* Posts by Lee D

2938 posts • joined 14 Feb 2013

Data-nicking UK car repairman jailed six months instead of copping a fine

Lee D
Silver badge

Re: Far too common

Next time give them a PAYG phone number and a forwarded free email address that you have never given anyone else.

Cost: Pence.

Impact: Nice letter winging it's way to them and the Data Protection ombudsman saying you've totally abused the data I've given you without permission and/or failed to secure it and not notified me of a breach... which is it?

P.S. Have done exactly this. Have screwed company to wall who used a stolen customer database. I know they did because (in my best Del Boy impression "That's not the hand I dealt you...") this case... That's EXACTLY the email address that I only dealt SOMEONE ELSE and not you...

1
0
Lee D
Silver badge

Good.

The more cases like this I can point at, the less chance I have of any resistance to my "least privilege principle" processes.

Question: Why does the software allow blanket access to names and addresses of customers that he's not even dealing with?

I actually would posit that almost all call-centre software should be illegal under GDPR because you have no need to actually KNOW what the customer's address / phone number actually are. You just get put through to them by the system, and unless they ask you to change or confirm the address, you have no need to do so much as request it (via, say, a "Request" box on each database field), and so any blanket-requesting of customers would flag up under auditing rules, and any attempt to "mass export" the customer list would just fail and set off the flashing red lights.

Remember: If it's not REQUIRED for your job, you shouldn't have that access to that data. 99.9% of the times I've called up any utility companies, taken a call from suppliers, etc. there is literally zero need for them to personally have access to any of those details.

"Shall I ship it to you home address sir?"

A) "Yes please". Done. No need to do anything but "deliver".

B) "Hold on, I moved recently, which address do you have?". Call operative presses Request on the address, the grey box for address only gets filled out from the database, operative reads it out, confirms it. Done.

We honestly need to start designing systems around least-privilege (again) before the law catches on that it's own definitions require it.

24
1

We definitely don't need more towers, says new Vodafone boss scraping around for €8bn savings

Lee D
Silver badge

Re: no more Towers?

5G doesn't need them.

In fact, the first 5G rollouts won't even be able to. The licence auction hasn't happened yet.

The high-freq stuff is merely a nice extra - if you're in range, you'll get "even faster" but existing towers and even some existing frequencies will always be used (and not just by "fallback to 4G").

5G doesn't "need" anything beyond what's already there. It just makes it slightly faster and have clearer channels.

It's like saying you "need" 5GHz for 802.11n. No. You don't. It'll still be faster on 2.4GHz than b and g ever were. But if you're able to use that higher frequency too, you'll go even faster.

0
0

NBN satellite user waiting for extra gigabytes? Keep waiting

Lee D
Silver badge

Ya cannae beat the laws of physics, Jim.

And I've run an entire school for two weeks off 4G sticks before now and nobody was any the wiser.

2
0

Between you, me and that dodgy-looking USB: A little bit of paranoia never hurt anyone

Lee D
Silver badge

Easy it's called "I can implement that change, but it'll cost you one IT Manager and a lawsuit about trying to get rid of them for providing adequate data and system security with a reasonable, demonstrably-effective, proven and already-in-place system".

Also, that in any proper workplace, such people DO NOT have access to the IT system whatsoever (physically or electronically), in any way, to implement such a change behind your back - even if they got IBM/Microsoft themselves to come in and try to do it.

Hint: The triggering of any one tripwire which suggests intrusion - whether by my own employees (IT department), other employees, outside entities, management, or any of their consultants - will result in the correct response in the case of such potential compromise. A full system shutdown until the situation can be determined.

Other hint: Every workplace I work at is made aware of a simple rule. If I ever discover that the master password lists / backup devices are accessed by anyone other than authorised personnel in the reasonable execution of their jobs (and I will know), I walk.

You really need to read GDPR. Unless your boss has a reason to have the domain administrator's password/access (hint: They don't, unless that boss is the domain administrator), then it's illegal for them to have it. They can *request* it. They can *instruct* me to hand it over. And I guarantee that it'll cost them one IT Manager and a lawsuit unless it was absolutely required (e.g. I'm in a coma in hospital somewhere).

P.S. The best way to stop such things is to say "Sure, I'll do that. But it's against my advice. Just sign here to tell me that you understand that and accept the consequences". I've actually used that. It's incredibly effective. No, my boss does not have any IT rights beyond that of any other member of staff working in such a position (e.g. he has a PC with office, rights to the documents he requires, but can't even rebuild his own machine or log into a server).

6
0
Lee D
Silver badge

First action upon starting at my current workplace:

A blanket ban on all USB sticks and any mass storage devices, and any "unauthorised" USB devices in general.

You want that, it has to come through IT who will scan it, and copy it to normal storage for you. If it leaves site at any point, it has to be scanned again. No exceptions. Not even for the big bosses. USB is just disabled and alerts us when it's attempted.

That's held for 4 years, and I'm regularly able to demonstrate why it's in place (with speakers, presentations and visitors all the time, there's ALWAYS something on a stick, and more often than not I have to refuse them access).

Number of virus infections: 1. Contained to a single PC. Introduced from a dodgy download, which the user persisted in attempting to run despite it being a file-inside-a-file-inside-a-file from a personal webmail from a spam from someone they didn't know, etc. etc. etc.

(Second action on starting at my current workplace: Stop all the password expiry nonsense as per all modern password guidelines.)

Honestly, you have ZERO NEED to use USB sticks, or even devices. The hindrance is literally "Hi John, nice to meet you, can I just take that stick from you to give to IT, they'll put it on the system for you and give it back, cool, let's go get a coffee and get you set up, eh?". You're just introducing the potential for everything from keyboard loggers, wireless access that bypasses your network security (or even shares out the local network to the Internet!), etc. etc. to anyone.

You need a piece of software that lets you block categories of USB drivers (e.g. mass-storage, etc.) and also whitelist authorised devices. Even then, there's potential for serious compromise (e.g. nothing to stop a USB keylogger looking like an authorised keyboard by offering fake USB PIDs).

9
1

Huawei Mate 20 Pro: If you can stomach the nagware and price, it may be Droid of the Year

Lee D
Silver badge

Re: Can anyone tell me the advantage of face/print unlock?

Having something in your brain (currently) leaves no physical impression or trace that can be detected or copied.

Having something on your body doesn't. It may be "complex" to copy, but it's there. And can be fooled by things like Gummi Bears or just a high-quality print-out.

Nobody has yet managed to pluck a thought from someone's head (though Derren Brown can show you quite a few tricks), so that's the ONLY way to be secure at the moment.

