* Posts by Lee D

3141 posts • joined 14 Feb 2013

TV piracy ring walks the plank after Euro cops launch 14 raids and shutter 11 data centres

Lee D Silver badge

Re: whack a mole

I learned years ago - if the price isn't something I'm willing to pay, I'll find something else to watch.

I'm not a sports fan at all, but I apply it to all the things I'm passionate about. I will literally just stop watching/buying/collecting whatever it is when they start taking the piss.

Sure, I "suffer", but there's other stuff out there to do, and they are at the end of the day a luxury. Purchasing them blindly is only encouraging them to continue screwing you over. I'd honestly rather wean myself off the habit, do something else, and give money to people/services who are being reasonable.

I know of people who don't actually watch much sport at all who are still paying £120+ per month for their TV services. I can't justify that, not on top of the prices of things like the TV itself, the Internet connection to make it work, etc.

There comes a time when you just have to say "No, that's fine, I'll do without" and spend your money on something better.

My TV consists of a second-hand projector, a Raspberry Pi, and a DVB hat on it. Total cost: £60 (the projector was a throwaway). With a £20/month Internet connection that means I can watch and record all the normal channels, timeshift, and stream live and recorded TV remotely over 4G and the ongoing cost is nothing more than I'm already paying for mobile phone/Internet (which is a pittance, really, because I got right away from fixed line broadband because of the same problem - £20 for the Internet, £18.99 rental for the phone, £120 install costs, etc. etc. etc.).

Now given that this time last year I had TVPlayer as my primary TV, with Netflix and Amazon Prime for other content, I literally cut them off... I paid £30 for a YEAR of TVPlayer. And it never worked reliably, it constantly logged me out (usually at a two hour cutoff from login, right in the middle of your program), and half the channels either were unavailable (e.g. blocked when they were showing a movie) or were actually for Ireland (all kinds of Irish adverts with Euro prices). When that year's deal ended and they wanted a regular monthly payment, it was cheaper to build the RPi.

Netflix I got on a similar deal. Tried it out, watched quite a few things on it. Well... I did... until I "caught up" with all the programs that everyone was crowing about. Then there was nothing on there but old cruft, and the same movies repeated over and over in my recommendations list (even after trying to find new things by doing everything I could think of). I cancelled it when I realised that for 3 months I hadn't used it at all.

But I out-TV-Playered TVPlayer with a RPi because of content restrictions and pathetic implementation. Netflix and Prime were just a cycle of the same dross after a while (but I kept Prime for other benefits, so it's a nice diversion that doesn't cost me extra). I don't use iPlayer unless I actually missed a program through forgetfulness because it's just a pain to integrate into the TV (even with Chromecast, RPi, Kodi, etc.)

The TV and movie industry dictated how I could watch their content. So I implemented a low-cost niche usage for myself and did other things instead, legally. To me, the alternative if that goes south is to not watch them, not watch illegally. But I can understand why others make a different decision.

When a guy in Denmark with a bunch of DVB-S/DVB-T cards and one subscription can distribute your content worldwide cheaper, more reliably, more easily, more searchably, to more people, and show all the stuff that you don't than the actual broadcast networks can... you have a problem with your business model that isn't going to go away.

Regional restrictions are fake. Not being able to show content that you're BROADCASTING FOR FREE ON TV at the same time, that's fake. Not having your archives that are full of material I might want to watch, online, on demand, so I can buy/watch that material and literally pay all the rightsholders necessary, that's fake (congratulations Channel 4 for just putting your archives on YouTube all that long time ago). Putting some events on premium subscriptions and then padding them with dross for the other 23 hours of the day, that's fake.

While you're being fake, you're pushing me and others away to alternatives. Which include the guys in the article as well as "just not caring". We're in an information age. I can find content I'll enjoy online, legally, somewhere. It may not be the Game of Thrones that everyone in the office talks about, but such things are short-lived anyway. You are easily replaceable.

The irony of watching New Amsterdam on Prime because I saw an Amazon advert on TV for it.

Chap joins elite support team, solves what no one else can. Is he invited back? Is he f**k

Lee D Silver badge

Probably not quite the same level but I do the IT for big, posh schools.

Between jobs once, I joined an agency who placed me in a very posh school in London. This particular one (with a famous real/parody Mum's twitter) hired me for a day to evaluate me for a job at their main site (which occupies the ENTIRE road, split among dozens of buildings and little sites). It was one of those "we'll have you for a day, if you work out, we'll just keep asking you back the next day" kind of deals.

Turn up, meet the team (about 15 people in total I think), big plush offices, people in glass-offices having IT strategy meetings, four layers of management, several IT service desks across the various sites etc. etc. I was asked to shadow one of their techs, and over the course of the day we managed to cover quite a chunk of their site - from little back rooms, thousands-of-pupils helpdesk, back-end comms rooms, brand new buildings, etc.

While I quite understand that I was shadowing / etc., allow me to describe *every* IT query, problem or task I personally witnessed that day - of anyone I met - while shadowing a first level tech throughout an 8 hour period in a very, very busy school, including going to / sitting in every site they had, spending hours in all their main support rooms, etc.

- Taken to an in-school support desk room. Three/four technicians, first and second level. Senior manager/teacher walks in with a broken laptop. Literally dead. Doesn't turn on. Was issued to him only yesterday. He walks out with it, while yelling at the support team, about 20 minutes later. They literally did nothing. I asked questions when he was gone: They didn't ticket it. It was a school laptop. It was definitely broken. They didn't care. He was "just a moaner". "You know what they are like". "We have a pile of imaged laptops here, but nah." With a support team leader saying the same. Like... wow... that would have got me sacked in a state school let alone anything higher. They liked to keep their ticket system clean, so there was virtually nothing on their helpdesk lists, I got to read every ticket (I was that bored of waiting that I asked). They were all first-level stuff. I literally offered to take on one that I spotted at the top of the list which was just to change a VGA cable. They wouldn't let me / the tech do it, and nobody else did anything about it either.

- Sat in the "main" support room (the big fancy office where the IT strategists / directors looked out of their glass offices over the fancy technical desks that had... quite literally... 5 techs, 5 dual-screen fancy-shite setups for them, not a tool in sight and precisely one computer under repair. There was nothing else going on at all). Must have been there an hour or more. Nothing. Fobbing off of people who came in. One "I'll just go do that thing" and wandering off of one tech. That was it. Not a machine repaired, not a software installed, not a configuration changed, not a documentation edited even.

- Lunchtime. No, I kid you not. The rest of the time was walking around, not even looking at a helpdesk, or machines, or anything. Just wandering and talking to teams who weren't doing anything. Lunchtime was made a fuss of as "they provide lunch". I know mate, most posh schools do. I'm not amazed by a school dinner, though, thanks so I sat with him for about an hour as he ate his lunch.

- Taken to "the new site", a refurb of probably an antique million pound piece of real estate of theirs that was becoming offices. We walk there. It takes half an hour.

- We tour the building but we're there because there's one new office in there, with new desks, fresh carpets, etc. PC's sitting on the desk, already imaged. Apparently the tech "gets them like that" and isn't ever allowed to image anything. Everything comes fresh-prepared for them. Fair enough, maybe it saves them a bunch of time, but I suspect what's happening the the first-levels are coasting doing nothing to make the second-levels have big teams, and someone on third-level actually digs out SCCM (P.S. note that I haven't mentioned any software, process, etc. that they use... because I never witnessed even an AD Users & Computers screen, let alone anything that wasn't an empty helpdesk web page - these computers were never even turned on after cabling).

- We "arrange" the computers. This means literally shuffle them along the desk so they are near the plugs.

- One of the computers has an absolute disaster! Oh no! The Cat5e cable to go to the wall is too short by about 40cm! What we will do?!

- Ensue a FORTY MINUTE conversation about what to do about it between a bunch of techs of both first and second level. I'm incredulous at this point.

- I get bored and say "Get a longer cable? Doesn't that huge comms room you showed me (with a huge floor-to-ceiling rack with just two switches in it, in a room that's at least four times bigger than necessary, but had a stash of spare machines, cables, tools, spare parts, etc. in it) just down the hall not have a spare, brand-new patch lead that isn't 50cm in it? No, we can't do that, they cry, without any explanation.

- Ensue a TWENTY MINUTE dither while I literally sit on a table waiting for them to come up with something.

- They phone the main support base. They talk for TEN MINUTES.

- Seemingly no resolution, they disappear telling me to stay there. The temptation to just walk 50 yards and CHANGE THE FECKING CABLE FOR A LONGER ONE from one of the fresh patch cables in sealed packets that I can SEE is so strong but I resist. (If I hadn't asked directly, I would have claimed ignorance and done it, but I didn't want to be seen as taking things I'd been told not to).

- Half an hour later, the guy has ran back to the main support, picked up a cable, and come back. It's 70cm instead of 50. It's not long enough, but they stretch it and make it work.

- They dither doing literally NOTHING else, just "arranging" machines. I'm seething.

