* Posts by Lee D

1547 posts • joined 14 Feb 2013

Become a blockchain-secured space farmer with your hard drive

Lee D
Silver badge

Re: And in practice ... ?

Depends on how it operates, but there have been systems like this for ages.

There was a bit of open source that used all the spare blocks in your fs to share with the network and so long as 10% or so nodes with the data required were up, you had access.

I don't think I ever saw it in production, and it hovered around the "not many users, 0.14 version numbers" for a while before it disappeared. But things like DRBD etc. are essentially the same thing.

Encryption with private keys means you might be storing other's data but you have no access to it without their key. No different to Google storing a file on your behalf - they don't get into trouble, so long as they don't have the key

1
0

Ah, the Raspberry Pi 3. So much love. So much power ... So turn it into a Windows thin client

Lee D
Silver badge

Re: During my time as a trainee...

Irony:

Using a Linux-based ARM-processor low-power board.

To access the Windows-based, x86-64-processor, stupendously powerful (if you want to get anything done with multiple users) server.

Now, last time I looked, nComputing had a Linux server too, but even then - thin clients? In this day and age? No real work's being done like that, surely? Except digital signage, etc.?

1
3
Lee D
Silver badge

I use the nComputing n300's - these are their previous product, I have the VGA versions but they made an HDMI version of the same thing later.

They're okay. Small. They log in reliably. Do RDP reliably. You can use them for anything office-y.

But increasingly with video or anything even vaguely taxing, they are just a waste.

When I started at my current school they were trying to run two IT suites from them using two HUGE Dell servers (each of which could barely service 20 clients, so long as you didn't try to run too many Chrome tabs).

My first action was to box them up and replace them with cheap, real machines. Never had one complaint and I hadn't been the first person to tell them it was necessary.

They're fine for what they are - and what we used them for in the end. Once we'd paid for them (there was a final payment of something like £200 pending), and you have the perpetual licence for the nComputing hardware/software (obviously you still have to pay for the RD licenses, but as a school you pay for those by buying one per full time teacher), they make rather nice digital signage machines. Tiny little VESA-mount things that just RDP in automatically and show whatever you tell them to show and can do audio too. I use them with Xibo.

The one trick they missed was a PoE-powered version.

But they are very much 90's technology wrapped in a cute box. A RPi 3 might solve some of the video acceleration issues, but it's not going to do much as they still just do RDP and the server does the bulk of the work. It does mean, however, that they should be as cheap as anything if you want me to touch them because otherwise why would I not just put an £25 RPi 3 in a £5 box and make my own version that isn't reliant on their silly software that does nothing more than let you use RDP anyway?

I was going to do that myself, with first gen RPi's, when I remembered I still had a box of the n300's lying around doing nothing.

5
0

Oh UK. You won't switch mobile providers. And now look at you! £5.8bn you've lost

Lee D
Silver badge

Re: Goodbye Three

Been there.

Done that.

ANYTHING that claims to be customer retention or "you just have to do this first", I will stand and cost you so much custom that it really won't be worth all of the hassle. Whether on the phone, in-store, or wherever.

This is your legal notice that I'm terminating my contract / requesting my PAC code / whatever. No, I don't need to "just" do anything. That WAS your legal notice. I'll then hang up (if on the phone, you've been notified, so I can just cancel the Direct Debit, right?), or stand right here in the doorway yelling loudly every 30 seconds until I get acknowledgement or my request fulfilled.

If you were so desperate for my custom, maybe you should have sorted that out BEFORE I got to the point where I felt the need to terminate my service with you.

4
0
Lee D
Silver badge

I don't WANT to switch providers just for the sake of it.

There are more important things than how much the monthly cost is.

For a start, certain networks I have BLACKLISTED because they gave me such atrocious customer services. Others have limits, packages or problems that I want no part of. So I will gladly pay more to stay exactly where I am at the moment.

Why people should be TOLD to move regularly, I can't fathom. Sure, I can move my broadband to TalkTalk if I want to as well. It'll be cheaper, I guarantee it. But I'd rather stay with what I have, that works, where the company deal with me well and I have no complaints.

If I wasn't happy, I'd move.

What this says is that 1/4 of people are PERFECTLY HAPPY with what they have, even if it costs more than the others.

What organisations like this should be doing is working out why the other 3/4 of people are forever changing. Is it because they must always have the cheapest deal because everything's so expensive? It is because everyone they try is utterly useless and they end up having to move again? Or is because no provider offers what they need (e.g. cheap data roaming) so it's easier to abuse their welcome deals and then move on?

The other thing? I bought my mobile. So I can stick ANY DAMN SIM I like into it, and with PAC's I can move my number across in a couple of days. The fact that I can't be bothered to get a free SIM and do this to go elsewhere tells you exactly what I think of those other places. And you just want me to switch so I can save a few quid? No.

Maybe if you weren't an organisation that PROFITS from my changing constantly, I might listen. Such as, if you were an organisation that cared about improving the customer service and deals available from mobile phone providers.

2
0

Dying for Windows 10 Creators Update? But wait, there's more!

Lee D
Silver badge

Re: Menu changes?

Windows 8.1 with Classic Shell on every machine here.

Not a single complaint.

By no means expert users.

Previous failed "Windows 8 deployment" with the last guy, so was waiting for everyone to scream. Nobody even noticed it was 8. But I did enforce "No Metro" and "Shift+Win to open Metro window" via the domain GPO.

If I'm reading that graph right, they want me to only have each version of Windows in production for a year before I have to move onto the next. Good luck with that. Hell, it can take a year to test, let alone get out into production, and then once it's there I have damn good reasons for not doing major upgrades infested with tons-of-unnecessary-feature-itis just because it has the same version number. Updates, yes. UpGRADES no.

But then, soon, I probably won't even have a choice over that and I'll just be deploying Windows which will reboot when it feels like it and install the new version for that day without any way to stop it or test against it.

0
0

Ditching your call centre for an app? Be careful not to get SAP-slapped

Lee D
Silver badge

Sounds like a perfect way to lose a lot of business to me.

"Oh, by the way, you owe us £54m because someone else might be able to see their data on your system that's of no use to anyone but yourself".

Personally, I'd pay the £54m. Then pay £46m to find my own way of doing things that didn't involve SAP one bit in any way, shape or form.

"Dear IT guy, please remove all SAP software from the system by 31st December 2017 and replace with an equivalent that has licensing terms we can't be stung with no matter how many customers we open it up to."

19
1

UK Snoopers' Charter gagging order drafted for London Internet Exchange directors

Lee D
Silver badge

Don't trust.

Encrypt.

If the parties that WANT to preserve your privacy can't because it would be illegal to do so (as seems to be the case here), then you can't even trust them to do so. You have to assume that EVERY link (even between Google-owned data centres, for instance) is compromised and only speak over it encrypted.

Because, as yet, still no-one has demonstrated that decent, up-to-date encryption is breakable.

Why fight, when it's easier to just encourage everyone to encrypt. Are you telling me that two LINX members couldn't encrypt everything between them as well?

0
0

Installing disks is basically LEGO, right? This admin failed LEGO

Lee D
Silver badge

I work in schools.

