Random Disconnected Diatribes of a p&p Documentation Engineer
According to the latest update bulletin from MessageLabs that lands in my inbox each month, around 90% of all emails passing over the Net are spam. And their global report says that around 120 billion spam emails are sent out from botnets every day. That means there's around one and a half million unwanted messages being launched onto and scooting around some part of the network every second. And that's without all the gunk required to accomplish the other types of malicious activity, such as the DNS Amplification attacks I'm being regularly subjected to at the moment.
Of course, the bulk of traffic on the Net is probably HTTP Web browsing, not email. But you have to wonder what percentage of the resources that make our interconnected technological experience work are required just to cope with stuff that nobody actually wants. How many power stations could we close down, how many degrees global warming could we avoid, and what savings could we make in cost, resources, and raw materials if we could just find a way to kill it off?
And how come the people who run the world are more concerned about making me use these awful new low energy light bulbs than applying their influence and capabilities (?) to an issue that should be easy to fix, and would have only positive outcomes for everybody? Not that our temporarily coalesced Government here in the UK have much idea about information technology anyway. They just announced that the previous plan to allow everybody to get "high speed" (2 MB) ADSL connections by 2015 was over-ambitious and will not now happen - even though they are wholeheartedly backing the introduction of multi-channel TV over the Internet in the next year or so. Yeah, that'll work...
And even the ISPs seem to be unable to do anything about it. My ISP, when asked about the recent DNS attacks, agreed that they were killing connection speed for many customers and affecting bandwidth availability across the network; and - yes - they know which ISPs and which IP addresses the attacks are coming from; but they are not allowed to block these addresses as part of some "international agreement". In the same way that they're not allowed to block the torrent of unsolicited fax and phone calls we get here that originate in various countries around the world.
I suppose the only saving grace is that I'm old enough to remember when networks were even less reliable and performant than the Internet is now. My first contact with digital electronic communication was though an acoustically-coupled (clamped onto a telephone handset with a rubber band) dial-up modem that ran at 1200/75. That's a sniffle less than 1.2 KB (not MB) down and 0.1 KB up. Somewhat slower than even the slowest dial-up today, and about one thousandth of the speed of my current (slow) ADSL connection.
Yet there was a real sense of adventure watching each 80 character wide by 25 line screen slowly fill up with text at a rate of about two screens per minute (even Twitter would have seemed slow then), and submitting a document back was often a "leave it running and come back the next day" scenario. Though usually the modem decided to drop the line when your neighbour's phone rang, or when the stroweger mechanical switch in one of the intermediate exchanges had some dust on its contacts. The typical procedure was to hit "send", go off and have dinner, then phone the recipient to see if it had arrived - and then read out the original so they could correct all the transmission errors.
That was the other problem, of course - no reliable error correction in the protocol or hardware. If you tried to communicate in real (slow) time, you had to contend with long waits before each word or part of a w or d a p p ear ed and be able to dec1p&er the stran%e char@£acte~s that ad0ed a cer/ain addi|ional piqu@ncy to the content. Or be prep@r3d to rec0n;ect when it sudden(y st*pp=d half~ay through a vit*lly |mp0~tant
So I guess I shouldn't really complain. I mean, I opened a Web browser and uploaded this blog post in only a few seconds, and was reading the result on screen in less than a minute. What would have been even more useful, of course, is if the content was actually worth all the resources it took to put it there...
As far as I know, nobody has yet been able to answer the long-standing question of what will happen if you spread butter on the back of a cat. Will it exhibit the buttered-toast effect, or will it still land on its feet? We know from the established principles described by Murphy's Law that toast always lands butter side down; but at least there is a thread of scientific explanation for this, which says it's because the buttered side is smoother and more "slippery" - thus offering less air resistance and causing that side to fall faster and hit the ground first.
Associated with Murphy's Law is the far more interesting Law of Unintended Consequences. I was reminded of this just last week while reading an article by a school teacher who was discussing the worrying trend in the increasing number of school children categorized as having Special Educational Needs (SEN). Of course, many people are applying the political football approach to this; citing the usual factors of poor housing, lack of parenting skills, broken families, and Government interference in the school syllabus.