Anything else is security snakeoil. In the same way that your briefcase doesn't need to withstand a bunch of safe-crackers (given 5 minutes, a fast hand, and the opportunity and I'll open any 6-digit briefcase combination lock for you), some people are happy with "no security but a slight inconvenience".

If you care about security, a PIN / passphrase is the only way to go.

1
0
Lee D
Silver badge

SD Card and battery, personally.

The headphone not being there is annoying, but the other two you KNOW are going to fail or fill up and you'll want to replace at some point.

2
0

Western Digital: And when I pull the covers off, behold as NAND becomes virtual DRAM

Lee D
Silver badge

Ah, the old "let's run a swap-file on a RAMDisk" trick of old.

Honestly the two technologies really need to just merge so that you're "reserving" a space for the swap-file is really just "use the first 16Gb of the storage for main RAM" on a device where you can treat everything equally.

We need to just replace "RAM" and "disk" with "memory" and use it for everything.

Wanna run a server? Run several chips of memory in a RAID and thus have them verify each other (ECC, effectively).

Upgrade the disk, you upgrade the RAM. No suspend/hibernate junk. No "I ran out of RAM so I'm just going to fall over and crash". And "persistent RAM".

We need to get rid of hard disks, which will make everyone focus on SSDs and Flash, which means we could easily get their longevity / sacrificial sectors to the point where they compete with RAM, and they are already fast enough that you need a direct-bus connection to get the most out of them - and creeping their way towards RAM speeds all the time (I believe they are in the DDR2 ranges for speed already).

1
0

Brit boffins build 'quantum compass'... say goodbye to those old GPS gizmos, possibly

Lee D
Silver badge

Anyone else reminded of The Big Bang Theory episodes?

9
2

4G slowcoach Three plans network and IT overhaul to get foot in the door with 5G

Lee D
Silver badge

Re: But... what will it cost?

https://mobiletechtalk.co.uk/4gee-home-router-review/

I pay-per-month. So that's a £100 up-front cost, for a device I'll literally never use, then £50+ a month, for lower speeds, with dodgy traffic and being backed by BT (who are the very reason I can't get decent local broadband in the first place).

For 100Gb on that, I'd have to pay £100 + 12 x £45 = £640 a year, which is £53.33 a month, or sign up for 18-months (which I can do with Three but deliberately avoid doing even though I'd save).

It's an option, sure, but it's not one I'd choose, and it's still just-as-cheap to buy two SIMs from Three instead, and kit of my choice, and use them in tandem. Or just buy a smaller data SIM from each and then use EE when Three falls over, etc.

0
0
Lee D
Silver badge

Re: But... what will it cost?

I do this.

I have no landline (telephone or broadband), cable, TV, etc.

I live in London. It's cheaper to buy a 4G box (I use a mini Huawei 4G Wifi router that runs off a mobile phone battery, is based on Android and is basically a mobile hotspot with 8 hours of battery life, so I use the same connection when out-and-about, on holiday and when at home for my broadband) than it is to get even an ADSL line installed.

I get more than adequate speed to do all my TV through it (TVPlayer/Netflix/Amazon Prime/iPlayer, etc.). I get more than adequate speed to do all my browsing through it. It get more than adequate latency to play online games through it.

Literally, the only blocker for me is their pathetically low data plans. The best you can get in the UK if you're tethering (they cut you off for such things, if you think you just can use your "unlimited" mobile phone data package) is about 50Gb a month. I'm on 40Gb and they don't count Netflix (which is another 30Gb for me). It's more than adequate for me, and I'm online all day long. I have my CCTV on it, I have my phone on it (phone uses it over Wifi, which may seem odd but then I can even out my data usage), and my entire local network runs off it (including CCTV, printers, games consoles, RPi, DVB-T streamer, Chromecast, etc.).

I do *not* get an amazing signal (I bought a little aerial to plug it into when I'm at home), but it's already viable on 4G and held back ONLY by the stupidly low data limit which as far as I'm concerned is entirely artificial. 40Gb is fine for me but if I had more people in the house I would have to bump it. And weirdly it would be cheaper to buy several 4G routers and SIMs on Three than to pay their data over-charge (my Huawei has an option to piggyback off another Wifi in preference, so you just make a chain of them and turn one off when the data runs out...). I set the SIM to not allow overuse so if I over-use it, it just stops until the next month rather than charges me.

Also works in Europe when I go over there, so I'm not using up anyone else's data.

I have it on Pay Monthly but on an annual contract you can get it down to £22 a month. Cheaper than literally EVERY broadband offering available to me, once you include line rental. Also I get no telephone spam, because the only phones I have are mobiles and SIP.

I would actually pay £50 a month for Three to let me use, say, 100-150Gb of data on that same 4G SIM. I wouldn't care if it was 4G or 5G, to be honest. I get more than enough speed to cope with everything I throw at it (including 1000 Steam games and their constant updates).

The only alternative is Vodafone (who charge £30 a month for 50Gb, and then another £15 "pass" will remove all your Facebook, Whatsapp, Netflix, Prime Video, etc. data from counting towards your allowance). But they're too stupid to send me a SIM or realise that I can't get back in to order another with the same details because the first never arrived, and I can't be arsed to argue in a shop with a digital telecoms / Internet company who can't work how to get me to order a SIM online).

All the other I look at have LUDICROUS limits when tethered / mobile broadband. The average is about 9Gb a month. But a Three Mobile Broadband Sim-Only 40Gb w/ Netflix traffic built in can be had for £22 a month, and I get 30Mbps and more out of it all the time.

7
1
Lee D
Silver badge

Re: G5's higher RF frequencies

Stop spreading FUD.

The mmwave stuff is an optional extra, not a strict requirement.

"Initial 5G launches in the sub-6 GHz band will not diverge architecturally from existing LTE 4G infrastructure. Leading network equipment suppliers are Nokia,[23] Huawei,[27] and Ericsson.[28]"

If you're close enough to get mmwave, you'll get greater speed. But 5G will also do you better than 3G/4G out in the field from the same transmitter that did those for you, on the same frequencies as those use.

4
1

Spammer scum hack 100,000 home routers via UPnP vulns to craft email-flinging botnet

Lee D
Silver badge

Friend bought round XBox 360. It worked. No UPnP.

I have 1000 games on my Steam account. They all work. Online.

Skype, Whatsapp, hundreds of apps, phones, other people's consoles on games nights, you name it. They all work.

You only EVER *NEED* a port-forward if you are HOSTING content. You do not need it to game, join servers, browse servers or anything else. All major consoles have matchmaking services that can handle that side for you, no port-forwards required. And that's because only when you are actually being a server should you be punching holes in your firewall to let others in (rather than talking to a matchmaking server, or talking over an ESTABLISHED connection to another person which is what matchmaking servers set up for you).

