* Posts by Lee D

970 posts • joined 14 Feb 2013

Page:

Offers? Opera's board likes Qihoo, says shareholders should too

Lee D
Silver badge

Release a proper Vivaldi then, that's more than just Chrome in a slightly different wrapper.

The promised mail client, and forget that webmail junk you're trying to push.

Some semblance of compatibility with Google Chrome plugins (i.e. ChromeCast just doesn't work).

Anywhere near the level of customisability and control that Opera offered.

I'm DYING to get Vivaldi, the promised one from over a year ago, that can do this stuff. But at the moment, it remembers URL's so if you type "facebook.com" and then press enter, it tends to pick up the last facebook.com/aotuoirehfdkgjhakjdfghad URL that you had and send you there. I've been to the same BBC News story a thousand times in the last month because whenever I type bbc.co.uk/news and press Enter, it sends me to that same long URL that I once clicked on an age ago on the BBC News website. Let's not even get into the fact that one option (disable single-key shortcuts) actually stops you pressing Enter in the address bar at all.

I can't arrange bookmarks with drag/drop, I can't even get them onto the bookmark bar half the time because it's so sensitive. And at the end of the day, it's Chrome because there's not much else of value there, and at least Chrome lets you Chromecast and use the other extensions.

And every time mail, etc. are mentioned, they are "coming soon". If that.

I want to sell this Vivaldi browser for you. I'm typing in it now. And it's quirks still bug me enough that I can't, despite being an INSANE Opera 12.0 fan who still has it on their laptop at home (apart from Google Play streaming, everything I use still seems to work).

5
0

It's 2016 and a font file can own your computer

Lee D
Silver badge

Re: How did this ever become a problem in the first place?

Like WMF, a font isn't just a bitmap, or even a list of vectors, or a combination of the two.

It contains instructions acted upon by an interpreter.

It's not quite as bad as the WMF fiasco (if you don't know, WMF is basically a collection of function calls to internal Windows vector-drawing functions - I kid you not - which could be cleverly edited to call ANY Windows function, but was later limited to just those that were intended leaving just overflows etc.) but it's still pretty bad.

That only one font library is affected, though, and not things like SDL_ttf or Freetype or similar, suggests that it's just particularly bad coding in that particular library rather than an inherent problem of the file format.

But, yes, why font-hinting requires a virtual machine, I have no idea. I'm sure there are reasons. And I'm equally sure that there would be better ways to deal with them.

1
1

Trane thermostat is a hot spot for viruses on home networks

Lee D
Silver badge

General purpose computing.

It's honestly the biggest problem in security. The fact that these devices CAN run any program, can do anything they're programmed to do, etc. is their biggest security hole.

When you have a washing machine with an electronic timer... it can time. That's it. It can click round and do what it's been told to do. The capability to go out to the net, or whatever, isn't there, so it can't be abused.

With a thermostat, it can have a temperature and click on and off a relay. That's all it needs to do. As such, if it goes wrong the worst is that the heating goes on or off.

But general purpose computers in a thermostat (like in ATM's and anything else nowadays) mean that they can be abused to do all kinds of things that have nothing to do with turning your heating on and off. It doesn't mean the old ones can't be compromised, but because their range of physical effects is so damn small (turn the heating on, dispense cash - still serious, but nowhere near as serious as access to the banking network to roll back transactions like a recent article I read somewhere!), they are relatively safe.

The biggest problem we have is people putting general purpose processors and even operating systems (ATM's running on Windows, etc.) into things that really don't need them. And there's NO WAY to limit what that processor does. All the containerisation, virtualisation and abstraction in the world hasn't proved enough to actually stop things like hypervisor exploits and so on.

The ubiquity of general purpose computing - where it's easier to slap in a Raspberry Pi or Windows PC instead of a purpose-built circuit - is really the biggest security issue we have.

7
0

Who would code a self-destruct feature into their own web browser? Oh, hello, Apple

Lee D
Silver badge

Try and see what happens when Chrome hits the Steam Community Market pages which eventually cause the "redirect loop" message to appear.

I guarantee that no matter how many times you clear cookies or whatever, it will come back eventually.

And there is NO way to configure how many HTTP redirects you want to allow, or turn it off, or access the page when it decides it's redirected too much. And there have been bugs open for years for exactly this problem.

Sadly, this also infects every Chrome-based browser (Vivaldi, etc.), which is probably why the Steam in-built browser is actually WebKit.

11
0

Did you know ... Stephen Fry has founded a tech startup?

Lee D
Silver badge

Re: Ignoring the Beam in One's Own Eye

The ONLY place it's necessary is the login screen.

Sacrifice one ad for the security of your users, and then use normal tokens for the rest of it, as every other site does.

0
0
Lee D
Silver badge

Re: Ignoring the Beam in One's Own Eye

Wake me up when the IPv6 and SSL they "were working on" for most of last year (supposedly) actually appears.

0
0
Lee D
Silver badge

Mr Fry, although deserving of respect just for showing that being a geek doesn't mean you can't be witty, popular and famous, is often wrong when it comes to anything IT.

It's sad, but true. He's the equivalent of "my son that does a bit of computers". Useful to most people, for silly things. But sadly lacking if you stuck him in a datacenter and expected him to get stuff to work.

Though he has more of a handle of IT that most people, he also has more of a handle of science than most people, and still occasionally adlibs unscripted and absolute nonsense even on shows that undergo editing like QI. Just watch the episode where he tries to talk to Brian Cox. He has only a bare psuedo-grasp of what he's trying to say, and fills in with buzzwords in the area and nonsense.

Same for IT. I wouldn't invest in anything on Fry's say-so, even though I love the guy.

12
0

FaceTime, WhatsApp UDP streams AWOL on iOS 9 beta with T-Mo US

Lee D
Silver badge

Re: Why NAT64?

Most people don't want their phone to have a globally-unique and addressable address.

