294 posts • joined Thursday 14th February 2013 09:23 GMT
I think the only "fake" DNS I've ever used is ".local", though I can see how that might one day end up being sold out in order to make cash (come on, there's NO other reason to do that in any sensible, ordered, hierarchical DNS system).
Fact is, the only places I've seen it deployed it would be easier to just block external ".local" addresses from resolving rather than trying to go through your entire infrastructure and find and remove all instances of it from everything. Block it, wait for someone to moan, and by then you can give them a specific exception for what they want (i.e. put an entry for whateverwebsite.local into your local DNS anyway) and wait for the next complete rename/overhaul before you try to resolve the issue. And, if it's never a problem... well, it's never a problem.
Or you could just stop spewing junk into the TLD's that were set down decades ago and causing the world and systems that you're supposed to be managing more "fake" problems for the sake of a small bit of profit.
Not sure how it would be legal to charge me for phone calls made on a stolen handset, or change my tariff mid-contract without getting my approval, anyway.
Sure, we can argue. We'll argue it in court, eh? Where it's tantamount to charging me for, say, someone using my bank card if it's stolen, or for coasting along London doinking my Oyster card.
I get that you don't want to pay for tons of stuff only for people to say it was stolen, but there's a limit to what you can do, you know. If I didn't authorise those transactions, and I reported my phone as stolen and asked you to block it, just try and charge me for them.
A lot of this is basically saying "What's always been illegal but you had to fight for justice on, is now automatically uncontested" rather than anything else.
P.S. Had Three try to charge me for a contract for a new phone that went missing in the post. They'd send it second-class parcel with no tracking. They tried to charge me for it. They tried to hold me to the contract (the contract that was IN THE PARCEL). They took payments off Direct Debit for it for two months. They told *ME* to chase the Post Office to find out where the parcel had gone. I cancelled the Direct Debit, had it marked as a payment for an unfulfilled service, the bank refunded all my money within seconds. Three then threatened to sue me for breach of contract.
I wrote back a snotty letter, and ignored their harassing phone calls (literally every ten minutes until I threatened legal action if they should ever ring me again - "We can't do that, sir, it's an automated system". Well, your automated system is going to see you in court. I'd advise that you don't hang up until you've got the guy in charge of your automated system to stop it ringing me, because I'll take you to court on that as well... funnily never got another call).
A month later, they "decided" to refund all my money, "allow" me to keep the Direct Debit money and graciously "waive" the contract termination fees.
Considering they were trying to hold me on a contract I hadn't signed, after *I'd* phoned up to report the phone + contract missing, after I'd *DEMANDED* they block the IMEI immediately (didn't know what it was, didn't have the damn phone!), on hardware and service that never reached my door and I was never able to use, after they already had my money, you could quite well believe by listening to them that they had a case. Strange how they caved, then, isn't it? And you can be damn sure I wouldn't have paid for ANYTHING that phone had done in the meantime.
There's what the law says, and there's what a company will TELL you is their interpretation of the law. As someone who just got an out-of-court settlement from my car insurance firm for them cancelling my insurance unlawfully, you can be damn sure that knowing that the law trumps what they think can mean the difference between £1000 bills and debt collectors threatening me, and THEM sending me a settlement cheque to make it all go away before I take them to court for twice that.
Stuff what a company tells you. If the charge is fraudulent on a piece of stolen hardware, don't pay the damn thing until a court tells you that you are liable for it.
Re: I'm quite interested in these kind of hoaxes
If Facebook has revealed anything to me, it's how gullible all my old school friends are.
From the crap about "Repost this and it will bring you luck" (and you have to include the line "3% of your friends won't repost this , will you?" or similar, apparently), through to religious nutters, through to attitudes about news stories, through to just plain junk that they watch on TV.
I think this is the kind of thing that Derren Brown plays on - there's just enough people in the world who you could convince to do anything. Not everyone. And don't give them a chance to think critically. And make sure you have a good sales patter. But, in the end, a proportion of people enough to accomplish your ends can be convinced to do totally worthless stuff with their lives / money.
I've always been amazed when watching sales negotiations that more people don't just go "No, look, stop. I don't want it. We both know it's a scam, so stop there and just take my money for the product I asked for." I watched a CEO of a office equipment leasing company try to sell a school bursar a device that plugs in and "conditions" the electricity so that you use less of it. There was lots of accompanying rubbish physics that tried to show how it worked, and even an offer of a live demonstration with a voltmeter, and everything.
Fortunately, the bursar used to design electrical installations for a living, and I have a grasp of physics that goes beyond looking at the voltage and thinking I'm saving "power" (I'm pretty sure he would have refused to let me turn the multimeter to reading "current" if I'd tried, but we'd already got rid of him by that point - hint: They were selling it on "lighting costs" - it may do something for certain incandescent bulbs at some point, but not enough to make money on, and it doesn't work on anything fluorescent with a proper ballast) but he was seriously trying to sell that to schools and I imagine more than one of them has fell for it or he wouldn't try.
It was just quite unbelievable that what I considered "Del boy" marketing tactics were trying to be employed while talking to a multi-million pound business. But, sadly, I could see that bursar's new replacement falling for it in a second (fortunately, I'm long gone from that place).
It is scary when you think how easily people can be "led" and how stubborn they can be when they get there.
Re: Don't stand too close
But a lot of solar is... well, heating pipes to get warm water...
What gets me most about this?
Why do you need anyone to buy one?
Build a small prototype (like they have supposedly done several years ago). Plug it into the grid, get yourself a feed-back tariff and sell the excess back to the grid. Eventually, you should make back enough to make a profit and therefore have the parts to build another. And another. And another. Everything after the first few should be 100% profit, really, no?
When you have filled your shed and made money for a few years, buy a warehouse, register as a business. Build a container-sized one. Use that to make enough profit to make another container, and another, and another. When you've filled the warehouse, sell the energy on direct to customers (e.g. other industries near you). When people start asking question tell them what you have, and they'll come running, but until then it's all personal profit, no need to trust ANYONE, no need to defraud ANYONE, no need to get investment from ANYONE.
And if it truly generates the excess they claim, they could do this in under a year, no help required. Just a guy or two building the prototype boxes and a sell-back electrical installation like everyone with a solar panel has.
Hell, the first we'd hear of a REAL cold-fusion home-brew kit would be the electricity companies asking why everyone on your industrial estate has stopped paying for electricity and there are cables strung between your building and they are powering all their equipment for less than the grid can sell it. And none of your neighbours are paying for electricity either. And your electrical bills have read overall profit for the last year.
If this stuff is so good, good enough to claim that you have to hide it and protect it in case someone steals it, why the hell do you need an investor or customer at all? Hell, you could make enough profit to buy an industrial estate, fill it with the things, and then pay someone to worry about all that paperwork that goes with being an electricity supplier and put armed guards on the boundaries to make sure nobody knows what's going on inside.
Re: Prove him wrong once and for all.
I would guess that one of the criteria that you have to comply with as a user of it is an NDA that basically says "Ha Ha! You got fooled. But if you ever take it apart or tell anyone about it, I'll sue you ass for breach of this NDA".
Re: I can see how this works...
Carrying a bunch of the raw materials I would think. They don't need to take in batteries, it sounds like the container *IS* just one giant battery.
I'm still involved in a several-year-old thread on a forum where some guy claims this must be proper cold fusion. Despite every demo being rigged / cancelled and Bologna University (where most of them took place) basically disowning the guy (and I have friends in Bologna who have worked at the university and they have heard NOTHING of this miraculous breakthrough in science...).
It's a scam. It's just a long, ongoing one.
When you start lying and get called on it, your only options are to admit you were lying, or keep lying even more. I bet my Bitcoin balance that the latter is happening.
Re: Rainbow tables
So when you have physical access to a computer running encryption software which has been "unlocked" for you, and then placed into hibernate (particularly, not standby), and your hibernate file is stored on an unencrypted partition, and the Truecrypt option EXPRESSLY DESIGNED to stop you doing this has been unchecked, you can access the key. (I'm ignoring the "in memory" bit because that means you have access to memory buses on a similarly unlocked-then-suspended machine, and/or administrative privileges on the unlocked machine in order to run a program).
