"You're trying to tell me that you could connect to Windows XP hosts without knowing the hostname or IP address?"
Nope, but my USERS (remember them) sometimes log in locally (for very particular and good reasons). That buggers them up. Even the "./" syntax is enough to blow people's minds when they've worked a certain way for years and some git at Microsoft decides to remove classic logon procedures without consultation and, most importantly, WITHOUT A DAMN OPTION TO TURN THEM BACK. Thanks for misunderstanding.
"Are you trying to say browsing doesn't work with Vista hosts?"
Nope. Thanks for misunderstanding.
"You're not supposed to be using images anymore anyway."
Whoops, I'm sorry, I'll just throw away those things that mean I can rebuild a full PC in five minutes (absolute maximum) from scratch, from a single keypress then. Instead of that bloody management/deployment nightmare that is RIS etc. Sorry for throwing away ten years of playing with both types of deployment and picking the one that saves me and my tech's hours of time.
"You're supposed to slipstream Vista installs. MS helpfully provided lots of tools to do this."
Probably and yep. But that's no good to me at all. It doesn't work for my situation. When you have large blocks of identical PC's, which need perfectly identical software and settings, and quick deployments in the cases of failure (or even just "because"), it's MUCH quicker (on the order of days and weeks) to create a standardised image and re-deploy it than it is to faff about with crap like RIS. Especially if you want to do esoteric stuff like dual-boot, with more partitions than just Windows. Granted, you end up doing a bit of RIS-like things in making net-boot menus to run some installation scripts but in the end it's quicker to use established, backwards-compatible software (Ghost) and some batch files/shell scripts (that, incidentally, have worked for several years) to do the job for you. They may be helpful for the "Word runs, it'll do" crowd but how many of them actually use RIS?
"And how is it you have large pre-built images for Vista SERVERS, which don't exist?"
Who mentioned Vista servers? Servers holding pre-built images OF Vista. Thanks for misunderstanding.
"Ever heard of "testing"? If a critical app didn't work under Vista you shouldn't have widely deployed it. That's common fucking sense."
Correct. Critical app didn't work (more than several, actually). Didn't widely deploy it. In fact, didn't even get far enough to LOOK at some of the apps, because we'd given up on it by then as it clearly wasn't viable. For all that is mentioned above and a million other reasons. My point proved, but thanks for misunderstanding anyway.
"Except for the mountain of new manageability features that come with Vista. Just because you don't know about WinRE, WinPE, ImageX, RDP 6, WinRM, robocopy, etc. doesn't mean they aren't there."
Don't use them. Any of them (that might be a lie, given the "mountains" of them, but all of those that you mentioned are useless to me). Too little, too late and any decent shop has had their equivalents since NT4 or before. This is the problem - the MS way isn't the only way. WinRE = obsoleted, useless waste of time when it's outperformed by simple imaging techniques - why bother to "repair" when you can just "rebuild" - repairing ANYTHING on Windows has always been a waste of time. Rebuilding is quicker, smarter, cleaner, more efficient and the only reason against using it is if you spot a certain, reproducible problem - then you need to fix that problem for EVERYTHING rather than just rebuilding over it each time it appears. These problems are few and far between.
WinPE = see previous, although it's got many more uses, none of which I personally use. ImageX = Windows only, proprietry MS format + see previous. RDP 6 = not running terminal services, or even RDP for remote admin (various reasons, most importantly the fact that I have software to already
As has already been pointed out by other posters, 99% of people don't even need 512Mb to get their jobs done. Most people simply do not run high-end CAD, large on-desktop databases, video editing software etc. and those that DO already pay through the nose in order to do so, so they will continue to do so because they are, quite literally, on the cutting edge by necessity.
Now walk through any large city centre and count the PC's. Now count how many require (even with Vista etc. loaded) more than a Gig or two in order to do EVERYTHING they need satisfactorily without interfering with their work. And then compare to the number where >2Gb is necessary.
Hell, do the same with GHz - dual-3GHz to run Word? Not needed.
Just because you work (I assume) in one of these specialised areas, don't think you can look down on people who have to work with zero-budget, zero-external-support and support the world on their shoulders doing so. Work in a place where you can't just "buy this, buy that" even if it is vital to people working, no matter the amount of pushing and demanding you try, and even if it is in critical places that you work (Schools, personally. Seen a school in the last five years which doesn't literally stop working if the machines were to go down, taking millions of pounds of student fees and government grants with it for the next year?).
I'm a lowly sysadmin but I'm closer to the 99% of Windows users than the 1% that absolutely REQUIRE the high-end stuff.
Nope... of COURSE you have to upgrade. That's without a doubt. And you don't expect to see performance GAINS through upgrading (the software, new features, new demands etc.) cancel that out. But why UPGRADE to something that does the same job (nothing more, maybe even a little less) and uses MUCH more resources (including support time)?
I've got a rusty old bicycle to sell. Bargain at only £400. You know, after a few years you might actually start to like riding it. That's my prediction. Wanna buy it?
Stick it in a domain-networked environment (such as, ooh, every office in the world). Now try to use it without your hundreds of users moaning like hell because they can't get simple things done... like, e.g. log in locally once a PC is connected to a domain without having to know the PC's EXACT name. Being able to switch off all that UAC etc. junk and have it just work as XP did on a Windows network. Not have to upgrade every PC to something approaching twice what you could get away with on XP (so, that's a 25% upgrade cost per-PC, multiplied by the number of PC's, adding the hours worked by the technicians in upgrading it OR all-new PC's and the associated rebuild-etc. costs for doing it out-of-cycle). Invest in more disk space because every PC image now takes 15Gb of useless crap before you start compared to about 4-5 on XP - servers with large pre-build images love this one, you just multiplied the size of some of their largest single files by 3.
Now you have done all the "technical bits", wait and see how much legacy software that is mostly out of your control just stops working, or requires workarounds, or slows down (despite the computer upgrades). Watch your network graphs dip in correlation to the playing of music/video files on the PC's (although in a properly managed network, that shouldn't be a concern). Oh, and then you have the minor, obviously-we-should-be-there-by-now-anyway, of DVD-sized installation disks (and therefore network-shares, etc.), the fact that virtually everything you were running on XP runs with no difference or gets worse and that you have nothing really "new" to show for all that hard work and hassle. It's still an OS, it still just runs Word, it still just prints and saves on network shares. But for some reason you've had to change everything along the way to get to that point and the only thing you'll see difference is a dip in your client performance graphs. Oh, and to turn off all the whizzy new features to stop your users playing with them, you're really talking about waiting for Server 2008 with all the upgrade costs that involves.
It doesn't really matter what you use at home. You could use anything from MythTV to Windows Vista, Windows ME to MacOS. Nobody really cares so long as it gets their work done. What matters is what do you choose when you need to change. You try justifying Vista upgrades in a business environment, or to a little old granny who types up the minutes of the church council meetings. The problem is not "Why are people slating Vista?" but more "What does Vista actually DO that it didn't before for the average user?". 64-bit? Who cares. All that means is that drivers are harder to come by and some older stuff might not work. More than 4Gb RAM? So what? Doesn't crash any more than XP? Why did I have to move off XP then? UAC? Ha. The mental equivalent of "Yes to All" defeats that quite quickly.
Really, there's not much left. Home use, because it came with the computer? Fine. Use it. Home use upgrade? You can find a million reasons not to bother but we'd start with cost and what advantages it brings. Business use? Not until it's a de-facto standard. And there's not much chance of that happening while XP Pro disks and Vista->XP downgrade rights still exist.
Don't listen to the "it won't happen or you'll have to sell your soul at least" arguments. The word "management" is a knife through the heart when you're a lowly workman and just want to get stuff done - I'm quite cynical about the people who consider that the most important part of their job title is "manager".
I've been a technician (front-line to back-end, not keyboard-changing-junkie, actually doing real work) since leaving university. Having a degree helped me get my very first computing job because it was in a school and they wanted some paper display of capability but that was it and other places are not as fussy. I don't have MCSE, CCNA or anything like that because I consider them a waste of time. After that, doing a bloody good job got me more work that I could take on. That's as a technician, still.
Went to work at a large establishment, still as a technician, very under-appreciated by everyone but my direct line manager, the IT manager. Wonderful person who showed me ways around the politics without compromising your own integrity (basically, do the job so well and so to-the-book that they can't fault you, you even get to use such tactics against stupid plans). But basically you have to find somewhere where the person directly above you appreciates you (hard enough), shine at your job - that usually means saving money in one way or another, show "management skills" (yuck), which basically means already taking account of what the IT manager would have to think about in each situation and showing that you are capable of their job and understand what THEY need to do in order for you to do the work.
Then, with a little luck (there's always SOME luck in any situation), they'll start elevating you above your colleagues if they recognise that you actually could do their job better than the others around you. You don't have to suck up - I never have. You don't have to take over. You just have to be knowledgeable, trustworthy and work.