- We go back to the main site. We hang around in the first helpdesk area for a little bit. They relay their success story to their peers, who haven't moved and still have the same tickets on-screen.

- I go home, they pay me a full day's wage. On the way out, I seriously consider popping into the bursar's office (generally responsible for the site facilities like IT), and hesitate around his door - I really wanted to just have a quiet word telling them about my day and what they are paying people - including me - to do. But I realised that they were ALL in on it. Even the directors, strategists, team leaders, etc. They're all doing feck-all all day long. If the bursar doesn't know, he's not doing his job either.

- When I get back, they've told my agency that they don't need me again, because I wasn't the right fit for their team. No mention that we literally did feck all, annoyed senior management for fun, didn't complete a single ticket (the tech with me literally did NOT fulfil a single ticket to his name all day - the cabling thing wasn't on there, and if it had we didn't do *anything* with them anyway).

I honestly considered whether it was a test of some kind, so I wrote a review of the place with my agency, complaining about their process and how they operate and, basically, wasted my day. Nothing happened. The feedback from the agency (run by a good friend) was "Yeah, they're really weird, we can never place anyone with them for long, everyone says the same". Apparently, it's been like that for years. And they happily pay through the nose for agency rates to get techs in for a day and do nothing with them. I suppose it looks good on paper and they have the money to burn and it makes what I'd call the *actual* IT team (somewhere around the third-level was where they did things like deploy software, god knows what level of management actually authorised purchases and staffing) have a huge team under them.

It was literally the kind of place that if I could work there (e.g. job offer, etc.) even today, then I wouldn't, not even for twice my current salary. No way I could deal with people who work like that without having to speak up and/or just blast through all the tickets, get them done in a day, and show everyone up / piss them off.

I was thoroughly disgusted. I bet the fee-paying parents would go absolute ape if they realised and could understand what was happening and where their money was going. Instead, I already had a job pending at another prestigious posh school (but it couldn't start until the April, hence my fill-in agency work)... been there five years... and do more in ten minutes every single day than I did all day at that school.

Overheard at a Brit mobe network: On the count of Three UK, smile and say, er... we lost how many customers?

Lee D Silver badge

As I commented on their Facebook page earlier in the month.

If you want to sell me 5G, then you need to cater to both phones and mobile broadband dongles that you sell.

I can buy a phone with them, and put a SIM in, and share out a 100Gb data plan for much less than the cost of buying a contract sim, sticking it into a 4G Wifi box (that they also sell) and offering that connection out directly over Wifi as my primary Internet connection - which is limited to 40Gb max on their mobile broadband plans and 9Gb if you try to "mis-use" a phone plan to do it.

Who's going to use more traffic? Who's more likely to want 5G speeds? Who's going to pay more for it? Who's more likely to actually achieve top speed and look good on your data? Someone with an iPhone? Or someone who bought a mobile broadband SIM for a mobile broadband box that they sell themselves, with a huge feck-off antenna, and who uses every Gb of data every month as they don't use any other Internet connection?

I get great speed, great coverage, and pathetic amounts of data - I literally can't even up it, in any way, shape or form, to 50Gb, 60Gb, 100Gb, or beyond. So why would I touch a 5G SIM with them? And how is someone using 100Gb of iPhone data roaming damn well everywhere any worse for you than me sitting here and using 100Gb of data on one of your SIMs in a fixed place?

Cater to the market that WANTS to burn data, WANTS to pay you for it, WANTS the higher speeds and can use them, and WANTS as little from you as possible (just gimme data, I don't care about voice, text, etc. as I can't even use them anyway!).

Literally, scale the existing 40Gb / £30 up and allow me to buy that and I'll be happy. Other providers allow me to go to ridiculous allowances for stupid money, but that's not even an option.

And why are we still treating "tethering" clients as second-class citizens when you're actually producing a SIM designed especially for them, and selling devices especially for that?

Brit Parliament online orifice overwhelmed by Brexit bashers

Lee D Silver badge

Personally, I was saying: "Yes or No" are pointless options and don't give me anywhere near enough information to proceed, even with the supporting documentation as it existed at that time, because we're voting on an intention to leave, not an actual plan of action.

They are also non-legally binding, representing only one-50-millionth-or-less of a vote, the people who asked had absolutely no intention of doing so, their party didn't want to do so, and they won't let the other party take over just to do so.

Additionally, I was also asking why I can't vote online in 2019 (despite having electronic passport, driving licence, etc.), why we're asking the public to vote on an issue they don't understand at all, and why there was a sudden rush to create a vote only after it was mentioned casually only in order to gain the support of the DUP etc.

Unfortunately, if you look at anything like this, 99.9% of the vote and reasons around it has absolutely no correlation whatsoever to "would I like to look at leaving the EU" and absolutely NOTHING to do with "DO YOU THINK WE MUST LEAVE THE EU NOW IMMEDIATELY NO MATTER WHAT, WITH NO PLAN WHATSOEVER AND YOU DON'T GET ANY FURTHER SAY OR CHOICE OF WHAT WE DO".

Lee D Silver badge

Please indicate a petition which actually resulted in any positive action whatsoever (not just "it was debated" or a refusal-after-consideration). Especially any that actually results in a shift-change of law, political direction or anything remotely substantial.

I'm not aware of a single one.

Azure thing at last: Windows Virtual Desktop takes to the cloudy stage

Lee D Silver badge

Re: "Windows 7 ... lure hold-outs into the cloudy world of Windows Virtual Desktop

When Office 365 gets better uptime than my internal systems, then I'll start looking at replicating some of my AD onto Azure as a redundancy measure.

Desktops and VMs, believe it or not, would be slightly less critical than the AD itself but moreso than Office (purely because you can replicate them in-house if necessary). But I don't want to be putting my only AD login into the cloud until I'm sure it's at least as good as hosting it myself.

And Office 365 is already Office 360 or less so far in 2019. I've had less downtime myself, and that's including having the power switched off entirely to the site for three days.

Android clampdown on calls and texts access trashes bunch of apps

Lee D Silver badge

What about things like TKConfig?

Whose purpose is to send texts to numbers in your contact list to simplify/control/automate GSM-controlled devices?

That doesn't appear to be under their excluded categories, yet seems more than a reasonable use of such.

Hey Google, rather than a blanket ban, it's almost like you could present a warning that an app wants to send to a "new" number that it hasn't before, or read your contact list, or ... well things that are trivial to implement in the OS.

But that would mean getting people to actually update their Android, I assume, and most of the manufacturers you deal with absolutely 100% couldn't care less about that? I wonder if that's where the problem might lie, rather than app developers who specifically state that their apps may send texts?

Don't get the pitchforks yet, Apple devs: macOS third-party application clampdown probably not as bad as rumored

Lee D Silver badge

Yeah, because Windows code-signing solved ALL the malware problems on that platform, didn't it?

Carphone Warehouse thwacked by UK Advertising watchdog for a Cyber Monday wobble

Lee D Silver badge

Re: Premium rate calls

I complain so often that I have a rule.

After the third letter, after having explained the situation, given a chance for goodwill to take hold, a chance to understand the facts, do some groundwork, back-and-forth a little in a reasonable manner... after the third letter, I start a tally on the bottom of the letter which includes not only the refund/whatever I'm after but also ongoing costs.

Down to the envelope, the paper, the phonecall cost, and the postage stamp. Not to mention a separate tally of my time, and my billable rates.

It encourages them to resolve early, especially because I rarely write until I have exhausted genuine first-line grievance processes by other means.

Some pay it. Some question. Some pay a token compensation on top of the refund to cover some of it. Some ignore and then only refund and hope I'll just forget about all that other stuff (which I often do but it depends).

When they threaten me with court (which is surprisingly common when I'm the one with the genuine complaint, which is incredibly strange when you realise that I've never actually been to court once in my entire life so their success rate isn't very high), I say that I'll add those costs on to the outstanding complaint. Lawyers do, why shouldn't I, even in a small claims motion?

It focuses their mind from "oh, we can just fob him off with another letter", generally. Even if they write to say they won't be paying that, it then makes them put a win for me somewhere else in the same letter to appease.

Brexit text-it wrecks it: Vote Leave fined £40k for spamming 200k msgs ahead of EU referendum

Lee D Silver badge

Re: What I don't understand

True democracy at work - People sometimes change their minds, especially when more information is available.

If it's so important to you, you'll have researched and your answer won't change, so it's not a burden to answer again.

I have a car, do you want it? Yes or No? Well come on, it's a democratic choice! And once you answer you're stuck with it for ever and ever and ever in a legally-binding statute.

What do you mean you'd like more information? That's not one of the options!

Why do you think that the "non-voting" portion of the population are like that? Laziness? Unable to grasp English? Or that they just don't have enough information available at the point they are asked to make an informed decision, no matter how much they desire it or effort they put in.

