* Posts by Philip Storry

95 posts • joined 28 Nov 2007

Page:

Don't stop me! Why Microsoft's inevitable browser irrelevance isn't

Philip Storry

@Charles 9 - yes, it's a fair price.

They have pretty strong privacy policies. They're huge - so big that it would be very difficult to defend against an attack from them. But as a threat, they're negligible - they have plenty of good reasons to treat my data well. Reputation, legal requirements, etc... So I'm not that fussed by it.

And often, the very things that people think are bad about this are actually a benefit for me.

Way back when Opera first went ad-supported, in version 5, I was a registered user. I was also one of the people asking for the ability for registered users to toggle the adbanner bar in the UI. (They never did provide that.)

The ads that Opera served were of two types - generic casino/entertainment ads that were animated and flashy and somewhat annoying, and Google ads that were just text - hence unobtrusive. But the Google ads were also targeted, based on the page you were on (not on tracking you, as I understood it). So when you're shopping for something, you always had this set of alternative options in that banner, which was sometimes what I wanted.

A lot of people couldn't understand why I would even want to toggle the ads on or off - but they were sometimes useful. And making my computer more useful is the only good reason for any change to my computer.

Google's services do make many people unnerved. But when I look at what I get from them, I think it's a fair exchange.

5
11
Philip Storry

I use Chrome because Google has accomplished for the consumer what Microsoft does for the corporate user.

They built a platform that allows you to roam.

When I sign in to Chrome, my bookmarks and history follow me. On Windows, Linux, Android - it doesn't matter. It all just follows me. Oh, and where applicable, so do my browser extensions. Log in to a machine I haven't used for a while? No worries, Chrome will soon be the familiar place it is everywhere else for me.

Microsoft does provide roaming profiles for companies. But they haven't really wholeheartedly grabbed the idea of having an account in the cloud that their software uses for this. They're partway there, but they seem to want to segment their products into "professional" ones that do roam, and "consumer" ones that don't. Internet Explorer (and Edge) seem to be stuck in the "don't" pile.

8
7

Why do GUIs jump around like a demented terrier while starting up? Am I on my own?

Philip Storry

I once worked with a product which had an odd installer. The progress bar went straight to 100% very early on, but the installer then continued to install yet more stuff.

By that I mean it was actually putting out messages telling you which files it was copying, or that it was updating the registry and so forth - despite the progress bar clearly being at 100%. It could happily go on for another minute or two, maybe longer if certain options were picked, and the progress bar was evidently completely divorced from the reality of the installation process.

I got to speak to the developers of the product (about something else), and offhandedly asked them about this.

"Oh, that's because the installer script only ever gets appended to. A decade ago, we just had the main module and a couple of optional ones. Now, we have loads more optional modules, and a number of new mandatory ones. Each new module was simply added to the end of the install script - nobody ever goes back to adjust the progress bar computations, because the risk of breaking something when editing the old script entries is high and the benefit is low. As a server based product, very few people see the installer anyway, so we're just never going to fix that."

Well, kudos for them for not taking risks, I suppose...

13
0

Wanted: Bot mechanic. New nerds, apply within

Philip Storry

Robots? To settle a problem of aging population?

Or we could, y'know, confront our fears and prejudices and simply allow people from other countries to settle here to do the jobs we're not producing enough people for.

I'm all for automation, but many of the jobs mentioned here are just better done by a person.

Although it is nice to know that if I keep up with my Linux skills I may have some part-time work available in my dotage...

3
10

National Insurance tax U-turn: Philip Hammond nixes NIC uptick

Philip Storry

Re: This lady's not for turning!

You have the wrong tense.

She wasn't for turning. Then she found herself in a position where she was in charge of turning.

Now, as we all know, turning means turning. Nobody can deny that we will turn, and anyone who says otherwise is a traitor who is defying the will of the turning British people.

It's that, or she walks. And she'd rather be turning than walking, and damn the consequences for anyone else...

30
1

You're Donald Trump's sysadmin. You've got data leaks coming out the *ss. What to do

Philip Storry

If I were Donald Trump's sysadmin - I'd find a new job.

He employs people who tweet their passwords. His ego won't allow him to admit that he, and his employees, are incompetent. As the sysadmin, I will always get the blame for his and his employee's incompetence and inadequacies.

So you find a new job.

18
1

Samsung's Chromebook Pro: Overpriced vanilla PC with a stylus. 'Wow'

Philip Storry

Re: A TPM os good on Chrome, and bad in Windows?

On a general purpose machine in a class where you can traditionally run whatever OS you like, a TPM is bad.

On a machine sold as custom built for one specific OS, it's good.

There are other factors too. If you're spending a lot of money on a machine you hope to be general purpose, a TPM is bad. If you're spending little money on a machine you will treat as a commodity, it's a lot more acceptable.

It's all very situational.

4
3

Brexit could further harm woeful rural payments system

Philip Storry

Re: Get orff moi laaaaand

Why do I have this image of a man sitting on a tree limb, desperately sawing away at the bit between him and the tree so that he can reward himself with a fine bit of free wood?

11
2
Philip Storry

Re: Farm subsidy

For clarity - this is an "All Years" view, which appears to have data back to 2013.

For opinion - it's no surprise that many big companies are getting subsidies. Same in fishing, IIRC - the majority of the "British fishing fleet" is in the hands of large companies.

Of course, there are the plucky small independents. I'm not denying that. But the Brexiteers like to pretend that they're the only story, because that pulls on heart-strings. The fact is that the vast majority of the problems for both farmers and fishermen are down to a combination of corporate competition and government cockups. Europe is either neutral in events, or on their side trying to improve things.

Sadly, that makes for a complicated story. Much easier to just bend the truth and go back to that narrative of the plucky independent...

12
0

Streetmap loses appeal against Google Maps dominance judgement

Philip Storry

They failed to keep up. It's that simple.