Seriously. Turn UPnP off now. Play any game you like. See what happens. At absolute worst, XBox even has a term for it that shows up in the settings that nobody ever looks at... it basically means "you're behind a NAT, so I'll use a matchmaking service that knows that".

UPnP has several functions - one discovers things over the local network using local broadcast/multicast addresses. That's fine, and is on the client. One tells the local network that there is indeed a way to get to the Internet. That's fine, but often runs on the router and is entirely unnecessary on any modern operating system. Some advanced routers (e.g. Draytek) will have an option to leave that on, if you like. It's called "Connectivity Status". The other thing UPnP does is the port-forward thing. Every client asks for port-forwards. If your router grants them, this is by far not the first security problem with that. If you turn them off, the clients carry on regardless. Even weird stuff like videoconferencing, Steam matchmaking etc.

Before you start spreading nonsense saying that you "have to have UPnP", turn it off and see what happens. It's literally one click on your router.

Then tell me why you would ever want that functionality enabled on, say, a corporate network either, and why they turn it off from day one, and who's likely to be the biggest user of things like port-forwards and SIP / H232 / etc. protocols that all "need" that... yet it all works without UPnP.

Honestly, just try it. Nobody is even suggesting you have to ditch your local wireless devices, because they can use mDNS and UPnP etc. discovery over your local network, and connect to the Internet to do everything they need, without EVER HAVING to use it to punch as many holes in your firewall as they like.

TURN OFF UPNP ON YOUR ROUTER. Seriously. Not your clients, they can do what they like, because they can't punch holes in your security without the router's assistance and will just discover each other and work around it. And if you *didn't* know this, you really need to think why you're on an IT forum.

9
0
Lee D
Silver badge

P.P.S. and turning off UPnP on your router will NOT stop local devices discovering each other via it.

Just turn it off, because having it enabled on any router will basically give all devices a free port-forward of their choice.

25
0
Lee D
Silver badge

Nonsense.

UPnP allows ANY network device to request ANY network port on ANY external connection be forwarded to ANY internal IP/port combination, with NO AUTHENTICATION. Not one vendor has properly implemented authentication.

Turn that crap off, on all your networks, because even just "internally" it's not safe, and not necessary.

P.S. I have 1000 Steam games, a Chromecast, and all kinds of kit and none of it complains one iota about not having UPnP enabled.

37
0

British fixed broadband is cheap … and, er, fairly nasty – global survey

Lee D
Silver badge

Re: Downloads

Google Play Store can throw you some doozies if you have a bunch of phones and a handful of apps that need updating.

An iPad / Windows / MacOS update can easily be gigabytes on its own.

Hell, the other day I downloaded a couple of movies from Google Play onto a mobile device and they were gigabytes before I even got a few on. Let alone, say, an entire TV series.

If you can burn through 50-100Gb in a month just browsing as an ordinary family, you can be sure that the speed at which you can download a 5Gb file matters a lot.

20
1

GCSE computer science should be exam only, says Ofqual

Lee D
Silver badge

Re: Oh, please...

Yeah, it's like asking someone to do a Geography exam in a hall on paper instead of, say, climbing Mount Everest.

Or a Media Studies exam in a school hall rather than, say, live on the BBC.

Or a French exam in France.

Examinations DO NOT TEST your real-world ability level. That's not what they are supposed to do, are designed to do, or have ever done. They test your foundation knowledge in the subject you've chosen, in a controlled environment.

If you want to know if a guy can program in a team, you put him in a team of programmers. You don't expect him to have GCSE Collaborative IT Coding. GCSEs are literally baby qualifications. They assess your ability to learn and retain information, and eligibility for A-Levels, which themselves do the same and test your eligibility for a degree course, which themselves don't qualify you to walk into Microsoft and tell them they're doing it all wrong or that they should give you a job developing code for life support systems.

You sadly misunderstand such qualifications (and even MCSA, Cisco and A+ etc.) if you think otherwise.

There is literally no point having the people paid by the success of their students to assess their students. There is literally no sensible way to have an external unrelated agency test the capabilities of a student within a handful of hours on an exam they can Google the answers to without individually assessing each student by a qualified person for that time (and longer). Both are an absolute waste of time and money and cheating the younger generations.

So what you have are exams which test base-knowledge in a written exam - even practicals are a waste if the science teacher has scope to literally just make up any grade they like and say they didn't help you when they did. The same way you have written exams for Food Technology, Customer Service and... yes... IT.

You think they're assessing your capability to perform the job. They're not. Even job interviews don't/can't do that. You certainly can't do it en masse for an entire cohort of students nationwide within a 2 hour window for that subject. What you do is test base knowledge retained in their head, and then let that lead them to ever-more difficult-and-expensive base-knowledge tests until you get to the point where only someone well-versed in the subject stands a chance of tackling the problem (e.g. university / college degree). Then you unleash them on the workplace to see if they sink or swim in "real life".

I'm a mathematician and a computer scientist, by degree. That was ALL done on paper with one minimal programming course in my degree. I actually used more maths in my CS side, and more CS in my maths side! Literally! That didn't get me a job - it couldn't. But it proves I can learn and continue to learn, and learn difficult and boring things, and that I enjoy learning. Then the workplace takes a chance on me and ends up finding out if I can do the job for real.

You desperately misunderstand the whole academic system if you don't get that. Every kid out there now has a hairdressing or bricklaying GCSE. Trust me that you only want maybe 1% - if that - of them to do those things for you. A GCSE is almost a certificate of participation more than anything.

49
9

Mything the point: The AI renaissance is simply expensive hardware and PR thrown at an old idea

Lee D
Silver badge

Lack of inference.

The AI is told "you're right, you're wrong" but it does not, can not and will not ever work out WHY it's wrong. It just shifts it's detection to finer and finer and finer criteria, outside of the control of the programmer or operator, until it's "success" improves by 0.00001%. This, as all "AI" in use today demonstrates, plateaus REALLY quickly. You get "convincing" results that then can't be untrained or retrained or trained out of the system and it gets stuck and can make progress only at glacial rates. And all you're really doing is statistical analysis, and modifying that data slightly. It's really no different to a Bayesian spam filter on your email.

What we lack is any way to provide the machine with the capability to infer the causes of those results, why that result is wrong, how it can modify, what questions it can ask to distinguish between a Cavendish banana and any other.

It's an inherently one-way system. This is data. Eat it. Now eat more data and tell me if it's the same. At no point do we assist the machine - even human tampering in the data selection process isn't helping it at all, any more than doing a child's homework for them. The AI is still stuck in a blind maze of problems that it has no way to escape out of, but punishment if it doesn't manage to. And that works fine for maze-like problems (like Chess or Go or anything else that logical and graph-theory) that are small enough to get out by brute-force-and-a-bit-of-help in a reasonable time.