And, if you'll good at it and can display it to someone that can appreciate it, you'll then get first-pickings of the Assistant IT Manager etc. jobs that come along and once you're there it's just a matter of waiting for people to retire, mess up or snuff it! (Just kidding if the IT Manager mentioned above reads this - they wanted me to take over from themselves, and still do, but I moved on because the offer wasn't right, which was nothing to do with them but came from "above" them - every month they phone me up and increase the offer just that little bit more to get me back as IT manager).
You can switch between places but each time you switch you will always drop down just a little if you don't increase in job title. So going from tech in a good place to manager in a bad place may let you make the leap to manager in a good place. But managers tend to work on trust and social relations more than paper experience, so staying in one place will get you moving more - there is always a danger of entire-workforce-stagnation at any particular place though but you will recognise that when it happens. But going from tech in a good place to tech in another good place can actually a bit of a backward step.
Holy cow. I can remember when my HARD DISK was 480Mb. And that was 10 times bigger than the first hard disk I bought. And even THAT was an upgrade that cost nearly 25% of the computer again.
And, as you point out, that's BEFORE you do anything but actually turn the computer on and wait ten minutes. God knows what happens when you actually WANT to work. XP can boot fairly comfortable for low-to-mid-end users in 256Mb - it ain't fast, it'll swap, but on network managed machines without the usual startup cruft you'll get work done without in-app pauses and for a basic Office suite you won't even notice (I tend to find silent-hard-disk computers are percieved as "faster" by users, even when they are swapping more). 512Mb makes for a nice XP system and anything more is a bonus - I've run networks with hundreds of machines on XP and none of them ever needed more than 512Mb for adequate performance, unless they were doing high-end stuff like CAD - more important is to keep your startup entries clear than put more than 512Mb into an "office" XP machine. But having to have 512Mb before you can even boot the thing up?
170Mb used out of 256. That's with a full KDE GUI (commonly referred to as bloated by a lot of people who obviously don't get out into retail stores and buy Windows much), an Opera process collecting mail from dozens of accounts and browsing hundreds of webpages each day with memory caching, and that's been running for about 26 days now.
And THAT's a proxy/filter/cache for a school, with transparent bridging that hasn't rebooted in months. 50Mb in use, admittedly no X-Windows running at the moment. Even most of that is Samba, Squid memory cache, Apache and other miscellaneous programs running on it, not all of which are critical to its operation but provide nice web or GUI interfaces to the admins.
Seriously, I know that things move on and you can't stay on a 386 but what benefit does the actual end-user get for all that bloat? What can you do on a 512Mb "Windows 7" machine that you can't on a 512Mb Vista machine, 512Mb XP machine, 512Mb Linux machine? Can you even BOOT with just 512Mb on this new version? More worrying, how many Gigs of rubbish that load on startup does it come with to fill up 480 Mb before you get into the machine? And what does that do to your minimum installation size and baseline CPU use?
I switched, personally, to Linux at home, Linux in work where appropriate (i.e. everything but network-managed desktops, because of the amount of legacy Windows software required) at around the same time that a Linux machine with 256Mb could do the same things as an XP machine with 512Mb, all other things being equal.
I've got a salesman coming tomorrow to try to sell the school Vista, two months after we put in a brand new XP network replacing the previous XP network. They aren't even going to be able to sell us that because I've done my research, which they don't expect smaller schools to do. Too high requirements, too many unnecessary features, too much rubbish, no practical advantage. How are MS going to sell an OS that's going to need literally Gigs of RAM once it's combined with Office and all the usual bundled offering?
This same salesman will be selling Windows 7 in a few years, of course he will, but what do you get for your money? I've seen people selling Windows Vista "digital signage" (i.e. scrol
This happens far too much, agreed, but there are things that you MUST do. Companies don't care about you. You're a number. Your boss only cares about you for the trouble you can cause and the help to him that you can be - that instantly categorises you into "trouble-maker" or "suck-up". Either works (surprisingly), but I only ever go for the first, putting on a good impression of the second where necessary to make longer-term plans to be a troublemaker work ("Certainly. Yes. I'll install Vista on every machine today if that's what YOU want, sir.... so that when it crashes and burns, I can bring out my report to you from six months ago that tells you it won't work, will cost millions and will break the entire company in the meantime. But if that's what YOU want...")
First, you never let ANYONE else take credit for YOUR work. In one place I worked at, this came down to the IT Manager plastering their name all over a document (in Properties, the document, hidden headers etc.) so that when senior management took it and ran with the ideas and tried to claim them for their own, they came unstuck because simply removing their name from the front page wasn't enough. They fell hard on that one - in front of the top-bod, who caught them out perfectly - and the credit was put firmly back on the person it belonged to. It's a game that you need to play carefully, though.
Second, don't let anybody screw you over. People will do this. Even to the point of ignoring your work because you're "below" them and therefore can't possibly know as much as them (which, in my experience, is absolute rubbish). Blind obedience actually works here. You do EXACTLY what they want, after protesting that it's not right. Every time you see them, you mention that it's not the correct thing to do, but carry on implementing it. You ask them if they are SURE that they want you to do this, several times. If that doesn't scare them off, you make sure that they accidentally walk in on several conversations where you are discussing with other people (preferably THEIR boss) and both laughing about how bad an idea it is. And then, when it crashes and burns like it inevitably will, you bring out every sound-bite, every document, every conversation you've had where they have stated categorically that it was their idea and they did it against your advice. It works wonderfully well with only a smattering of orchestration.
Third, don't expect praise for weekend/night work - in most places you just won't get it. If you do have to do it, then you make an absolute fuss over it so that they KNOW you've done it. You can even go to the point of refusing to do it and when they see that there's nobody else TO do it, and they can't hire anybody knowledgeable enough in the time etc., then you'll get fantastic praise for "changing your mind" at the last minute. Additionally, you make sure that EVERYBODY knows that you did it out of the goodness of your heart.
In IT this can entail things like being sitting in a senior manager's office when they arrive for work with their PC in pieces - "I started work hours ago" in a subtle way. Similarly, at the end of the day, go back to that same person's office and start taking their PC to pieces again (because, obviously, you put it back together at the beginning of "their" day so that they could work) while they are collecting their coat to go home. And while you're there you record a number of problems that were spotted after hours and use them - "Well, while I was taking apart John's PC last night for the network upgrades..." to their boss, for example.
Document everything. Included sound-bites of people who ask you to do stuff. Date it and log it. You'll never use 90% of them but the 10% will more than make up for it. Document your objections. Document your "extra hours" and categorise them by the project/silly decision that caused them. NEVER bring out your book but memorise the key quotes for that important "why did it all go wrong" meeting afterwards.
In this one particular case it happened to be DansGuardian in a transparent squid config because there was nothing upstream to filter it, but I've also done it with other bits and in one case I did it with nothing more than a shell script to filter out particular sites that the upstream filters weren't handling properly (and it was taking days to get them to update).
I didnt use IP cameras, though. I used whatever was to hand - a couple of cheapy CCTV cameras, 20m of cable and a WinTV card - couple it with "motion", an open-source motion capture program, and it'll snapshot and record movies whenever it detects motion on the image and lets you feed the resulting files to a shell script as they are being created - perfect for our use, especially if someone "spots" the machine or cameras and disconnects them - the initial image still has time to get sent to an email account off-site that we can pick up from later for evidence. And to "upgrade", just add another WinTV card/camera, or feed it the URL of your network cameras, or plug in a USB camera - you can basically saturate even the most powerful machine without having to do anything fancy like buy specific 4-camera CCTV cards for it.
Downtime is for those projects that nobody will officially let you start, nobody "wants" and nobody will pay you to implement. Then, when you spend all that downtime putting it in, you pretend that you did it in your own time alongside your normal work, and people suddenly discover that all the projects that they considered a waste of time become something that they can't live without.
At least, that's how it's worked everywhere I've ever been employed.
For example, in a Windows-only school at which the only person who'd ever heard of Linux (the IT manager) treated mention of it like some kind of first word from a child ("Oh, you use Linux. That's cute. Tell me when you make something 'useful' out of it."), I had a few hours of downtime. Found a spare "obsolete" PC. Found a couple of network cards. Was tired of the "Linux being nothing more than a toy" digs.
In three hours (including install, configuration and a lot of testing) I implemented a caching, transparent proxy/filter which to this day is still filtering the Internet (with zero configuration changes either on the clients, servers or any other devices) for over a thousand users without anybody noticing any difference and saving the school in question several thousand pounds on buying their own filtering appliance (from the prices we were quoted). I implemented it in an afternoon and it went into full live service when school finished that day and is still there churning away. It's zero-maintenance (unless someone wants a particular website blocked, in which case they just stick its name into a plain text file), "invisible" to the network users so, unlike some of the other network equipment, the kids don't try to "hack" it and even if they do only the squid port actually does anything.
