A rose by any other name...

We've come full circle.  In older days, the belief was that if you knew someone's real name, then you could control them.  Power lay in the knowledge of a True Name, be it person or object.

Now we see that the superstitions are not that far away from reality: identity theft has effects clearly linked to the old ideas.  Having someone's True Name, perhaps in the form of fake or incomplete documentation, or merely by superficial pretence, can give you power over that person's current and future circumstances.  It's not a big step from the impersonation crimes of today to a blackmail situation where an individual can be coerced into involuntary actions by the threat held over them.

Putting all our eggs in one basket, which is effectively what any identity card proposal will do, however it is dressed up, will only make matters worse.  It's easy to imagine a scenario where a lost, stolen or faked ID can be used to force someone into committing a crime.  How can anyone resist the threat of their definitive identification being used against them?

eBay ethics

When should you leave feedback?

Initially, my thoughts were clear - the seller leaves feedback for the buyer when payment is received.  That's the extent of the buyer's obligations.  It seems apparent, however, that many sellers consider that the buyer is also obliged to leave positive feedback before they (the seller) will reciprocate, and either wait for this or respond to negative feedback with attacks on the buyer.  Bad decision.

A couple of sellers have crossed themselves off my list of prospective suppliers because of this behaviour.  I really see no justification for this approach, and the 'revenge' comments are a real turn off.  When there's a clear pattern of neutral comments about sellers not responding to emails etc, I tend to believe a buyer who leaves negative feedback about this rather than a seller who resorts to name calling and blank denial of the problem.

On the other hand, I have a problem at the moment - I have a non-paying buyer who may eventually pay up - do I leave feedback for him/her int he event that payment does arrive?  And if so, what can I say without raising their ire and inviting negative feedback myself?

What have I done?

I decided that it really wasn't necessary for me to do all the eBay searching, watching and bidding, so sorted out an account for Joyce.

Where I used to spend a few minutes doing this, my broadband connection is now saturated with eBay requests from the second workstation.  Post-midnight sessions, and very first thing in the morning (pre-breakfast, unheard of!), she's on there hunting for bargains.

Aha, I thought - no Paypal account, so it's safe.  Then in a moment of inexplicable madness, we set one up and funded it...

Back on the road again

Well, not as such.  But we're trying to establish another foothold on eBay.  That's the charitable view.

To be more honest, though, this is just a plan to enable me to sleep at nights - slowly, but surely, we're flogging all of Joyce's murder and forensic books.  I'll be able to relax, safe in the knowledge that we no longer have any guides on how to commit the perfect murder, how to poison your partner and get away with it, how to hire a hit man to get rid of an unwanted spouse (seeing a pattern here?).

On the other hand, I do feel a tiny bit guilty at releasing all this information into the hands of people about whom I know nothing.  Have we just created a new breed of serial killer?

A keeper?

I suspect that Windows Live Writer may just be staying on my hard drive.  If this doesn't get people blogging more, nothing will.  It's rare to come across a product that is at the same time ridiculously simple to use, and yet clever enough to make otherwise tortuous updates automatically.

Or perhaps the clever bit is making it simple.

One of the reasons that I haven't updated these pages is because it needs a login to Blogger to get it working.  However, WLW just ignores all that - asks for the homepage, a username and password (I gave it the Blogger combination, NOT the FTP account for the actual web pages), goes and pulls down what info it can (including the use of the Trebuchet font - not exactly normal) and makes writing this as easy as falling off the proverbial log.

Of course, there's the usual MS bias - one of the tools is a link to Windows Live Local maps - but you can't criticise for added functionality.  It's also possible to insert your own URLs, pictures, or other HTML code, so it's not really a limitation.

Now that's another excuse gone.

The Birdman

This looks interesting - I'd even volunteer to test it. A one-man powered wing, with parachute attached.

Of course, if you want to stay nearer the ground, there's always the Quadski - an ATV that turns into a Jetski.

So many gadgets, so little time.

Firefly revelations

Just recently, I've started to catch up with the phenomenon that is Serenity/Firefly, the Joss Whedon creation. Although I caught glances of it when it was aired on TV whenever, it was never for long enough to grab my interest. But then I saw the DVD release of the film and got hooked.