However, the author of the article took a different approach. See if you can spot any factors that may contribute to the increasing trend in the following:
Of course, unintended consequences due to Government intervention are obvious all over the place. These days the police have to meet targets for the number of crimes they solve, so a constable who sees somebody running away from an illegally parked car they've broken into has to instantly decide whether to give chase on the off chance that he can catch the runner and find some case for arresting them, or instead fill out a ticket and slap it on the illegally parked vehicle.
Likewise, family doctors have to provide an appointment on request within two working days. So, if you decide to book ahead for a routine visit next week, you can't because that would reduce their "patient charter" average score. Meanwhile, as our local council strives to reduce incidences of fly-tipping, the local council-run waste reclamation facility only allows you to use it if you arrive in a car. If you decide to hire a van or truck when you finally get round to clearing out all the rubbish in your grandparent's garage, you need to apply a week ahead by filling in a four page form to apply for a "waste reclamation site access certificate".
But unintended consequences have a far wider area of incidence, especially in our own industry. For example, I decided to green up my server cabinet by virtualizing all of my servers (see blog entries passim). However, now the domain controller is a virtual machine that doesn't start up until the base O/S is running. As it's a member of the domain, it does lots of grumbling and sometimes has a complete hissy fit when it reboots because it can't find its domain controller. And my NAS can't authenticate with my servers because I upgraded them to Windows Server 2008 and the NAS has never heard of that.
However, when it comes to software, I guess the law really comes into its own. I've recently been working on a project that combines Windows Phone 7 with Azure cloud services. But the phone is not exactly a hugely powerful platform for applications. It would be nice to think you could buy one with a quad core Xeon processor and four gig of memory on board, but until they invent mobile power stations that seems unlikely. So I have to minimize my application's memory footprint, reduce power consumption when possible, be aware that garbage collection will interrupt execution, and limit the number of requests I send to remote services to minimize communication costs.
Yet my desires to follow best practice and implement well known design patterns suggest I should use data transfer objects and view models to store intermediate data, use dependency injection to decouple my components, and apply configuration-based composition of interfaces to maximize upgradability and minimize maintenance costs. But I'm not supposed to create lots of objects in memory in order to minimize memory footprint and garbage collection intervention; yet I'm also required to hang onto objects rather than recreating them repeatedly, and use less of them. Maybe I should take up tight-rope walking as a hobby to get some practice in phone application development?
And don't get me started on writing documentation. If I slavishly follow guidelines for minimizing content to only that which is directly applicable to a scenario, users will be left wondering how they accomplish something more real-life than my simple examples. But if I dive deep and cover every aspect, there's too much to read and it becomes overwhelming. And if I simply present the basic facts, it's hard to see how you could describe this as guidance. Yet, if I litter it with links to other resources, users just get lost in the plethora of semi-redundant and partially related information.
It's a good thing that my blog posts are concise and focused, and don't just wander aimlessly from one vague topic to another...
Well, perhaps last week I could have. It turns out that it was quite happily performing as an amplifier. And there was me thinking I understood this stuff. Another Decidedly Negative Scenario in terms of my network administrative abilities. But at least I've learnt some more things I didn't know that I didn't know. What follows is a gentle stroll through the intricacies of DNS and firewall management I encountered.
It seems that DNS recursive amplification attacks are back again (if they ever went away). I first noticed the constant blinking of the router lights last week and decided, even though everything seemed to be working fine, to investigate. I checked that I had all the latest updates and patches installed, so that's not the problem. And the Web server (a Windows Server 2008 Hyper-V virtual machine) has Windows Advanced Firewall and IP filtering enabled to allow inbound packets only to the Web server and the DNS server. After a little digging, by selectively disabling the firewall "allow" rules and watching the network connection status display, I discovered it was regular long bursts of requests over UDP on port 53 to the DNS server on my public Web/DNS server machine. But why? Who could be that interested in my DNS entries?
It didn't take long to realize that they were requests for a list of name servers configured in the DNS. This is, of course, the whole point of the attack. The attacker sends a small payload and gets back a ton of data. And the clever bit in terms of the attack is that the return address for the DNS lookup is spoofed, so the response from my DNS server is not sent back to the attacker, but is instead sent to someone else's machine as my free contribution to a DDoS attack on that sever. So what to do about it? My colleague and I run public DNS servers to host the entries for about twenty local Web site and blog domains that we manage (acting as primary and secondary for each other's domains). So I can't just disable DNS.