You can't boil 30 years of trade and economic politics created by thousands of people from dozens of countries running to MILLIONS of words of legislature into "Well, yes or no, which is it?!" and then expect people to have to abide by that decision when it later - but not "too late" - surfaces just the problems that are involved that were NOT predicted by either campaign prior to starting the process.

Lee D Silver badge

Re: What I don't understand


If we put it to the vote, I'm sure 51% of the population would like to bring in a law that men should be second-class citizens, give birth, look after the babies, earn less, have to look fabulous, etc. etc.

A simple majority is not sufficient to convey true support. ~51% of people would vote "People with birthdays on even numbered days get twice as many presents".

The fact is that if the will is unchanged, another referendum is just perfect political confirmation that we're on the right path and people are happy. If will has actually changed, however, then how lucky were we to re-ask and start rolling back from a potential disaster now? For the country, it's really a no-lose situation to have another referendum. Trouble is, it's most certainly not a "no loss of face" situation for a certain political party.

No different to the Falklands voting today whether they wish to stay part of us or not. If the true will has changed, but we never ask the question, that's cheating. If the will is still the same, it's just bolstering confidence that things won't change in the next few years. It doesn't mean "do it every five minutes" but a biennial double-check of a major, drastic, humongous political and economic move now that we have more detail rather than just a vague "let's leave even though we have never ever heard of Article 50 up until this point and have no idea what it is" is hardly a bad thing.

So about that Atari reboot console... you might want to sit down. It's going to be late, OK?

Lee D Silver badge

Wouldn't touch IndieGoGo since their response to the Vega+ stuff.

Can't blame them for the project failure itself, but their handling of it was, and remains, atrocious despite preaching to the press how they were going to handle it all and sue everybody. Literally, the project page for the Vega thing is still full of daily updates of people demanding refunds hundreds and hundreds of times over for years, hundreds saying that their tickets with IndieGoGo were just closed (long before there was actually any legal court cases, bankruptcy proceedings etc.), and they just don't say a word.

Sorry, but whatever the product is... get it off IndieGoGo. Because most of us - especially vintage console retro enthusiasts - wouldn't touch them with a bargepole.

P.S. Oh, look, another vintage retro console remake thing that doesn't deliver...

PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted

Lee D Silver badge

Re: "basically operated by one volunteer in charge of a small team of volunteers"

Think of it like a plane component.

You can either say "Trust Boeing, they know what they are doing, of course they won't show you the specifications and plans for their kit".

Or you can say "Hey, look, all the specifications, limits, designs, blueprints and diagrams for this component are available for aviation specialists and security experts to inspect."

Sure, the latter lets the terrorists find the weaknesses in our aircraft components. But it also lets people *other* than the original creators look and verify if even what Boeing says they are doing is true (how do you even know whether the updates they push out to their planes even changed a single byte of the program?).

The latter has risks but, in the long run, those risks can be enumerated, identified and eliminated. The former - you can't even tell if there's a risk, let alone how many there might be, if they are ever fixed, or not.

Of course, Boeing / Microsoft won't give out their blueprints willingly. And those blueprints being freely available doesn't mean we can all check them to see if the plane is safe. But would you rather fly in a plane where engineers, safety experts, the FAA / CAA, other manufacturers etc. can all verify every aspect of the design at any time, even if it's beyond you personally, or one where you have to just "trust Boeing"?

It's not "more secure". It's "more open about its security/insecurity". There's a difference. In the same way that the lockpicking lawyer can open even mainstream "secure" padlock that people send him in a matter of minutes, you can either buy a black box and trust your security to it... or you can get a design that an expert takes one look at, including every single detail, and goes "Woah... how the hell will I get into this one? It's been designed to counter everything I want to do." or, equally, "They didn't even stop you poking right past the pins and just triggering the release directly? Oh come on, people."

Lee D Silver badge

Re: PuTTY's days are numbered

I'm not sure I trust Microsoft to keep the Windows OpenSSH client properly updated any more than I do a random bunch of volunteers to be honest.

At least you can compile and verify the PuTTY code. God know what's actually in the Windows OpenSSH code.

Lee D Silver badge

I find it strange that the one piece of software that we ALL rely on for security in IT, and pretty much the only used Windows SSH client, is basically operated by one volunteer in charge of a small team of volunteers. We have far too many of those kinds of things in our ecosystem, even if they are nice guys(*).

PuTTY is one of those tools that I have installed locally on workstations - because when the mess hits the fan and you need to SSH/telnet into a RAID or network controller or whatever to fix things, you don't want those tools to be sitting on a network storage.

(* Simon's a nice guy. Helped me when I was porting his puzzle collection and ran across a very mysterious bug that turned out to be a glibc bug when memcpy'ing negative signed char values - he disassembled an ARM binary to find that for me.)

College student with 'visions of writing super-cool scripts' almost wipes out faculty's entire system

Lee D Silver badge

Re: To err is human

Not if the reason you're moving them is because you're low on storage space.

And then you still have the problem... you're issuing a kill-everything delete command over an entire swathe of storage. That's far too easy to go wrong.

And, as pointed out, you only need to switch source and destination and you've wiped out your originals in one fell swoop via a poorly-written script, and in doing so given yourself a "complete restore" job to get it back, rather than a "Okay, my test on the first guy went wrong, I'll just copy back his storage which I made a safe copy of".

Lee D Silver badge

Re: To err is human

It's all too easy to screw up... if you don't plan and test.

I'd have made the script generate a list. Source files, and final destination filename. I literally wouldn't have a command in the script capable of inflicting damage. But I'd still test it only on a sacrificial test user first anyway. And I'd have a little arrow to correctly indicate source-> destination. And I'd only name the variables things like source and destination so I knew.

After a handful of runs on that one sacrificial test user, checking to see that it did what I'd wanted, I'd apply it to a real user. That would then tell me what it was intending and highlight anything that was a problem - i.e. that it didn't pick up the different user, or just the current folder (I'd still be seeing my test data, etc.). And then I'd check that it didn't actually do anything (modified dates on their folders). Then I'd try it on a handful more real users. Where I'd - speaking from experience! - pick up things like Unicode filenames, spaces in filenames, etc. that throw the script for six.

Once those were combated, I'd *actually* run it, with a copy command, on a real user, that I'd copy elsewhere first. I'd expect to see a copy of their folder appear in the destination, and the last modified of the source folder stay the same. I'd then df or properties the folders in question to ensure they were the exact same size (i.e. it didn't miss anything!). Hell, that check might as well be in my script so it can yell if it sees a difference, no?

Then I'd do small groups of ten or so folders (depending on the amount of folders, this could be done by doing all the A's, then the B's, and so on, or some similar division). Which are small enough to back up somewhere locally somewhere safe (i.e. NOT within the folders you're moving!) on either source or destination. There's no shame in automating a task only down to, say, 26 manual executions rather than hundreds or thousands, because you're making sure you're doing it right.

But, of course, I would not be doing ANY of that on a system that wasn't backed up first.

And how did I learn these lessons? By trashing a thousand user's home folders? No. By thinking about what would happen if I did... and by also "nearly" trashing one of the folders along that testing route because of a trivial bug (e.g. not taking account of spaces in the filename). People who *choose* to learn by disastrous experience alone after leaping into the problem without thinking "well, this is actually live data, I need to be careful" are the problem. Especially if they are inexperienced.

It also suggests that such people are hired and put into these positions without having it drummed into them that they *don't* risk data. I had an 18-year-old apprentice who was subject to minimal-required-privilege permission delegation at all times. He never once lost data, despite re-imaging machines, handling storage, resetting user profiles, etc. And just a year or two later he was in charge of the site briefly while I was away and successfully restored an entire hypervisor setup from scratch after a site-wide power failure (crossed phases on an UPS made it hard-shutdown) without guidance - including a folder which remains in place to this day, because it makes me smile every time I see it: A folder on the main storage, dated, named with an expletive ("Help! It's all gone fecking wrong!", say), containing copies of all the existing data that was in place, including copies of all the VM images before he started trying to restore them, so that worst-case, he still had whatever was recoverable there before he needed to dive into backups.

In 20 years of working network management, I have never deleted a file permanently. It's just that simple. (GDPR's right-to-be-forgotten is going to be a fecking nightmare, however, and I may have to resort to only a four-year backlog where I actually have to delete stuff rather than keep it on encrypted offline storage that I retire and destroy only when it's not been accessed for several years in a row!).

I can describe every time I've lost data. First ever was our friend pressing "Y" on a CHKDSK without checking on my brother's first ever PC many years ago, even when it mentioned "cross-linked chains" and then proceeding to immediately delete a folder that happened to loop back to include the root (so you had, say, C:\WINDOWS\SYSTEM\WINDOWS\SYSTEM\ etc. etc.) and thus taking out the root of the hard drive... because C:\WINDOWS\SYSTEM actually "linked" with C:\... even then we didn't lose anything. We SCREAMED at him, launched ourselves across the desk, Ctrl-C'd the deletion as we saw DOS and other root-folder filenames whizz past, and literally recreated a bare CONFIG.SYS and AUTOEXEC.BAT from memory (in case the thing rebooted), restored the missing DOS files (the process couldn't take out the COMMAND.COM etc. for obvious reasons) but had a copy on a floppy of everything somewhere.

