Integrating OCS Inventory with Rundeck

I’ve been on a DevOps journey for a while now. If you’re in a similar place – am I just a dullard, or is it slow going?!

I work mainly at the Ops side of the equation, in an environment that strongly favours open source solutions. Most recently I’ve been focusing on automating asset management/inventory. For this, OCS Inventory NG fits the bill well. The interface isn’t that slick, and I couldn’t for the life of me get the Active Directory integration working [UPDATE: now working; read this post], but for collecting software and hardware inventory, it’s the bomb.

In a mixed estate (Windows/Linux/Mac), I can use Group Policy, Rudder and Meraki respectively to force the OCS agent onto endpoints. Which means I can just sit back and let my CMDB populate itself. Awesome. (Because who’s got time to keep these things updated themselves, right?)

This inventory automation was a prerequisite for Rundeck. Since you’re here, you probably already know, but just in case you don’t: Rundeck is a fantastic tool for wrapping policies around any task you can dream of. You can use it for centralised job scheduling, you can use it to allow your developers to reboot servers without giving them SSH access, and you have ACLs and a full audit trail for everything.

For Rundeck to be any use, it needs a list of servers to control, which brings me back to OCS Inventory. OCS knows about my servers, so let’s just get Rundeck talking to OCS. Then Rundeck will have an always-up-to-date list of server endpoints, with no human input required. Marvellous.

My weapon of choice here is PHP, because I know it and because all the required components for this script are already installed on the OCS Inventory server. The simple prerequisites:

  1. Ensure all servers are tagged on their way into OCS Inventory. I use the installation switch /TAG="SERVER" with the OCS agent.
  2. On the OCS Inventory server, create a read-only MySQL user for the script. I created the user “rundeck@localhost” (so its purpose was clear) and gave it the minimum permissions – SELECT on the accountinfo and hardware OCS tables.

I created a PHP script in the OCS Inventory web root. For me that’s at /usr/share/ocsinventory-reports/ocsreports. I called the script rundeck-xml.php. And here’s the code:

<?php
// OCS inventory integration into Rundeck.
$host = "127.0.0.1";
$db = "ocsweb";
$user = "rundeck";
$pwd = "PASSWORD GOES HERE";

$link = mysqli_connect($host, $user, $pwd, $db);

if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}


// Select all devices tagged as "SERVER" in the OCS database
$query = "
    SELECT `NAME`, `WORKGROUP`, `OSNAME`, `OSVERSION`, `OSCOMMENTS`, `IPADDR`, `DESCRIPTION`, `ARCH` FROM hardware
    LEFT JOIN accountinfo ON hardware.`ID` = accountinfo.`HARDWARE_ID`
    WHERE accountinfo.`TAG` LIKE '%SERVER%'
    ORDER BY `NAME`
";


if($result = mysqli_query($link, $query)) {
    // Start XML
    header('Content-type: text/xml');
    echo "<project>\n";

    while($row = mysqli_fetch_object($result))
    {
        echo "    <node name=\"{$row->NAME}\" type=\"node\"\n";
        echo "        hostname=\"{$row->NAME}.{$row->WORKGROUP}\"\n";
        echo "        osName=\"{$row->OSNAME}\"\n";
        echo "        osVersion=\"{$row->OSVERSION}\"\n";
        // Architecture is either in the DESCRIPTION field (for Ubuntu) or ARCH field (for Windows)
        $arch = (isset($row->ARCH) ? $row->ARCH : $row->DESCRIPTION);
        echo "        osArch=\"$arch\"\n";
        echo "    />\n";
    }
    mysqli_free_result($result);

    echo "</project>\n";
}
?>

Possibly not the most elegant code, but it gets the job done. Further security is left as an exercise for the reader. ūüėČ

Referring to the database and the RESOURCE-XML Rundeck schema, you can extend this script to suit your needs. Add this to your Rundeck project configuration as an external resource model, with the URL of the above script. E.g. http://ocsserver.domain.com/ocsreports/rundeck-xml.php. All being well, every server from OCS Inventory will now appear as a node in Rundeck.

GDPR: what is a small UK business to do?

Although it’s nearly upon us, it seems like many businesses remain unaware of the impending data protection doom of the General Data Protection Regulations. Small businesses in particular. It’s easy to think that (a) there’s no way you’d have time to prepare your business and (b) it won’t apply to you in any event.

The trouble is, that’s a risky position to take. When it comes into force on 25 May 2018, GDPR will usher in fines of up to €20m (and beyond). On top of that, consumers will be increasingly ready and willing to sue companies over data protection issues. Every business needs to take GDPR seriously, then.

Under the current regime, governed by the Data Protection Act, the maximum fine for a data breach is £500k. Under GDPR, at present Euro exchange rates, it’s 34 times that amount. Our data protection enforcement body, the Information Commissioner’s Office (ICO), is about to have a major weapons upgrade.

In June 2017, the ICO fined Morrisons £10,500 for a marketing faux pas. In July, the company under the cosh was MoneySuperMarket and the fine, £80,000. Scaling those fines up 34 times and you’re looking at £357k and £2.7m respectively.

Now it might not work that way in practice, but we’re still looking at huge potential exposure – the kind of exposure that could put a company out of business. Realistically a smaller company is likely to face a smaller fine (smaller customer databases, smaller likely impact from any breach). But also, a smaller company, with less resources to apply to security and cyber risk insurance, is more likely to fall foul of the regulations and be fined. Again and again and again.

Does this sound alarmist? Possibly. It all comes down to risk really. If you’re happy to play fast and loose with your customers’ data in full knowledge of the consequences, read no further. But if all this is giving you pause for thought, stick with me.

But Brexit?

Sorry; we’ll be following GDPR regardless of Brexit.

250 is the magic number

The regulations impose differing obligations on companies, depending on number of employees. The legislation will be less onerous for companies with fewer than 250 members of staff. But still onerous.

If you’re under the 250 mark, but you process or store much personal data (customers, suppliers, employees), GDPR will apply to you in full. So if you’re running a greengrocer’s you’re probably okay. If you’re running a small accountancy firm, well you’ve got a lot of work to do. And we can’t afford to ignore this, right?