I'd assumed that just blocking packets inbound from the supposed sender would made no difference - the packets are not actually coming from that address. In fact, they're probably coming from lots of different addesses in some botnet. And, in addition, the attacked addresses are likely to change regularly. But the firewall also sees the spoofed address, and so blocking these addresses does work. While this is not the ideal way to solve the problem, at least it stops some of the flow over the Internet and removes me from the list of innocent attackers. You can add multiple remote IP addresses to a blocking rule, which makes managing the changing list of attack addresses easier. Perhaps, in real life, I should spend a few thousand dollars on a hardware firewall that detects and automatically blocks these kinds of attacks. It could soak up some more expensive electricity and further raise the ambient temperature inside my server cabinet.
I threw together a simple Windows Forms application that monitors the DNS log for recursive name server queries and notifies me so I can quickly detect new ones. You can download it here.
Another core issue is that a public DNS server should not allow public recursive address lookups. It should only resolve public IP address lookups for domains for which it is authoritative (in other words, public domain names that you manage), and should not be referenced from any machines on your internal network. They should have their own DNS server that does recursive lookups to your ISP, or they should send requests directly to your ISP if you don't have an internal DNS server. Even the DNS server machine itself should use the ISPs DNS server to do its own lookups. If you do have recursion enabled (it seems that 70% of DNS servers out there do), your DNS server will even go off and look up the IP addresses of all the name servers and return them - further adding to the load on your connection and the Internet as a whole. So, open the Advanced tab of the Properties dialog for the DNS server itself (in DNS Manager) and make sure that the Disable recursion setting is ticked. This also disables any forwarders defined in the Forwarders tab.
If yours wasn't ticked before, you'll probably now find that a browser and other applications on the server can't get to any external sites. This is because you accepted the defaults when you originally set up the server (i.e. no DNS server address assigned in the network properties dialog), which causes Windows to use the local DNS server (127.0.0.1). Without recursion and forwarders, your DNS server can only do lookups for the domains it hosts. You'll need to replace the 127.0.0.1 address in the Advanced | DNS tab of the Network Properties dialog for the IPv4 and IPv6 protocols with your ISP's DNS server addresses. Applications and services running on the Web/DNS server will now query the DNS servers that are configured in the network properties dialog, and will not use the local DNS server.
After you get everything working again, you'll probably see that an NSLOOKUP from another network into the DNS server returns a list of root server addresses. These are hints to the requesting server on where to go to find the address it is looking for (because your DNS server can no longer do a recursive lookup). And if you look in the DNS log at the contents of the packets returned by the DNS server, you'll see that they're still quite large. So I started wondering - do I actually need root hints in the DNS server if all it's ever going to do is respond to requests for authoritative domains that it hosts? It's never going to need to know where www.someothersite.com actually is, or tell someone else how to find it.
So I decided to experiment with root hints. If I delete or loose them all, I know I can get them back by copying the cache.dns file installed in the %System Files%\dns\backup folder. So I deleted them and then used the Copy from Server button in the Root Hints tab to load them from one of my ISPs servers. And they were completely different from my original set. So I wandered across to IANA to get the latest list - which is remarkably different from that in my ISP's DNS! And, digging deeper, they seem to have different lists in each of their DNS servers. No wonder DNS lookups are slow sometimes...
Anyway, getting back to the issue in hand, do I really need root hints? As a test, I removed all of them from my public DNS server, and removed the forwarders as well. Now a request for one of the authoritative domains still works fine, as do transfers to the secondary DNS server, but recursive requests prompt a very small return payload containing a "Server Fail" code. It's hard to tell from all the blogs and guidance I've read on DNS good practice if this is an approved approach but, to be honest, nobody should be querying my DNS server for non-authoritative domains anyway. So it's their own fault. Meanwhile my contribution to the DDoS attacks is very significantly reduced. Though now I get a Warning entry in Windows Event Log telling me that there are no forwarders or root hints each time the DNS service starts ... but I'm ignoring these.
Having now got my hands dirty, I thought it would be a good idea to see if I could harden the server a little more. Such as applying outbound filtering in the firewall. I do it in ISA Server on my private internal network, but its easy there because there are lots of appropriately pre-configured rules you can apply. Windows Firewall with Advanced Security (WFWAS) seems to have lots of predefined rules, but not for useful things like allowing Web browsing and sending email. Yet I must have read fifty articles on the Web looking for details of appropriate rule properties, and all I could find were articles and blog posts that said things like "Select the predefined SMTP Server rule ". Err, where is that? Only in ISA Server I suspect.