Er.... yes. I have no denial of that. But that's NOT what's going to happen on any system I've ever built.
Please note that the Elcomsoft website, again, give three possibilities of situations it can help in.
1) Your hibernate scenario. Let me know how that works out when I don't allow my computer to hibernate. Notice that Truecrypt also has an option to dismount encrypted volumes on hibernate (it's in their FAQ for goodness sake!). Elcomsoft acknowledge on their own site that this basically stops such an attack. I also have that option enabled. And I have my hibernate file (that is unused anyway) stored on an encrypted partition. Again... good luck!
2) Memory dump files. Let me know how you intend to get one of those from me (note: You'd have to run a program with privileges on my machine, which would require my TrueCrypt password).
3) A FireWire attack. Let me know how that works out on my non-FireWire PC (precisely because the protocol allows all FireWire devices to have arbitrary DMA access to the entire memory space of the computer without protection). And, again, the machine needs to be left in suspend or you to have physical access WHILE it's operational for it to work.
The problem with Elcomsoft is that they don't lie... as such. They just make you think they are a lot better than they are. Read their site carefully and, AGAIN, just try these tools they point you too.
The first time someone showed me NTPASSWD, I didn't believe them. So I tried it. And it worked. I've done the same with Elcomsoft utilities over the years, precisely TO test whether what they claim is true. And although they don't "lie", as such, they omit a lot of truths or hide them behind footnotes. I'm sure they help a lot of people out of holes, but those people aren't doing things securely in the first place. A password on an Office document is not secure. A traditional ZIP file (that someone can open without third-party tools) is also not secure. These things they can help with.
But anything that involves AES is either going to need side-channel attacks (e.g. malicious FireWire devices on a system with physical access that's still running and has encrypted partitions currently mounted), or brute-force cracking that'll take longer than you'll be alive.
Don't go Googling for this stuff. TRY IT. Actually try and do it. Because, if nothing else, then you'll know how to properly secure your own machines against just such things as you contend. And you won't sound so much of an idiot when your entire premise is based on the absence of a well documented and recommended option in the TrueCrypt FAQ.
Re: Rainbow tables
Please, try the Elcomsoft tools you praise.
Because if it's more than WInZIP 8.0 version ZIP, it's basically AES brute-force. The page says so, read it carefully. On "old" ZIP's, yes, they work, because ZIP passwords were a load of junk, like WEP keys. Nothing to do with "encryption" at all, same for Microsoft Word/Excel passwords, NTLM hashes, etc. (Oh, look, guess what Elcomsoft do tools for...).
Do it. Prove me wrong. Make an AES-encrypted ZIP file with a 20-letter password and then fire the Elcomsoft tools at it WITHOUT ANY PASSWORD HINTS. Come back in a few thousand years.
And brute-force is easy. It's trivial. I can write the code for you now. You just try every password possible.
The problem is that there are potentially billions of possible passwords and only one works. The code is a loop, probably only a few dozen lines of code at best. The problem is that it takes MILLENIA to actually execute against a real password.
The latest Windows Truecrypt binary has, I believe, be verified against the source. The only differences are compile times and compile-time paths (i.e. the name of the folder that the programmer put his source code in). The actual published source conforms to the actual published, signed binary. And the actual published source is there for anyone to poke at. The same can't be said for BitKeeper or a variety of other security products. That doesn't mean it is secure, or isn't secure. It just means they are a hell of a lot more open about what the product does than anyone else and that's the kind of people you should be trusting your data to.
Please, if you're going to comment on something, actually TRY IT first.
Re: @ alleged legion of AC trollops (eg: 11:51)
I highly doubt MS has a couple of thousand Windows Servers just sitting direct on a leased line without security hardware in between (almost certainly Cisco), so that's as daft as saying "try google.com" for a Linux test. (And, if memory serves, microsoft.com is behind an Akamai cache which also performs security functions, and they tend to use Linux, so... whatever).
Fact is, thinking you're any better off with ANY product is really blind faith. What matters is response time and public knowledge - just because you have seen no published vulnerabilities on the Microsoft mailing list means NOTHING in terms of the actual security of the product. And when there are some, MS can takes months to get around to fixing them while they are STILL public knowledge... and that's quite dangerous.
Nobody's immune. And "my product is better than yours" is as stupid as saying "my systems are secure - attack them..."
Re: Rainbow tables
Early ZIP passwords were just that - passwords. They didn't do any sort of proper encryption. You could break them because they were very poor security. If you can find one that old that only uses PKZIP/WinZIP passwords, you can demonstrate this to yourself. Beware: We're talking OLD.
The file format has moved on since those days and now does AES and all sorts. They still call it a ZIP file even though it's different. Try finding a "ZIP breaker" now - they all just rely on brute-force searches because there is no other option, and they take YEARS to crack anything that resembles a real password. Use a modern version of WinZIP and then try these things (Elcomsoft etc.?) and see how far you get even with a password you know.
And rainbow tables only help in hashes, not encryption. You have to have a stored, hashed, accessible copy of his password somewhere. Hint: Windows gives up passwords all too easily if you know how, and you can bypass any password but BitLocker in literally minutes (and that's just the boot-from-disc time, nothing to do with speed of cracking).
A top of the line supercomputer still cannot beat AES in a reasonable time. Nobody has ever demonstrated it to be able to. Your home PC ain't going to do anything against proper encryption (e.g. TrueCrypt, Bitlocker etc.) without having access to a key, even if you let it run for centuries.
As such, the chances are that the lack of the word "encryption" in this article means just that - they broke his Windows / Linux password on his computer, a feat possible by anyone with physical access within minutes. They did not break encryption at all. If the guy used TrueCrypt (which has come up in several terrorism related court cases and no-one has yet ever claimed to have been able to decrypt it without co-operation of the keyholder), this article wouldn't exist.
Whenever you hear the word "crack" or "hack", you have to think about what's being proposed and what holes there are. I can bypass the password on any Windows networking machine you like within minutes, so long as the machines are not encrypted. Hell there are tools to do that. Finding out what the password actually WAS is harder but not impossible. But cracking encryption by brute-force - that's something that you're not going to do on your home PC.
That's *WHY* the law mandates that personal and sensitive data is stored encrypted. Because I can then literally hand you my server hard drive and, without the password, you can do NOTHING with that data. See the Wikileaks "insurance" file, etc.
When you confuse hashes and encryption, passwords and encryption keys, and all of these (including brute force password searches) with "cracking", it means that you just don't understand cryptography.
Was the first word "switch"?
Re: General IT
Currently owed more holiday (including carried over from last financial year) than my notice period.
Unreasonable working environment (somewhat because of the above).
Resigned from job.
Had email job offer within 3 minutes of being home (including Wifi login time) - starts next year
Am now enjoying reading TheReg and commenting on posts while looking for short-term contract work (two offers already).
Oh, and I type damn fast, as the guy who got a 38-page treatise on why the DPA stops me giving him the administrator passwords found out when he tried to argue law / case law with me. (Note: Not my successor, and I did do a handover!)
"did you leave the stove on before you went out"?
Well, if you did, you're a pillock, and hiding the fact is insurance fraud anyway. Why should people be exempt from that just because they don't have an electronic device tattling on them?
Otherwise, I think you underestimate the resistance to such things. Just sheer tech support for junk like that isn't worth the advantages it could give. This is why nobody bothers with those remote-reporting smart energy meters - the advantages given (to turn your heating on early once in a blue moon) just don't compensate for even learning the interface, let alone all the other junk.
And, sorry, but electronic control is a typical geek thing. Sure, at one point if I'd had the money I'd have wired up the fish tank to the Internet when I was younger. Fact is, now I'd rather NOT have to be doing my own tech support at home in such an unusual, custom and specialist area. And automated pump control? Hope you have complete faith in that, because your insurers are going to love a claim for "my fish tank overfilled because of a bug in a piece of software that I wrote"...
Re: Good luck to you Penny Arcade
I used to do web development, many years ago to earn money.