And I'm not alone, by any means. It seems like there's a hidden army of fans in the original sense - fanatics. Each and every one dedicated to future films and new TV series. They've taken to the mythos with real dedication, putting even the Trekkies to shame. Whether they call themselves Browncoats or not, they simply live, breathe and sleep Firefly.

It's not difficult to see where this enthusiasm comes from. The concept is simple, but executed in a wholly engrossing and I think novel way. The crew revolves around two central characters, but no-one is ever eclipsed. The stories are self-contained, but hang together in a cohesive fashion, never revealing too much at any time. In fact, one of the few problems with the series is that some things never get revealed at all. But isn't that too much like real life?

Tell me why?

Too often, I feel an overwhelming need to ask 'why?' when something happens. Increasingly, I'm asking this about the developments in surveillance that we are subject to. So it's hats off to Dan Gillmore who also asked 'why?' here. Unfortunately, even though he was unable to get an answer, Dan felt he had to give way and accept things. When I do this, I usually hope it has caused someone on the other end of the question to also start asking 'why?'. I get the feeling from Dan's writeup that this won't have happened in the particular case he reports - someone who gets given power to force others to do as they say is unlikely to start questioning the source of that power.

Why are we all bending over and letting the various states we live in do this? Remember, it's the state that owes its existence to the people, not the other way around.

Best biking day of the year!

And I spent it in the car...

Seeing the range and number of bikers out, mainly passing me as I struggled up the A9 en route to Crieff and then again on the way back, made me itch to get back out myself. If past experience is anything to go by, a good weekend when I've not been able to get any two-wheeled miles done is invariably trailed by bad weather during the week and into the following weekend.

There was a pride of BMW GS machines that cruised past at one point - looked very tasty indeed. I only hope they didn't get picked up by the 'safety' camera van: the proliferation of these, especially parked at places almost guaranteed to make revenue without having the slightest impact on safety, is getting on my nerves. Long straight stretches, clear visibility, no side turnings - is it really necessary to police our roads in this way? I challenge anyone who seriously believes that these scams are related to safety to support their use without the funneling of fines to interested parties. If caught speeding, I'll put my hands up to it without a problem, but I really object to the cash incentive to trap people. There are more important concepts in crime or accident prevention, but little that's easier to impose.

There's a serious trend towards 'defensive' driving being forced by the cameras. And I don't mean that in the normal, good sense. Instead, people are concentrating too much on the possibility of being flashed and are no longer giving real conditions the attention they deserve. What happens when some drivers spot a scamera? They slam the brakes on regardless of conditions and crawl past, usually 10-15 mph below the limit. This causes problems for other traffic which was making normal progress until Mr Cautious panics. Result - increased danger, not decreased.

Bad move, guys. I hope that one day the powers that be will see sense, but I suspect that the country as a whole will be cowed into submission, and we'll eventually lose the right to make our own decisons.

How much is that...?

Over the past couple of days, Joyce and I have had cause to do more than our usual share of web browsing. Basically, we're looking for a comfortable gite somewhere in the Languedoc-Roussillion region of France, partly for a rest, and partly for a recce of the area with a view to retirement.

Why do people not make proper use of technology nowadays? For instance, far too many sites have very poor photos of the place they are meant to be selling - or even worse, many have no photos at all. It's as though the owners either never thought of what the buyers might really want to see (hint - pictures of the property, not the local village or river or scenery), or even as though they don't want to risk putting people off with an interior that isn't to everyone's taste. Well, wake up and smell the coffee - if I can't see it, I'm certainly not buying it.

Then there's the question of pricing and availability. I did a search on one site based on availability over certain dates. The best gites presented were then researched further - and two out of three were not available on the dates I'd specified. Granted, I might be flexible in my approach to dates, but this isn't going to persuade me to trust the info given.

Finally, prices. No, I'm not going to indulge in email table tennis while we sort out whether somewhere is available, only to find that it's priced out of my comfort zone. If you must use low, mid and high season prices then define the ranges - it may surprise you to know that my interpretation differs from yours, especially when mid and high season prices seem to extend much further than I'd expect. Much better however to be up front and honest - if it costs £x for dates such-and-such then say so.

This is a story of disappointing results. It seems that owners are often willfully not providing the info I require or even need to make an informed choice.

