the positive to a US court order (initially, at least), but still they got out of actually having to do anything about it as it was outside the US jurisdiction. US courts issue orders that are unenforcable all the time. The actual fact is that if they want them to be legal, there is a process - apply to the EU court to enforce the US court order. That happens too. And when that happens, the EU law is read and applies and it's then legal to do so.
It's not legal for anyone to have any part in letting EU data go out of the EU without suitable data protection. Even the air-travel data sharing scheme fell apart as soon as the EU was no longer co-operative because - by default - it's not legal.
That's not saying it couldn't happen. But Microsoft (US) can tell Microsoft (EU) whatever it likes. If Microsoft (EU) complies or allows it, it's potentially broken EU law. The consequences otherwise don't bear thinking about (e.g. Apple applying US consumer law to other countries, etc. and getting out of their two-year required warranty program...)
All the smart lawyers in the world can't make US law apply anywhere else without breaking the law in "anywhere else". That's part of the reason why Assange is still on UK soil, and why Apple are selling useless "extended" support warranties in the EU.
"allowed to get away" is exactly the problem though. They are allowed, officially, because the law says they aren't doing anything wrong. If the laws were worded differently, they wouldn't be able to do it. Literally, these companies can be audited en-masse, brought to court, and still be found compliant.
That's the problem. Not whether Mr Plod gets suspicious or not. It's that, by the word of the law, these companies are NOT doing anything illegal and yet still paying zero tax. How they report the income, or misreport it, is a matter of law. If they are able to misreport it, it means that the law allows that.
"You must pay X% of your UK business income to the UK government." - seems pretty simple to me. I'm sure there are side-issues and corner cases but quite what's difficult about legislating that with enough clarifications to make what you mean by "UK business income" explicit?
I don't blame Facebook.
I blame the taxation system.
What kind of farce is it where a company taking in any money, on whatever services, can avoid paying any significant amount of tax as a proportion of it's income?
Google have had something similar for their Google Apps products for years, I believe.
The problem is not that you couldn't do this yourself. It's that you wouldn't want to be handing off AD traffic outside your own controlled networks. And certainly not handing Amazon (or some Amazon-hosted Internet-based outside machine) some AD credentials enough to log into your network and join domains etc.
VPN's have existed for years, and Samba is more than able to do anything you might reasonably want on the client side (I've been using Samba SSO for years with my Linux-based helpdesks, fax-to-email, web filters and other stuff on Windows networks). But running samba on something openly sitting on the net? Eek. The scary side of the cloud. Hell, I don't even trust Terminal Services further than I can throw it.
If you're worried about security, it wouldn't matter that you use pagers. You just wouldn't be transmitting any data that made sense to anyone. Whether through obscurity (i.e. "the guest has landed", or codebook numbers) or encryption, it wouldn't be any use to an outsider with hostile intent.
That we're still using pagers, I find amusing, but it's more about WHAT you send, not how you send it. The number of people I meet that think that email is "confidential"... shocking news when their email server will happily send in plaintext still.
We don't need technology updates or end-to-end encryption (which, actually, makes us more lazy and slack with the data we spew). We just need simple data management. Don't send anything that you wouldn't want others to know.
Highly doubtful... Windows' internal numbering is very different to what you or I might call a Windows version number, and any software relying on that would never be looking for a "9" back in the 95/98 era (when it was still Windows 6.0.0000? Maybe even 5.0.0000).
More likely, "nein" is no in German, and apparently it's quite insulting in Japanese too. Rather than set themselves up for the "Windows No" jokes over in Germany and Japan, they've skipped a number.
Hell, think yourself lucky they didn't go back to Windows 2015 or "hemi-deci-millenium" or something.
"Small" business messing about with 60 LTO tapes? It's hard to imagine.
And I was of the opinion that tape is pretty much dead. I'm sure the end-run of backups is a tape in a safe somewhere, but 60 tapes in an active device, presumably cycled and moved off-site or into secure storage? Doesn't seem worth the effort.
The last time I had to RESTORE from tape (i.e. where all other methods have failed, and not for test purposes) was... god knows. Back in the 90's. Keep some spinning rust going, it's cheaper than a handful of tapes, provides much quicker restore even if it's not a guaranteed backup solution on it's own, and grabbing one file off it takes seconds. And it doesn't really care if you keep it in a slightly damp/cold room.
Seriously, what class of small business has a guy cycling 60+ tapes throughout the week as just their last-ditch backup, not counting all the other IT management?
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- You stupid BRICK! PCs running Avast AV can't handle Windows fixes
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor