* Posts by Lee D

514 posts • joined 14 Feb 2013

Page:

'Linus Torvalds is UNFIT for the WORKPLACE!' And you've given the world what, exactly?

Lee D
Silver badge

Re: How bad is Torvalds?

Please hand back all your TomToms and other satnav devices.

All your CCTV DVR's.

Most of your wireless ADSL routers, etc.

Anything with Android written on it anywhere, smartphone or tablet - currently outselling Windows phones by ENORMOUS ratios and even iPhones but people don't like you knowing that.

Most of the in-house networking gear in your workplace that's not purely switching stuff (e.g. Smoothwall boxes, content filters, WatchGuard firewalls, etc.)

All your Raspberry Pi's.

Most of the world's webservers, cloud servers, etc.

Almost all your "smart" devices like GPS trackers, fitness watches, ANPR, etc.

You don't want Linux on your desktop? Fine, but vast amounts of the world collapse without it, and it's actually running your ISP, almost certainly running your webhost, etc. Sure, there are alternatives that you could use instead but that's hardly the point.

This is like saying that Rayleigh have cornered the push-bike market, but Rolls Royce are a disaster because despite being in (and world leaders of) the automobile market, the aircraft market, the shipping market, generator markets, etc. they don't have a Rolls Royce bike that's as popular as Rayleigh.

4
1

Eurovision tellybods: Yes, you heard right – net neutrality

Lee D
Silver badge

"Quick, there's something in it for us now, let's stop being against it for a microsecond until we get our way, then we can forget all about it forever after."

You weren't interested five years ago, then it means that - on balance - you probably won't be interested in five more years.

Project Kangaroo died, you can't force people to pay for your channels individually online, the ISP's won't let you provide your own bias to their content provisions, large content providers like Netflix mean you're either "in" or "out", so you come out for net neutrality now to make sure none of your rivals can do the above successfully after your failed attempts. And then when one of them does anyway, you'll all be vying for your own version of lock-in and bias because THEN you'll be able to get away with it.

It's pretty simple. I don't care who you are. I don't care how you want to sell your stuff. If you have content that's interesting, I want to pick it up wherever I am, whatever I'm doing, whatever device I'm using, whatever ISP I happen to be on, whatever mate's house I'm around. Understand that and you find the value is in your content, not what platform you appear "exclusively" on, or what ISP will agree to bump up your speeds just because you pay them more. What matters is your content, not what bandwagon happens to be heading your way at the moment.

The last ten years should have shown you this. 4od basically give all their content, even historical, away online for nothing. BBC iPlayer only has a time/region restriction because of the way the corporation is forced to operate and that gets recorded/proxied to death even so. Netflix et al are making a viable business just providing your content in a sensible online format. And now places like Amazon are muscling into PRODUCTION, not just distribution.

But some of you fought it all the way to make it as difficult as possible to get your content in reasonable formats and reasonable ways. And now suddenly you want pan-Europe rules to make sure none of your competitors can best you? Maybe if you'd been listening and properly competing on what matters in the first place, they'd be USING THOSE RULES against you instead now.

I don't care who you are. Provide the content I want, for a fair price, without any restrictions (or pseudo-restrictions by giving "advantage" to others). And provide it everywhere - satellite, terrestrial, cable, online, etc. all at the same time.

Sell me content. Just content. Because I'm not interested in "your" preferred ISP, etc. I use Internet companies for my ISP and I use content companies to watch on TV. I use TV companies to sell me a TV in the first place, too. Stick to what your business is supposed to be, and there won't *be* any issues. Try to make your content exclusive or your competitors be at a disadvantage and your lose my content revenue AND I'll change ISP to one that doesn't bias itself. It's not hard.

2
0

Alan Turing's LOST NOTEBOOK goes under the hammer

Lee D
Silver badge

Re: Glad to see Turing had problems with notation!

Notation is everything but one notation for everything isn't the best idea. The idea of notation is that in some cases it's better and in others it's worse but merely CHANGING the notation you use between the two instantly makes a certain class of problems easier.

Think about chess games. You notate in classic co-ordinate systems, but that's no good if you want to record the board position itself (as you have to replay all the moves). So we have Forsyth notation to note the board position. But even in game-record notations, sometimes it's easier and more sensible to talk about particular ranks and to do so from the viewpoint of each player, hence we get into descriptive notation, but for beginners they probably are more comfortable with algebraic, both of which are really just a simplification of much more long-winded notation which notates every square moved from even when it's unnecessary.

But computers have their own notation for games, and there's even odd things like chess notations that side-stepped censorship on coded messages sent through the post office during certain wars, etc.

A different notation of EXACTLY the same problem can make it trivial to solve. But no one notation can do that for ALL problems. This is true of all mathematics, where merely using the notation of a different branch of mathematics to describe the same problem can provide links that nobody ever thought of between the two and make solving complex problems trivial. This is pretty much where a lot of the "universal theory" mathematics is heading towards at the moment, for instance.

1
0
Lee D
Silver badge

Re: "The Imitation Game"

"True story" movies are boring. It's as simple as that.

Hence why every "True story" is "based on", not "this is what actually happened".

You have to go into movies KNOWING this. U-571, however, is a different class of tosh. Imitation Game is merely embellishment and "artistic licence" with the story so that grannies aren't saying "That was boring, what the hell was going on" for everything.

NEVER watch a movie expecting historical re-enactments. You won't get them. Ever. You think Mrs Brown was accurate? Or The Iron Lady? Or Made in Dagenham? Or The Queen? Or The King's Speech? No. Never. Not even close, any of them.

What you can get, having seen the movie, is a fun run-around in a Turing-like world. A homage to the man. Something embellished and polished but fun and interesting and insightful and true to the SPIRIT if not the word of the law. I'm a massive Turing fan. Sorry, I'm a mathematician and, from there, a computer scientist. I'm a programmer. I'm a computer theorist. I'm into coding theory and cryptography. I couldn't help but be anything else. I do not go to watch movies in cinema. I did for this. It was great fun, close enough and good enough that I can point out the problems (and that's half the fun of knowing the subject truly, like half the fun of knowing The Silmarillion and LOTR inside out is pointing out the bad bits of those movies) but my girlfriend can enjoy the movie as much as I do, and we can get some kids in the cinema going "Oh, cool, I never knew about this guy but this looks interesting".

You want factual representations? There is NO VENUE for them whatsoever. Even the "science" channels on TV are a load of tosh, the Royal Institution Christmas Lectures nothing more than QI without the questions, etc. YOU WILL NOT GET IT.

But you can enjoy a good movie that you can poke holes in as an expert in the subject, if you like.

12
0

Video nasty: Two big bugs in VLC media player's core library

Lee D
Silver badge

Re: FFS

I find that a bit quick, for disclosure.

To think that MS were whining about 90 days +!

And the fix is in the developer version, according to the article.

Sorry, but if you did that to a commercial project, they'd tear your arms off and beat you to death with the soggy end.

But two weeks is barely adequate to test a fix.

44
0

Buggy? Angry? LET IT ALL OUT says Linus Torvalds

Lee D
Silver badge

If someone, anyone, a security researcher or some kid downloading something from the Internet, is able to tweak a setting and compromise a system... it DOES NOT MATTER the origin of that information. There are entire markets with 0-day flaws, there are flaws floating about IRC channels and Usenet, there are pre-built hacking tools just ready to download and craft your own version of any particular exploit.

The fix is not to pretend the flaw doesn't exist, couldn't be found by someone else, etc. It's to patch it. As soon as you can. As well as you can. Rather than bury your head in the sand.

And "testing" some of those patches is almost not necessary - the fixes are so simple as to be auditable quite quickly and only in very isolated components that serve one particular task.

Take the OpenSSL flaws. Some of those were hinted at and reported. When I looked through the OpenSSL code, it was a mess, but anyone with time on their hands and reason to do so could have found those flaws YEARS ago and kept a lid on it all that time. The fix is not to then go into a 90-day hiatus and eke out every second of non-disclosure. It's to fix the problem ASAP. For 90 days, someone in Google, probably several people, has KNOWN of that flaw. It's been in a database that probably dozens of people had access to. Any compromise at Google would have given someone a 90-day window of flaw execution. Why is it that people "don't trust Google" for years but all of a sudden they expect them to hold onto such a flaw perfectly and never reveal it.

It's a flaw. Someone knows about it. Fix it. Whether that someone is your own security team, a security researcher (of course, they are ALL trustworthy and would never sell their skills on the black market on the side....), or some kid on the Internet. Fix the damn problem.

21
0

You'll get sick of that iPad. And guess who'll be waiting? Big daddy Linux...

Lee D
Silver badge

Re: Lee D Laptop/convertible+smart phone

In my experience, places that care about support aren't using Microsoft for it. They are using a myriad of technicians, consultants and specialists.

Sure, it may be more difficult to find Linux tech support, but you wouldn't necessarily be looking to the companies themselves.

When was the last time you called Microsoft? In 15 years of MS support, I've ever only done it to resolve licensing issues. When I have an error, the chances are the first 20 hits are random websites, not the MS KB. And the MS KB will likely be outdated, incomplete, have no real solution, or be referring to something else entirely.

Support, in general, doesn't come from the manufacturers. If your business is big enough to hire an IT guy, the IT guy is your support. The number of times he has to fall back to talking to Microsoft, or Red Hat, or whoever is going to be few. And there, I'll find he'll gain much better support from the Linux side than the Microsoft side.

Hiring in-house support for Linux may be more tricky. But past that, places not big enough to hire an IT guy don't really have enough IT to worry about (and will never hear of Linux anyway).

4
1
Lee D
Silver badge

There are issues in these areas, certainly.

But similar issues also plague "new" Windows. I admin Windows networks and the amount of things you have to drop into the shell for are amazing. Activating Windows / Office on a network? VBS scripts run on the command line. Deleting an email from networked Exchange inboxes? Powershell commands. Have you seen what you have to do to get the Windows 8 "user logo" to be their photo from Active Directory? Logon script, basically, that downloads from AD, resizes to various sizes, sticks it in a certain folder on the local machines, and has to be rerun on every logon in case they changed their photo.

99% of users don't use that stuff and 99% of users of Linux wouldn't need to either. You can install software from the GUI, you can create users, modify your network, all the stuff that's GUI on Windows is GUI on Linux too. The difference is that it's ALSO available in the CLI as well, which is no longer true of Windows.

And the issue is moot. With VM's, you have no idea what you're really running anyway. Linux or Windows is then nothing but a pretty interface to the real machine underneath. And with VMWare etc. it could be Windows, Linux or NO OS AT ALL underneath the VM.

P.S. Defaults on installing Server 2012? It wants to give you a CLI only. You have to SELECT the GUI option. The only way to run bare Hyper-V hypervisors that aren't Server 2012 themselves? CLI only - inside a normal Windows GUI that you can't use.

8
2
Lee D
Silver badge

Re: Laptop/convertible+smart phone

I could work that way today, it's not really "future".

The holdback for years was Office (been a LibreOffice user since day one, it's more than good enough) and games. 1/3rd of my Steam library is on Linux now. If Windows were to go away tomorrow, I would barely notice, personally. It would mess up my workplace for a few months until we got the alternatives in, but at home, who cares?

I've invested more money into VMWare at home than I have Windows operating systems. And most of that was for development purposes. Though Linux can build and compile a Windows 32/64-bit app, you really have to test it ON Windows to get a feel for it working properly.

There will be no "year of the Linux desktop". Desktops are dead already. Year of the Linux hypervisor running a bunch of whatever you want is more likely. It won't be long before I'm recommending that people just run VM's in their daily lives. Imagine the hassles that grandma could avoid if you could just roll her back to yesterday's snapshot with one click?

For five years, I managed without Windows at home, while running Windows networks. It was Slackware (Ubuntu was around, but I like Slackware). Then I had an employer-laptop provided with Windows. It made little difference, I still ran the same software. (and, yes, often had to open stuff in LibreOffice that MS Office didn't stand a chance of opening - even MS Works!). Now, work-wise, everything is going cloud and web-based so it's even easier.