The vast majority of my life, I've done network management.
All my life, I've coded in just about every language imaginable.
Only one of those is actually my job, would I want to be my job, or could be my job at any one time. Sure, if I was in a startup and I was the only IT guy, I could see that working for a little while until we stabilised. But as a career? No.
Hire a network guy. Hire a web developer. Between the two of them the rest will fall into place and you'll have two people's knowledge on it, while the important stuff (the website and the network) will have experts dedicated to them. Anything less than that is being cheap.
What you'll get, of course, is some intern-like guy come in and do it for a year so they can say they worked there and move onto something more stable (and almost certainly containing only one of those roles - it's a good way to "shift" career: Get hired as an all-rounder, then you have professional experience in four different roles that you can say were your primary focus, then get hired somewhere else on that basis at any of those four career paths, and maybe even get there with almost zero knowledge or experience of that particular role).
Re: General IT
I work in school IT.
My rules are:
1) I don't use powertools. Yes, I use them at home. Yes, I feel confident using them. No, I've never chopped my leg off or drilled into a pipe. But, no, I won't use them at work unless you train me and then I'll be asking why you don't train me on something more relevant to my existing job. Especially in a school. There's not much of IT that requires powertools, and what's left (cable-running) can be contracted out quite easily under existing agreements with the people who do our cabling. They know better than me whether they can punch through that wall or not.
2) I'll "take a look" at whatever you want, subject to normal support tickets, your authorisation to drop other things, etc. It doesn't mean I'll do anything about it, but I'll have a look and tell you whether that's me, site-management, the electrician or whoever needs to get involved. Pretty much I'll get it right, if you bother to listen.
3) If I say No, don't make me do it. There's a reason I say no, I just haven't bored you with it. It's either illegal, dangerous or stupid to let someone like me play with it, or it's something we really should be paying a proper expert for. Don't make me stop being your friend and have to form my case around whether I should be doing something or not by the letter of the law.
I have, in my time, dealt with just about everything: CCTV, access control, boiler control, burglar alarm, fire alarm systems, phone systems, TV aerials, burst pipes, fish tanks (don't ask), you name it. I don't see some of those types of things as "IT" at all. The difference was, nobody said "YOU WILL....". The problem was mentioned to me. It was asked of me if I could have a quick look and give an uninformed (but more informed) opinion and get someone out of a hole. It was almost always "Hey, stop work for a second, can you help us here?" rather than anything to do with my actual job and that was almost always understood. I said I'd take a look, I made my recommendation on the basis that I assume I have ZERO knowledge outside of my area of expertise whatsoever, and then it's up to you what to do with that information.
I'm not going to sit and watch the whole place shut down because a low-voltage mag-contact tripped on a door and keeps setting the alarm off when it takes two minutes to unscrew the thing and fix it myself. But equally, I'm not going to start digging into things that we should just be getting a support contract for, or that site managers should be doing and have the time to do.
As far as I'm concerned, a job is also part of your life. You have friends at work. Those friends should (hopefully) include your boss or close peers in some way. As such, a lot of things that have nothing to do with actual work crop up and consume precisely nothing of your time to talk about. You spend longer gossiping about the clients/customers than you do sorting such things out. This is what all that "non-IT" stuff comes under. This also includes when I get my boss bring in his daughter's laptop, or introduce a parent to me because they are having severe IT problems at home and can't afford a technician to come look at it. I'll do it, but it's all favour-based. I don't mind that, because with a favour, I can just say no (but chances are that if I say no, it's because you're being unreasonable). But when it comes to being an everyday part of my job, you've gone beyond "favour" and into something else and my contract needs to reflect that (note: not necessarily salary, just contract).
However, when it comes to what's on paper, the phrase "and other reasonable duties" does not include an awful lot of stuff that you might think it does. Honestly. Try me. I just left a job because of such utter mismanagement of staff over a long period. It culminated in a lot of silly junk like it was just expected that I (on my own!) would fit 120kgs of (60") interactive touchscreen PC + electric bracket on the wall, a wall made of plasterboard, a wall the school planned to hold that board but with ZERO provision from the builders for it (not even an internal wood support or anything), for a TV that the builders refused to lift between them (let alone fit!), that the site managers had already pointed out that they would NOT be touching (literally "It's not in my contract, and it's dangerous"), that's going to sit above the heads of children with an electric motor whizzing it up and down the wall, and take responsibility for it because "it's IT". Er... no. Sadly not. And I'm doing YOU a favour by refusing (and, yes, I've worked in some places where it looks like the last IT guy was the worst DIYer in the world and never said no to anything).
I was expected to control the school boilers because "it has a computer interface". Er. No. I have no idea what modifying pump duty or any of the dozens of other internal settings actually does on this £100,000 boiler (of course I have a rough idea, but I'm not going to risk a huge gas boiler, with huge pressurised water pipes running around a huge school on it), nor why I should be the one changing them, and the boiler engineers we have support contracts for are the ones who know this inside-out, and you won't provide training or recognise it as an official "duty" of mine to somehow maintain these boilers. I'll provide the PC, you get someone else to actually put in the settings. At worst, get them to ring me and we'll do it together over the phone. You want me to change an obvious temperature target on a one-off in the interim because the school is freezing? Fine. But that's about it. And don't come crying to me when the gas bill doubles overnight or the pipes burst.
IT is just one of those professions with an awful lot of "creep" to it. I'm sure doctors and even teachers feel the same when it comes to basically performing social work, fitness-to-work evaluation, psychological and stress training, etc. There's a certain amount I'll do "as a favour". And then there's stuff that you need to change my contract for. So that when it comes up that I don't have enough time to do everything, you have to either take that stuff away from me, or give me some more help.
((Or I leave because you refuse to recognise that I got so far behind waiting for other work to be done that I just spent three weeks hiring my own electricians and chasing them in order to correct the mistakes left by your project-managed builders, that you refuse to get back in to correct their mistakes because you talk to them like they were on your shoe and so they block every avenue you try. Just so that you could actually power up a laptop in a classroom, that's how bad it got in some cases. And then have the cheek to ask why the IT is behind schedule by a **day** or two...))
If it's not explicitly in my contract, expect it to be a favour you ask of me. If you ask nicely, it's not a huge burden, and I feel confident doing so, I might even take it on full-time. But don't just expect me to jump because you have "and other reasonable duties" in my contract.
Re: It's all about the money
This will keep happening while people buy crappy black-market chargers rather than just cheaper alternates (i.e. properly CE-marked unofficial chargers), and have houses without RCD's or decent fuses, and don't check their cable before they plug it into the wall.
Fair enough, you could get a zap off a dodgy charger, but electrocution? That shouldn't happen unless you are somehow part of a circuit to ground and there's no RCD / ELCB at all. It's possible that with a fuse you might get a nasty shock but it should only be very temporary with a proper, compliant, modern fusebox.
This is little to do with crappy chargers, and much more to do with crappy house electrics AND crappy chargers combined.
And he was on a cement floor - so what the hell was forming the circuiting? The DC cable into the phone shouldn't even be able to carry that sort of power enough to actually electrocute you before melting / blowing an internal fuse and how the hell did it manage to arc from the AC to the DC side of the transformer?
Fact is, if he'd had anywhere near decent electrics, he could have stuck his fingers into light sockets and still not died (Fact: Have seen this done any number of times, including once in a lecture hall - maths lecture, so completely unrelated - where people were told they wouldn't do X so would they just stick their finger in a light-socket? Some idiot volunteered and did it in front of us all while the lecturer ummed and arred about whether to actually let him try it. And I know electricians who work with live sockets as a matter of course).
Oh, and er:
Another Christmas with "Sorry, we don't do 1Tb SSD's, yet... here, have a bone"?
Saved myself some precious money on my own "present" then.
Seriously until you can put all your storage onto SSD transparently, it's just not worth the faffing about.
Have a laptop with 2 1Tb drives in it. They are filling fast. If you're not quick, next Christmas I'll be expecting 2Tb SSD's to be in this price range.