Mind you, it's not hard to use the New Outbound Rule Wizard create a Custom rule that allows Web browsing and services on the machine (such as Windows Update) to work. Basically it's any service/user using TCP through any outbound port to any remote server on ports 80 and 443 (and maybe 8080 or similar as well if you need to access sites you know are running on this or a non-default port. Visual Studio Team Foundation Server is a typical example). Make sure you create it in the Outbound Rules page, and be sure to specify the Public Profile, not Private or Domain. If you look at the Monitoring page in the WFWAS console, you should see that the Public Profile is active. If not, immediately dive into Network and Sharing Center, click "Customize", and set the connection type to Public!
To be more strict with Web access, you could configure the rule to allow only specific services or applications - but that's much more complicated. For example, what about your "alternative" Web browser, or Java Update Service, or the updates service for Adobe Reader? And remember Windows Update... As a mitigating factor, you should be running your browser in Enhanced Security mode on the server anyway, and only using it when absolutely necessary.
Allowing DNS queries from your server, and responses to other servers from your DNS server, out through the firewall is easier because there are preconfigured rules for these. I found that I needed to enable "All Outgoing (TCP)" and "All Outgoing (UDP)" in the "DNS Service" group, and "Core Networking - DNS (UDP Out)". Again, make sure you select the ones for the Public Profile, not Private or Domain. Finally, if you run an SMTP email server, you need to allow packets from this to escape out onto the Internet. I use the IIS 6.0 SMTP Service that is part of Windows Server 2008, carefully configured to prevent relaying. And as it does not receive email (the Reply To for all messages is my usual Web site administrator email address), it cannot be accessed from the Internet anyway because port 25 inbound is closed.
So, a simple Custom rule that allows only the SMTP server application (inetinfo.exe) to go out using TCP through any local port to only port 25 on remote servers should do it. Then flip over to the Properties dialog for the server itself (the root entry) in WFWAS Manager and set the Outbound connections drop-down to Block (the default is Allow) so that the only permitted outbound traffic is that defined in your enabled outbound rules.
Or so I thought. Being not a little naïve, I expected the SMTP service to use the local DNS Client (not the local DNS Server) to do the lookups required for delivering mail. I mean, everything else seems to use this - but not the SMTP Service. It obviously does its own lookups. Maybe this is something to do with last year's patch that changed the behavior of the SMTP Service and stopped the instance on my internal network from relaying essential email status messages - when it was quite happily doing so before. So, anyway, what you need is another rule that allows inetinfo.exe to go out using UDP through any local port to only port 53 on remote servers. And now (at least temporarily) everything started working properly again.
Of course, a couple of hours later I discovered the error messages in Windows Event Log telling me that the Time Service was broken. Ahh.. forgot that one, so add another Custom outbound rule to allow just the Windows Time Service (click the Customize button next to Services in the wizard) to use UDP on any local port to connect to any remote server on port 123. Want to check that you can ping the time servers you use? That's when you'll discover that PING doesn't work any more. And neither does NSLOOKUP or TRACERT. To allow pings out of your server, you can simply enable the preconfigured rule "File and Print Sharing (Echo Request ICMPv4 Out)" - a nice snappy name, though enabling file and print sharing sounds scary. But if you examine the rule (click Customize in the Protocols and Ports tab), you'll see it only allows ICMP Echo requests to escape.
Meanwhile, for TRACERT and NSLOOKUP, you need another Custom outbound rule that allows any service\user to use UDP through any local port to port 53 on any remote server. I imagined that the predefined rule "Core Networking - DNS (UDP Out)" would allow this, but it is limited to the svchost.exe program and so is no help for the other stuff like DOS utilities. If you want to use TRACERT and NSLOOKUP, and you create the rule for them, you can disable the "Core Networking - DNS (UDP Out)" rule. You can also remove the custom rule you created to allow DNS lookups for the SMTP service, as it also uses UDP to remote port 53. However, it's a good idea to leave it in place so the service will still work if you later decide to block TRACERT and NSLOOKUP.