I use Google Maps as my primary mapping service. Have done for years. Streetmap's data was better, but they stayed static for far too long.

I just visited Streetmap to see how they were doing, and they have a bigger mapping window now - but not big enough when you compare to Google Maps or OpenStreetMap. I was pleased to see that they did support grab-scrolling, but disappointed to see that scroll wheel zoom didn't work - it just moved the whole page.

Basically, they haven't kept up. Google's mapping data is good enough, and they just keep adding features. Their integration with their search is superb, they've added directions, street view, live traffic reporting...

Anecdote time: I don't drive but was on a trip with friends recently (to a distillery, so why drive?) and on the way back we hit a traffic jam. My phone alerted me that it was roadworks, and with some judicious scrolling and checking the live traffic overlay on my phone I managed to locate exactly where they were, which seemed to help us all to stay more sanguine about the experience.

Frankly, if I'd had the presence of mind to check my phone beforehand, Google Maps could probably have saved us some time by getting us a route that avoided those delays!

And I said that Streetmap's data was better, but that past tense is deliberate. It's missing some paths in local parks. Not new paths either, but ones decades old. Google was missing them a few years ago but is slowly adding them in. OSM has had those right for ages.

Finally, let's not mention the woeful search. Both Google and OSM could get me to a local park by name, Streetmap couldn't manage it no matter which option I picked. And it's 2017 - why do I have to pick a search option? Search them all, then show me a list!

I have fond memories of printing out an occasional Streetmap page back in the early 2000's. Before phones had mapping and internet connections, A Streetmap printout was more convenient than carrying an A-Z around, providing your journey was short. But they have more competition than just map books, and they seem to have failed to realise that.

5
0

David Hockney creates new Sun masthead. Now for The Reg...

Philip Storry
Coat

Re: OMFG!

Oh, come on. I think you're being a bit harsh there.

Anyone who transports people out of Liverpool is almost certainly doing them a favour...

26
1

Shared services centres flop: Only one UK.gov department uses them

Philip Storry

Needs detail...

In its departmental overview for 2015-16 the NAO revealed that customers other than the Department for Transport have now withdrawn from their Arvato shared service centre contracts and will seek other arrangements.

Why? We need detail!

And I'm not railing against El Reg here. I went back and checked the original report, and there's nothing there either.

So why are people leaving the platform? Is it something core, or a fixable detail?

*sighs*

OK, we'll have to ask the grapevine. Anyone got any ideas?

5
0

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

Philip Storry

The good news is that the vast majority of vulnerabilities have patches available on the day they are made public

I think what they meant to say was:

"The good news is that the vast majority of patches have vulnerabilities available on the day they are made public. Otherwise we'd be out of a job."

0
0

SQL Server on Linux: Runs well in spite of internal quirks. Why?

Philip Storry

Repositories? apt and yum integration? Really?!?!

any dependencies needed are pulled where APT fetches the main install off the MS repo

MS are hosting their own repository for updates of this? As in, actual .deb/.rpm packages that are fetched and installed with "apt update" or "yum update"?

Because that's one thing a lot of big companies often manage to "overlook" when porting software to Linux. It's very disappointing.

But if Microsoft are giving us repositories, and adding them to the system config so that the updates of SQL Server are managed just like any other component, then I have to say I'm bloody impressed.

That's how it should be. I'd assumed that this was just some hacky "it runs, it's done, ship it and hope" kind of affair, but actual repository integration shows a level of effort and attention to detail that's warming the heart of this cynical old git.

Well done, Microsoft. Well done.

27
0

Portable drive, 5TB capacity. Hmm, there's something fishy here

Philip Storry

And the problems are with the software...

The included NTFS driver for Mac makes it interchangeable between Windows and Apple notebooks.

Ye gods, what a craptacularly idiotic idea! Who the heck would want to trust their important data to non-native filesystems that are being handled by Seagate software?!?!

That's a genuinely scary thought.

A quick googling shows that they're probably using a licensed version of Paragon Software Group's NTFS drivers - which I'm sure are fine. But for my backups, I'd rather have a native filesystem please...

(Yes, you can just format it. But how many people are going to do that? There must be a better way...)

4
1

Three LibTIFF bugs found, only two patched

Philip Storry

Still used by international banks to confirm some types of business. Lawyers like faxes.

You can try to take an email to court, but a lot of jurisdictions don't have any guarantee it's binding. Whereas the 60's/70's/80's were full of court cases around the world that settled, definitively, that a fax or photocopy of a contract was still a contract - you don't get to ignore it because it's a copy.

(Yes, people really tried that scam.)

Also, email can be traced, but fax usually means that there's a phone call and that gives you another level of evidence should you need it in court. Although personally I never really bought that argument, and fax systems seem to be going to the cloud and fax over IP (FoIP) these days.

The last few fax systems will probably be all electronic, never putting out paper unless the recipient wants it. The input (probably an account summary or trade confirmation) is generated by an application and picked up from a file share or some kind of message queue, converted into a set of images, and then sent via either fax over IP or a real phone line, to a system which does pretty much the same in reverse and delivers the images (and maybe OCR'd text) to an application.

But the legal aspects will keep people on that system for a decade or so, until someone realises that the expense of the infrastructure outweighs the potential cost savings in court...

(And it can be expensive. I know of a couple of banks whose license estate for faxing infrastructure is in the seven figure range on software alone, let alone the licenses for the platform below that software. At standard software maintenance rates, that's a pretty nice amount of coin for software which is mostly in maintenance mode these days...)

2
0

Apple grounds AirPods launch with shipping delay

Philip Storry

The iPhone 7 isn't any thinner than the iPhone 6 though.

And I think they painted themselves into a corner with the seeking of such slimness.

I have owned phones from the Sony Xperia Z line for the past for or so years, and they're great. But put them down next to an iPhone 6, you (just about) notice an extra half millimetre or so of thickness.