It's the selling point for IPv6 that, actually, few want.

Yes, a properly configured firewall can 1:1 map the public IPs for you.

But if you have IPv4 NAT, and IPv4 clients, the easiest way to upgrade your network is to just change your external IPv4 address for a single IPv6 address.

1
0

Supplier promises to nudge UK schools towards secure webmail

Lee D
Silver badge

I work in education IT. I spent ten years going into RM schools, wiping their kit, putting it on plain Windows and Office that they were already licensed for, popping in once a week to keep it all running, charging less than RM did for a more rubbish service, and got nothing but more schools wanting the same after hearing about me.

CC3 was actually an improvement on the Connect 2 (as it was called) networks. CC4 wasn't much better either.

I could list stories for weeks on end. In the end, however, I got bored of taking all these schools under my wing and showing them sense and giving them less IT maintenance hassle (because they literally didn't need anywhere near as much support after I'd done this for them) and still receiving nothing but vitriol and lies from RM-sponsored Borough support outfits.

I went into the private education sector and pretty much every job since, when I mention RM and what I did for a living (and they phone up for references, obviously), they are just overjoyed to have someone who doesn't foist that junk upon them for the sake of "tradition" over just a plain AD setup with decent group policies.

Every job I've had in those years has been word-of-mouth from existing clients, in one form or another.

RM Easymail? Let's not even start. Anyone using it is an idiot to have tolerated it thus far, lack of SSL is probably the most minor issue I've ever seen with it.

About the only RM product that was any good was RM Maths for teaching kids maths, but technically it's still the same old RM shite in a wrapper, it just so happens they got a guy who understands how to teach maths to help write it (I'm a mathematician, so I can see that it's actually valuable as opposed to their talking-parrot-macro-stuffed-into-word that they actually SELL). I believe it's now a web service, as a lot of their software is heading that way.

If you don't know the horrors of everything from Sassoon fonts to CC3 "MSI's" to RM Guard passwords (full access to any RM-controlled client, by a simple formula dependent on the day and hour, and advertised freely on a webpage online that you can save the Javascript to that generates the code and use offline for ever more, on any RM network, ever), then you can't even begin to talk about RM disparagingly enough.

5
0

Assange will 'accept arrest' on Friday if found guilty

Lee D
Silver badge

*MEMEMEMERRRRRR*

Wrong.

No such thing in law or otherwise. It's merely international convention not to intrude on a nation's embassy.

0
2
Lee D
Silver badge

"Accept arrest" / "Hand yourself in".

Amazing the difference a little rewording can make.

4
0

Lights out for Space Vehicle Number 23: UK smacked when US sat threw GPS out of whack

Lee D
Silver badge

Why does digital radio need synchronisation at all is my question?

Surely, if it's digital, the sensible thing would be to just make it a mass-broadcast medium like a multicast channel and put buffers into devices.

Then small jolts of interference barely matter as you're likely sending enough to recover the original digital signal, and a buffer capable of feeding out corrected data while it's still correcting the newest data. You don't need synchronisation. And the delay could be on the order of only a second.

I honestly do not understand why DAB is not just VoIP over 3/4G, with some kind of buffer and multicast-repetition of data, and a data format that allows large amounts of bit-error correction as well as detection.

There's a reason that the only DAB device I own came "for free" with my car. And I never use it. And it still has FM anyway.

1
2
Lee D
Silver badge

Re: Dependency exposed

I can't think of many things, and virtually nothing IoT, that requires any kind of high-level time precision.

Pretty much every computer network on the planet is more than happy being within five minutes of their other servers. Everything else is happy "to the second" to just get the clock time.

Anybody deploying tiny little IoT junk and expecting it to be anywhere near accurate just because they loaded up NTPd and pointed it at their GPS receiver is in for bigger worlds of hurt than a 13ms time difference knocking things out.

Fact is, if it mattered, you should have another source of that data and be able to compare, or cope if it suddenly jumps. The clock in your processor is probably sufficiently reliable to detect such jolts. That you don't bother to program for them and just slap in an NTP / GPS library is really the problem, not that GPS might jump a little.

2
2
Lee D
Silver badge

Re: Want to scare yourself?

I'd be more worried that such servers are responding to ntptrace. I configure my ntp servers as recommended and they just refuse to answer such queries.

0
1

For sale: One 236-bed nuclear bunker

Lee D
Silver badge

Re: Ughh... I would stay away

Most schools that your children go to are teeming with asbestos. I know, I've been working IT in schools for the last 15 years.

So long as you don't disturb it, it's absolutely fine. And the cost of removal/replacement is virtually twice as much as just building whatever it is again (e.g. kitchen ceiling, doors, etc.).

Every school I know has an asbestos register (even if it's minimal and not in child-occupied areas), and all the larger contractors ask to see it if they need to drill holes.

Next time you go to a school, look in the corners of the ceilings for little stickers or other markings. Very few ever pay to get rid of it, and it's only really damaging to contractors (who tend not to be allowed to do such work while children are on-site, asbestos or not).

6
0

HSBC online services still offline following 'attack' on bank

Lee D
Silver badge

I don't really care the cause. A bank is a huge place liable to all kinds of attacks on its systems. I expect the bank to be able to cope. Especially given the profits made on holding that money in the first place.

At the end of the day, I have a HSBC account that I can't get into online or by the mobile app (despite it pretending to let me for much of the time, but as soon as you get to the interesting bits, even post-authentication, it just errors and stops). This is coming up to a week of downtime this month as far as I'm concerned. That's ATROCIOUS, and some of it through self-admitted error.

Sure, my card may or may not still work with them - but if the attack is widespread how long until they stop working as well? And you stopped me going into a bank when you replaced all the tellers with mindless drones telling me to use expensive new machines that don't do the things I want. That's if I wasn't put off by you LAUGHING IN MY FACE when I applied for a mortgage. I went, quite literally, next door, got a mortgage with barely a query, paid every month on-time for years, then cashed out and paid it off (with a tiny profit) only a couple of years later.