Except, in my case, NSLOOKUP still wouldn't work - all I got was "UnKnown" (note the interesting letter case) for the DNS server name, and an IPv6 address instead of the usual xxx.xxx.xxx.xxx format one I was expecting. Typing "nslookup", then "set d2", and then a domain name produced the interesting response that the request was too long. In the end, my "large hammer" solution was to simply disable the IPv6 protocol in the properties for the network adapter and normal service was resumed. I guess this is something I'll need to come back and look at again.
What I can't help wondering, though, is when we'll finally solve the problems with spoofing that are already so widespread with email, and are obviously becoming just as common with DNS. I can (and do) use Sender Policy Framework (SPF) to advertise a list of valid IP addresses for email I send, but how do I do the same for DNS? And would it make any difference...?
A colleague pointed me at an interesting discussion the other day about whether geeks are actually "creative". It comes partly from a recent post by Ian Betteridge that rails against the claims that App Inventor, which is designed to encourage development of simple programs for Android, "enables people to be creative and not just passive consumers". However, what he doesn't explore is the real meaning of the word "creative" in today's terminology.
OK, so the dictionary defines "creative" as meaning "producing or using original and unusual ideas", with synonyms such as "original", "imaginative", "innovative", "artistic", and "inspired". These seem fine if you are talking about someone producing a stunning work of art in Corel Painter, or some spectacular new soundtrack using Roland Cakewalk. But nobody knocked up this software using a utility such as App Inventor. Instead it was created by a team of engineers working to fine tolerances and requiring a deep knowledge of the subject and technologies. Dare I say, "geeks"?
Looking at most Web sites, social network pages, online photo albums, TV programs, and magazine adverts, or listening to a large proportion of recently recorded music, it's hard to find much in the way of material you could even charitably describe as "original" or "innovative". Even computer applications seem mostly to be evolution rather than "inspired". How many word processors or virus scanners have you seen that you can actually say are "innovative", and when did you last install a program that was truly "original"? Maybe, as today's focus seems to be all about style (generally over content) you could perhaps ascribe the term "artistic" to many of these things - but even that rather stretches the imagination in the majority of cases.
However, according to my thesaurus, "creative" also spawns synonyms such as "inventive", "resourceful", "ingenious", and even "productive". So your modern word processor, spreadsheet, photo editing tools, and more - with their clever "automatic everything" and powerful Wizards for anything more complicated than typing a sentence - would fit well with this definition of creativity. Though, personally, I feel that equating creativity with productivity rather stretches the point. If I can type fast, I'm more productive. But the result often isn't creative in terms of the content.
I suppose, as a geek, I don't really want to be "artistic", or even "original", anyway. I'd like to be "productive", "inventive", and possibly "ingenious". I want what I build to be architecturally robust using tried and trusted techniques and proven technologies, and I'm happy to leave it to the UI designers to inject the artistic stuff. And, as I've never been on a creative writing course, I assume that what I do most days here at p&p is more about being technically accurate and informative rather than relying on artistic license (unlike my blogs posts).
Ian also suggests that we geeks no longer rule the universe, and that our era is over. Yet, without us, none of this creative stuff would exist - and the world would be very different. I can't see anyone using App Inventor or similar utilities to implement the software that controls a nuclear power station, or powers communications satellites. And I doubt that most corporate and financial data centers rely on programs written by a media analyst or a fashion designer. Was the O/S for the Android (or even App Inventor itself) written by a social communities coordinator or a society wedding planner? I don't think so. Geeks still do, and always will, shape our world. OK, so it doesn't look very pretty when we've finished with it, but we just hire in a creative artist to make the UI look nice afterwards.
But I guess where all this is going is that - today - the word "creative" actually has negative overtones in many scenarios. In a previous life as a salesman, I could almost guarantee that my manager's response to reading my monthly sales report would be to praise my creativity...
It's interesting (at least, I think so) how the issues we face here at p&p in creating useful and practical guidance are almost exactly mirrored in other industries and technologies. OK, so the world is becoming more complicated, as are all the increasingly sophisticated gadgets that it seems we can no longer survive without. Yet, in a large majority of cases, guidance on how to use these wonderful examples of modern technology is often - to say the least - less than useful.
