Now, before anybody says anything – I’ve done a bit of research about using it, especially about allowing it to submit my photos to their cloud service for processing.

I’m relatively happy with the way the app deals with data – nothing unusual and nothing that other apps have done before.

So here are a few scary images to frighten people:

I also played with the de-ageing filter and the result is too horrible to post here.

First, it was Good Omens. Now it’s The Boys. Amazon Prime Video has been available on Apple TV devices for a while now. Not long, but long enough. I bought the 4K version of the Apple TV because I have a 4K TV.

I do have the Amazon Prime Video app on my LG 4K TV, but I don’t tend to use the built-in apps for the TV because the TV is getting old now and the app and WebOS updates are few and far between. An Apple TV device should continue to receive OS and app updates regularly for many years to come – and one only has to replace one component when Apple stops supporting that device, rather than having to replace an otherwise good working TV. This is why I despise the “smart” in Smart TV.

Amazon’s 21st century equivalent of adjusting a TV aerial

Amazon, like Netflix, has been commissioning original TV shows in UHD (4K). With Netflix and the right subscription, you’ll get the highest resolution out the box without any fuss. If it’s 4K, you’ll get 4K. If it’s HD only, you’ll get HD only. With Amazon, you’re relying on them to put the 4K version of the title on the home page. Except they rarely do. No, with Amazon, you have to dig deep to find the bugger and then add it to your wishlist so that you don’t lose it again.

I had tremendous difficulties playing Good Omens in 4K when it was first released. Error galore. And I had even more difficulty trying to find the link to get help with Amazon (though it turns out when you do find the help page, the contact us section is bottom left-hand side – it’s not as obvious as you think it is when you’re trying to look for it). We then spent about an hour going through a scripted support process before the case was escalated to Amazon Prime Video’s specialist support team.

The thing is, the LG TV could play the 4K version of Good Omens just fine. Yet the newer Apple TV running Amazon’ s own app couldn’t. Eventually, Amazon managed to fix it, but it left a bit of a bad taste.

And now we have a new Amazon series called The Boys. It’s a very good black comedy about a world where superheroes are vile and managed by a massive agency who look after their PR, which comes in handy whenever collateral damage from a superhero rescue comes into play. It’s an exceptional series, but again, I can’t play it in 4K on the Apple TV.

Here are things I’ve tried:

  • Signed out of Amazon, then signed back in again
  • Restarted the Apple TV
  • Signed out of Amazon, deleted the Amazon Prime Video app, restarted the Apple TV, downloaded the Amazon Prime Video app, and then signed in again
  • Sacrificed a small goat to the tech god, “Sodslaw”
  • Admired the extremely impressive Apple TV 4K screensavers when attempting to escalate the issue with Amazon

The reason I got angry about this in the first place was that the TV app on Apple TV made it clear it was a 4K show. But when you clicked on the link to open it, an error from Amazon’s Prime Video app popped up.

I tried to search for The Boys within the app. No joy. And I tried on the web site – again no joy – until today (one day after the release). I added it to the Watchlist so that I wouldn’t lose it again.

I’ve been in touch with Amazon, and I think they’re escalating this – but they also wanted me to restart my router. I said that I didn’t think that was going to be necessary, but they insisted. And that’s when I lost my temper and left the chat.

Some thoughts:

  • Apple and Amazon need to work more closely together
  • Amazon needs more developers onto the tvOS app
  • Amazon needs better QA testers for the tvOS app

If these so-called “cord-cutting” services are to succeed, they need to work flawlessly across the many platforms that they’re on. And support for these services needs to be beefed up. Streaming is only going to get more complex – especially if 8K is around the corner (my prediction: won’t see anything serious for the next 2-3 years and even then we’ll still be struggling with 4K like we are right now).

Debian 10 (aka Buster) doing its thing

July 26th is Systems Administrator Appreciation Day! A day where office workers everywhere should be bringing in delicious treats for the IT department to ensure goodwill between techie and Luddite remains in full force.

I’m not quite sure why I wanted to be a systems administrator some 22-odd years ago, but here I am – still a systems administrator. I suppose it all started when I started visiting my dad at work and being fascinated by the telex machines and computer systems, including the multi-user DEC systems they had.

SysAdmin Man Begins – taken from my very first C.V.

After leaving university I started building PCs for a local company in Norwich, then set-up and managed Linux and Windows servers for the same company when they became an ISP. That job was a jack of all trades and also included writing software to configure the TCP/IP stack for dial-up for Windows machines, web design, and technical support.

