Posts by Lee D

Re: Lego Minecraft

I could really mess you up and show you Lego Worlds which is basically a computer game based on Minecraft using virtual Lego bricks.

Strangely, I like my computers to not do anything unless requested.

It seems some people lost that idea some years ago and tolerate anything now.

Hell, even my phone can't update an app without asking first.

Sorry, Microsoft / Samsung / whoever. It's my device. You'll do what I say. By all means inform me, but I can also say "shut up" to those notifications permanently if you abuse them.

The auto-update-with-no-choice-about-it is really only a product of the last few years. I will literally hack my operating system to stop you doing that to me, having witnessed any number of updates-gone-drastically-wrong, and inconvenient timings for updates.

Within weeks of Windows 10 upgrades going out to Windows 7/8 users, I had one person who trashed their entire system including all documents (we have no idea how), and one who was forced to upgrade a fresh machine and then explorer crashed out constantly (which meant Windows was unusable in any mode and we had to recover files). That's not counting all the Windows Updates that just blue-screen, take out features (one IT guy I know has a PC on Windows 10 that every Windows 10 update removes his Ethernet drivers and nobody knows why, but to say that's slightly annoying is an understatement), or are later revoked for discovered problems.

You have to be an idiot to blindly upgrade everything the second it pops up. Hell, the software often doesn't even give you a chance to make a proper backup with it's "Update Later" kind of non-option. If MS etc. were taking responsibility for my data, that would then be their problem. While they don't, they don't get to dictate when I update.

Re: A question of degree, perhaps

Agreed, copper can easily do 10Gbit just with ordinary protocols. But that's a specialised 8-strand cable. And though the back of an SFP module might be copper etc. that really just processing (we haven't yet found a way to reliably process light-only signals!). My switch interconnects on a switch stack are "copper" but they can do 10/40Gbit or whatever. Similarly, I have a "fibre" that can barely hit 10Mbps because it's old and shonky.

But when it comes to "fibre" vs "2-wire telephone cabling" over the same kind of run, there's not much competition. As such advertising 2-wire as "fibre" is really misleading. And also technically wrong. And unhelpful.

Fibre inherently possesses a potential for upgrade. Just change the modules at each end and you can go from 10Mbit to 10Gbit in seconds without having to repull the cable. Pretty much the distances involved don't matter (outside a reasonable range). Copper, that's not as true. Distance and quality of copper matters a LOT. Especially 2-wire copper, rather than Cat5e/Cat6a or whatever (which can still only do 100m / 40m depending on the speed you want).

It's misleading but if we sell on the basis of "speed" then the fibre moniker matters much less. However, it should still matter - because of the upgradeability, etc. potential of the line. There's also consideration for the potential for abuse. Here's a 56K modem. It connects to our cabinet at the end of the road. From there to "the rest of the Internet" we have a fibre leased line. Can I still sell that as "fibre"? I don't think so. Even if I advertise the speed legitimately.

Nope, but they do come with ID lights.

It's a really dumb thing to press the button on the wrong server. And... if we're talking about an era where holding in the power button doesn't kill the machine hard in 5 seconds, and where NT is running, and where it doesn't auto-power-off on the Turn Off Your Computer screen, then we're back in the age of floppy disks and maybe even pre-CD in your average server.

But whatever era, there will have been a better way to indicate what server you mean rather than just guessing.

ICANN are supposed to be global. Ignoring the 1st/2nd largest market in the world (depending on what you're looking at, America often comes after Europe in terms of market size etc.) because you happen to be originally based in America is a really dumb idea if you want to have that global responsibility.

America has also had to play ball if it wants European information. Don't want that information? No problem. Want it? Then you handle OUR information in a way compliant with OUR laws (or there's no point having them as everyone will just say "Oh, I spammed you anyway because although I'm European and that's illegal, I just had a US company do it for me". There's a reason that America basically are inheriting our data laws - if they want to trade, they have to be on the same level.