It's never been rebooted, never caused a problem, is the only thing standing between the kids and the nasty side of the Internet, is now the de facto and only Internet filtering within the school and if it ever "breaks" it has a Cat5-coupler taped to it with instructions - couple the "In" Ethernet cable to the "Out" cable and, without doing anything else, you bypass the filter without anyone noticing more than a seconds downtime. Obviously, it's in a secured cabinet so that only the IT manager can do that, but the demonstration of "now we're filtered, *click*, now we're not, *click*, now you're running off my proxy, *click*, now it's all back how it was before today, *click*"... was enough to silence the Linux-critic once and for all.
Then there's the school running a Jabber IM system that they "would never use". Then there's the school running the PHP helpdesk for which they had no use. Then there's the one whose IT department are running their own recording CCTV computer which nobody but the IT department know about, which emails them movies of any movement in the IT office overnight or when nobody is supposed to be in - it's already caught several "wanderers" who just happened to walk through the locked IT office when they had no need to and "just looked" at the pile of laptops hidden away. That system later got re-used to record classes for approximately £500 less per camera then our usual CCTV supplier.
All the best projects are done when you let the people who know how just let loose with their own ideas and not worry about whether the end product will be useful. Downtime is perfect for this and turns the most boring moments into the most interesting, especially if you have a large IT team who can all "show off" to each other.
"If UPnP is available, you can be up and running with Azureus without even knowing what an IP address is."
Correct. Although if it's not, you can still be. It'll be a tiny bit slower and you'll have a few less peers but overall you're not going to even notice if you don't know what an IP address is.
"Without UPnP, you need to understand the concept of an IP address, NAT, ports and port forwarding."
No you don't. It'll "just work". The same way that Steam or XBox Live can "just work" without any of the above. People design stuff for NAT now and there's very, very little (apart from extreme-legacy protocols) that can't NAT properly. But if you want optimum performance and to get as many peers as you can etc. then, yeah, you can use the above techniques to help you do that. Most people don't and won't.
"My mum can't even work iTunes; you expect her to do this?"
Nope. She has no need to. Even if she uses BitTorrent, Steam and XBox Live. That's our point.
"Turning off UPnP makes them have to think twice -- once about the security risks they're avoiding, once again about how to manually achieve the stuff UPnP was doing for them automatically."
Have you got our point yet? It doesn't do anything automatically that can't be achieved through "correct" programming and even MS products manage to work absolutely fine without UPnP - they just work around NAT like everything else.
The problem is that people see UPnP, see what it does and think "I need that" and switch it on. Or when product manufacturers turn such things on at the factory. That's when the security problems start. That's when joe-average gets whacked by exploits like this even though, if UPnP had been disabled from the start, he wouldn't have succumbed to this particular attack and, almost certainly, wouldn't have noticed any difference in any of his applications.
NAT is a well-defined standard. There's not much that absolutely cannot be done through NAT, and most of that is protocol stupidity like embedding IP addresses inside data packets (a breach of the TCP standards, I might add) which can be countered (FTP passive connections, connection tracking etc.). The only other thing is that there are no "open ports" so you can't query a client unsolicited. That's GOOD. That means that they have to WANT to talk to you in order to be able to connect. Things like XBox Live and Steam handle this for you by acting as a go-between for the initial part of the conversation. That's how it works. It's GOOD that it works that way. It stops an awful lot of problems with port-forwarding of arbitrary ranges to something like an XBox that isn't going to be the most up-to-date or secure device.
What's hard? The fact that you don't have someone who's already done that for you? Then try LinuxPackages.net for just about any Slackware-compiled software you need. The fact that there's no dependency-resolution? Either a) get one of the many programs that does it for you or b) run the program, see what it's missing, download that, install that, rinse and repeat. Incidentally, method B was how I've built dozens, if not hundreds of Slackware installs from scratch and takes up less than about 10% of total build time over the life of the machine - and once you're past the "I've got most things now" barrier, you hardly touch dependant software at all except to update.
I use Slackware for anything from a blackbox router to a full desktop (not just for me, I might add). It's running transparent cache/proxy/filters in a 1000-student school I worked in, it's running a security system including CCTV motion capture, it's running web hosts in dedicated facilities, it's running on several (600Mhz or thereabouts) laptops in a full desktop enviroment with wireless connection.
How long does it take to set any of them up? An hour or two to install Slackware (mostly because of the old hardware), a few minutes on a broadband connection to download the "extras" like codecs, libdvdcss, madwifi etc. for the desktops and it's only the stuff that Slackware isn't "allowed" to bundle anyway. Everything else just compiles. No messing about. So I don't see why the troll is necessary. Things just build when you build them.
The problem was - GNOME was dropped because it was becoming an increasing nightmare to compile and package it for Slackware - not because of a Slackware shortcoming. The beauty of Slackware is that virtually EVERYTHING that the base install includes is patch-free and just original source with a handful of configure parameters to put things in the right place. The kernel is pure, the software is pure, the boot scripts are plain, easy, modular and readable. It's almost an "LFS" install done right. No fancy patches to add third-party functionality and cope with different schemes that break original-author-support (Red Hat's patches to cdrecord and the like spring to mind, although I can't stand the man), patched-to-the-hilt kernels that just cause problems for bug-fixing, etc.
Stop spending your money on companies that try to "recreate" every bit of software only to have it break in the next version and them having to pay people to re-do their work over and over again (because the original authors want nothing to do with those proprietry extensions that add little). Start using a distro that sucks in code from the authors in the way they intended it and makes everything "just work".
Turn off UPnP! Why on Earth do you want it on anyway? That's the problem here - an XSS is one matter, although being able to send SOAP-style requests across your local network is a major concern. But having a router that automatically opens ports based on virtually zero authentication? A nightmare waiting to happen.
Never used it. Never wanted it. Never turned it on. Always turned it off on EVERYTHING. UPnP is the problem here - a simple (unauthenticated) HTTP-style page requested in a browser suddenly starts opening ports to your network. It should not happen. Even my DSL router/wireless router/Linux router has SSL only, passworded access to do anything even approaching opening ports. And if a webpage pops up with an authentication dialog with the header "Wireless Router" and you type in your password, then you're a fool, unless you specifically requested the router's configuration page.
There's rarely even a log of what UPnP has done - which ports it's opened in the past etc. for whom.
OpenTTD is a complete reverse-engineered version, compatible with virtually every GRF from "The Patch", and works just like the old one - but has reliable TCP networking, SDL graphics, SDL sound, etc. so it's portable to any number of platforms.
Plus, it incorporates hundreds of features that TTD "should have had", such as drag-drop line placement in all directions, bridges that can span over any tile etc.
Fantastic, but if you'd use WEP instead of WPA, none of that really matters now, does it? I'd be on your local network and could boucne via ANYTHING there to configure/reflash the router. Once someone's in, that's the end of it.
And MAC filtering takes exactly zero time to bypass once you know it's in place - some tools constantly read all connected MAC's of all nearby radios and "change" to take over their MAC with a single click. You have to TRANSMIT your MAC for any sort of networking to work, and it's trivial to change a MAC on anything - network card, wireless etc. A MAC is not security (despite the meaning of it's acronym), it's a tiny piece of broadcast information.
I work for schools in the UK and I have tried and tried to explain this to them - their engineers only EVER use WEP on their access point because "WPA is difficult to set up" (yes, I know, its rubbish!). I even did the Whoppix/Whax thing and showed them their WEP key remotely without any hints in under five minutes but their answer is "nobody would bother to do that".
And that's where the problems lie - if you have even 10% of AP's using WEP or insecure passwords, then you can use them to bounce a million attacks off to find some more of that 10% and so on and so on. It's a numbers problem - each point is another radio listening on your behalf without anyone knowing.
London, England - to enter Central London TODAY, your number plate is read on entry and exit, stored, and you are sent an automated bill for that day unless you pay the "congestion charge" in a London shop (or by text, online etc.). The point is that by entering Central London you have already been spotted and recorded on CCTV, your number plate automatically read and you've been charged. Not paying is an offence - no matter what you were doing. Certain exceptions are made for taxis and low-emission vehicles (which has lead to many millionaires registering thier limos as taxis, but they are clamping down on that too!). The whole border of this "zone" and virtually every road inside the zone is CCTV-monitored.
While you are there, they are also matching your details against road tax, insurance etc. databases to ensure each car is legitimate and allowed to be driven. Even parking on a yellow box at a junction (a "do not stop here because you're blocking side-traffic box" - a relatively minor offence in Britain because we don't really enforce it anywhere but London, the worst you really get is a slap on the wrist from a police officer) is an automated, video-camera offence that you can find out you've committed WHEN YOU GET HOME and see an envelope in your door with a picture of you in your car committing the offence.