I am actually running out of "high-street" banks (not that high-street is a factor nowadays, just a name) with which I haven't had bad experiences with. I think the Halifax is literally the only one left and even their owner-group may have other brands that are already on my blacklist.

It's not hard. I want you to hold onto my salary until I spend it. For which you can invest my cash. I want you to give me a bit of plastic that let's me spend it, where I generally have the retailer pay a couple of percent per transaction for your trouble.

I don't want overdraft-traps (just cancel the fecking transaction if I don't have the money). I don't want stupid fees for handling bits of paper (when you're STILL sending me the same paper letter every month, saying that you don't have my email for paperless statements, when my online account quite clearly has the email specified and the box ticked - I've given up chasing that after over a year).

And then you can take my savings and gamble them for your own gain. I don't even want interest. It's so pathetic it's not worth the time and effort to apply (honestly, invest £1000, don't touch it for a year, and at absolute best using rates that don't even exist on the high-street any more you might get £1005 back next year - what's the point?). I don't want to pay a monthly fee but I'd even accept a less-than-£5 one for the cost of managing my account if you also got rid of the travel insurance and whatever other junk "perks" you shove into the £25 a month one.

I don't need a branch. I haven't used one in years.

I don't need cheque facilities. I haven't used one in years.

What I'd be really happy with, though, would be a text for EVERY transaction, like my girlfriend's Italian bank does (to the point that we realised B&Q had double-charged her father's Italian card used in an English shop before we'd even made it out of the exit!). Hell, I'd pay the £25 a month just for that!

Banks provide nothing of value to me any more, and the bits they do provide (e.g. online banking) are starting to just be inaccessible through incompetence. Luckily I have nothing urgent needing paying, but that's sheer chance of the timing, nothing else.

I am about >< this close to just closing accounts and moving to pre-pay credit cards. You can have your salary put on them, they charge a reasonable percentage, you get no hassle, and you can do all your bill-paying and shopping as you normally would, online or in-store. Sure, there's a fee, but it's generally LESS than the banks charge for current accounts nowadays! That's just a ridiculous scenario. A company DOING NOTHING but handling the credit card with my money can charge less than my bank that's supposed to be investing everybody's money that they hold, with all their savings.

I've already moved a savings account to another bank, just to gauge their service level. It's only a week under the switch-guarantee scheme to move everything over and I don't have to do anything or phone anyone, just apply online and it happens.

If you can't secure your stuff, HSBC, I'll save you the hassle. Because it's ridiculous that I can't even check balances despite going through authentication because your system just falls over.

5
1

You've seen things people wouldn't believe – so tell us your programming horrors

Lee D
Silver badge

Re: So many errors in two lines...

Thump, Thump, Thump, Thump, Thump...

New forehead please!

5
0
Lee D
Silver badge

I seen - and coded - some horrors.

We all have.

But I find the very worst are found in batch scripts written by people who barely understand what they're trying to achieve and just copy/paste from the net. Login scripts are my prime culprit.

Given the day and age, I've taken to just ripping them out on first sight and replacing with group policy equivalents, but even where you have some complex, necessary login script that does important things... god the mess.

Does NOBODY know how to use CALL anymore? Rather than write out a million identical login scripts, you can just "CALL" in other scripts you've already written that do what you need. Default printers seem to be the prime candidate (and, I admit, the Group Policy way of things has been stupid for a long time for that) - let's set every group of users up with an identical list of printers by manually specifying each one, and then setting a different default.

Or you could have CALL'd, say, "Add_All_Printers.bat" which did the first part, and then changed the default for each group. But then, I tend to find that when you have 30+ login scripts, they differ only by one or two lines and the rest is standard stuff that you can modularise and pull out to sepeaate scripts and then you find that most of those modular scripts can be replaced with GPO settings anyway. Until, eventually, I run networks with login scripts that consist entirely of REM'd out statements (oh, nobody EVER comments what their bloody scripts are trying to do!) because I've supplied an equivalent, and then I just start removing them.

I know that I'm a hobbyist C99 programmer doing things like creating HTML5 games using Node.js, emscripten, etc. so I'm quite "advanced" in programming for just a network manager but... come on... do you really manage login scripts (and even VBScripts) as part of your job and have ABSOLUTELY NO IDEA how to use REM, CALL, environment variables, parameters, or anything else? (Or equivalents in other languages obviously).

Don't even get me started on the SQL atrocities that I've witnessed.

10
0

OnePlus ends rationing. You can now buy its phones just like that!

Lee D
Silver badge

If I can't buy it, now, today, with delivery within a reasonable timeframe, then I can't see how or why I'd ever bother to even look at the specs or try to buy one.

I mean, seriously... queuing for a phone? I don't queue for a damn burger, I just go elsewhere (usually somewhere that knows how to put enough people on the staff to deal with the number of customers you have at that time).

It's like all the Oculus Rift junk, and the Steambox faffing, and the Raspberry Pi when it first came out (I have one from the first production run, yes, but that put me off so much I never touched it again as I was promised it would be available and delivered quite quickly). It's all hype and not good business until you can put one into my (a customer's) hands.

And why people will buy something that they haven't or cannot demo and physically hold before they have parted with their cash (even if their personal unit might not arrive immediately), I honestly don't get.

4
0

Oracle to kill off Java browser plugins with JDK 9

Lee D
Silver badge

Re: Flash Next?

Working in schools, the swansong of Flash is already being sung.

Flash doesn't work on iPads. Keeping multiple versions of Flash inside multiple browsers up to date is a pain. Most educational content suppliers are moving from Flash to HTML5.

And these are the people who are STILL selling disks they made in the 90's using Quicktime.