After a few more years in the ISP industry, I went to work for The Moving Picture Company (MPC) in the film and television industry, sysadminning the infrastructure for high-end visual effects for major movies and TV shows. After that, my first taste of systems engineering in a software development firm that specialised in VFX software, before moving on back to the ISP/web hosting industry for 9 years.

Now I work in e-commerce and handle corporate infrastructure as well as that of client websites. All the years of experience from the above come into play. It’s been an interesting journey so far. Not sure what else fate has in store for me, but I’m sure I’ll be a sysadmin until the day I die.

Fellow sysadmins, I salute you.

(*) Translation: I am in great pain.

So many announcements, so little time..

This year’s WWDC keynote was packed to the gills with a slew of announcements relating to upcoming software features in Apple’s range of products, including the Apple Watch, iPhone, iPad, and Mac. Additionally, the company also announced a whole new redesign of the Mac Pro, a new high-end monitor, and $1,000 monitor stand (I kid you not).

Apple has a rebranding/versioning problem

The iPad is getting a whole new slew of feature enhancements that won’t be found on the iPhone, to the extent that Apple is now referring to the version of iOS for iPad as iPadOS. This now gives us the following OS derivatives based on the Mach kernel/FreeBSD from which OS X originally came from:

  • MacOS – for Mac desktop and laptop operating systems
  • iPadOS – for iPads
  • WatchOS – for the Apple Watch
  • tvOS – for Apple TV HD and Apple TV 4K
  • iOS – for iPhones

So why doesn’t Apple rename iOS to iPhoneOS to identify the operating system specifically for iPhones? I don’t know. I’m assuming iPadOS will be referred to version 13, the same as iOS rather than iPadOS 1. If Apple did change iOS to iPhoneOS, it’d still be version 13 too. Only WatchOS has had significant changes to the version number since it was first released. We’re currently on major version 5, but for iOS and tvOS it’s version 12. For MacOS it’s 10.14. Even I’m finding it difficult to keep up.

Goodbye iTunes – so long, and thanks for all the fish

I’ve been a heavy iTunes user since.. well .. since Winamp died. I migrated over to the iTunes platform on Windows initially long before I had my first Mac, and haven’t looked back since. I’ve tried to leave the iTunes ecosystem a few times, but quite frankly it’s very difficult – particularly because the integration and feature set is very good. The downside is that iTunes has been enormously clunky for quite some time.

So Apple is splitting out music, video and podcasts into three separate applications for the next release of MacOS (called Catalina). This makes sense. I’m an Apple Music subscriber and find that the iCloud Music Library to be extremely useful to sync my own tracks across my iPhone XS Max and Apple Watch series 4. The iTunes store will still be there if I do want to purchase tracks or albums, or movies or TV shows.

The Mac to get 4K movie playback

Apple TV on the Mac will also play 4K content (since many modern iMacs will have 4K or 5K displays) and Dolby Atmos content. It’s no longer limited to Apple TV HD/4K devices. However, my biggest disappointment with Apple in this regard is that iTunes is still not offering 4K television shows for sale. Or TV shows with iTunes Extras content. I feel that Apple’s upcoming video streaming service, Apple TV+, may have had an effect on that. If UHD Blu-Ray content is on the way out, we need a better alternative to just streaming services. People want to buy, download and keep. And they want the extras that come with physical discs.

Apple to stop BASHing MacOS and wants to zig-a-zig-zsh

Apple is, for whatever reason, not a fan of GNU v3 General Public License. As such, the version of the bash interpreter included with MacOS is a little out of date. The zsh shell is more modern, largely backwards compatible with bash and is, in theory, a better option. That said, a good amount of what I do involves bash, so I doubt I’ll be changing over anytime soon.

You’ll be able to use your iPad as a second screen with MacOS Catalina

Something that I look forward to using. The new version of MacOS Catalina will allow users with a modern iPad or iPad Pro as a second screen – with the added bonus that if you have an Apple Pencil, you can use something like Photoshop to sketch on the iPad and it’ll appear on your Mac.

iPadOS will make the iPad more computer-like like never before

Apple has been pushing the iPad and iPad Pro as fully fledged computers. The problem with that is that even with a physical keyboard, key features of the operating system are still incredibly limited.

As well as a new home screen with access to widgets in horizontal view, the icons are now more tightly packed together – allowing more icons per screen. There are new gestures to make it easier to select, copy and paste text – and the cursor should be much easier to reposition.

