From the “No *expletive* Sherlock !!!” department….

For the better part of a quarter century we’ve been fed a complicated and more importantly self-serving lie… that ITIL was the IT Holy Grail that would bring the equivalent of the manufacturing industry’s QA to ITSM, felling in one swoop all the ills of IT…. sorry, wrong.

Even the most quality-conscious engineer will tell you that “QA” only aims to deliver a consistent level of output. Not premium quality. No iterative improvement in quality. Most importantly, no guarantee that the resulting output is always zero-defect. The aim is consistency, not quality. If your base quality is good, then you will deliver a quality product consistently by applying QA. Sadly, if your base quality is poor, then guess what…. QA will only ensure you deliver that consistently….. whoops..

Enter a bunch of British government braniacs… now you KNOW that will result in a quality outcome ! *choke*

So it came to pass that these bureaucrats came up with *drum-roll*…. a bureaucratic, documentation-heavy “solution” to implement an IT-oriented QA system with levels of qualification, individual certifications, etc, etc, etc…. how NOT surprising for a bunch of bureaucrats….

Now it is packaged and sold to businesses globally as “ITIL”, which is now in its 3rd iteration of trying to get it right…. so…. v1.0 must have been typical software “quality” (we ALL know better than to buy into v1.0 !)…

So, like so many other certification systems, the cost for certification is horrendous. It almost makes the software systems that are meant to support these “best practices” look cheap….

So with billions of dollars expended globally on making businesses “ITIL aligned”, you would expect that ITSM was now pretty mature and safe for non-aligned businesses to adopt…. wrong…. if a certain tier-1 OEM’s “best of breed” software for managing ITSM and implementing business practices that a business can leverage to make themselves “ITIL aligned” is anything to go by….. well, let’s just say, that business better have deep pockets and VERY patient staff and customers…..

If it is such a pain; so problematic to implement; so expensive, etc.. then why do businesses persist ? Well as I see it (yes, brace for soap box time…), the reality is that the CIOs, CTOs are all so indoctrinated by the “Institute of Management” spiel and government agencies are SO risk-averse, that it is now an almost unavoidable necessity for most medium to large enterprises if they want to do business at the “big end of town”. Meanwhile SMEs will struggle to justify the cost….

Which leads on to the quote near the end of the article…. can you say “self serving” ?

Whose idea was this, anyway?
Where did the standard model come from in the first place? The answer is both ironic and deeply suspicious: It came from the IT outsourcing industry, which has a vested interest in encouraging internal IT to eliminate everything that makes it more attractive than outside service providers.

“Everything you’ve been told is wrong: What IT should do instead”
http://infoworld.com/print/108477

Ref:
http://www.itilsurvival.com/itilhistory.html

WARNING: Anyone who holds any ANZ credit cards with automatic payment set up.

Review your December statement very carefully. Apparently ANZ had a problem with automatic payments in December which has impacted multiple customers.
The only hint my source received was a “late payment fee” on a card that is setup for automatic payment within the ANZ system.

ANZ are apparently aware of the problem, but don’t appear to be interested in fixing it proactively, only when customers point it out to them for their particular accounts.

At the time of writing, there is nothing on the front page of the ANZ site to suggest they are communicating the December glitch to customers or the public via their site.

Send this information to any ANZ customers you might know, we need to put pressure on big banks who’ve all made profits during the economic downturn at the expense of the general public and small businesses. If they are charging late payment fees for faults in their own systems, then this is just another way they profit from our inaction.

Keep the bastards honest.

UPDATE: My source further reveals the following:

The call centre operator in credit card solutions said that they were able to resolve the problem quickly because they (ANZ) are aware of the problem as it impacted a number of other customers as well.

My source:

1 – Saw unexpected “late payment fee” (auto payment was up to 40+ iterations on monthly cycle, so it has been there a long time…)

2 – Phoned bank to ask (a) why the payment was not processed, and (b) why the fee should be paid if they did nothing different, ie: the auto-payment is not the responsibility of ANZ customers.

3 – Got put through to credit card solutions after initial complaint about scenario

4 – Credit card solutions person was very helpful and advised on how to correct the problem. Apparently the problem impacts OLD / long-standing auto-payments.