London's already there. This article is about British drivers who are moaning about speed cameras being Orwellian when, in fact, much more Orwellian things are going on already and the same people do not complain about them. I assume because you can't do over 20mph in Central London anyway, even if you wanted to, so they happen to drive elsewhere.
So, in response to your comment - London's ahead of you. Nobody cares. But because somebody is taking your picture ONLY when you do over the speed limit (and, in fact, the magic number is speed limit + 5% + 5mph or thereabouts) in certain, clearly marked areas , people are setting fire to the things. But having every detail of every car journey through the capital city logged? In place and nobody cares. Having "Oyster" cards that track every mode of public transportation that you use within Greater London (a much wider area)? In place and nobody cares. All in the name of anti-terrorism? Few question it. But try and stop the joyriders doing 40 on a 30 road and they start committing arson over their "rights" (which, incidentally, we Brits have never felt the need to actually write down but pretty much have all the same rights as the average US citizen, if not more).
Britain is one of the worst surveillance societies, it really is. We're way ahead of the US in such things, whether you know it or not. If it weren't for the fact that the newspapers caught hold of a story where Her Majesty's Revenue & Customs lost the personal and income details of MILLIONS of people on some CD's they put into the post, we'd have compulsory, electronic ID cards by now, linking all sorts of databases that are currently seperate. The only thing people cared about there was that the government wanted to charge £80 per person in the country for them and make them a compulsory purchase. Now that they've dropped the charging idea, people are happy to sit back and have them. Or would have been until sheer accident and incompetence made the government drop the ball.
This was my point and I (possibly mistakenly) assumed that the comment was made by a British speeder who was aware of those other things!
"The information age has made permanent archival cheap, and improvements in pattern recognition are fast giving us the ability to rapidly search through those archives. There isn't a single government in existence today that's responsible enough to handle such data."
Lets assume it's true (I'm only half-agreeing with both statements). So that means we should burn them, no? I know, let's burn all the computer centres. Hell, while we're at it, let's burn the court records. And the courts. Hold on, let's just burn all the judges. See how stupid your justifications are?
"Speeding isn't good, but it isn't the scourge of society."
No. But people who flout the laws that have been clearly written down for DECADES and have never bothered to challenge or provide evidence AGAINST the law (e.g. that speeding DOESN'T kill, or that kids hit at 40 aren't more likely to die than those hit at thirty etc.)... those people ARE the scourge of society. What law would you like to blatantly ignore and boast about ignoring next? You even had to pass a damn test by displaying your knowledge of this law and you didn't query it. So abide by it. Or get the law changed.
"The fact is, governments (and the UK government especially) have repeatedly shown a propensity to never throw away any data gathered from the public (if you are arrested in the UK for any reason, your DNA is put into a database and never deleted, even if the charges are dropped.)"
And that has what to do with burning speed cameras? And if you disagree with it, do something about it which does not destroy tax-paid property in the process of a public-endangering arson. Or does your brain stop you thinking past "burn them all"?
"The speeding *obsession* is a joke anyway--the only reason why law enforcement cares so much about it is it's easy to prove and tickets are an easy source of revenue."
Because people like yourself are so incredibly stupid that they blatantly break a law, when in the prescence of an BRIGHTLY-COLOURED, EASILY VISIBLE (because your lot asked for it) very accurate detector. And each time you do, you KNOW that you've broken a law (hence the slamming on of brakes and the panicked looks whenever people see a flash by the side of the road) and then pay up - because you KNOW you've broken the law. If you hadn't, you'd contest it. And then not have to pay. And then run up thousands of pounds of court costs for both sides which ultimately would lead police to abandon prosecutions due to the expense.
But the fact is that you broke a very old law that you knew full well and then decide to pay up - that's what makes it profitable for the police. It's like the pharmacuetical industry and cold remedies - we could cure colds no problem, but the billion-dollar industry surrounding minor coughs and colds would then collapse, leaving no revenue to actually develop highly-complex drugs for rare conditions. You don't want the police to profit? Stay below 30. It's not hard. You just don't press as hard. It's really, really easy. Every person who's ever passed a driving test has had to do it, under strict supervision, and managed it perfectly.
"The solution to the traffic problem is ultimately a technical one--within the next 50-75 years, we should have fully automated cars anyway (if not flying.)"
Yep. And then we can get rid of all those idiots like yourself from spouting rubbish. But then, no, when your automated car is limited to 40, you'll be modifying (against the law) to go to 50. And then when it crashes or you get arrested you'll spout the same rubbish as you are now.
"Despite what the evening news tells you, law enforcement is NOT the primary problem of our times."
Nope. It's law enforcement being prevented from doing their job because of red tape. And that red tape comes from people who, e.g., argue that, because the officer didn't show them the locked display of a speed camera when arresting them, they weren't speeding. Or having to chase people through courts
The trouble with antivirus is that the doorman is actually sitting upstairs with a note on the front door that says "Report to the doorman upstairs, please." By the time AV spots a virus it's usually already far too late and the first thing that any virus does is to turn off AV, usually in such a way that the user doesn't notice (the equivalent of swapping your doorman for a clone).
AV is good only as a system check. It is no good as a frontline defence. It can't spot viruses until they are either already in memory or sitting on your disk. Some of the time it will spot them before they get executed but most of the time not. When I used to use Windows at home (I only use it on school networks now, I work as a tech in schools) the one way to "tell" that you had something dodgy going on was when Zonealarm went ape. Even the integrated Zonealarm Security Suite, AVG etc. didn't detect the stuff that I was testing. But when something starts asking for Internet access out-of-turn, you know something's wrong. And when your AV is less use than a freeware firewall that bothered to ask you, you know it's a waste of time.
AV-scanning-proxies : excellent idea AV scans of networks: good idea AV scans of home machines: pointless and doesn't tell you what you can't find out in ten seconds of using the machine as an IT professional. AV "real-time scanners": Well, yes, if you must, have CPU to spare and ignorant users using the machine. Otherwise, they're pointless.
Yeah, they can do the same, so long as they follow the well-established clean-room procedure, as they have done previously and are still doing. And the current (and next) Samba already has a lot of AD in it, just not stuff that's useful to managing networks like Group Policy etc. which IS covered by this agreement. AD auth is already in most samba's distributed. However, if you want to work out all the corner cases, all the undocumented stuff etc. then you need specs. Or else you can spend (literally) another decade, not to mention a lot of money on people's wages, to figure out how it all works using a bit of cleanroom reverse-engineering by which time it's obsolete and outdated.
It's a hurdle on all three counts - there are patents (but with this agreement MS has to tell us what they are and if they get any new ones that affect licensees), there are legal problems (making sure the code is CLEANLY reverse-engineered for starters) and there are technical issues (it's a whole heap of a mess and it's taking years to find out useful information that you can put in a nicely programmed version, it requires literally throwing educated-guess packets at a Windows server and trying to replicate it's response depending on the state of the entire network, the packet and the server databases).
The school I work at as a Technician (for the past five years), having set up their entire Windows network from bare metal without any management interfaces but a couple of hand-coded batch scripts, wanted to send me on an ECDL course. That's "European Computer Driving License" to those who don't know. A click-here-to-run-Word-congratulations-you've-passed "qualification" that you give to typists and secretaries. I didn't have the heart to explain to them - I merely said that it wasn't worth their money to send me on that course and they should instead send (besides the fact that I could not only teach that same damn course, but have built networks that the ECDL people end up renting in order to teach the course!
Schools get very stroppy if you don't have all the three-or-four-letter-acronyms to your name until they actually see what you've been doing for the last seven years - they're used to technical people having MCSE's etc. and having to be constantly re-trained on every new OS, buy expensive management software for every tiny little management task etc. because they don't know what they are doing. Then you show them that you've managed all the same networks, on a smaller budget, with greater demands, older hardware and no fancy software and that it outperforms all the ones they've seen and suddenly the little lights switch on in their brains that maybe courses/training/letters/acronyms aren't that important after all.
We STILL haven't got anything to show you. So we slipped a CGI artist a few hundred to knock up something very contrived and put a bad voice actor (who doesn't sound like the original Duke) over the last few seconds of the vid. We can't show gameplay, cos there isn't any. We can't show anything "new", cos there isn't anything. We can't even "hint" at what's coming, cos there's nothing. But if we release a trailer of CGI we'll still keep the Duke name going and make it look like we're actually doing some work on the game.
Not only nothing to see, but yet another nail in the Duke coffin. Just cancel the game, for god's sake, and get on with some real work.
"You're trying to tell me that you could connect to Windows XP hosts without knowing the hostname or IP address?"
Nope, but my USERS (remember them) sometimes log in locally (for very particular and good reasons). That buggers them up. Even the "./" syntax is enough to blow people's minds when they've worked a certain way for years and some git at Microsoft decides to remove classic logon procedures without consultation and, most importantly, WITHOUT A DAMN OPTION TO TURN THEM BACK. Thanks for misunderstanding.