Just about enough room to put a nice rubber gasket in around the headphone jack, so that the phone is waterproof.

Having looked at them, I think that the iPhone 6/7 are too thin to waterproof AND have a headphone socket. They only had three options - waterproof it and make it thicker, waterproof it and remove the headphone jack, or don't waterproof it.

The wanted waterproofing, so that left them two options. I can't say for certain why they chose to remove the jack, but I suspect that Apple view making the device thicker as being a step backwards, and they lacked the courage to do that and put a bigger battery in. So they took the only way out that remained...

Of course, if they were Samsung/Sony/HTC/Huwai/Whoever, they could have just tested the market with another model. But they're Apple, and want as simple a product lineup as possible - hence my verdict of painting themselves into a corner.

4
0

20 years to get Amiga Workbench 3.1 update, and only a fortnight to get first patch

Philip Storry
Joke

In other news, Samsung looked on and frantically scribbled notes in a folder marked "Android Update Policy"...

14
0

Donald Trump running insecure email servers

Philip Storry

It's cool.

He's got experts - believe him, real experts - looking at this right now. Ten years old, very smart - the smartest - and one might even be eleven.

*waves tiny hands*

And unlike Crooked Hillary, The Donald doesn't even know how to delete an email. He just doesn't know. But if he did know, he'd only be deleting emails from those people. You know. Those people.

*ahem*

More seriously - even if someone did break into his email, what do you hope to find? All of his bigotry and hatred is on Twitter at 3AM. All of his bankruptcies were public. His sexual assaults are somewhat public. The people he didn't pay for their work are common knowledge right now.

Oh. I get it. What's the betting at least one mailbox is just full of invoices from the company he stiffed for doing maintenance and upgrades on this system?

67
1

Fujitsu to axe 1,800 jobs across the UK

Philip Storry

Global revenue has remained flat at Fujitsu for a number of years

Ah, so this is probably down to the chasing of short-term performance figures.

No doubt next year, they'll record excellent performance.

And two years after that, they'll report high overheads - because clients are leaving them as they can't meet SLAs, and they have to hire expensive contractors in to get certain key jobs done. (Luckily, they have experience from a previous employer. Wonder who that would be?)

The joys of short-term capitalism. Simply making a profit, steadily, year on year isn't enough these days...

22
0

Good God, we've found a Google thing we like – the Pixel iPhone killer

Philip Storry

Re: Err, written by a fanboy who has not seen a decent android phone

Ah, but it's the best camera according to DxO! Who do scientific measurements, and everything!

What I suspect we're starting to see is manufacturers gaming that system. Good stats don't necessarily make a good camera, especially if your output is JPEG. I can fix a lot with a good RAW converter/editor, and it's true that many phones now allow RAW shooting.

But let's be honest. It's a phone. You're going to want to shoot JPEG, so that you can actually use the photos. And that means that for all we know, this phone might use exactly the same sensor as the other phones it beat by a couple of points - but just has a different tone curve and a slightly less aggressive JPEG engine. Which would probably be just enough to gain a point here and a point there in the tests... and suddenly you're the best phone camera available!

When you what's being tested, being best becomes *so* much easier.

0
0

Apple guilty in iPhone ringtone patent rip-off battle with Sony, Nokia

Philip Storry

Especially for the lawyers.

Oh, who the hell am I kidding? The ratio doesn't matter a damn to the lawyers. They win either way...

9
0

Delete Google Maps? Go ahead, says Google, we'll still track you

Philip Storry

I could be wrong - but I don't think this was GPS.

This sounds like a Beacon, which McDonalds have experimented with before. A simple search shows that this is more consistent with Beacon behaviour.

7
0

Google hopes to sniff out OS X badware

Philip Storry

Yes.

But it does have some advantages over XProtect.

For example (and watch the downvotes now!), Apple often seem led by PR and marketing. Even in the face of uncontestable facts, they will often be slow to react "correctly". Many feel that this is because Apple are more concerned with their image than they are with, well, anything else.

Hence quite some time of "you're holding it wrong", or "maps work fine for us!", when the rest of the world is less than happy.

In security terms, that means that sometimes Apple has been well aware of an issue, but been a bit slow to send out an XProtect signature - often taking days.

So I'd guess that this is being done simply because Google wants to be able to secure its Apple clients on its own timescale, not on Apple's.

They might also want to secure some areas a bit more than XProtect can. XProtect only stops known threats that Apple recognises as threats. If Google decides to make a subset of machines more secure by locking down what can be run on them - possibly to meet some government or industry standard when working on a project - this tool would be very useful.

3
0

Yahoo! is! not! killing! Messenger! today!, just! the! desktop! client!

Philip Storry

Commodities & compliance...

Having previously worked for in the financial sector supporting messaging systems, I can safely say that Yahoo! does not have any features in it that meet Compliance requirements.

But it does allow you to use a proxy server. So the usual method is to throw a product in as a proxy, and let that do the capture. The product I have experience with is Actiance Vantage(*), which would basically act as a proxy, gather messages and group them into "conversations" based on time elapsed between responses and then export those conversations on a schedule. The export could be via email or as XML files (amongst other methods), so that you can do what you like with the data after that.

I don't know specifically why it can't handle Skype - it could previously handle OCS/Lync, and a quick web search tells me that you can get the client to connect via a proxy. However, further searching shows that Skype encrypts traffic using TLS, which could be an issue. I suppose there might also be infrastructure complications for many banks, if they have Skype for Business on the desktop and suddenly need to open up a proxied route to the outside world. I'd bet that the networks and security teams would be delighted with such a request...

(I would like to state now that this comment was not an endorsement of Actiance Vantage, nor a condemnation. If anything, I'm ambivalent about it - it did the job, and annoyed me no more than most other software did.)