5 – Got put back to telephone banking staff to setup a new auto-payment.

6 – Noticed that the new auto-payment has (a) different structure for ID from old one, and (b) has different terminology to old one. New payment IDs are much longer and alphanumeric versus simple 4-digit numeric. Old description read as balance due whereas new description says “FULL balance”, which may or may not be the same dollar figure… still waiting to see what happens in January…

So, the short answers are;

1. yes, they confirmed that the problem was with the old auto-payments

2. yes, they advised that more than just my source’s account was impacted

I got my Mongoose Switchback around 1994. It’s been a tough bastard and has help up quite well over the years. Anything plastic is deteriorating though and some bits probably need replacing.

Today I was putting my regular commuter bike/touring bike in for a service and I decided to impulse buy some Michelin fattie knobble tread tyres for the old Mongoose dirt devil. After I switched out my road slicks, gave the breaks a tune, oiled the chain and polished some of the grime off the frame and wheels, the old Mongoose showed me that it was ready for any mountain anytime. I think it was even daring me to find a huge hill and thrash down it…

Sydney Morning Herald “article” about containing the cycling epidemic
by disgraced former NSW minister is torn to shreds by
Copenhagenize.com:
http://www.copenhagenize.com/2009/11/meet-carl-scully-mr-headwind.html

The SMH “article” in question:
Carl Scully (former NSW minister who was ejected from parliment for
lying to the Australian people…TWICE!) talks about his crusade to
ban bicycles and keep them out of cities:
http://www.smh.com.au/opinion/politics/cyclists-do-not-have-the-same-rights-as-motorists-on-roads-20091111-i7wf.html

How citizens on twitter have reacted to the anti-cycling holy war of this ex-transport minister:
http://twitter.com/#search?q=Carl%20Scully

A refresher on the amazing “achievements” of Carl Scully on wikipedia:
http://en.wikipedia.org/wiki/Carl_Scully

Although Scully publicly blamed the party machine for working against
him, it was reported that some Labor MPs feared his record as
Transport Minister during the Waterfall train disaster and other
problems would have worked against the Labor Party at the next State
election if he was Leader. Carl Scully was sacked as NSW Police
minister on 25 October 2006 by Morris Iemma, after having misled
parliament twice in two weeks[3] over the consequences of the 2005
Cronulla riots in December 2005. He had misled parliament when he had
said he had not seen a report on the incident. Then-Opposition Leader
Peter Debnam had repeatedly called for Scully’s resignation.

and

“Carl Scully was the NSW State Minister for Roads during the 2008-09
widely unpopular implementation of a cashless tollway system of Sydney
roads dubbed the “$100m e-tag swindle”. It initially included a $24
administration fee for Interlink accounts not used more than 24 times
per quarter – which he said the Government would not prevent – and a
$40 bond to purchase the essentially compulsory tags. Due to
widespread complaints these decisions were reversed however, the final
cost to commuters is currently unknown.”

It’s like somehow Carl Scully has never travelled or learned about any
other country in the world. Or is it something more sinister…?

Follow the money.

What we can work out about him is that he’s very friendly with the right corporations (motoring companies and also engineering/infrastructure companies who’ve “won” tenders while he was in office) to make any Australian citizen wonder if his real motivations have anything to do with the people of Australia:
http://www.abc.net.au/news/newsitems/200704/s1897261.htm

—

Cities that are well designed for cycling, pedestrians and motor vehicles to
perfectly co-exist have been quite successfully created and improved
by many countries all around the world for decades.

The technology is available.
The design is available.
It’s sustainable.

What we are sorely missing in Australia is the right leadership.