We do not have AI. And we won't until we work out the inference problem.

13
0

Woke Linus Torvalds rolls his first 4.20, mulls Linux 5.0 effort for 2019

Lee D
Silver badge

Sounds like he's being a bit yellow to me.

That makes me blue. I miss the old technicolour Linus.

6
0

UK.gov to roll out voter ID trials in 2019 local elections

Lee D
Silver badge

Not a lot.

It's not even that secret. It's not like a social-security number in the US which can be used to do things.

It's literally just a reference number to see if you've a) paid the appropriate compulsory "national insurance" (a.k.a. "stamp") as part of your paid wages, b) link it to your NHS number a bit (but your NHS number is very different).

Pretty much you can't do much with it, but it's a nice "joiner" between datasets, but it's only real purpose is to give it to your employer so they can pay stamp (which is just a tax, really) for you.

Without an NI number, you tend to end up on "emergency" tax codes, until they can establish what your number is. Which every employer, etc. can do with a simple request (often the tax office will tell THEM that they have the wrong NI number).

Unlike America, it's not that important, not information to keep deathly quiet and nor can you - like a friend of mine in America - just make one up and jot it down on your employment forms and have it go entirely unchallenged for decades...

6
0
Lee D
Silver badge

We don't have ID cards.

Not everyone has passports or driving licences.

Hence, day-to-day life doesn't require it.

You do have to be on the electoral register, though, which isn't easy without actually being the person in question.

The problem is voter "impersonation" (i.e. pretending to be someone else and using their vote) not vote "fabrication" (i.e. someone pretending to be someone who doesn't exist and getting a vote). The latter is just ripe for abuse, but the former is just a really, really, really dumb things to do that ends in jail-time.

40
3
Lee D
Silver badge

Re: So...

Same as my brother.

No photo ID, but he has a bank account, a mortgage, loans, telephones, etc. and operates a normal life.

You just have to hope that they will accept things like your birth certificate etc. and - as the article says - two forms of non-photo ID instead.

11
1

DBA drifts into legend after inventive server convo leaves colleagues fearing for their lives

Lee D
Silver badge

Re: My boss was demonstrating the instrusion sensors on our building

Question: Are your workplace aware that it's both pointless, nuisance-creating, council-enforceable (noise nuisance) and quite possibly illegal for a burglar alarm to sound for more than 20 minutes continuously (fire alarms, maybe, but even so if it's sounding unnecessarily)?

Seriously, what possible purpose could it ever serve to sound for longer than that (you can have some indicator that the alarm has sounded, if you like, but there's no need for it to sound continuously unless lives are at risk)?

42
1

Boom! Just like that the eSIM market emerges – and jolly useful it is too

Lee D
Silver badge

Or you could just sell a SIM that's programmable as an eSIM if you send it the right codes.

Then people can still pick up SIMs if they so desire, use eSIMs in legacy devices with no special support required (a SIM is really just a smartcard that accepts certain commands), or it can even be a "reprogrammable" physical SIM that you have to stick into an adaptor to load a new eSIM onto it.

When the cheap Chinese stuff to manage these things starts to appear, then you know they have become mainstream.

But a supplier could easily deal exclusively in "eSIMs" and just give their customers a "reprogrammable" physical SIM if they ask for one.

7
0

While everyone coos at the promise of 5G, UK network Three asks if it can tempt you with 4G+

Lee D
Silver badge

Cool.

I wonder if my Huawei 4G box on Three supports this? I can only find conflicting information and, of course, they may not have enabled my local base station.

Anyone know what kind of hardware revision/Android version you need to see this on your phone?

0
0

5.1 update sends Apple's Watch 4 bling spinning into an Infinite Loop of reboot cycles

Lee D
Silver badge

Re: Good watch designs always run in an infinite loop

It's time to turn back the clock and remember a time when devices were only as complex as they needed to be. The hour of the "retro" hipster is near.

8
0

Mourning Apple's war against sockets? The 2018 Mac mini should be your first port of call

Lee D
Silver badge

Mac OS legitimately? No.

But my 8-year-old laptop has a VMWare virtual machine on it with MacOS from my "proving" the same thing to somebody else.

With that OS, running inside a Windows 7 hypervisor, I can allocate 25% of the laptop resources and enjoy BETTER performance inside the VM than on a real Mac. While also getting real-work done and even virtualising other OS (I have Windows, Mac and Linux VMs running on a Windows machine, all picking up the same codebase and all compiling via Eclipse and running the result to test it works, in case you wonder why.)

Granted, it was a couple of years ago that I last did this specifically to prove the point, but my laptop is EIGHT YEARS OLD. And it can virtualise MacOS in one-quarter of its resources, faster than Mac native hardware. Seriously... go try it. VMWare Workstation and a couple of UEFI config file tweaks to make it boot.

Honestly, that same 8-year-old laptop still beats out this Mac Mini! It's Intel i7, 12Gb RAM, dual-drive bays with 1TB in each (but I later replaced one with a 1Tb SSD - however the tests above were NOT done when it had an SSD) and has nVidia graphics (I think it's a 960M, to show you that it's hardly top-of-the-range even back then!).

If you don't realise that MacOS is clever-tricks and showmanship and NOT actual performance, then you've not looked into it. The slippy-slidey menu at the bottom is a perfect example. You're led to think it's scaling those icon in real time. It's not. They are pre-cached bitmaps in a variety of sizes. It's giving you a GIF animation, basically. On the VM I made, you can knock the allocation down to a single-core and it still does slippy-slidey quite smoothly, but every performance metric of "real work" (e.g. loading apps, browsing websites, compiling code, etc.) falls below on the actual Mac hardware compared to a VM experience.

MacOS is designer shine on a hardware turd. Sure, it's "clever" in its way, but it's entirely snakeoil.

Honestly - if you have VMWare (I don't think it works in anything else as it has a serious UEFI integration), go Google how to do it, load MacOS up and run it. If you dial-down the resources allocated, you'll instantly spot what's snakeoil and what's actual performance. And your PC will still kick the Mac's arse.

Honestly, the only reason to own MacOS is if you need to cross-compile to Mac, where you can only reasonably do so via an up-to-date XCode, which usually needs and up-to-date MacOS, no matter what compiler / development environment you are using. I use Eclipse and the CDT, and the only sensible way to cross-compile to Mac is to load Eclipse on MacOS, configure it to load the XCode etc. compilers and libaries, and then make that do the compile.

34
29
Lee D
Silver badge

As I proved recently on another forum, for the same price (of all the models available) I can get a PC that out-performs the Mac for a-half-to-a-third of the price - and that usually a laptop with an HD screen to boot!