New stuff

We’re already covered by the Data Protection Act in the UK. GDPR significantly enhances personal data protection and privacy by imposing:

  • Significant changes when it comes to consent. You may not market to anyone who has not consented. And consent has to consist of an act on the part of the person. Pre-ticking consent boxes on website won’t fly any more.
  • Clarity and ease. It must be easy for consumers to understand what it is they’re consenting to, and easy for them to withdraw consent. Consent must be defined by channel (e.g. email/telephone/SMS) and duration (how long the consent will last).
  • Data portability. If someone asks for a copy of the data you hold on them, you must supply it within 30 days, in a common electronic format (Word document, Excel spreadsheet, PDF file, etc.).
  • Accuracy. You are obliged to correct any incorrect data – including, if you’ve shared that data with a third party, making them correct it too.
  • A right to be forgotten. If someone asks you to remove their data, and you have no other legitimate reason to keep it, you have to remove it.
  • Mandatory data breach processes. If you become aware of a breach that affects personal privacy, you will need to tell the ICO within 72 hours of discovering the breach. Essentially means you need a bullet-proof data breach policy in place.
  • Privacy by design. If you’re designing a new system or business process, you must consider privacy at the outset (and you must document the fact).
  • Data Protection Impact Assessments. If a piece of work is likely to represent a high risk when it comes to personal data, you must conduct a DPIA. The GDPR does not specify the detailed process, but it’s essentially based on risk analysis. If after your analysis, you conclude there is a high risk to privacy, you must consult the ICO before commencing work.
  • Data Protection Officer. If your business is over the 250 mark, or under it and you process personal data, you must appoint a Data Protection Officer. And that DPO needs to have some idea of the responsibilities of the role. Reading this blog post should help!
  • A broad definition of “personal data”. This now includes IP addresses, for example. It’s essentially any data that identifies a person or that could be used with other data to identify a person.
  • Security. The legislation requires you to take reasonable steps to protect personal data. Think encryption, robust passwords for access, principle of least privilege, need to know, etc.

What do I need to do?

If you’re reading all this for the first time, you’ve probably already started to identify areas of your business that you’ll need to review. Here’s a general plan of attack that I would recommend:

  1. Appoint a Data Protection Officer.
  2. Review all your data, thoroughly. If you have more than one employee, you’ll probably need to involve others in this process. If you don’t know where your data is or what data you’re holding, you will be oblivious to your compliance obligations. And obliviousness is no defence I’m afraid, when it comes to penalties.
  3. If you undertake any marketing activity at all, use the remaining time you have between now and May to seek consent from your existing customer base. If you don’t have their consent post-May 2018, and you market to them, you’re liable to be fined and/or sued.
    For companies with large marketing operations, this will be quite a sizeable undertaking. Make sure when you’re collecting consent, you note when consent was granted, which channels it covers and how long it will last. In future, you’ll need a process to renew consent before expiry, or to expunge expired data.
  4. Ensure that in any automated process you use to collect consent, you don’t use pre-ticked boxes or similar. Also, don’t do this anymore: “If you don’t reply to this email, we’ll assume you want to hear from us…”
  5. Update any privacy notices, particularly taking account of the obligation to be clear. Pretend you’re writing it to be read by a 12 year old.
  6. Put in place processes to amend or delete data when required to do so.
  7. Develop a process to provide a copy of all data to a consumer, when asked.
  8. If there’s a chance you will process the data of anyone under the age of 13, you’ll need a process for obtaining parental consent.
  9. Write a data breach response plan. This doesn’t need to be a 100 page document. Just simple steps to follow in case of a breach – which include notifying the ICO and the affected consumers as appropriate.
  10. If in doubt, seek professional help.

Disclaimer

I’m writing this as a Certified Information Systems Security Practitioner and a non-practising solicitor. These guidelines do not constitute legal advice, but I hope they will point you in the right direction. The truth is that these regulations aren’t in force yet, so nobody really knows quite what impact they will have on the data protection landscape. It will be a big shake-up though, that’s for sure.

Featured photo used with permission.

How-to: ODBC connection to DB2 instance (e.g. Mitel CSM)

ibm-db2I’m sure this is a very niche article. Which means if you’ve arrived here, you’ve almost certainly been as frustrated as I have with the documentation for DB2 ODBC connections.

Background: I’m trying to connect to a DB2 instance, running on a Windows machine. I imagine that this procedure will work just as well for instances running on other architectures. And I’m trying to connect from another Windows machine, to pass data into a Microsoft SQL-powered data warehouse.

You will need the “IBM Data Server Driver for ODBC and CLI (Windows/x86-32 32 bit) V10.5 Fix Pack 8“. If the link doesn’t work any more, go to IBM Fix Central and search for “Windows Data Server Driver ODBC 10.5”. Possibly other versions will work, but this is the one I found most reliable.

The process is as follows:

  1. Copy the entire extracted folder to the root of a data drive (e.g. to D:\DB2, E:\DB2 as the case may be).
  2. Add the bin folder to the computer’s PATH environment variable (DB2\clidriver\bin).
    db2_odbc_01
  3. Launch an elevated command prompt.
  4. Navigate to the DB2 bin folder. E.g.:
    e:
    cd e:\DB2\clidriver\bin
  5. Install the ODBC driver:
    db2oreg1.exe -i
  6. On Windows Server 2012 R2, also run:
    db2oreg1 -setup
  7. The driver will now appear in the 32-bit ODBC driver list:
    db2_odbc_02

To connect:

  1. Launch the 32-bit ODBC data source administration applet.
  2. On the User DSN or System DSN tab, click Add.
    db2_odbc_03
  3. Select the ODBC driver and click Finish.
    db2_odbc_04
  4. Name the data source (e.g. “CSM”, in my case) and then click “Add”, next to the Database alias dropdown.
    db2_odbc_05
  5. Enter User ID and password.
    db2_odbc_06
  6. Check the “Save password‚ÄĚ box. Note the warning and click OK.
    db2_odbc_07
  7. Switch to the Advanced Settings tab.
    db2_odbc_08
  8. Use the ‚ÄúAdd‚ÄĚ button, to enter the following values.
    Hostname: [host DNS name or IP address]
    Port:     50000
    Protocol: TCP/IP
    Database: [DB name, e.g. CTI_DATA]
  9. Review the settings and click OK:
    db2_odbc_09
  10. To test the connection, first click the ‚ÄúConfigure‚ÄĚ button.
    db2_odbc_12
  11. The credentials are stored in the ini file, so you do not need to enter them here. Simply click “Connect”.
    db2_odbc_10
  12. You should see a success message.
    db2_odbc_11

If you’re looking for a free, Windows-based ODBC interrogation program, there are a few out there. All the ones I tried had quirks in their interfaces. I’ve had most success with ODBC query tool though. Here it is, running under Windows 10:

odbc-query-tool

If that doesn’t work for you, you can try the almost identically named ODBC QueryTool.

CodeIgniter 3: connecting to MS SQL from Linux

ms-sql1-300x120Connecting to Windows/Microsoft SQL from Linux/CodeIgniter remains challenging. As PHP progresses, various old methods of connecting to MS SQL are being deprecated in favour of (e.g.) PDO. Unfortunately, reliable MS SQL server PDO drivers are hard to come by under Linux.

As I’ve written previously, the most successful method I’ve found of connecting from CodeIgniter to MS SQL is using a combination of unixODBC and FreeTDS. So here’s an updated guide for CodeIgniter 3 on Ubuntu 14/PHP 5 or Ubuntu 16/PHP 7.

On the server where your web application runs, install the following packages: unixodbc freetds freetds-dev tdsodbc php5-odbc. For Ubuntu 14:

apt-get install unixodbc freetds freetds-dev tdsodbc php5-odbc

For Ubuntu 16:

apt-get install unixodbc freetds-common freetds-dev tdsodbc php7.0-odbc

Restart Apache:

service apache2 restart

Add the details of your MS SQL server to the FreeTDS config file (at /etc/freetds/freetds.conf), e.g.:

[my-server]
host = my-server.domain.local
port = 1433
tds version = 7.4

Note: that the TDS version shown above is for SQL Server 2012 (version 11). For more information about the TDS protocol version numbers (which don’t follow the Microsoft SQL version numbers), read the official documentation.

Add to /etc/odbcinst.ini (you may need to check the precise location of these .so files):

[TDS]
Driver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so
Description = FreeTDS driver
Setup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so

Add details of your MS SQL server to /etc/odbc.ini:

[my-server]
Driver = TDS
Description = My Server
ServerName = my-server
Database = MyDatabase

The ServerName above here corresponds to the name of your server in the FreeTDS configuration file. In the CodeIgniter database configuration file, add something like this:

$db['mssql'] = array(
'dsn' => '',
'hostname' => 'dsn=my-server;uid=myusername;pwd=mypassword',
'username' => '',
'password' => '',
'database' => 'MyDatabase',
'database' => '',
'dbdriver' => 'odbc',
'dbprefix' => '',
'pconnect' => FALSE,
'db_debug' => (ENVIRONMENT !== 'production'),
'cache_on' => FALSE,
'cachedir' => '',
'char_set' => 'utf8',
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
'failover' => array(),
'save_queries' => TRUE
);

Then your models should begin something like this:

class WidgetModel extends CI_Model
{
public function __construct()
{
parent::__construct();
// Load MS SQL connection
$this -> widgetdb = $this->load->database('mssql', true);
}

You can get some strange results using this driver. Mainly you’ll have to resort to explicit SQL queries. And certain things won’t work as expected – e.g. using “AS” to rename columns only works on calculated columns.

News: Samsung Galaxy S5 and S6 – IPsec Service consuming device space

I’m a fairly heavy user of apps on my mobile devices. I periodically review them, but it’s quite rare I discover an app that I can happily uninstall and live without. It’s not uncommon for me to have over a hundred apps installed, only one of which is a game. And I’m sure I’m not alone in this. It tells us, doesn’t it, what an invaluable tool the smart phone has become for life, work and play.

So initially when my phone (a Samsung Galaxy S5) told me I was running out of space, I wasn’t all that surprised. Time to review my app usage. Time to move some apps from device storage to SD. Time to clear out some on-device photos and videos. Which I duly did.

And then a few days later – running out of space again. Curious.

I chased it down to the IPsec service. Each time I freed up a bit more space, according to the app manager, IPsec Service expanded to fill the void. At the time of writing, it’s now consuming a wholly excessive 1.64GB – but as I’ve read around about this problem I see reports from Galaxy S6 users who have lost over 4GB to this service’s insatiable appetite. On a clean install by the way, it’s taking up 388KB.

IPsec service run amok

As best we can tell, it’s due to some kind of memory leak in the IPsec service. This afflicts Android 5.0 – and as luck would have it, a few weeks ago I finally relented and upgraded my S5 to Lollipop. And it will be some time before the fix, in 5.1.1 is rolled out by my carrier – that’s if they ever do get round to it. The S5 is so last year, darling.

So what’s the workaround? Well, I wish I could give you good news. I’ve come up with nothing. This has taken me to the point of saying the heck with the warranty, I’m going to root it and flash a different ROM. What with this and the recent StageFright scare, it almost makes me want to move over to the Dark Side and buy an iPhone. Almost!

If you’ve found a more satisfactory solution, do let us know in the comments. Meanwhile, I’ll be getting to grips with CF-Auto-Root and finally releasing my handset from the whims of manufacturers and carriers. Wish me luck!

Review: Aplus GV18 smart watch

Like many tech enthusiasts Dummy and I have been keeping an eye on the smart watch market for a while. As you will probably know, there a few large companies (with the Chinese snapping at their heels) searching for the holy grail of wearables: a beautiful wristpiece that is elegant, convenient, clever and durable. To achieve widespread adoption, it also needs to be affordable. Ah yes, there’s the rub.