And you’ll finally be allowed to use a mouse with an iPad! Though it forms part of the accessibility features and effectively emulates fingers – thus it won’t be the same as if you were using MacOS. But I think the new gestures and cursor control should help a bit.

The biggest change is that you’ll be able to plug in a USB hard drive or thumb drive and copy data to and from the iPad like any other file. It’s been mentioned that Apple formatted HPFS+ volumes don’t yet work (which would be silly if you also have a Mac), but may change during the beta/development process.

The iPad will also be able to connect to network shares as well – also offering a way of pulling data into and out of the iPad over the network.

Access to files via USB drive or network drive makes me wonder what would happen if the iPhone XI models ship with USB-C ports instead of lightning ports. It would be a tremendous benefit to have USB-C on the iPhone, but it did, would the Files app also support the use of hard drives and thumb drives as well? And are the other features sufficient to rename iOS on the iPad as iPadOS in that case?

Safari, the default web browser on iPadOS, will be able to use the desktop versions of web sites. Previously this was not possible as Safari always identified itself as a mobile browser, and the web site/app would deliver a mobile-friendly version. It’s not clear whether this will be the default option, or if other browsers such as Chrome will follow suit as it will mean changing the browser identification string. Something I’ll need to bear in mind for work!

In short – iPadOS has more features in it to make an iPad last a good many years as a laptop computer. It’ll always be a locked system, but Apple have opened it up a little more in what it can do that will make it a more attractive option to those on the move.

iPhone users also have a few tweaks to look forward to

I’m so looking forward to disabling limits on the size of app downloads. I have a very generous data allowance with my phone provider, and few humongous apps. But that’s not all – it’s said that apps will launch twice as fast and be half the size. Some serious optimisation work going on there!

I’m definitely looking forward to the new dark mode, and even more so – I like the look of the new Photos app. I use Photos and the iCloud Photo Library a lot across all my Apple devices, so it’ll be interesting to play around with the new features there. Already loving the new layout and can’t wait to start using it.

Pro Macs and Displays

With potential costs of up to $35,000 for a fully tricked out Mac Pro, and the displays costing around $6k including the monitor stand, the new Mac Pro is going to be something for companies or individuals with very deep pockets. The performance will be phenomenal, but it will require substantial effort from developers to make use of those performance enhancements.

VFX, for example, has generally relied heavily on NVIDIA graphics technology – as has anything with big computational needs. That said, when I was working back in VFX, Macs were primarily used for 2D Photoshop work (working with giant size textures).

I think the Apple ProDisplay will do much better in terms of sales – the specifications alone are going to be very tempting for anybody that requires great colour accuracy. And cost point of those monitors – even with the stand – is considerably cheaper than other manufacturers.

Another question that I have is that if Apple is intending to switch from Intel to their own ARM silicon in the future – how far ahead is this, and what about people who have spent tens of thousands of pounds/dollars on these systems only to find that we’re going to be in the middle of another architecture change in 2-3 years time. That’s a very difficult question to answer right now, but I believe Apple *will* do it at some point. Given the number of speculative vulnerabilities that are cropping up in Intel CPUs, people (and Apple) are going to be fed up with Intel.


(*) From the Adult Sim cartoon series, Rick & Morty. “Wubba lubba dub dub” was Rick’s catchphrase.

You’ll have seen the adverts on TV. Well, I did too. And I thought – have they possibly changed in the few decades I’ve known them? They’ve always been in the back of mind – but not in a good way (especially when it came to domains). Has the rebranding done any good?

Bargain Hunt

I like a bargain as much as anybody else does, and although I’ve been very happy with DigitalOcean, 1&1 IONOS’ VPS service for £1.20/month for 6 months before another 6 months of £24/month seemed quite reasonable for the specifications on offer (4 vCPU, 8Gb RAM and 160Gb SSD).

I know my own address, thanks..

So I signed up early last week. The first thing that drove me insane was their postcode/address lookup function when entering your address as a new customer. I have constant problems with postcode databases not getting my address properly and 1&1 are no different. After entering my postcode, the system told me my address was wrong and I couldn’t move forward with completing the registration form unless I accepted their version of my address (which is wrong). So I just accepted it. When it came to payment, a similar problem, but the system seemed to accept it and was charged £1.20 just fine.