If I didn't already have a 7 Home Premium and 8 Pro install loaded on the machine at home, I'd probably not bother with it. Gimme remote desktop for work, a web browser that works on modern sites, a decent chunk of my Steam library, LibreOffice and Eclipse and I'm done. None of that is dependent on Windows any more.

When all my employer requirements include iPad and Android compatibility anyway (so everything is web-based even if the server that makes it so is on Windows), and everything on the server end is a VM, there's not much room for Windows itself except for convenience, familiarity and licensing.

7
4
Lee D
Silver badge

Re: I'd try Linux mobile

Have not used the Samsung tablet much but have Samsung Android smartphones. Killing app is a rarity. Rebooting is unheard of (admittedly, a couple of times a year I forget to charge it, but that's probably WORSE as it's a hard-crash when it does that).

Not sure what you're doing differently, but I've not had that experience. With my old Galaxy Ace, yes, I ran out of space all the time. But that was because the space was so pitiful and things insisted on going on the internal RAM first even if you used apps to move them to SD later. And, yes, Facebook is one of the worst culprits - it seems to grow madly over time, requiring you to Clear Data and log back in. God knows what's it doing.

But I've deployed other Android tablets in schools and we don't have these problems either.

This Christmas, I went to my Italian girlfriend's family. At one point in the room there were three new Samsung tablets, four new Samsung phones, and whatever we had in our pockets (almost entirely Samsung). We were teaching people how to use some of them, but others had been using for years. I don't think we killed a single app or rebooted once, even with the kids taking over and installing every free app they could get their hands on.

As resident techy guy - even with a language barrier - I got called on for all sorts. But the tablets and phones never figured except to show people how to use them. I did have to fix two iPhones that had gone muppet, however. And nobody even had a Windows phone. Bear in mind that dozens and dozens of relatives and friends came and went over the period and they all know me as the techy guy who fixes things for them.

And, no, I've never rooted anything either. The biggest problems I've ever had with Android tablets were the cheap ones not coming with Play Store so I had to fudge an old APK onto them and then update.

24
2

Lloyds supplier payments TITSUP: What, you want MONEY from a BANK?

Lee D
Silver badge

You can be sure, if that was the other way around, you'd have bailiffs and court representatives hounding you left, right and centre by now.

You're a bank. You know what needs paying. You press a button and it gets paid. Pay it from your contingencies while you fix the system. And if you're still paying TWO MONTH OLD invoices, then you're probably in breach of contract, technically, depending on what the invoice allowed for payment. Those people can easily come back in, take back their goods/services at any point, and still bill you for their hassle. Like YOU would if it were the other way around.

I understand a day, a week, of hassle. But it costs nothing above normal costs to get people to drop other tasks until you've paid your debts off, even if you have to do it manually and from some other fund for the moment.

At some point, we're going to have to treat banks like banks treat us. By now, in that situation, I'd be on nearly 1.5x the original debt with fees, hassles, etc, with a permanent credit history mark against my name, and I'd never get credit from those people again and they'd be demanding money up-front on all future projects.

There's a reason I avoid giving any bank a single penny more than I have to, or leaving a penny more in my current account (don't have a savings account, for them to play games with and then give me below-inflation increases back after several years of my not touching it) for a second longer than necessary.

Remember when I went a tenner over and you charged me £50 for the privilege? Let's multiply that up. The only way I could get my own back was to waste an hour of a bank manager's time (which probably costs about the same, I estimated) and then tell him why I'd done that. He said that it wasn't "very productive". I agreed entirely. Charging your customers five times their debt for a day "borrowing" £10 that they never asked to borrow (I'd have been happier for the payment to be refused!) is no more productive than me having to waste your time either.

23
1

Get coding or you'll bounce email from new dot-thing domains

Lee D
Silver badge

I'm not going to go out of my way to accept these domains.

If Exchange / postfix / etc. don't support them in their latest stable version, and a couple of stable versions before that, I'll likely never see them in use anyway.

The way to deploy something like this is to be low-impact (punycode stuff isn't), backwards-compatible, and get the software working first before you start selling such domain names en-masse.

Chances are, most people who buy those domains will quickly discover that nothing works for them and nobody ever answers them, then stop using them. By the time the software does catch up, nobody will trust them (or their "fixed" replacements) anyway.

Honestly, I see no reason that punycoding something should affect existing email rules anyway. If it's just as simple as allowing hyphens in the domain name, that's a one-liner of a patch to the majority of email software out there and nothing else should really be affected. But unfortunately, it's just not that simple.

And, I've told you before, Reg. You can mention IPv6 when you put out an AAAA record for your own domain. Or did you not bother to write that into the spec for whoever did the new design / CMS for you?

0
0

Insert 'Skeleton Key', unlock Microsoft Active Directory. Simples – hackers

Lee D
Silver badge

Re: domain controller is restarted

I agree completely.

The biggest problem is small IT shops where, actually, the DC is misused as not only the DC but also the primary file store, profile store, etc. Even if they have a secondary / tertiary DC, they can't just reboot them because they don't have adequate DFS setups etc. to cope with one server going down.

Hell, I've seen schools who have Exchange on the DC (which is a totally unsupported configuration) because they don't want to have lots of expensive servers running (Most of them haven't caught up with modern VM technology, either).

A lot of it comes from the legacy of 2000/2003 where a lot of functions couldn't be failed-over to other servers properly or easily (e.g. DHCP, DFS, etc.).

Also, because it's a "DC" it's seen as some mystical magical configuration that must never be rebooted even if you have a secondary.

Hopefully as we move forward into VM'd configurations, such a mindset will be phased out.

0
2
Lee D
Silver badge

If your domain admin account gets malware on it, you have bigger issues than something hiding temporarily on the DC's.

0
0

Grand Theft Auto 1997: 'Sick, deluded and beneath contempt'

Lee D
Silver badge

Re: I loved the top down GTA Games

I can remember playing multiplayer and my brother and I would see how many cars we could line up in a single screen and one of us would then rocket them while the other tried to "surf" over the cars as they exploded.