Often get called / sent to a struggling school as a favour between my employers and their sister schools.

Went to one tiny independent (i.e. private) school that were having "a lot of IT issues with their contractors", and I was asked to tell them if they were being conned or not.

They had no permanent IT staff, so were paying through the nose for support from a "specialist" firm of contractors for educational IT for absolutely EVERYTHING to do with IT.

In the space of one morning, I found:

- The "wireless network" was one 802.11b WAP sitting out in the open in the IT suite (not even screwed to a wall), which only had WEP on, and was plugged into a network point right next to the computers (no security, no port isolation, no VLAN, get the WEP key and you're online on the school network unhindered - and this was in 2015!)

- The "server" (singular!) was a desktop PC with a RAID card in it, sitting in an office behind someone's desk.

- The "network" was 2 or 3 small unmanaged switches placed in random locations and usually out in the open and not even in a cabinet.

- The "IT Suite" was ten Dells stuck in a room with no settings, security or anything. Just joined to the domain, off you go.

- The "Internet connection" was an old ADSL line that barely kept 1Mbps, but also was swamped with Windows Updates and all kinds of stuff because there was no management of traffic whatsoever.

But the best bit:

The "server" had previously gone offline, because they ran out of space. Obviously, it had held EVERYTHING from finance to pupil work to staff profiles. They paid the consultants for the upgrade. A guy came in. This is how he "upgraded" the storage on that lone server:

- Pull hotswap drive out of RAID5 during the school day, let it degrade.

- Put in larger blank drive.

- Sit and watch it resync for 8 hours.

- Charge a day's labour at extortionate rates.

- Come back next day, do same to next drive.

And then at the end, he would resize the RAID array to fill up the disks and presumably charge to watch that progress bar too.

Except... well, it didn't quite go to plan. Obviously after several days of constant RAID resync, one of the old drives fell over. No hot spare. RAID corrupt. Dead. Gone. And, the guy found out at that point, no backup. Seriously, he hadn't even checked if there was a backup, or made one, before embarking on the RAID upgrade of the ONLY SERVER that held everything. Total data loss.

Cue massive arguments with the school where they:

- Paid for his time.

- Paid for the drives.

- Paid for data recovery on the remaining array drives.

- Accepted blame for "not having a recent backup beforehand" (the school was basically run by two non-IT people, and these contractors were supposed to do EVERYTHING for them, including supply, support and manage backups!).

- Paid for them - by the hour - to restore the only backup they *did* have from a few weeks prior.

I threw a damn fit when I was then brought in to report on the state of their IT, and my report was extremely damning while being nothing more than factually accurate. These guys were screwing over the school royally, overcharging for said privilege and still not accepting liability for any of their screw-ups, or providing anything near an IT service.

I wrote up a report for their bursar, sent it to them, and then they hand-wrung for a few months or so and I basically gave up on them ever doing anything about it. As far as I know, they're still with the same company and people, and paying through the nose for them.

66
0

Virgin Media swallows 215,000 new fibre customers in Blighty

Lee D
Silver badge

Re: Sort out your network contention, Virgin

Sign up with SamKnows broadband monitoring (they give you a free box and collate the results for those national "Whose fastest" surveys).

I bet they'll get around to upgrading you then... :-)

3
0

Apple joins one wireless power group, the other one responds with so-happy forced grin

Lee D
Silver badge

Saw a company online the other day selling magnetic micro-USB/Lightning connectors.

Tiny little things that tou plug into any standard micro-USB / Lightning port, it exposes the pins for magnetic connections, and you buy one charging lead with a similar magnetic end.

Hey presto, your solution, works on any phone / device without official support required, and works just like the old magnetically-attached cables.

1
1
Lee D
Silver badge

Re: "Current" wireless charging is complete crap

Welcome to physics!

Google "Inverse Square Law"

Moving something 1cm away from the wireless charger knocks it badly in terms of power received as it's also supplying (uncaptured) power to a sphere of that radius.

Move it distance n away and the useful power drops proportional to 1 / (n*n).

As such, wireless charging is always going to be silly unless you come up with directed energy (e.g. beaming a laser that contains the power you want, to a sensor that can take that power and pull most of it back to electricity, or similar for radio, sonar, whatever). Your average iPhone charger puts out several Watts. A Class II laser is max 1mW and can blind you. And you need line-of-sight, and let's not forget about the danger and heat generated on ANYTHING in between too, plus the losses going through air and converting it back to something useful without melting your iPhone.

Simple physics tells you that a 50p bit of copper will be doing a better job for a LONG time to come.

2
0
Lee D
Silver badge

Re: Will Apple now adhere to the Qi standard

Shock, horror, overpriced Apple device only works properly with other overpriced Apple device.

Hasn't that been their business model for decades?

0
0

Identity disorder: Does UK govt need Verify more than we do?

Lee D
Silver badge

Re: There was never any offline identification tool...

Government Gateway was pretty much a CA.

Early users of the self-assessment system got a certificate signed by the GG CA key, which they used to log in.

Then they went to just a username/password after much faffing about proving your identity.

Now they're throwing both of those away for... well, nothing yet it appears.

There's no reason that the UK government can't be a CA, that signs a further CA cert for all the individual agencies, that then use that to sign individual certificates much the same as people generate an SSL certificate now (no tech needed, really, just save a file somewhere and keep it private). And you can even have the DVLA cross-sign your cert along with the Passport Office or whoever to ensure that you have only the minimum amount of crossover, that they all have their own disparate systems, and that NONE of them know what your actual private key is (signing a certificate request != knowing the private key of the certificate itself, unlike previous comments on this site believed!).

And if you use industry standards, no reason you can't issue everyone who needs it with cross-signed accountant certificates, smart cards with those same certs, and readers for those who want one. This kind of thing has been available for decades and is used to authorise billions of pounds of business as a matter of course, down to tiny businesses, school pensions, etc.

The solution is there. But nobody can really profit from it.

But Teacher's Pensions, for example, charges you a fortune for a per-user certificate signed by them. And it's REQUIRED if you are a school and want to, say, check the List 99 Barred Lists (compulsory legal check on all staff, why it's done through TP is anyone's guess).

1
0

Global IPv4 address drought: Seriously, we're done now. We're done

Lee D
Silver badge

Re: Really

Because they already have an allocation and can just shufty them around.

But new allocations are dead in the water.

Tagadab (part of ClaraNet) are basically into the charge-per-IP now, whether you buy a dedicated server or a VPS. Other companies are following suit.

But if you're not growing your userbase and you have "enough" IPv4's, you have a little insurance. Meanwhile, everyone else is ALREADY giving out IPv6 for free like it's going out of fashion but charging for each individual IPv4.

1
0
Lee D
Silver badge

Re: So, how do I go about implementing it?

Wait for your ISP to tell you they support IPv6 (almost all British ISP's don't).

Then turn on the IPv6 on your main router/gateway if it supports 6-4 and 4-6 NAT.

Done.