Without that info I'll simply go elsewhere.

Exclusive offer!

You may have seen the hype about millionaires24.com - an email account within the domain is yours for only $399 per month. You could be one of only 10,000 people with such an account, according to the hype.

Well, I'm going to better that offer - for only £100 per month, you can have a unique "@pemur.com" email address, and this offer is restricted to just the first 100 people to apply. Yes, that's ONE HUNDRED TIMES MORE EXCLUSIVE THAN MILLIONAIRES24.COM; only the top 1% of the top need apply. You'll prove how business-savvy you are by getting a far more exclusive email address for much less than the rest are paying!

Applications to made to exclusive@pemur.com...and hurry, the best addresses are going fast!

Season's opener

First blast out on the bike for a long while!

Given the excuse of the broken hand, I haven't really missed riding for the past few months. After all, the Scottish winter isn't the most appealing weather for riding. Although it has to be said, there is little better for blowing the cobwebs out - along with every last joule of body heat if you're nor careful.

Having kept the bike reasonably clean in the garage, with occasional five or ten minute runs to get it turned over, I wasn't unduly surprised when it started first time. I let it warm up, rolled it back and forward to check that brakes, tyres and chain were OK, then set off for Edinburgh.

Two miles down the road, I knew this was going to be painful. I'd elected to take the country roads, rather than the motorway, and was keeping the speed down - despite rumours to the contrary, I do have enough self-preservation sense not to act the hooligan - but the left hand was really giving me gyp. Seems like I have a bit more exercise to do yet to bring it back to the usual state of health and strength, since every clutch change hurts. And I could feel the little finger pulling over to the middle of the hand as I bent the fingers. This is going to take some getting used to.

So the return trip was motorway, easy on the gear changes, just getting back into the swing of watching traffic and surroundings generally. It was a beautiful day, cold, but sunshine and a light breeze. Until I started home, when it turned a bit nasty... So I didn't get through the winter without riding in the snow, after all!

On the crest of a wave

One of the things I've noticed over the past few years is that spam seems to have some form of cycle when it comes to its prevalence.

Right now, my guess is that we've just passed something of a trough in the cycle and it's heading for the crest again. I base this on the number of mails trapped in my ISP's spam filter - a week or so back, it was quite low, only 60 or 70 over a 24 hour period. However, we're on the way back up now, to around 100 per day. At it's peak, I'd guess the deluge amounts to between 160 and 180 - it's been a month or two since I saw that, but it definitely took a dive from there and is only now recovering. This pattern isn't new - I've observed it over quite some time.

Why this might be is something that puzzles me. It's been fairly well established that the majority of spam comes from relatively few players in the field, but what affects them all simultaneously to give rise to this cyclical effect? We can disregard issues such as the US' CAN-SPAM act, which never seemed to affect the quantity of junk email one bit., or the hurricane season (takes out all those Florida-based spammers temporarily), because these haven't been functional over the past few months. But something out there is having a depressive effect on spammers' activities, and it's acting across the field. Now, if I could only catch whatever it is, bottle it and label it, I might be able to sell it - probably via email marketing.

Marketing guru

This eBay stuff can get a bit too addictive - I'm trying to get a photo of the cat to put on the site - reckon a starting bid of a tenner or so for one fully functional cat should do (or I can sell a pair for only £18). Posting and packaging may be a nightmare, though - better mark it "urgent, livestock" and warn the recipient to take great care when opening.

So here are my hints for successful selling, internet-style:

• Sell everything - if it exists, it probably has value. I was surprised to see an offer for outdated film on the site, so immediately added some rolls that I've held on to for five years beyond the best-before date. No offers yet, but they'll come.
• Make sure you actually have whatever you are selling - OK, you may be able to source it elsewhere if there is any interest, but it makes getting the gallery photo a lot easier.
• Put it on the site at a ridiculously low value - the reality of auctions means that a desirable item will inevitably reach its market value, but an overpriced article won't even get a bid.

Now, does anyone want to make me an offer for a used Forth Rail Bridge?

The cost of a movie ticket

Bruce Schneier has announced an April Fool's competition with a semi-serious point. He's asking for 'movie-plot' terrorist threats with which to frighten the unsuspecting public, mainly as a way of pointing out the ridiculous waste of time, money and resources currently being thrown away tackling such 'threats'.