"Are you trying to say browsing doesn't work with Vista hosts?"
Nope. Thanks for misunderstanding.
"You're not supposed to be using images anymore anyway."
Whoops, I'm sorry, I'll just throw away those things that mean I can rebuild a full PC in five minutes (absolute maximum) from scratch, from a single keypress then. Instead of that bloody management/deployment nightmare that is RIS etc. Sorry for throwing away ten years of playing with both types of deployment and picking the one that saves me and my tech's hours of time.
"You're supposed to slipstream Vista installs. MS helpfully provided lots of tools to do this."
Probably and yep. But that's no good to me at all. It doesn't work for my situation. When you have large blocks of identical PC's, which need perfectly identical software and settings, and quick deployments in the cases of failure (or even just "because"), it's MUCH quicker (on the order of days and weeks) to create a standardised image and re-deploy it than it is to faff about with crap like RIS. Especially if you want to do esoteric stuff like dual-boot, with more partitions than just Windows. Granted, you end up doing a bit of RIS-like things in making net-boot menus to run some installation scripts but in the end it's quicker to use established, backwards-compatible software (Ghost) and some batch files/shell scripts (that, incidentally, have worked for several years) to do the job for you. They may be helpful for the "Word runs, it'll do" crowd but how many of them actually use RIS?
"And how is it you have large pre-built images for Vista SERVERS, which don't exist?"
Who mentioned Vista servers? Servers holding pre-built images OF Vista. Thanks for misunderstanding.
"Ever heard of "testing"? If a critical app didn't work under Vista you shouldn't have widely deployed it. That's common fucking sense."
Correct. Critical app didn't work (more than several, actually). Didn't widely deploy it. In fact, didn't even get far enough to LOOK at some of the apps, because we'd given up on it by then as it clearly wasn't viable. For all that is mentioned above and a million other reasons. My point proved, but thanks for misunderstanding anyway.
"Except for the mountain of new manageability features that come with Vista. Just because you don't know about WinRE, WinPE, ImageX, RDP 6, WinRM, robocopy, etc. doesn't mean they aren't there."
Don't use them. Any of them (that might be a lie, given the "mountains" of them, but all of those that you mentioned are useless to me). Too little, too late and any decent shop has had their equivalents since NT4 or before. This is the problem - the MS way isn't the only way. WinRE = obsoleted, useless waste of time when it's outperformed by simple imaging techniques - why bother to "repair" when you can just "rebuild" - repairing ANYTHING on Windows has always been a waste of time. Rebuilding is quicker, smarter, cleaner, more efficient and the only reason against using it is if you spot a certain, reproducible problem - then you need to fix that problem for EVERYTHING rather than just rebuilding over it each time it appears. These problems are few and far between.
WinPE = see previous, although it's got many more uses, none of which I personally use. ImageX = Windows only, proprietry MS format + see previous. RDP 6 = not running terminal services, or even RDP for remote admin (various reasons, most importantly the fact that I have software to already
As has already been pointed out by other posters, 99% of people don't even need 512Mb to get their jobs done. Most people simply do not run high-end CAD, large on-desktop databases, video editing software etc. and those that DO already pay through the nose in order to do so, so they will continue to do so because they are, quite literally, on the cutting edge by necessity.
Now walk through any large city centre and count the PC's. Now count how many require (even with Vista etc. loaded) more than a Gig or two in order to do EVERYTHING they need satisfactorily without interfering with their work. And then compare to the number where >2Gb is necessary.
Hell, do the same with GHz - dual-3GHz to run Word? Not needed.
Just because you work (I assume) in one of these specialised areas, don't think you can look down on people who have to work with zero-budget, zero-external-support and support the world on their shoulders doing so. Work in a place where you can't just "buy this, buy that" even if it is vital to people working, no matter the amount of pushing and demanding you try, and even if it is in critical places that you work (Schools, personally. Seen a school in the last five years which doesn't literally stop working if the machines were to go down, taking millions of pounds of student fees and government grants with it for the next year?).
I'm a lowly sysadmin but I'm closer to the 99% of Windows users than the 1% that absolutely REQUIRE the high-end stuff.
Nope... of COURSE you have to upgrade. That's without a doubt. And you don't expect to see performance GAINS through upgrading (the software, new features, new demands etc.) cancel that out. But why UPGRADE to something that does the same job (nothing more, maybe even a little less) and uses MUCH more resources (including support time)?
I've got a rusty old bicycle to sell. Bargain at only £400. You know, after a few years you might actually start to like riding it. That's my prediction. Wanna buy it?
Stick it in a domain-networked environment (such as, ooh, every office in the world). Now try to use it without your hundreds of users moaning like hell because they can't get simple things done... like, e.g. log in locally once a PC is connected to a domain without having to know the PC's EXACT name. Being able to switch off all that UAC etc. junk and have it just work as XP did on a Windows network. Not have to upgrade every PC to something approaching twice what you could get away with on XP (so, that's a 25% upgrade cost per-PC, multiplied by the number of PC's, adding the hours worked by the technicians in upgrading it OR all-new PC's and the associated rebuild-etc. costs for doing it out-of-cycle). Invest in more disk space because every PC image now takes 15Gb of useless crap before you start compared to about 4-5 on XP - servers with large pre-build images love this one, you just multiplied the size of some of their largest single files by 3.
Now you have done all the "technical bits", wait and see how much legacy software that is mostly out of your control just stops working, or requires workarounds, or slows down (despite the computer upgrades). Watch your network graphs dip in correlation to the playing of music/video files on the PC's (although in a properly managed network, that shouldn't be a concern). Oh, and then you have the minor, obviously-we-should-be-there-by-now-anyway, of DVD-sized installation disks (and therefore network-shares, etc.), the fact that virtually everything you were running on XP runs with no difference or gets worse and that you have nothing really "new" to show for all that hard work and hassle. It's still an OS, it still just runs Word, it still just prints and saves on network shares. But for some reason you've had to change everything along the way to get to that point and the only thing you'll see difference is a dip in your client performance graphs. Oh, and to turn off all the whizzy new features to stop your users playing with them, you're really talking about waiting for Server 2008 with all the upgrade costs that involves.
It doesn't really matter what you use at home. You could use anything from MythTV to Windows Vista, Windows ME to MacOS. Nobody really cares so long as it gets their work done. What matters is what do you choose when you need to change. You try justifying Vista upgrades in a business environment, or to a little old granny who types up the minutes of the church council meetings. The problem is not "Why are people slating Vista?" but more "What does Vista actually DO that it didn't before for the average user?". 64-bit? Who cares. All that means is that drivers are harder to come by and some older stuff might not work. More than 4Gb RAM? So what? Doesn't crash any more than XP? Why did I have to move off XP then? UAC? Ha. The mental equivalent of "Yes to All" defeats that quite quickly.
Really, there's not much left. Home use, because it came with the computer? Fine. Use it. Home use upgrade? You can find a million reasons not to bother but we'd start with cost and what advantages it brings. Business use? Not until it's a de-facto standard. And there's not much chance of that happening while XP Pro disks and Vista->XP downgrade rights still exist.
Call me back when we lose the bleeps, the sweeps and the creeps.
Or even the hackers aren't stupid enough to run Vista, or even to target it, so they don't find as many holes.
Don't listen to the "it won't happen or you'll have to sell your soul at least" arguments. The word "management" is a knife through the heart when you're a lowly workman and just want to get stuff done - I'm quite cynical about the people who consider that the most important part of their job title is "manager".
I've been a technician (front-line to back-end, not keyboard-changing-junkie, actually doing real work) since leaving university. Having a degree helped me get my very first computing job because it was in a school and they wanted some paper display of capability but that was it and other places are not as fussy. I don't have MCSE, CCNA or anything like that because I consider them a waste of time. After that, doing a bloody good job got me more work that I could take on. That's as a technician, still.
Went to work at a large establishment, still as a technician, very under-appreciated by everyone but my direct line manager, the IT manager. Wonderful person who showed me ways around the politics without compromising your own integrity (basically, do the job so well and so to-the-book that they can't fault you, you even get to use such tactics against stupid plans). But basically you have to find somewhere where the person directly above you appreciates you (hard enough), shine at your job - that usually means saving money in one way or another, show "management skills" (yuck), which basically means already taking account of what the IT manager would have to think about in each situation and showing that you are capable of their job and understand what THEY need to do in order for you to do the work.
Then, with a little luck (there's always SOME luck in any situation), they'll start elevating you above your colleagues if they recognise that you actually could do their job better than the others around you. You don't have to suck up - I never have. You don't have to take over. You just have to be knowledgeable, trustworthy and work.