It's another Apple "designer" product, and I don't see why anyone would touch them, nor why Reg would cover it at all seriously.

"mainstream professional power users"... yeah, right. The kind of people who want to buy a machine that can barely cope in its default config, where the highest config is comparable to a run-of-the-mill PC and where the graphics card is an optional extra because it only has the Intel HD graphics...

Literally for the same price I can get a gaming laptop that'll knock every feature it has for six. Or I could buy a desktop (no monitor) that'll wipe the floor with it so badly the poor thing wouldn't be able to network with it from embarrassment.

Honestly, stop bigging up their over-priced peddled trash.

60
74

Microsoft claims Office 364 back to business as usual. Oh no it isn't, say suffering sysadmins

Lee D
Silver badge

Re: Office 364?

To downgrade is simple.

Just update to the newest version of Office each time it's released.

Less features, less reliability, the perfect downgrade.

I had a rather interesting conversation with a client lately where they demanded to know why our staff webmail was only running <old but still-fully-supported version> and not the new-new-newest.

"a) it works, b) it's not insecure, c) it's supported, d) we have no need of any upgrade" was the gist of my answer.

25
0

GitHub lost a network link for 43 seconds, went TITSUP for a day

Lee D
Silver badge

I'll explain that problem to you in two words.

Split-brain.

You had two places that both thought they had the "definitive" copy of the database, but didn't, because they didn't have what the other side had, because both were pretending to be in charge and taking any orders that came to them and applying them, even if they could never tell the other side about those orders.

Note that this is perfectly possibly with ANY replication setup that works in a failover mode whereby one place - upon detection that it can't talk to the other place - becomes a full-service node. It starts taking orders from the waiters and giving them to their own chefs, without realising that other places are also taking orders and giving them to their chefs, and then you try to merge the kitchens back together and you just get chaos.

It's so prevalent that you can do it in Hyper-V failover replicas, DFS, MySQL or anything else that tries to "take over" when a site goes down without proper shared "journalling" of some kind, or a forcible master server handing off work.

If you chop your network in two, and expect both halves to get full service, you need a way to resolve split-brain afterwards. That can either be something like DFS or Offline Files does (hey, we have these conflicts, sorry, nothing we can do and you need to manually check what you wanted), or you have to literally put in intermediary services that can handle and clean up the situation.

The job is almost impossible automatically... someone commits something to site A... it times-out because of the fault but gets to site A storage. They retry, they get balanced over to site B, you now have an *almost* identical commit to site B, but they both differ. Or you have one developer commit his branch to site A, another to site B, they conflict and now you've messed both side's entire tree. Leave it for 40 minutes with a crowd of developers and before you know it you have entire trees with two completely conflicting trees that can't be merged because the patches change the same parts of the code and who do you reject now? Plus one of those developers is going to have to rebase their tree but may have done thousands of hours of work based on the deprecated tree and they won't be happy.

And I've tried to explain this to people too... yes, just slap in a failover / replica, magic happens and it all works when you join them back.

No. It doesn't. The only way to do that is to have a load-balanced queuing/transaction system whereby the underlying databases are separate, but there's only ever one "real" master, and that gets committed to by a single ordered list of processes that will always feed that data back in the same order to the same system. Literally, one side "takes orders" but does nothing with them. Until the join is fixed and then they hand them off to the shared kitchen. You don't lose any orders, but they don't get acted upon immediately (i.e. you accept the commit, but on the failed site, it's never reflected in the tree). Even there, you have problems (maybe the commit you accepted wouldn't be valid against what is NOW the master tree that's taken other commits in the meantime).

Such things - and their solutions - introduce all kinds of problems with your "distributed / fail-safe" setup.

And all because you didn't think it through and just assumed it would all carry on working perfectly like magic. If you have a blip, and you failover, the failover will work perfectly. But before you can ever resume service, you have work to do that if you haven't considered it in your design turns into a mess with hours of downtime and potentially accepted-but-then-disappearing commits.

20
1

Woman who hooked up with over 15 spectres has found her forever phantom after whirlwind romance and plane sex

Lee D
Silver badge

Dear God,

I'd like to file a bug report...

43
0

Britain's rail ticket-booking systems go TITSUP*

Lee D
Silver badge

There's a feature that I quite like in Veeam (bear with me!)

When you're copying your VM's over from one place to another, or backing them up, or whatever, it tells you where the bottleneck is.

Source, Processing, Network, Target, etc. You know what's holding up the line.

Cloudflare do something similar, with a checklist of "Well, we're up, but the site you're trying to access is down" icons. It's about time, we all follow such lead and have the systems automatically lay blame.

"Please try again later" isn't acceptable. "Sorry, the national ticket-booking service is down", or "Sorry, this station isn't able to connect to the Internet to check that information", or "Sorry, information about Virgin trains isn't currently available from their systems."

Short, easy, subtle, but at least lay the blame where it needs to be laid rather than "Error". And it's literally the case of changing the output of a few exception catchers / error paths into something friendly.

However, Veeam caught me out the other day through exactly this problem. "Could not process the VM". Apparently that means "You need to take a Full before you can take an Incremental, pillock" but fails to tell you that and instead gives you something that's both heart-wrenchingly worrying, and almost impossible to narrow down without working blind.

11
1

What can I say about this 5G elixir? Try it on steaks! Cleans nylons! It's made for the home! The office! On fruits!

Lee D
Silver badge

Re: John C Dvorak

Actually, it wasn't anything to do with 5G.

He was equating 5G with millimetre wave (which is, in itself, dubious as 5G will be at least partly on "ordinary" frequencies already in use and the millimetre wave frequencies haven't even been auctioned yet). And not just a few particular frequencies but basically EVERYHING above a certain frequency.

He was then equating cellular millimeter wave with... well... some tosh about your eyeballs and skin frying. Complete lack of coherency or understanding about the difference between frequency and emitted power.

It was an incredibly dubious, incredibly unprofessional, incredibly misleading and incredibly badly-researched article (which basically tried to use the argument "nobody uses it, so we don't know what it does, so obviously it's gonna fry your brain" - despite the fact that this kind of stuff is deployed all over the world in radar systems, military applications, site-to-site wireless links, etc.) which was pulled because it was written to try to smear 5G (and ONLY 5G) with such tosh.

Honestly, though I remember the guy's name and probably read thousands of his articles in my time, reading that one really put him firmly in the "ignore everything he's ever written" category for me, it was just that bad.

3
0
Lee D
Silver badge

When they actually deliver what 3G is capable of, even a percentage of the time, then I'll start thinking about delivering what 4G is actually capable of, then we can worry about what 5G might be capable of.