I was once accused of losing data at a school I worked at. Turned out that the person in question claimed they had 10 years worth of lesson plans that suddenly "went missing" when I upgraded all the system - an upgrade which hadn't touched any storage whatsoever, only local clients, and for which I had EVERY original local client disk in a box still from before I'd put in fresh blank disks to upgrade the OS with a clean image. As in I literally pulled a dated, numbered hard drive which was originally in their PC and searched it.

Nothing to do with them being found to have used the same lesson plan for 10 years in a row (which they claimed was just a mistake and obviously they had them all "somewhere"). And absolutely they *must* have had 10 years of more recent lesson plans, obviously! I mean... their lesson plan that they'd written specifically for THAT year wouldn't have included a website that archive.org says has been offline for 7 years, would it? So, yes, I was never actually held to account for that, because we don't think they "lost" any data at all, and it was amazingly specific to have only lost lesson plans for one user, on non-centralised storage that nobody was ever configured to use, for only those years that they'd re-used previous lesson plans and got into trouble for, and not one single other file anywhere. Amazingly, they weren't on the backups either.

If you work in IT, and you learn only from your own cockups, you need to read more. I can remember even back in the days of PC Pro, reading columns about the "sledgehammer" test - consultants hired to ensure the system is resilient, so laying a sledgehammer on the meeting room and saying to the IT guy "Quite how sure are you?" Even getting verbal permission from the CEO to trash one server and chalk it up to expenses only to see the IT guy gulp... If I remember those stories as a kid, I assure you that you can learn from them before you ever have to. It doesn't take anything special.

Just think things through. Don't take chances with people's data. Ask if unsure. Don't assume anything ("Of course the destination will have enough space for all those files!"). And test first.

Hell, I can remember my first Exchange Powershell foray. My first profile move. My first tweak of a GPO and login setup. Everything. Because I isolated, tested, and virtually always found something that suggested "Wow... have to watch out for / code around that". I've had a few heart-stopping moments, but they are of the order of "OMG, that was nearly an 8 hour backup restore there."

It's ignorance to believe that you can just tinker unchecked with complex systems because you do so all day every day.

We don't want to be Latch key-less kids: NYC tenants sue landlords for bunging IoT 'smart' lock on their front door

Lee D Silver badge

You go out.

Forget your phone or the battery died.

Now you're stuffed.

What a great idea.

IoT has its place, systems like this have their place, but so do "backup" traditional methods for when these thing's obvious failure patterns occur.

I manage the access control in work. You can't get locked in anywhere, at all, ever, in any way. If you're locked out, there are a myriad options available to someone with a genuine right of access without having to go to the boss/landlord all the time. If power fails, you're secure but can still get in. If backup batteries fail, you're secure but you can still get in (physical override of certain locks). We have fire alarm opening, and lockdown. If we wanted to go full-nutter, we use the same system as a local RAF base (I know, because our chosen engineer also works that site).

But the point is that you design the system, you don't just slap a computer-controlled lock on without thinking.

I'm a techy guy, but I think I'd agree with the residents here. There's no need for it - it solves no problem that they had, while presenting new and interesting problems to basic functions they've had for decades, at great expense.

I've often thought about changing the locks in places I live - I do after all know quite a bit about access control after managing it. The closest I ever got was to put an RFID reader and a maglock on a side-alley gate so my ex could cycle up to the gate when it was raining, tag her keys, and put the bike into the alleyway. It provided no access to the house or garden at all, couldn't have affected our insurance, worked well for years, and was overrideable by the simple precept of walking through the house instead and pressing the exit button by the back-door. Was very "handy". But I certainly wouldn't have started tying it into smartphones and Internet-based remote control.

Apple: Group FaceTime allows up to 32 people! Skype: Hold my beer

Lee D Silver badge

Re: Consoles became a success because people didn't like to put in a coin...

Farmville gets boring after a while.

Latency matters in any game where timing matters. Which is any FPS. Anything timed. Which knocks out party games, etc. Anything requiring actions to be timely predictable (e.g. making a jump in Super Mario). Anything fast-moving (e.g. racing games). Anything VR. Anything that, basically, isn't a turn-based or idle game. I wouldn't be able to play most of my Steam library like that - maybe Goblins Inc. (a boardgame). But I couldn't play Hoard, even, or Trine, or Factorio, or Dirt 2, or GTA V, or .... Maybe I'd get a good going at Prison Architect, but not once a riot starts and I have to corrale the people to the right places in a rush.

Pretty much, that doesn't match with anything multiplayer either. Hell, since the days of Doom and Quake a laggy opponent or comrade is a pain in the butt. Certainly nowadays where most of the games are online-multiplayer-only.

And, to be honest, the kind of people who are happy playing Sudoku, Farmville and the like, aren't likely to make any rapid movements, etc. are extremely unlikely to sign up to a pay-monthly game streaming service of any kind, especially if they "lose" all their games if they *ever* stop paying.

I know I played some modern FPS Space Hulk game via OnLive because it was on a special deal to show off their tech. I played one level on it, liked it. Immediately cancelled it before it cost me any money and then bought the game on Steam, because I could tell the online streaming thing would drive me mad. It did lag. It was in a tiny, blocky window way below what my own laptop could present, and it blurred out whenever there was network congestion to the point you couldn't read the text or play the game properly at all. And that was a very basic, not even really twitch shooter, kind of game where I spent half the game just walking forward.

If you couldn't play that game over VNC or Steam Link across your local network now, you certainly won't be able to play it via a game streaming service. Sure, you could have a stab at Chu Chu Rocket and Tetris, but no way are you going to be loading up the latest Assassin's Creed that you can't afford the gaming PC for but hope the streaming service will have the hardware to run it for you.

Lee D Silver badge

Re: Gaming in the cloud @Lee D

No problem.

The other thing that occurs...

Your remote computer receives your (delayed) input. It then renders a frame. That frame probably waits for a VSync until it's considered "complete" by the game and pushed to the graphics memory (I doubt they are encoding video progressively literally as each pixel/row is drawn, most modern protocols don't work like that and use previous/following rows to encode against to save space). That then would trigger the video-encoding hardware, presumably, whether internal or via an external cable to another device. That would then read that whole frame, encode it, difference it to the previous frame and push it out as an entire "frame" update to the client. Which then receives it, decodes it, renders it to the graphics memory, and probably has to wait for a VSync (if it wants to avoid tearing) before it actually displays it.

Just that alone, to me, suggests you could be waiting for anywhere from 2-4 VSync's before you actually see what your input generated, before you even add in the latency on your input going up to the cloud. And that's 2 in the absolute-ideal, best-case, you just happen to be totally in sync with their random computer on the other side of the world, at exactly the transit latency down to the very last nanosecond by sheer chance.

At best, you're getting half the effective "framerate" (really latency) of the game, or tearing. Sure, they could run at 240fps to combat that and push 120fps down to you, which would give them... 4.1ms or 8.2ms to do everything in. i.e. probably not even in the realm of a local, cabled back-and-forth-while-encoding-and-decoding-video-on-a-10Gbit-network, most likely. Let alone home use over wifi.

Lee D Silver badge

Re: Gaming in the cloud

Sheer latency kills FPS gameplay, nothing to do with how fast the updates are.

The latency of process input, send over Internet connection, process input into game, render, compress, send back over Internet connection, etc. means that unless you are literally sitting next to the computer it fast becomes unplayable.

OnLive found this out and went bust trying to prove otherwise.

You don't notice 100ms "lag" between pressing pause and your movie resuming. You do notice 100ms lag between your mouse and your viewpoint turning.

And it's not related to "how fast" they render or how many machines they throw at it. It's literally what's the latency of the path. You can get a gigabit line that can transfer 1Gbit/s to everyone you contact, but the latency will not be 1ms between you and the entire rest of the planet.

For me now, on a non-shared leased line, it's 8ms to Google DNS. 34ms to Facebook. 3ms to Cloudflare DNS. Now insert a, say, randomly fluctuating 10ms buffer between your super-duper 9600dpi gaming mouse and the USB cable it plugs into. Not the computer, not the screen, but your input device and the input to the game itself. Just that is enough to hurt your play more than anything to do with what FPS you get or whether you have AA/VSync/HDR turned on or off, let alone the MPEG-compression at their end, de-compression at your end, and display to the screen. 60fps gives you 16.67ms to draw it on the screen. Your local computer is capable of that. A remote computer over the Internet is not... you'll skip frames, lag behind on vision and input, and you will find frame updates delayed even more if they cross that magic 16.67ms barrier until the NEXT 16.67ms vsync. The game will read "120fps" because it's running on their server which is getting that. Your actual vision of that remote terminal could easily be a quarter of that even on the best home Internet connection in the world.