If they don't play ball, they will lose the European market, who will quite happily take their Internet ball home and play a different game. Likely a better one, to be honest. Fact is, if ICANN claims to control/manage every .uk, .eu, .fr, .it etc. domain that it either plays ball or has those taken away from it (i.e. bye-bye 50% of revenue).

The EU has all the jurisdiction over its own data. And it's own top-level domains. And trade that involves any European entity. That's WAY more than enough to have a say.

And, yes, the WHOIS-hiders are breaking the rules, but they were never enforced anyway (mainly because they realised what a stupid idea a public database of everyone's address was). This is way, way overdue. No other place that I sign up to has the right to just put my real name and address on a worldwide, publicly-searchable database that I can't remove it from without breaking the rules (and certainly not for something as trivial as a name to run a website). And they had phone number and email too.

This should have ALWAYS been like this. Law enforcement, sure. Anyone else, no. And it hit personal users hardest as they didn't have a company head office to hide behind.

Re: Private keys are private

No more than normal processes.

You can always regenerate a certificate. At worst you might run into trouble with HSTS or pinning, in which case you probably have a backup procedure in place.

And your backups should be encrypted and are reading data to backup AS ROOT anyway. Thus it's not accessible to anyone who doesn't already have full access to the entire machine anyway, and encrypted anyway, and should still be passphrased anyway.

And the passphrase should be handled the same as the root password, the domain administrator password, etc. Which means DON'T write it down on anything you can't revoke or encrypt.

Re: Edinburgh Woolen Mill

Maplin probably have a lot of prime rented stores in the middle of big towns and shopping centres.

Sure, it's not easy-money, but chances are you could snap them up, use the leases and it'll be cheaper than fighting for a prime spot.

Re: Fag packet calculation time...

That Leaf has a 40kWh battery. To charge that from solar panels in 3-4 hours means you have... what? 10KW of solar panels on your roof? Let's say on average it requires a half-charge, that's 5KW of panels at full whack for 4 hours, using 35+ square metres of solar panel.

Truth is, you're topping up the battery at best. Serious usage of the vehicle (150 mile range? That's a single 75-mile back and forth) would drain your proposed house battery and the entire daily solar output with less than one full charge. And you're doing that using a set of solar panels costing as much as the car (not including fitting and legal agreements on who owns the roof if you sell the house, etc.). And you're doing that on a roof which isn't available to most people.

Sure, you can do this. But stating it as if everyone can just do it, or would do it, is slightly dishonest. In actual fact any two-car families wouldn't have the roof-space. Anyone renting wouldn't be allowed to. Anyone in a flat wouldn't be able to. Anyone whose car is parked away from their house (even out-front in private parking) wouldn't be able to.

And each car requires 30-something square metres of solar to make it happen, at best, so local solar for those use cases - even if supplied by a town council, etc. as a solar-powered charging point - is actually sucking up land quicker than houses themselves are being built.

Fact is, if you want to have electric cars, you need investment in the electric network. YOU have invested £10k+ in your electric setup, which benefits just you, and supports one vehicle. To scale that up to millions of cars means the OP is right... lots of new nuke stations or entire counties full of panels, or forget it.

Re: They can't afford to fix it

Unlikely... though it might hit "cashflow", there would have a bucket of contingency for that. If they're losing a million pound over a weekend, they can afford to lose 10 million easily.

However, they haven't "lost" anything... people will still need to top-up, they just couldn't do it when they liked. The only loss is much more easily measurable by "how many customers have we lost". And that won''t be costing them in the millions just because of a weekend's outage of a top-up that customers only do once a month, if that, and that the highest paying regular customers don't do at all.

Re: PMSL

Yep. Either tell me WHAT to use and WHY or don't bring it up.

The answer is always Owncloud/Nextcloud, which is fine but hardly a replacement for a globally available network.

Same principle.

15" was minimum back in the 90's.

Re: Saturated

I feel the same about everything PC-wise, not just phones:

- Processor speeds, unnecessary past 2-3GHz (though the trend now is ordinary-speed chips that slow down "for power-saving" )

- RAM, I've had that argument on here about the minimum being > 4GB, but once you have 8, 12 or 16, I don't need much more.