-GeekPete

—

When I saw this, the FIRST thing I did was check the date… 1-Sept, not 1-Apr…. ok, so it’s not a bad joke… well not that sort anyway…

I *think* I understand the US view on this in this post-911 era (as alluded to by the author), but somehow I have my doubts as to how effective such a plan would be…. Sure, all the tier-1 or root servers for DNS, ICANN and many of the core routers around the globe are directly or indirectly (ie: owned by US govt, US businesses or with parent companies that are US businesses under US govt jurisdiction) controlled assets that the US govt *could* conceivably order around:

(1)…plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
(2) in the event of an immediate threat to strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network…

Given that the US gov has successfully forced nations (UK, Oz, CA, etc…) with ties through WTO to write into Law even the most draconian legislation (eg: the DMCA complete with the anti-circumvention and anti-reverse-engineering clauses), in theory they may even be able to create so-called “cooperative Acts” passed by the same countries thereby extending the reach of this bill if it passes into Law…. IANAL, but history has shown some disturbing anti-rights scenarios played out against common sense, common decency and even Common Law.

The real questions are;

(1) would any telco infrastructure or ISP be exempt?
(2) if any telcos would be outside the scope of the likely flow-on Laws, could the independent backbones and ISPs provide sufficient of the meat of the Internet to keep it going under what would amount to martial law?

“Americans continue plans to switch off the internet” – The Inquirer
http://www.theinquirer.net/inquirer/news/1531879/americans-continue-plans-switch-internet

“Bill would give president emergency control of Internet” — CNet
http://news.cnet.com/8301-13578_3-10320096-38.html

Ref: (excerpt from proposed bill)
http://www.politechbot.com/docs/rockefeller.revised.cybersecurity.draft.082709.pdf

Download the mp3:

Nicks_wife_leaves_him_a_voicemail.mp3

I’m not a lawyer(*****), but the last time I checked, the original foundation stone on which copyright law was based was that of “the printed work”. Before anyone arcs-up, I know, music and movies, etc are not “printed works”. However, follow the logic as to why “the printed work” should remain the basis of copyright law and the outrageous claims by the MPAA/RIAA/etc show up for what they really are… blatant grabs for money (which is unlikely to be passed on to the original artist either for that matter…). Nothing like a lawyer in the form of one Steven Metalitz (who represents the likes of the MPAA, etc) to decide to modify consumer rights to bolster the profits of a corporation.

Let’s look at this like “John Q. Citizen” when buying a book, Vinyl LP, cassette or “Red Book Standard” CD (ie: non-DRM-encumbered media). He buys it, takes it home, uses it as many times as he likes until it wears out or he tires of it.

Now consider Metalitz’s statement that he rejects the need “to provide consumers with perpetual access to creative works” that they have already purchased.  If extended to non-DRM-encumbered media, the implication is staggering.  The logical equivalent of Metalitz’s statement in the real world is that at some indeterminate time after purchase, they are reserving the right to come in and remove or destroy the media from your house and walk away without any compensation.

Now, while that statement may sound outrageous, is it any less outrageous than what amounts to digital vandalism that they are promoting ?

DRM is fundamentally evil.

As a programmer, writer and creator of other things, I fully accept that an artist (and relevant contractually-bound parties) should be adequately compensated for their work. It is actually one of the things I have against open source software, but that’s a different argument. So I have no problem with paying a “fair” or “market” price for a licensed copy for my personal use.  I *do* however have a MAJOR issue with being forced to either (a) buy an inferior or DRM-debased(*) product, or (b) re-buy the same product due to built-in obsolescence(**).

The classic quote(***) from Men In Black, “This is gonna replace CD’s soon; guess I’ll have to buy the White Album again…” is a telling commentary on the evolution of media used for some forms of art. While it was meant as a joke, and was funny in context, for some of us it provoked some disturbing thoughts… I own a number of albums for which I have the same album on cassette, LP, direct-master LP, CD, SACD. I also own a few movies that I have on VHS tape, DVD and BluRay. So I get it. I bought each new copy on the new media type because it represented a visual or audible improvement over the previous one. That did not stop me using the old one, but why would I ?

Roll forward to the universe promoted by Metalitz where the 100% legitimate copy I purchased back in 1973 suddenly stops working just because the copyright owner says I cannot use it anymore ?  Say what !?!?!?    The phrase “pry from my cold, dead hands” comes readily to mind.

