Posted on

Government’s red-herring email law

The government (UK) launched a red herring at the Internet today, and the news media has lapped it up. “We’re brining in a new law to allow security services to monitor email and other Internet traffic.” This is actually referring to the fact of the communication; not its content.

The TV news has subsequently been filled with earnest spokespersons from civil liberties groups decrying the worst Big Bother laws since New Labour got the boot – anything to get their silly mugs in front of a camera. Great news drama – the Conservatives moving over to the dark side.

Wake up people! What they’re proposing is just not possible. Blair already tried it in a fanfare of announcements and publicity, but anyone who knows anything about how email and the Internet function can tell you that it’s not even technically possible on so many levels.

1) Email does not necessarily use an ISP’s mail server or web mail service. Home users probably do; any company or organisation will most likely use their own. If anyone wanted to avoid snooping, they would too.

2) Users of commercial mail services are anonymous if they want to be. With a few minutes effort it’s possible to hide your IP address, or use an untraceable random one, and there’s no other trail leading back to an individual. The international criminals being targeted will know the tricks, for sure.

3) The security services already have the powers to do this, and do use them.

4) If the ISP is outside the UK, then what?

When the Blair government announced something similar I had to write to the government department concerned asking for the details. I heard about it from the general news. Apparently I, as an ISP, needed to keep records for a year – but records of what, exactly? They didn’t contact me to warn me it was happening; they can’t as there is no register of ISPs. There’s no definition of what counts as an ISP either. And needless to say, the government department concerned didn’t write back with the details.

So why is the current government making this announcement about an announcement now? Could they be wanting to change the news agenda? As usual they can rely on the media types to completely miss the fact it’s nonsense. Eventually the BBC got Andrew Mars on to comment, but I suspect his interview snippet was severely edited to suit their agenda.

Posted on

Warning about “fulfilled by Amazon”

Beware – ordering something “fulfilled by Amazon” is no guarantee they’ll look after you. I ordered something with a driver CD – due to bad packaging (from Amazon) it turned up with a mangled CD, although the item was pretty robust and looks okay. Well – ordered through Amazon so they’ll sort it out…

Well no. Get this:

Me: Item arrived in poor quality packaging from Amazon (direct). Badly squashed – product box was 2″ high, Amazon outer only 1″ high. CD with driver software in same box as product visibly damaged and unreadable. Can’t tell if product itself is okay but appears unbroken.

Amazon Rep: Hello, my name is *****. I’ll be happy to help you today.

Me: Hi. I think I might have messed up with the UI. This relates to “<piece of hardware>”

Me:  Order # **************

Amazon Rep: I am sorry for the condition in which your order arrived.

Me: It’s hopeless packaging. It was squashed and the CD bent around the scanner – wrecked!

Amazon Rep: Thanks, Frank.

Amazon Rep: May I know the name of the item that arrived in a damaged condition? Me: Sure – as above. Specifically “<piece of hardware>”

Me: I ordered this direct from Amazon because I thought it might be better supported than the others available. Do you have the software available for download?

Me: There’s a bar-code on the box, but no hint of the manufacturer or a web site where I might find the software

Amazon Rep: I see that you have placed order for this scanner with the seller ‘M&S’ and it is ‘Fulfilled by Amazon’.

Me: Marks and Spencer?

Me: ’twas definitely in Amazon packaging.

Amazon Rep: Yes, the order is fulfilled by Amazon.

Me: Did the steamroller go over it before or after you posted it?

Amazon Rep: This item was labeled ‘Fulfilled by Amazon’. Items labeled ‘Fulfilled by Amazon’ are sent to you directly from an Amazon.co.uk Fulfillment Centre.

Me: Thanks – I know – that’s why I chose to get it from you as your delivery is generally hassle-free. But this doesn’t help with the mangled CD. Fortunately the scanner itself is made of ABS and designed for grease monkeys to drop it so it looks like it survived. But it’s just a brick without the CD.

Amazon Rep: Unfortunately, we are unable to create a replacement order for the items that are fulfilled by Amazon.

Amazon Rep: Could you please return the item for a full refund?

Me: No. I just want the software. If you’d like to pick it up subject to the distance selling regulations 2000 you’re welcome to do so – and I’ll tell warn everyone else about this crazy policy – but the software would be preferable for all concerned.