Over wifi, it's worse. On home connections it's worse. On a home connection that's also streaming HD footage of the game back simultaneously, it's even worse (poor QoS is the killer in everyone's connection, not the actual technical capability of the line - if you think your Internet is slow or your girlfriend on Facebook kills your gaming ping, buy a router with QoS control and "wifi QoS", e.g. Draytek Airtime Fair Sharing, and watch those problems disappear).

Streaming games might happen at some point in the future, but at that point we'll be expecting transfer of full 3D voxelised VR imagery or somesuch, and the problem will rear its head again even worse.

Latency is a difficult-to-understand problem, and is strangely pretty unrelated to frames-per-second, connection speed, or how much you do to the data along the route.

All good, leave it with you...? Chap is roped into tech support role for clueless customer

Lee D Silver badge

The magic phrase

"Sure... it's £100 for the first hour."

And then wait and see if they ever ask about that, let alone the second hour.

Carphone Warehouse fined £29m for mis-selling mobile insurance to punters who didn't need it

Lee D Silver badge

The time in my life when I've ever felt most angry was not in a Carphone Warehouse, but it was for similar reasons to such upselling.

A relative pre-booked a hire car at Heathrow airport from one of the big rental companies. We picked them up at the airport, ferried them to the company's base (waiting for a bus would have taken forever), and stood with them to get their (pre-booked) hire car.

The guy there was the rudest guy I have ever met in my life (and I've met some really rude people, and would count myself among those people who people might rate as rude).

My girlfriend had booked and paid for the car online, because her relatives didn't speak English or have an English credit card. They all had EU driving licences. I was just the chauffeur to get them to the place so they could get the car and follow me down to Cornwall.

First the guy got into massive upsell mode. For everything. He took no hints, and constantly talked over us. We've paid, mate. Literally, we chose the car, know what we want, have a reservation, have paid for it, even typed in all the licence info. We'd just like the car.

Then he got beyond-shirty to almost aggressive. The beautiful thing was that he was supposed to be training an apprentice just behind him. The apprentice's face was an absolute picture for the entire interaction. I actually wondered whether he'd "bet" them that he could upsell us and was so frustrated when he couldn't. Literally the guy would ask about "Do you want to pay a deposit for the petrol usage and then you don't have to worry about returning the vehicle with a full tank?" The foreigners can't answer, the girlfriend can barely translate anything in time, and he's just not stopping talking to allow her to do so. So I say "No thanks, mate, we'd just like the car". He literally yelled at me.

Do we want extra-damage insurance (our paperwork from the website clearly shows we ticked no)? Do we want to set up an account? (for people visiting the UK for the very first time? No) Do we want to pay for a valet afterwards? And each time the guy doesn't want *me*, the only native English speaker, to speak - despite the fact that EVERY answer I give matches up with the eventual-translated answer. And he just doesn't understand "We'd just like the car, we have to be somewhere, and we've answered all these things for our booking already".

At one point, I leaned to my girlfriend and whispered "This guy..." and he asked me to leave. The apprentice's (and probably my own) face was utter disbelief at that point. Fortunately, my girlfriend had half a brain and said "If he leaves, we all leave, there's no way I'm not going to deal with you on our own." Nobody has ever infuriated me, before or since, to the point that my hands start shaking and my jaw clenches from the restraint not to give him an earful.

He got no extras. He got a complaint filed against him. My girlfriend and I knew that if we weren't absolutely reliant on getting a car that we'd already paid for, and quickly get down to Cornwall that same day, he'd have been on the receiving end of much worse than a bit of "We're not interested" and "No thanks".

Even the foreigners were kind of "What the hell is this guy's problem?" and they didn't even speak the language.

Honestly never been so infuriated in all my life. That one guy and his blinkered upsell cost that company more than he could ever make by doing so.

Raiding party! UK's ICO drops in unannounced on couple of dodgy-dialling dirtbag outfits

Lee D Silver badge

Which will earn them a prima-facie charge of obstructing justice, by the simple act of a warrantable search request to said cloud providers (who are required to comply by law) asking for the details of the account that's seen loaded on all those computers.

Though I don't doubt you can evade justice a little by running everything from the cloud - that leaves an audit trail as long as your arm through Google/AWS/whoever you used detailing every action you took and is likely to be much more incriminating than anything on the machines themselves.

The bigger problem you have is that really all the ICO need are your telecoms devices/logs. Much more interesting, direct evidence of infringement, and probably what caused this to happen in the first place.

Again, though you could do everything over a pseudo-anonymous SIP trunk with multiple providers, hiding that information for a significant length of time is beyond your control and in the hands of the industry that is offering those services and which you're giving "a bad name" - the SIP trunk providers, telecommunications suppliers, people allowing you to use certain phone numbers, cell-phone equipment providers (for spam texts etc.) and so on.

More likely, they've seized a bunch of PCs with a huge spreadsheet of numbers, a few dozen cellphones or 4G dongles with a big pile of SIM cards next to them, and a bunch of email accounts talking about exactly what they've been doing.

Because to be honest most criminals, especially those in office jobs only casually infringing the law in pursuit of sales, are as dumb as rocks.

Uber driver drove sleeping woman miles away from home to 'up the fare'. Now he's facing years in the clink for kidnapping, fraud

Lee D Silver badge

Because, like anything related to criminal checks, all they prove is that you *haven't been caught* before.

By definition, every criminal on the planet was in that state at one point in their life, and many of them managed to commit multiple crimes before they were actually caught.

This is how you end up with celebrities who go 30-40 years without a criminal conviction and then it all comes out many years later quite how much they've been doing. It doesn't mean that they were ever very nice people at all.

Sure, we've got a problem but we don't really want to spend any money on the tech guy you're sending to fix it

Lee D Silver badge

Re: Travelling to client sites

Recording telephone calls is, however, a different matter.

Though legal in the UK, provided you have permission from one party to the call, it's not at all clear cut - which is why companies always tell you calls are monitored.

I wouldn't trust a verbal promise in any fashion - proving that they related to what you expected them to, that they are binding, and that they can't be "worded around" is much more difficult than saying "Just send me an email with Yes or No to these questions".

Lee D Silver badge

Re: Travelling to client sites

"All because the customer has this "if you want to deal with us, you must have this meeting face-face" rule."

Which seems really daft as face-to-face you can claim absolutely anything, however by email it becomes recordable and legally-binding.

I never figured this out from people who do sales presentations to my workplace. You can literally say what you like in a face-to-face sales meeting, even without the IT guy present, and everybody will believe it. But when I then send or request an email which says that X is compatible with Y or that they don't charge to do Z or whatever it was that came up, suddenly tumbleweed, and then I'm also told off because "They said it would be in the meeting, so why haven't YOU got it working?!" despite the fact that they promised the impossible.

Have had this happen with a finance software that claimed to pull all the customer info from our original system. After six months, we literally just started typing it all back in and kept them up-to-date separately and the closest we *ever* got was me playing about with Excel to get all the information out via ODBC, converted to their "import" format, which was then refused by their software consistently despite being in spec (as in, they literally couldn't understand why it didn't import).

Had it happen with a school management system - promised the world and then half the features they demo'ed literally weren't present in the release version of software... even a year later. Had it from people integrating with access control, CCTV, websites, architects, you name it - even my own workplace promising job descriptions, salaries, making decisions on culpability, etc.

That's why I think face-to-face meetings are an absolute waste of time. They achieve nothing you couldn't state in an email. An email is binding and recordable. If they *don't* want to put it in an email, that tells you something straight away. And emails can be conducted among even a dozen people, in the middle of the day, with everyone hearing the bits they need to hear, replying at their own convenience, and involving people who may be off-site, at-home, off-sick, or whatever else.

I can quite understand those billionaires who literally ban meetings in their faddy workplaces. It's the one thing I totally agree with. If you're not prepared to state it on paper, don't say it. Whether that's HR-related, sales, technical, rumours / reports of what's happening in the company (e.g. "Jeff goes next week, so if you stick around a few months, we could have something for you", etc.).

FBI warns of SIM-swap scams, IBM finds holes in visitor software, 13-year-old girl charged over JavaScript prank...

Lee D Silver badge

Re: Research

I don't think the medium matters. It's unauthorised access to a system - whether or not that system relies on Morse code, default passwords, or radio waves - that's the legal boundary.

That said, cars are notoriously vulnerable because people do stupid things like buy cars that let you start the engine by radio-signal. I am of the opinion that *access* to my car is nothing more than a window-smash away for someone who wants to do it. Thus a remote fob that unlocks the doors isn't the end of the world, and also requires a criminal act to happen. I don't keep anything in the car that's worth nicking.

However, I would posit that, from there, making a car start would be much more difficult and likely to attract attention (at minimum I would think you'd have to open the bonnet, somehow bypass / compromise the immobiliser, which is coded to my *physical* key and not any radio fob). I still wouldn't put it past people to have a way to do it, but you can't just load up RTL-SDR, with a £20 TV-tuner dongle, a small laptop, and record/re-broadcast the 433MHz frequency from my keyfob in my house such that the car would start and you can drive off (which is what you *can* do with the new cars).