I recently stumbled across a smart watch, sometimes called “Aplus”, sometimes “GV18”. It’s fresh out of China. And it bears more than a passing resemblance to the Apple Watch. And it’s a tenth the price. We bought it for £32.98, but we’ve since seen it for under thirty quid. Worth a look then.

First impressions:

Aplus GV18 smart watch 02

  • The watch doesn’t look quite as nice as the computer-generated photos on websites, but it’s still reasonably attractive, as smart watches go.
  • It’s big (13mm deep) and stands quite proud of the wrist.
  • The case has a captive screw on the back, which stands out by about 1.5mm. Not a huge problem, but it seems like a strange design choice because the screw is for looks only. The case pops off easily (too easily) and the hole the screw sits in is considerably larger than the diameter of the screw. So it turns freely.
  • The manual is poorly translated.
  • The watch comes with a screen protector pre-installed, which suggests the glass underneath will not be scratch-resistant.
  • The rubber strap is very comfortable.
  • Horribly irritating (loud) jingle when you first switch it on.

Timepiece

For me, the problem with most smart watches is the watch part. Sounds obvious doesn’t it. Really, what is the point of a watch that isn’t a very good watch? If I turn my wrist to check the time, but before I can see the time I have to press a button, that’s a retrograde step. That’s worse than analogue. And so it is with this watch. It’s an LCD display, not e-ink, and to keep the display lit permanently would be a huge battery drain. So you have to press the side button, to check the time.

Once you’ve done that, it’s not too bad. There’s a choice of three watch faces. One of these faces has a full dial of Roman numerals and is designed sympathetically with the rectangular case. I think it works. Of the other two, one is clumsy and the other is weird.

This slideshow requires JavaScript.

Interface

Oh dear it’s awful. To be honest, I think they probably all are, from all manufacturers. Anything that can’t be done with a press or a flick is a pain in the neck. Unless your fingers are like matchsticks, it’s hard to type letters with a high degree of accuracy on the software keyboard. It’s a little better with numbers, but still vaguely reminiscent of those calculator watches from the eighties. Is this really all the progress we’ve made in 30 years?

This slideshow requires JavaScript.

Apps

As far as I can tell, this is running a bespoke version of Android. There’s no app store, no access to Google Play. There are some bundled apps, but most of them are useless and half of them only work if you have inserted a SIM card. That alone is odd. The watch is designed to be paired with a smart phone. Why would you give it its own SIM card?

I wish I could tell you more about the apps, but most of them made no sense. The only real exceptions were the calculator and the camera. But both of those were such a fiddle to use, you’d be much more likely to reach for your phone. It has a pedometer, but it just doesn’t work.

Sync software

For the watch to talk to the phone, you have to install an app. The app is not the best. There are few settings. You can choose to ignore notifications from certain apps, but it’s a slow and laborious process choosing which apps you do and don’t want to hear from.

BT Notification

(Sorry about the poor screen grab by the way.)

If Bluetooth is switched off when you launch the notification app, you are greeted with the following informative message. Informative that is, if you can read Chinese.

Aplus Bluetooth notification

I deduced this meant you need Bluetooth to be switched on… With Bluetooth switched on, the app needs to be running in order for the watch to receive notifications. The app seems to die all on its own, without warning, and the only way you’ll know that is if notifications stop arriving on the watch.

Specifications

Headline specs when compared to the similar size 42mm Apple Watch

Spec Aplus GV18 Apple Watch 42mm
Screen 1.54″ capacitive 1.54″ capacitive
Battery 450mAh replaceable (though the battery in our unit was labelled 550mAh) 246mAh non-replaceable
Claimed battery life (talk time) 72 hours 3 hours
Thickness 12.3mm 12.6mm
Bluetooth 3.0 4.0 Low Energy
Processor 533MHz MTK6260A Apple S1
Storage 128M 8GB
MicroSD/TF slot Yes, 32GB max No
Pixels 240×240 390×312
Sensors accelerometer accelerometer, heart rate
GPS No Yes
Phone GSM/GPRS 850/900/1800/1900 (SIM slot) Yes
Charging Cable Inductive
Weight 50g 51g
Camera Yes, 1.3MP No
NFC Yes, built into strap Yes
USB port Micro USB No

Flaws

There are many.

  1. Convenience. Above all else, a watch should be two things: convenient and attractive. This is not convenient. If I glance at my wrist to see the time, I’m met with a blank screen. No “shake to wake”. You have to fumble for the button, which if like me you wear your watch on your left wrist, is quite awkward to reach.
  2. Volume control. There is no obvious volume control for notifications.
  3. Bluetooth music. You can stream music to your watch via Bluetooth. And listen to it on your watch’s tiny speaker. Which is probably inferior to the speaker in your phone. Which you’re streaming from (and which has to be within 10 metres, due to the limitations of Bluetooth). There’s no headphone socket. So what’s the point?
  4. Time synchronisation. When the watch first connects to the phone, it asks if you want to sync the time. Since I live in the UK, my phone is set to GMT with daylight saving time. On syncing with the phone, even though the watch is set to the same time zone it changes itself to Amsterdam and puts the clock out by an hour.
  5. Notifications. The pop up notifications are almost useless. They tell you for example that you’ve received an email, but there’s no way on the watch of seeing that email or even any context from the email. So you have to check your phone. So you may as well just check your phone, right?
  6. Notifications again. There’s an option to switch off the notification tone. It doesn’t work. So, like it or not, if you have pop up notifications, you’re also going to have an annoying beep. And there’s no way of changing that beep. Which brings me to my next point.
  7. Customisation. You can’t customise this watch – which is a huge loss. There are three watch faces (and two of them don’t suck too badly), but that’s all. You cannot add more. There are three themes for the menu/app system. Two of them are horrendous. The third is tolerable. You cannot add more. Oh, and apps? That deserves a bullet point of its own.
  8. Apps. As I mentioned before, other than the few bundled with the watch, there aren’t any. There’s no equivalent of the iTunes or Google Play app stores. So you’re stuck with these apps.
  9. Interface. You need fairly slender fingers to operate it – especially the software keyboard. Very hard to hit the right letter. And since there’s no voice control (see next bullet point), you’re stuck with touch/swipes.
  10. Voice control. There isn’t any. And this is, we think, going to be crucial in this technology market. Watch faces will always be smaller than phone screens. It’s essential that you have a usable and convenient way of controlling them. That means you need either an external interface (keyboard? your phone?), which sort of defeats the point, or voice activation. Or maybe, fast forward 20 years, a neural interface. This watch has neither, by the way.
  11. Style. In our opinion, the Moto 360 and the LG Watch Urbane are possibly the only smart watches right now that aren’t ugly. People will accept a certain level of aesthetic compromise in exchange for features (e.g. the massive “brick” phones of yesteryear), but not much. And with the 360 and Urbane on the market, all other smart watch manufacturers need to think long and hard about style.
  12. Reliability. Bluetooth keeps disconnecting and reconnecting – even when the phone and watch remain next to each other. Is this the phone’s fault? The watch’s? Who knows. But every time they reconnect, the watch prompts you whether or not you want to sync time (you don’t, see above!) and then spits out all the notifications currently unviewed on the phone. Which are then a bit of a pain to acknowledge/delete.
  13. Visibility. It’s really difficult to read the screen when outdoors. And when in strong sunlight, there’s no chance. There’s no brightness control, so there’s nothing you can do about this, other than shade the screen with your hand. And squint.
  14. Build quality. The back is not secured well (because the case screw does nothing, see above). It doesn’t seem to fit well on the back of the watch. It wouldn’t drop off while wearing the watch, but may at other times.