--------

(*) - Actiance were formerly known as FaceTime, but then some small manufacturer of fashion trinkets decided to use the name FaceTime for one of their services without doing the proper due diligence. Actiance/FaceTime sold the name rights to that company. Imagine a parking lot full of Ferraris...

4
0

The 'new' Microsoft? I still wouldn't touch them with a barge pole

Philip Storry

This is why I've still not bought a personal/home O365 sub.

I'm not a huge fan of Office (except Excel), and use OpenOffice.org's products for the most part. But I have a Windows VM with Office 2010 in it, all legal.

Mostly just for the very rare occasion when I may need to have 100% compatibility with an Office document.

Of course, we're now two versions on. And most idiots who bleat on about 100% compatibility with Office will always forget that Office itself isn't even100% backwards compatible. So at some point, I'd like to upgrade. And O365 looks like a good way to do it.

On the one hand, around £60/year seems like a reasonable price for the whole of Office. On the other hand, I've not actually needed it for months - so it's definitely a luxury purchase. I can't justify it, and the only way to justify it is to use Office more and lock my data into it. Not likely!

If I ran my own business, I'd probably have my hand forced. But as it stands, I'm sure I'll manage without...

13
1

Music's value gap? Follow the money trail back to Google

Philip Storry

Oh dear. What a poor metaphor!

Andrew, Andrew, Andrew...

Such a poor metaphor. It's the 14th of April, 2016. Not the 1st of April. And definitely 2016. So can we please stop trying to equate intellectual property - the ownership of an idea or a record of the expression of that idea - with physical property?

Because it really doesn't help. At best, it muddies the water, and at worst it makes people write simplistic comparisons that actively mislead people.

Let's try a different metaphor. One less stuck in bovine faeces than the wellies you struggled with here.

Imagine that you are a writer. And your writing has value. It can entertain people, inform people, even enlighten people. And you're proud of the results of your efforts, and want a simple exchange - that people give you money in order to have access to the fruits of your efforts.

Which seems fair.

But now imagine that there are only two ways you can get your work out to people. The first is via small-scale printing, locally distributed. It's messy, the end result is a little ugly, and it doesn't scale very well. Only people within a few miles of where you live will ever get the opportunity to see your work. The second is to sell your work to a big national publishing of newspapers or periodicals. They have the scale in both production and distribution - and they'll help you with editing and have access to stock images too! Unfortunately, the downside is that they pay pittance and they insist on the right to re-use your content whenever they like, however they like. And you lose editorial control.

It seems that there's only one option - take the pittance, and make up for it in volume of works. Hopefully you can grow an audience, then demand more money from the publisher. Meanwhile, your growing body of work is being owned or licensed to a company that may not share your values, and merely views you as a line on a profit or loss statement. But hey - in a way you're one of the lucky ones. There are plenty of talented writers who never got the chance to reach as wide a public, because these publishers are quite conservative in their editorial policies - - unless it's "hot", they like to avoid controversy, seeing it as a risky investment. And new things are often controversial...

But you suck it up. Because, after all, there is no other game in town. There's no technology that can fix this for you.

But wait - what's this? A technology that interconnects networked computers! Let's call it the conwork. Or internet. No, conwork is better. Let's use that.

Well, you have loads of fans. And now you could take your work to them on this new frontier!

Except your publisher doesn't care. They're too busy selling physical books and periodicals - which is profitable, and has an existing and well tested supply chain - to bother investing in this risky new technology. And you've signed away your rights to your own work - past, present and future - to the publisher, so you can't take your work to your fans yourself. Which is crazy, but who could have predicted the conwork, eh?

Meanwhile, your most dedicated and most technical fans are starting to transcribe your works so that they can enjoy them on their conwork'd computers.

And there are new, smaller publishers popping up that use the conwork technology. They may not have the big artists, but the ones that they do have aren't constrained by the editorial policies of the big traditional publishers. They can write stuff that their fans really enjoy, and they're less fussed about being banned from vendor conferences. The world is changing, and these smaller conwork sites are getting big readership.

Except for your publishers, who still refuse to sell your works on the conwork... For them, the world is static.

Finally, the publishers - after much negotiation with a company in the technology industry - get round to selling your works to people over this conwork.

But it's too late. People have spent so long trading your work on the conwork for free that the value of it has been changed. They'll never pay what your publisher wants. They're also now used to just getting the article that they want, without a load of lesser articles packed around it and cranking up the expense.

Also, your contract with the publishers still only pays you pittance for each work sold, despite the fact that the publishers now add less value than ever and how much lower overheads than ever.

However will the publishers defend this? Why, by attacking the customers on behalf of the writers - the writers will hopefully not realise they're being ripped off, and the fans won't be listening to the publishers anyway - only shareholders and the artists do.

So you tell yourself that just as soon as your current contract is up, you'll renegotiate a better one. If they'll let you. And if not, you'll have to go to one of those smaller labels, I guess. Maybe. Seems scary though. After all, they still control the old media, so you'd be losing that.

Maybe you'll just stick with the big publisher. They love you, after all, right?

Hang on. My analogy seems familiar... It's almost exactly what the movie industry, the book publishing industry and every other IP industry has been trying NOT to repeat ever since the music industry really missed the boat.

Seriously, your analogy sucks because it misleads people. Conflating physical goods with IP won't work. You could have told a decent story here. Instead, you put out something that's barely fit for this new-fangled conwork thingie...

(And ironically, you did it on one of the new-fangled conwork thingies. I'm still unsure whether it was genius satire, or genuine idiocy.)

I'm not even going to talk about how DMCA takedowns are being filed in bad faith by automated machinery, or how the big music companies believe that they have some divine right to own everything and anything, and fair use be damned.

I'm all for artists getting a better deal. But I know where they won't ever find it. And I'm not going to attack fans or technology companies for the mistakes of an industry. That, it appears, would be taking your job...

33
18

Whatever happened to Green IT?