I have to admit to a small-scale imagination when it comes to disaster scenarios, although whatever anyone comes up with, I can always find a way to make it worse. The point of Bruce's competition is to find how a small, relatively cheaply funded group can sow the maximum amount of disruption and upset. Note that this does not necessarily mean killing large numbers of victims (though that does serve as a good way of getting attention), but it may be directed at economic disruption instead. The general consensus of opinion seems to be that poison is a good tactic, being invisible and simple to spread when you don't even care who the victim is. But I think this lacks the direct impact of a bomb blast, as well as meaning larger numbers of individuals need to be involved over time - and it further lessens the impact if the perpetrators are caught, much better to leave them in the shadows for a future attack.

Plots tend to congregate around choke points, so defending these seems fair enough. But it only takes a little thought to realise that there are too many to defend properly - if we concentrate on the airports, the attackers move towards rail or road transport. If we protect the tunnels, they hit the bridges. Bruce's argument is the the money and resources spent on making people feel better by having visible checks would be more effective at fighting terrorism if it were spent on intelligence and identifying the instigators before they act. Just how many terrorists have been stopped at airports by the added security? Then think about how many inocent people have been harrassed or inconvenienced by the same security...

An easy life

Maybe I'm just cranky because my hand remains sore, but I don't go for a lot of the 'how to handle conflict and difficult people' approach we've just worked on today. It's perhaps the idea that a win-win situation is best that turns me off - all too often, this doesn't seem possible, and the best solution is one that meets the organisation's needs, not the individual's. It's too easy to complain, be the victim and expect sympathetic treatment, even when a distateful situation is self-inflicted. Sometimes you just have to bite the bullet and get on with life.

If that's not acceptable, try Plan B. That's frequent and enthusiastic application of the baseball bat.

Finger trouble

Just before Christmas, I had the misfortune to break one of the bones in my hand. It was the result of a brief moment of carelessness, catching my foot in a trailing wire during a computer install at a client site. For the next five or six weeks, I had the hand, wrist and forearm plastered up, but the break wasn't knitting at all. So the consultant put me on the operation list and allowed me the use of the hand back, with the proviso that I underwent physio to restore some of the lost function and power.

The day for the op arrived today. But the last three weeks or so have seen immense improvements in the hand's flexibility and it actually seems to have healed somewhat. The little finger remains a bit crooked, but the surgeon suggested that the possible complications in operating (nerve and tendon damage) probably outweighed the potential benefits of resetting the bone. So, after waiting over three months - no operation. I had thought this might be the case, but it seems that once you're in the pattern, getting out of an operation is more difficult than getting the original go-ahead, and my calls and requests for an earlier examination went unheard. Someone might have been able to make use of the slot that my recovery left vacant, but I guess it does at least save the struggling NHS some money.

The really ironic twist to all this is that given an extra and unexpected day at work, I went back to the original site where the damage occurred to do yet another system install...this time without incident.

Cheap electronics

We're in the market for a TV/DVD combi, probably around 21" screen size. Whilst I'd like a LCD unit, I suspect - no, I'm absolutely sure - that these are too expensive, and so it will have to be an old-fashioned heavy CRT.

After limited research, we picked a Logik unit from Curry's - reasonable size, very cheap, OK-ish design and good functionality. Unfortunately, we've just had to return the second example because of problems with the DVD player. The TV part of the deal was fine, easy to tune, clear enough picture for my tired old eyes, but the DVDs keep hanging and skipping, making watching anything a real pain.

So the question is whether it's worth trying another low-end brand, or whether I need to bite the bullet and be prepared to hand over more money to the credit card company. Looking around the web, it seems that people are reporting lots of problems with the DVD player part of combi units: are manufacturers really skimping on what should be a relatively easy part to spec up and install, or is there something else causing problems?

BTW, kudos to the guys at Curry's - no problem at all in getting a refund, and no pressure to try another (probably more expensive) unit. Travel expenses would have been nice, but it's sufficient nowadays to part without harsh words.

Absolute power

How do you tell someone that they shouldn't have administrator privileges, and why this is the case?