Strengths

  1. Style. Although it’s no Moto 360, it’s not as bad as some other watches available now. The brushed steel is nice.
  2. Comfort. The rubber strap is surprisingly comfortable. It’s a little on the heavy/chunky side, but you get used to it.
  3. Battery life. It lasted five days before needing a charge. How much this was to do with the fact it was essentially useless, I’m not sure (!) but it still knocks the spots off the Apple Watch in this particular department.

Conclusion

We have to give this watch some credit. For the price, it’s actually pretty incredible. It’s far less ugly than some of the competition and it does have a lot of functionality, even if it’s not especially well executed. We couldn’t help but think that in a world without smart phones, it would even be considered quite good. You could in theory load it up with a SIM card and use it as a watch, phone, calculator, contacts organiser and so on, without needing any other device. But this is a world with smart phones and when you compare it to any smart phone currently on the market, even the worst ones, this watch doesn’t compete at all well. And neither does it complement a phone, bringing no particular tricks to the party.

This slideshow requires JavaScript.

It was a bit of a conversation starter, while I wore it. A novelty. And if you don’t mind paying a little for a novelty item that you’ll quickly find tiresome, then by all means go ahead. But we couldn’t recommend it. We can’t even recommend the Apple Watch, and if Apple can’t get it right, who can?

[easyreview title=”Geek rating” icon=”geek” cat1title=”Ease of use” cat1detail=”Fiddly, fussy, idiosyncratic.” cat1rating=”1″ cat2title=”Features” cat2detail=”Lacking many essentials for a usable smart watch.” cat2rating=”1″ cat3title=”Value for money” cat3detail=”Very cheap, giving the (few) things it can do, but still not remotely worth buying.” cat3rating=”1.5″ cat4title=”Build Quality” cat4detail=”Mixed. Some good bits, some bad bits.” cat4rating=”2″ summary=”Don’t buy it, we beg you.”]

Review: 3-in-1 smartphone camera lens kit for Android, iPhone, iPad, etc.

3-in-1 mobile lens kit 07I own a Canon EOS 60D, which I bought second hand a couple of years ago. It’s a cracking camera and it was an absolute steal on the second hand market. But it’s not very portable. Not when you take into account the other things I stuff into my camera bag: my three main lenses, the filters, the remote shutter release, the lens hoods and so on.

Of course these days, many people carry a half-decent camera with them at all times, in their phones. These cameras aren’t very versatile, but they’re convenient because they’re almost always at hand. And because of this, there’s a healthy phone camera mod market. One of the leaders in this field is the Olloclip.

Olloclips are great. The trouble is, each Olloclip is designed for a particular phone (or small family of phones). So it’s not really transferable. And with prices in the order of £60, you can buy a pretty competent compact point-and-shoot for not much more than that. It’s clever, good quality, but not exactly a bargain. Not like today’s review kit at least.

3-in-1 mobile lens kit 01This 3-in-1 camera kit, like many other Chinese gadgets can be found for sale on a few shopping sites, under various different “brand names”. Our example was sold as a “Yarrashop”, but we suspect that’s just the current trade name of this particular seller. The kit arrived in an anonymous box, with no manufacturer claiming responsibility. And we think that’s a shame, because as we reckon you’ll agree, it’s rather extraordinary.

In the box, there are three lenses, a bag and a clip. The bag doubles as a lens cleaning cloth. The clip, with rubber pads, enables you to attach the lenses to virtually any mobile phone or tablet.

One of the lenses is a fisheye lens. The other two can be used in combination, to form a wide angle lens, or you can use the smaller component on its own as a macro lens. The lenses and the clip are all sturdy metal, with a solid feel. They can be purchased in different colours, but we went for silver, which we think suits this kind of equipment.

This slideshow requires JavaScript.

The clip attaches securely on the phone or tablet. You do have to position it carefully – this is hardest with the fisheye lens; with the other two, you can see the phone’s camera lens underneath – but once it’s situated, taking photographs is no harder than usual.

This slideshow requires JavaScript.

With the fisheye lens, the photograph appears as though within a circle cut out from black card, so the photo would need cropping afterwards. The wide angle lens – I’m not sure there’s that much use for it; there’s some barrel distortion at the edges and in any event, most smart phones can stitch shots together into a panorama, which would be far superior. The macro lens, well that’s a cracker. You have to be be very close to the subject, so you’d be unlikely to be able to use this on nervous insects. And you probably don’t have a tripod for your phone, so you need a reasonably steady hand. But in spite of all that, the effect of the lens is impressive.