I can have the snotty git behind the ticket office, earning more than I do to push a couple of buttons a day, and and who goes on strike for half the year, whose only purpose is to do manually damn replacement of tickets that should have been automated years ago. And have to suffer the hassle of getting to the Post Office in the microsecond between getting home from work and it closing.
I can have an automated ticketing system at our already partly-automated tube stations, and have a local collection point near just about everywhere populous within the M25.
Gosh. It's a difficult one. Can I have the one about having train DRIVERS, versus cheaper fares and no strikes?
One's a PS4 pre-order bundle, one has an extra controller.
$900 and $1500 respectively.
So, yes. And the fact is that cheaper SteamBoxes are already in the pipeline (because, after all, it's just commodity PC hardware rather than a "real" specialist console).
Roll on next year, when we might be able to pick up a cheap SteamBox or similar...
Re: Mental health
Edmund Hillary and sherpa Tensing were on a suicide trip, for all we knew.
The Wright brothers.
Scott of the Antarctic (actual suicide mission!)
Just about any pioneer, adventurer, or explorer, in fact. Because the whole point is that you need people willing to push boundaries and PROVE that it's possible, and those kinds of people tend to have a little bit of "nutter" about them.
Thank God for that. Or we'd still be stuck in the Stone Age.
HTML code for the link is broke.
With appropriate encryption of my own choice, why not?
The fact is that I would trust Google or Amazon about the same as I'd trust a random Chinese company. You think the US couldn't just subpoena them and get my data already? That's precisely the scandal in the news at the moment.
But if you apply encryption YOURSELF to all data that goes to the cloud, then it honestly does not matter where it's stored. You could offer copies of it on street corners to random people. That's precisely the *point* of encryption.
In fact, I'd say, like the "sledgehammer to the server" test of your backups, if in theory you WEREN'T prepared to give encrypted copies of your data to anyone, then it probably means you have zero confidence in your backups / encryption and THAT'S the problem, not who you might give it to. Of course, you wouldn't, because they have no need, but in theory you should be able to without worry.
And if we're talking home use - well, unless you're doing something of concern to the Chinese, I can't imagine it's any worse than doing something of concern to the US. At least China doesn't demand that their law applies in the UK, for instance...
Re: Think brand protection in UK namspace is bad, hang on to your hat
Well, there are already millions of alternatives you could register anyway.
If you're "Marks & Spencers", yeah, this is more that you might have to potentially shut down but the fact is that anyone jumping on your domain to do ANYTHING related to retail with is going to fall foul of your lawyers anyway. What address they used it hardly relevant if they are playing on a trademark in bad faith. And if they wanted to do that, they could easily do it in a million other domains and even in the .uk existing domains anyway.
Fact is, if you go to anything other than Facebook.com, it probably won't be the real Facebook (although they have registered / claimed quite a few of the typo domains by the look of it). You've been able to mistype and get confused for decades but with bookmarks, address books, search engines, and the like the actual domain is pretty irrelevant now.
Give product to random people.
Ask if they like it.
Ask if they would pay £X to own it (vary X at random).
After enough tests you will learn a) how many people like it, b) how many of them would buy it and c) how much they'd pay for it.
I would imagine Samsung has done exactly that. Selling 50,000 units isn't to be sniffed at (1% of the sales of that tablet - and what kind of market were you ever expecting for a device that NEEDS you to own another expensive Samsung device) - that's 25 times the amount of Surfaces that MS shipped to the UK for the launch.
It's just what you expect, really. Nobody's going to buy them for the price they cost to manufacture. We've known this all along. And quite what they offer to someone who already owns a compatible (don't go there!) phone/tablet is a bit of a mystery.
But, still, 50,000 units isn't bad for such a niche item.
Re: WHO CARES!
PLEASE, FFS, READ MY POST.
Let's assume that both sides are right.
What the hell are we supposed to do about it?
Please, argue all you want about whether or not this is true. And continue to ignore the critical question:
What the hell do you want us to do about it?
Nothing else matters. Whether you're right or wrong, nothing else matters. What we need is not "blame", but some kind of answer/solution. And that's what's sorely lacking in today's pseudo-climate-science.
Let's assume, as if we were adults, that we are TOTALLY right, and the world is warming because of human activity and this kind of thing is the indication that we're correct. It might be a leap of faith for some, but let's just take that as the basis.
What the hell do you want us to do about it?
Seriously. What percentage of energy production do we have to give up? What kind of activities can we continue with in the sure knowledge that they are harmless? What kind of impact are such changes going to have on human life? And - most critically - are those changes going to be better or worse than the world heating up?
Because if the "answer" is that we have to lose vast amount of our industry, then we're going to indirectly kill vast amounts of people. Whether through poverty, lack of medicine, lack of transport for that medicine or whatever. And then we have to ask ourselves: Are the actions that we need to take ASSUMING ALL THIS IS TRUE more drastic than the consequences of us doing nothing?
Nobody seems to be even looking into that. Nobody seems to care about the answer because all they can do is point fingers and tell people they are right. But surely, even if I put my scientist cap on for a second, no matter what peer-reviewed evidence I believe or not, shouldn't at least one side of the argument be working on at least sketching out a solution? Especially if, given the scale of the potential problem some are suggesting we're facing (i.e. a worldwide catastrophe), any solution is likely to be equally drastic? And, if that is, and we can stab at measuring that (whether or not the science pans out the way one group wants), isn't there a 50:50 chance that we're better off doing ABSOLUTELY NOTHING about it anyway?
I'd seriously hate to have this bickering for decades only to find out that the only solutions cripple the world more than even 10m of sea-level rises and the associated human cost of that, and that in 50 years time the climate-change believers all just go "Well, there's nothing we can do about it anyway - might as well let people drown" (or the humanely-worded equivalent).
Let's just assume it's happening. Let's do some science about the possible consequences. And let's see if there's ANYTHING we can actually do about it. Because that's infinitely more interesting and useful science, with direct human effects, than any of this "he said, she said" junk.
Inevitably in science, we make a statement: "The atom is the smallest possible particle".
Then we find out that, the only way to explain what we observe is that that assumption was wrong: "Okay, so the atom must have X, Y, and Z inside it, and they're the smallest particles".
And before long we have to then admit that, actually, we can't lay all our bets on things any more and we have to make assumptions and investigate both what happens if we are wrong AND what happens if we are right: "Okay, well, if a Higgs Boson DOES exist, then it will probably have these properties... but if it doesn't, that might help explain why this theory can't account for it...".
Let's get off our bickering backsides and just investigate what it means for both paths - not who is going to be proved right in a hundred years when there's nothing we can do about it anyway.
Nobody in IT hates "new" - what we hate is "crap". We might not deploy "new" immediately. We might wait to see if "new" is "crap". Windows 8 is "new" AND "crap". But, say, SteamBox - just "new" at the moment. If it's "crap", we won't buy it.
They've had more than enough time to fix the problems and get it into the market. They haven't. DVB-T has gone through two iterations in that time (DVB-T and DVB-T2, otherwise known as Freeview HD) and that's got a hell of a lot more that could go wrong with it. And the convertors were a tenner each.
If you can't make your technology take off in 14 years (!), i.e. when we were all running Windows ME and 2K - remember those? - then you have a serious problem.
The digital TV switchover also happened smack-bang in the "let's replace this huge power-hungry box that takes up one corner of the room, with a slick, flat-panel, up-to-date, loads-of-HMDI-connectors TV that sits nicely on the wall and has lots of extra added features like the Internet" period, too, though. Not forgetting that most of the people moving onto "digital" TV were already there - on satellite or cable.
DAB is just an expensive waste of time. 14 years and still nowhere to be seen.
I just can't justify it. It's not going to be long before I can get any portable digital TV I want on my smartphone, that also happens to do digital radio stations too (you already can, if you have that Sky app or iPlayer or equivalent). Why would I bother with a separate device? An expensive device? A battery-killing device? That I have to pay for? That I have to replace multiple FULLY FUNCTIONAL radios with?
No thanks. Hurry up and die so we can just do proper apps for this stuff.
That's £12 from every man, woman and child in the country. For one year?