For a start... my keyfob only broadcasts when I press the button, not when it's just sitting in my coat pocket in the coat on a hook inside my hallway.

And for those wondering - yep, you can pick up the signal on 433MHz. It's a simple plugin for RTL-SDR software to show it. It doesn't mean you can *tinker* with it as easily but from there it's just a matter of finding the actually-dodgy software that interprets the Ford key protocol from the net.

Guess how I know this is possible, and what dongle I bought last week, and what I've been using to look at everything from weather stations, to ATC voice and data traffic, to picking up Heart FM. I'm staying *strictly* on a receive-only device, however, but it's scarily easy to broadcast (e.g. a single GPIO on a RPi connected to an antenna and a different piece of SDR software - ugly, probably illegal because it's a squarewave broadcasting on all kinds of frequencies, but nothing a radio ham couldn't also do in seconds).

If you don't want something to happen, don't allow it to happen even in theory. This goes for everything from buying receive-only devices when you don't want to get into trouble because someone reads a comment on the Internet and thinks you're hacking the neighbour's cars, to installing apps with permission to use the camera, to buying cars that let you start them from nothing more than a radio signal.

My car can only open the doors on a radio signal. That's it. And that's nothing more than you could get in a few seconds with a skilled, or brazen, thief. If you don't allow the thing to be possible in the first place, then you don't need to worry about how to secure it.

Lee D Silver badge

"If you do run an IP-enabled camera, you would be wise to check for and install any available firmware updates, or firewall off TCP port 9527 just to be on the safe side."

Sigh. Or run a "nothing by default" firewall, like almost every router in the world uses, and then be forced to punch holes for documented and acccesible reasons. i.e. if this was a debug port, then why would you be opening it. If the manual says you access the cameras over port 80, why would you be opening 9527 if just 80 worked? Literal idiocy. I bet these people also have UPnP running on their router such that ANYTHING can forward ANY port to ANY destination. Absolute madness and totally, 100%, absolute NOT REQUIRED AT ALL.

Hell, my *home* CCTV box isn't accessible remotely like that - it actually pulls a specific RTSP stream into another program which I access remotely. Thus, even the if DVR *wanted to*, it literally cannot talk to the net or accept commands from even its own manufacturer (the only thing it can do is contact a local NTP server).

Hospital machines being NETWORK ACCESSIBLE with no IP filter. It doesn't matter the OS that runs underneath if you just act on every packet that comes your way.

"default admin credentials, enabled breakout keys that opened the Windows desktop, and had data leakage bugs "

Amateur hour again!

Honestly, it's 2019 people. Let's get with the program of not having "secret keys", forcing people to change their passwords, and having a default-on firewall on all machines, not to mention on the network as a whole (even if that's literally JUST on the incoming traffic, and all outgoing traffic is allowed).

Buffer overflow flaw in British Airways in-flight entertainment systems will affect other airlines, but why try it in the air?

Lee D Silver badge

"There are potential safety implications here, so testing an IFE in an airplane with passengers on board is unwise."

Surely, it's much much much much much more unwise to allow random members of the public access to a system with potential safety implications for an aircraft?

Though I don't agree with his methodology - a child could have done the same. And we wouldn't know.

Because things like this should be caught in internal security testing, especially if there are "potential safety implications", and the results published, no? And they wouldn't miss something as simple as a buffer overflow in a user-controlled field, would they?

There's no way he endangered the aircraft (maybe inconvenienced some passengers) - not unless there was a catastrophic layer failure in the original specification of the system. Which - again - is something we should know about.

Rather than divert blame... thank him... patch it... ask him not to repeat the experiment except under controlled conditions... and then supply him with a copy of the device to see if he can find anything else. Because, for sure, in ten minutes he found something that all your expert programmers not only missed, but are trying to hush up and bring in "airline safety" against to silence him.

TalkTalk kept my email account active for 8 years after I left – now it's spamming my mates

Lee D Silver badge

Re: You brought up an interesting point


That address book is private, personal data.

She's reporting a compromise of that private, personal data.

I can understand TalkTalk not *providing* that data to her until she proves who she is, but if she's notifying them of a compromise of an account that should have closed and deleted her data years ago, then there's a big problem on TalkTalk's end.

Not to mention, she's reporting an account for sending spam and malware - surely whether it's her own account or not, they should be shutting it down?

How to make people sit up and use 2-factor auth: Show 'em a vid reusing a toothbrush to scrub a toilet – then compare it to password reuse

Lee D Silver badge

Just reminds me of the "You wouldn't download a car" campaign.

Yes I would, if I damn well could. And it's just a very poor analogy in the first place.

IR35 contractor tax reforms crawl closer to UK private sector with second consultation

Lee D Silver badge

Re: Not again!

It's not a question of "are you an employee or not" - they are all employing you, contract or not.

The question is are you ONLY THEIR employee, exclusively, or an employee of many different places.

IR35 is about "Are you working for the company in question, by proxy, or are you an independent entity in your own right?".

If you have any difficulty proving that you are working for many different clients and not just one exclusively, then you're going to have trouble with IR35.

What people *want* is for the person to not be an employee, but also work for only one employer for a significant length of time.

In terms of avoiding certain taxes, benefits, and other restrictions (i.e. there are some things you have to do for your employees that you *don't* for an outside contractor), it's an important question.

But what you get is people who "only work for one employer but it's only for one year and then I go somewhere else" who can't be bothered to just say "Okay, I'm employed by them, I'll get 'another job' in a year's time".

Honestly decide whether you're an independent contractor, or an employee. It's not hard. The government *obviously* don't want you to be doing that, that's why they are legislating against it and pushing responsibility to the organisations that they can control. Take that as a hint of what's to come, especially if you mess up.

And the best way to ensure that you don't get the chance to mess up and claim you didn't know, is to make your "client" make the decision for you.

P.S. If IR35 is costing you money, raise your prices. The markets change all the time because of things like this, but I've never heard quite so much whinging about something until IR35 came along.

Prodigy dancer and vocalist Keith Flint found dead aged 49

Lee D Silver badge

Re: Yawn.

Yelling into a mic at the loudest volume isn't a song. Especially not when half the words are repeated endlessly.

Nor is just playing loud, repetitive bass.

I'm pretty sure that this was one of those "songs" that someone in my sixth form used to play at full volume in the common room and we all hated him for it.

Customer: We fancy changing a 25-year-old installation. C'mon, it's just one extra valve... Only wafer thin...

Lee D Silver badge

If I've learned one thing over the years of writing software for myself, reading such horror stories, and dealing with companies who do exactly this, it's this:

- Unless you have a complete, working, development suite, which can run on modern hardware (even in a virtualised environment), with the complete, working, original, version-controlled source code, which compiles immediately, to the target platform, and whose output is then directly related to the binary that is actually used on the system (i.e. you have the source code to version 2 which, when you compile it, outputs an identical binary to the v2 binary that the company is actually running) then it's just not going to be worth playing with it.

The same way that people expect me to somehow "fix" Microsoft's software bugs for them: without the above, I can't do anything about it but what the software supplier themselves give me / tell me to do.

I'm not scared of tinkering with software to get it working or make it work the way I want. I've banged on the Linux kernel to do some very specialised custom stuff on the backend (only ever run on one machine, but it did some really useful magic for that one purpose). I've hacked around the code for projects like Hylafax and Samba to make it do things I needed it to do. I coded addons to access control systems that didn't have exposed APIs, even, so that we could do things we wanted. I've saved companies thousands doing so. But I leave behind the above state to anyone who might follow. Chances are that it will NEVER be taken over by someone who can even understand what I've left them, but at least if they are capable, it's there for them. Usually, though, it just gets ripped out the second I leave (and the people who allow me to do such things know that, but if it saves them a few years of licensing, and also proves to their software suppliers that what they want *is* possible if they pull their finger out, they'll happily let me do it) and replaced with the same inadequate bog-standard, expensive system.

This is the primary driver for why businesses want off-the-shelf, industry-standard pieces of closed-source software from an active company over anything else. They don't care... they don't want to care... it's someone else's problem, even 25 years down the line.

But I've learned that if you want a custom system... you need the above at minimum. Even the code is probably going to be utter trash and without version control you'll have no idea what the hell was changed or what it was trying to achieve. But at least you stand half-a-chance of getting something working.

Hell, I avoid having to re-setup my own development environments, because of the work invested in getting them going properly and producing the right type of files with the right embedded binary portions and so on. Let alone the code itself.

One of the reasons that I like open-source systems... I at least stand half-a-chance of a configure;make;make install actually reproducing the binary on my system, and then from there I can start making changes to the version-controlled code that underpins the binary I'm actually using.