Here are some example shots, taken with the lens attached to a Samsung Galaxy S5. Click through for the full resolution images.

This slideshow requires JavaScript.

As long as you don’t compare this with DSLR quality, this is not bad at all, right? But then we get to the punchline. These lenses, clip included, will set you back less than £7. That’s unbelievable Seven quid. No matter who I’ve shown this to, when I’ve told them the price they have been incredulous. I still can’t believe it, to be honest. But the truth is shown in my Amazon orders history and on my bank statement.

Under close inspection, there is some loss of clarity and marginally less light hitting the sensor. But if you’re starting out with a very good phone camera, this slight degradation is we think more than acceptable, especially given the increased versatility. A few shots more:

This slideshow requires JavaScript.

You’d think there has to be a catch, wouldn’t you. It’s hard to find one actually. Separating the wide angle lens from the macro lens is s bit fiddly – and counter-intuitive too because it’s reverse-threaded. But not too difficult. And it would be nice to have a case for the lenses – the bag doesn’t do much to protect them. But given the price, we’re really splitting hairs. I dug out an old cufflink case and that was perfect for the job.

I’d say to anyone who takes the slightest interest in phone-based photography – get this kit. You won’t regret it. It’s an absolute bargain, well made and practical. As this price, what do you have to lose?

[easyreview title=”Geek rating” icon=”geek” cat1title=”Ease of use” cat1detail=”Very slightly fiddly. But otherwise extremely simple.” cat1rating=”4.5″ cat2title=”Features” cat2detail=”The kit lacks only a case.” cat2rating=”4.5″ cat3title=”Value for money” cat3detail=”Phenomenal value for money at this price.” cat3rating=”5″ cat4title=”Build Quality” cat4detail=”Well made. I wouldn’t be surprised if the odd unit has burrs on the thread or seams, but I saw no evidence of that here. Not the best optics, unsurprisingly.” cat4rating=”3.5″ summary=”All in all, an outstanding kit. Great as a gift, stocking filler, whatever. Or treat yourself, without really any feeling of guilt. You’d spend more on a couple of pints of beer and you know what happens to that. ;-)”]

How-to: Laravel 5.1 tutorial; part 1 – installation

It’s been quite a while since we’ve posted anything about Laravel. We’re strictly hobbyist developers here and in web development it’s almost impossible to keep up with the rate of change unless you’re a full time developer (and even then, it’s not easy). This pace of change of course means trouble not only for small-time developers like us, but also for enterprise users who favour stability over bleeding-edge features.

So the recent announcement is timely, that Laravel 5.1 is the first version to offer long term support (LTS). LTS in this case means two years of bug fixes and three years of security updates (as opposed to six months and one year respectively for other releases). And for us, this means that although our version 4 tutorials quickly became obsolete, our version 5 tutorials should have a chance of remaining relevant for the next three years. So we hope this new series will be useful for you, our readers.

Without further ado, let’s dive in.

Prerequisites

These days there’s a phenomenal number of ways to get up and running with a server – Vagrant, Puppet, Chef, Ansible and so on. For the purposes of this tutorial I’m going to assume the most basic requirements:

  • Apache web server (other web servers will work, but we won’t explicitly deal with them)
  • Shell access to the server (preferably SSH)
  • Root access to install Composer globally (not essential)
  • Git must be installed in your environment.
  • PHP >= 5.5.9
  • OpenSSL PHP Extension (probably compiled in to your PHP installation – check with phpinfo();)
    OpenSSL
  • Mbstring PHP Extension
    MBString
  • Tokenizer PHP Extension
    Tokenizer

Install Composer

Composer is an integral part of Laravel these days. It’s used for managing dependencies – external libraries and the like, used by projects. It is also used to install Laravel. While logged in as root, to make Composer available globally, do:


curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin
ln -s /usr/local/bin/composer.phar /usr/local/bin/composer

The official Composer documentation suggests using mv composer.phar composer, but if you use a symbolic link instead, upgrading Composer is as simple as running curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin again.

Install Laravel

There are different ways of approaching this, but the approach I prefer (for its simplicity) is as follows. To install Laravel in the directory that will house your web project (e.g. if that’s under /var/www), enter:

composer create-project laravel/laravel /var/www/new.website.name

There will be a lot of activity in the console as all Laravel’s various components are installed. The new website directory contains a folder “public” and it’s to this you need to direct your web server. So for example, with Apache, create a new configuration file /etc/apache2/sites-available/new.website.name.conf:

<VirtualHost *:80>
ServerName new.website.name
DocumentRoot "/var/www/new.website.name/public"
<Directory "/var/www/new.website.name/public">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

Again, for Apache, enable the new website (e.g.):

a2ensite new.website.name

If you’re using a control panel (CPanel, Plesk, VirtualMin, etc.) your steps will vary. When you then browse to your new site, you should see something like this:

Laravel 5

Configuration

There’s lots you can configure, but here are some basics.

  • Make sure the storage and the bootstrap/cache directories are writeable by the web server. E.g.:
    chown -R www-data:www-data /var/www/new.website.name/storage
    chown -R www-data:www-data /var/www/new.website.name/bootstrap/cache
    find /var/www/new.website.name/storage -type f -exec chmod ug+rw {} \;
    find /var/www/new.website.name/storage -type d -exec chmod ug+rwx {} \;
    find /var/www/new.website.name/bootstrap/cache -type f -exec chmod ug+rw {} \;
    find /var/www/new.website.name/bootstrap/cache -type d -exec chmod ug+rwx {} \;
  • In config/app.php set your time zone (e.g.):
    'timezone' => 'Europe/London',
  • And locale (e.g.):
    'locale' => 'en_GB',

Pretty straightforward stuff really.

Review: Visionaire Vehicle Tracker and Monitoring

Having put hours and hours of work, not to mention thousands of pounds, into my Land Rover Defender, I was dismayed and concerned to learn it is now the most stolen car in the UK!