Amazon Rep: Could you source the software CD from your local store?

Me: Alas not, it’s not got any makers name on it, or that of the manufacturer. It’d make more sense to download it but there’s no clue as to who made it.

Amazon Rep: If you can source it from your local store, I can issue a partial refund.

Amazon Rep: If you wish to receive a full refund, you’re welcome to return it for a full refund.

Me: Distance selling regulations – you have to collect it if you want to go the refund route. Are you based in the USA? This is a European sale.

Amazon Rep: We will waive the return shipping charges, Frank.

Me: No, sorry, you won’t waive any shipping charges as you’re not allowed to make any. According to the Distance Selling Regulations you are required to send someone around to collect it at your expense. All I need to do is hand it over. But I’d much rather have the software.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

Me: Please can you just tell me who produced (or sells) this thing, I’ll go to the web site and download it.

Amazon Rep: The manufacturer of this scanner is ‘SainSpeed ‘.

Me: Okay – thanks I’ll check the SainSpeed web site.

Me: they don’t have one :-(

Amazon Rep: I am sorry to hear about this, Frank.

Me: I’m flabbergasted. I thought Amazon was a safe place to buy things!

Amazon Rep: This is not a common occurrence, Frank.

Amazon Rep: We value this kind of customer feedback, as it helps us to provide the best possible service. I will forwarded your comments to the relevant department here.

Me: Okay. Is there any way you can get me a disk? if not, can you swap out the complete package?

Amazon Rep: Unfortunately, our system will not allow us to create a replacement order for the seller items, Frank.

Amazon Rep: If you prefer, you can return the item for a full refund, Frank.

Me: If you want to pass this on to the seller (if you reckon it’s not you) then please point me at them. Visa reckons it’s you (this is also governed by the Consumer Credit Act).

Amazon Rep: I understand your concern, Frank.

Amazon Rep: I am sorry for the inconvenience caused.

Amazon Rep: You have placed this order with the seller ‘M&S’ and it is ‘Fulfilled by Amazon’.

Me: So what am I supposed to do? Wait for you to collect this one and order another one?

Amazon Rep: In this case, I request you to return the item for a full refund.

Amazon Rep: Could you post it?

Me: Okay – you’ve got the address. Come and collect it. Meanwhile I’ll get Visa to recharge the value to my account. You contract was with Visa. Visa will pay you when the contract is fulfilled. I won’t pay Visa until their contract with me is fulfilled. Okay?

Me: So when do you want to pick it up?

Amazon Rep: In order to resolve this issue, we need to talk to you via phone. I will be happy to connect a call for you.

Amazon Rep: May I know your contact number?

<later>

Me: I’m on the ‘phone to one of your friends!

Me: Thanks for your help.

Amazon Rep: You’re welcome.

Amazon Rep: Thank you for chatting with Amazon.co.uk. We hope to see you again soon. Have a Great Day!

 

So, buying something from Amazon isn’t any guaranteed they’ll sort out any problems – even if their packaging is the problem. The subsequent telephone call went down the same route. I insisted on getting the software, not messing about with posting it back to them. Eventually they gave me the ‘phone number for this mysterious supplier:  0845-609-0200. I wouldn’t normally list a ‘phone number here, but a quick check revealed that it was the widely published customer service number for Marks and Spencer! I was skeptical, and queried this and asked where the number came from but they insisted that it really was the Marks and Spenser selling through Amazon. (The nature of the device – a diagnostic interface – is highly suspicious).

I’ll call Marks and Spenser tomorrow. It could be interesting. Amazon isn’t off the hook buy a long way.

Posted on

The PAT man cometh

I’ve had bad experience with PAT testing companies in the past – a service of dubious merit often run on disingenuous lines because people believe something terrible will happen if they don’t have a bi-annual test (or annual if they can be persuaded there’s some law or other stating they need to). Still, if it makes the punters happy why should I deprive them of portable appliance testing companies of a living.

But, PAT testers can damage kit. They don’t do it often but once is too much, and their automated boxes and tick sheets are banned hereabouts – replaced with a proper inspection and assessment of all aspects of electrical and mechanical safety, not just earth leakage.