But with Flash not on most tablets (Android support stopped a long time ago, iPads have nothing in the way of Flash, etc.), they can't cater to a large sector of their market and get complaints all the time. Their solution universally appears to be HTML5 - and I can't say I disagree. As a coder, I was amazed at what's possible with emscripten, Node.js and even an unaccelerated browser on a cheap iPad, smartphone or Android tablet.

Java's "write once, run anywhere" has ironically been replaced with Javascript in a browser, where it's actually closer to being true. I wrote an SDL app in C99 the other day - a change of compiler name from "gcc" to "emcc" and it turns into Javascript that runs on iPad, smartphone, Android tablets, all major browsers (not IE, but Edge, so that's not a problem), and runs more than fast enough even with business-level unaccelerated graphics cards to play games. Add in SDL_Mixer and it plays sounds through the browser too. Wrap an ordinary service in websockify and it can talk plain sockets to your servers. Put in OpenGL and it becomes WebGL.

Even the kids have caught on. 3D games are available in-browser, no plugins required. Go look at the example games on the emscripten website, for instance.

Flash is dead in the face of this. And good riddance.

6
0

Ansible says Galaxy app store revamp is really real

Lee D
Silver badge

Sigh.

GOG Galaxy.

Samsung Galaxy App Store (which I thought this article was about).

And now this.

Pick a different name, for god's sake. How do you expect to be googled if you have the same name as everything else?

2
0

Five reasons why the Google tax deal is imploding

Lee D
Silver badge

Re: Think about it...

"Which Countr(y)ies still give you decent interest on savings? Perhaps I could move mine there too?"

If you are investing hundreds of billions, you get much better rates.

0
0
Lee D
Silver badge

Re: Think about it...

I think you miss the point entirely.

Google has £100bn just sitting there. Earning interest. That money's already come and been taxed and been paid by the taxpayer. Google are just sitting on it. To tax it again doesn't hurt the consumer because it's ENTIRELY profit. Nothing else. Google have locked up BILLIONS of pounds of funds and are shipping them offshore, doing nothing with them. And they probably earn Google several percent interest which is a billion or two a year.

As tax, they could pay for roads, hospitals, police etc. rather than sitting as a number in a corporation account.

7
2

VMware axes Fusion and Workstation US devs

Lee D
Silver badge

Re: Ahh... The ever connected fallacy

The entire point of my virtualisation activities is to insulate myself against change. It doesn't matter where my servers need to move to, or what hardware they actually run on, or what I need them to contain... they are little box that you can move around to keep everything the same for yourself.

As such, "cloud" really plays no part in my virtualisation activities. It's much more about "Whoops, the server has blown up, fire up the replica VMs", or "Whoops, that upgrade went badly... rollback." or "Whoops, the entire place burnt down, nip down to PC World and let's set up shop in the local pub".

Without needing third-party involvement.

I don't need to rely on someone else to do those things, I can just carry my snapshots and replicas and put them wherever I feel like. Whether it's work (Hyper-V) or home (VMWare Workstation), I have a consistent working environment not subject to the whims of some random third-party, or hardware failure.

Luckily, the beautiful thing about hypervisors is that it doesn't really matter if they go away. VMWare Workstation and the images it creates can work on an enormous range of operating systems, covering an awful lot of underlying eras (Windows 7, 8, 10, etc.). And if it really comes to it, conversion to another VM type isn't particularly fraught with danger. Lock down the base OS and it barely matters what VMWare want to do, my copy of the latest Workstation can continue to work for years. If Microsoft get particularly irksome with the Windows 10 stuff, I can just install the Linux hypervisor version instead and remove the problem entirely.

It's sad news. But to be honest, the last couple of times I upgraded Workstation, it was quite expensive and I didn't get much back from it. Sure, they upped a couple of limits that I was NOWHERE NEAR anyway, and maybe fixed a bug or two but the last two/three "major" versions of Workstation only felt like point releases anyway.

I'll be sad to see it go, because I especially like things like VMWare Unity where an in-VM window can appear to be native to the host OS, but it's not the end of the world. And I'm licenced forever to use what I already have. Until literally a base Linux hypervisor for it cannot be installed any longer, my VMs and working pattern will continue untouched. And then I'll probably just convert the VM to another format for another hypervisor and carry on as before.

11
0

Microsoft struggles against self-inflicted Office 365 IMAP outage

Lee D
Silver badge

My employer's keep going on about Cloud. I keep pointing out that even Google and MS aren't immune to problems like this. Google status page keeps history, as well, so it's easy to prove.

Stupid as it may sound, the maths actually favours running your own systems still. I'm a mathematician as well as an IT guy and I checked.

In terms of complete outages of service, a basic redundant hardware setup with VM failover covers so much that you don't really need to put faith in such huge organisations. And there's still a weak link on the uplink to the Internet.

The hilarious bit is really our email stats - in terms of collection of email from our Exchange server on a leased line, the downtime is currently measured in minutes per year. In terms of being able to send email via an external smarthost, we've already lost a week this year. Because their server got marked as a spamhost and our emails stopped going out. It took them days to fix it. And so we failed back to the ISP, who has limits that kicked in too early and basically rendered that useless too. So we sent directly from our leased line, and from a private external server, and were able to send without problems for several weeks.

Basically, so long as you plan effectively, and have backup plans ready to go, you're actually safer than on the big Cloud plans that costs lots of money.

And we looked into Cloud-based backup once. That was hilarious. It was a significant fraction of the entire IT budget every year to spend all month swamping our external lines to backup the barest of necessary data. Compared to a small annual expenditure on NAS, several units that can be taken offsite, and some decent backup software.

6
0

Linux Foundation quietly scraps individual memberships

Lee D
Silver badge

Any sufficiently large organisation eventually morphs to resemble a corrupt corporation.

30
0

Sainsbury's Bank web pages stuck on crappy 20th century crypto

Lee D
Silver badge

Try TPOnline, the Teacher's Pension's website.