I suppose some of this rumination is due to a conversation I had a week or so ago with a friend who is, like me (and, I suspect, like most of the male half of the population) a gadget freak. He'd just acquired a new digital camera; and as we sat musing on the meaning of life, the universe, and an exceptionally excellent Italian meal, told me about how difficult he is finding learning all the ins and out of operating it. Unlike a lot of snappers, he's not happy just to set it to "automatic everything", and wants to explore the features. But the 80 pages of explanation in the manual seem to hinder rather than guide.
My own aging but reasonably well featured camera is an Olympus, whereas his is a Panasonic. I chose the Olympus because I reckon that the ideal people to make a camera are camera makers, not people whose expertise is televisions and other assorted electronic stuff. Yet a fresh perusal of the manual for my camera reveals much the same problems as he is having. The issue is that the manuals are written as documentation rather than guidance. They patiently describe how to take the camera out of the box and put batteries in, how to turn it on, and even show you pictures of a USB cable and a memory card in case you've never seen one before.
But the rest of the book is pretty much just a series of chapters, one for each of the options that pops up when you press the "Menu" button. Rather like software documentation that has a chapter for the File menu commands, a chapter for the Edit menu commands, and so on. That's fine if you know that, for example, changing the white balance involves selecting an option from a third-level submenu of the Options menu. Or creating a panoramic scene means you need to make two settings on the Camera menu and one on the Scene menu. But not exactly helpful when you just want to do something. And, of course, each option is often just a link to another page that contains more information. As my friend pointed out, trying to learn how it works involves more page-turning and sticky notes than actual reading.
And I can confirm the problems that this creates. At a wedding some months ago, I'd been taking pictures most of the day using the zoom so my head didn't appear in the middle of all the official photographer's pictures, and with the automatic image stabilizer turned on. Later in the evening, during an off-the-cuff Karaoke session, the ten year old bridesmaid succumbed to pressure from the family and guests and sang (very beautifully) a well known Whitney Houston song. Of course, I immediately grabbed the camera, set it to Movie mode, and filmed her performance - promising to put the result on a DVD for her parents.
But when I got home and downloaded it from the camera, I discovered there was wonderful video but no sound. Why? Well, right at the bottom of page 32 of the manual where it describes the options on the Camera menu is a single line that explains how the camera will not record sound when the image stabilizer is enabled. So I end up looking a bit of an idiot, just because I didn't memorize the entire manual for the camera. And what's even more annoying is that the makers are well aware that this will result in lots of people looking like idiots, but they don't think it's important enough to shout about. I would have said that the second line of the "Basic Functions" topic about shooting movies, after the one that says "Set the camera mode to Movie" should be (in large bold letters) "and turn off image stabilization if you want sound."
But I suppose I shouldn't complain because, as I found out after re-reading the manual, the camera has a series of options on the Scene menu - such as Portrait, Sport, Night Scene, Fireworks, Behind Glass, and even Under Water - though, sadly, there's none for movies. However, each one sets the appropriate functions of the camera automatically. It's all rather like the scenario-based software guidance we aim to offer here at p&p (though we've so far omitted topics such as "Configuring ASP.NET Authentication Under Water").
So why doesn't the manual start off with descriptions of these scenarios, together with a list of the settings each one affects? That way you would be able to see which settings are related to different outcomes, and more easily grasp what you need to do if you want to achieve some specific result. At this point, I wandered over to the Olympus website and glanced through the downloadable manuals for the more recent versions of my camera. It's clear to see that they realized the problems people were having. The latest manuals start with sections such as "Shooting, Playback, and Erasing" and "Using Shooting Modes"; only later followed by "Menus for Playback, Editing, and Printing Functions".
And maybe, if I upgrade to the latest model, I'll discover that is has scene settings for really useful scenarios such as "Small Garden Birds That Won't Keep Still From A Long Way Away", "Trains Going Very Fast When You Weren't Quite Ready", "Rock Bands Obscured By Smoke And Flashing Lights From The Back Row Of The Auditorium", and - of course - "Movie When You Forgot To Turn Off Image Stabilization". Or perhaps I'll still need to memorize the entire manual...
You'd think that going minimalist in terms of interior design would be easy. Just decide which three items you want to keep in each room, and throw the rest away. In fact, if you are unfortunate enough to subject yourself to my weekly ramblings, you'll probably recall that we are in the process of going minimalist in our lounge at the moment. We've tossed out the old gas fire and surround and ordered a modern remote controlled "rectangular sheet of black glass" fire that pretends to be a real one using some surreal combination of video, audio, computing power, and pulsating LEDs.