Unfortunately one site we look after had a visit from a PAT tester in December. Then, this month they had a power cut, and all their PCs went blank in spite of maintained UPS units, which had all been serviced in November. My heart sank when I saw the green label of a PAT tester on our UPS units – had they blown up all the inverters or what?

The batteries tested okay, both in the units and on the bench when I opened one to check. Then the penny dropped: The idiots had plugged the PCs in to any old socket on the back of the unit. Some of the sockets are surge-protected, some are maintained (battery backed). They’d just reconnected the cables by starting at the bottom and working up, so it was pure chance as to whether the PCs were on a maintained socket or not – in fact most weren’t.

Do I blame these “fully trained” PAT testing operatives? Well no – they haven’t got much concept of what they’re actually doing and the training consists of plugging something in, pressing a button, and checking to see whether the red or green light comes up. (Some may be competent electrical engineers, but its certainly not a requirement). But please keep them away from me and my equipment.

Posted on

FBI VoIP system conference call intercepted by Anonymous?

Major embarrassment today as Anonymous intercepts a conference call between several European and American law enforcement agencies, according to something I’ve just seen on the BBC. It’s on YouTube right now if you want to hear it for yourself, click here.

It got my attention – someone breaking into a VoIP system would. But on further investigation it’s pretty obvious to me that it wasn’t an intercept at all. The clues are in the intercepted email  and the start of the recording – Anonymous read an email circular inviting people to the conference call, where the access number and password were given.

This makes the authorities concerned seem even more incompetent that if they’d had their VoIP service compromised.

 

Posted on

Certificate “Errors” on Internet Explorer 9 – and how to stop them

Like recent versions of Internet Explorer, Version 9 has a Microsoft-style way of handling SSL certificates. It won’t let lusers access anything over a secure connection if there’s anything wrong with the certificate the remote end has presented. On the face of it, this is all very reasonable, as you don’t want the lusers being tricked by nasty criminals. But in reality it’s not as simple as that.

A bit of background, because everyone should make an informed choice about this…

SSL (or TLS) has two purposes – authentication and encryption. When you send data over SSL then two things occur. Firstly it’s only readable by the receiving computer (i.e. it’s encrypted), and secondly you know you’re talking to the right server (the link is authenticated – both computers recognise each other). The computers don’t exactly exchange passwords, but they have a way of recognising each other’s SSL certificate. Put simply, if two computers need to talk they have a copy of each other’s certificate stored on their disk  and they use to make sure they’re not talking to an impostor (gross over-simplification, but it’s a paradigm that works). Should one computer not have the certificate needed to authenticate the other end it will be supplied, and this is supplied certificate is checked to see if its “signed” by an “signing authority” using a certificate it does already have has. In other words, the unknown remote certificate arrives and the computer checks with a “signing authority” certificate to see if it’s been signed, and is therefore to be trusted. If it’s okay, it’s stored and used.

Now here’s where it breaks in Microsoft-land: For your computer’s certificate (the one it sends) to be signed by a “signing authority”, money has to change hands. Quite a lot of money, in fact. If it’s not signed, the recipient will have no way of knowing it’s really you.

In the rest of the world (where SSL came from), on receipt of an unknown certificate,  you’d see a message saying that the remote computer says it can be recognised using the supplied certificate, but I’ve never seen it before: Do we trust it? In most cases the answer would be “yes” and the two computers become known to each other on subsequent connections. It’s okay to do this – it’s normal. Something like this happens on Windows with Firefox and other browsers, but not, apparently, Internet Explorer. Not until you did a bit deeper, anyway. Actually, Internet Explorer 9 can be made to recognise unsigned security certificates, and here’s how.

First off, we really need to know what we’re about to do. What are the symptoms? The address bar goes red and you get a page saying there’s a problem with the certificate every time you visit a “site”. You can click on something to proceed anyway, but the implication is that you’re heading for your doom. The “error” message you see is normally for one of three reasons, and reading it might be enlightening. On a bad day you might get all three! But taking them in turn:

“The security certificate presented by this website was not issued by a trusted certificate authority.”

This just means that no one has paid to have this certificate signed by anyone of Microsoft’s liking. It may be a private company-wide certificate, or that belonging to a piece of network equipment such as a router. If it’s a web site belonging to your bank or an on-line shop, then you should be worried! Otherwise, if there’s a reason why someone isn’t paying to have their certificate approved (indirectly) by Microsoft, make your own decision as to whether you trust it.