It scores F-.

3
0

Bad luck, Ireland: DDoS attack disrupts isle's National Lottery

Lee D
Silver badge

Re: Lovefest

An unexpected packet.

Technically, that may not be wrong. But it's misleading.

As far as I'm concerned, anything destined for my network that wasn't specifically requested is an unwanted packet. If it bounces off my NAT tables, if it's hit connection limits on SMTP or on a blacklist, or if it's an unrequested probe or ping, that's not something that should be happening.

Classing it as an "attack" is a bit strong, yes, but it's equally unwanted, unrequested and potentially of a attacking nature.

But 200m in four weeks? That's only 82 a second. On any network of any size, I'd be shocked if your SMTP rejects weren't covering that alone. Hell, my personal server rejects several SMTP connections a second and that's with blacklisting, graylisting, and only a handful of personal domains.

1
0

Blighty's Parliament prescribed tablets to cope with future votes

Lee D
Silver badge

Re: Another waste of cash.

You have video everywhere. What's wrong with just a hand-count and then a proper count of any close call?

Every school probably has at least one set of wireless voting buttons nowadays. They cost a few hundred quid for a class set of 30. Multiply it up and you can do a vote in seconds, TV-studio style, for the price of a few Surfaces.

Hell, in one workplace we were once in a meeting where everyone had a bluetooth keyboard given to them and we all simultaneously typed suggestions as the discussion grew and the software just plopped all the suggestions on screen anonymously. Literally, there was a USB hub with some dozens of Bluetooth keyboard dongles sticking out of a machine. (The fact that we were all "suggesting" ways we could avoid redundancy tells you how long we stayed at that employer, however).

There's a myriad ways. And a technical one is probably fine for anything short of "Shall we blow this country up" (where you want to make sure you have some degree of accountability. But still, then, I'd rather a technical system that does nothing but vote and ties Vote X into Device 22, than a collection of hackable, Microsoft-controllable third-party general purpose computers wandering around parliament.

5
0

Does anyone know what their broadband costs? The ASA hopes to change that

Lee D
Silver badge

Re: 3D & Hoverboards

By that definition, The Beano is a 3D comic.

2
0

No, that Linux Keyrings bug isn't in '66 per cent of Android devices'

Lee D
Silver badge

Re: Wahoo...

I, too, would call bullshit.

I have an S4 Mini, which isn't all that old. It's probably had one update in all the time I've had it (and that cocked up my satnav apps and forced me to reinstall them all). My girlfriend's Samsung phone has exactly the same situation. And, yes, I have JUST pressed software update to check I'm right. Nothing.

I love Samsung but the minute something is no longer "the latest", updates stop.

My Samsung TV had updates available. For about a month after buying it. I haven't seen another in 4 years and I check quite often. I mean, it works, and it's not part of anything that I've be scared of (e.g. downloading network things, etc.) but that's still surprising that it's so perfect that an update isn't ever needed again.

10
1

Friends Reunited to shut down. What do you mean, 'is it still going?'

Lee D
Silver badge

Re: Many a marriage was made via FR

FR used to run a dating site too.

I met my ex-wife on there.

5
0

KeysForge will give you printable key blueprints using a photo of a lock

Lee D
Silver badge

Precisely.

I have CCTV.

My neighbours were burgled not long ago.

I ramped up the CCTV and adjusted angles to cover my neighbour's (with their permission).

They came back a few months ago, did the other neighbour.

I checked on the CCTV... I have a video of a car crawling along at 2mph along the street, looking into all the houses, stopping and starting (presumably to take notes). Incredibly suspicious. I gave the footage to the police.

However, they quite obviously crawled past my first neighbour's and my house, and decided to do the next instead.

Not claiming that CCTV stops anything at all, but it discourages more than nothing at all.

Oh, and both neighbours were broken into by getting round the back and destroying the door frame.

7
0
Lee D
Silver badge

Keys aren't secure. It's as simple as that. Possession of the device for a fraction of a second is enough to make a copy (a movie scene with Sean Connery comes to mind, in a train station, with some plasticine), and an image of the device will allow you to create an indistinguishable copy.

In the days of house insurance, and the legal definition of "break-in" (i.e. they have to force entry for you to be eligible for a payout), keys are worthless.

Unfortunately, electronic locks can be worse if the users are careless. They are "as secure" physically, but you are reliant on the electronics to authenticate the user properly. An RFID with a fixed number is worthless and similarly copy-able in seconds with a radio scanner. Even 1-wire protocol tags aren't secure. Nor are a lot of the MiFare kits sold today.

It's a difficult problem. Much better to spend your money on being informed when people use any key to open the door (e.g. an alarm that sends you a text) than shoring up the keylocks against simple attacks like this that aren't new just because they use 3D printers. You've been able to do this for years.

4
0

Microsoft herds biz users to Windows 10 by denying support for Win 7 and 8 on new CPUs

Lee D
Silver badge

Re: The more they push

I have to say that if you're going to VM, you want the base hypervisor to be something decent. VirtualBox has never really cut it for me.

VMWare is a good base option and will happily offer 3D acceleration to Linux and Windows guests, from a Linux or Windows host.

The money I spent on a copy of VMWare Workstation has paid for itself 10 times over. And I primarily work on HyperV servers at work.

Hell, if you tweak, you can even run MacOS on it. (I didn't say that).

If they force my hand, it'll be a Linux install at the base, a VMWare VM for everything else, and probably even a Linux VM for actual everyday work (because isolating the hardware is good for future compatibility and moving that VM to other machines, and because snapshots/rollback are worth their weight in gold).

16
2

Server retired after 18 years and ten months – beat that, readers!

Lee D
Silver badge

Re: I find this one a bit difficult to believe

There are ATX -> AT power convertor cables readily available.