Personally, I have a DrayTek Vigor 2860VN+, which is a serious piece of kit for a home router, and it supports all kinds of stuff - at least five different IPv6 IP discovery / tunnelling protocols, for instance. But no IPv6 support from Virgin Media despite years of promises, so unless I want to tunnel all my traffic through yet-another-third-party, I can't do a thing.

0
0
Lee D
Silver badge

So, when are The Reg publishing their AAAA records?

NEARLY SIX YEARS NOW we've been asking this same question, and you still keep publishing articles about the death of IPv4.

(And NAT will not die. I can convert an ENTIRE network to IPv6 with one address change and IPv6 support from the ISP - I'm only missing the latter EVERYWHERE, but that's besides the point - without touching a single other internal machine. There's no reason to change hundreds of clients and certify compatibility for hundreds of network programs that work just fine on IPv4 and only operate internally - and you can then start on a sensible "build new clients with tested IPv6 support" gradual rollout until full migration if absolutely necessary).

5
0

Battle of the botnets: My zombie horde's bigger than yours

Lee D
Silver badge

Re: Previous Reports

So creating another type of DoS for the customers that are paying for the service, and the potential for making it look like someone should be blocked and thus getting them kicked off the Internet "for larks".

It's not a plan that would work long-term.

The real issue is that computer security is still just a bolt-on, rather than inherent to a design.

Personally, as an ISP, I'd be flagging data for all customers, and providing them with some kind of stat portal/alert system for them to use. My old ISP used to warn if it detected ANY traffic on port 139 (even intercepting web pages to tell you). There's no reason you can't do that and warn with "Your connection is recorded as being seen as part of a botnet", yes, possibly intercepting HTTP until people get the message.

But even voluntary users won't stop DDoS happening. Only computer security.

The further we go down the road, the more a DDoS just looks exactly like a certain service/website became popular, and it's impossible to categorise a particular packet at the ISP end as malicious, without being the target of it all. How do you distinguish a million computers accessing Windows Update from a million hacked computers trying to DDoS Windows Update with the same kind of packets with the same kind of information? You can't.

The fix is to stop programs and devices being "on the network" and "able to do everything" by default. Every home router has the equivalent of "iptables -A OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT" as their only outgoing rule. If you just knocked that down to having to authorise devices, you'd knock a load of stuff off (e.g. IP cameras that can go online but don't need to). Give only basic web access to devices by default, and you cut out a load of NTP etc. attacks and it's as simple as "this device is requesting NTP on the day you installed it, do you want to allow that?" to make it work as expected. And then any LATER change is suspicious and by which time the users will have forgotten what to do about it. Hell, include IP/DNS whitelisting for the necessary items, just like software firewalls do, and you can make sure the CCTV can talk to the mobile transcoding service but not spam people with emails, or Microsoft with pretending to be Windows Update or whatever.

"accept all" is the problem here, and it's been stupid since day one to trust the internal network so implicitly on a consumer-level home network.

3
0

UK prof claims to have first practical blueprint of a quantum computer

Lee D
Silver badge

Re: whoooooosh

This is totally wrong, but you'll get the idea:

Design electronic layout such that it performs the calculation you want.

Set it up so that it "gives" you the answer you're after.

Plug in the answer.

Watch as it instantaneously determines the only possible inputs would generate that answer.

It's not quite how it works, but that's the basic gist. Very different to conventional computing, and a lot harder to design, and especially to make it general purpose.

6
0

Samsung's Chromebook Pro: Overpriced vanilla PC with a stylus. 'Wow'

Lee D
Silver badge

Chromebooks - Check.

But you can't secure MS? What the hell are you doing? GPO and software restrictions and it's game-over for the kids.

What you CAN'T secure is a damn iPad, even with the world's most expensive MDM software. Can't stop them doing all kinds of stuff, even if you think you would be able to or you appear to have options for it.

Chromebooks are a cinch in comparison and the kids hate them because they lock them down so well.

And MS networks - it makes me wonder what you do for a living.

(Hint: School IT Manager for the last 15 years).

7
3
Lee D
Silver badge

Installing Linux on any Chromebook needs you to put it into an "insecure" mode that warns you about that on every boot-up, I think.

That's how it's worked on anything I've had.

They don't have a traditional BIOS that you can add in secure keys, and if it's not signed by Google, it warns on bootup and you have to press a key to boot.

4
0

Scottish court issues damages to couple over distress caused by neighbour's use of CCTV

Lee D
Silver badge

Re: 5 days

Almost any legitimate purpose is allowed.

"To see if the cat comes in the back gate"

"To see if the deliveries arrived on time"

"To see if anyone uses that street, and whether we can get rid of it".

The DPA just covers data - you in a place at a time is personal data.

And though many places hide behind "crime detection", that wouldn't work in, say, an enclosed room that is inside a secure complex where nobody can get anyway.

Birdhouses have cameras in nowadays.

Wildlife cameras strapped to trees.

All kinds of reasons, that are nothing to do with crime detection (which there are NO special exceptions in the DPA or related legislation for, unless you are quite literally the police).

They weren't stating that it was to prevent crime. They stated it was to monitor parking or similar. That's not a crime. It's a completely valid use of the system. But it does not require audio or recording into private gardens. The latter is what was thrown out, not the former.

If you don't know this, and you have cameras under your control (personal or professional), I suggest you go read the relevant advice and legislation.

1
0
Lee D
Silver badge

Re: 5 days

Depends on the PURPOSE.

If the purpose was stated to be "so we can see who it was that parked and blocked our car in", then you only need a day or so.

If the purpose was stated to be "to roll back and monitor for crimes that may have occurred recently in a very crime-ridden area" (e.g. shops), 30 days isn't unreasonable.

If the purpose was "so we could see if they were in the house", 0 days is too much.

So long as you state the purpose and justify the need for that data retention it's okay. It's when you're recording "for the sake of it" that you can fall foul.

And I bet personal use is treated as much more reasonable than commercial use.

There was, however, ZERO NEED to record audio whatsoever, which I see as probably the critical bit.

I have cameras all over my house. Only the front porch (actually INSIDE the porch) records audio. So that when someone comes to the door and tries to give me the "I'm from your electricity supplier" nonsense that I once had (and complained for attempting to enter my premises / modify my equipment under false pretences), I can nail them to the wall in court.

I wouldn't want the back garden camera (which only sees my back garden) to record audio. Despite the fact that I'm friendly with the neighbours and put the cameras up for their benefit (they've both been broken into and neither had any kind of security, so I put up extra cameras to monitor the shared areas which were the entry point, after checking that was okay with them), I wouldn't dream of recording the audio of that. Hell, if they want to discuss me in their private garden, that's up to them and they shouldn't be in fear of me doing so.

And the best way to ensure I don't do that is to buy cameras with ZERO audio capability, except the one that needs it.

15
2

Web-standards-allergic Apple unveils WebGPU, a web graphics standard

Lee D
Silver badge

Re: Goodbye to annoying capcha systems?

A CAPTCHA's purpose is to not be able to be passed by an automated test.

So, no. Even if they beat today's, they won't beat tomorrow's.

If they're an inconvenience for you, tell the people who own the website / service that uses them. I guarantee they'll do nothing.

And just throwing power at a neural net does not make it any better at recognising images or any other tasks. That's why those kinds of tests are used in CAPTCHAs.