HSPA+ is technically capable of 168Mbit/s

LTE A is technically capable of 1000Mbit/s

I have a 4G connection on a little portable Wifi box that can just hold a steady 20-30. But even that cuts out for long periods of time and is nothing to do with the signal - a mobile phone right next to it with the same kind of SIM will happily ramp up speeds while that struggles to stream even a 0.5Mbit stream with buffering. And that's *4G*. And I live inside the M25. And the nearest tower to me is about 200 yards away with no obstruction.

The problem to solve is not the "talking to the phones" end (that's a shared medium, plus it's highly dependent on enrivonment, etc.). It's "backend carrier" that you need to deal with. Because it's just not there.

(But, hey, I can't even get a decent digital TV signal either, so I think we can safely assume that we've forgotten how to do radio networks nowadays).

0
0

Techie was bigged up by boss… only to cause mass Microsoft Exchange outage

Lee D
Silver badge

Which is why you don't work direct at the server but over RDP unless something really critical has happened, because then "shutdown" is something you can only really do with a command-line (or if some installed program offers to do it for you, but then you test that on a non-server first, and generate yourself a mental install script, right?)

1
28

Flash price-drop pops Western Digital's wallet: Surprise revenue fall with worse to come

Lee D
Silver badge

Haven't bought a hard drive in years.

Don't intend to unless it's a seriously high-end thing for a server that has to be certified and firmware'd up, etc.

I see no reason that SSD/NVMe can't be your main product now and your sole product in years to come.

I'll do you a deal. Gimme a 1Tb SSD that's "only just" faster than an hard drive but comes with the tiny space, the no-moving-parts, non-hermetically-sealed boxes and the same price, and I'll buy dozens of them tomorrow.

Then you can slowly ramp the speeds back up to what they are now (i.e. Ludicrous Speed) and increase capacity as you go. Then in a few years time, I'll buy the same amount of 5Tb SSDs for the same price. And so on.

I honestly don't understand why HDDs even exist any more, or why companies that used to make HDDs are considered at all the people to get SSDs etc. from - entirely different technology and processes and they didn't see it coming and now they're reeling.

My Samsung 1Tb (which is stupendously expensive) has been in use for... 5 years straight. And it's still only £50 cheaper on Amazon than it was when I bought it.

I blame them focusing far too much on trying to justify their old business, and failing to get on board and ramp up SSD / Flash etc. It's like when I was watching Kodak produce printers and new cameras and films while everyone else was already using digital cameras.

1
5

The best way to screw the competition? Do what they can't, in a fraction of the time

Lee D
Silver badge

Re: when you charge more per hour

When I was self-employed, my phrase was:

You don't pay me by how many hours I press buttons for you.

You pay me to know which buttons to press and when.

Have gladly charged a customer a full-day's rate for the simple matter of turning up, pressing Enter on a screen that said "Press Enter to continue..." and then going home.

The question is not "am I being paid for pressing one key?", it's "was I willing to press that key, understanding the consequences, and take responsibility for whatever happened after I did?".

(P.S. when you plug heaters into an extension that also runs "the server" - not my idea! - and the server turns off, and you hide the heater and just press the server power button, you should know three things. a) the server was set to "Press Enter to continue" on the BIOS, which if you'd done, it would have just booted up, b) your heater stays warm for a long time afterwards, especially if you try to hide it away in a cupboard, c) if I had been paid by the hour, I could easily have spent hours on figuring out the cause if I hadn't been lucky and observant... or you could have just owned up to it and I could have solved it in seconds for free over the phone)

27
0
Lee D
Silver badge

Note to all those random people that phone me up trying to be "one of your suppliers in the future":

This.

I don't care if you're the cheapest. I don't care what incentives you throw at me. I don't care that you're friendly on the phone and try to engage me about the football / weather / etc.

I can get all that ANYWHERE. Literally, I have so much of that that it's basically spam - on the phone, by email, etc.

What I want from you is... helping me. This includes things like access control engineers who cleaned up after a third-party locksmith made an atrocious mess. Computer companies who overnight shipped me thousands of pounds of critical gear on the basis of a late-night email to keep us up and running (no contracts, no huge deals, just literally a box of gear arriving because they knew we needed it ASAP). Engineers that I know and trust, because they help out, not say "not my job mate" and even advise on things that are nothing to do with them because they see problems (and literally can't use it to upsell as they always refuse to handle prices etc. anyway - that's for "the blokes in the office" - and always tell you when even their own products "aren't something I'd recommend", etc.).

Sure, that stuff is "unnecessary" and may even cost you money. But it keeps your clients. And your clients will spend more money on you.

This is true of all customer service - you SPEND MONEY on customer service. It costs you time, money, equipment, effort, etc. But you get it back. I'll make sure you do. With things like this.

And it's a definite two-way street. The guy who helps me out can phone me after work and say "Sorry to bother you, I'm at another customer's and I see they have a problem that I know you solved on your system... could you talk me through what you did?". Bang. We're best mates now, and mutually beneficial to each other.

I've actually had to adopt a process now for a) taking suppliers details, b) ignoring them until I need their services, c) blacklisting them if they bother me too much to chase at any point, d) testing them out on small projects and seeing how they react when they realise they haven't won millions of pounds worth of business just because they were friendly in the first email, e) gradually building the projects up only if they are successful and seeing how long the trend lasts.

This has left me with some areas of my work where I literally REFUSE any other contractor. Sorry, no, that job's going to Company X and I don't care if you can undercut them or you have to wait until next week for them - they do all our <whatever>. The other areas are where I literally can't find anyone who does a good enough job and I have to break them down into mini-projects and hedge my bets among several unknowns, knowing that at least one project will fail because of the way they operate, and then using the others to see who wants to pick up the slack.

Drop the business boundaries and try to help me.

48
0

We asked 100 people to name a backdoored router. You said 'EE's 4GEE HH70'. Our survey says... Top answer!

Lee D
Silver badge

I'm not suggesting that this is "secure", but if you're going to put in a default backdoor password (presumably to force firmware updates and the like, like cable operators do), then at least take ten seconds to come up with something that's not so bleeding obvious all you have to do is grep the firmware.

Off the top of my head:

Set the password to: A cryptographic hash of the device serial number/MAC address, salted with a secret salt that - should the worst happen - you can change and then re-password all the devices (you know what the serial number/MAC address is, it's then easy to work out what the password for any particular device should be and it should only be travelling over your own network, yes? And one password does not let you into every device. And if you do it right, even with a million passwords of a million devices out in the wild, someone shouldn't be able to work out the hash salt?).

Just make sure that the salt is NOT stored on the devices themselves (literally just generate the hash and use that in your password file as the password for that device - hell "ASCIIfy it" or "hexadecimal" or something if you want a human-readable version of it).