This is the commercial equivalent to governments passing retrospective laws and then prosecuting people based on those laws. It is hardly just or reasonable.  From a practical commercial perspective, when you buy a product you are entering into a form of contract where you expect goods or services in return for some compensation given to the supplier. It is the basis of the consumer protection laws relating to “goods being of merchantable quality”. If we buy DRM-encumbered products, we are accepting a contract where we accept that we have limited rights. But how can it be “reasonable” under Law for the vendor to unilaterally change the scope of that contract to completely remove your rights to access what you paid for without compensation ?  Idiots who bought “play-once” DRM-crippled products get what they deserve…. But that was what they agreed to…

This issue is very insidious. Software companies moving to “activation-based licenses” (ignoring subscriptions) are another in this vein. For example, what happens if you want to re-install Windows in a post-Microsoft universe ?  Enjoy your 30 days of use between rebuilds…  How would you feel if you could only play your CD or DVD until the vendor takes their authentication systems offline (or goes out of business…. same result) ?

This is the fundamental problem with a pigopoly/oligopoly (look them up if you don’t know the terms) is that it is so close to the behaviour of a cartel; ie: price fixing, market access restrictions, etc.

When you lose your rights one small chip at time, it is like the “boiling frog” anecdote(****). If the likes of Metalitz and his kind have their way, eventually every form of media would eventually reduce to the equivalent of pay-per-view.  How do we stop that happening ?  Support artists and people who sell non-DRM products.  ie: vote with your wallet.

“Big Content ludicrous to expect DRMed music to work forever”  –  Ars Technica
http://arstechnica.com/tech-policy/news/2009/07/big-content-ridiculous-to-expect-drmed-music-to-work-forever.ars

Note: Some of the comments posted under the article are very insightful… eg: “When GM went bankrupt they didn’t come and take away everybody’s car keys.”

Footnotes:
*Many DRM strategies actually break standards. eg: the “Red Book” standard for CDs. Most media-based (ie: CD, DVD, etc) “copy control” solutions depend on breaking standards so that software that adheres to the standards cannot create a working copy.

**Some time back I discovered that DVD manufacturer’s do not provide any warranty whatsoever. If the DVD media suffers delamination as it ages making it unusable, then their response is “so what, just buy another copy”. 20th Century Fox (publisher of “Minority Report”) especially do not seem to care if the media is unusable. I suppose since the disks and packaging only cost them a couple of bucks, they don’t see it as any big deal… um… paying $20 every few months for the same disk is not insignificant and a definite disincentive to buying it in the first place!

***Ref: MIB quotes
<http://www.imdb.com/title/tt0119654/quotes>

****Ref: Boiling Frog
<http://en.wikipedia.org/wiki/Boiling_frog>

*****IANAL, “I am not a lawyer”. No references to any Laws made here should be considered as definitive or even accurate.

—

Ok, I’m “old school” and proud of it, and yes the author of the article linked at the bottom of the page makes some excellent points.

• Yes, I do NOT miss having to write convoluted, upside-down and inside-out self-modifying code just to save a few miserable bytes* ! (*and yes, I know there are still a few bare-metal scenarios where that is still the order of the day…)
• Yes, I do NOT miss having to do all my coding of OO GUI systems using hand-built text objects in CLI text editors!
• Yes, I most certainly am grateful that “GOTO” has been relegated to the dustbin of history in all but hardcore bare-metal work.
• And OH how I do NOT miss writing multithreaded applications with languages and OSes that did not support it inherently.

However…

As onerous is it was to get a handle on initially and hideous to be a support programmer for when the original developer adopted a variation on the more commonly accepted (ie: M$ Win32 API…), Hungarian notation certainly does have advantages, especially when the code has to be viewed in multiple scenarios with various tools, most of which have no concept of the language or types.

(…rant warning…)
More importantly, I take major issue with the blanket statements about memory management. Yes, it has improved a LOT and yes, modern languages, compilers and OSes have far more of it available and *can* use it very efficiently, BUT, many programmers seem to view memory as an inexhaustible resource and rather than just not focussing on being memory misers, they ignore good design templates to reinvent the wheel or worse reinvent a square wheel!!! So rather than take a minute to consider the implications of collecting a massive dataset into a local list or collection “just because it is easier for them” when they could write a more efficient algorithm in the first place and only collect a fraction of the data for the same outcome and let the memory manager worry about dealing with the load. Talk about backward progress…

“Old-school programming techniques you probably don’t miss”
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9132061

—

Photo by Henning

Ok, anyone who knows anything about security in IT systems knows that “security through obscurity” is akin to “the road to Hell is paved with good intentions”. It just does not really provide the desired outcome in the long term.