So how do you get around it? Actually it’s pretty simple but Microsoft aren’t giving out any clues! The trick is to run Internet Explorer as Administrator (not just when logged in as Administrator).  In current versions of Windows you do this by right-clicking on IE in the start menu and selecting “Run as Administrator” from the pop-up menu. If you don’t, the following won’t work.

Go to the site who’s certificate you wish to import, and proceed to view the site in spite of the warnings. Then in the address bar you’ll see “Certificate error”. Click on this and you’ll see an option to “View Certificate”, and (assuming you’re in Administrator mode) there’s be a button the “General” tab to “Install Certificate”. Follow the prompts. For maximum effectiveness(!) choose the option to “Place all certificates in…” and browse to the “Trusted Root Certification Authorities”. This probably isn’t necessary in most cases, but if you do this it’ll cover you for pretty much every use. Your PC will happily accept anything from the remote machine hereafter; so make sure you’re importing the right certificate!

“The security certificate presented by this website has expired or is not yet valid.”

This means the certificate is out-of-date, or exceptionally, too new. In most cases encountering a certificate that isn’t valid suggests that your computer’s clock has reset itself to 1980. If this sounds plausible, just proceed to use the certificate anyway (there’s a clear option on the screen to do this). You’ll still get a scary red address bar, then it’s up to the server operator to fix this, but before you get on the ‘phone and give them what for, make sure you’re computer’s idea of the time and date is actually correct.

“The security certificate presented by this website was issued for a different website’s address”

This third case is a bit more tricky. Basically the name of the computer is embedded into the certificate, but you might be referring to it by another name (i.e. an alias). Or it could be using a pinched certificate. If you’re talking to a network router like a Draytek 2820 by going to its IP address and it’s giving you a built-in certificate, it would have no way of knowing what name or address the router is ultimately going end up on. The certificate is bound to be wrong in this respect. However, fishing around in the Internet Explorer options, under Advanced (and right down near the bottom) there’s a check-box – “Warn about certificate name mismatches”. Un-check it and it’ll stop squawking. Unfortunately it’s either on or off; you can’t set it to ignore a mis-match for particular names only. Because of the risk that someone might be impersonating your bank, you’d probably be best to leave this one checked and put up with the red warnings.

Final word of warning

Some people reading this will reckon this advice is reckless. Why circumvent a security feature? Simple – if the authentication part of SSL isn’t working you still want it for the encryption. In an ideal world everyone would have signed certificates so you can verify everything you talk and know it’s what it claims to be the first time you meet it. Subsequent visits will be authenticated with your newly installed certificate, so if something turns up impersonating it alter it’ll be detected. In the real world you probably want your data encrypted regardless. A signed certificate is better, but not that much better.

Hassling everyone over security certificates, as Microsoft is doing, may be justifiable on some levels, but as far as I’m concerned, anything that makes the use of encrypted data paths more difficult or expensive to use than they need be is a bad thing. They’re throwing the baby out with the bathwater.

 