Sadly, the off-screen cars often disappeared quite quickly so it was tricky to get right.

However, I always loved that style of game, much more so than the first / third person 3D versions.

Also one of the first games to support 3DFX properly so you could run in some ludicrously high resolutions for the time.

7
0
Lee D
Silver badge

Re: Memories

And a map, with that game.

Though, sadly, in-game tech has increased with outside-world tech and such games have sat-nav nowadays.

6
1

Windows 7 MARKED for DEATH by Microsoft as of NOW

Lee D
Silver badge

Not really.

I deploy Classic Shell. It has the "Don't start in Metro" option turned on (again - GP-configurable with Classic Shell's GP settings). You boot, login, go to desktop without seeing Metro at all. Everything else is pretty much the same.

Press Windows key and it brings up the Start Menu. (However, sssshhhh, don't tell my users, press Shift+Windows and it brings up Metro!). Disable the sidebar etc. as much as you can and you'll never see anything Windows-8-y again. It just looks like Windows 7 that's been prettied up and locked down (e.g. the network interface taskbar icon looks a little different, Autoplay - if you have it enabled - looks a little Metro-y, etc.)

Rolled it out to 500 users who had had a VERY bad experience with a previous (botched) 8 deployment, and they were about ready to scream at the mention of 8. It was only afterwards when they then started coming to me saying "Does this work in our Windows 7?" that I told them what we had. They're not the most-observant of users (the techy ones spotted it obviously but also didn't care as they could see I'd toned it down), but I had more trouble from 32- / 64-bit software issues than I ever got out of having Windows 8 on the desktop.

4
2
Lee D
Silver badge

Been deploying Windows 8 for a few years now.

With Classic Shell deployed as an MSI, pretty much it works the same in a domain environment. I agree that, at home, I use Windows 7 but - you know - Windows 8 really isn't that bad. And I say that as someone who held off on the "new" Offices for years, was stuck for XP until 7 was viable (and some time past that on some machines). I am a stick-in-the-mud.

But 8, with the usual "Let's fix this for my domain users" is pretty much there. The extra faffing isn't really that noticeable when you have several hundred new GP options to go through anyway. The users barely notice or care and half of them don't even realise it is 8 (when they've been told to stay off 8 by their children/techy friends).

Sorry people, it may not be ideal and it may be ugly in places, but all OS are. In a domain environment, the tweaking necessary to get it back to "sensible" is just normal. The only thing that really annoys me (and it's not 8-specific)? Simple things still can't be done in GP.... how do I specify the user logon image? Can't put it in AD, no, you have to pee about with scripts and copying over local files. How do I turn off accessibility options? Can't do it in GP, have to deploy registry-editing GP's or block access to a certain program in the System32 folder.

Not specific to 8... I still don't get why MS release an OS or an Office suite where every option the user can customise isn't available in the GPO's...

14
3

So, these guys turn up with AK47s and offer me protection ...

Lee D
Silver badge

Is it just me

Or is there no amount of money you could pay me to put me in a town with random people wielding AK-47s and all the other trouble?

Not suggesting where I live is "safe" but... sod that...

3
0

Eight pocket-pleasing USB 3.0 hard drives

Lee D
Silver badge

The problem I have with these is that they're still a bit small in terms of capacity.

1Tb is fine for the "let's lob some photos on" crowd, but my laptop alone has 4Tb of storage. In terms of putting things on for backup, I need something huge. And when you get into those sizes, then backup speed is a real issue.

These things are neither one thing nor the other. 64Gb USB sticks are dirt cheap, can be dropped and are very fast. These things are large but (comparatively) slow and fragile. Not the best for home backup.

And then you consider that pretty much any old enclosure could do if you slap the largest drive you can afford onto it. I can get a 2.5" 1Tb SSD for a couple of hundred now, but I can't get four times the storage in spinning disk enclosures for the same price.

I prefer the Zalman VE- range anyway as they allow you to mount ISO's stored on the disk and it pretends to be a bootable USB CD drive at the same time (no more carrying around boot/rescue/driver/OS install disks). One of those unique selling points that nobody else ever bothers to copy despite it being nothing but a firmware upgrade. But they can bundle some freeware backup junk that I wouldn't trust my temporary files to...

10
3

UK data cops warn Optical Express to stop spamming 1000s of customers

Lee D
Silver badge

Re: Odd marketing strategy

Clearly you don't keep up with the news.

Laser eye surgery isn't permanent, far from it. Sometimes the only fix for botched laser surgery is... more laser surgery. No guarantees are provided.

And the DVLA are looking into cases where someone has laser eye surgery, passes the test / paperwork to confirm they have no need for glasses when driving any more, and then a few years later are arrested because their eyesight has dipped below the legal standard again.

More important, it's a functional surgery, not a cosmetic one. Cosmetic ones, I can understand (but not condone) the spamming to a certain extent, as an "impulse buy". But either your eyes are bad and you need surgery or you don't. Spamming customers isn't going to help you.

0
0
Lee D
Silver badge

Been going on for years. Think they were my first piece of "text spam", IIRC.

Got them.

Deleted them.

When they still came in, and in, and in, and in, I complained.

They stopped soon after.

Sorry, but if the ONLY way to sell to me is to splat millions of people at random with dozens of unwanted texts, I DO NOT WANT YOUR PRODUCT. Ever. At all. Certainly not from you, anyhow.

0
0

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official

Lee D
Silver badge

"I take it you know you can be forced to decrypt any device in the UK?

DPA and all EU laws have exemptions for law enforcement and security."

If the UK legal authorities ask me to decrypt a device with UK data, and I do so, I'm immune under the UK DPA.

If the French authorities demand it, I may not be, especially if their laws differ.

Additionally, although it's supposed to be EU-wide, it's not a level playing field. This is the problem. Not that a policeman might want to see my data, but that if I TAKE my data and they need to see it, I can potentially still get into trouble even though I'm complying with local laws all the time.

Comply with French law sometimes = break UK law.