That's where I'd start with the absolute bare basics of "bodge job".

If you want to do it properly... secure certificates. Gosh, if only we had those right? A client certificate on each device that can be unique and you can use for securing their update checks, and every device carries the public key of the certificate that you intend to use to connect to them and expect login.

This way - you don't even need a password! Just a certificate (it might be an idea to passphrase it though). Ten minutes with OpenSSL (gosh, I wonder what kind of device would have to have OpenSSL installed by default anyway?) and every client can generate their own unique certificate to identify themselves, and you have a certificate at EE / whoever that can connect to any router to make it update. And you could even do things like replace that cert, revoke any compromised cert, pull that cert from the Internet when it changes, verify it against certificate stores, etc. etc. etc....

It's almost like someone invented an infrastructure and encryption methods to support all this, and people added it into basic login / administration tools so you could use it, eh?

A.K.A. SSH public-key-authentication.

8
2

This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet

Lee D
Silver badge

Re: And this is news how?

Not sudo. setuid.

X was setuid in every distribution for DECADES. Some of them still are. X itself runs as root no matter who you are in those distributions, then downgrades itself to the user's level.

Here's a shock - apache does the same thing. You have to run as root to enable you to bind to any port number less than 1024 as a server. So apache starts up as root, binds the port, drops privileges, and runs the rest of its life as "www-data" or whoever while holding something that only root could have obtained. X does pretty much the same, or did. There are ways not to, but pretty much X has spent more of its life starting as root than anything else. Same as "ping", I believe. You have to be root to send ICMP messages. So ping is "setuid root", so whoever runs it is actually running it as root. (Things may have changed in recent years, I don't delve into it myself).

Because of that... anyone on those affected distros (i.e. all but the most secure) is running X as root for a period of time. Which wouldn't be a massive problem if it didn't allow you to specify arbitrary files as the log, and then let you control what's logged. Basically, that's using X as a proxy to read/write any file on the filesystem. In this case, it just happens to set a root password by overwriting the password storage file (shadow).

Yes, it's a dumb idea to run as root when it's not necessary. Fact of the matter is, there's almost ALWAYS a point at which it becomes necessary. Windows has a SYSTEM user, Linux still has root. If they weren't required, those accounts wouldn't even exist. (It actually goes back to the micro-kernel argument of old, where you shouldn't need one user able to "join" all those systems, but if you want sufficient performance, you often have little choice without switching between 20 different subsystems and handing off state information 20 times to achieve something basic).

But it's not an incredibly dumb idea so long as you are very careful and drop privileges as soon as you've done the necessary. In this case, the former failed and - while still root - X allows unsanitised user-specified data to be utilised in the name of a filesystem file which it then gains root write access to, and again to allow the user to specify more unsanitised data which can end up in that file.

28
0

Should a robo-car run over a kid or a grandad? Healthy or ill person? Let's get millions of folks to decide for AI...

Lee D
Silver badge

Wrong... the answer to the trolley problem is "there is no right answer".

You have no capability to assess two options quickly and conclusively in a short time, nor does a computer.

Both options are bad and, in reality, most people won't blame you for "choosing" either but the fact is you won't get to choose - it's essentially random in any crisis situation. Even choosing between "hitting the fence and taking the pedestrians out" versus "not smacking into the oncoming HGV myself" is a no-win situation of which people take both options all the time or, again, the third option "AARGGGH!" and bouncing off the truck because you couldn't decide and ricocheting into the people anyway.

The fact is that any reasoning applied is largely arbitrary (why would you save rich people instead of poor people?), thus such reasoning is pretty unnecessary anyway.

The only options to decide are "do something" or "do nothing". And the answer should always be "do something", which should be "brake". Where you're steering when you brake is largely undetermined anyway - try to change that too much and you skid and make the situation worse.

All the computer should do is ask itself "do I need to stop?" And that's it. Anything else is going to cause as many deaths as it saves.

3
1
Lee D
Silver badge

Re: Important 'cause...

I have experienced the "time slowing" thing. People think it's an exaggeration but it's not.

I was driving through a rainstorm at night. Had navigated to a random point on a map, so literally had no idea where I was or where I was heading.

Emerged from a forest, into a little village, miles from anything. Only the pub was actually lit up, the rest was just houses and incidental lighting. Passed the pub, 20-25mph or so (it was seriously belting down), followed the road, and ended up with a bridge in front of me.

Literally, I can remember my entire thought process. A sign on a pole appeared and passed the front of my bonnet. Through the rain-soaked windscreen it was tricky to make out but I saw it and my brain processed it. It was a little car. Going downhill. Into some wavy lines. I *know* I know what that means, but I can't think of it. Literally - from my brain's point of view - many, many, many seconds of debating happened as I tried to reason what the sign was. Meanwhile I drove up onto the "bridge"... Very steep this bridge. I wonder why they have a bridge in the middle of nowhere.

And then brain finally decided that it had thought long enough and brought back reality to me. Not bridge. Harbour. Not "the road is made of bacon" but... this is the end of the harbour and you're about to plunge into the ocean. Amazing, considering I had *zero* idea I was near the ocean at all. Never pressed the brake so hard in my life and it appeared to take forever to stop - I can remember at least "ten seconds" of me just pushing the brake to try to hasten the stopping, and it not happening... after the long internal conversation to do so.

I literally spent the next ten minutes with my car at a 25-30 degree up angle on the ramp, full beams shining off into the sky, the bottom of the beam just catching the top of 12-foot rolling waves as they smacked against the ferry-docking-ramp I'd just driven up.

1) I can't swim.

2) I did not know I was near the ocean, so would have been utterly unprepared.

3) It was 12-foot-waves. No exaggeration.

4) Because it was a ferry port / harbour there was no easy way back up to dry land even if I could get out a car that fell into water bonnet-first.

5) It was pitch black, middle of the night.

6) Because of the huge rainstorm, nobody would have heard a thing. The pub was shut, it just had lights on.

7) I'd just split up with my wife and gone on a drive to escape... so nobody was coming to look for me even if I was missing.

I sum those to equal "death", personally. It's the closest I've ever come to it.

However, when I recovered from the more-than-slight shock, I realised several things. Including that the sign I "passed" was parallel to the passenger door. I'd barely encroached a few feet up the ramp. Given the conditions, that tells you how slow I was being anyway, but there is NO WAY I had time for the internal-conversation that took place.

I can remember the length and detail of that internal conversation, which must have been literal fractions of a second, and it far exceeds reality. Either your brain massively overclocks in an emergency, to get more done in a short time, or something weird happens to your perception of time.

"Although I will say I never realised quite how fast 60mph actually is until I was approaching a wall at that speed with limited control. When normally driving it always felt quite slow."