Posted on

Unified Communications 2012

This year’s Unified Communications show was pretty much like last year’s at least on the face of it. It’s another event defined by a buzzword; probably worth attending if you’re looking to by or sell unified communications, whatever that means. In practice you’ll find a wide choice of telephony headsets and IP VoIP endpoints (handsets) all under one roof.
Look a little closer, and this year every stand was flogging solutions involving Microsoft Lync. Microsoft what? In case you missed it, this is the new name for Microsoft Office Communicator, designed to sort out (unifiy) the bugger’s muddle they helped create with a every new IM and/or VoIP protocol released over many years. But because it’s a Microsoft product, everyone is falling over themselves to support it.
As far as I can make out, Lync is pretty much just Microsoft’s interpretation of SIP, with particular optional extension to the open standard considered by Microsoft to be mandatory. Unifying it with Skype isn’t on the cards, yet. Making some kind of sense of MSN Messenger and their various other IM protocols is; as is integration with Exchange Server for directory information.
Comapnies which once offered Asterisk in the cloud are now racing to offer Lync Servers, and as usual these are virtual products ultimately purchased from providers like SIPCOM, who actually have the hardware at the data centres and resell as a white-box product.
Another real hardware comany at the show was my old friends Snom, the German IP PABX makers. They’re offering a range of Lync compatible handsets, but with a significant twist. Microsoft recognises both “Lync Optimized”, and “Lync Qualified” handsets. Basically “Optimised” means you’re running a Microsoft Lync Client bastartised SIP stack, which won’t talk to much else. “Qualified” means you’re running standards-based SIP with the required optional extensions needed to talk to Lync Server. Snom offer both options, and have some dual-stack products that’ll register accounts with standard SIP and Lync at the same time. As handsets are a significant cost, going for the dual-stack option looks a much safer bet than throwing in with Microsoft. And here’s why…
Ask yourself the question – how long do you expect your company telephone system to last? Five years, ten years, twenty years? The longer the better. Now look again at Microsoft’s business model – they’ve got form. How long to their software products last before they’re considered to be junk, even my Microsoft? Well Windows 2000 lasted five years, Server 2003 lasted five years (Server 2000 even less), Windows NT 6 looks set to be replaced after five years too. In short, Microsoft is a software company and doesn’t see any point in supporting products longer than they have to – it’s software, after all – easy to upgrade, right? With that in mind, buying tens ot fhousands of pounds worth of Lync-only hardware might not be such a bright idea.

Another company I ran into at Integrated Comms 2012 was Draytek (UK), showing off their latest ADSL routers. I favour Draytek routers, and have done for many years. Sometimes this is hard, when new models with improvements lead to degredation and the technical documeation stops at a level just when it starts to get interesting. But put simply, they don’t have a lot of competition in the niche they operate it and their current products work really well and do a lot more than everyone elses, aspart from Cisco kit (which is expensive and needs a specialist to configure).
Their latest ADSL boxes are the 2830 and the 2850. The 2830 is an upgrade of of the 2820: new firewall and VLAN features and every port on the switch is now 1Gb. More intersting is the 2850, which has a VDSL modem built in. That’s FTTC (or BT Infinity) in case you were wondering. You can connect a 2850 to the wall, without using the BT Ethernet modem box you currently get to connect your “Home Hub”. You can also connect the BT modem to the WAN port on a 2820 or 2830 and configure PPPoE – it works just fine, and as you get one free this might seem unnecessary, but the 2850 is an all-in-one solution and when the FTTC market opens up or your BT modem breaks down.

Posted on

VoIP socket pinout on newer Draytek routers (2820Vn etc)

I’ve just spent over a day trying to get this piece of information out of Draytek, so appreciate it!

On the newer Draytek routers with VoIP capabilities (Vigor 2820 and some of the later ones) you no longer connect the handset (or PABX) to a standard RJ11. Instead both analogue lines come out on a single RJ11/RJ12, and you get an adapter so you can plug two standard BT handsets in to it. I assume this only applies to UK models. Anyway, if you’re wiring to a PABX, BT jacks are a complete pain in the rear, so if you want to connect an RJ11 to a twin-pair cable and go directly to a krone block the pin-out is (officially):

  • Line 1 – pins 2 and 5 (centre two)
  • Line 2 – pins 3 and 4 (one out from centre, or outer on RJ11)

That is to say the middle two pins and the two straddling – and numbering as if it was an RJ12 with six positions, even though the contacts may be missing from an RJ11. Heck, if you don’t know how to number an RJ12 you’re probably better off with the BT jacks.

This is logical and probably most telecoms people’s first guess, but it’s nice not to have to go for trial an error or smash their adapter apart (assuming you can’t connect an AVO into a BT-style socket conveniently).

For what it’s worth, I’ve been using Draytek VoIP kit for about eight years now – some of the best going in the market it serves, and I’ve got rather a lot to compare with. It’s a pity the company is so hard to get hold of for technical support as they won’t answer a general question straddling the product range – only individual serial-numbered units. Therefore I can’t get a list of kit for which this applies – I need to ask them one at a time giving the serial number of an extant unit. I suspect they don’t want too many dumb questions swamping them, but not  so brilliant for professional users though – if it’s not in their FAQ you’re left to trial-and-error.