It seems the very design and nature of a Defender, the thing that makes it so attractive to the enthusiast, is the exact same quality¬†that now attracts some very well organised thieves. It’s¬†like a great big Meccano set.¬†It holds it’s value like no other vehicle and is soon going end of life. All that seems to have exacerbated the problem to a level where if you don’t take measures to protect your Land Rover, you might as well leave it in the street with the engine running.

If someone is coming to get your Defender it’s almost¬†certain they will have visited once before and will have a good idea of¬†what security you have fitted. They may even tamper with it in advance, to make subsequent theft easier. It’s simple to search the various UK forums for advice and security gear and¬†magic ‘theft proof’ devices are numerous and varied with devotees claiming theirs is¬†the one to have.

Here’s a little secret though: none of these precautions work. None of them make your car¬†theft-proof. At best they delay the thief a few minutes; at worst they give you a level of confidence wholly unjustified by the device. With bolt cutters or an angle grinder or if your Defender is very posh, a low loader, none of the devices are going to help you for long. The simple and sad fact is, if they want it, they are having it. So where does that leave you?

I think the concept of a vehicle tracker is relatively old news. I’d guess that you¬†would think them the domain of your supercar owners with expensive installation and yearly costs. As technology and communications have progressed however, that’s no longer the case.

It’s surprisingly simple and pretty damn cost effective and is largely based around mobile phone technology. I know there are many on the market but let me show you one that seems to tick all the boxes.

Land Rover TrackerI’ve installed the ¬£299 ¬†Visionaire system from Carrotech – a tiny GPS device with a mobile sim. What first attracted me was the low cost of purchase and very low cost of ongoing use, especially when compared to the popular skytag. But it was only when I started to play with the very user-friendly Internet interface that I realised the true power and convenience of this system.

Tracker rulesOnce installed (buried very deeply somewhere in your Defender’s soul, with its own backup power) the device monitors and records details of every journey you make. Using simple¬†drop down menu options you can then ask the device to advise you either by email or text if anything specific happens. The list is long but things like the battery¬†being disconnected, the car leaving your home address or even predetermined speeds being exceeded¬†can all be recorded and trigger an action. Email and GPS is the first avenue¬†for this messaging but if that fails for any reason then the system will text you details. All this for just ¬£72 a year! Yep just ¬£72. Rather pleasantly I found that when I told my Insurance Company I had this tracker ¬†installed my premium went down by ¬£25 so in theory to have my Defender monitored 24 hours a day, 365 days a year whether I’m in the country or not, it’s costing me ¬£47.

Tracker map for Land Rovers

For me the purpose is to recover my car if it were ever stolen but I can immediately see how you might want to install this in the car if you have kids who have just learnt to drive and want to ‘borrow daddy’s car’ for the evening! If that isn’t enough to have you ordering this brilliant little device already, wait until you see what else it does. It actively monitors where the car has been and overlays that on a combination of OS and/or satellite maps. The tracker software records it all and although I’m not sure how long the data is retained, I was able to check a route from a year ago quite easily – and see my average speed, how fast I drove at what time etc., etc. Okay, maybe that’s a little ‘big brother’ but still a feature I quite liked!

I’m sure I’ve only scratched the service of what the system can offer. Given the possible uses and¬†at an initial purchase price that’s not much more than the cost of a good service, can you afford not to fit a tracker?

I know various insurance companies are offering a similar feature. In¬†exchange for a cheaper insurance policy for young drivers, their driving style is monitored using a device like this. I’m not sure that I like the idea of some faceless corporation monitoring whether my darling daughters are tearing round the streets – but I’ll tell you what – Daddy sure would like to know!!

[easyreview title=”Dummy¬†rating” icon=”dummy” cat1title=”Ease of use” cat1detail=”Once it’s installed it’s all drop menu stuff. Simplicity itself.” cat1rating=”4″ cat2title=”Features” cat2detail=”I honestly can’t think of anything else I’d like it to record.” cat2rating=”5″ cat3title=”Value for money” cat3detail=”This is one of the cheapest trackers on the market and it’s worked faultlessly for 18 months.” cat3rating=”5″ cat4title=”Build Quality” cat4detail=”Tiny and designed to be buried in your car body. Feels very light and dare I say cheap but I’m not sure it need be anything else” cat4rating=”4.0″ summary=”I’m incredibly impressed with this tracker. Keep an eye on the kids, protect your cherished car. It will do either or both, brilliantly.”]

Review: Portable Bluetooth speakers for under £30; Tenvis vs. Elf vs. Bolse vs. Anker

So here’s a market that’s exploded in recent months: Bluetooth speakers. In particular portable Bluetooth speakers. Check it out – there are thousands of them on Amazon alone – and it’s the same on eBay.

Choosing something decent from that vast array of choices is no mean feat. We started out with a basic task: set four of the best sub-£30 speakers against each other, assess them as aesthetically and as scientifically as we can (not that scientific – we’re a Geek and a Dummy, not high-end audiophiles!) and come up with a winner. Not easy, as you’ll see!

The four contenders

Four Bluetooth speakersFor this review, we’ve picked four of the highest-rated speakers on the market for around £30 (at the time of review – these prices can be quite volatile). Starting clockwise from the top left of the picture, with prices at the time of our purchase, they are:

All four speakers have the following features in common:

  • Bluetooth (duh)
  • Microphone for hands-free voice calls
  • Aux-in socket, for playing music via cable
  • USB and audio cables included in the box

We’;; now look at the speakers in turn and see what each has to offer – or not – besides the basics.

Elf WS-701

Elf01Let’s start with the speaker that was (just) the cheapest of the four: “The Elf”. The Elf is a pretty anonymous black box. All these speakers have a matt rubberized finish; in the case of the Elf and its brother (more on that shortly), the finish is a little on the cheap side.

It has a full complement of six buttons: track skip (forwards/backwards), volume up/down, play/pause and call answer. This suits me far better than the minimalist single button approach. I don’t want to memorize how many seconds I need to hold a button or how many presses correspond to each particular action.