I was faced with the issue of explaining to a friend and colleague why I was unhappy about them having a copy of the domain administrator password. This was made more difficult by the fact that the rest of the room was listening in. In essence, it's one of those things that is either obvious, or very difficult to explain, and I'm very much afraid that I made a mess of it.

Although I said it wasn't a question of trust, however you look at it this is what it reduces to. But it's not personal trust - I know that no-one in our organisation would do anything to damage the system or to cause any problems. It's trust in the system itself. We need confidence that we know what is installed, what is happening and how things are configured. And when you get more than one person with the ability to make the sort of changes involved in administrator privileges, you get a dilution of that confidence. Spread that level of ability around too far, and you can guarantee that mistakes and errors will happen.

Things will get changed without record; files will go missing,and no-one will remember removing them; applications will appear and downloads run that no-one can take responsibility for. At least when the admin account is restricted, the responsibility for these sort of changes is equally restricted and it increases the likelihood of getting problems fixed. And not insignificantly, when things do get broken, it's clear that the responsibility for fixing them lies with whoever broke them in the first place: much easier to establish, agree and accept that when it's a select group - preferably one person.

Equally, there's the argument that getting the day job done should not mean having to use admin access. One of the most common traps is to live in the admin account when a much more restricted account will do. That message at least I think is well understood, with nobody suggesting that it's acceptable or desirable.

Finally, there's the question of culture and policy - which ought to be closely linked. A company may have a policy of restricting access, but if that policy is clearly ignored in the company culture, it will lead to increased laxity in observing other precautions. If 80% of the staff have admin access, why not let the other 20% have it as well? They may be called upon to act in whatever scenario was used to justify the original release of the information, and so would argue that general access be permitted. But I believe quite strongly that the only proactive approach that should be followed here is to plan for that eventual possibility that privilege enhancement may be required, only granting that enhancement when the circumstances demand it. There's no need for the password or any other privileged information to proliferate in advance of the need (and it must be a "need", not simply a matter of convenience. Nearly every situation that can be envisaged which could be handled by admin access can also be managed with alternate, lesser privileges). Identifying and implementing mechanisms to answer these questions is part of policy management, and this is an area where continuous communication is essential - if we understand the requirements, we can perhaps provide answers in advance of the occurence. So the company culture must encourage feedback and relaxed exploration of these issues, in order that all parties are comfortable with the conclusions. Only when this is achieved can successful and mutually acceptable policies be agreed.

If power corrupts, what hope is there for the omnipotent system administrator? I'm glad that I have friends who can bring me back to earth, as happened today. I really had to think about this, and will re-visit the question with the rest of the team until we're all happy.

You know when you've been tango'd

Now, that's what I call a pair of headphones

Quick - before anyone notices

I had cause to go down to the shops today - just a brief outing, but I noticed something rather odd. It was busier than I'd expect on a Tuesday lunchtime, and a lot of the shoppers were male business men of an older persuasion - i.e., not geeks or junior staff coming in for a quick bite of lunch.

What caught my eye was the furtive way they were placing their purchases on the counter for scanning and payment. They all seemed to be buying DVD's, but didn't want it to be too obvious. Well, that's like a red rag to a bull, and closer inspection showed that these were all copies of the new Harry Potter release. I guess they just didn't want anyone thinking it was for them.

What was I down there for? Well, ah, you see, the DVD's a present for my wife...

Death before dishonour

We'll hang on to our DRM even if it kills you!

In the light of the past week's evidence about the effect of DRM on battery life in MP3 players, you'd think the media industry don't need any more bad press. But it appears, according to reports here, that they are unwilling to concede anything at all, even if it means killing people.

Would it really hurt that much to allow for exemptions in the name of safety? Or are they so scared of someone actually showing that their business model is wrong that they cannot even do that? After all, it's not as though any amount of protection is actually going to stop deliberate pirating of content, so I'm unclear about the real objective here. It looks as though the industry wants some sort of stranglehold to blackmail society with, a most unsavoury, unsatisfactory and unacceptable state of affairs.

TGIF

It's certainly been "one of those days", an apt finish to "one of those weeks". Initially, it seemed as though the phone wouldn't stop, and I even (briefly!) considered closing the mailserver to any new incoming messages. However, by lunchtime matters had settled a bit and I got back to the best bit of the job - spending money. This time it's just a low-powered server for a new development job, but it will fill a gap in the cabinets.