Philip Storry

Re: The bottom line won, green just road its coat-tails...

I have no idea how it became "road on its coat-tails" - I'm going to blame autocorrect! Regardless, apologies to those that it offended...

Can't disagree on what you've said about power generation, by the way!

0
0
Philip Storry

The bottom line won, green just road its coat-tails...

It's touched upon in the article, but in an odd way it's now very expensive not to be green.

At work, if I need a new server a VM is spun up. Speaking to friends in other companies, most infrastructures have gone the way of "you need to justify hardware" these days - the default is a VM, on the grounds that it reduces power consumption/rack space/hardware costs.

And then there's the cloud. Ever built a SharePoint farm? So many machines! But if you're using Office 365, then that's Microsoft's problem. And at the scale of their O365 SharePoint farms, you can assume that they want to eke every saving out of them that they can - so it's probably pretty green.

But even aside from that, at a machine level the cycles not spent serving you are probably spent serving someone else. I'd wager that the sheer scale of the various cloud services makes it far more energy efficient than using your own infrastructure, even if you have a virtualised infrastructure.

Lastly there's the hardware itself. I'm struggling to think of a recent time when I replaced something with a new bit of kit that was less efficient than the previous one...

Eco-warriors should take heart. As the technologies developed and scaled, it rapidly became too expensive to be anything but green unless you really needed local performance.

Now if only we had the same kind of cut-throat competition in power generation - then we wouldn't have people clinging on to big coal-fired stations to eke out the last of their lifespan, instead of moving to something that was newer and cheaper.

(My point being that the new technologies for power generation are close, but don't seem close enough or compelling enough yet to force replacement as we do with IT kit.)

11
0

'Just give me any old date and I'll make it work' ... said the VB script to the coder

Philip Storry

Re: VBA date handling has taken at least five years off my lifespan

The UK tax year starts on the 5th of April because of our transition to the Gregorian calendar from the Julian, doesn't it? We skipped days in the calendar to make the transition, and merchants rebelled against the idea of being taxed for non-existent days... So the end of year date was moved back to placate them.

Computerphile/Tom Scott made a lovely video on handling time zones, which is relevant to this:

https://www.youtube.com/watch?v=-5wpm-gesOY

I'd tend to agree - if it's at all possible, rely on the libraries that already handle this stuff. As you found, if you have to handle this yourself it rapidly becomes a very deep rabbit hole...

9
0

My devil-possessed smartphone tried to emasculate me

Philip Storry

Reminds me of the Orange nk502/Nokia 8110

My very first mobile phone was a Nokia 8110, branded as an Orange nk502.

https://en.wikipedia.org/wiki/Nokia_8110

Yes, we had aerials on phones back then. That was normal. It was also a very advanced model - it did this new-fangled SMS thing, for starters.

But it was commonly known as the "banana phone", due to a lovely curve that the unit had. It looked great, and was very comfortable in a trouser pocket.

Until you sat down.

Because the curve means that the phone moves towards the horizontal in your pocket, over your thigh as opposed to running up it. And can you guess what the aerial is now pointing directly at?

Trust me, the pointy corner of a modern smartphone is NOTHING compared to the searing unendearing spearing that aerial would give your gonads.

Nokia provided a version of the phone for Neo to use in the film The Matrix - albeit with a spring-loaded cover that they were experimenting with. Virtual reality Kung Fu? Being faster than a computer? Humans as batteries? Floating squid machines? I can accept all that. But Neo not being stabbed in the balls by that phone is pure Hollywood bullshit...

7
0

The paperless office? Don’t talk sheet

Philip Storry

Killing paper may well happen, but not quickly

I was working with faxing until 2014 - it's still in some banks. Legally, a fax is a contract no matter where you go in the world, so many trades (in particular Securities) are finalised by fax.

Many of those faxes were never actually paper though - it was simply a transmission medium.

People I know are always amused that I was working with faxing in 2014, and even more amused that I know ex-colleagues still working with it in 2016.

So I'd say look at where the law has its precedents. Banks, councils and so forth like paper not because it's cheap or simple - it isn't. You have to pay for expensive, annoying humans to handle it.

And usually they minimise that human requirement, paying for expensive scanning systems to turn them back into digital documents that they can route and process accordingly.

So I suspect that paper will survive as a transmission method for quite a while, as it's a lowest common denominator and allows for legal mechanisms like recorded delivery.

However, that's just the tip of the iceberg when it comes to reasons. Personally, I find proofreading much easier if I change the medium - these days that can mean loading a PDF onto a tablet, but nothing really beats scribbling marks on paper. But will kids who are growing up with tablets want to do this, or will they just rotate their device for a different layout?

Everyone will have their own reasons. But the fact that some children use little paper outside of school does mean it might yet happen in our lifetime.

5
0
Philip Storry

Re: Number 11

In the future, old people will reminisce about the smell of a freshly opened iGroin attachment that they were going to use for their iSexy sessions.

These new direct neuron influence generation helmets* are better, but they lack the physical sensations of the old technology.

--------

* Commonly known as the D-NIGH standard of virtual reality. You're welcome.

4
0

Cybersecurity is slowing down my business, say majority of chief execs

Philip Storry

Re: If you can see it, you're doing it wrong

Kind of.

We're trying to change a culture here.

At first, IT was a strange thing in big offices with big expensive kit that worked miracles.

Then, it came down to the desktop, and allowed anyone to perform smaller miracles.

Next, we connected those desktops and gave everyone the benefits of sharing files, emails and so forth.

Recently, we interconnected all the separate business networks via the internet, which was a huge boon but also a security bane.

Security shouldn't be invisible, it should be normal. It should be part of every project, of every procedure, of every technology. But as IT became so ubiquitous that it entered everyone's personal lives as PCs, MP3 players and smart phones IT also became something that people regarded as a commodity - something that "can't be expensive" and "can't be difficult".