Pairing with my Android phone was simple and easy. The speaker confirms connection in an excessively loud female American voice saying “Connected”. Not very subtle when you’re trying to set up some quiet tunes in the morning. And there’s something about it that’s a little… cheesy.

Though we didn’t test this exhaustively, the speaker seemed to live up to the claimed charge time of 3-4 hours and playback time of 10-12. It was in that ballpark. And it was about the loudest speaker in this group test – we could turn this one up the most, before distortion crept in. Bluetooth range was pretty reasonable – about 15 metres before the connection started to drop.

All the speakers can be used as hands-free speaker phones, and this one was the best of the bunch. Good, clear call quality, and it handled the problems of two-way audio (avoiding feedback) very competently. I’m not sure that’s why people buy speakers like this, but in a pinch, you can use this as a conference phone with little difficulty.

The Elf was the heaviest and the cheapest (at the time of purchase) speaker in this group and of the four, it’s the one I kept personally. It didn’t have the widest frequency response, but it is more than adequate – good, in fact for the use I now put it to daily: music in the shower.

Incidentally, if you’re looking for this speaker, just use the “WS-701” search term – it’s currently available under a different brand name, “Coppertech”.

This slideshow requires JavaScript.

Bolse SZ-801

Bolse01It’s fair to say that Chinese technology companies aren’t renowned for respecting the intellectual property rights of other companies. I mean, “Bolse”. Come on guys. Next you’ll be calling yourselves “Microsloft”.

After the slightly comical name, the next thing you notice about this speaker is how similar it is to the Elf. Virtually identical in appearance, in fact. The model names are similar too – “WS-701” vs. “SZ-801”. In fact, the only major difference between this speaker and the slightly cheaper Elf, is that the Bolse has NFC, which we’ll come to in a second.

Here at Geek & Dummy, we don’t pretend to be technology insiders. We really are just a regular Geek and a regular Dummy. So we’re just going to conclude what everyone else knows is blatantly obvious: the two speakers came out of the same factory. The Bolse is a later or upgraded version of the Elf. Who knows if “Bolse” and “Elf” even exist as trading entities.

Given their similarity (the grille pattern is very slightly different), you’ll not be surprised to read that they fared almost identically in our tests. I found the NFC to be little more than a gimmick. Place your NFC-equipped Android phone (sorry, no iLove here, apparently!) and Bluetooth is automatically switched on and the phone and speaker automatically paired. Given that pairing and switching on Bluetooth aren’t exactly onerous tasks, I’m not sure I’d say this feature is worth the extra £5 you pay for it.

Again, in comparison to the Elf, playback time is down to 8-10 hours (from 10-12). The box claims it is a more powerful speaker (12W RMS vs. 10W) but in our tests, it distorted earlier than the Elf, indicating slightly poorer speaker construction. And hands-free call quality wasn’t bad, but slightly worse than the Elf, sounding “fuzzy” on the other end of the call.

The Bolse comes with a horrible drawstring bag, that you probably wouldn’t want to use for storage. The included audio cable is a little better than that included with the Elf.

In short, when placing the Elf WS-701 alongside the Bolse SZ-801, we’d only choose the Bolse if it were the same price as the Elf.

This slideshow requires JavaScript.

Tecevo T4 Soundbox

Tecevo01This is the lightest of the four speakers on test, weighing in at just 270g. It has just three buttons (forward. back and pause/play/answer). In our opinion, it’s the ugliest speaker on offer here today and it has the poorest battery of the set, at just 800mAh.

The Tecevo does have a few unique tricks up its sleeve though. First, it does come in other colours than black. Second, it has phenomenal Bluetooth range: 90 feet (27 metres) – by far the best range of any of these speakers. This far exceeds the typical range of Bluetooth devices.

And finally, which is perhaps most interesting, the Tecevo has an audio output socket (n addition to the input socket). This doesn’t mean you can daisy-chain speakers – the sound cuts out when you plug a lead into the output socket), but it does mean you can effectively use this speaker to Bluetooth-enable any other music system. Connect it to your ancient-but-good hifi, and stream tunes from your phone. Nice. Make sure it’s plugged into a USB charger though – the battery will give up the ghost before any of the competition.

Not that it matters much, but you wouldn’t want to use this speaker as a hands-free device. Calls sound like you’re in a tunnel, with lots of echo.

This slideshow requires JavaScript.

Anker MP141

Anker01This just leaves the Anker. Anker is making a good fist of emerging as a credible purveyor of gadgets, in a very crowded marketplace. We’ve seen a few items from Anker now, and they do stand out in the crowd: manuals that read like the writer does actually speak English, well-packaged, well-finished and with good warranties. The warranty on this speaker for example, is 18 months, which is not bad at all.

The Anker is a different form factor to the others. It’s square, rather than rectangular and houses a single large speaker, rather than the twin speakers in the others. It’s reassuringly chunky and the soft touch rubber finish has the highest quality feel of the speakers in this group.

The Anker has the longest claimed playback time, at 15-20 hours. We can well believe it, given it has the largest capacity battery (2100mAh) and takes the longest to charge (5 hours). The larger battery contributes to the general feeling of solidity. Without doubt it stands out for the quality of its construction.

It’s the most up to date speaker too, following version 4.0 of the Bluetooth specification. It suffers with range though, dropping out at just 10 metres (33 feet). It not the loudest either, and its bass response, though adequate, isn’t quite as good as the others. It’s also not great as a hands-free speaker.

This slideshow requires JavaScript.

Conclusion

So, which would we choose? If quality and aesthetics are most important to you, the Anker is the superior choice. But for us, the Elf is the clear winner, with its all-round abilities. And for a speaker this size, the sound quality is more than adequate. For sure, it’s no Bose, but then it’s a fraction of the price. And you wouldn’t want to take your expensive Bose into the bathroom with you – whereas with this, no problem. And helpfully, at the time we purchased, it was the cheapest of them all. Job done: buy the Elf (a.k.a. Coppertech).

Elf05

If you’re interested in all the data we captured and used for this review, here’s a spreadsheet you might enjoy. For the Geeks among us. ūüôā