14
0

HSBC COO ‘profoundly apologises’ for online outage

Lee D
Silver badge

Re: Likely causes....

"Not malicious".

So... that leaves... incompetence. In many forms as you have listed, but still incompetence.

7
0

Researcher criticises 'weak' crypto in Internet of Things alarm system

Lee D
Silver badge

Re: Bah!

I refuse to put an alarm bell on my house. They are pointless, loud, annoying, and... totally ignored. Thus they are useless, even in a friendly neighbourhood. Every time an alarm goes off in my street (and it happens enough that I know this), it's completely ignored. Car. House. Doesn't matter.

So my house alarm just texts me instead. Then I can login and look at the cameras from home. Motion detection on such a setup is pointless and distracting, so there's no point relying on movement being detected in order to alert me. But a door opening, or a window breaking, that means something happened. Possibly. Like the way that the CCTV motion detection going off could mean that it's a bit windy in the garden, the door magnet going off could just be a windy door banging on the latch or a PIR being set off by the cat.

But with a remote control system, I am able to be alerted. I am then able to make a decision, based on the alerts and other remote-accessible data (like cameras, alarm trigger logs, etc.). Then... guess what... IF I SUSPECT a burglary, I can set the house alarm off remotely. And alert the police directly. Or phone the neighbours. Or drive straight home. Or not.

Without a remote home alarm? My alarm would go off, people would all ignore it, and I'd know nothing until I got home. Does having a remotely-controlled alarm put me at a disadvantage or provide an avenue into my home? No. Because it's properly designed and thought out. Hell, even the CCTV can detect if it's being obscured or cut and alert me, because I know for a fact that the CCTV on its own is next to useless to actually preventing the crime.

But a remote home alarm? There's a ton of uses. And it doesn't have to provide avenues for a burglar, or insecure access to your home.

(The other day I found out which damn delivery driver it is who keeps pulling my bins across the front of my driveway so that I can't get my car in without stopping in the road. Because walking into the garden sends an alert and flags the cameras to record, and my home cameras are set up on my monitor at work (and, no, you can't DO anything, just see the camera over a VPN connection))

4
0

iOS 9 kludged our iPhones, now give us money, claims new lawsuit

Lee D
Silver badge

Re: iPad Mini Mk 1/iPad 2 and iPhone 4S work fine

Chrome on iOS is just Apple's own UIWebView in a fancy front-end. You're not allowed to write your own rendering engine on iPad apps.

Whereas Safari et al use Apple's own WKWebView, which can do a bit more hardware acceleration (check out node.js or emscripten examples in both).

There's no such thing as "another browser" on iPads/iPhones. Even Opera is just a remote VNC-like session to an Opera instance rather than local rendering.

0
1

The Police Chief's photo library mixed business, pleasure and flesh

Lee D
Silver badge

Re: Ah yes, spaces and phone support.

What sort of idiot tech support lets a user type a line like that anyway?

I was in a teleconference a while back, sitting next to a few users, while we phoned tech support and others. I was only supposed to be there for tech stuff and they were on line to solve a problem with a database not being up-to-date (nothing techy at all, just them not entering data), so I was basically reading whatever was on their desk while the tech guy on the phone blathered out and pointed out the obvious to the users.

There was a bit of back and forth and one user was just typing what the tech guy said into their software at our end and clicking where they were told to. Until, at one point, to fix a problem, the tech guy on the other end just said:

"Okay, now go into Script Runner."

Our user responded "Okay"

"Now type 'DELETE * FROM..."

It was at this point that I realised Script Runner was, in fact, just a hidden direct admin-level SQL interface to our database via the program, and I rugby-tackled the user to the floor to perform some damage limitation because they could start to type.

After berating the tech guy for such a dangerous command, and allowing users to have an interface to such a dangerous command, and reading out such a dangerous command, and not even bothering to check there was a tech guy this end who had taken a backup before he started playing like that, and not even bothering to do this in a transaction or similar that we could roll-back, I typed the command for them and told the users to NEVER go into that menu again (removing the menu from the user's lists shortly afterwards).

I don't blame the user's. I had backups but for sure I wasn't going to take blame if that command had gone wrong. Nobody knew what SQL syntax was but me and the tech guy the other end, and I damn well was never told that "Script Runner" was just a direct SQL interface. If that had gone wrong, whether I was present or not, that's ENTIRELY the fault of the tech guy on the other end.

More importantly? It's been two years and they STILL haven't managed to get their "remote application support" working for us either, so they still can't perform those things themselves. I'm both glad, and disappointed by that. It means they can't tinker without our co-operation, but it does mean every tiny data change needs phone-based hand-holding rather than a click done for them.

16
0

IT bloke: Crooks stole my bikes after cycling app blabbed my address

Lee D
Silver badge

Re: Common sense

Is it really just me?

Why the hell are you sharing rides on your bike with the world in the first place? I mean... why? Isn't that like the old slide-projector enthusiasts who just show you every detail of their trip when you go around their house? Why?

Just... WHY?

(Why?)

14
2

Facepalm time: MS Office update wipes custom Word autotext

Lee D
Silver badge

Wonder if someone captured their MSI and forgot to remove their personal cruft from it... Because I can't think of a single reason why a Windows update would touch Normal.dotm deep in a user folder.

Once had something similar where I ran "discover" to create an MSI and left some temporary setup files in the downloads folder. Tested, it worked. Tested on other machines, it worked. Pushed out to a handful of users via group policy, it worked. Rolled it out - suddenly everyone was pushing a 100Mb setup executable back to their profiles...

3
1

Security industry too busy improving security to do security right

Lee D
Silver badge

Re: Too Hard?

Sorry, but it's time to get with the times.

Companies like iZettle will sell you a black-box solution for a hundred-or-so pounds. You can get a smartphone-connected thing that will set you back £70 but relies on the security/compatibility/availability of a smartphone. The rates are quite low, the gadget is one-off, it's Chip&PIN-capable (and also magstripe if you deal with foreigners) and can tie into accounting apps for you.