So, let’s examine the history of this approach. M$ products, getting better, tend to still depend on M$-specific proprietary APIs and protocols, that inevitably lead to “critical” security patch after “critical” security patch ad infinitum, sound familiar?

On the hardware and network design side, many people (some of whom should know better!) think that just because they have what is termed a “NAT firewall”, that their precious LAN is secured from the kiddiots and other nasty denizens of the world-wide-whackfest. WRONG!

First of all, while NAT does provide at least some level of protection (certainly better than the twits who connect their USB ADSL MODEMs directly to the ‘net without even enabling Winblows firewall, nuff sed on that one.), it only really obfuscates things, it is not true protection. Consider the annual C and Perl code obfuscation contests, the result is code that is nearly impossible to read without getting a headache, but it is decipherable in the end. This will eventually become largely academic as IPV6 becomes more pervasive. Remember that NAT was originally created to provide an artificial extension of the internet’s IPV4 address space (well, that combined with non-routable IP address ranges).

All the gurus of internet hacking agree on one thing about NAT as a “firewall” technology; it is limited but fine provided the machines on the inside NEVER open a connection OUT and no ports are forwarded IN. All a potential attacker needs is the details of who and where you came from and they can (in theory at least) use that against you, kinda like identity theft.

So where am I going with this?

Well, we all know that IE is kinda like the promiscuous child of web browsers and the Firefox fanbois would have you believe that they have superior technology. Ignoring Safari, Chrome and Opera with their miniscule market shares for now (although they probably suffer from the same malady), let us examine how a web browser is kinda like the used hypodermic needle when it comes to the spread of bad things.

What is a web browser?  In short, it is an application that knows how to turn formatted data into a (supposedly) consistent human-readable display at least something like it’s author intended. To enhance the capabilities beyond the research tool it was designed to provide, so-called “rich content” extensions have been added over the years much like pin-stripes and towbars to our little utility.

I won’t go into the evils of VBScript and it’s spawn-of-Satan twin ASP+IIS, nor will I pontificate on the bane of good programming and style associated with that most despicable of languages whose name we will not utter (but James Gosling has a lot to answer for…). I won’t even stoop to kick CGI and poor coding of browsers or OSes in the teeth.

What this is all about is HOW the humble browser has now become public enemy #1 when it comes to malware vectors.

“What?!?!”  I hear you scream?  Well, while it IS true that you can be moderately “safe” and “secure” if you avoid known bad sites, you know…the ones that your AntiVirus software pops up and warns you about, just before you click “proceed anyway”. Don’t bother to deny it, curiosity killed the cat, your mouse and ultimately most of the other vermin in your PC before you inserted the recovery disk.

So. What “safe” places could cause such a problem ?  Have you ever bothered to do a “view source” on some common “safe” sites to see what and where you are REALLY being fed data streams? Go to the BBC, CNN, NY Times news sites and have a look. Are you sure you would have gone to “adsense.com” (better known by it’s parent Google…) ?  ”Big deal” you say, but stop to think how you got there…

Now look at your corporate INTRANET website, your vendor-supplied ITIL product (eg: HP OpenSpew, Tivoli, etc.) from it’s web view. What little thing seems to be everywhere?  Here’s a hint: try using a text-only browser (no extensions) to view TechRepublic (another “safe” site) and you should bump into a little warning “Requires JavaScript for most site functionality”. I’m sorry, what did you say?  You don’t HAVE a non-JavaScript-enabled browser?

If you are like the vast majority of WWW users, you will find that many sites simply do not render ANYTHING or fail to render correctly if you do not have JavaScript. Once again, I hear “big deal” and “so what” comments. More importantly, the Firefox fanbois will be saying that they are not affected. BZZZT! Wrong!

What makes the difference between fast and slow web browsing?  Caches.  Most browsers have one and almost nobody ever clears theirs manually. Frequently they’ll even leave the default size and age settings in place.