Somehow that seems an INCREDIBLY stupid amount of money to pay. They're expecting to get something like £34 extra, from every household in the country, JUST to cover their costs of that one purchase.
Add in the other purchases, the cost of delivering those services that they've paid that for, and subtract the odd subscription for those households who will gladly move to BT JUST to watch the sport - that's some HUGE loss there, surely. Even if you think people will take a more expensive broadband to get the sport, or pay extra for sports channels, etc.
Something just doesn't add up. If I were a shareholder, I'd be demanding an explanation. Just how much do they expect to earn from that £1bn+ investment over the course of that sports season?
But a tad out of the RPi price range, I feel. And I'm not exactly a RPi advocate despite owning one of the first models (I'm not an advocate BECAUSE I own one of the first models)... just too much geek-cred and not enough educational focus.
This brings it closer but I still can't see kids wanting to hack on it much. The breadboard is inspired, it has to be said. But £70 plus all the internal faffing about and USB power (which is already a problem)... it's sad. Maybe if it came down in price a little I'd treat myself to one, but it's fallen at the usual hurdles for RPi's in education - no real documentation, no focus, no support, just a geeky device and "there you go".
Think of 30 in a class x £180 = £5400 - Sure, you could do it cheaper if you have someone on staff "who knows", but you can get a netbook trolley for that, or a ton of tablets, or even an entire ICT suite if you're careful (I know - I've done it for that price). Let's not mention that you might need display devices too, if you want to do anything useful, and having the kids reaching down the back of the ICT Suite machines to disconnect VGA/HDMI cables to use the PC monitors probably isn't the best idea. And - again - the lack of educational support materials is going to hit hard unless you have someone "who knows". And schools with someone "who knows" will be doing all this stuff cheaper and easier already.
The BASIC is a good idea but I thought that we weren't supposed to teach children that anymore? Every time I mention it to other programmers, I get universally derided for doing so. Isn't it supposed to be the antithesis of good programming? (Note, I believe that all to be rubbish, personally).
It's a REALLY cool gadget. For me. For schools, etc.? Not so much. Same as the RPi.
Over the years, I have automated any amount of processes that don't really "need" automating but I found it convenient. This inevitably grows into a "Well, I see you do X... any chance you could make it do Y while it's there" scenario and it soon becomes an entire application. Hell, I put some code on our access control system that our access control system guys wanted to buy off us.
The problem with business IT today is that even the "professionals" don't code. They avoid coding like the plague. I would get that in, say, a stock exchange where one wrong semicolon could cost you dear (but, strangely, in such environments, a lot of stuff is held together with scripts written by people who can code and code-flux is quite high), or on an emergency services desk where you don't want to be debugging the system.
But I hate the culture of "Well, we'll just rip all this out and replace it with Microsoft Whatever which can't do half of what it does anywhere near as fast or as nicely and costs thousands and thousands of pounds", especially when you then employ idiots to run it. Why? Because almost every job I've taken has been where that's happened, it's collapsed catastrophically, and someone with a brain has said "Let's just get in a geek that knows what he's doing, to get us out of this mess" and then I've ended up staying because they realise my "higher" price than some spotty teenager is actually saving them an AWFUL lot of money elsewhere (I once worked in a job where I saved them my year's salary - directly and provably, not theoretically - in just the first three months, and stayed working there for many years). There's even a cycle you can witness of this - outsource, bring back in-house, outsource. It takes 10-15 years to complete the cycle but it's definitely there in some places.
In fact, I'm now in discussions with a new employer where exactly that has happened again. They had a geek to run their network, but they found out that he wasn't doing the job (not because he was coding, he just didn't have any backups at all when a server went down). They sacked him. Then they bought in very expensive temporary commercial support to get them out of the hole they found themselves in, who ripped out all his stuff, replaced it with Exchange and all sorts of expensive gear (and way more servers than were strictly required), but they are too expensive and quite inflexible. So now the company are in negotiations to hire me to come in as an "on-site geek" and do all these things that the geek used to do rather than spending money left, right and centre on products not designed for their particular usage.
I'm sorry, but if you want a simple rule in IT, it's employ someone who can code. They don't need to be a coding star, because then they'd not be interested in a small business, but you have to be able to throw them a problem for which NO solution exists (or is affordable) and have them produce something that will work. It may not be pretty (but what the hell does that matter unless you're selling it on to customers, in which case HIRE A DAMN PROGRAMMER and maybe even a UI designer), but it will get the job done and they will know that the effort they put into making it nice and understandable is more than saved by not having to touch the damn thing for YEARS except for the occasional tweak.
I've yet to inherit a system that actually has code. And I've left dozens of systems with code clearly marked, visible, documented and simple, and producing some real results and making a real difference - but I don't think in any of them has anything actually happened because the next guy is usually some dolt (which is usually why I leave - because the situation has changed, the management who knew what I did for them have moved on, etc. and they think that hiring a random idiot will be "better") and he just formats the servers back to the default configuration that has nothing customised in it at all - i.e. they could have just installed Windows and Office without the network at all and have done with it.
Relevant XCKD: http://xkcd.com/1205/
Relevant non-XKCD: http://imgur.com/Q8kV8
P.S. If anyone knows a place hiring a educational network geek at the moment, I'd be interested in a short-term contract to tide me over until my negotiated position becomes available.
The problem with the ID cards was not, and never was, about whether I have to carry ID on me and produce it on demand. Almost every other country has such a law so, if you go on holiday, you cannot avoid having to do that with a foreign police force.
The problem with the ID cards was that an awful lot of databases would be combined for no good reason. It did not act as just an identification (i.e. this is who I am and you can prove it's me) but as a gateway to joining up everything the government knows about you and putting it in front of the bod who, in this instance, you might be renting a house from.
If you don't already get that your passport is ID, and your driving licence is ID and, although you can live without either (my brother does, in fact, but not for paranoia reasons), you still have to produce some form of ID somewhere at some time in order to live (his getting a bank account was interesting and you have to produce much worse documents, like birth certificates, which contain no "ID" at all but whose very possession is considered to be able to "prove" who you are).
An ID card on it's own is a great idea. Bring it in. Make it optional. Don't make it compulsory for ANYTHING. And don't tie it into a billion other databases or make it so that I have to produce it to rent a house. And then, you know what will happen, it will be in the same kind of place as every other country's ID cards are in now. And we'll be quite happy about that. We've had them before, we'll have them again and it's a damn sight better than having to carry your passport or birth certificate around with you.
Oh, and don't make me pay more than a minimal administrative fee for it (I'd say £10 is about the maximum, and I'd suggest you make the first one "free"). Don't make me have a legal requirement to change the damn thing every time I change address or put on 10lbs or change my hairstyle (it's an ID card, not a tracking device). And don't half-arse the implementation.
Fact is, if I go for a job, they will ask at some point for ID. In my industry it's a necessity to perform the appropriate criminal record checks. It's not that big a deal to provide it to them (but, of course, I watch where the original documents go quite carefully). The big deal is that what you issued was NOT an ID card. And people wasted lots of money on them. And there was a lot of resistance BECAUSE of all the shenanigans you pulled with them over-and-above the remit of an ID card. And then ALL of those people now have a useless piece of plastic (including some commenters on here, if I remember correctly).
I'll take an ID card, despite being vehemently against the last attempt. Because what I don't mind is an ID card, nothing more. Hell, you can stick my biometrics on a chip on it if you really want to. But don't expect me to pay for it (except out of taxes that I already pay), and make sure there's some advantage to it, and don't half-arse the implementation - just go straight to nationwide voluntary availability and make it COMPULSORY that airlines, banks, etc. must take an ID card as a form of ID on its own (i.e. I don't need to renew my passport this year, or provide ten other documents beside it).
And if you want to do it properly, encode my image and biometrics onto a central computer system and have the card store nothing more than a number electronically. When you type that number into an appropriately authorised computer system, the central computer sends back your current image AND NOTHING MORE. As a user / owner of one of these terminals, you can't change it, you can't modify it, you can't fake it. Then you have an ID system worth having (i.e. you can verify that the card I present to you is mine within seconds within reasonably doubt) and something that I've been saying credit cards should have had decades ago ("I'm sorry, sir, but you don't appear to look like the registered cardholder of this card"). Then you might even be able to do a bit of fraud detection by seeing who has two ID's with the same prints on them.