And we've had accelerated graphics - and by extension OpenCL etc. - for decades. It hasn't defeated CAPTCHAs, and neither will a proprietary Apple-only standard which does the same thing.

5
1

Microsoft foists fake file system for fat Git repos

Lee D
Silver badge

Re: It's almost as if....

To put this simply,

I imagine "git clone" is incredibly fast.

And then the first time you compile that code-base, it has to download everything that the git-clone skipped doing for the sake of speed, anyway.

It's a shortcut, a different way of working, that doesn't pay dividends in most things.

To be honest, you really SHOULD NOT be git cloning huge monolithic projects. If they really have hundreds of gigs of code, they should be breaking that down.

And then how many projects is one coder really working on at any one time? They are likely to suck down only a handful of active, smaller, git repositories to work on. Not one huge damn thing.

The Linux kernel is tiny in comparison. But it doesn't contain thousands of tools that MS might be construing as "part of" Windows.

And when it gets unwieldy, you're going to want to break the codebase down - knocking drivers out of the kernel repo and into their own, for example, so that you're NOT downloading everything every time you want to change one file, patch it, and submit the results.

If MS really have one or even a handful of megalithic repos for something like Windows and Office, they are doing it wrong. And even then, many huge projects use only one repo and don't see the kinds of hits they're talking about here. And even if they were, there are better ways to fix them than what is no more than a UI trick - let's let the clone operation succeed quickly, but after that we still have to do the proper clone in the background as soon as any use is made of it, and that would take longer anyway and require extra software and incompatible servers and etc.etc.

It makes me question Microsoft's coding practices, not Linux's or other projects that use git.

1
0

David Hockney creates new Sun masthead. Now for The Reg...

Lee D
Silver badge

Again demonstrating the distinction between "art" (interpretation, etc.) and craftsmanship (actual skill required to emulate or reproduce).

The great masters were are craftsman and artists. The modern bunch could be redrawn by a five year old. There are craftsman on YouTube who can draw a photorealistic portrait with nothing but coloured pencils, but they get nothing and this idiot splats out some MS Paint monstrosity and gets paid more than most people earn in a lifetime for one work of his "art".

Sorry, mate, but you're a con artist whose stuff is bought because other prats want to be different. And I've met far too many of your type who think they're doing some kind of service to the world.

If I had a time machine, I'd gather all the great names together and watch them bludgeon almost every "artist" since Picasso onwards with an elaborately carved marble statue of a giant phallus.

5
2

Guess who's suffering an email outage. Go on, it's as easy as 123-Reg

Lee D
Silver badge

Re: Why would you use email from 123/GoDaddy/HostPapa etc. anyway?

Don't even need a fancy Google / business setup.

Surely every domain provider has email forwarding to the address of your choice, no?

Just get ANYTHING and point your domain to send all email to that.

ISP goes off, GMail goes down? Just change the forwarding to your personal account or whatever.

I own about 20 domains and all emails to them all come into two inboxes - a webmail provider and a personal IMAP server. And I can be sales@mydomain.com or technical@mydomain.com and nobody knows where it actually ends up. Hell, I can even reply from the official SMTP server for that domain host and get it so that it comes FROM those addresses to.

@provider.com addresses are cheap and amateur, yes, especially if your website is www.company.com and your email fred@freeemailprovider.com. But fixing that is a two-second job from your domain hosts control panel and basically costs nothing.

1
1
Lee D
Silver badge

The important word is profit.

The first big number is probably INCOME.

The second, profit after tax.

Very different numbers.

3
2
Lee D
Silver badge

If 123-Reg don't have AT LEAST two providers for network connectivity, they aren't fulfilling their obligations - even basic DNS nameservers need two IPs from two ranges/providers, and that's a MINIMUM.

For internal services, etc. I'd expect even more for such a company.

And if one was down one day and another today, that's entirely irrelevant as they should always have one working, even with the BARE MINIMUM. And I don't see thousands of calls from all the other businesses nearby, so they are obviously doing something to cope, more than 123-Reg are.

To be honest, at their scale, there's really no excuse.

2
0

Please come back! TalkTalk woos customers with broadband offers

Lee D
Silver badge

I have a VM connection, but I also have a router which allows all kinds of load-balancing, including VDSL/ADSL, 4G, etc. along with the Ethernet I use for the VM connection.

I've seriously considered, several times, reactivating a phone line that sits next to the router, which hasn't been activated in all the time I've lived in this particular house but is "live" (a little recorded voice talks to you if you plug a phone in).

But the line rental for what would be a failover/load balance line just isn't worth it still. Let alone the broadband costs. Even with TalkTalk, and a special offer, I can't justify that amount of money on what will be a line with 1/5th the capacity of the VM cable, or half what I get on 4G (which the router also have a slot for). It will make no visible difference to my overall speed or reliability, and likely will actually cause more problems than it's worth if it gets misconfigured by BT as I've seen other lines do - where it says traffic is passing but nothing actually does, so the load balancer doesn't know that it's gone bad and keeps using it.

Thank god for VM, because I'm actually spoiled with their connection now and in the rare instances it does go off (usually little herberts pulling open the cabinet down the road), it's back on quickly and 4G would more than suffice.

It's a sad state of affairs when I can't even be bothered to activate ADSL/VDSL as even a backup line, it's so slow.

I've done the same in workplaces, twice. I just convinced them to install a leased line rather than even try to run a business on ADSL/VDSL. In one of those instances, we dug a 500m trench for the fibre ourselves...

2
0

Police pull up van man engaged in dual carriageway sex act

Lee D
Silver badge

Re: Distracted and not in proper control?

What makes you think lighting a cigarette is permitted by law?

Hint: It's not. But you might "get away" with it.

Nor are even "hands-free" phones any more.

Anything you're doing while driving, that isn't necessary for driving, can be construed as driving without due care. Adjusting the radio is the classic one. Only one hand on the wheel (except as necessary to change gear). Putting on sunglasses.

The only thing is that discretion normally applies and they often overlook it.

2
0

Microsoft's Cloud UI brings Windows full circle

Lee D
Silver badge

Don't get me started on road design.

Traffic lights on roundabouts? I don't care WHAT mathematical model you've run (and I'm a mathematician), it's a load of junk if it thinks that putting traffic lights into a traffic flow does anything positive for traffic flow.

You can argue them for safety for pedestrian crossings.

But traffic lights are just a way of stopping 50% of the traffic dead still. If that's necessary for traffic to flow, you've designed your roads wrong. And if they are necessary on a three-lane roundabout, you have SERIOUS design problems that need fixing.

It's like having an Internet connection that, when your ISP is busy, they turn off 50% of their customer's packets for 60 seconds.

6
0
Lee D
Silver badge

When designing a UI, it should be compulsory to: Get an evil IT guy to draw up a humongous list of tasks that need to be done (find all files created on a certain date, copy all the pictures from the last picture session but not those before that, delete every file beginning with A, run X programs and switch between them) and then - when your UI designer submits a design, make him sit through two months of 9-5 work doing those tasks.