0
0
Lee D
Silver badge

My former employer, an independent school, blocked all employees taking workplace devices with them when they travelled to France.

You can be made to decrypt data, under their laws, and the question of how that's compatible with EU data protection or whether you can get in trouble in the UK for such data access (if they then took the laptop off you, you could be construed as having "provided access" to it) is one of those "interesting for solicitors" questions.

Instead, it was easier to just say that employees mustn't do it. Instead, a small smartphone with no data on it was given out for the taking of photos etc. on the school trips, but it still leaves the question of what impact that would have on child protection, data protection etc. if you were forced to hand it over.

11
0

YES, we need TWO MEELLION ORACLE licences - DEFRA

Lee D
Silver badge

Sorry, when did we start down the path of paying a licence for every possible interaction on a system that's managed internally?

I do not believe there's a need for this, and I firmly believe it should have been looked into BEFORE you bought into such systems, rather than years later when higher government picks up on it.

Anything in the "per employee" range is ludicrous. Per seat, possibly. But even £70 per seat for a single piece of application software (which no doubt is operated by another licensed piece of software anyway) is at the absolute maximum top end for things that you cannot live without or do any other way.

Government IT... such a shower.

13
1

GoGo in-flight WiFi creates man-in-the-middle diddle

Lee D
Silver badge

Re: What?

Stick a couple of hyphens in:

"Gogo said at the time that an additional capability - seemingly the use of CAPTCHA to prevent remote access - was an apparent lone function that was not related to traffic monitoring."

But, even then, it's not particularly clear what real relevance that has unless you know the history already.

Specific certs for Google are, indeed, unnecessary. However, almost anything worth its salt when making an SSL connection KNOWS that it's untrusted... even the screenshot says so, which is why you don't get the proper secure icon. You can fake the cert, you can't fake the chain on someone's device without some serious sleight-of-hand that will get you into real trouble.

And almost all proxies in government departments, workplaces, etc. use the same trick to proxy SSL, but they just put the private signing authority into the local devices so you don't know it's "untrusted".

It's not really that nasty - you know you're being listened to - but it's a little pointless just to filter things that any filter could block if you wanted.

And, to be honest, if it's that much a problem, don't block, just rate-limit clients. That solves the problem all round without this kind of fiddling.

5
0

Let it go, let it go ... Sales of games, video and music up for second year

Lee D
Silver badge

Re: Frozen

Because all the *other* kids are obsessed with Frozen.

Obviously.

Don't try to find logic beyond that.

0
0

Brit iPad sellers feel the pain of VAT-free imports

Lee D
Silver badge

Re: What's the problem?

To quote their website:

"Shop at the Apple Store for Education and save up to £159 on a new Mac, and up to £26 on a new iPad"

20% of a £200 iPad is a bit more than £26.

0
0

German minister photo fingerprint 'theft' seemed far too EASY, wail securobods

Lee D
Silver badge

Fingerprints aren't completely useless. They are not, however, and never have been, secure.

The fingerprint is your username. Probably shown at the top of every forum you visit, attached to every one of your posts and maybe even part of your public URL (e.g. Facebook vanity URL's). Also probably related to your name, or your well-known aliases. In schools and companies, your username is - well - your name. Your email username is almost always the first part of your email (before the @).

The fingerprint, however, is NOT your password and never should be. That's just stupid.

With just the username, you can't do anything interesting. With the password too, you can do it all. The fingerprint/username is a convenience - "this is who I intend to try to authenticate as". But without the secret password, or whatever, you can't actually do anything interesting.

Which is why I laugh at all the people I see who use fingerprint readers for library access systems, access control in schools, and even fingerprint readers on their laptops. IT IS NOT AUTHENTICATION. It's a username-shortcut.

I actually have an old USB fingerprint reader. It's a scanner. I kid you not. It's a miniature black and white scanner with a clear rubberised surface the size of a finger to scan. All the hard work is done on the software end with finding edges etc. I could scan your finger and - short of some impressively expensive fingerprinting system in place - reproduce your fingerprint pretty easily (as pointed out, laser printer on balloons, or just a gummi bear pressed onto a laser-printed-and-acid-etched PCB to give it some depth). The stuff to do this is available from your local Maplin's for a handful of pounds, and will get you into most of these systems (except possibly the very top-end that aren't actually doing fingerprints at all, as pointed out in the article).

Fingerprints are not the password.

They are the username.

Explain this to your users and you'll have a much easier time of things.

P.S. I work in schools. Sometimes they're happy to have "username shortcuts" for the little'uns, e.g. to log into the library rather than the librarian having to memorise 1000 kids. But they aren't secure. The security comes from elsewhere.

7
1

Euro iTunes customers get 14 DAY refund option

Lee D
Silver badge

"Apple finally (and belatedly) complies with law" is a news story now?

0
0

Internet Explorer 12 to shed legacy cruft in bid to BEAT Chrome

Lee D
Silver badge

Tell the banks

Tell the banks.

I am still waiting nervously, having finally moved my employer from using IE 7, on the decision to remove NPAPI in Google Chrome.

Pretty much, the banks only care about the things that they can get working, and who cares about security? So it's ancient IE versions, or Firefox (because we have to) or Netscape (really, it lists it in their compatibility list) and ignore everything else.

And we're not talking just a bank account. We're talking full smartcard access requiring multiple PINs and multiple people to sign off on millions of pounds of money moving around each year, and doing so every single month. And we have to do it in IE 6 because that's all the bank will support, and I have to add them to the Trusted Zone, import certificates into all the machines, install smartcard reader software that hasn't been updated in years on each one, and turn off this option and that option and unblock vast swatches of their domains for it to work.

Get the banks onto something recent, and ENFORCE THAT, and I can finally ditch IE.

0
0

Robox: How good could a sub-£1k 3D printer be?

Lee D
Silver badge

The school I work for have bought a Cube3D. It cost about £800, and it "just works". The kids (5-13) knock up some objects in Google Sketchup, we export them to STL, then plug them through the printer software (which adds a raft to the bottom so you don't break the item removing it, and cleans up the internals so you don't waste plastic, and puts "spur" supports on anything that's overhanging) and out it comes.