Well, if you ARE one of those people here’s some food for thought. There are those of us who are seriously paranoid about identity theft and cross-site scripting and silently-delivered malware. One browser to do banking, eBay, Amazon, etc and a DIFFERENT browser to do general surfing. It is getting so bad on eBay and Amazon that I may soon have to resort to using a separate machine to ensure security for online banking.

Things found in MY (uber-paranoid-mode) cache have included cookies, JavaScript, applets and plug-ins from RedSheriff, DoubleClick, AdWords, AdSense and a bunch of Adobe “things” (Flash, Shockwave, Air) and other things that I never intentionally installed.

Let’s move forward a single step. I browse from behind a NAT, SPI and firewalled router, Linux firewall and cache and a secondary router to isolate the WiFi machines from the servers. Despite this, my browser has delivered all manner of “unexpected” things. It would only take ONE compromised Auctiva-extended eBay page or hacked banking site for someone to deliver a supposedly “safe” JavaScript to my machine that lurks until I next connect. Personally, my next step is to force all browsing through the proxy cache and run a live scanner for malware, not that I expect it will improve matters much.

The article below is a more readable explanation of how this all works to compromise your PC. How to stop it happening is the question to which nobody appears to have a foolproof answer. I suppose in an extreme case, we could all resort to surfing from browsers sandboxed in snapshotted VMs or from “live CDs”.

The governments are trying to tighten security and censor the web. Flawed, futile and infuriating as that may be, it may in the end be a moot point if “surfing the net” becomes so hazardous that people start rethinking whether the convenience is worth the risk.

“New attack class exploits intranet weaknesses”
<http://threatpost.com/blogs/new-attack-class-exploits-intranet-weaknesses>

—

Before you read on, I strongly recommend BUY AUSTRALIAN (whenever possible).
If you buy overseas, you send money and jobs with the purchase, unless of course the product is manufactured exclusively overseas in the first place. In that case, shop “smart”.

Ok, we all know that DVD region encoding is an artificial block to enforce regional pricing. We also know that many DVD players can be made region-free to avoid the problem of having to own multiple DVD players to cover the regions that our DVDs come from.

So with the hassle, why buy overseas? Availability of titles, release dates, optional extras, etc, etc…

While NTSC region-1 disks (USA and Canada) tend to have the widest list of available titles and features, NTSC is not PAL (the Oz video standard). Ignoring the whole digital thing, there are still reasons to stick with PAL disks. Enter the UK as PAL and region-2. Makes a nice source for movies, not to mention frequently faster delivery than the USA.

Blu-Ray players that can be made region-free tend to be somewhat rare still, but mercifully they did not break the regions up as much (see first link). Even better, of the 3 regions, Oz and NZ are in the same region as the EU/UK! So no problem playing UK-sourced blu-ray disks in local players.

Still, why buy from the UK rather than locally ? As much as supporting your local industry is laudable, there are some serious discrepancies in pricing of these foreign-created disks. Since they are imported anyway, how come the local release is so slow and so expensive? Add to that the major annoyance that frequently the Oz importers do not being in everything or large quantities, eg: Van Helsing soundtrack CD, of which how many were brought into the country? According to one major retailer, only 100 physical disks were imported and fewer were ever distributed to stores.

So, the message is simple: Buy Australian (if possible), otherwise have a look at UK-based online sellers.

Oz/NZ/EU/UK all in region B for blu-ray
<http://en.wikipedia.org/wiki/Blu-ray_Disc>
Example of price differential (delivered prices):

<http://www.amazon.co.uk/Van-Helsing-Blu-ray-Hugh-Jackman/dp/B001TDKLHO/ref=sr_1_1?ie=UTF8&s=dvd&qid=1242603022&sr=8-1>
£12.98 (+shipping, GBP£3.58)
TTL: AUD$32.96  (GBP£16.56)

<http://www.bigwentertainment.com.au/product/van_helsing_3847516_188284.html>
AUD$35.96 (+shipping, AUD$4.50)
TTL: AUD$40.46

<http://www.ezydvd.com.au/item.zml/805834>
AU$39.97 (+shipping, AUD$1.50)
TTL: AUD$41.47