Last time I went to an antiques / bric-a-brac sale, most stalls took cards using things like iZettle and clearly advertised so. Sure, you may have needed to spend £10 to make it worth their while, but rather £9 from a transaction than nothing because you didn't have the cash. If your profit margins aren't already taking account of such things then you aren't going to be in business long, mom'n'pop or not.

Cheque fraud went through the roof in recent years - cheques nearly aren't accepted by BANKS any more, and the fallback when they bounce costs the retailer a lot more - why do you think they charge for that? Cash is expensive and risky to handle. It's much more likely those using those methods are actually able to not declare that income, in fact! Card payments? A cheap one-off purchase of a black box from a website, swipe the card and it pops into your bank account - with accountability, complete records, instantly revoked if stolen, you know they have the funds available, and a charge of fraud if it's misused by the owner.

Hell, I bought an iZettle for my girlfriend for Christmas so she can sell her pottery. She fires up the kiln maybe twice a year. Mom'n'pops have no excuse and shouldn't be handling cash or cheques nowadays.

2
1

New gear needed to capture net connection records, say ISPs

Lee D
Silver badge

Re: What would be required (technically)

The question is not whether you use a UK-based ISP or not.

It's do you trust the connection, and to what extent?

I trust my browser.

I trust my machine (that may be misguided, but I think I'm generally okay there).

I trust my local network connections.

I trust my router.

All good so far.

What they are saying is that I can't trust transit between my router and ANYWHERE ELSE ON THE NET. That seems... pretty normal to me. Plain DNS is unencrypted, sniffable, and anyone at my ISP or in the path to the DNS server of choice can sniff, modify and insert traffic.

As such, the solution is not "move abroad" in terms of your connection, but realise what you are trusting that you shouldn't. DNSSEC is better, you can't "fake" or modify a DNSSEC response.

But even better is to not give anyone - the ISP or anyone else - the opportunity to monitor your unencrypted traffic. That means end-to-end encryption (HTTPS over DNSSEC loookups, because TLS etc. does in fact TRUST the DNS response to be authoritative and correct!) or VPN to a trusted location.

If you buy a virtual server, pretty much the web filtering on those isn't present. They aren't classed as ISP's so they don't filter sites, play with DNS responses or limit access. They are much more concerned with billions of spam emails or you trying to spoof an IP. As such, the cheapest virtual servers, at home or abroad, can be hand for a few pounds a months and you can configure your router to VPN to them and route all traffic through them. Voila!

Or, as you suggest, you can just a VPN host that you trust and do the same.

But the problem really stems from so much stuff still being plaintext and unencrypted. Email. DNS. HTTP. Even DHCP (how do you know it was your ISP that gave you that IP address and that you weren't shifted to a different IP by some blackbox that your ISP was forced to install?). The solution is to move to DNSSEC, HTTPS - we don't have a solution for email yet because people apparently don't think that billions of unencrypted-by-default emails matter - and encrypted-by-default protocols everywhere. Also, VPN access.

My phone can do VPN access to my virtual server. I wouldn't join a hotel wireless network without it. And I can provably connect to ONLY my VPN server, with no middle-man, or not connect at all.

2
0

GCHQ Christmas Card asks YOU the questions

Lee D
Silver badge

Turing just relied on being able to complete an ordinary-looking Times crossword in 10 minutes (here: http://www.telegraph.co.uk/history/world-war-two/11151478/Could-you-have-been-a-codebreaker-at-Bletchley-Park.html ), followed by a short follow-up test.

He didn't do too badly out of it.

"Crossword-solving, like mathematics and code-breaking itself, involves creative, lateral thinking, “not being a robot and following a procedure”."

A nonogram that my first thought was "QR Code" isn't exactly creative, lateral thinking. Maybe this explains why GCHQ are struggling to match their US counterparts infiltration powers and why our answers tend to be "give us the keys" and "stop people using encryption" instead.

3
0

Apple finally publishes El Capitan Darwin source

Lee D
Silver badge

Erm...

So, if I'm reading this right, they took code like Apache, OpenLDAP, etc. and used them in MacOS. And now they're getting credit for "returning" the source. Like, the source that they've used, pretty much unchanged except to make it work on their product, and which is publicly available to all anyway?

Granted, it's not a viral licence like GPL, but it's hardly something to yell about. I mean, there's things like uucp, vim and perl in there. There's honestly not that much you can do to them, really, is there, if you want them to do their job? Maybe that's why - as the article says - nobody really does anything with this code.

As a comparison, IBM et al have been doing this for decades now. The tools they do use, in their server boot CD's, in their internal hardware, etc. has source published and a little note in every manual about where to get it. Some of them have IBM-specific changes which are fed back to the community. To be honest, so does Microsoft to a certain extent. Why does it merit special mention that Apple are doing this seeing as they probably USE more open-source code than any of the above, given that OS X's roots are indeed in free operating systems? (Much like the old Win2k networking stack, again from a BSD, I'd like to note).

Nobody can really do anything useful with this code and even the projects in question aren't going to pick it up, diff it and start pushing things back into their projects. Apple are either drip-feeding approved patches to the projects (which WOULD be news), or it's some custom junk that was tacked on that only Apple really care about and they've just done a code-dump and left it somewhere.

8
10

Sysadmin's £100,000 revenge after sudden sacking

Lee D
Silver badge

Re: James is a dick...

Personally, I couldn't approve of deliberate sabotage but:

It sounds like it's just not something that occurred.

Someone else would presumably have to take over his day-to-day responsibilities, someone else would be watching what was going in/out the IT budget, he wouldn't be the ONLY person to know about the existence of such a line - hell, accounting should have queried it a LOT earlier!