The problem, as always, is what are you going to use it for? It's the same problem as having a £1000 injection moulding press in the design department... sure, you can make some cheap plastic things with it but quite what are you going to do with them? In schools, the kids can print out models, even print parts for their drone aircraft club to make them look cool, and it all looks very impressive. Hell, I have a 3D-printed nameplate on my desk.

But when you get into the list of single-colour, cheap plastic items that you might want to spend 2 hours printing out (not counting design time, mistakes, etc.), it's quite a short list.

The items aren't flimsy, but you couldn't step on them.

The items aren't rubbish, but you wouldn't want to ship them as part of an expensive board game.

The items aren't "expensive", but you wouldn't want to sell them in a £1 Christmas cracker.

Unfortunately, it requires people to use them in order to generate the next generation of 3D printer/scanners, which can photocopy an object (near enough), which print quicker and more accurately, which can mix and match multiple colours, and which are cheap enough to print out ten goes at getting it right, or a missing hotel for your Monopoly set.

To me, that suggests we really need multi-jet printing (for multi-colour / simultaneously jetting on both sides of the object to speed it up) and in-built scanning (easily possible, but add the price of a Kinect and a moving platform to the cost of the printer) before they'll actually become mainstream. And then you have to ask yourself, quite how many Monopoly pieces am I going to lose this year.

I'd be VERY worried if I was, say, Games Workshop whose product line is basically high-detailed models that could easily be replicated "good enough" to be slathered in paint by the people who spend a fortune on them. But otherwise, I can't see much of a market at the moment.

4
0

El Reg Redesign - leave your comment here.

Lee D
Silver badge

Re: Another bug?

At least we have replies now, and seemingly by the designers?

The problem is one of natural scanning.

I could zip down the old webpage, and my eyes would pick out anything there in seconds. I'd often open 5-10 articles within a quick scan and then read those at my leisure.

Now, it just doesn't do that any more. It's not just "the change", my eyes don't work on this site like they used to and still do on other sites.

The fact that the colours are all the same blends it into one mass. There's nothing to highlight headlines but slightly larger text. And the first page of text used to be nothing more than the most read (or most interesting, or whatever) headlines with a thumbnail. Now it's a huge damn image. I get literally three article headlines on the first page without scrolling now. It used to be 12, plus the featured. I'm running on 1920 x 1080, by the way. It's hard to imagine that it's a huge percentile running higher res displays than that. But 2/3rds of my screen are plain white while I do that, and I can't see a thing.

I don't use the top-bar at all. It's worthless. I click to read an article, direct to the content. I have literally JUST seen what people mean by the dropdown, because I would never use it. Inside the articles, yeah, fairly similar, but it's now wall-of-text-like because of the colouration (? I'm not sure).

The top-bar was always there. Now it's moved and changed. For what purpose?

The featured articles were always there. Now they're four times as large and as wide as the screen. For what purpose?

The logo was always there. Now it's jumped down under an advert (presumably the driver for this design).

There's gaps between all these layers, that weren't there before, so it's shoving content further off the page for no reason.

The surrounding was grey before, now it's white, which is a complaint many have.

There's nothing stopping the black headlines being blue like before, the background being grey like before, the gaps disappearing, the featured articles going back how they were etc. But then you are basically on the old design again.

Hence I don't see quite what you've gained except vitriol.

11
0
Lee D
Silver badge

Re: Another bug?

What about the glaring design bugs?

Hell, there could be an article from you somewhere about this and I wouldn't even know... so hideous to try to parse the frontpage.

Guys, tell us something, or are you just hoping the furore will disappear if you do nothing for long enough?

2
0
Lee D
Silver badge

700 Posts later

700 Posts later... where are we Reg?

Are you going to fix it, revert it, or blindly stomp onwards with it?

It kinda matters to me - I need to know whether to remove it from my "start page" of bookmarks....

5
0
Lee D
Silver badge

"This is going well … just letting you know that we are listening to your feedback on the redesign."

Er... unless you have some kind of profanity filter that changes all the comments I've seen into positive things about bunnies... no, you're not.

"And also reminding you that this design is the first major change to the site in six years."

Six years is NOT a long time. Not at all. And you can lose half your readership in minutes. The reason you don't do major redesigns is that, online, it's like a brand makeover. You only do it if you have something you wish to hide, and people will never like it.

"However, 90 per cent of the work in this redesign comprises changes under the hood that allow us to test and roll out iterations very quickly."

Then why not start with the new system that allows changes, but with a replica of the old design? Then roll out changes one at a time. Like, you know, upgrades, testing, smooth transitions, etc.

"We have introduced a half-second delay before the mouseover triggers the drop down navbar."

You fixed a bug.

"Readers have reported two bugs"

You fixed more bugs.

What you haven't fixed is the DESIGN. And given that it's the design people are moaning about, maybe fix that too? Or is this a "we spent money on a new design, so sod you if you don't like it" kind of deal? Like Slashdot's overhaul? That went down well.

"On the loss of the print icon - rarely used, not coming back - and bemoaned by a couple of readers. We still support this feature and you are welcome to get hacking."

I read: We don't care that you used to use it, we don't care that it would be the work of moments to get it going again, you can do it your damn self if you want it.

Nice way to treat readers.

Honestly? I will have more respect for The Reg is they backtracked and then brought things in piecemeal than did this "Here, shove that down your throat and tell us how good we are".

And, guys? SSL or IPv6, I'd have applauded. And it would have required ZERO DESIGN SKILLS.

18
0
Lee D
Silver badge

Sigh.

Stop. Please.

Take that money away from your web designers. Go back to the "old" way.

Give the money to your server people instead.

Have them buy an SSL certificate, and spend a day making the site IPv6-capable.

You know, like a tech site.

6
0

Plusnet could face DATA BREACH probe over SPAM HELL gripes

Lee D
Silver badge

Re: Don't use <companyname>@yourdomain...

I'm sure they will.

When I notice even the first one, I'll start adding random numbers to the end, or some kind of mental-arithmetic-compatible checksum on the end (number of vowels in the company name prefix?).