I say, that sucks! Crooks are harnessing hoovers to clean out parking meters in Chelsea

Lee D Silver badge

Re: Useless crime enforcement

CCTV has several major problems.

- You can't watch every camera 24 hours a day without there being a person there watching each one 24 hours a day.

- If you happen to see a crime in progress (which may take you several minutes to realise even in the obvious cases), actually doing anything about it is several more minutes away.

- If you have historical footage of a crime... great. Now what? "He was a short man in a hoodie". In London. Good luck tracing that guy without thousands of cameras all over every road in London (which, despite US media propaganda, we just don't have)

Working in IT for schools means that I'm responsible for the CCTV on large sites - 50+ cameras on many of them.

Allow me to summarise the numbers:

Percentage of incidents actually in progress that we witnessed live: 0%

Percentage of crimes that occurred where we could see anything on the CCTV: 1%

Percentage of crimes that we had footage of, but in which not one identifying feature was present: 99.9%

Percentage of crimes that we had full HD footage, showing faces, of which resulted in any convictions whatsoever: 0%.

In fact, over the last 20 years let me summarise every "success" of the CCTV:

A "kid" (18yo) started a fight in a corridor with another pupil. A supply teacher, who hadn't worked in the school before, stepped in and gently pushed - with the palm of his hand - the kid who had started the fight back against the corridor wall (no injury, nothing fast or hard, just a literal "Hey, hey, hey... no.."). The parents complained. He was struck off the teaching register while police investigated an allegation of assault against him.

It's the one, single, solitary time when I've had to provide actual evidence via the CCTV.

Now consider that my systems have "caught" three burglaries, multiple intruders, deliberate vandalism of fire doors which could have endangered life (by a disgruntled local man running for councillor, no less), and all kinds of assaults, breakages, thefts, etc. on camera.

Then multiply those percentages above to work out what else *did* go on but we didn't actually have *anything at all* from the CCTV.

CCTV is there for monitoring and peace of mind. I can see my house from work. I'm the only person who actually cares if my house is broken into. The neighbours will complain loudly about any alarm going off, while simultaneously ignoring it, so they are pointless. But with CCTV I can *see* if someone's jumping / jumped my fence and report a crime in progress. Despite being in control of dozens of cameras for work... I can't just sit and watch them all day. And even if we pull up an incident it usually contains nothing of interest at all (everything from "so-and-so pushed me in the playground" to "what time did John go home" to "we heard noises outside last night").

Don't expect cameras to do *anything* at all. They are defeated by the simple precept of "wear generic plain-coloured clothing, preferably a hoodie to cover your face". And, in fact, most of the time you can commit a crime right in view of a camera perfectly well without getting anything worthy of evidence at all (e.g. supermarket thefts - how do you think a camera high up can tell if one person put an extra bit of cheese in their bag in the middle of a crowded superstore?).

Lee D Silver badge

1) Cash in an unattended box is just asking for trouble. (I'm still amazed that I went into a car park up in Scotland where the payment was "put some coins in this jar", and a jar full of coins just brimming over was just sitting there unsupervised).

2) If you don't want to deal in cash, give us a way to pay by card.

3) No... paying by card should NOT involve signing up for your account, talking to human operators, reading out your credit card details in full view of a car park, getting spam email, and having to sign up for a different service for almost every car park, borough, council, system, service, etc. etc. etc. I should be able to bonk / PIN and walk off with a ticket.

4) If you don't *want* to do that (For card fraud? Then make them put in their reg-number... either they end up paying for a ticket that isn't valid for their car and caught by your normal processes, or you know what car registration used a stolen card).

It's a REALLY simple system that I can't understand quite why it's so complicated, and I avoid anything that isn't just "park, pay, go". In Falmouth once, a few years ago, I signed up to three different services and abandoned each and *literally* moved my car to the next car park each time. Don't even get me started when it wouldn't let me register using a card "because that card was already tied to another vehicle"... because I'd used it on a one-off elsewhere several years ago and several hundred miles away, and there was no way to change it.

If trains can do it. Shops can do it. My own workplace can do it. HELL! *I* can do it (I have an iZettle in my bag). Then for damn sure, paying for a ticket in a car park should be as simple. And I am likely NEVER going to want to sign up to an account to do so.

Even the whole "this is the code you need for this car park" is a crock... I don't care about that. I just want to tap on THE BOX THAT IS HERE and be done.

Lenovo kicks down door of MWC, dumps a stack of sexy new ThinkPads

Lee D Silver badge

Re: 13.3" display in a 12" chassis

My 17.3" laptop goes everywhere with me. It comes on planes with me. It comes on holiday with me. It goes in the car with me. It used to go to work with me (every single day for many years). It's used every single day for the entire life.

It fits into an ordinary-looking thin backpack (actually a freebie from Novatech many years ago). Hell, I put an extended battery in it recently as it finally killed its original battery - that pokes out the bottom enough to act as an automatic "riser" for the laptop, while still fitting inside that backpack.

Lee D Silver badge

Re: 13.3" display in a 12" chassis


And there I am waiting for a decent laptop with a sensible size screen - 17" or above like my 8-year-old laptop is.

Seriously, tiny screen + stupendous resolution + requiring hardware scaling to actually make things the right size again + now the UI occupies the majority of the screen is a terrible combination.

I'd much rather have a 17" 1080 display than any of this nonsense. It's not like, if I wanted a smaller-screen device, that I couldn't find a tablet or similar. Fact is, I actually *do stuff* on my laptop that's not just tapping on websites or watching movies.

This image-recognition neural net can be trained from 1.2 million pictures in the time it takes to make a cup o' tea

Lee D Silver badge

Re: El Reg mugs ...

I'd rather click a button and give El Reg a fiver directly than buy a basic branded product for a fortune and giving most of the cost to Cafepress or similar.

But websites never bother with that option. Instead it's *HUGE* sidebars adverts and "pay £20 to give us a pound and get yourself a t-shirt that won't last a handful of years".

Lee D Silver badge

Re: Can you get 58% accuracy with a much smaller training set in 90 seconds?

58% accuracy is little better than chance, if you're in a strictly limited domain of potential answers (i.e. it's not able to suddenly pop up and go "Well, that's obviously a cello-playing giraffe balancing on a chair surrounded by a Monet-style backdrop with a greyscale filter in the upper-left quadrant", but has to answer "giraffe").

Depending on how the test is set up, you could do better with a dice-rolling robot. The problem is that it's not making decisions. None of these things are capable of inference. It's adding up and then giving the highest-number. They are trained on data to give a limited set of answers and that's it. They are the production-line-workers of the AI world, but literally only ever capable of doing the mindless "put the cap on the bottle" job - and not even approaching the capacity that even the dumbest of humans/animals has inherently.

The problem you allude to is that it's not how fast it's trained but the results that it gets. In the same way that someone going "I got my degree by writing off to India" isn't at all impressive and probably wouldn't ever be employed on that basis.

And... sorry... but just look at the power required to train that model to get little-better-than-chance in a very limited-domain problem. And we have *zero* control over that model. To "untrain" it would take years of processing, not days. To "retrain" it to another purpose (or to refine its existing training) would be the same job. Any kind of machine learning plateaus REALLY quickly. And we have no idea what it's actually basing its decisions on or how to modify them.

Machine learning really is the worst kind of unscientific black-box to employ in any task of even the smallest importance.

It all hinges on this: Huawei goes after Samsung with its own foldable hybrid Mate X

Lee D Silver badge

Re: Multi screen

My eyes move. That's what they do. It's almost like they have muscles to do that with.

They read one line of text at a time. Now, admittedly, they can be aided by certain-length text and certain arrangements of text, but a dual monitor *does not* stop them needing to move. It just makes them have to move further, in fact. Especially the portrait monitor thing - that baffles me. I'll give you a small exception if you're doing full-page previews in a desktop publishing job. Otherwise... you can't see all the screen at the same time anyway, and your eyes move.

Thus, with a tiny, tiny, tiny piece of training, you are able to put any text you want to read smack bang in the center of your vision in fractions of a second. If you want to compare spreadsheet rows, you can side-bang the windows (in modern Windows) and line them up side by side in seconds. Or use different Excel views. And then your eyes compare left-to-right, left-to-right.

You are enforcing context changes that involve head and neck movement and a longer range of eye movement, where the same job is perfectly viable without such things... moving the data under your eyes.

Anecdotally, all the people I know who "have to have" dual monitors work just fine with one when they realise they aren't getting a second. All the people who *see* someone with dual monitors suddenly want one (status-symbol-itis), even though they have no idea whatsoever about how to arrange windows (i.e. they use dual-monitor, with only two apps, one per screen, but don't maximise either - or they lose an application because they don't know which monitor it's on, or they end up using the second monitor to "get windows out of the way" of the primary monitor, and so on). Without exception, those people don't know Alt-tab, side-banging of windows, split views in Excel, etc. etc. etc.