And every time the UI designer admits that something is wrong, he has to go back, redesign, and do another two months. And every time that the UI designer is not significantly faster or at least on a par with said evil IT guy doing it ANY OTHER WAY THEY WANT, it's back to the drawing board again. And next to the UI designer, there's a little old granny. And she has a set target of doing the same tasks but at some portion of the speed a pro can do it in. Every time the experiment resets, the granny is replaced with a new one. And the UI designer has to sit in the room and answer all their questions, help whenever they ask, repeat how it all works all over again, and generally tolerate them trying to do the same things that everyone else has to do.

And this shall be re-done every time a new device type, input method, display technology or whatever else is required occurs. Touch. Multi-touch. Gestures. Desktop. Portable. Large-screen. HD. 4K. Whatever. Start all over again.

The UI designers would quit if they had to talk an old lady through a mail merge from the point of turning on a new computer for the first time. It'd take them hours just to get to a desktop past all the tutorial shite, let alone into office, into the right menus (that fold up when you're not looking) and through the "wizard" which appears on the right and is apparently invisible if you're over 50.

Eat your own dog-food.

25
0

Happy Friday: Busted Barracuda update borks corporate firewalls

Lee D
Silver badge

Re: Why even use hardware firewalls in the first place?

The setup I use is thus:

- Leased lines through to vendor routers, modems, etc. (which we usually can't remove or change).

- Ethernet cable from each to managed switches.

- Managed switches force all the external connections onto specific VLAN's (ignoring any existing incoming tags, obviously)

- The only other device on such VLAN's is a virtual machine running Smoothwall (or, in a pinch, any VM capable of network routing), where each VLAN is presented as a different network interface.

- That VM also has the "normal" network VLANs which it routes as appropriate.

If something like this goes wrong, you roll the VM back to a previous snapshot.

If you can't rollback, you restore the VM from backup.

If you're in a deep mess, you boot up anything like an Ubuntu disk in a VM and just NAT the right VLAN interfaces.

If you're suddenly pushed off-site for whatever reason, you just add a VLAN to the same VM or change one to reflect whatever external connection you can get.

If you're really in a pinch, put the VM back onto physical hardware and plug in one network card and cable per interface.

Unlike all the hardware firewalls I've had, this allows as much expansion as you like, serious amounts of processing (for VPN, web inspection, SSL decryption, reverse proxy, etc.), bandwidth, failover, logging, RAM and interfaces. And it's all contained in one place, configured in one place, logged in one place, and that one place fails over. A central pinch-point for management, filtering, QoS modification and control without reliance on any one set of hardware.

And because the VLANs can be tapped into network-wide, if some line goes down, or there's a network split for whatever reason, it all stays up in the working remainder.

Despite a load of lines coming in all over the site, and bunches of VLANs all doing different things (e.g. a telephony VLAN also running SIP over the net, etc.), it's easy to understand and manage.

And engineers who come visit can just unplug their Ethernet cable and test what they need to on their equipment direct without messing anything up (and if they plug it back into the wrong place, the switch configurations will stop it opening up the connection to the whole network).

But a firewall having to be hardware is quite an archaic concept. And you can quickly outgrow anything your budget runs to, especially if you're offering outside services, VPN etc.

But then, I was deeply involved in the Freesco project from many years ago - which was a single bootable Linux floppy that did everything a "Cisco router" could do for you, so I haven't relied on a hardware firewall / router, even back in the dial-up modem days.

3
0

Machine-learning boffins 'summon demons' in AI to find exploitable bugs

Lee D
Silver badge

Re: Over the years people have done AI projects in software development.

"For clarification, specify what you mean by "learn" and perhaps give a specific example."

No problem.

Is your child learning by being told to memorise all the exam answers? They will certainly pass tests, but are they "learning"? Will they be able to apply that knowledge, acquire or infer related facts, or step outside the boundaries of their rote-taught curriculum? Most people will argue "No". That's not "learning". It's memorisation. Computers are perfect at memorising. Feeding in a billion games and telling it "this is a good position", "this is a bad position" and making it memorise those is not learning.

Even simple transforms are not learning - just switching the order of the answers on a multiple-choice exam, so that the child has to memorise the ANSWER, not just the letter assigned to it. The computer equivalent? The same position seen as a rotation, reflection, translation, change of colour, etc. or even seeing a miniature part of it reproduced on a larger board. Is it "learning" to memorise all the positions and then use similarity tests to assign a value? Most people would argue "No."

I'm using the inferred and standard human definition of learning that most people will not argue with, and which are reflected in the dictionaries:

"become aware of (something) by information or from observation."

and "gain or acquire knowledge of or skill in (something) by *study*, *experience*, or being taught."

To "become aware" that you're about to lose a chess game, that you've NEVER seen before, never played that position before, have no perfectly memorised table of losing positions for, but which you can *infer* you will lose without that specific a knowledge? That's learning.

Current "AI" does not learn. It adds to a massive database of experience, yes. That database is associated with a key of "desirability", yes. But outside of that, the computer is unable to infer. Feeding it a billion games from masters might give it enough database to win. But humans quite clearly do not require that to learn the game.

"AI" is also almost entirely heuristical. Humans have told it "this will be a winning position", "this will not", "this is X times more desirable an outcome". Whether by rules implicit in the system, input into the data, or programming which contains such assignment. Though you can feed in a massive games database and it can automatically form an association between "moving into the top-left corner" and "winning 0.184% of matches", that is singularly useless from an "AI player" point of view.

AlphaGo starts down the routes of finding patterns. This is the data, this is the winning items, this pattern that I've formed from those winning games can be described as a board position looking like X, and in other games that I've never seen before, games including board position X result in a win 12.749% of the time. It's pattern-forming, and pattern-matching. But the patterns it can possibly find are described by humans again, whether coded or parameterised.

At no point are such machines as DeepBlue or AlphaGo inferring or hypothesising or doing anything unexpected. They don't have an understanding of the position and the ability to form similar patterns that may improve that association. It has to be coded specifically. AlphaGo is leaps and bounds ahead in this, beating predictions for gaming models of Go by decades. But it's still not inferring as you would need to "learn".

Left to it's own devices, it wouldn't be able to formulate a strategy. It can only take a HUGE database of games and form correlations between their properties.

I like to think of it as the Fosbury Flop principle. Take this as an analogy, not a strict example! Put into a high-jump contest, even the best of today's AI wouldn't have the insight to suddenly invent a different way of working that was still within the rules but not present in the database of all existing high-jumps before it. Similarly, there's a record in the cricketing world where there was a period of time during which there was no rule specifying a maximum width of a cricket bat - until one guy played with a bat wider than the stumps.

"AI" isn't capable of that "within the rules, but outside of their own experience" thinking, true learning. They cannot infer. They cannot build a pattern outside of certain set criteria. And they are still, at the end of the day, expert systems and statistical analysers on large databases.

0
1
Lee D
Silver badge

Re: Source code not required

ML is vulnerable to fuzz-testing as much as human-written code. That's not surprising.

In fact, some of the best ways to find bugs are by not trying to read the code (which includes certain assumptions that may not be true in reality, e.g. Rowhammer, compiler constraints, etc.) but by just throwing random but vaguely-valid code at everything you possibly can and seeing if there are any unintentional side-effects.