And, if you'll good at it and can display it to someone that can appreciate it, you'll then get first-pickings of the Assistant IT Manager etc. jobs that come along and once you're there it's just a matter of waiting for people to retire, mess up or snuff it! (Just kidding if the IT Manager mentioned above reads this - they wanted me to take over from themselves, and still do, but I moved on because the offer wasn't right, which was nothing to do with them but came from "above" them - every month they phone me up and increase the offer just that little bit more to get me back as IT manager).
You can switch between places but each time you switch you will always drop down just a little if you don't increase in job title. So going from tech in a good place to manager in a bad place may let you make the leap to manager in a good place. But managers tend to work on trust and social relations more than paper experience, so staying in one place will get you moving more - there is always a danger of entire-workforce-stagnation at any particular place though but you will recognise that when it happens. But going from tech in a good place to tech in another good place can actually a bit of a backward step.
Holy cow. I can remember when my HARD DISK was 480Mb. And that was 10 times bigger than the first hard disk I bought. And even THAT was an upgrade that cost nearly 25% of the computer again.
And, as you point out, that's BEFORE you do anything but actually turn the computer on and wait ten minutes. God knows what happens when you actually WANT to work. XP can boot fairly comfortable for low-to-mid-end users in 256Mb - it ain't fast, it'll swap, but on network managed machines without the usual startup cruft you'll get work done without in-app pauses and for a basic Office suite you won't even notice (I tend to find silent-hard-disk computers are percieved as "faster" by users, even when they are swapping more). 512Mb makes for a nice XP system and anything more is a bonus - I've run networks with hundreds of machines on XP and none of them ever needed more than 512Mb for adequate performance, unless they were doing high-end stuff like CAD - more important is to keep your startup entries clear than put more than 512Mb into an "office" XP machine. But having to have 512Mb before you can even boot the thing up?
total used free shared buffers cached
Mem: 254296 249912 4384 0 1288 75964
-/+ buffers/cache: 172660 81636
Swap: 473908 41000 432908
170Mb used out of 256. That's with a full KDE GUI (commonly referred to as bloated by a lot of people who obviously don't get out into retail stores and buy Windows much), an Opera process collecting mail from dozens of accounts and browsing hundreds of webpages each day with memory caching, and that's been running for about 26 days now.
total used free shared buffers cached
Mem: 222712 218960 3752 0 126832 40760
-/+ buffers/cache: 51368 171344
Swap: 1140604 0 1140604
And THAT's a proxy/filter/cache for a school, with transparent bridging that hasn't rebooted in months. 50Mb in use, admittedly no X-Windows running at the moment. Even most of that is Samba, Squid memory cache, Apache and other miscellaneous programs running on it, not all of which are critical to its operation but provide nice web or GUI interfaces to the admins.
Seriously, I know that things move on and you can't stay on a 386 but what benefit does the actual end-user get for all that bloat? What can you do on a 512Mb "Windows 7" machine that you can't on a 512Mb Vista machine, 512Mb XP machine, 512Mb Linux machine? Can you even BOOT with just 512Mb on this new version? More worrying, how many Gigs of rubbish that load on startup does it come with to fill up 480 Mb before you get into the machine? And what does that do to your minimum installation size and baseline CPU use?
I switched, personally, to Linux at home, Linux in work where appropriate (i.e. everything but network-managed desktops, because of the amount of legacy Windows software required) at around the same time that a Linux machine with 256Mb could do the same things as an XP machine with 512Mb, all other things being equal.
I've got a salesman coming tomorrow to try to sell the school Vista, two months after we put in a brand new XP network replacing the previous XP network. They aren't even going to be able to sell us that because I've done my research, which they don't expect smaller schools to do. Too high requirements, too many unnecessary features, too much rubbish, no practical advantage. How are MS going to sell an OS that's going to need literally Gigs of RAM once it's combined with Office and all the usual bundled offering?
This same salesman will be selling Windows 7 in a few years, of course he will, but what do you get for your money? I've seen people selling Windows Vista "digital signage" (i.e. scrol
This happens far too much, agreed, but there are things that you MUST do. Companies don't care about you. You're a number. Your boss only cares about you for the trouble you can cause and the help to him that you can be - that instantly categorises you into "trouble-maker" or "suck-up". Either works (surprisingly), but I only ever go for the first, putting on a good impression of the second where necessary to make longer-term plans to be a troublemaker work ("Certainly. Yes. I'll install Vista on every machine today if that's what YOU want, sir.... so that when it crashes and burns, I can bring out my report to you from six months ago that tells you it won't work, will cost millions and will break the entire company in the meantime. But if that's what YOU want...")
First, you never let ANYONE else take credit for YOUR work. In one place I worked at, this came down to the IT Manager plastering their name all over a document (in Properties, the document, hidden headers etc.) so that when senior management took it and ran with the ideas and tried to claim them for their own, they came unstuck because simply removing their name from the front page wasn't enough. They fell hard on that one - in front of the top-bod, who caught them out perfectly - and the credit was put firmly back on the person it belonged to. It's a game that you need to play carefully, though.
Second, don't let anybody screw you over. People will do this. Even to the point of ignoring your work because you're "below" them and therefore can't possibly know as much as them (which, in my experience, is absolute rubbish). Blind obedience actually works here. You do EXACTLY what they want, after protesting that it's not right. Every time you see them, you mention that it's not the correct thing to do, but carry on implementing it. You ask them if they are SURE that they want you to do this, several times. If that doesn't scare them off, you make sure that they accidentally walk in on several conversations where you are discussing with other people (preferably THEIR boss) and both laughing about how bad an idea it is. And then, when it crashes and burns like it inevitably will, you bring out every sound-bite, every document, every conversation you've had where they have stated categorically that it was their idea and they did it against your advice. It works wonderfully well with only a smattering of orchestration.
Third, don't expect praise for weekend/night work - in most places you just won't get it. If you do have to do it, then you make an absolute fuss over it so that they KNOW you've done it. You can even go to the point of refusing to do it and when they see that there's nobody else TO do it, and they can't hire anybody knowledgeable enough in the time etc., then you'll get fantastic praise for "changing your mind" at the last minute. Additionally, you make sure that EVERYBODY knows that you did it out of the goodness of your heart.
In IT this can entail things like being sitting in a senior manager's office when they arrive for work with their PC in pieces - "I started work hours ago" in a subtle way. Similarly, at the end of the day, go back to that same person's office and start taking their PC to pieces again (because, obviously, you put it back together at the beginning of "their" day so that they could work) while they are collecting their coat to go home. And while you're there you record a number of problems that were spotted after hours and use them - "Well, while I was taking apart John's PC last night for the network upgrades..." to their boss, for example.
Document everything. Included sound-bites of people who ask you to do stuff. Date it and log it. You'll never use 90% of them but the 10% will more than make up for it. Document your objections. Document your "extra hours" and categorise them by the project/silly decision that caused them. NEVER bring out your book but memorise the key quotes for that important "why did it all go wrong" meeting afterwards.
Get the reput
In this one particular case it happened to be DansGuardian in a transparent squid config because there was nothing upstream to filter it, but I've also done it with other bits and in one case I did it with nothing more than a shell script to filter out particular sites that the upstream filters weren't handling properly (and it was taking days to get them to update).
I didnt use IP cameras, though. I used whatever was to hand - a couple of cheapy CCTV cameras, 20m of cable and a WinTV card - couple it with "motion", an open-source motion capture program, and it'll snapshot and record movies whenever it detects motion on the image and lets you feed the resulting files to a shell script as they are being created - perfect for our use, especially if someone "spots" the machine or cameras and disconnects them - the initial image still has time to get sent to an email account off-site that we can pick up from later for evidence. And to "upgrade", just add another WinTV card/camera, or feed it the URL of your network cameras, or plug in a USB camera - you can basically saturate even the most powerful machine without having to do anything fancy like buy specific 4-camera CCTV cards for it.
Downtime is for those projects that nobody will officially let you start, nobody "wants" and nobody will pay you to implement. Then, when you spend all that downtime putting it in, you pretend that you did it in your own time alongside your normal work, and people suddenly discover that all the projects that they considered a waste of time become something that they can't live without.
At least, that's how it's worked everywhere I've ever been employed.
For example, in a Windows-only school at which the only person who'd ever heard of Linux (the IT manager) treated mention of it like some kind of first word from a child ("Oh, you use Linux. That's cute. Tell me when you make something 'useful' out of it."), I had a few hours of downtime. Found a spare "obsolete" PC. Found a couple of network cards. Was tired of the "Linux being nothing more than a toy" digs.
In three hours (including install, configuration and a lot of testing) I implemented a caching, transparent proxy/filter which to this day is still filtering the Internet (with zero configuration changes either on the clients, servers or any other devices) for over a thousand users without anybody noticing any difference and saving the school in question several thousand pounds on buying their own filtering appliance (from the prices we were quoted). I implemented it in an afternoon and it went into full live service when school finished that day and is still there churning away. It's zero-maintenance (unless someone wants a particular website blocked, in which case they just stick its name into a plain text file), "invisible" to the network users so, unlike some of the other network equipment, the kids don't try to "hack" it and even if they do only the squid port actually does anything.