Here in IT, we're kind of young. This is a cultural challenge we've never faced before. So let's look at another industry where they have a similar issue - the construction industry. There, safe working should be part of every worksite. Every access point, every construction phase, every job, every bit of equipment - they should all have the safety of the workers in mind. Workers may well be available, but they should not be regarded by the construction companies as a commodity - they require protection.

So every building site has a big sign at the worker's entrance, declaring "no hat and boots, no job".

Health and Safety is still visible, and in a big way.

But it's also just normal. That's the way it is in the construction industry.

Why? Because the law states that if a Health and Safety breach occurs, people can go to jail. It's not just fines. It's potentially their liberty. In the 1970's we got tired of workers being treated as a commodity, and dealt with it accordingly.

You want the attention of these idiot CxOs? Easy. If they get compromised and they can't show that they took security issues seriously, then as well as the company being fined they get the joy of going to court to defend themselves from jail time.

Just like health and safety issues, we probably won't get any traction until we focus the minds of our "best and brightest" CxOs. After a few have gone to prison, companies will take this seriously and then it won't be invisible, but it will become normal - which is what we actually want.

But until then, good security will just be a cost to be shaved as thin as possible.

16
0

It's 2016 and a font file can own your computer

Philip Storry

Re: How did this ever become a problem in the first place?

(With apologies if you know all of this already.)

In the case of Windows, this all goes back to Windows NT 4.0.

Windows NT 3.x was stable and had lots of advanced features, but it required a pretty big machine at that time. 3.1 (the first release) was huge, 3.5 was better, and 3.51 was - by comparison to 3.1 - faster than a greased rat up a drainpipe. Sadly, when compared with Windows 95, Windows NT 3.51 was still slow.

Microsoft was running out of optimisations that they could feasibly make, and hardware wasn't catching up quickly enough either.

So Microsoft decided to move the GUI into ring 0.

Ring 0 is where the kernel lives. Intel CPUs had two "rings" where the code runs, each with different levels of privilege. In ring 3, the memory and I/O that the code has access to can be restricted to ensure a process can't affect other processes. Ring 0 has unrestricted access to the whole machine. (There are also rings 1 and 2, but earlier Intel processors didn't implement them so we're stuck with just the two rings.)

Moving the GUI code into ring 0 made window painting/repainting faster, so it was a significant improvement. Windows NT 4 felt livelier and nippier than Windows NT 3.51, so in that regard it was a success.

It was also controversial at the time. Windows NT was advertised as the secure version of Windows, and plenty of people were aware that this might not work out so well.

However, at the time there were no practicable exploits. Machines were only ever connected to what we'd now regard as trusted networks, video card drivers came on floppy disks and updates to them were hen's teeth, fonts were things we installed only if an application wanted it. And so on, and so on. Therefore only geeks and academics cared about the possibly impact of the move to ring 0.

The world is a little different now, and we're paying the price for past naiveties....

(In Microsoft's defence, X Servers usually run in ring 0 too, for performance reasons. I wouldn't bet against the Mac OS X graphical stack doing so as well. People like faster, and the customer is always right because he votes with his wallet.)

6
2

VMware axes Fusion and Workstation US devs

Philip Storry

Re: Will be interesting to see how this pans out

I agree with you.

But there's no column on the spreadsheet to fit all that in.

And the spreadsheet disagrees with us both.

And the spreadsheet is God as far as senior management know.

Therefore the spreadsheet wins.

:-(

4
0

That one weird trick fails: Google binned 780 million ads last year

Philip Storry

You've obviously not visited Buzzfeed/Answers.com/$timewastingsites.

Last week, I clicked on a link that took me there. I'm pretty sure I did half that number just on that one visit...

(Note: I just went to my Facebook feed to find some other such sites to pad out the list, but thankfully couldn't find any despite scrolling back a whole day. However, I now worry that some kind of disaster may have killed all of my less intelligent friends and relatives...)

0
0
Philip Storry

Re: So they're cracking down on some scumbags...

Whilst Scientology are classed as a religion, rather than correctly classified as "a cult designed to extract money from people", they probably qualify for some kind of discount from many businesses.

I'd like to see Google refuse to do business with them. But Scientology would probably just start a shell game with many new companies in order to get what they want. Let's face the simple fact that Scientology is the evil here, and Google is - at worst - the lesser evil.

Also, I'd question the source. Scientology makes lots of claims, many of them somewhat distanced from reality. But even if they provided evidence, would you really take it at face value? This is an organisation that has planned to forge government documents in the past, after all...

8
0

Eighteen year old server trumped by functional 486 fleet!

Philip Storry

Windows not running for longer than 49.7 days.

As far as I recall, that was Windows 95. And the actual figure was 49.7 days - or, suspiciously, around 2 billion seconds. Yes, the bug was caused by the fact that the system timer didn't wrap around - when it finally hit the maximum value of the DWORD, the machine just hung.

The bug actually affected both Windows 95 and Windows 98, meaning it took almost three years to get enough samples to diagnose the issue.

Thus leading to the joke "Even during their testing, Microsoft couldn't get a Windows 95 machine to stay up for more than 48 days..."

To be fair, most Windows 95 machines that did run as servers were doing either print services or file sharing (often a file share for Microsoft Mail) on a workgroup style network. So most of them were unlikely to be powered on for longer than 5 or 6 days in a row anyway.

But I don't think that should make anyone feel bad about sniggering at the bug. It was, and remains, a dumb mistake.

8
0
Philip Storry

>

“Igor” told us about a pair of IBM e x235 servers that have run since 1997, each packing four Pentium III CPUs, 4GB of RAM and eight 72GB Seagate SCSI HDDs.

<

Nope. The Pentium III wasn't released until 1999, so he must mean a Pentium II or has his dates wrong.