Of course, the multitude of wires for the TV that were hidden behind the fire surround were then nakedly on view, and also emerged just above the skirting board exactly where there used to be a cupboard, but now there wouldn't be. So I had to pull them all out, dig some fresh holes, and put them back in. But there was no point putting the same ones back because most were incompatible with an even remotely modern TV, and ours was well past its expected lifespan. So the old TV went off to our son's house to radically upgrade his Xbox gaming experience and we got a new TV. Now we have nineteen wires buried in the wall, one for each of the sockets on the back of the new TV.
And while we were looking at TVs, my wife espied a very reasonably priced modern black glass table to replace the very decrepit one we have now. So that's the three things for the lounge and the whole minimalist thing is well under way. All I needed was a week to slap some paint on the walls, and a series of delivery vans to arrive. And that's when I discovered that, as we are so often told, we don't actually make anything here in Britain any more.
Mind you, we're not alone in that respect. I remember watching a Simpsons episode where Homer and Marg were wandering around the kitchen department of a large store and Marg remarked that everything she looked at was made in some distant country. "Don't we actually make anything in America these days?" she asked; to which Homer replied - waving a wooden meat tenderizing mallet - "This says 'Made in the USA'". At which point the head fell off it.
So when the new table arrived, I wasn't surprised to see it has a label underneath saying "Made in China". As have the new black chrome curtain poles my wife selected to match the new minimalist decor. And as I was connecting up the TV, finding a "Made in China" label on the back did not seem unusual. Though it was somewhat perturbing to discover that, on that back of the fire we ordered from "British Fire Manufacturers" (who advertise that they are "so confident of the quality of the components and our closely controlled manufacturing process that we offer a full one year guarantee") is a label saying - you guessed it - "Made in China".
But I suppose we expect most electrical consumer goods to be made in China now anyway. The laptop I'm typing this on has a "Made in China" label underneath. The mouse I'm using says "Designed in Redmond USA" on it, but in smaller letters underneath admits that it, too, was made in China. When I opened the broken Media Center box last week, everything inside had a "Made in China" label. Except for the case itself, which it says it was made in Indonesia.
I suppose we shouldn't be surprised, especially if you keep up with the news and heard about the factory in Shenzhen in southern China that covers 200 square miles and employs 8 million people (or something like that). And it's not like everything that comes from China is poor quality. They make all the iPads and iPhones there, and they are quite respectable devices. Or so I'm told - being a 'Softie I wouldn't actually know, of course.
But what must be galling for them is that they feel they need to hide the fact by putting very small "Made in China" labels on the back of stuff. The hi-fi system I bought 30+ years ago (and which is still the main audio system we use for the Media Center, the DVD player, the CD player, and the TV) proudly displays large "Made in Japan" signs right there on the front panel. Like they are proud to say so. And, at least in this case, they probably are. I suspect that my computers, TV, mobile phone, and all the other more recent hi-tech stuff in our house will struggle to survive even a fraction of that time - as I discovered last week...
We had one of those disastrous spells here at chez Derbyshire a couple of weeks back. It started with trying to switch our mobile phone contracts from one supplier to another, and ended with what seems like half of the hi-tech equipment in our house deciding it had, with disappointing lack of excitement, reached the end of its useful working life.
On the Thursday, I had already spent yet another wasted hour on the phone to an incompetent customer disservice department trying to get two SIM cards to work in our phones with the numbers transferred from our previous supplier. I guess it didn't help that the previous supplier seems to have given me transfer authorization codes for somebody else's numbers, or that the new supplier's sales department had made up some non-existent email address for me and then emailed my user name and password to it.
So, in a somewhat grumpy mood, I tossed the ingredients for a nice soothing milky coffee into the microwave and pressed "Go". Except nothing happened. No flashing lights, no whirring noises, no turntabular revolution. Not even a flash or loud bang to provide a satisfying indication that the twelve year old contraption we bought second hand from a friend was ready to go and meet the God Of Recycling.