- Storage, SATA SSD gives me all the speed I could desire, I don't need stupdenous NVMe speeds. I'd much rather have a 2Tb SATA SSD that I won't fill than a 256Mb NVMe that I will.

- Networking, Gigabit to the desktop, everything else is the bottleneck.

- Sound, so long as it can do the basics, who cares? That means 44KHz stereo for me, and even that's probably overkill.

- Video, I'd rather have my games running at 1368x786 or whatever it is and not struggle than at 4K and need a beast of a machine. Same for SD vs HD TV, etc., especially if I save a few quid and Gigabytes on the download.

- Mobile phone, I stuck with an S5 Mini (removable battery, headphone socket, IR blaster to control my old-fashioned devices that don't need to broadcast over the airwaves or connect to the Internet, etc.). It does everything I need, could do with some better logic on installing to internal memory all the time when there's a half-full 32Gb microSD card in it, but apart from that it's fine.

There's a point where "good enough" suffices. There's also a reason that I use an 8-year-old model of laptop and yet have a dozen virtual machines in it, all my games from Steam, and just about every game I've ever owned on any platform, ever, all loaded on it. And why my phone is from 2014.

At some point, any kind of upgrade just doesn't make sense, especially if it means you lose features that you currently have. As far as I'm concerned Windows 10 and new Android are more than cancelled out by stupid update policies (just dealt with someone who loses their Ethernet on every Windows 10 update at home, so they try their hardest not to update at all), hardware without the basic removable parts (SD cards, batteries, headphones, decent amount of USB instead of USB-C, etc.) and PC's that are basically dialling back to stupid speeds to save power.

Re: Bad move

My new place near a large city inside the M25... I get 3Mbps on standard ADSL2, "up to" 10Mbps if I go VDSL. And because nothing else covers my cul-de-sac, there's nothing I can do about it. Sorry, but BT's network is a mess. I use 4G and get 35+Mbps instead.

And BT will just have to provide for people to use their facilities... if they break it, you charge them for it and fix it. That's how it works already. Because aren't Openreach mostly subcontractors anyway?

P.S. Last time I asked for a leased line from BT, they took FOUR YEARS and did nothing. After the last six months of constant yelling, we ended up with three empty, incomplete, different and not-joined bits of empty plastic tubing, and then we were told there was "no room at the exchange". Not one fibre every made it even to the site, let alone just jointed together.

This is the same site that gets 25Mbps "at the boundary" on two seperate VDSL lines, which drops to less than 1 if it rains (and our analogue phone lines all cut out). The six ISDN lines regularly failed (to the point of cables dangling in the street despite no hurricane, etc.).

But once Virgin put in a proper fibre line, we moved all the ISDN and analogue lines to SIP, all the ADSL/VDSL to the leased line, and have not had a single outage in three years.

Sorry, BT, but if you want the custom and you're forced to "allow subcontractors" by the people controlling you, that can ONLY be an improvement. It might mean more outages, but I can't imagine it, and at least then there will be a backup of some kind when you don't ever resolve the issues. I'd rather than 20 lines from different companies, one of whom might hire dodgy subcontractors who somehow damage all the other lines occasionally and have to pay to fix it, than being stuck with BT / Openreach as the only (atrocious) option where they don't care if it's broken for years, nothing happens to fix it.

Re: As predicted ...

Yup.

Pretty much when even the most luddite of people probably has a smartphone with camera, internet, games, movies, tv, music, satnav, compass, torch, spirit level, etc.etc.etc. then there's nowhere else to go and they aren't going to upgrade "just because" especially if all those things weren't what made them upgrade to a smartphone (which is most likely to be "to use WhatsApp to call people for free", "to check email", "to go on Facebook" and "because it's just as cheap to do all that as buy a normal phone", according to a brief survey of the people who come to me in that position).

Gimme something new and I'll think about it. And a removable battery. And a headphone socket. The Samsung "this phone can also be an Ubuntu Linux desktop" is intriguing to me, but niche. Hell, stick a fold out joystick on it and licence a bunch of retro games and the kids would probably be all over it. But without something new, it's just a case of "I'll buy when mine is bad enough for me to notice", whether that's because it's broken, slow, can't do something I need, etc.