It's never been rebooted, never caused a problem, is the only thing standing between the kids and the nasty side of the Internet, is now the de facto and only Internet filtering within the school and if it ever "breaks" it has a Cat5-coupler taped to it with instructions - couple the "In" Ethernet cable to the "Out" cable and, without doing anything else, you bypass the filter without anyone noticing more than a seconds downtime. Obviously, it's in a secured cabinet so that only the IT manager can do that, but the demonstration of "now we're filtered, *click*, now we're not, *click*, now you're running off my proxy, *click*, now it's all back how it was before today, *click*"... was enough to silence the Linux-critic once and for all.
Then there's the school running a Jabber IM system that they "would never use". Then there's the school running the PHP helpdesk for which they had no use. Then there's the one whose IT department are running their own recording CCTV computer which nobody but the IT department know about, which emails them movies of any movement in the IT office overnight or when nobody is supposed to be in - it's already caught several "wanderers" who just happened to walk through the locked IT office when they had no need to and "just looked" at the pile of laptops hidden away. That system later got re-used to record classes for approximately £500 less per camera then our usual CCTV supplier.
All the best projects are done when you let the people who know how just let loose with their own ideas and not worry about whether the end product will be useful. Downtime is perfect for this and turns the most boring moments into the most interesting, especially if you have a large IT team who can all "show off" to each other.
Ah, ha! We found you out, Mr Alien. No human being would use a word like recieval when they actually meant reception. Now take off that fake beard...
"If UPnP is available, you can be up and running with Azureus without even knowing what an IP address is."
Correct. Although if it's not, you can still be. It'll be a tiny bit slower and you'll have a few less peers but overall you're not going to even notice if you don't know what an IP address is.
"Without UPnP, you need to understand the concept of an IP address, NAT, ports and port forwarding."
No you don't. It'll "just work". The same way that Steam or XBox Live can "just work" without any of the above. People design stuff for NAT now and there's very, very little (apart from extreme-legacy protocols) that can't NAT properly. But if you want optimum performance and to get as many peers as you can etc. then, yeah, you can use the above techniques to help you do that. Most people don't and won't.
"My mum can't even work iTunes; you expect her to do this?"
Nope. She has no need to. Even if she uses BitTorrent, Steam and XBox Live. That's our point.
"Turning off UPnP makes them have to think twice -- once about the security risks they're avoiding, once again about how to manually achieve the stuff UPnP was doing for them automatically."
Have you got our point yet? It doesn't do anything automatically that can't be achieved through "correct" programming and even MS products manage to work absolutely fine without UPnP - they just work around NAT like everything else.
The problem is that people see UPnP, see what it does and think "I need that" and switch it on. Or when product manufacturers turn such things on at the factory. That's when the security problems start. That's when joe-average gets whacked by exploits like this even though, if UPnP had been disabled from the start, he wouldn't have succumbed to this particular attack and, almost certainly, wouldn't have noticed any difference in any of his applications.
NAT is a well-defined standard. There's not much that absolutely cannot be done through NAT, and most of that is protocol stupidity like embedding IP addresses inside data packets (a breach of the TCP standards, I might add) which can be countered (FTP passive connections, connection tracking etc.). The only other thing is that there are no "open ports" so you can't query a client unsolicited. That's GOOD. That means that they have to WANT to talk to you in order to be able to connect. Things like XBox Live and Steam handle this for you by acting as a go-between for the initial part of the conversation. That's how it works. It's GOOD that it works that way. It stops an awful lot of problems with port-forwarding of arbitrary ranges to something like an XBox that isn't going to be the most up-to-date or secure device.
./configure
make
sudo make install
What's hard? The fact that you don't have someone who's already done that for you? Then try LinuxPackages.net for just about any Slackware-compiled software you need. The fact that there's no dependency-resolution? Either a) get one of the many programs that does it for you or b) run the program, see what it's missing, download that, install that, rinse and repeat. Incidentally, method B was how I've built dozens, if not hundreds of Slackware installs from scratch and takes up less than about 10% of total build time over the life of the machine - and once you're past the "I've got most things now" barrier, you hardly touch dependant software at all except to update.
I use Slackware for anything from a blackbox router to a full desktop (not just for me, I might add). It's running transparent cache/proxy/filters in a 1000-student school I worked in, it's running a security system including CCTV motion capture, it's running web hosts in dedicated facilities, it's running on several (600Mhz or thereabouts) laptops in a full desktop enviroment with wireless connection.
How long does it take to set any of them up? An hour or two to install Slackware (mostly because of the old hardware), a few minutes on a broadband connection to download the "extras" like codecs, libdvdcss, madwifi etc. for the desktops and it's only the stuff that Slackware isn't "allowed" to bundle anyway. Everything else just compiles. No messing about. So I don't see why the troll is necessary. Things just build when you build them.
The problem was - GNOME was dropped because it was becoming an increasing nightmare to compile and package it for Slackware - not because of a Slackware shortcoming. The beauty of Slackware is that virtually EVERYTHING that the base install includes is patch-free and just original source with a handful of configure parameters to put things in the right place. The kernel is pure, the software is pure, the boot scripts are plain, easy, modular and readable. It's almost an "LFS" install done right. No fancy patches to add third-party functionality and cope with different schemes that break original-author-support (Red Hat's patches to cdrecord and the like spring to mind, although I can't stand the man), patched-to-the-hilt kernels that just cause problems for bug-fixing, etc.
Stop spending your money on companies that try to "recreate" every bit of software only to have it break in the next version and them having to pay people to re-do their work over and over again (because the original authors want nothing to do with those proprietry extensions that add little). Start using a distro that sucks in code from the authors in the way they intended it and makes everything "just work".
Turn off UPnP! Why on Earth do you want it on anyway? That's the problem here - an XSS is one matter, although being able to send SOAP-style requests across your local network is a major concern. But having a router that automatically opens ports based on virtually zero authentication? A nightmare waiting to happen.
Never used it. Never wanted it. Never turned it on. Always turned it off on EVERYTHING. UPnP is the problem here - a simple (unauthenticated) HTTP-style page requested in a browser suddenly starts opening ports to your network. It should not happen. Even my DSL router/wireless router/Linux router has SSL only, passworded access to do anything even approaching opening ports. And if a webpage pops up with an authentication dialog with the header "Wireless Router" and you type in your password, then you're a fool, unless you specifically requested the router's configuration page.
There's rarely even a log of what UPnP has done - which ports it's opened in the past etc. for whom.
Just turn the damn thing off. It's too dangerous.
Why bother?
OpenTTD is a complete reverse-engineered version, compatible with virtually every GRF from "The Patch", and works just like the old one - but has reliable TCP networking, SDL graphics, SDL sound, etc. so it's portable to any number of platforms.
Plus, it incorporates hundreds of features that TTD "should have had", such as drag-drop line placement in all directions, bridges that can span over any tile etc.
Fantastic, but if you'd use WEP instead of WPA, none of that really matters now, does it? I'd be on your local network and could boucne via ANYTHING there to configure/reflash the router. Once someone's in, that's the end of it.
And MAC filtering takes exactly zero time to bypass once you know it's in place - some tools constantly read all connected MAC's of all nearby radios and "change" to take over their MAC with a single click. You have to TRANSMIT your MAC for any sort of networking to work, and it's trivial to change a MAC on anything - network card, wireless etc. A MAC is not security (despite the meaning of it's acronym), it's a tiny piece of broadcast information.
I work for schools in the UK and I have tried and tried to explain this to them - their engineers only EVER use WEP on their access point because "WPA is difficult to set up" (yes, I know, its rubbish!). I even did the Whoppix/Whax thing and showed them their WEP key remotely without any hints in under five minutes but their answer is "nobody would bother to do that".
And that's where the problems lie - if you have even 10% of AP's using WEP or insecure passwords, then you can use them to bounce a million attacks off to find some more of that 10% and so on and so on. It's a numbers problem - each point is another radio listening on your behalf without anyone knowing.
Ah, assuming you're not from the UK yourself.
London, England - to enter Central London TODAY, your number plate is read on entry and exit, stored, and you are sent an automated bill for that day unless you pay the "congestion charge" in a London shop (or by text, online etc.). The point is that by entering Central London you have already been spotted and recorded on CCTV, your number plate automatically read and you've been charged. Not paying is an offence - no matter what you were doing. Certain exceptions are made for taxis and low-emission vehicles (which has lead to many millionaires registering thier limos as taxis, but they are clamping down on that too!). The whole border of this "zone" and virtually every road inside the zone is CCTV-monitored.