And are you watching the movie, or are you browsing? Because you can't do both simultaneously (unless your eyes are capable of separating), so you're ignoring the image of one to look at the other. So... you may as well switch windows and then switch back.

Screen real estate literally doesn't matter. Your eyes only see a tiny portion. As I look at this screen typing this, without moving my eyes, I cannot discern with any accuracy the shape of the text just two lines above... a few dozen pixels. It actually takes a lot to FORCE my eyes not to move to read it. Watching a movie, I'll give you, because you want "suspension of disbelief" where the movie fills your vision and more no matter what your eye chooses to look at. But PC and text work... that's an entirely different matter.

It's not a case of different wants. I do basically every job that's possible on a computer - web design and browsing, system management and monitoring, long text documents, complex spreadsheets (finance systems), technical documents, novel-writing, gaming, movies, coding... I live on all my machines and all my machines have only one screen. Second screens - when I work on a machine with one - go unused. It's a case of a working practice that doesn't rely on having a second screen, a working practice which makes any job possible, and virtually every job happen faster/smoother than someone whose job it is to do that all day long (I guarantee you that I can out-spreadsheet the finance department, because they ask me all the time when they get stuck knowing that I can do that much more quickly).

And I have the complete choice of whatever I like as I "have to" specify entire networks and supply some users with dual-screens, so I can easily have whatever hardware I want for my own PC, I could specify almost anything, authorise the purchase, order it myself, have it delivered, asset-tag it and keep it on my desk and nobody would ever be any the wiser and it would never get questioned. And it's just not worth having a second screen.

You've taught yourself to be reliant on a second-screen that you can't utilise simultaneously with the first (unless, I would suspect, it was part of a monitoring wall, at a distance, to show up flashing red flags for systems that were in error - in which case we're not talking desktop-PC-with-dual-monitor but that you should just have a monitoring PC with its own screen independent on anything you might do with Word on the desktop) and then convinced yourself that flicking your head/eyes between two screen of different location / size / brightness / angle / focus-depth / orientation(!) is somehow better than doing the same, on a bigger monitor, over a single surface. Or even, barely moving your eyes at all and putting the data you need to see underneath them (via Alt-tab, side-banging windows, etc.)

Lee D Silver badge

Buy a decent-sized screen in the first place.

Honestly, never understood the multi-screen thing. If your screen is adequately sized (and 22" and above LCDs are dirt-cheap), you don't need a second screen at all. I'm not even talking 4K resolution either.

"Extend display" is the option for people who can't work "Alt-Tab".

Need a 1TB microSD for your smartmobe? Come April, you can free up storage space in your wallet and buy one

Lee D Silver badge

Would pay good money for something that lets me insert a dozen microSD cards and performs proper RAID (not just mirror or stripe, but RAID5 or above) on them and presents them over... well... anything... USB, eSATA, microSD again...

I'd rather have a bunch of 64Gb ones that I can replace for a pittance go wrong than one biggun'. Fact is a 1TB SSD is still £200+, but I can get 16 x 64Gb for 16 x £13 = £208. Or 8 x 128Gb for 8 x £22 = £176. And both the latter could be much smaller than even the smallest SSD. (All prices for Sandisk Ultra, obviously I could do it much cheaper with other brands).

If you're not writing huge things all the time and not needing huge performance, just storage, microSD are cheap enough to be sacrificial, fast enough for any given purpose, and physically smaller, lighter and lower-power than anything else.

Some cheap Chinese manufacturer needs to make a 2.5" SATA case which is just a bunch of microSD slots and a RAID controller. Upgradeable, redundant, solid-state, cheap, expandable, portable,... They do make them already for JBOD cases, but nobody's ever put real a RAID controller in the middle.

Go, go, Gadgets Boy! 'Influencer' testing 5G for Vodafone finds it to be slower than 4G

Lee D Silver badge

Any of the hundreds of models currently in development, or any of the dozens of chipsets and prototype boards currently available, coupled with the kind of antenna that a normal phone would use, rather than a big router base station.

Lee D Silver badge

"*This was not conducted on a 5G phone; the device-to-router connection was over Wi-Fi, with the router being attached to a test 5G network."

That's just cheating, then.

Any fool could connect to a router with huge MIMO antennae and get better signal than anything you could carry in your pocket.

Not only is it *slower* than 4G, they have to cheat to even *approach* 4G.

Now, I'll defend them on one point. 4G or 5G - it's competing against an airport full of 2G/3G/4G phones, all of which are sharing the airwaves (because 5G-only frequencies aren't properly licensed yet? AFAIK it's still using the same frequencies as are currently licensed to 4G carriers and the "millimeter wave" frequencies are still very, very, very new and not yet set in stone). The same as I tell people with Wifi - it doesn't matter what you have, if the area is noisy you're automatically sharing it with 20-30 other devices, up to thousands of devices in places like airports. Not just the backhaul, but the airwaves themselves.

All it demonstrates is that if they invested more in utilising 4G to its proper extent, we'd all be shocked at the speeds. 5G won't be a "thing" for another 5-10 years, and by then you'd hope that G, 2G, 3G at minimum are dead and no longer sharing the airwaves.

Personally, if they put a poll on their website that said would you rather have 5G in a handful of places and nothing in other places, or 4G everywhere but utilised to its full extent (e.g. the gigabit range) then I know which one I'd rather have.

Not so smart after all: A techie's tale of toilet noise horror

Lee D Silver badge

Re: Computer sound is on in an open space ?

Indeed - my own personal rules are no music, whistling, singing, humming, tapping or similar annoyances.

There is a small exception for a portion of the recognised Christmas repertoire strictly between the months of November and January, but all other offences are punishable by payment to the User Error Fund (also contributed to whenever the fault is not that of IT but the user themselves) or a large thump.

If you must - put on headphones. But if I can hear the tsch, tsch, tsch, then the same rules apply as above.

AGM X3: Swoon at this rugged interloper mobe then throw it on the floor to impress your mates

Lee D Silver badge

There are at least three RPi-smartphone projects out there - excluding the plastic case (the hard bit to make yourself, the easy bit to get make in bulk) - they are all sub-£100, with all those electronics, touchscreens and everything else. A smartphone-like touchscreen is a commodity item now.

Three years ago I bought an Android tablet for £10 (brand new, Amazon deal) with a 7" diagonal touchscreen. I still have it. It's thin, it's tablet-sized, it's half-empty inside, and it's got all the components of a smartphone except the 4G chip, and a MUCH larger screen. Even today, I can get similar models for £30 (not on an Amazon deal) that do the same.

It's not outside the realms of possibility for some project to produce a sub-£100 smartphone with all the bits, and a case, and be competitive. It's *certainly* not outside the realms of possibility for some cheap Chinese knockoff outfit to do the same. Hell, I have a GSM phone in my car that's literally the size of my thumb... with working Bluetooth buttons, display and internal battery. I keep it in there for emergencies.

My point is that if people could cobble one together and stick it in a 3D-printed case for sub-£100 and beat the specs of even many modern smartphones, then the phone companies aren't even really trying.

I'd gladly accept a thicker phone, with commodity modules, from an unknown, than this junk from a big name.

Lee D Silver badge

You are indeed correct. +1 Pedantry.

But I think it's clear what I mean. 99.99% of all the electronics I ever touch aren't waterproof, or even water resistant. I don't see why a phone should be any different.

You can be sure, for example, that even most watches that say you can take them swimming aren't waterproof - they will likely survive a few metres for a few minutes, and that's it.

I'd like that it didn't destroy itself if there was a single raindrop on it. Beyond that, I can't see that having it "water resistant" or "waterproof" makes any difference at all, whatsoever.

People carry around games consoles, tablets, radios and all kinds of other gadgets. Virtually none of them are waterproof and nobody cares. Why should it matter for a phone? It's literally a stupidity tax on us all courtesy of those people who take their phone into the bathroom and leave it dangling precariously beside the sink/toilet while they are using the running water.

Password managers may leave your online crown jewels 'exposed in RAM' to malware – but hey, they're still better than the alternative

Lee D Silver badge

Easy... I don't use ridiculous passwords like that, that add almost nothing to security.

N letters combined from an alphabet of M letters = M^N possible combinations. N grows the possibilities WAY FASTER than M ever could.

An 8-character all ASCII-typeable characters (128^8) password is beaten by a 10-character plain A-Z,a-z password (52^10) by an order of magnitude.

And that's *purely* a brute-force defence, which shouldn't be viable against any active online service (offline attacks on an encrypted volume, etc., may be different - if someone steals it they can easily bypass any limits on how many they can try a second. Anything else - e.g. your servers, Google, online services, etc., they can't. Hell, even the FBI struggled against an iPad's lock-screen reset)

Stop believing nonsense password advice, and go check what people like NCSC etc. actually say.

P.S. No regular password resets either. Seriously, just stop it. Even the guy who first advised that (for an American cyber-security agency's publications) says it's stupid, one of his biggest ever mistakes, and to stop doing that.

Biting the hand that feeds IT © 1998–2019