That's not a problem. And if it really comes to it, there's software that will create SHA hash-named accounts for you and let you trace to within 1 in 2^160 uncertainty that the email was given out by the company you gave it to.

But, to be honest, I highly doubt no-one tried to spam "e-frag" until the month after I signed up for a gameserver from them, or pizzagogo just 2 weeks after I ordered my first pizza online and yet NOT ONE OTHER company name was guessed at my domains (plural).

1
0
Lee D
Silver badge

I get about four or five of these incidents a month.

I use unique addresses for EVERYTHING. I'm very careful to always press the buttons to NOT send me third-party email etc.

Yet four or five times a month, some email of mine that I've entrusted to a company will get spammed. It's not some evil conspiracy of PlusNet, but it only takes a single rogue employee with access to the database. Those kinds of things sell very well, you know.

Just this month:

cheapflights@

macromedia@

pizzagogo@

e-frag@

securityfocus@ (likely a Usenet scrape)

bitcoin-24@

huntersscan@

PlusNet don't have my business any more, since the BT takeover, but I'm sure I wouldn't be surprised to see their name in there either.

Once had a guy from a company spam me to rm@ (I work in schools, RM are a major supplier for some places). When I dug into it, he was a former employee that had left the company to start his own selling IT furniture to schools... someone obviously decided to just walk off with the RM company database to start their own company with those contacts.

I complained, nothing much was done. Nothing much CAN be done. Once your address is out there, it's out there.

If you want to control it, buy the cheapest domain from the cheapest registrar, set up email forwarding (literally one click usually) and then start using companyname@yourdomain.com for everything. When one gets spammed, block anything sent To: that address in whatever account you forwarded it to.

Hell, I even write in the SMTP reject message why:

Recipient address rejected: Account has been spammed by the company given that email. All emails blocked.

Don't have just one email. Have an infinite number of throwaway ones.

12
0

BYOD: How to keep your data safe on their mobile devices

Lee D
Silver badge

Re: Wonderfull snakeoil

And if it's encrypted, all you've done is removed the encryption key from RAM and made it absolutely inaccessible.

Have you not noticed that all iPhones and Android machines now support encryption of the base device, the SD card, etc. as a one-click option?

0
0
Lee D
Silver badge

Re: Wonderfull snakeoil

There has never, in human history, been a case of someone being able to read overwritten sectors on a magnetic hard drive. There was a prize for such a few years back - an unclaimed million dollars which, by your reckoning, any one of these data recovery companies could have picked up by doing what they do every day.

Similarly, for flash etc. chips, the same is true. "Magnetic" or "electronic" history does not exist.

Therefore, if you overwrite every sector, or encrypt every sector and overwrite the key, the device's data is gone forever. What the passphrase is to that key is another matter but, again, overwrite the sector that holds the key and it's gone forever.

So, please, stop spreading misinformation. The ability to remote-wipe is critical to the Data Protection Act and myriad other pieces of legislation that require such controls. And you can have high-confidence that, suitably encrypted, any device is impenetrable and - if it ever comes online - remote wipe will pretty much guarantee removal of access to the data on it.

(Data recovery firms work by mechanically replacing parts of the hard drive to get it working again, in a sterile environment. It's a costly and expensive process but it can't work miracles. After that, all they do is repeated reads - usually through specialist write-blocking devices so they don't interfere with data for legal reasons in court cases - until they have as much of the data back as they can get. Then they reconstruct what they can and put it back into the formats you expect. They are nowhere near miracle workers and will often charge you full price and then say, sorry, this is all we could get back. I know of a school that paid £10k to restore their RAID set after they found out their IT guy wasn't backing up and the server failed - it cost that much to read off the data from old, bad-sectored hard drives that had been working fine but merely crashed mid-write. Even with a degraded RAID set to work from, they got back only 80% of their data, the rest was corrupt. Data recovery is about data reconstruction, not miracle-methods to get back data that's been overwritten - and a lot of it can rely on the fact that "deletion" is not "overwriting", in just about every major operating system).

3
1

Microsoft BEATS Apple, Google ... to accepting limited Bitcoin payments

Lee D
Silver badge

Re: Bitcoin is better than currency in that you don't have to be physically in the same place

It might well be approaching fifteen years in a row that I've done the vast majority of my Christmas shopping online, and 8 or so where it was basically done it exclusively online with only impulse buys at physical stores to soak in the Christmas atmosphere.

Can't say that Bitcoin would have helped much in that respect, but quite right - being in the same CONTINENT as your seller is quite old-fashioned nowadays.

3
0

1&1 goes titsup, blames lengthy outage on DDoS attack

Lee D
Silver badge

Re: yes...

If you think that's all 1&1 do you might want to look at their website.

Last time I dealt with them, I was pricing up a "hexi-deca-core" dedicated server at something ludicrous like £1000 a month, but that was a few years ago.

Granted, they aren't the best out there, but if you can't get into the domain management interface to manage things that may be relevant to a £12k per annum server, it's a bit more serious than grandpa not being able to get on his family photos site.

0
0

97% of UK gets 'basic' 2Mbps broadband. 'Typical households' need 10Mbps – Ofcom

Lee D
Silver badge

Re: very misleading headline.

Not really.

If that 97% were getting 24mbps, it would soon bring up the average much quicker than you suggest.

Given that basic offerings now are ADSL2+ at 24mbps, or VDSL at anything up to 80Mbps, with Virgin cable going into ridiculous speeds, and even 4G networks giving me 25Mbps+ in both directions, I wouldn't be surprised at all.

Don't forget, they are using the theoretical maximum for the most part - just because I don't want to pay a small fortune for 120Mbps cable, that means nothing to the statistics. Technically I'm counted as that speed because it's available to me, not because I'm actually using it.

So you have an awful lot of the population on 24Mbps at least, even if they are cheap packages and dodgy phone lines. It's only the 3% out in the sticks where the ISP's cannot even guarantee basic ADSL that bring the numbers down.

2
1
Lee D
Silver badge

Re: Typical households need 10Mbps

Renew your tax disc if you work and your local post office is closed at 5:00:00.000001 pm.