But don't force me to spend hours in a photo booth to take images that you then say aren't good enough. (If they aren't good enough, provide them your damn self and I will come to you, but don't make me drive a hundred miles to do so and then make me queue for 8 hours). Don't make me interview for a damn card. And don't make my airport queue any longer than it already is (because I already think it's taking the piss and am quite happy to announce that loudly in the queue itself - can someone tell me why I still have to take fluids out of my bag and strip outer clothing off and queue for an hour in order to do so, and then get the same treatment at the other end where I queue for an hour to see if the guy at Stansted wants to let me back into the country. (Hint: If you don't already know who I am, what right I have to live there, and whether you're going to let me through or not by the time I've landed at Stansted, or you are doing anything more than looking for suspicious behaviour and checking that my documents correspond to me, then you're DOING IT WRONG).
Nobody really objects to "another form of ID" in the shape of an ID card. What we object to is all the junk that surrounds that. And with recent revelations about what you're doing in terms of spying on innocent civilians and doing things that are definitely illegal but getting away with it because "nobody knows", then it's only right that we should question your motives and query exactly what goes on an ID card and where that information comes from and, most importantly, who should pay for it.
I have no objection to an ID card. Just make one that is an ID card.
Re: Makes you think....
I'm not really into music, as such (I have never bought a tape, LP, CD or MP3 in my life). But it's been obvious for decades that the charts have ZERO correlation to what people are actually listening to.
Honestly, shouldn't things like The Beatles, Elvis etc. STILL be in the charts somewhere without having to re-release something? The charts are based on what the record companies tell you has sold a lot recently. That's as good a recommendation as saying that the iPhone is the best phone (which will get you about 20% of people agreeing, and the 80% of the market that are actually on Android disagreeing vehemently).
Charts are there to sell you things - it's an advert, masquerading as statistics. Hell, they didn't include digital downloads AT ALL until very recently. Same as if a song gets onto the radio, it means nothing about how good or popular it is (or else most radio stations would have to listen to requests and thus would become 24-hour latest-boy-band stations), and correlates more to how much the record companies WANT to sell it (which is usually a negative correlation with it actually being any good).
Why anyone would think that any sort of chart of music is at all helpful in music, I don't know. Where would Beethoven "rank" on such a chart? (Hint: Nowhere, because the record companies can't make money from selling it) It's all a load of nonsense. Unfortunately, like designer labels, "modern" art, and what phone to buy, there are people out there who think it's some kind of indicator of what's in fashion at the moment and so religiously buy it BECAUSE they've heard the name in the charts.
The rise of online music services shouldn't be because they provide "a chart", but because they introduce you to things you'd NEVER find in the chart. But, still, 99% of the world are idiots from my point of view. I don't see any other explanation for why X-Factor is a TV show, or Apple are still in business.
Re: IT Managers (in a windows world) dream of
When you've been in a job where it's your neck on the line if you don't comply with:
a) The Data Protection Act
b) PCI DSS.
Then you can whinge and moan about control over your devices.
Fact is, I make a career going into places where users had been let loose on their freedoms, and by clamping them down I fixed the problems they were having almost instantly.
If you can't do your job, go tell the IT guy or his boss, or his boss. Guarantee you that somewhere along the line your request will be / has been overruled already by those in charge (who are listening to the people whose job it is to keep you out of court when it comes to IT data). If it doesn't, you'll suddenly "lose" all those annoying IT people anyway. Guarantee you.
Walk a mile in my shoes, and you'll see what I mean. Some case law says that even giving you the POTENTIAL to access data that you shouldn't is against the law (e.g. providing you with a password that would allow you access to it in theory). Hospitals and schools have fallen foul of it A LOT and got fined heavily. Extend to laptop encryption, monitoring what software is installed, making sure you don't have a virus transmitting people's personal data outside the company, etc. and you'll quickly find out WHY we lock systems down.
How dare we build secure systems with least-privilege principles? It's almost comical you even bring it up.
Re: Noooo to SPF!!
Can't say it's EVER been an issue, and almost every family member I know has email redirection from a different provider to a different webmail or ISP email address.
Note that ALL of my domains forward all of their email (via external hosts and their mail-forwaring, or my own server) to a handful of ACTUAL stored email accounts that I have (including a gmail.com one and an old hotmail.com one). I don't lose emails. And I have SPF setups like mad.
Anyone forwarding has to make a TEENSY TINY change to their forwarding setup if their forwarding setup was basically forging emails anyway (as the SPF FAQ on this says, it's called "remailling" not "forwarding", really). Every open-source MTA has been dealing with the situation since the beginning of SPF and any commercial ones would be dead in the water if they couldn't manage it for the last ten years.
There is zero impact in this - the only thing that changes is that you address the envelope differently rather than trying to pass on messages verbatim (which is a stupid idea anyway). You're forwarding email - the ONE job you need to do is to collect email and send it to someone else - why on Earth would you try to do that by basically "replaying" the SMTP session that you received - it's stupid and nobody does it nowadays (if you know someone who does, name-and-shame).
Every remailer/forwarder I've ever seen uses this envelope-recreation anyway (why would you not want to re-write the actual email address in your envelope to the one you're SENDING EMAIL TO?). It's stupid, un-updated MTA's that have a problem and if you're using one of those exposed to the net unmanaged by someone with half-a-brain you have much bigger problems anyway. They've probably been blocked left, right and centre already for basically attempting SMTP forgery on a huge scale.
Honestly, it's not as big a problem as you make out. One missing email to me would be a HUGE problem, and I monitor closely, and I've NEVER seen this kind of thing in the wild. And I manage networks (including several domains and hundreds of email accounts at every one, most of them set to also "forward" to the user's personal email too at the user's request).
You are MORE likely to have problems if your own mail forwarder is NOT SPF-aware than anything else (and senders won't matter at all).
Re: DAB Bashing
Whoopie for you.
Personally, I'm not a big radio listener so have no "bias" either way. But DAB doesn't receive where I drive. It means replacing every radio I own. It also means that signals exhibit the same as digital TV signals when the power is weak - artifacts that you can't compensate for rather than a slight static / loss of volume as on FM. Not only that, but the WORST thing that ever happened to UK TV was when we went from 5 channels to 100's. Reason: The advertising revenue dive-bombed and so did the quality. There's a reason Saturday night TV died, when it was the staple for decades. There's a reason that channels are full of "cheap" repeats. There's a reason that advert breaks are twice as long as they were when I was a kid. Putting 50 DAB channels when there's only X amount of channels bothering to take an FM licence means two things - the big channels die and the small, junky, new, channels take over to get their 0.1% of the audience in their place.
The reason vehicle manufacturer's don't install it is because people won't pay for it. I'd rather have no radio at all (literally - same as me giving up my TV for several years when the digital switchover happened and barely noticing - I only have one now because it's "free" with my phone/broadband).
The death of DAB is not when there are zero DAB channels. It's when people don't buy into it. There are lots of Thunderbolt-interconnection products out there. It doesn't mean that it's dead, but it also doesn't mean that it'll rule the world.
When you take into account the "Oh, your Freeview needs another upgrade" DVB-T2 debacle, then it's inevitable that people are loathe to jump into DAB especially when there's been talk of codec upgrades and DAB2 for a long time now. And that will mean changing all your hardware again. Freeview etc. could piggy-back on the fortunately-timed fad for large, flatscreen TV's on walls taking over from thick, bulbous CRT's on a TV cabinet. DAB doesn't have any such thing. "HD Audio"? I couldn't tell when my laptop advertised 96Kb/s audio 10 years ago, why would I care now?
DAB isn't dead, but it's never really got a good start in life and won't be going far without being FORCED as a standard. And it's just as likely that people abandon radio entirely in that case, rather than move on. It's a risk that the major stations don't want to take because they know it probably won't go their way. They may be FORCED to at some point but if you have to force people onto a technology, rather than letting market forces play out, then you know that it's doomed.