Re: Molten salt ?

They tried, but then all the chips disappeared.

Re: What could possibly...?

Keep your debit card in an RFID blocking wallet or sleeve.

I like to demo to people the "Credit Card Reader" app which can pull off their card number and expiry date by just tapping an NFC phone against their card (or, in theory, from across the room) without them even knowing.

Sure, it's not every detail and not the same as performing a proper doink transcation, but it's enough. But put it in a sleeve / wallet with foil insert and you can't read the card at all.

The other app I like is "Passport Image Decoder". Worrying that such access is available passively without your knowledge, even if the most vital data is encrypted

Re: Remnant of the 1980s

"My PSU too, just after Xmas. Only place for a *now* replacement at a half reasonable price."

Amazon Prime Now:

Corsair CP-9020097-UK VS Series ATX/EPS 80 PLUS Power Supply Unit, 550 W,Black

(They had loads of other choices, I just picked one)

£38.52

Sold by Amazon EU S.a.r.L. Remove

Check out now with 2-hour delivery for £0.00

I could have it before I got home tonight, if I wanted,

Welcome to the 21st Century.

Don't think numbers. Think percentages.

That's a 1/3rd drop in expected sales. That's quite a hefty hit for any company. Changing your plans for your new product to only sell 2/3rds of what you expected? That's gonna hurt any company and Apple are fortunate enough to be able to absorb a $10bn loss without flinching.

(By overcharging for every product they've ever made, and stashing their money abroad outside of the reach of taxation authorities, but hey... I'm not judging... no, wait, yes I am).

Re: @Lee D

Nothing to do with that.

Did you know games are 64-bit only and demanding 16Gb+ RAM nowadays? That's not the top-end gamers only, but just to RUN the game on Steam.

As you can see from my post, I deploy 8Gb by default to ALL USERS, and I work in a prep school. That means primary-aged children, and staff who run nothing more demanding that Word, Outlook and Chrome. Because 4Gb vastly increases their performance (and coupled with an SSD for some staff makes ancient Lenovo desktop machines that they don't make any more FLY). I'm sitting on a ThinkCenter E72 in work, it's hardly a power-user machine.

As people have noted above, a browser can suck up Gigabytes (and, sure, some of that is page caching, but by far not all). The latest series of phones have 3Gb or more, what makes you think that they are doing more than people's desktops?

Yes, I have VMWare. But none of my client computers in work do (or HyperV, that's for servers). Chrome tabs? Gosh, why would any unexperienced user open 30 tabs at the time (something I could do back in the Opera 3.6 days without ANY HASSLE AT ALL on a machine with way less RAM)... because they're users who click everything and don't even realise they have other tabs open half the time. Windows 7, 8 and 10 all RUN with 4Gb. Fine? I wouldn't say that. That's WHY I upgraded... when I started at this workplace that's what they had (P.S. that was 5 years ago, and it was considered a "cheap" solution even then). User's complained that the machines were slow. So the upgradeable ones got 8Gb, the others got SSDs (note: All machine running 64-bit Windows, but some motherboards aren't built to cope with >4Gb RAM but some of these clients are models that are 10 years old, so hardly surprising). Both provide an ENORMOUS boost to the system.

It's about being sensible... the cost of 4Gb extra RAM is pitiful for the performance improvement. It also drastically reduces swapping, especially important if you are using an SSD. I have actually seen 4Gb machines with no swap just run out of memory (hint: I have Outlook and Vivaldi loaded, with Sophos and some TINY utilities in the background, on the WORST machine in my worklpace - always eat your own dogfood. It's left running all the time. Once a week, I get a "we've closed this program because we were running out of memory"... and that's on a machine with 4Gb and swapfile on SSD [which is slowly killing the drive but it's surviving nicely]).

I'm not just making this stuff up. Go buy a cheap laptop and put an extra 4Gb in it. The value is way above a more expensive laptop with only 4Gb.