As such, it's a reasonable expectation that someone (maybe even the IT Manager that "left" soon after) was responsible for it and clearing up loose ends. And for that I wouldn't be able to fault them.

Deliberately not telling them when you're AWARE it's going to go unnoticed until it hits the hundreds of thousands is being just as dick-ish as DELIBERATELY making that happen.

But I can quite envision that this was unintentional and all those people who walked or were made to walk had responsibilities that were just ignored for the sake of cost-saving, and the accounts department were so unaware of what was happening that they didn't question anything at all. Their incompetence couldn't be his fault. But his deliberate ignorance of a potentially large problem would be. Even if it's slightly more blameless than, say, deliberately running up a huge bill before he left.

9
79

Part of the world's IT brought down by Azure Active Directory issue

Lee D
Silver badge

Re: In-house solution

1) That's what DND functions on telephones are for.

2) That's what junior techs are for (literally: Stand there, touch nothing, tell people to go away).

3) In-house stuff is under your control. You can spin up "something" quite quickly, even if it's just rolling back to a snapshot or similar. Azure, you are at their mercy.

I'm assuming (not really looked into it as my place won't touch cloud things) that you can have in-house AD talking to Azure AD and vice-versa, like any other directory, no? If not, I don't understand why you'd touch it. But Azure going down in that case could still cause problems with remote-workers and other services, I imagine.

Redundancy, people. Cloud is fine. But what's your backup? If you can't answer that satisfactorily, you have to think if you're doing your job properly. We still don't live in an age where people can't put diggers through fibre lines.

5
0

Sysadmin's former boss claims five years FREE support or off to court

Lee D
Silver badge

I work in schools.

I once left a school for various reasons, found a better job, moved on, handed the documentation / passwords etc. to the head and - at the head's request - one of the governor's (who worked in IT himself). They signed off on it all, there was no ill feeling (apart from "Can we pay you more to keep you?") and off I went.

Months later, I was still getting calls from a deputy head demanding I give him the administrator password for the domain. Nope. They were persistent and rude and interrupting my work for my new employer, so I kept telling them where to go - the head or the governor. But they still kept on.

In the end, I blocked their number.

The reason for demanding the admin password? They'd bought dictation machines that only recorded in WMA and a piece of kiddy-friendly audio software that only imported MP3. And they genuinely and honestly believed that having the admin password would "just fix everything" better than the transparent file conversion service that I put in place before I left (drag a WMA to a folder and then an MP3 of it would appear in a subfolder within a few minutes - it doesn't get easier than that). They wouldn't listen, and kept on and on and on about it.

I wasn't contractually obliged to do anything at all, but if you're going to be that much an idiot, I'm not going to help you either. Especially when, as I told them, there were two complete copies of all available documentation - including passwords - within the school under the keeping of the head and governors. You want the password, get it off them. Not me. I'm gone. But the reason you're asking is almost certainly because you tried and were told no.

Bet he wished he'd consulted IT on those purchases while I was still around rather than just spend lots of the school's money on incompatible devices and software.

8
0

Lights, power, action! Smartplugs with a twist

Lee D
Silver badge

Am I the only one that thinks that the listing of features is actually just more worthless features and provides nothing of real value?

There's no reason these things can't be small enough to fit into a slightly-more-bulky-than-usual ordinary 13A user-wireable plug. Pass-through plugs just don't work well with UK plugs if they want to be safe. But a plug you could put onto anything yourself? That's more interesting.

The scheduling and other "features"? I expect that for free with such a device. It's basically nothing more than a bog-standard bit of code inside the existing bits of code it must already have in order to talk to your phone.

The motion-detection junk? It just screams gimmick. You'll use it once and then never touch it again. I can't think why you'd want something to do that. It's like keyless car entry - you still have to walk up to the bloody thing to get in it, so what have you saved except exposing a digital interface to the airwaves?

But I have bought a "smart" plug. Several of them. They do interesting things. It just works in reverse. It texts me when the power goes off. It texts me when the temperature in the server room drops too quickly or below a certain level. If it could text me when power draw exceeded an expected level, or dropped to zero, that would be handy too. Those things are parts of UPS systems, so they exist, but mine is just a GSM power monitor.

Combine that with remote on/off and, gosh, it could be useful to power-cycle a machine. Prime audience to sell smart plugs to? Geeks. Prime audience who would want to know about a power-cut, or a server being told to shutdown instead of reboot (whoops, did that myself a few weeks ago, embarrassing night-time work visit to press a power button!) remote control their Christmas lights, etc.? Geeks.

Make it wifi and solve all those "you must carry your smartphone near it" problems. In fact, make it a wifi repeater too. Make it talk powerline Ethernet too.

Or how about a plug that can have a camera on the back of it? Instant in-home CCTV. Why not put an I2C bus with a standard plug (e.g. headphone socket) on it and provide a range of modules? Water alarm for when the tumble dryer leaks? Temperature sensor for indoor/outdoor temperature monitoring? While you're there, it could also contain a speaker and actually be used for something practical - an instant doorbell, for instance, or music that follows you around the house (rather than a light, but you could do that too), or a voice alarm for any of the other sensors in the entire house plugged in in a similar way.

X10 is good.

GSM power monitors are good.

Remote control power plugs are good.

Wifi extenders are good.

Temperature / humidity monitors are good.

Portable speakers are good.

Hidden CCTV in fake PIRs etc. are good.

PIR-controlled plugs are good.

Powerline Ethernet plugs are good.

Water alarms are good.

Wireless doorbells are good.

Energy monitors are good.

AND ALL TAKE UP A HUGE BIG SOCKET EACH WITH A GIANT BOX ON IT WHICH ALL CONTAIN 99% OF THE SAME TRANSFORMERS ETC. and only slightly different fancy circuits in the space that's left.

Put them all in one.

Make it modular, extendible, standardised, hackable.

Then sell me that.

7
0

Page:

Forums