Posted on

HP Microserver and WOL

Update: See article here

 

They just don’t seem to work. I’ve spent an annoying hour or so trying to get WOL to work with an HP Microserver – no joy whatsoever. I assumed it must be my code until I tried it on a few other machines but they worked just fine.

Now most of my machines are Realtek whereas HP are using Broadcom (as do the Dells). I’m not saying there’s anything wrong with Broadcom, but whenever I have a weird network problem they have a habit of being at the heart of it. Is it my magic packet? As far as I know it’s supposed to be 48-bits of ‘1’ followed by sixteen copies of the MAC address. Does it need a secure-on password? If so, how come you can’t set one in the BIOS.

I’ve asked an HP server expert: “Update the BIOS”. Perhaps, but these are brand new machines of an established design. They either turn on when they receive the packet, or they don’t work, and I can’t believe HP didn’t test them. Then again…

I’m told that these do support WOL on Windows, but not if you’re running anything else. On the face of it this is bonkers. Why should the OS the powered-off drive affect anything. The machine is off; the OS isn’t running. Well here’s a theory – before Windows shuts off it puts something in a register on the Broadcom chip to leave it in a WOL state. With the wrong drivers this doesn’t happen. Setting it in the BIOS doesn’t help, because it’s erased by the OS driver. The BIOS doesn’t restore it as the power is killed, but Windows hits the registers differently.

Unfortunately Broadcom doesn’t seem keen on releasing the documentation needed to write proper drivers to anyone other than Microsoft. Is this my imagination? Everyone else publishes the reference material, but Broadcom – I can’t find it.

If anyone can throw light on this one, please do. I’m still looking.

Update

Fitting a Realtek-based NIC in the Microserver and using that instead solves the problem. WOL just works. If you’re going to order one, remember it’s PCIe, not PCI, and that you really need one with a low-profile bracket option because a full-height card won’t fit.

 Further Update: See article here

Posted on

Hard Disk shortage. Yeah, right!

Haven’t hard disk drives suddenly become expensive? It’s a world-wide shortage caused by flooding in Thailand, apparently. Yeah yeah, we’ve been here before: Fire in the jungle somewhere causing a loss of chip production, and so on. The problem is that when you looked for a fire in a fab, there never was one – and there aren’t that many fabs around.

Actually, it is true that floods in Thailand have affected some drive production. There are blogs all around the place predicting doom, gloom and providing figures as to what the shortfall might be. People are wringing their hands and predicting even worse supply problems and price rises after Christmas.

I say phooey.

I’m sceptical that the lost production is as high as claimed, and given the rising price of drives, all the HD makers will be ramping up at other facilities in double-quick time. This will lead to over-production pretty soon. The short-term supply shortfall shouldn’t even be seen as there are always lots of drive sitting in warehouses.

But you’re wrong, I hear the cries. If you were right, why is everything out of stock in spite of inflated prices. Panic buying might have an effect on that. If the channel thinks prices are going to rise, they will. It’s a self-fulfilling prophecy if ever there was one. But it has a use-by date. Sooner or later everyone will be sitting on their expensive stock pile and wondering why supplies haven’t run out – and when they do the over-supply will come through the system.

The suppliers aren’t going to quash the rumours, of course. Why should they when everyone further down the chain is paying double for everything in their warehouse.

How do I know all this? I’ve seen it all before.

Warning: Just because this happened in the past, doesn’t mean it will happen in the future. If you lose money based on the above prediction, it’s entirely down to you.

Posted on

What is to become of Computer Science?

When people ask what I do, I normally say I work with computers. “Ah,” they say. “You’re in IT. My nephew is in the same line.” Well actually, no – I don’t do IT and I don’t do the modern version: ICT. I was around long before these terms were coined, and they really don’t apply. IT is all about setting up Windows and writing Macros in Excel (if you’re advanced).  If I say I’m a computer programmer it’s assumed I’m a “web developer”. System programmer doesn’t mean anything to most people; assembler programmer even less.

Then a few years ago I realised what I was – I’m a Computer Scientist. Well I lecture on Computer Science degree courses, ergo I must be. Actually this antiquated term is very appropriate for an antiquated computer person, and if the hat fits…

Back in the 1970’s and early 1980’s we were all Computer Scientists. If you wanted a computer you pretty much had to build it yourself with a soldering iron and a load of chips and when complete, you had to program it. If your employer purchased one of these expensive items ready built, you still had to program it yourself – unless you were an operator, in which case you merely had to understand it. You learned a lot in the process, if you were that way inclined.