Your disk must be swapping all day long with only 4Gb on a modern OS running even basic Office and Chrome for any significant working day.

Apple has expressed in a court of law that it only designs/expects the iPhone to last one year at most.

That's actually the argument they presented, on record, to try to avoid offering the statutory 2-year European warranty.

Why people do business with them, I still can't fathom.

Re: Sounds like a classic "Big US Corp" Defense.

"well enough to call "Bu***t" on that."

bucket, budget, budlet, budrot, budzat, buffet, buglet, bugout, bulent, bullet, bullit, burbot, burget, buriat, burket, burlet, burnet, burnut, buryat, buryst, bushet, busket, buyout

Nope.... I'm lost...

Re: It's time...

Not the OP but he may be right:

https://www.standard.co.uk/news/london/pilots-welcome-government-crackdown-on-drones-after-spike-in-near-misses-at-heathrow-and-gatwick-a3594886.html

"The number of drone incidents involving Heathrow planes nearly quadrupled from seven in 2015 to 26 last year (Note: The article date means this refers to 2016!), according to reports by the UK Airprox Board."

That's one every two weeks at Heathrow alone just 2 years ago, after previously quadrupling. Nothing to suggest that the trend can't have extended to one every week at Heathrow alone.

Re: OK it complex to render

I don't know about the OP but what I'm asking for is for a font renderer to be able to either render a glyph or error out sensibly, not just crash. A crash means you didn't isolate your memory etc. from each other and you end up in a combination which causes things like divide by zeroes or out-of-range memory accesses or pointer confusion.

Which, sorry, but shouldn't happen in production code that goes out to positively millions of devices. I can quite understand "this glyph is unrenderable, or something went wrong, or I got an error, so I caught that exception that the underlying code threw and returned NULL glyph in that one's place, rendered the rest of the string and then returned the whole - valid and renderable, just not correct - string to the underlying process without the potential for code execution or further errors propagating down".

Seriously, people, this is what EXCEPTIONS and error-handlers are for. It means that even if the glyph-renderer throws an exception, the string renderer that called it should do something about that beyond just throwing that hot potato all the way back up the chain to the UI framework and then to an app that can't handle it causing the OS to kill the app. It should be replaced with a safe glyph, the string should be caught and marked as erroneous by the string rendering routines (and replaced with, say, XXXXXX), the UI framework should catch it, and app should BE ABLE to catch it if it propagates that far (but I don't expect it to).

If you have not designed your UI framework to safely handle and isolate calling processes from errors in glyph rendering (which could be caused by a corrupt font, or an illegal combination of glyphs and modifiers, or a missing glyph from the font entirely etc.) then you shouldn't be writing one and FORCING people to use it (notice how ALL those apps are from different people, including the lockscreen, but they all are subject to the same textual API...).

Throw... catch... it's not hard. And catch should never be "oh, just catch everything I might have forgotten and throw it back up the chain where nobody can do any better than I can anyway". That's the last resort.

Conversely, I basically issue no laptops.

Sorry, but I don't see how you can say both "I need dual monitors to do my job" and then "I need a laptop". They are both just a status symbol and mutually exclusive.

To be honest, I can't justify a laptop for anyone, but I get overruled (always for the most senior staff, always for the ones who use the computers least, always for the ones who conveniently don't have a PC of their own at home...).

At home, I have a gaming laptop because it's a monster and does everything - it's a luxury I couldn't afford for many years and is now getting on to 8 years old. I get my money's worth out of it, and it's portable because it comes on holiday with me, goes round mate's houses, etc. all the time. It's the "best compromise" between a powerful PC, a portable device and something to watch a movie on on a plane and load up to quickly check Facebook. But in work, I only ever use a real PC, or a remote session to a real PC inside the network from such a device.

For work, I can't justify the expense, the fragility, the cost of repair, the potential of theft, the performance hit or the screen-size/docking station/extra mouse/extra screen on top of the cost of the laptop itself. I'm sure there are jobs where portability is required, and I tend to find they are issued Toughbooks etc. for a reason - 1) they look undesirable so there's no status symbol to having one, 2) nobody's going to bother to nick them, 3) when they drop, they usually survive and they are out in the harshest environments where you wouldn't want a flimsy tablet etc. But most office jobs aren't one that needs such access.