The amount of RAM is also a little luxurious for 1997, when the average PC had 16Mb and the average server had 32-64Mb. Not necessarily impossible, but dubious. I'd expect 1Gb of RAM tops in an x86 based machine in 1997.

And 72Gb hard disks in 1997? Not that I recall. Not even with SCSI bypassing the ATA limit of 512Mb. Maybe in pixie-la-la-land, but not on any site I worked at. The standard size around then was around the 400Mb region for a desktop, and servers might stretch to 2Gb per disk - but you were more likely to see an array of 1Gb disks.

Everything about Igor's story seems suspect. Those specifications are just too early. I respectfully submit that he's misremembered, and apologise to him for being the one to have to point it out.

56
0

El Reg mulls entering Robot Wars arena

Philip Storry

And from the website The Register, their entry is...

LIFTSHAFT!

Wait. This plan may not work as well as we'd hoped...

0
0

Microsoft releases major PowerShell update after long preview

Philip Storry

A shortsighted view

Kinda.

To say "no UNIX shell even comes close" is both accurate and grossly misleading. You didn't give anything to measure by, for starters - close in what regard?

Both have their problems. Object orientation is wonderful, right up until you're doing something with AD and Exchange and find that (for example) the distribution members have a different type to AD accounts so you can't directly compare them without doing some type conversion. That type conversion is a hassle, and a great example of the extra verbosity PowerShell constantly seems to require to accomplish something.

Objects are indeed more powerful, but require more work - plain text definitely has its advantages on occasion.

And what are you comparing as a "UNIX shell"? Just bash? Nobody would dream of using any UNIX shell without also having a copy of cp, mv, rename, grep, awk, sed, sort, and so forth. And for more power, you can always fire up Perl or Python. (And Python is a standard part of most modern distributions, so it's not like you need to install it. Perl used to be, but I think it's now missing from some more modern ones.)

I like PowerShell, but its verbosity gets to be tedious after a while. I like UNIX shells, but the plain text thing clearly has occasional limits that it takes Perl/Python to fix.

Frankly, what makes PowerShell inferior in my day to day work is Remoting. That's such a classic "Microsoft Developer Solution" - nobody bothered to consult anyone who would actually use it. With no decent persistent sessions, it's a PITA to use except in scripts. (WinRM? Ugh. Thanks, but no thanks.)

Want to improve PowerShell? Give me SSH and a tmux/screen equivalent. That'll be just peachy. (And yes, I'm aware SSH is coming to Windows. So it's just tmux/screen we're waiting on.)

Funny thing is, that shows that - just like on UNIX systems - it's not just about one tool. Decent administration requires many tools, working in harmony. PowerShell's almost there...

22
3

HPE: If we don't give Deutsche Bank right contracted outcome, we'll lose money

Philip Storry

A more accurate headline...

"HPE - Deutsche Bank still haven't understood the contract they've signed, we're going to shaft them".

Because that's almost certainly what's actually happening here...

1
0

Outsourcer didn't press ON switch, so Reg reader flew 15 hours to do the job

Philip Storry

Re: External IP KVM or DRAC?

Because DRAC/ILO/IPMI look very expensive, so the bean counters dislike them.

When you're building any infrastructure that has quite a few servers, the additional cost of DRAC/ILO/IPMI soon adds up to a hefty bill.

Everybody here knows that when you factor in the potential costs - longer outages, and time saved when called out - they're actually pretty good value for money. Not wasting time having to go to the data centre to deploy the Mk I Finger O' Doom is pretty handy. An IP KVM was a useful alternative, but the lack of the power feature made it very much an inferior solution - which was reflected in the pricing of the two technologies.

But try telling that to the guy who doesn't understand, and is wondering why every server is more expensive by a three figure sum...

The drive to virtualisation has often been justified solely just on the basis of shaving that cost off each server (and having standardised drivers/devices on your servers). As you scale up, it becomes a significant saving.

8
1

Child abuse image hash list shared with major web firms

Philip Storry

Oh, goody! MD5!

It's lucky they chose an up-to-date hash algorithm that's got no known weaknesses.

What's that, Carnagie Mellon University's Software Engineering Institute? As of 2010 you consider it "cryptographically broken and unsuitable for further use"? Oh, that's unfortunate... MD5 has been known to have collision issues since 2004? My - that is poor.

Seriously, MD5 is fine for some things. But for important things - like anything approaching censorship or criminal justice, perhaps - I don't think we should be using MD5. SHA-2 perhaps?

2
5

Web server secured? Good, now let's talk about e-mail

Philip Storry

People attempting proper SMTP TLS is terrifying

As soon as Let's Encrypt can get me a certificate, I'm going to get one. My website should be HTTPS-only by mid-December with a little luck. (The hard work is just content checking, to make sure all embedded content is also HTTPS and therefore doesn't trigger mixed content warnings.)

But SMTP? That terrifies me. I was a messaging administrator for 15 years before I switched to another technology this year. I've done that in healthcare, banking, and other sectors - I've got plenty of experience with doing SMTP+TLS, yet it's still deeply scary.

And it's not the setup of my systems that's really the issue. It's other people's systems. Which are often badly set up and badly maintained. If Blackadder had continued on to do a series in which he worked in IT, the conversation would go something like this:

Junior BOFH - "I want to see how an email system is run... so badly!"

Blackadder - "Well, you've come to the right place. An email system hasn't been run this badly since Hillary Clinton's campaign manager found a cc:Mail CD and a spare half hour..."

In theory, it should be fine. Very few people verify the certificates' signature chain. Or that the hostname matches the certificate. Or the TLS version, the ciphers, or much of anything else. They just use TLS opportunistically to ensure encryption over the public network.

Although it is odd that the only reason it'll be fine is that SMTP+TLS is almost always so badly set up it's actually very insecure.

But I know how complicated this is, and I recall what happened whenever a commercial partner's security team decided to try and enforce proper security in this area. Those were the "interesting days". Very long and very interesting...