2
0
Lee D
Silver badge

Re: Over the years people have done AI projects in software development.

Do you mean you don't understand why they don't do that?

Because the results are generally slow and meaningless. There's no "AI" as you might think it. That just doesn't exist.

Take genetic algorithms as an example - literally you pitch a load of algorithms against each other, see one which is closest to what you want, and then "breed" from it to put similar code into another generation of algorithms, that you pitch against each other and so on.

Thousands of generations later, you get something that can do something really quite basic with a very base level of repeatability. It gets *better* with each generation (not entirely true, sometimes it quite clearly goes backwards!) generally speaking, but it never gets to a point where it's in any way infallible or quicker than humanly steering it (heuristics), or reliable.

The big thing in GA is the selection criteria - how do you know who did best, how many of those do you breed from, what kind of breeding crossover size do you allow, etc. If you apply a GA to that, it gets even worse. It's basically a blind, random search. Sure, given a few million years of execution, it might end up somewhere but all you've done is add complexity and increased the time it takes to do anything by an order of magnitude.

Though GA != AI, all the machine learning things you see have the same problem. You know what the criteria for success are, you know what leads there, you can measure all kinds of things (in fact, the more you can measure, the worse it gets!), but applying them to themselves you end up in a "blind-leading-the-blind" situation that just makes everything even worse. And in the end, just tweaking the criteria for success itself achieves the same result quicker (i.e. the criteria for success of the "master" GA gets folded into the criteria for success of each "underling" GA anyway). Except "quicker" is by no means bounded or guaranteed in human terms.

The problem is that people THINK we have AI. We don't. They think we have machines that can learn. They don't. They think that getting the basic of "learning" machines and scaling it up will just work. It doesn't. They think that once something starts to "learn", we can train it into a HAL-9000 by just throwing more resources at it periodically. We can't.

Like compressing a compressed file, setting one to teach another isn't going to achieve anything any quicker than you could achieve by just focusing and "nurturing" the target anyway. It's like being an educated person, training an uneducated nanny to then educate your child. You could do a better job by just doing it directly.

But the biggest problem - machines STILL DO NOT LEARN. Even in the most impressive of demos and achievements (Google's AlphaGo is unbelievably amazing - I know, I studied Maths and Computer Science under a professor who studied machine-algorithms for winning Go for his entire life... you have no idea of the leaps AlphaGo has made. But it's STILL DOES NOT LEARN).

4
1
Lee D
Silver badge

The biggest problem with any kind of ML or AI. Unverifiability.

The reason we used machines in the first place was to give us answers we were certain were correct, not subject to human error or interpretation or carelessness or exhaustion. Elimination of errors past the problem-input phase mean that we can use computers for mathematical proofs, even, which is the highest rigour of application.

But ML or AI (which STILL DOESN'T EXIST) - we have absolutely no idea how it arrived at the answer, if the answer is correct (without verifying it against some other more rigorous system), or whether the answer will still be correct once we plug in different starting conditions or change the problem slightly. We are literally clueless.

So when it comes to security, and saying what happens when people deliberately put in invalid, out-of-bounds, taxing inputs into the same systems, and expecting to be able to predict or bound the results, we stand absolutely no chance.

Things like ML have a place, but that place is in providing an answer that you can accept is sometimes incorrect. It's almost a form of analogue computing or fuzzy logic. Their place isn't in anything you care about, anything important, anything where inputs are untested and unbounded, or anything that you can't allow to go wrong or which you might need to "tweak" later to account for such.

Great for the Kinect guessing whether you've made your dance move right or not. But now consider how to view Tesla's Autopilot and similar systems.

Training anything - dog, cat, AI - on input alone and then "certifying" them for a particular job after a lot of input is ridiculous. Because when they hit unexpected input (which, by definition, is anything you haven't trained them on), their actions are unpredictable. It's why a vast chunk of most modern programs is nothing more than checking inputs, handling exceptions and overflows, and bailing out if things aren't as you expected.

When you start looking at security, that chunk gets bigger and bigger and bigger and even the humans make mistakes because they DIDN'T SEE an attack vector when the program was written. AI isn't going to change that, it's just going to make it worse by being unpatchable (because we don't understand what it's actually doing, and certainly can't change JUST that bit of their behaviour) and unpredictable even if it appears to pass all the tests.

There is literally nothing to stop a ML or AI agent from suddenly throwing out a completely random answer purely because the input wasn't in its training, or wasn't in the same kind of pattern as in its training.

13
3

Penguins force-fed root: Cruel security flaw found in systemd v228

Lee D
Silver badge

Re: systemd v228

less shows you a bit of a file, and has been around since the 80's

SystemD runs your computer including almost all the security, devices and kernel interaction, and has been around 6 years.

There's a bit of a difference.

For a start, 'less' has twice as many versions but has been around nearly 5 times as long. It also does SIGNIFICANTLY less (sorry!) than systemd, as in it does basically nothing critical beyond an open() call on a file, and has no security implications inherent in it.

But systemd would have seen MORE updates than less if it had been around as long, but not significantly more which - given that it does almost everything nowadays - is quite damning. I'd expect it to be in the tens of thousands of revisions, with a handful (6?) major versions only. Not 200-odd randomly chosen updates.

And less can be updated in a trice without affecting anything. Systemd, you certainly shouldn't be just throwing out a version every few days and upgrading every machine to it.

1
0
Lee D
Silver badge

Re: Surprise

No.

Why the hell is a "touch" command creating a file with any permissions other than that of the user in question, whatsoever, and why the F***ING hell is it creating setuid bits with explicitly being asked to? That's just insane! Literally insane.

It's like a ping command that turns off your firewall when you run it on localhost. So incredibly stupid, it just shouldn't happen.

Systemd is a good "principle" (i.e. let's get rid of old shell scripts and make things predictable and reliable), coupled with a bad design (one massive executable that runs as the init user), tied with god-damn atrocious execution (like this, and a handful of other doozies that it's incorporated).

And, most importantly, isn't even brave enough to say "Whoops, we really messed up back in January! Patch immediately".

15
0

Nuclear power station sensors are literally shouting their readings at each other

Lee D
Silver badge

Re: Encrypted Morse code transmitted via sound

Right up until the point that the radiation sirens all go off and drown out any data readings trying to be transmitted at the most critical point.

Seriously, this is using ZX Spectrum / Commodore 64 tape-loading routines on modern devices. Anyone who remembers those days will question the reliability, data transfer speed and interference of such things.

Doing it "out in the open" is like trying to load your Speccy game from a radio station or broadcast over a speaker system with lots of other Speccy's all trying to save/load nearby all broadcasting in plain audio too.

Yeah, it might work. But it's not new, innovative, sensible or in any way better than basic wireless communication over even an unregulated channel. And anything in an audio range is going to be blasted out by any loud sound. Like a blast.

8
11

Chevy Bolt electric car came alive, reversed into my workbench, says stunned bloke

Lee D
Silver badge

No parking brake on?

Your own stupid fault, pay your insurance claim fee and lose your no claims discount.