Submit your tax return using the much easier online system.

Do your legally-required kids homework that's heavily online-based nowadays as school more to virtual learning environments.

Do online banking to pay your bills.

Comparison shop among suppliers of basic utilities.

Research legal issues, benefit entitlement, etc. online.

Apply for jobs (good luck doing this offline nowadays,with anything but manual-labour jobs).

Research, and vote, political candidates online.

There's a TON of things that need half-decent Internet access, and 56K modems aren't any good for people any more. If you have a household of average proportions, and even if you decide to do without all the above (somehow), it's making your life harder than necessary, killing trees, increasing costs and making everything take longer than the digital alternative would.

Hell, my doctor's surgery sends prescriptions electronically now.

The digital world is coming, and much like electricity was new once, it will soon become (if it hasn't already) a utility service. And that means a service obligation of a pittance of megabits (my phone can do three times 10mbps on a £10 a month basic package) to ensure that people can do them without being conned into oblivion by their ISP.

At one time, landlines weren't available to all, water wasn't available to all, gas wasn't available to all, sewage wasn't available to all, electricity wasn't available to all, postal services weren't available to all, etc. When we realised the benefits - not just for the householder but overall as a populous - they were mandated and regulated to ensure continuous service.

The government probably saves SO MUCH MONEY by offering online services for things like tax returns that it's happy to FORCE ISP's to provide a basic service so that they can move everyone over to it.

18
1

Zombie POODLE wanders in, cocks leg on TLS

Lee D
Silver badge

There seems to be a need for a central page somewhere that says, quite simply:

What protocols are safe.

How to configure popular software to use those protocols.

And it updates, say, once every year or in the event of a major incident.

Many of the IT people I know aren't aware of these issues, or of the way to avoid them on their networks, and with the ever-changing climate it's important to not carry old knowledge forward.

I have a browser that let's me checkbox individual SSL/TLS protocols, and I read a fair few tech websites, so I'm fairly confident I'm safe but it would be nice - when setting up a new network - to just have one well-known website to go to that tells me, no, I shouldn't be using WPA or TLS 1.2 or whatever.

4
0

Ten Linux freeware apps to feed your penguin

Lee D
Silver badge

Re: freeware?

It's not "one or the other" no matter how GNU might want to paint it, it's a hierarchy.

Inside "Software" is "Freeware". Inside that is closed-source freeware and open-source freeware. Using one term that encompasses more than you intend is fine, it would be the other way round that's dangerous (e.g. saying they were "open" tools but they were really just freeware).

And the definition of freeware as such far predates anything GNU might have come up with. They just don't like the term "open source freeware" - which is EXACTLY what they make.

It's an overlap in a Venn diagram between free/commercial and open/closed source. Demanding that people are ultra-specific about it is one way to really put people off. It's freeware. It just happens to be open-source too. There is plenty of open-source non-freeware and vice versa to distinguish.

Nobody elected FSF/GNU the authority on what every category of software should be referred to as, and thank God for that...

10
2

Outage STILL hitting Virgin Media Business broadband customers

Lee D
Silver badge

Re: Time to fix.

I agree that things break and it's better to prepare for and expect that than cry because of something out of your control not working.

My phone just activated itself on 4G and actually beats a lot of broadband offerings in the local area (certainly ADSL2+) - in a pinch, I'd happily run a business off that no matter how unofficial it was. I have, in fact, done exactly that in a school with 500 users that was cut off by their ISP for "using more than an ordinary residential house" - on business broadband that the ISP had installed on-premises themselves! While the bursar yelled at them and stoked up the lawyers, we ran the school for a couple of weeks on 3G sticks, and nobody really noticed. (Needless to say, the contract was terminated despite their protests and we went with an alternative supplier entirely).

That said, like the other article about bricking a NAS device, don't update firmware without a reason. Windows Updates, you can roll-back or re-image. Device drivers you can uninstall and reinstall. Software you can restore to a previous incarnation most of the time. But firmware is all-or-nothing. Don't do it without good reason, and certainly don't do it automatically on critical hardware the second it comes out. If I were Virgin, I'd have watchdogs on the firmware that auto-rolled-back if they didn't come up on the new firmware within five minutes. The cost of just a handful of incidents like this justifies the extra development cost, and it's a pretty ordinary thing to do (most routers, most servers, etc. already do this for firmware/BIOS).

And you do have backups for your business-critical connection, don't you? Like a cheap / free ADSL line on another line? Or 3G/4G? Or even just sharing the neighbouring businesses wireless temporarily? No? Shame. My interest level plummets in that case.

1
1

Microsoft hikes support charges by NINETY TWO PER CENT

Lee D
Silver badge

Re: It isn't extortion, just check your EULA

If you believe that the EULA is the be-all-and-end-all of Microsoft's (or your!) contractual obligations to a consumer, I'm afraid you're very wrong.

That said, this falls under the same category as things like cars. I don't expect Ford to rush out and fix my tyre unless I'm in a specific support contract with them. Sure, if there's an inherent failure in the model that they knew about and need to fix to comply with "product fit for use" rules, then they will do that. But otherwise, you're on your own matey and getting Ford to cut you a new set of keys will cost you.

That said, I've been working in IT for 15 years and I've not once called Microsoft (except possibly on their free lines to clarify licensing, which was a complete waste of time). Used the knowledgebase, etc. yes but again - without a specific support contact - you're pretty much on your own. This is why people have in-house support teams, or mechanics - because you pay them instead and expect them to know how to resolve the problem. If you don't have that, you are of course reliant on the original manufacturer and that gets expensive fast.

0
1
Lee D
Silver badge

In that time, I could have run out, bought a server (certainly cheaper than a day of engineer time + $499) and replaced the Exchange server (probably including data transfer, but certainly a significant number of functions and mailboxes).

I hope whatever the issue was it was really critical and blocking and permanently hindered a restore from backup on other hardware from resolving it (in which case, I'd be reviewing quite why I was using Exchange or quite what my backups were supposed to be doing in the first place).

1
14

Page:

Forums