You want a laptop? Fine. You get the cheapest junk possible and then in via RD to a real machine inside the isolated network. It's literally an access terminal. Because when you get into encryption, VPN, file sync, offline device/file protection (e.g. people sticking in USB sticks into it) etc. then an offline, disconnected machine is the worst possible thing to try to manage over just "load up the RD app on your iPad/tablet/laptop/PC/Mac/smartphone and go here".

In a lawyer's office, especially, I would not want to manage the logistics of issuing a laptop that goes home with them with all kinds of stuff on it. With DPA case law, you have to be able to PROVE that it was encrypted if it's ever lost, you know - the NHS has been fined for being UNABLE to prove that a disk it sent through the post and lost was encrypted when it left the sender. That's easier said than done especially if some information leak happens in a serious case and the judge is breathing down your neck about it. I'm sure a lawyer understands that. And they use stuff like LexisNexus etc. all the time so they're used to using cloud and website services to get their job done.

Sorry, but if I was a billionaire and owned a company just for fun and gave everyone a staff Lamborghini... you're still not getting a laptop for taking stuff home. I'll give you a way to access work if you need it - a cheap tablet with remote access. But a laptop that travels is the worst idea imaginable. "I want to take all the network home with me on a battery powered device and have it work like I never left the office". Nope. You'll take a screen home with you and look at your computer on your office desk instead.

Re: *Shrug*

I think you underestimate people.

A 10Mbps connection is no good for an average household... look at the numbers of phones, consoles, computers, laptops, tablets, etc. and it's quickly apparent you can kill someone's Netflix just by clicking a big web page.

And along those lines, you have to think - those smartphones are probably on 4G, almost certainly get 25-30Mbps themselves, just as part of a data allowance. When the phone in your pocket can service wifi to the whole house quicker and cheaper than the actual broadband connection, you have a problem.

And the phones have 25-30Mbps because they can utilise it easily. Multiply by, what, 8-10 devices in the average family household and you need 250-300Mbps to match the performance of a smartphone.

As time goes by those numbers aren't going to get any better and what's going to happen is consoles, tablets, laptops and smartTV's coming with 5G SIMs in them by default. At that point, broadband is useless unless it can deliver Gbps to the house in order to compete.

Fixed line broadband needs to buck its ideas up or people are just going to move to mobile telephony, and maybe in the most rural of regions too (two articles in the last week about 4G-to-the-sticks projects).

I run my whole house from a 4G Wifi router including Chromecast, TV streaming (no TV, just TVPlayer.com, Netflix and Amazon Prime), console, tablet, laptop with Steam games, etc. I'm not the only one in my area as the Wifi network names show that everyone is doing it. Mainly because BT can only promise 3-5Mbps to the center of a large town inside the M25, and Virgin have no infrastructure nearby.

They need to wake up and start competing (in the serviced areas, as well as the "why the hell is it not serviced" areas, not just the rural difficult places) or they are going to lose all their custom to people just using their smartphones. The younger generation are already wise to this - they YouTube and Netflix on their phones by choice (because then they can each watch something different in the same room, and individual 4G doesn't buffer anywhere near as bad as a home wifi with a load of people on it), they have "unlimited" data allowances, and they can take that wherever they go (even to a mate's house).

Asking your mates for their Wifi password is a thing of the past now. People just whip out their own smartphone and Google away. Wifi is actually generally WORSE than whatever you'll get on 4G in London.

For me to part with £50+ a month just for a broadband connection, you'd have to be offering me 200-300Mbps or more at minimum, with a generous data allowance and no bundled shite (I don't even have a TV, or a landline phone... why would I need one when I have a projector and a smartphone?)

Re: Just kill ALL code in a browser.

No, I think the lesson is "don't try to get clever for the sake of performance".

Meltdown was caused by lack of security checks on speculatively executed instructions. If you're going to speculatively execute, why would you handle the instruction any different to when you normally execute it? That's a disaster waiting to happen and people knew it.