It wasn’t until later the following day I received the account set-up confirmation email and I proceeded to log in and start getting things set-up. The very first to do was to lock down the server so that only I could connect to it from my home and work IP addresses for the purposes of SSH access (command line access). 1&1 IONOS comes with a firewall, so I started to configure it. As I also use CloudFlare for caching, WAF and firewall, I started to configure the IONOS firewall for that – though I note that the documentation for the firewall doesn’t mention you can use CIDR notation for the allowed IPs. The web form will accept them though! According to the official firewall docs, you can specify a range of IPs with a dash, but since CIDR is a perfectly normal and standard notation for IP ranges, I’d try that (it saves typing). After a while (as CloudFlare has a fair number of IP ranges), everything looked set to go. CloudFlare’s servers were the only ones that could connect to TCP port 443.

Let me explain how CloudFlare works, as you’ll find that neither 1&1 IONOS engineers or my “personal consultant” understand how systems like CloudFlare or Akamai work (I’ve been using CloudFlare for at least 7 or 8 years, and Akamai for 2).

How does CloudFlare work?

When you request a page from my blog, the request goes to CloudFlare. CloudFlare does a few security checks first of all, then, if you’re not a naughty bot or person, it checks to see if the page already exists in its cache. If not, CloudFlare – and ONLY CloudFlare – will connect to my VPS securely to retrieve the page and serve it to you. You, as a requester cannot bypass CloudFlare to get to my VPS directly unless I specifically disable proxying within CloudFlare (my DNS is hosted with CloudFlare so any changes I make should be almost immediate).

Too hot to trot?

When I set-up the 1&1 IONOS VPS server, it took me about 30 minutes to get everything running including moving everything off DigitalOcean and installing MySQL, PHP and nginx. I’ve written scripts which perform much of the set-up for me – and everything is checked into BitBucket so that I can retrieve those scripts at any time from anywhere. I also have many backups at Backblaze B2, courtesy of rclone (written and maintained by my former boss at Memset Hosting Ltd.)

ALAS!

CloudFlare could not talk to the 1&1 IONOS VPS. Connection timed out every time. I set-up a firewall rule to allow myself direct access to the VPS via port 443) to test that the LNMP stack was working correctly. It was. Output from netstat showed everything was fine. No local firewall was running, and iptables rules were clear and set to accept. And yes, I had changed the IP addresses in CloudFlare’ DNS to the new shiny VPS.

How about you try turning it on and off again?

So I utilised 1&1 IONOS’ live chat system for technical support. They’re fast, but they wanted to know why I was locking off port 443 to specific IPs. I explained I was using CloudFlare. I checked with them if the syntax of the firewall rules were correct. Apparently, they were. Their advice? Open port 443 to the world. I asked them if they had any experience with CloudFlare or Akamai or any other similar service. The whole point with these systems is that it acts as a barrier between the internet at large and your origin servers. The origins which host your application should never be exposed externally but only through CloudFlare, Akamai or whoever.

So I called my “personal consultant” for help by submitting a request for a callback. Within a minute or two I was connected. I explained the problem to him and he went away and spoke to the technical people. Their explanation was how CloudFlare was returning client IPs. Which is absolute bull. See my explanation further above. The connecting IPs are the ones that I defined in the firewall. The same IPs I had been using at DigitalOcean with their firewall. Client IPs that come in are passed to the original server in the form of a header (and my nginx configuration looks at that header and parses the real IP which is then available in the server logs) – but that’s got nothing whatsoever to do with CloudFlare’s servers connecting to my VPS.

No experienced sysadmin should touch 1&1 with a bargepole..

While I was still talking to the chap on the phone, the blog suddenly spluttered into life. But it is not obvious why. The firewall rules didn’t look to have changed. But still, I didn’t like the explanation whatsoever from their technical department as to how CloudFlare operates and the encouragement of opening TCP port 443 to the world. I had to explain that I’m a systems administrator of some 22 years, having worked for two Academy Award-winning VFX companies, and now help manage multi-million-pound websites for some very high profile clients and have extensive experience with CloudFlare. So I cancelled the account there and then.

ALAS!

I was transferred to the US division of 1&1 for cancellation. But after 10 minutes or so, I was put through to the right person who cancelled the account for me. And I received this email:

Every. Single. Image. Broken.

SIGH.

I’ve gone back to DigitalOcean again (~£10/month for third of the resources). But in order to test my DR (disaster recovery) plan, wiped the old server, set-up a new one, and restored everything from my Backblaze B2 backups. It all works perfectly.

CloudFlare had no problem connecting to my new VPS at DigitalOcean. New IP and everything. That’s how 1&1 IONOS should have worked out of the box. I blame their firewall and their documentation. And possibly lack of experience of IDS/WAF/CDN systems such as CloudFlare.