I like to do this to people (my kid especially). Drive along normally. Pick a landmark. A lamppost. An old lady. Whatever. Now, in your head, picture what it's like to hit them as you drive... literally see how quickly they would go from being "in front of the car" to "up in the air behind you before you could even really brake". The distance you cover at motorway speeds is stupendous, but even driving along a side road.

There's the old lady... here we go... BANG-CONTACT-FLING-SPLAT as the front/windscreen/roof/back of your car passes the point she's standing at. It's amazingly conducive to realising quite what speed does.

29
0

Congrats from 123-Reg! You can now pay us an extra £6 or £12 a year for basically nothing

Lee D
Silver badge

Re: Snake oil sales men

Honestly never understood such things anyway.

Does anyone ever click and check them from those icons?

Is that in any way secure anyway (if the website wasn't in the first place)?

How many people who don't understand the SSL certificate highlights in browsers, who then go to click on the Verified By... thing then have the first clue about checking that that's actually genuinely FROM the SSL provider in the first place?

If only all the information required to verify the certificate was somehow included in the certificate itself, and somehow showed itself in the browser as soon as you visited such a secure website, eh?

14
0

SQLite creator crucified after code of conduct warns devs to love God, and not kill, commit adultery, steal, curse...

Lee D
Silver badge

To be fair, they would be subject to wear-levelling.

It's just a matter of waiting long enough.

56
0

London flatmate (Julian Assange) sues landlord (government of Ecuador) in human rights spat

Lee D
Silver badge

Re: Ecuador could solve this in about 3 minutes

They really don't need to even do that (and he wouldn't evacuate anyway, would he?).

Just phone the police and say "I invite you to come arrest Mr Assange at your earliest convenience".

The ambassador wouldn't even need to leave their desk.

3
1
Lee D
Silver badge

Data given to his organisation ends up being released unsanitised, putting people's lives at risk and identifying his sources. One source goes to jail for that, another ends up fleeing to Russia to escape.

Court gives the man a chance to be free on bail, he skips it.

Friends of his donate money to secure that bail, he skips on them, losing that money for them.

Ecuador give him asylum (the only place really willing to), he abuses it for years and then tries to sue them.

All I take away (even assuming that the Buzzfeed link with all the crap about his behaviour inside is just hyperbole) is that he's a twat who abuses trust.

And yet, we're supposed to believe this guy is going to be sniped by American agents the second he shows his face?

At one point, very early on, he could have had a message, a cause, a reason to back him. All he's done in the years since is drop other people in it, cause hassle for those who back him, and run from the law that isn't even really chasing him (our police ARE chasing him, but then they have a cast-iron admission of guilt for failing to abide by court bail, in that he's not abided by the court's bail conditions - they don't need to prove anything).

6
3

GitHub.com freezes up as techies race to fix dead data storage gear

Lee D
Silver badge

Re: Cloud based services

It isn't really cloud, though, is it?

Not if one data storage thing going offline causes the whole thing to fall over. It's more like a Drip. Maybe a Puddle.

Whether or not it's "cloud"... where's the failover? And I mean failover, not just "oh, have some stale data and we may be able to restore a backup"... but live storage somewhere else ready to take over. You'd think $7bn might be able to buy something like that, no?

It doesn't matter whether it's cloud or not - it's SHODDY. Storage failures should never get to the point where they affect users, because you should have enough redundant storage mirrored up to date, and via a versioned filesystem so even a "delete all" command can be undone, for it not to matter.

If you're basing your business on their services, immediately review that decision. From the looks of it, they are just running off stale caches at the moment. That might mean they have no data actually up at all.

19
2

Crucial P1 minicard flash drive? Not if you grabbed Intel's 660p

Lee D
Silver badge

Re: I'll never buy another

I bought a bucket of the cheapest Crucial junk SSDs I could find, lobbed them into any machine in work that couldn't take our >4Gb RAM upgrades (which tells you the age of those machines! They run 64-bit WIndows but the motherboard can't take more than 4Gb RAM) - so half the machines are 4Gb with an SSD, the other half are 8Gb with a normal hard drive.

Bear in mind that I *never changed a single option* - none of this caching rubbish, no "tool" running to optimise the SSD, no overprovisioning, no disabling of swap, etc. - literally a byte-for-byte image of whatever was on the same computer before the upgrade...

1) I've not had to replace one in over 4 years.

2) If I did, they are the cheapest things to replace, and literally replaceable because nothing is stored on the HD, just the OS and roaming profiles.

3) They would be much swapping harder than the 8Gb machines.

4) They OUTPERFORM the 8Gb machines, by a large margin. People use them in preference.

5) When I *do* runs the tools, there are zero failures and the estimated life is still 5 years +

6) These machines are hit hard every day, in use all through the working day, way into the evening, and sometime 24 hours a day in some locations. They get dozens of users a day sucking down their entire profile and then pushing back to the server, and doing all kinds in between and "Switch User"ing between half-a-dozen users all the time rather than logging off.

I honestly can't fault them... I have a Samsung in my personal stuff but they were a test to see if they were viable and whether I'd have to replace them every year, and they are still flying. If I had to replace them every year, I really wouldn't care at this point.

P.S. You should never lose data. Literally never. If you can afford one drive, you can afford two half the size and something to RAID between them, even if it's only a pathetic mirroring. And you shouldn't be storing anything critical on any machine that can't do that (we call those clients, they shouldn't be storing files on them and you should be able to code up a bare-metal machine to a working client with all your software and domain in minutes).

Now, if you'd said Seagate and hard drives - I'd be right with you. I burned through EVERY SEAGATE DRIVE in the workplace in that same time. Literally everyone failed, and every RAID resync with more Seagates inside them was a cross-your-fingers-and-check-your-backups moment. Every single drive that failed was Seagate (whether SAS or SATA, client or server or storage). Every Seagate drive has failed.

But the cheapest, junkiest, more useless, sacrificial Crucial SSDs... they are so impressive, I've worked out what I'm upgrading next rather than RAM.

9
1

Party like it's 1989... SVGA code bug haunts VMware's house, lets guests flee to host OS

Lee D
Silver badge

Re: A standard dating back to 1987?

I still contest that a WinTV card plugged into a decent aerial put onto a computer (via the old purple-overlay-on-screen-with-a-cable-passthrough trick) was some of the best quality TV images I'd ever seen. I was enjoying full-screen, smoothed-but-sharpened progressive-and-deinterlaced TV at HD res long before HD was a thing.

Hell, teletext was also a dream - it cached EVERY page of teletext on the entire channel, so you literally clicked around it on the three-digit page numbers like hyperlinks.

8
1

Forums

Biting the hand that feeds IT © 1998–2018