Today we have some good news, David Blunkett has quit after his dirty washing was dragged around in public. Normally I’d keep anything political away from this site but this is noteworthy as he’s the man who’s been pushing ID cards. I’m all for good security, which is one of the reasons I’m against ID cards. They add cost to the system, complexity to the people forced to use them and don’t actually provide any benefits. Read on →

One of my more infamous quotes at work is “trust me or sack me.” This is the shorter, pithier version of one of my stronger views, you should never hire people you don’t trust or have faith in. When you take on a new employee you are investing a lot of money and effort, both in initial outlay and over a period of time. If you don’t fully believe your hiring choice is the correct one then don’t make it. Read on →

TheRegister has an informative, and pretty short, article on MS NAP, a technology that should help keep networks clear of worm activity by requiring all machines to have up-to-date patching and anti-virus before the network equipment will let them play with others. Now lets gloss over the more obvious question, how do you get a machine on the network for the first time, as it’s simple, the kind of company that actually needs this will have a patch management system in place for new builds (maybe just something like MS SUS) to bootstrap the process. Read on →

I’ve done my time in the first person trenches, from Single player Wolfenstein, all the way to Halflife and its expansion packs along with a diversion into multi-player Jedi Knight 2 (If you played online I probably kicked your arse :)) and the early Doom games hold a warm place in my nostalgia but lets face it, a Doom movie was always going to be bad. The script writer, David Callahan, has made a couple of comments online, the full Doom Screenwriters open letter is available but I quite like the Penny Arcade Doom Movie Strip which summarises the article quite nicely. Read on →

Because if you have a good one you won’t realise how good they are until you get a complete doozy. A while ago i had the luck to work for a very insightful manager, lets call him Mike (his parents did). It took him about an hour to figure me out and from then on he played me masterfully, always the right amount of trust to ensure i was confident about my work but with enough challenge to both make me think about what i was doing and push me into giving more than the pay rate warranted. Read on →

In a previous post about blacklisting IP ranges used by China I stated why I feel it’s a valid approach. I think I should clarify my own actions when it comes to things like this. Any servers that are owned and admined by me alone (Bytemark Virtual machines, friends servers etc) have a number of deny rules in place to drop connections to a number of important ports (SSH, SSL etc) to reduce the attack vectors provided by the servers. Read on →

Heres my feature request for Gmail, a service I’m mostly happy with. It’d be nice if you could set up read only access to your inbox, or even designated ‘labels’ that you could limit by either assigning a password or allowing full (read) access to everyone. I pipe quite a few mailing lists into my GMail account and I’d like the ability to give certain people read access to anything labled as security. Read on →

Quite soon the Chinese government won’t have to try to censor the net. The western world will just filter off all the traffic coming from China, doing the job much more efficiently. The above quote came from a Slashdot article on China and its Relation With Spam. I don’t normally read the comments on Slashdot articles but I had a hunch some of the posts to this one would be quite extreme; SPAM is one thing that drives most geeks nuts. Read on →

Firstly I need to try and get on to the VMWare beta program instead of only reading about the neat new changes from articles like Flexbetas Inside VMWare Workstation 5.0 Beta. Secondly I’d like to get my hands on this release for two main reasons, firstly the ability to stop and start groups of machines at once would make testing certain sets of machines (webserver and database server used by it for storage) a lot nicer. Read on →

Although it actually sounds pretty fast, when you actually start benchmarking it, Gigabit Ethernet isn’t quite as good a solution as you’d think. As more and more commercial deployments move to using SANs and NAS for online storage and backups it’s increasingly easy to saturate existing LANs. One possible solution as people start to look at 10 and 100Gbps networks is FireEngine (PDF), a set of architecture changes and improvements for Solaris 10. Read on →