Why the hell do you think parking brakes exist? There's a clue in the title.

If nothing else, if some prat does hit your car, on that perfectly level road that "doesn't need a parking brake", in gear it stands a 50/50 chance of continuing to roll in the direction of the collision and doing more damage to other vehicles / pedestrians and good luck explaining to those unlucky owners why you shouldn't have to pay part of their damages.

And don't give me rubbish about corroding or frozen cables. Cars the world over have parking brakes. They will corrode or freeze no more than any other component. If you're worried about it, check them occasionally by maintaining your car properly.

15
7

All the cool kids are doing it – BT hikes broadband and TV bills

Lee D
Silver badge

Re: Where are Offcom?

"So what are the alternatives for a household like mine who use the internet and the TV? Could go to Sky, but I'm lining Murdoch's pockets then and I have no intention of doing that. Could go to Virgin Media, but I've never known them to provide a good standard of service. The alternative is to ditch the TV - which is glorified Freeview - but the partner likes watching Friends on Comedy Central."

Sky provision over BT lines, how long before they raise prices?

Virgin are excellent in some areas (I've never had a problem with them), but the problem is they are raising prices too.

Friends? Buy a DVD boxset.

I've done without TV for many years in the past. I only watch it now because it's "free" as part of my VM package.

I've not used my landline (also VM) in years. Again, came for free with the Internet connection which is the only bit I actually want.

The Internet lets me put phones on there if I ever really need them (I actually have a router with an analogue phone port capable of SIPing any phone calls it makes). I don't. Mobiles, Skype, WhatsApp.

The problem is that they are upping basic broadband prices. That's unavoidable.

To be honest, however, I can't see why I'd be bothered with anything more than their basic speed packages. Hell, I probably use more data on my phone than I do on my home connection, and I've streamed entire series on both.

I don't get why TV / analogue phones still exist, and I don't get why - if you have Internet that does them all - they come bundled with it. Gimme a cheaper, IP-only connection and lose the extra cost of infrastructure.

To be honest, nowadays, I don't get why I'd even need one of these stupendously-fast connections. Download and watch offline is an option on just about everything (I have Amazon Prime, Google Play Movies, BBC iPlayer, etc.), and with proper QoS you could happily carry on and web-browse while it's downloading.

It's literally only peak-bandwidth that matters, and that's for convenience for your users (family) rather than for actual need.

If it's too much, ditch the phone, the TV and lots of other things and downgrade the connection to some basic number.

3
3

IT team sent dirt file to Police as they all bailed from abusive workplace

Lee D
Silver badge

Mike is a prat.

He suffered years of abuse when he should have just left.

He also thought that destroying client-base is an acceptable and professional solution to the problem.

Alongside that, the reason the police did not act is "fruit of the poisoned tree", making all those offences unprosecutable forever. He knew, tolerated, and accepted the practice right up until it actually was something he wanted to reveal to exact revenge.

Sending stuff to religious clients? What are you, some kind of child? Submitting that thing to people who didn't ask for it is an offence in itself, and you're lucky you're not before a court for that.

I've done any amount of "Oh, by the way, I'm leaving" self-satisfying exits, if you're going to do it, do it in style not like this. I've reported employers to authorities, and actually got them into big trouble by RECORDING, REPORTING and being REASONABLE and still winning. I'm by no means a pushover, but petty revenge as described here feels good for about 10 seconds until everyone involved writes you off as an idiot who's wasted the opportunity to cause any real damage.

Hey, Mike, have you told your current employer that you aired your previous employer's dirty laundry to all their clients because you were pissed at them? If not, why not?

11
52

Windows 10 networking bug derails Microsoft's own IPv6 rollout

Lee D
Silver badge

Re: "but Android doesn't support that"

IPv6 has been "supported" for a long time before Microsoft bothered to do this kind of test.

5
2

Microsoft posts death notices for Windows 7 sysadmin certifications

Lee D
Silver badge

Re: Perspective.

I have had a career in IT for 17 years and don't have a single certification.

It's been offered. It's been offered for free. I've even had a couple (not many) employers / clients ask if I have them. Not one has cared that I don't. Many have actually liked that I don't, which I find really odd in the grand scheme of things. I've even refused, especially when their idea of a cert is basically nothing more than what I do every single working day of my life. It's almost insulting, and certainly a complete waste of their money.

What I've got is a degree in Maths with a small Computer Science element. And word-of-mouth that I can do just about anything, and will tell you if I can't, or if I would need to research it first. And 17 years of people you can ring up and ask about that. And the ability to learn REALLY fast, and not just by copying some online tutorial by rote but actual independent thought about the design, the interactions and unintended consequences and how the system should operate.

What I've discovered is that there are actually employers out there who have hired all the guys with certifications, big fancy titles like "consultant" (which is a word I avoided even when I was "consulted" by clients), and all the spiel and then found out that such people know how to fix certain things, usually selling their stuff at the same time, and then disappear off the face of the earth or make other things worse when they reach their boundaries.

I've actually specialised as a "fixer" for much of my career - where all those guys with certifications coming out of their backside messed up big-time, or stagnated once they hit the limit of their knowledge, and they want someone to come in and clean it up, put it back on track, say what they should be doing (my current place, they had NO virtualisation as the guy didn't even know what it was, no serious network management, no separation of tasks between servers, no storage management, no failover, etc.), get it ticking over nicely and not have to worry about the IT at all.

I've had everything from failed Linux system installs (trying to run their old things via Wine and Cygwin and pretend to be a Windows-like environment and never getting there), IT managers who don't take backups and also ignore RAID drive failures for months at a time, "servers" that are desktop PC's with no RAID, no UPS, no ECC RAM, and run EVERYTHING on the one machine (including Exchange and being a DC simultaneously - I didn't even know that was possible as it's a completely disallowed configuration), and trying to run hundreds of computers and IP phones over unmanaged switches with no VLAN or QoS. I even had one guy tell me "you can't have two DHCP servers!" and "You can't wire the network in a loop, it'll all come crashing down!". Er... Windows Server has supported DHCP failover for a decade, and have you never heard of STP? (By the way, wiring the network in the loop like that meant we could tolerate any cable being cut without affecting network operation, so there was more than a slight advantage to doing so, and it's worked for 3 years without a hiccup whereas before the network often partitioned itself into two halves - one working, one not working - whenever power blipped anywhere on site).

It's not that I was a know-all. It's not that at all, sometimes I walked into a place and was presented with something with which I had zero experience at all. But I had an instinct of what things SHOULD operate like, the ability to research the proper way to do them, and the capability to gets things from where they are to that ideal configuration.

The guys with certs, I'm usually incredibly disappointed with. There's a handful of people I've met in industry who have them and who feel the same about them, and they tend to be the better ones that understand where I come from. To them, the certs are a necessary evil and a waste of time, but the ones who show off their certs tend to not have much else to back them up.