Then in the evening of the same day that the microwave waved goodbye to the world, and after spending fruitless hours at work trying to log onto our Azure test account, I moodily flopped down in front of the TV and pressed the big red button. And was greeted by a screen full of wavy lines. It seems that the video card in the Media Center box had had enough and was no longer going to translate the ones and zeros coming from the hard disk into anything resembling a TV picture. Yet there was no satisfying puff of blue smoke, or crackling noise from incinerated components, or even a faint smell of burning.
It never used to be like that. I remember as a kid being in my Dad's Morris Minor on the way to Gloucester when it reached its MTBF and exploded with a very loud bang, emitting clouds of oily smoke and depositing an assortment of pieces of former engine all over the road. Yet when my wife's car broke down some months ago, all that happened was a light came on the dashboard and it gently cruised to a halt.
And if your washing machine broke in those days, it was accompanied by the sounds of somebody bashing saucepans together and a rapidly expanding pool of soapy water on the floor. Now it just displays some indecipherable "Error Code" in the display and grumpily sits looking at you with no intention of doing anything until you phone an approved (quoting from the manual) "domestic appliance maintenance and repair operative".
This is a worrying trend. If you opened the bonnet/hood of your car and discovered a molten mass of connecting rods and melted spark plugs, you could take an educated guess that something was wrong with the engine. Now you have to get a (very expensive) specialist in vehicle electronics to connect your car to a computer in some foreign country to discover that the fuel stabilization flutter compensation valve needs replacing.
And it's interesting that, even though we are surrounded by stuff that is supposed to free us from the drudgery of all those day-to-day tasks, we seem to have even less free time than our parents and grandparents. Is it because we spend so much time trying to figure out which hi-tech devices have decided to break down this week, and getting them fixed or replaced? It says something for adopting an Amish lifestyle.
Meanwhile, perhaps manufacturers should be compelled include a small firework in every electrical device that is ignited when any of the warning lights come on so you know that something has definitely gone wrong. And maybe a short audio file of clanging and grinding noises. It would certainly make having to have stuff mended (or, more likely, replaced with a new one) a bit less dull.
Of course, this would also apply to computers. Your laptop would satisfyingly dissolve in a cloud of black smoke when the hard disk died, or your server would produce an acrid smell of burning and light up the server room with exploding stars that would make it easy to track down the faulty one. We could even extend it to software. Instead of a boring error dialog, how about a very loud siren and flashing "DANGER" in big red letters all over the screen like you see in the movies. Maybe even an on-screen countdown to self destruct. It would certainly make being a computer programmer seem like a lot more interesting job.
If you have a few minutes to spare, why not pay a visit to the UK Advisory Network website? How could you resist reading about how it is "promoting closer working between Government and the private sector", and "consists of members with essential knowledge and invaluable expertise who have completed a robust application process"? Oh, and by the way, that click just cost £11.78 (around $15).
Yes, you'll probably be amazed to learn it cost the UK Government that much for every visitor. And you thought using the Web was a way to reduce costs! They could probably have photo-copied the list of members who have completed a robust application process and sent it by snail mail for less. Or, and here's a shocking thought, got the robust members to set up their own website and pay for it. No doubt they charge an admirable fee for their expert advice that would easily cover it.
And here's a much more exciting site for you to try: http://www.lovechips.co.uk/. Check out the Chip-O-Vision video, or read the Chip Papers. Yes, a whole site devoted to how wonderful chips (as in fish 'n' chips, not flat things that come in bags) are. Then scroll to the bottom to discover that the site is run by "The Potato Council" - what used to be the Potato Marketing Board until then realized they needed a fancy new name - which is "a division of the Agriculture & Horticulture Development Board (AHBD)". In other words, the Government.
There are plenty more as well. In fact, according to a recent newspaper report, there are 820 of them. And a review of 46 out of the 820 revealed that the cost of building just these was £94 million ($140 million), plus staff costs of another £32 million ($48 million). Mind you, according to the report they plan to close down around 600 of the so called "vanity sites" to save money and help balance the national budget. But what's even more amazing is that they already closed down 907 - there used to be over 1,700 of them! I wonder if they'll publish a full list of the ones that are left so I can go and see what else they've been spending our tax on before they all disappear. Is it any wonder that the country has run out of money?
Maybe I need to give up my job and go back to building websites. I reckon I could knock up a site like Love Chips for that money, and still turn a reasonable profit. Or perhaps I can persuade my bosses here at p&p that the next project should be a White Paper on "How To Build A Website For Less Than Three Million Dollars"...