While you are there, they are also matching your details against road tax, insurance etc. databases to ensure each car is legitimate and allowed to be driven. Even parking on a yellow box at a junction (a "do not stop here because you're blocking side-traffic box" - a relatively minor offence in Britain because we don't really enforce it anywhere but London, the worst you really get is a slap on the wrist from a police officer) is an automated, video-camera offence that you can find out you've committed WHEN YOU GET HOME and see an envelope in your door with a picture of you in your car committing the offence.
London's already there. This article is about British drivers who are moaning about speed cameras being Orwellian when, in fact, much more Orwellian things are going on already and the same people do not complain about them. I assume because you can't do over 20mph in Central London anyway, even if you wanted to, so they happen to drive elsewhere.
So, in response to your comment - London's ahead of you. Nobody cares. But because somebody is taking your picture ONLY when you do over the speed limit (and, in fact, the magic number is speed limit + 5% + 5mph or thereabouts) in certain, clearly marked areas , people are setting fire to the things. But having every detail of every car journey through the capital city logged? In place and nobody cares. Having "Oyster" cards that track every mode of public transportation that you use within Greater London (a much wider area)? In place and nobody cares. All in the name of anti-terrorism? Few question it. But try and stop the joyriders doing 40 on a 30 road and they start committing arson over their "rights" (which, incidentally, we Brits have never felt the need to actually write down but pretty much have all the same rights as the average US citizen, if not more).
Britain is one of the worst surveillance societies, it really is. We're way ahead of the US in such things, whether you know it or not. If it weren't for the fact that the newspapers caught hold of a story where Her Majesty's Revenue & Customs lost the personal and income details of MILLIONS of people on some CD's they put into the post, we'd have compulsory, electronic ID cards by now, linking all sorts of databases that are currently seperate. The only thing people cared about there was that the government wanted to charge £80 per person in the country for them and make them a compulsory purchase. Now that they've dropped the charging idea, people are happy to sit back and have them. Or would have been until sheer accident and incompetence made the government drop the ball.
This was my point and I (possibly mistakenly) assumed that the comment was made by a British speeder who was aware of those other things!
"The information age has made permanent archival cheap, and improvements in pattern recognition are fast giving us the ability to rapidly search through those archives. There isn't a single government in existence today that's responsible enough to handle such data."
Lets assume it's true (I'm only half-agreeing with both statements). So that means we should burn them, no? I know, let's burn all the computer centres. Hell, while we're at it, let's burn the court records. And the courts. Hold on, let's just burn all the judges. See how stupid your justifications are?
"Speeding isn't good, but it isn't the scourge of society."
No. But people who flout the laws that have been clearly written down for DECADES and have never bothered to challenge or provide evidence AGAINST the law (e.g. that speeding DOESN'T kill, or that kids hit at 40 aren't more likely to die than those hit at thirty etc.)... those people ARE the scourge of society. What law would you like to blatantly ignore and boast about ignoring next? You even had to pass a damn test by displaying your knowledge of this law and you didn't query it. So abide by it. Or get the law changed.
"The fact is, governments (and the UK government especially) have repeatedly shown a propensity to never throw away any data gathered from the public (if you are arrested in the UK for any reason, your DNA is put into a database and never deleted, even if the charges are dropped.)"
And that has what to do with burning speed cameras? And if you disagree with it, do something about it which does not destroy tax-paid property in the process of a public-endangering arson. Or does your brain stop you thinking past "burn them all"?
"The speeding *obsession* is a joke anyway--the only reason why law enforcement cares so much about it is it's easy to prove and tickets are an easy source of revenue."
Because people like yourself are so incredibly stupid that they blatantly break a law, when in the prescence of an BRIGHTLY-COLOURED, EASILY VISIBLE (because your lot asked for it) very accurate detector. And each time you do, you KNOW that you've broken a law (hence the slamming on of brakes and the panicked looks whenever people see a flash by the side of the road) and then pay up - because you KNOW you've broken the law. If you hadn't, you'd contest it. And then not have to pay. And then run up thousands of pounds of court costs for both sides which ultimately would lead police to abandon prosecutions due to the expense.
But the fact is that you broke a very old law that you knew full well and then decide to pay up - that's what makes it profitable for the police. It's like the pharmacuetical industry and cold remedies - we could cure colds no problem, but the billion-dollar industry surrounding minor coughs and colds would then collapse, leaving no revenue to actually develop highly-complex drugs for rare conditions. You don't want the police to profit? Stay below 30. It's not hard. You just don't press as hard. It's really, really easy. Every person who's ever passed a driving test has had to do it, under strict supervision, and managed it perfectly.
"The solution to the traffic problem is ultimately a technical one--within the next 50-75 years, we should have fully automated cars anyway (if not flying.)"
Yep. And then we can get rid of all those idiots like yourself from spouting rubbish. But then, no, when your automated car is limited to 40, you'll be modifying (against the law) to go to 50. And then when it crashes or you get arrested you'll spout the same rubbish as you are now.
"Despite what the evening news tells you, law enforcement is NOT the primary problem of our times."
Nope. It's law enforcement being prevented from doing their job because of red tape. And that red tape comes from people who, e.g., argue that, because the officer didn't show them the locked display of a speed camera when arresting them, they weren't speeding. Or having to chase people through courts
The trouble with antivirus is that the doorman is actually sitting upstairs with a note on the front door that says "Report to the doorman upstairs, please." By the time AV spots a virus it's usually already far too late and the first thing that any virus does is to turn off AV, usually in such a way that the user doesn't notice (the equivalent of swapping your doorman for a clone).
AV is good only as a system check. It is no good as a frontline defence. It can't spot viruses until they are either already in memory or sitting on your disk. Some of the time it will spot them before they get executed but most of the time not. When I used to use Windows at home (I only use it on school networks now, I work as a tech in schools) the one way to "tell" that you had something dodgy going on was when Zonealarm went ape. Even the integrated Zonealarm Security Suite, AVG etc. didn't detect the stuff that I was testing. But when something starts asking for Internet access out-of-turn, you know something's wrong. And when your AV is less use than a freeware firewall that bothered to ask you, you know it's a waste of time.
AV-scanning-proxies : excellent idea
AV scans of networks: good idea
AV scans of home machines: pointless and doesn't tell you what you can't find out in ten seconds of using the machine as an IT professional.
AV "real-time scanners": Well, yes, if you must, have CPU to spare and ignorant users using the machine. Otherwise, they're pointless.
Yeah, they can do the same, so long as they follow the well-established clean-room procedure, as they have done previously and are still doing. And the current (and next) Samba already has a lot of AD in it, just not stuff that's useful to managing networks like Group Policy etc. which IS covered by this agreement. AD auth is already in most samba's distributed. However, if you want to work out all the corner cases, all the undocumented stuff etc. then you need specs. Or else you can spend (literally) another decade, not to mention a lot of money on people's wages, to figure out how it all works using a bit of cleanroom reverse-engineering by which time it's obsolete and outdated.
It's a hurdle on all three counts - there are patents (but with this agreement MS has to tell us what they are and if they get any new ones that affect licensees), there are legal problems (making sure the code is CLEANLY reverse-engineered for starters) and there are technical issues (it's a whole heap of a mess and it's taking years to find out useful information that you can put in a nicely programmed version, it requires literally throwing educated-guess packets at a Windows server and trying to replicate it's response depending on the state of the entire network, the packet and the server databases).
Er... even worse than that... Opera 9.25 (latest stable) doesn't either!
The school I work at as a Technician (for the past five years), having set up their entire Windows network from bare metal without any management interfaces but a couple of hand-coded batch scripts, wanted to send me on an ECDL course. That's "European Computer Driving License" to those who don't know. A click-here-to-run-Word-congratulations-you've-passed "qualification" that you give to typists and secretaries. I didn't have the heart to explain to them - I merely said that it wasn't worth their money to send me on that course and they should instead send (besides the fact that I could not only teach that same damn course, but have built networks that the ECDL people end up renting in order to teach the course!
Schools get very stroppy if you don't have all the three-or-four-letter-acronyms to your name until they actually see what you've been doing for the last seven years - they're used to technical people having MCSE's etc. and having to be constantly re-trained on every new OS, buy expensive management software for every tiny little management task etc. because they don't know what they are doing. Then you show them that you've managed all the same networks, on a smaller budget, with greater demands, older hardware and no fancy software and that it outperforms all the ones they've seen and suddenly the little lights switch on in their brains that maybe courses/training/letters/acronyms aren't that important after all.
We STILL haven't got anything to show you. So we slipped a CGI artist a few hundred to knock up something very contrived and put a bad voice actor (who doesn't sound like the original Duke) over the last few seconds of the vid. We can't show gameplay, cos there isn't any. We can't show anything "new", cos there isn't anything. We can't even "hint" at what's coming, cos there's nothing. But if we release a trailer of CGI we'll still keep the Duke name going and make it look like we're actually doing some work on the game.
Not only nothing to see, but yet another nail in the Duke coffin. Just cancel the game, for god's sake, and get on with some real work.