And that's what terrifies me about this. The part where everyone else has to learn what I learned years ago - nobody wants to do this properly, they just want to do it well enough that it ticks the box marked "email to partner organisations is encrypted during transport".

Basically, it'll be a right mess.

I'm glad I'm out of the messaging game!

3
0

Chrome OS is not dead, insists Google veep in charge of Chrome OS

Philip Storry

Let's be honest here - the WSJ is not a particularly technical publication.

So when someone from Google said "we've been working for a couple of years to merge them", they heard "only one product will survive".

When in actual fact, the Google representative probably meant "we've been working on getting ARC (Android Runtime for Chrome) for two years, and in 2017 we think a Chromebook will be able to run Android apps so well it'll really blur the boundaries".

WSJ in "knows nothing and doesn't do research" shocker!

10
0

Big mistake, Google. Big mistake: Chrome OS to be 'folded into Android'

Philip Storry

Re: So what's your point?

I think his point is that it's not the underlying technology - it's the applications.

Windows NT4 was unsuitable for home use despite having the same interface as Windows 95. That's because it had to ensure security and process safety (amongst other demands).

Windows 95 was backwards compatible with a LOT of software. There were some exceptions - for example Delrina Winfax Pro didn't work - but that's because it replaced the COM port driver. The actual application would load and show you your old faxes, but it couldn't send or receive, due to that COM port driver. That's actually pretty impressive - only specialised software that did odd stuff didn't work, and even then it often partially worked. The rest of your Windows and DOS software would run just fine.

Where Windows 95 was impressive in its backwards compatibility, Windows NT 4 wasn't as impressive. Sure, it had a Windows on Windows 16-bit machine and a rudimentary DOS box. But most Windows software wasn't written with security in mind. A lot of 16-bit software did stuff that Windows 95 could allow, but the strict process limitations in NT wouldn't. Hell, Microsoft's own Office suite had a bunch of "this feature doesn't work under Windows NT" and "this feature requires local admin rights to work under Windows NT" issues until about Office 97 or 2000. If even Microsoft's developers couldn't get it right, what chance did others have?

The solution was actually pretty simple. It took two things - time and patience. Over time, most of the software became 32-bit and the compilers wouldn't allow stupid coding behaviour as easily. And software gradually became a little more security aware. But most importantly, users moved to software that was compatible as they either upgraded or switched to other applications.

It wasn't perfect, but after five years or so the world was just about ready to migrate to that new NT kernel. Some software wouldn't - couldn't - work on it. But most did, and it was just like the Windows 95 compatibility situation all over again.

How is this relevant to Chrome/Android? Well, there's an Android Runtime for Chrome. At the moment it only works with (and therefore allows) specific, vetted apps. It's quite possible that Google's plan is to run a "virtual device" on your Chromebook, where you'll be able to have your Chromebook as another Android instance, possibly even with app data synchronisation and the like. Android lends itself well to that architecturally, and it's far easier than trying to get lots of Android apps replaced with Chrome web apps/extensions.

But like those early Windows 95/Windows NT migrations, there will be edge cases where apps do unexpected and stupid things that the Android Runtime guys never anticipated. And there's issues like the notification centre (do they unify it between the Android instance and Chrome?), what data to synchronise, and so forth. It won't be perfect. So Google have some work to do to get it "good enough", and there may be new APIs in both Android and ChromeOS to help developers get the best out of this integration.

In this sense, I see strong parallels between the first two big Windows upgrade/migrations and this one. It's about application compatibility more than anything else - nobody runs an OS just for the sake of running an OS.

(Well, nobody with a life...)

5
1

Time Lords set for three-week battle over leap seconds

Philip Storry

Re: And we have...

His name was William Willett.

You're a bit late to kick him in the crotch, as he's been dead for just over a century.

https://en.wikipedia.org/wiki/William_Willett

However, there is a memorial to him in Petts Wood. I've been past it a few times, and was astonished as to how free of vandalism it is, all things considered.

I just read the Wikipedia article, and discovered that the man is also the great-great-grandfather of the lead singer of Coldplay.

It really is a ***ing miracle that the memorial hasn't been blown up by now, isn't it?

10
0

Laid-off IT workers: You want free on-demand service for what now?

Philip Storry

Re: "I've forgotten how to do that"

Before you leave, send an email to ask if you can take copies of all the {documentation|source code} with you, to help fulfil this requirement.

We all have a good idea what the answer will be.

If they call, then remind them that you asked for the resources you'd need to assist - and they declined to provide them. As such, you're working somewhat blind and feel it would be unprofessional to take such a significant risk with a live system. You're happy to help, but feel they need to be reminded - in writing - of the significant risk that this represents.

Of course, if they want to send over the latest {documentation|source code}, you'll happily read it to get yourself back up to speed, and then assist.

Oh, and when you've got that {documentation|source code}, don't forget that all of this is at your current employer's agreement. I'm sure they'll schedule time appropriately - you'll probably get through it all in a month or so, maybe two - that's OK with SunTrust, right?

Cue a few questions occasionally over the coming weeks to show that you're reading the {documentation|source code}... Some people might accuse you of delaying things by asking questions, but you're actually just ensuring you have a full understanding of the system. Very professional of you, and good mitigation of that risk.

I reckon you could easily spend a full three or four calendar months doing that. The word "risk" is a magnificent motivator in a paper trail...

Now, naturally, they'll probably decline this request for {documentation|source code} anyway when they call. But now you have a paper trail, established from before you left. You can remind them that any changes you make are naturally more of a risk than ones done by those done by the new owners of the system. Keep reminding them of this, in writing, before you make any change.

Congratulations. You're now highly unlikely to be called more than once, and there's no way they can say you were unprofessional or unhelpful. After all, the paper trail shows that they were the ones being unhelpful...

72
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017