These days people want a career in IT, so they do Computer Science courses at University. They’re wasting their time. They learn very little from the university about computer science, and the university is perfectly happy with that. The way computers work is difficult; difficult means expensive to teach and certain to put off students. If you put off students, you get less money. So you need to teach easy stuff.

Easy stuff in Computer Science basically comes down to playing around with luser-land software, animation packages and an SQL query or two – but not too hard. Perhaps write a bit of HTML by hand before moving on to some web page design package or CMS.

Here’s the conundrum.

Students = money, but only if they stay the course.

A low pass rate = Less students want to do the course.

Without lots of students passing the course, you don’t get enough money and everyone loses their job.

Computer programming is difficult. Most IT students can’t hack it. Therefore it has to be dumbed down to an extent you’d never believe. Those with the aptitude could program before they came on the course; those without it would never learn.

In 2009 the university I taught programming at decided that the need to pass the programming module was affecting their overall pass rate, so they made it optional. Yes folks – you can get a Computer Science degree without being able to write a single line of code. I’d name names here, but I understand this is common practice at many institutions, so what’s the point?

Now I’m not saying I’m unique or even special in understanding how computers work. There are plenty of others of my generation that know as much, if not more. What I’m wondering about is what happens when our generation retires? It’s not possible to go through the learning process we had back then – learning by tinkering and doing (because frankly, the education system was nowhere near the leading edge back then either).

I believe there was a sweet spot at the end of the 1970’s, where microprocessors had just appeared on the scene and you had to understand things from first principles if you wanted to do anything with them. If you didn’t have to construct a machine yourself, you certainly needed to program it if you wanted it to do anything – and they were simple enough back then that this was a realistic possibility.

Sitting in front of a modern Windows PC is not the same experience at all. With a PET/Apple/Tandy computer you turned it on and the first thing you saw was a prompt to start entering your program in BASIC. You lived in a programming environment. With CP/M it was only a few keystrokes away. Now we’re presented with a graphic user interface and no programming language whatsoever – just Facebook. The complexity of the Windows API is daunting; more so given that everyone thinks its cool to write stuff using the current favourite object-oriented wrapper library. In order to achieve anything looking like a modern computer program (where the graphic user interface is everything) you have to jump through numerous hoops before you can get started. If I complain, I’m pointed at the application generator – it’ll write most of the code for me, apparently. If you ask what the reams of generated preamble code it actually produces is for, people just shrug their shoulders and ask why you’re questioning it.

In 1998 I found myself writing a system-level utility for Windows inside a large company, and needed to sort an array into alphabetical order. I don’t think there’s a Windows API function, and qsort seemed to be missing from the library, so I consulted the lead Windows programmer across the room. The answer came back to put my strings (one by one) into this file selector structure (as file name), make some call or other to the file selector box and presto – my strings would come back sorted. No, he wasn’t joking. Two minutes later I’d written bubble-sort, for the umpteenth time.

This was thirteen years ago; how much has it deteriorated since then? I’m lucky to be developing software either solo, or with a developer of my generation, so I’m probably insulated against the worst excesses.

So, back to the point: where are we going to get Computer Scientists from? I started on the sweet spot, where it was possible to learn pretty much everything about the computer in front of you – every instruction, every I/O register, and every line of the operating system. As computers expanded, our knowledge expanded, but could rest  on these early foundations. We can’t do that any more. If we ran a three-year degree course in computing and started from the basics you’d end up with me someone whose knowledge was wide enough to cover a BBC Micro. They’d need another twenty-seven years after that to reach the modern era, and by the time they qualified they’d be thirty years out-of-date.

And why should anyone even bother? I can assure you, there’s more money to be made out of IT than Computer Science. The only decent return available if you understand computer fundamentals appears to come from cyber-crime, and even then that’s as  perpetrator; no one wants to pay for security.

I’m told that the government plans to bring back an element of programming into the ‘O’ level maths (or its modern equivalent). This is a start, but a small one.

In the mean time I’m watching the other members of the OS/2 drinking club fall away and wondering what is to become of us. The draw of Bletchley Park grows every stronger.