If you tell enough stories, perhaps the moral will show up.



If you want to conceal your plan for a mass redundancy day, it's probably best not to book out every meeting room in the place all day....


Wrong Impression

I was very taken by this picture from the front page of the LogMeIn site.

On the site it's animated: we have  the shady character in an upstairs room hacking away at an unattended machine in an empty office.

That can't really be the impression they want to give, can it? Is that what they're selling?


Not Idle; Moral!

In a month or so, every adult who works as an employee or volunteeer with children or other vulnerable groups has to be registered with the Independent Safeguarding Authority. This is an extension to the current criminal record check, because the assessment is continuous. What that means is that if a rumour or suggestion falls into the hands of a police force, government agency or local authority at some future time, the registration can be withdrawn at that point, and the employer/organiser warned off, unattributably, under pain of a £5,000 fine.

The Home Office are saying that there will be more than ten million names on the list, dispensing information from hundreds of sources to hundreds of thousands of users, and the records will be up-to-date and truthful. Since the aim is so laudable, and the consequences of screw-ups so dire to innocent and guilty alike, we must wish them "good luck with that".

I'm not against this sort of thing overall. The test is always to move away from the emotive area of child protection and see how we feel then. If you apply for a bank job, is it good that your proposed employers is able to learn about your convictions for swindling or your creditors arrangement before they give you the safe keys? Yes, it is. Society is mobile and people do use that to hide. But this scheme fails for me, on top of its basic impracticality, because its boundaries are just too wide -- essentially, if the criteria for inclusion are fair and worthwhile there's no good reason why it shouldn't be applied to parents or at least step-parents, and that takes it into political and moral absurdity.

But I do have a slight problem. You see, the papers are full of warnings that volunteers -- the sports organisers and the reading assistants and millions of other helpful people -- will be deterred by the unpleasant thought of being on a list where they are graded and assessed for the risk they present to children. And this is a colourable view: the rules of the Standards Board certainly reduced the number of upright citizens willing to serve as parish councillors, and certainly I reckon I would much rather be judged on whether I had declared all my financial affairs than have some civil servant noting that my late marriage was a marker of sexual irregularity and a risk factor for proneness to abuse children.

On principle (like I say, it's a bad scheme, see?) I won't be registering, and that means I won't be volunteering, and will have to decline requests that I do so. But I am also aware of a slight hint of relief as I make that choice. Essentially, because of my strict moral standards, I can't do PTFA stuff; I can't do carpools, I can't mentor, I can't help with reading. All these things which I didn't do before, because I was a bad person, I'm now not doing because it's important to make a stand against idiot completists in the civil service. Result!

I'm not doing anything this evening: Fancy a swift half in the Angel? See you there.


Wireshark is OK, But a Bit Heavy

For sheer absence of dicking around, nothing beats tcpdump(1) which ought to be in your Linux install. I had to find out what systems were still using the old time server, which, happily was an ancient Slackware and, consequently, a Proper Operating System.

tcpdump -c 10000 port 123 > clockies

gathers the first 10,000 NTP packets, and, in another terminal session

gawk '/[0-9] 10/{print $2}' clockies | sort | uniq

gives you a list of the IPs (and you don't have to wait for the first one to finish.) Run wc(1) at the end of the second pipeline from time to time, while the first is still running, and you can see if any new IPs are cropping up.

What I like is the query language: for NTP packets there's just no more intuitive way of writing the search than "port 123"

SetACL for Command-Line Permissioning

SetACL looks like a saucy little alternative to approaches I've taken here before:
  • Unlike CACLS it uses a simple permission language -- no SDDL
  • Unlike CACLS and chmod(1) it works on services, registry keys, shares and printers
  • Unlike SubInACL it's not mental
I think I need to get familiar with this.....