Spectre is the same except instructions are executed that give away information to the process about what happened. Again... this shouldn't be possible. To any process running, why is it ever made aware of the results of a speculative execution? By definition, that execution shouldn't be detectable or it's not "speculative", it's literally execution and rollback.

The latter is more subtle, but both are the product of not executing speculatively at all... but actually just executing. And in the former case, executing without the same security boundaries.

They were also known about for quite a long time, people have been saying it's ripe for attack for years along exactly these kinds of lines (I think people actually expected Spectre more than Meltdown, to be honest - a side-channel attack on such a process is much more easily predicted than an abject failure to apply memory protection).

If you can't execute arbitrary code as an ordinary user without compromise, your system is flawed as a general purpose operating system running on a general purpose computer. That's not to say that you let your users do what they like - appropriate security controls should ensure they can only interfere and trash their own stuff, not anything else, however. But we still live in an age where thousands of users sharing a machine aren't contained, isolated, bottled, virtualised and removed from the hardware such that it doesn't matter what they do. This is something we learned in the early mainframe days.

Sure, it costs on performance to do things properly. But in the days of 2GHz processors being "the norm" despite much faster processors existing, performance isn't actually our top concern any more. But billions of machines in the hands of idiots who'll click anything is. Rather than say "Ah, well,t hey shouldn't have clicked that", it's time to make a processor, architecture and OS where it DOESN'T MATTER that they clicked something... it can't break out of its process, memory space, virtualised filesystem (with no user files by default until the user puts them in that program), etc.

We're designing systems on the basis that every user is a computer expert who religiously verifies every code source they ever see, while putting a smartphone in everyone's pocket for £20.

Re: When I was let go

*cough* This. *cough*

I've done exactly the same (note: it was a sinking ship, and I was quite late to be picked on after all those above me had left and warned me of what was to come, I was picked up by word-of-mouth by a new employer before I'd even gone so I didn't even need their reference, but I DELIBERATELY worked through a critical point of the year so they couldn't blame things not working on me, informed them that I'd had enough for a long time prior, they failed to accede to simple requests, so the foretold consequence was I would leave if it wasn't done by a certain date... and it wasn't).

So the upshot was: I'm going at the end of the day. Here's your handover. Please witness me disabling my account / changing my password to something of your choosing / handing back all your keys and cards / disabling my swipe card from access control / etc. If I ever access anything ever again, it's complete and utter deception on my part, not just a slip of a saved credential.

By the way... here's the "big book" of passwords, you have everything you need in there, right? Right? You don't know? Then you need someone to check because once I have gone a reasonable amount of time I won't have those details because I've removed all my access for my email from every device. If you don't ask me for a detail in the next week, and it's not already in the book, you are out of luck for anyone using that service, understood?

Followed by some guy they knew coming in, them paying for me one extra day to "handover" to someone "who knew IT better" (I have no problem with that). The guy was useless, I handed over in a matter of minutes because he didn't know what to ask, how to takeover, what to check, etc. and they just furnished him with the complete "big-book" without question. As you say... tag... you're it! (And you can deal with the guy who's been convinced for years that having the domain administrator password would somehow magically make his WMA-only voice recorders load into the MP3-only software he bought without conversion).

Got him to sign-off on my leaving and that I no longer had any access. Said bye forever.

Never heard from them again, except via whispers from people who similarly fled. Soon after, almost all the main staff changed, the IT changed entirely, even their website changed. I can't believe that was coincidence rather than someone just not knowing how to takeover and messing up.

But, no way would I leave them with an opportunity to pin things on me past that point (Hey, up until then? Blame me if you like but it'll require proof), even if they went to the extreme of fabricating evidence. Exhibit A: a signed piece of paper from an "independent" witness that he'd watched me disable and closed off all avenues of entry and he'd changed all the master passwords and removed all my access.

I don't WANT to be responsible for your systems. Or else I'd still be working there. And though I could cause untold damage if I had malicious intent, I'm not sure they got away with things that easy by me doing things exactly by the book either.