If FM turned off tomorrow, I wouldn't be buying a DAB radio. At all. Probably forever. I'm a geek, and I have multiple dual-tuner TV cards from both analog and digital eras, just "because" it then gives me an adaptor to view that content if I ever need it. In comparison I have an FM radio in the car, one on my phone, one in the shed, one in the kitchen, etc. - which of those would I DAB if they turned off? None of them. I'd just stop using them. I wouldn't even bother to go to the effort of binning them.
If DAB were just a digitisation of radio that could be implemented on a simple circuit, they'd already be implemented. It would be like LW/MW/FM transitions - just switch to digital audio and have the same channels. The fact it that it requires a lot of upgrades and a lot of junk and a lot of frequency allocation and provides poorer overall service when you consider ALL current users of FM. And all the "selling points" aren't - sending additional data and even images over DAB is a waste of time in the Internet era.
Fact is, DAB is streaming audio over 3G (maybe not specifically, but that's basically what it is) but without any significantly useful buffering. If I want that, I have that elsewhere but done a lot better (sometimes on my existing devices, e.g. smartphone).
DAB isn't dead, but it's a dead-end. It might be forced into the market and enjoy a small resurgence but DAB2 will be the decider - death of all DAB or obsoletion of the existing DAB. When you have found out which, come back and tell me so I can look at buying it then.
Re: Yes to SPF
Er, yes, that SPF stuff is just FUD.
Had it deployed for years. Never not received an email intended for me, never had problems sending an email (in fact, without SPF, it's much harder to send an email successfully to the large webmail providers from your own email server).
And, yes, I do check the logs so I know every SPF failure and why it happened (and have greylisting, and DKIM, and lots of other stuff too) and yet still have never "lost" an email in either direction on a dozen or more domains.
Just don't be stupid - use it quite simply to identify your domain's official outgoing mailservers (which are almost always also your MX servers for reception anyway) and don't try to get too clever (the macro crap in SPF is just not worth it).
I say that as someone who is used to doing all sorts of fancy redirection, forwarding, re-enveloping and have THOUSANDS of email addresses, one for each company/website that I deal with at least. SPF isn't a problem. DKIM is a pain to set up and doesn't seem to do much. But the amount of spam that I receive that I *can* reject instantly because of SPF failures is unbelievable and I wouldn't do without it.
SPF check, Spamhaus check, greylist (and thus they are told to "try again later" to send their email, their email is not officially delivered until they do try again - which spammers NEVER do - and otherwise their email is just forgotten about) gets rid of 99.999% of my unwanted email. And I've yet to see a false rejection of genuine email, or spam sneak through that failed any of those check.
It's been out and available for over 18 months now (not even counting a lot of the "pre-release" build-up). Though we have some ports (by serious geeks) of various Linux and Linux-like distributions, about the most esoteric thing you can find is RISC OS (originally designed for ARM devices, and released by the people who own RiscOS).
In terms of low-level hacking, there's not much going on. Run an OS that we already have, port software over to ARM (which can take minutes in some cases, especially with the Debian-ARM ports of most things just being "there" nowadays), job done in most cases. (And I don't believe for a second that you need real-time OS to control an amateur model aircraft of any kind - hell, just running as root with max priority brings the response times down to ludicrously low numbers so long as you don't routinely overload the capabilities of the machine).
In terms of real-time OS or Bedroom-built OS? Nothing that I can see. So it's really doing jobs that were previously the domain of Arduino boards (have you seen the latest ones of those though?) and mini/nano/pico-ITX boards. And it needs a lot more power than you might think because the stability of the PSU is critical. Battery-powered applications are more difficult to do than you might think.
Micro-satellites - yes, there you'd want something serious. And the RPi hardware is about the worst you can try to use for something like that (especially given the highly-regulated environment it would need to operate in). Did you know that if you slag one bus of the RPi, you get packet loss on others (I think it's SD/USB or Ethernet/USB, but memory fails after months of my RPi being in a box waiting for a fix that will never come as it's a hardware issue)? That's not the sort of crap you want NEAR a satellite of even amateur scale.
And there, the latest Arduinos weigh less, do more, connect better, take less power, are more reliable, and are in the same price range.
RPi was a kick up the bum for the embedded-board crowd, but they've caught up now. Shame that these "bedroom OS" that you think will appear haven't even been started on in the time that's taken.
No. It was not power. See the raspberry pi kernel bugtracker.
It's a bus bandwidth issue when you use the other buses while trying to use the USB bus (e.g. writing USB data to SD, or accessing USB data over Ethernet, whichever bus it is that it shares). It's random and unpredictable and the "fix" was to tweak priorities in the kernel, which reduces the probability of the problem but doesn't fix it.
When you have a serious bench power-supply with as much (regulated) power as you like, power queries go out of the window quite quickly.
Hell, one of my SD-cards is still floating around Broadcom in Taiwan somewhere because they tried to blame that at one point too and I had a Broadcom engineer request it from me (and it turned out that it was nothing to do with the cards whatsosever).
It's just not as nice a piece a hardware as you think when you do anything that remotely pushes it (and children are hardly going to be optimising SD/USB access in their coding). Even the design (i.e. these buses being shared, the weak capacitor situated as the only thing to grip when you want to remove the micro-USB cable, etc.) leaves a bit to be desired.
I'm not saying it's unusable but I don't think schools would want to be sitting diagnosing problems like that.
Seriously Reg, what's your timetable for IPv6 deployment? Has it even been discussed? Has anyone bothered to look into it? How much would it cost? What sort of costs outside of bog-standard network-guy time would it take? Why hasn't it been done up until now? What's the barrier to deployment?
Let's get rid of the junky articles telling us off, and the rubbish about how to back up our VMWare servers (if you don't know how to do that - why the hell are you in charge of running a VMWare server), and the paper-planes-in-space projects and put up an article series on the challenges of getting something like The Reg onto IPv6.
Or is it just that embarrassing that you don't know how to do it, or it would literally take a few lines of code and it would just work?
Repeat after me:
Shiny toys do not teach your children.
Computers do not teach your children.
Books do not teach your children.
Omega-3 in their diet does not teach your children.
The RPi is a tool. In the right hands it's useful. But it's sold many times more as a cheap geek toy for projects than anything to do with education. How do I know? I have a first batch Pi. I work in schools. I bought it to trial it. We never even put it near a classroom. Sure, we could have, but it's no different to the netbooks, tablets, or any other fad that has come along - posh hardware looks nice on parent's evening, but doesn't actually teach anything.
Mine has been sitting in the attic for months. Mainly because of problems that you shouldn't have to deal with on such a device (The USB shares bus-bandwidth with something else - the SD or the Ethernet I can't remember - and as such can lose USB packets [read: All your devices crash and stop working] silently without any clue what went wrong... it's a hardware problem that recent firmwares try to workaround by tweaking some settings but nothing that can be resolved. The posts on this from the first few weeks of RPi bug reporting are still open).
And there is zero effort to actually teach schools how to use it. If it appears at BETT it's as a faddy device on some third-party stall to make you buy it for no good reason, and with few resources to use it. The kind of teachers we have nowadays, that means it's dead in the water. The ones who can make their own resources are few and far between and, let's be honest, don't need fancy gadgets to do those things anyway. They'd be able to teach them with a washing up bottle and double-sided sticky tape.
It's an interesting gadget, but nothing that didn't exist before (BeagleBoards, et al), or hasn't existed since (there are now a myriad of clones, and even Intel has pushed one out recently that's x86-compatible). It has quirks and problems, and it's not really designed for younger kids handling. The older kids using them all have Java-based smartphones, some of them running on Linux, but we're taking them away from the kids at registration and forcing them to cobble together some mish-mash of junk onto a PCB and then get happy when they make a Scratch program they've written in the IT suite run on it. Hell, my five-year-old has a Nexus tablet.