I hired a technician on an apprenticeship scheme where they trained them for MS certs at the same time. Literally, the guy says the certs were a complete waste of time. He was in their classes where they were slowly introducing Server 2008 and "the one true way" (that they knew) of setting things up, and was able to pick up flaws, diagnose their problems, and spent most of their time logged into our system trialling Server 2016 for us doing things they never even tried to cover. They were literally just "follow a tutorial" merchants and had no concepts of simple networking concepts outside the scope of the questions (and, yes, they made them put ALL their services on one test machine and never bothered to explain why you might want to do it differently, and the test machine wasn't even a VM or hypervisor but a single physical machine). Hell, he tells me that their labs weren't even properly licensed and they just used to re-image the client machines every 30 days or so when the warnings started coming up. And their re-imaging wasn't even using anything like WDS or SCCM, but disk-cloning. Those were the people TEACHING, ASSESSING and AWARDING the industry-name certificates to others.

I regard certs as something you do when you are in a job, when they require you to be "professionally developing", so you get signed up to a certification which they are paying for. Much like a builder has to take a ladder course, or a chef a food safety course. Do the thing, tick the boxes, carry on with your job that you'd have even if you didn't have that certificate. People who independently pay for certs? I view them with suspicion. How have you managed to have the time and money to get a cert but not be working in IT for an employer who would send you on it? Why would you choose to do the lower certs when you've supposedly been a network manager for X years but never taken the harder ones? And any certs which even MENTIONS "what menu / command do you use to do X" I disregard (which is the vast majority of them). Those things flux with every update,and it's much more important to know WHAT you're looking for than memorise the exact path.

From talking to other IT Managers, it's a pretty common opinion. I have literally sat on interview panels and pointed out the candidates with certs but no experience (or no good reference) without even having to look down at the CV. Just a simple practical test (like a deliberately-misconfigured laptop or similar) highlights polar-opposite reasoning skills between those with certs and those able to actually get it working again. It's not that professionals don't have certs. It's that professionals don't need the certs, don't advertise or care about the certs, and they are secondary to their actual skills.

I had one guy, trying to interview candidates, who asked them "What command/menu would you use to find out the DNS servers in use on a Windows client?". He didn't accept the answer "ipconfig /all", denying it ever showed you the DNS servers, EVEN WHEN I demonstrated that, actually, it does. It wasn't a command HE used, (so you could say that it maybe wasn't the EASIEST way, but not that it was untrue) but it was quite clearly a command that worked and, in fact, showed more information than he needed too. He had certs. The candidates who had certs presented answers he liked. Nobody cared about the truth of any different answer.

And I've been in at least two job interviews myself where the words "Do you have any certifications?", "Oh no, just X years experience and lots of bosses who will tell you I can pick up anything, and learn fast", "Oh, thank God. The last few guys we've hired who have them up to the hilt have been awful and so stuck in their ways". I'm not even exaggerating.

I've yet to work in a place where the CPD for myself has been anything other than "What the hell could we send you on that would be useful to us both?"

I have no certs. It's not a hindrance. In fact, it's like a self-fulfilling prophecy. Your company only hires people who have certs because you don't know how to hire IT guys or assess their skills, and don't care about experience, recommendations and abilities beyond a recent bit of paper from Microsoft or Cisco? Yeah, I don't want to work for you anyway.

19
1

College fires IT admin, loses access to Google email, successfully sues IT admin for $250,000

Lee D
Silver badge

Re: Google-generated storm in teacup

Google Apps (now GSuite) is free for educational users.

That said, it's relatively easy to speak to someone there, re-confirm the domain ownership, and regain control.

A saved password wouldn't have worked for them anyway, most likely. 2FA on everything is quite sensible and such things expire quickly for something as powerful as Google Apps.

I bet one phone call to Google by a tech that knew what DNS was would have resolved the situation immediately.

14
0

Credential-stuffers enjoy up to 2% attack success rate – report

Lee D
Silver badge

Re: Aha - for once somebody correctly stating that it's the user-name/password combination reuse...

Depends.

My emails are all @mydomain.co.uk

And if you try to fake an initial username or guess one, you better know my rules for calculating the number that goes at the end of the username or it will fail verification and be blocked as spam.

In and of itself, the email address is not a problem. It's just a username after all. And we assume that people use usernames that you can work out. This is why your fingerprint is also only a username, too.

But any authentication is based on something only you have (a username, an email link, a security token, a fingerprint, etc.) to say who you are trying to be, and something only you know which can be changed at will only by you (a password) to prove you are actually them. Pretending that there's any security in just the first is a nonsense.

The problem is - as always - password re-use alone. And that can be solved by standard, already existing security procedures.

Telling people they have to have a unique username just puts you back in the "What the hell was my unique login for this service because it wouldn't let me have any of my usual ones" trap where to find it out you have to reset the password which, generally, needs your email address.

All that really matters is that you have entropy (a good password), not where it is spread across (combination of username and password). But most people still use stupid passwords (8-character, entire-ASCII-set password is HALF AS STRONG as a 10-character alphabetical password).

Every extra character in your password multiplies its strength by the size of the alphabet (e.g. 26 / 52 / 255).

Every extra symbol in your alphabet increases its strength by 1 DIVIDED BY the size of the alphabet.

Long, "easy" passwords are much better than anything we enforce as an industry standard.

And if you're suggesting unique passwords for every service, you want something people stand a chance of remembering, or securing a list with one INCREDIBLY strong password.

And password re-use is not an issue if the services that you reuse passwords on have no more access than the other services that use that same password. My Register password won't let you log in to my bank, and my Amazon password won't let you into my servers. But the Reg password might well, for example, allow you to post on other forums that also have no personal information of mine on them. Big whoop.

Strong passwords. Multiple levels (rubbish to this "everything unique" stupidity, it shows a complete misunderstanding of the human machine, and what you're trying to achieve).

Pretty much, nothing else matters.

1
1

London Ambulance IT system hit by three outages in last year

Lee D
Silver badge

Re: Pen and paper?

Data protection of medical details, reports of abuse, etc. are much stricter than anything that would allow that.

Hell, my school nurses have always complained that I (as database manager) have access to the pupil medical database. The data controller always okays it because it's "necessary for my job", but they hate anyone see medical information, even in passing.

1
0

BT installs phone 'spam filter', says it'll strain out mass cold-callers

Lee D
Silver badge

Same.

I plugged a phone into a socket once, to see what it was doing. I get a BT-automated-voice saying this line isn't active. No idea what the number is and wouldn't activate it unless incredibly desperate.

My broadband is on Virgin. My backup is 4G via my Draytek router (which has an ADSL/VDSL port too, but has never had anything plugged into it).

My mobile phone has a spam blocker and doesn't tend to receive much anyway.

I can't imagine random-dialling is much of a return nowadays because of the above, and anyone who claims to have a business relationship better be able to show me a bit of paper that says that and where I've given my number to them (mostly I just write N/A nowadays).

If I could be bothered, and I was being hassled, I'd set up a Google Voice number or even a VoIP system, such that known numbers are passed on and unknown numbers have to pass a greylisting-like test (e.g. "state your name and I'll pass that on.... Sorry, you're not a registered caller, goodbye!").

But, to be honest, I get such little call spam that it's just not worth the effort.

My parents are still complaining about it though, but I have just told them to get rid of the landline I don't know how many times.

0
2

Forums