Earlier in the week, we were talking about older systems, and I was trying to remember the first real Windows server I ran - I'm sure it was a 286 processor, but the details are very hazy. What is surprising is that the rate of change seems to have slowed down a bit now, Moore's Law notwithstanding. We are looking after three-year old systems that you could probably still purchase today - I can't remember that being the case any time in the last dozen years or so. Yes, there are newer boxes around, but the jump much beyond 3 GHz processors seems be taking a good long run-up.

At the same time, however, software requirements don't seem to have diminished, and ever-increasing memory allocations seem to be the order of the day. While I'd accept that the functionality is way beyond what we thought was state-of-the-art when I started in this game, the pursuit of optimised code seems have been ignored. How many of the new generation of programmers have ever had to handcraft machine code? We accept bloated software all in the name of enhanced functionality, but what percentage of those Unique Selling Point features are really necessary or even used regularly?

Omniture

I got a brief email from someone today which included a link to a site ....112.2O7.net. A brief bit of research showed this belongs to a company known as Omniture, and further research revealed some possibly unsavoury characteristics. The company appears to be a market research/web metrics provider, which is allied with a number of other major online services. One Google hit talks about a link with iTunes, where the URL used to return data looks like 192.168.112.2o7.net, a bit of obfuscation that must be deliberately designed to appear like a private IP.

It's practices like these that make me suspicious of the company's intent. Why try to hide the fact that the data is being collected, unless they have something to be ashamed of?

How NOT to do it

The recent problems with McAfee antivirus (a DAT release identified genuine executables as malware) got me to thinking about my approach to file protection. Previously, I've always set the default action on finding a compromised file to be 'delete' on the basis that anything mistakenly destroyed can be recovered later. However, the scope of this problem and the panic reaction of some people in running full scans on the basis of a single false positive(and hence deleting even more files) has made me rethink this.

I've now switched to a default action of 'quarantine', possibly meaning more work in keeping the quarantine server clean, but definitely avoiding the issues of losing files forever when this kind of thing happens again. And it will - maybe not for a while, but the tendency to be safe rather than sorry will inevitably mean someone, somewhere will make a rash decision and either release or run something that they shouldn't.

Devices and desires

Looking back at that last post of last year (it seems such a long time ago, almost like last year...), I can't quite recapture the excitement about the Nokia 770. It all fell a bit flat.

So it's with some trepidation that I've been perusing the Origami reports recently - again, it looks great in theory but I'm going to wait and see what the practical results are.

Already I can see one great big glaring omission - no serial port. It's with great regret that I note the demise of this once mighty I/O facility. Having spent a good deal of time recently using my archaic laptop simply because it has a serial port to connect to various network goodies in CLI mode, I'm very concerned that in future I'm going to be very constrained in the kit I can use.

A portable system, with all the usability of either Windows or Linux (the Live CD distro's are very good in this regard), is an invaluable and irreplaceable tool in looking after network kit. Being able to get a serial connection, hard-wired ethernet and wireless links running simultaneously makes light work of many problems. However, it looks increasingly as though the serial port is in serious danger of becoming extinct. And what will a poor network engineer do then?

Back to the grindstone

I thought the older entries here had all got wiped when I changed the web hosting contract - glad to see that isn't the case. However, it does show up my continual disregard of this site, something that I shall endeavour to put right henceforth. The road to hell, good intentions and all that.

Some of the last year's issues and ideas have already receded into the fog of memory, so don't expect updates on those. One of the basic problems for the last few months has been a distinct lack of two-wheel miles: this is not due to the Scottish weather (though I can remember very few days when I would have looked forward to going out there), but mainly because I lost the use of my left hand as a result of my own inattention. Let this be a warning to everyone - don't leave loose wires lying around, and don't rush to answer the phone. Tripped, fell and smashed the hand against a door, resulting in a broken metacarpal that refuses to knit properly after three months.

Now that I've decided that the hand is ok to pull a clutch lever in without breaking into too much of a sweat, the weather decides to really get stuck in - snow. More snow. Wet snow.

They tell me that Summer is coming. It can't get here quick enough.