It was sold as "for schools" but it's anything but. As pointed out, there was a point where it was assumed the community would just "step up" and provide all this for free. What happened instead is all us geeks (who didn't grow up with this kind of hardware, or even the luxury of GCSE electronics) bought one, turned it into an in-car PC, and soldered our own circuits to it.
It's a tool. Without someone to use it properly, it's worthless. The people who can use it properly almost always would choose a BETTER tool (i.e. a PC or even a smartphone) to do what they want.
And it doesn't make your children any brighter than spending tens of thousands on bunch of swanky tablets that they all have at home anyway.
Again, I'm implementing my rule here:
An article telling us all off for being lazy and not implementing IPv6:
- On a tech site that publishes no AAAA records.
- Quoting another tech-law site that publishes no AAAA records.
- When all my systems and external websites and services are IPv6-enabled, even my personal ones, without any problems.
- When ALL modern major operating systems support IPv6 without any excuses.
Sorry, Reg, but until you follow your own advice, you're just hypocrites. As such, I can't comment seriously on any IPv6 or other article until you take the simple step of ringing up your hosting provider (I doubt you do this in-house, right?) and tell them to turn on that feature.
IPv6, SPF, SSL, the rule holds for everything.
There's a choice here. Just don't buy it if you don't want it. Personally, anything "non-repairable" is junk to me unless it's literally cheap enough to replace whenever I want (Apple tends not to fall in the bracket for ANY of their products).
Also, no. You don't get my hard drive if I need it repaired. You certainly don't transfer my data for me. Not even if I've bought the machine from you and am returning it quite soon after for a replacement. The hard drive has private data which I cannot provide to you, or grant you any form of access to, under the DPA. Yes, even my own laptop drives. It might be encrypted, but it's still not going to happen. Hell, I have to have a signed form concerning guaranteed data destruction when throwing out 20+ year old drives I've found in a cupboard, I'm not going to let anyone do it - even as a provided service - where there's a chance they could take a copy of the data (and if the company that does the destruction fails? Case law says me/my employer are the ones being fined anyway, but at least we'd have a way to probably recoup that loss).
If the solution is to buy your support packages to fix all this stuff, then that's a loss to me. I don't buy warranties of anything, and the hassle of enforcing even standard and compulsory warranties is not worth my blood pressure. There are any number of appliances in my house that it's just not worth bothering with even the statutory warranty for. Most of the things that can "break" on them are a £10 part I can replace myself or where buying a whole new thing is cheaper than messing about for even the postage back and forth (whether that gets refunded later or not).
I don't like laptops, because they always break on the screen hinges and there's little you can do for those parts when they go that isn't more than a laptop costs. But still, all my laptops allow memory, wireless, hard drive, battery, etc. upgrades. It's a personal choice. The fact is that the purchase price of the laptop + the cost of the warranty replacements + labour + average levels of wear and tear MUST be greater than necessary or Apple wouldn't be making a profit. I'd rather that profit was in my pocket - even if only on average over time - and buy something that doesn't require a warranty to be serviced adequately, and that I can get working or transfer parts out of myself.
And a lot of people I know are the same - most people I know with even Apple hardware don't touch the warranties etc. as they know they are a con.
The control of a device I own is, and will always be, with me. Nobody else, unless absolutely 100% unavoidable.
(I'm writing this on an 8-year-old Linux laptop that I dug out of the cupboard after my more recent one is out of commission - plugged in the hard drives from the new one into the old one, swapped a battery out from a big pile of cheap spares I have, I'm back and working along like nothing has happened within minutes. The laptop itself? One that other people "threw out" because it didn't have enough RAM. Well, it has more than enough for me, and a cheapy upgrade could have fixed their problem. But, no, let's just bin it.)
I'm the same with cars, even though I know NOTHING about them. Give me an old banger that lets me buy parts cheap and have someone replace them as they (inevitably) fail. No warranty. No supplier problems. No tying in to the original manufacturer. When it dies, bin it and buy another. And yet in all the time I've been driving (and the 100,000+ miles I've driven), all of my cars and repairs added together would barely pay for a year's monthly payments on a new car with fancy warranty and no MOT required.
It's not a question of expertise. It's not a question of even money (though any warranty is unlikely to be "profitable" to you on average, or else they'd quite literally be generating money for you out of nowhere entirely at Apple's expense - Apple would be bust, and we'd all be rich). Nor is it environmental concerns or business methods. It's a question of how much control you'd like over your devices.
Personally, you couldn't make me buy expensive crap that I have to even buy a certain screwdriver to fix/replace without me weighing up that gamble (I have a Wii - the chances I'll need to take it apart to do anything useful are near-zero, especially given the purchase price I paid). If your "time" is so important that you are willing to pay for the privilege of warranty replacements - do so. But don't scream at others that they're idiots not to. Gimme a cheaper machine with bog-standard screws and modular parts that I can get from any plastics / battery manufacturer any day.
"Non-essential website has slight technical problems for while"
This is news? Please don't follow Slashdot's example here (and, yes, they did an "article" on this too).
Sure, if Google crashes worldwide, that's a story. If a tax website breaks and people can't submit tax forms in time, that's a story. But a Facebook "error occurred"? Really? What next, are you going to report every 404 or Internal Server Error?
No website, no matter how big, is 24/7. I wouldn't WANT it to be. It means someone is spending an inordinate amount of money on redundancy and not enough on maintenance / testing.
Seriously, Reg, don't go downhill like Slashdot. I'd expect this to rate minor footnote on the bottom of a recent Facebook article discussing something else entirely, at best.
Re: Cool ...
So do a lot of the best CS guys - I'm thinking of Djikstra (dare you to assert that you could pronounce his name properly from the first time you saw it, without being from a country where it's a popular name).
The only time I've ever needed to ring 999, I pulled over up the street, rung 999 and got through instantly. This was inside the M25.
The guy on the end wanted to know where the problem was. This was exacerbated by not only the location (a street called "The Bridge"), but also that he didn't have any fancy computers to help at all. Literally, he had to look it up on a paper map. I asked if this was usual, and he said yes. Five minutes later, he had pinpointed the location I was trying to get him towards (he didn't have GPS, but I did, so lat-long was useless, I *didn't* know where I was, but my satnav did and I reeled off the surrounding roads from the map, but he was looking them up in an index of, basically, London. When he found the street he had to find the intersection I was referring to, etc.)
By the time we'd pinpointed it, he said "Oh, they have CCTV over all that area" (couldn't work out why that mattered at all, as someone was being assaulted as we spoke).
To give him his due, by the time I hung up the phone and got back onto the road, there were sirens in the distance and I was being rung on my phone by the actual police officer in the car that was coming towards me.
The only other times I've needed to call the police has been to report a faulty traffic light (that put green on both ends of a roadworks and was incredibly dangerous). Again 10+ minutes of explaining where I was followed by "Oh, yeah, we know about that". Again, it was sorted by the time I passed the same point on my return journey.
And to get help to my ex- who'd got stuck in a broken-down car, on a motorway intersection, with no help, in deep snow, and had waited 30 minutes for the RAC to arrive. I phoned up a Scottish police number from England and they had no GPS, no way to locate things and again looked up locations on a map with my terrible Cockney accent marring all their efforts to identify local roads that I couldn't pronounce (I knew where my ex was, she texted me lat-long!). Again, within MINUTES of identifying the location, the police were on scene doing more than I'd ever expect them to do (giving RAC a right royal going over, by what I overhead on the phone, and within minutes an RAC response van had suddenly decided to prioritise the lone-stranded-woman-with-baby-in-snow-covered-car) and were great. But their operations centres need a lot of help first.
The tech is there, we're just not bloody using it. And Ofcom don't need to get involved until the police have equipment that can use that information in the first place.
Re: BIOS Password
I thought this was the exact kind of thing that TPM and Secure Boot and signed software was designed to block.
The tools are there, to remove CDROMs, and to stop them being used to boot ATM's into anything other than the official ATM software - the fact that they are not used has everything to do with crappy IT and nothing to do with the inability to actually secure such devices quite easily.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Exploits no more! Firefox 26 blocks all Java plugins by default
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad