Wikipedia:Reference desk/Archives/Computing/2011 May 24

= May 24 =

Free Offline map software
Google maps and Open Street Map are great online tools. But say I am going to have a laptop out in the field, but no internet connection, what are my options? I see you can download open map data, but I'm not sure where to go from there. I am looking to have an New Orleans area street map that I can use offline. Any ideas? Thanks! -Andrew c [talk] 02:43, 24 May 2011 (UTC)
 * I'm pretty sure OpenStreetMap is often used by those with GPS devices etc and this isn't surprising since it was clearly designed and licenced to be a product people can use in such circumstances rather then just an online map. Our own article mentions a ton of software including for desktop OSes and some with the specific mention of offline (although likely a bunch fo software there has offline support even if it isn't mentioned). probably has more Nil Einne (talk) 05:39, 24 May 2011 (UTC)
 * Well those lists of programs are a bit overwhelming, and some seem fairly advanced with command line stuff. I've tried two. One couldn't load downloaded map data (or I was doing something wrong) and one didn't appear to be offline (as the map stop loading and zooming when I unplugged the cable). So I was hoping a specific program could be recommended, or one that has a good tutorial or something like that. I appreciate your response though. Thanks for your time. -Andrew c [talk] 14:39, 24 May 2011 (UTC)
 * Some of these applications also would need a lot of disk space. (some time ago i tried one (mobile atlas creator (probably)) and for ~25x30km area, data set downoladed from google maps (up to highest detail level) was ~2GB. This program was designed for making offline maps to load into smartphones and similar devices, it also got banned from OSM, because of too much traffic. It should be useable on laptop as well. -Yyy (talk) 12:04, 25 May 2011 (UTC)

Simplest possible internet multi-player game
Would it be possible to communicate between two or more computers, via the Internet, to play games written in either C or Fortran ? For a basic example, let's say it's a tic-tac-toe game, and all that we need to pass back and forth is the moves. How could this be done ? StuRat (talk) 06:21, 24 May 2011 (UTC)


 * Absolutely! Both of those languages have libraries that would allow them to communicate with each other on the Internet.
 * Explaining how is such a broad question that it's difficult to know where to start. But Basically the simplest thing to do would be to have each user input the other's IP address, and choose to be either X or O. Then After PlayerX placed his X the program would send a TCP/IP packet containing the location of that X. The other program would be waiting for that packet and would display the X on the game-board shown to playerO.  Then the process repeats in the other direction. A game that simple, each copy of the program could independently check for the end-game, or it could be decided that ProgramO's copy is in charge of doing that and sending a message to the other one.
 * It obviously can get a lot more complicated than this. (I believe that Quake was written largely in C.)  APL (talk) 07:13, 24 May 2011 (UTC)


 * OK, I would actually like to do this, in Fortran. What library functions would allow me to do so ?  How are things like dynamic I/P addresses and LANs, at one or both ends, handled ? StuRat (talk) 08:36, 24 May 2011 (UTC)


 * If you Google "Fortran TCP/IP" you'll get lots and lots of examples of how to open TCP/IP sockets. For dynamic IPs, you'll need more clever programming, perhaps even a game server with a static IP that can sit in the middle of your two players and coordinate their plays. --Mr.98 (talk) 12:12, 24 May 2011 (UTC)


 * I tried, and found a suggestion to use the netstat command ("nc"), but my Windows XP Command Prompt doesn't even recognize "rc". Do I need to do something to enable it ?  Wouldn't this also be a problem at the other end ? StuRat (talk) 17:12, 24 May 2011 (UTC)


 * QuakeC may be of interest here. Dismas |(talk) 07:49, 24 May 2011 (UTC)


 * In practice, you don't even need to use the Internet, or even a local network, to make this work. You can start by programming the game using 2 copies of the same .exe on the same computer, with 127.0.0.1 as the IP address.  You could make the first copy listen on a particular port, and the program try to send a packet to that port.  If it gets a response, it knows it's already running.--Phil Holmes (talk) 08:09, 24 May 2011 (UTC)


 * Are you talking about ways to locally test such a program before doing a full Internet test to another computer ? StuRat (talk) 08:38, 24 May 2011 (UTC)


 * That is what 127.0.0.1 achieves, Can a TCP/IP session connect to its own port though? It should work of you send and receive from different ports numbers. Graeme Bartlett (talk) 09:54, 24 May 2011 (UTC)


 * I wrote you a little single-player networked (client-server) game (mostly for my own amusement, I confess). It's in Python, but all the socket calls would be the same in C (I just can't be bothered with all extra typing).


 * You'd connect to that with a telnet client (in e.g. port 7777). Turning that into a multi-player game isn't very hard - multi-player client-server games are much the same as single-player, except with multiple concurrent connections and with a shared, persistent world state (in this trivial case, answer and remaining are the world state). -- Finlay McWalter ☻ Talk 12:32, 24 May 2011 (UTC)


 * I have taught socket programming many times - always required in network class. The first assignment is always a ping-pong assignment. I write a socket server that, if you connect to it, will automatically send the message "ping" to you. If you respond with "pong", it will send "ping" back again. Anything else causes it to disconnect. If done correctly, you should get a flood of ping-pong messages going back and forth. Then, the students have to write their own pong server and have their ping client talk to it. Then, they have to write a single program that listens with pongs and also has the ability to ping. Finally, we replace the ping-pong with messages that the user types. So, two people can get copies of the program. Once connects to the other. Then, they can chat back and forth. The students like it because it is a slow step by step method of learning to program with sockets. Further, when I had to do it in Java, we added secure sockets instead of normal sockets and had encrypted ping-pongs going back and forth. -- k a i n a w &trade; 17:22, 24 May 2011 (UTC)


 * Sounds good, can I see some sample code ? StuRat (talk) 17:34, 24 May 2011 (UTC)


 * I know that this has code because I've worked on it. -- k a i n a w &trade; 18:36, 24 May 2011 (UTC)

HTTP approach
Perhaps I could avoid all this nastiness of ports/sockets and (possibly dynamic) I/P addresses by having the Fortran programs on each computer read and write to the same web page. Has this been done ? StuRat (talk) 17:34, 24 May 2011 (UTC)


 * By "write" I guess you mean "http POST to some amenable server", which means you still need to write a web server. You could use some pre-made amenable server like webdav, but the problem remains that  you have to resolve a consistent  world state from a bunch of untrustworthy asynchronous events which arrive at annoying times and risk undoing the  changes other clients have made. That's exactly the problem you have to manually solve every time you get a Wikipedia edit conflict. A proper server-resident game model with a single consistent world view is the easy way to fly, for all but trivial or very very cooperative clients. -- Finlay McWalter ☻ Talk 17:42, 24 May 2011 (UTC)


 * Let's say, in the tic-tac-toe example, that I wanted to communicate with another instance of the program (on a remote computer) by having two web pages (for a test, I could set up two pages under my user name here at Wikipedia). My instance would write my moves to one page, and their instance would write their moves to the other page.  Each instance would then read the moves from the other web page.  This seems like it would work, with a few issues:


 * 1) If the page was in Wikipedia, then anyone theoretically could edit it, and thus disrupt the game. This seems quite unlikely, though.  If it became a problem, perhaps a site which only allows one person to edit a page (the owner), but allows many to view it, might work, like using two Facebook pages.


 * 2) This might not be very efficient, as presumably the pages would need to be constantly scanned for new posts. However, I would think it might be "good enough", especially for a game requiring as little back-and-forth communication as tic-tac-toe.


 * So, how could I actually do this from Fortran ? StuRat (talk) 18:45, 24 May 2011 (UTC)


 * You'd have to open up a socket to read port 80 to read the pages. So, you'd be doing socket programming. As for writing the pages, that is harder. You have to create a page, open a socket (FTP perhaps) and send the edited page. So, more socket programming. It would be much easier to have the programs talk via sockets to one another directly instead of mucking about with a third computer. -- <font color='#ff0000'>k <font color='#cc0033'>a <font color='#990066'>i <font color='#660099'>n <font color='#3300cc'>a <font color='#0000ff'>w &trade; 18:56, 24 May 2011 (UTC)


 * Isn't that code already written somewhere, to read from and write to a web page, with all that socket manipulation handled internally ? I would hope that APIs would be available that could be called from Fortran, to read and write web pages.  Let me open another section with that as the question StuRat (talk) 19:06, 24 May 2011 (UTC)

UPDATE: I've written this program, using PyWikipedia to write to the web pages, and cURL to read from them. It works, although the write to web pages is rather slow, averaging maybe 20 seconds per write. I'm going to post a new question to try to resolve this issue. StuRat (talk) 16:51, 29 May 2011 (UTC)

Celestia
I was messing around with Celestia version 1.6.0 on Windows XP, and something appears wrong with Daphnis (S/2005 S 1), a satellite of Saturn. Daphnis appears to cut through one of Saturn's rings, which I'm pretty sure it doesn't. What's going on? Is it a bug? Lanthanum-138 (talk) 07:06, 24 May 2011 (UTC)


 * I would guess that some type of image post-processing was only done on a portion of the pic, which should have been done on the entire pic, but was interrupted. StuRat (talk) 08:34, 24 May 2011 (UTC)
 * Our article says it does orbit in the ring plane in the Keeler Gap, so perhaps this gap is represented as being filled in in this software. Graeme Bartlett (talk) 09:50, 24 May 2011 (UTC)
 * I believe that is an artifact of the way Celestia draws planetary rings. On my Celestia installation, Saturn's rings are drawn using the file C:\Program Files\Celestia\textures\lores\saturn-rings.png, a 1024x2 pixel image representing a thin radial strip across the rings (covering approximately 73,000 km).  The parts of this image that represesnt gaps are rarely completely black, suggesting that gaps are rarely completely empty, or that the image lacks sufficient resolution to show features like the Keeler Gap with any accuracy.  Things are further complicated by Celestia simulating scattering when the rings are backlit.  Therefore, at some viewing angles, the Keeler Gap appears to be filled by a thin grey sheet.  If you zoom out a bit while still centred on Daphnis, and move your viewing angle around you can see various effects including the moon seeming to hang free of the rings, or to be thoroughly embedded in the ring material like in your image.  Astronaut (talk) 00:03, 26 May 2011 (UTC)

Eye-Track Mind Reader
How the hell does this work? It worked for me but does it work for everyone?--Shantavira|feed me 07:16, 24 May 2011 (UTC)


 * Presumably they just picked a common name so a fair portion of the people would be freaked out by it. StuRat (talk) 08:32, 24 May 2011 (UTC)


 * ...and those that are not feel compelled to forward to any friend called John. That's a relief.--Shantavira|feed me 09:19, 24 May 2011 (UTC)
 * My name's not John, so it didn't work for me...... :( I watched it three or four times, and it still didn't get my name right..... -- <font face="Freestyle Script" color="blue">KägeTorä - (影虎) (TALK) 13:04, 24 May 2011 (UTC)


 * Note that the book is presumably about how humans are trained to see patterns when there aren't. If you name is John it looks pretty dang creepy. But the vast majority of people who view that video probably won't be named John, and it won't mean anything to them. (I'm not named John, yet it still says John.) The trick is assuming there is anything clairvoyant about it in the first place, rather than just a very simple trick (John is a common name). --Mr.98 (talk) 01:14, 27 May 2011 (UTC)

Command to list all available shells
There is a command which directly lists all available shells in Linux/Mac OS X. I can't remember it right now. Can anybody help out? Thanks - DSachan (talk) 09:04, 24 May 2011 (UTC)
 * will list all the shells that are acceptable to chsh (change shell). CS Miller (talk) 09:10, 24 May 2011 (UTC)
 * Thanks, it works. - DSachan (talk) 09:17, 24 May 2011 (UTC)

Office Word 2007 Problem
A client emailed a document to me today. The doc was in Word 2003 format. Normally, I have no problem opening docs in Word 2003 format, but for some reason, this one opened up as a single blank page, yet giving me the character count of 9,000+ characters. Also, I noticed that the icon of the document (on my desktop) looks more like the icon of an .xml or .rtf file, and not the usual Word 2003 icon. I don't know if the inability to display the icon, and the inability to display the contents within Word 2007 are related or not, as I am able to display other Word 2003 documents with no trouble. However, these Word 2003 docs also have this .xml/.rtf icon. Maybe I have two seperate issues here, or maybe not. In any case, can anyone help? Cheers. -- <font face="Freestyle Script" color="blue">KägeTorä - (影虎) (TALK) 12:37, 24 May 2011 (UTC)
 * I would try opening the document in a plain-text editor such as Notepad to see what it "really" looks like. AndrewWTaylor (talk) 14:46, 24 May 2011 (UTC)
 * Well, the fact is, the file is in Japanese, and my Notepad doesn't support it. Plus, there are lots of illustrations and tables in .png format. The client has sent me a 2007-ready version, so it's not a massive problem, but anyway, my original questions still stand. Thanks anyway. -- <font face="Freestyle Script" color="blue">KägeTorä - (影虎) (TALK) 15:38, 24 May 2011 (UTC)


 * What is the actual file extension on the troubling file? Is it a .doc file?  Comet Tuttle (talk) 17:22, 25 May 2011 (UTC)


 * It is indeed .doc - I am concerned more with the fact that all of my files with the .doc extension are not appearing with the usual square Word icon. I am wondering if this has anything to do with my disabling the Windows Live Add-In (by renaming the .dll - I was getting an error every time I closed Word - without fail - telling me that Windows Live Add-In had stopped working). -- <font face="Freestyle Script" color="blue">KägeTorä - (影虎) (TALK) 10:03, 26 May 2011 (UTC)

Capturing 802.11 traffic
Could it be that some wlan cards are not able to? (even if they have monitor mode). 80.26.37.77 (talk) 12:40, 24 May 2011 (UTC)


 * Some wlan cards don't implement promiscuous mode. I have at least one that reports nothing if placed in promiscuous mode, but for which Wireshark can trace local traffic (but then that doesn't really need the card's help, only the network stack's). From Wireshark's FAQ here: "some network interfaces might not support promiscuous mode, and some drivers might not allow promiscuous mode to be turned on" -- Finlay McWalter ☻ Talk 12:49, 24 May 2011 (UTC)


 * I suspect that you save a considerable amount of power by not operating in promiscuous mode; only a very minimal front-end parser must be active, and discards all traffic that isn't addressed to your machine. That way, your wireless system doesn't waste any energy processing "junk mail."  Most users aren't going to packet-sniff, so sacrificing that capability to save battery life is a reasonable engineering-tradeoff.  If you have a particular need to analyze network traffic, you should invest in specific network hardware and a corresponding software stack that allows you to configure such low-level details.  Nimur (talk) 14:51, 24 May 2011 (UTC)

Image background from white becomes black
Hi, images with a white or checkerd background, such as this one, when copied and pasted on a programme, like MS paint or MS powerpoint, come out with a completely black background, and I can't find a way to change it. Is there a reason it does it, and how do you change it? p.s. I'm using the images in accordance to the trademark policy, for a small PowerPoint presentation. --Amendola90 (talk) 15:09, 24 May 2011 (UTC)


 * That image doesn't have a white or chequered background, it has a transparent background. So, in a program that properly supports the Portable Network Graphics format, it will show whatever is underneath. If that's the case, you can put a solid white box behind it (with say Powerpoint's drawing tools) and then position it on top. I'd be a bit concerned that a given program doesn't properly support PNG transparency, however.  Older versions of Microsoft's IE browser didn't (but later ones do). I don't know about Paint or Powerpoint, and I rather suspect it'll depend on you using an up-to-date version of them. -- Finlay McWalter ☻ Talk 15:12, 24 May 2011 (UTC)


 * (ec) You're having trouble with image transparency. Those "checkered backgrounds" are not part of the image; they are a utility image that Wikipedia's software adds in the background so you can see which parts of the image should be transparent.  Old versions of MS Paint and Powerpoint do not support transparency in images at all.  If you want to remove the transparency and replace it with an opaque (e.g., white) background, you need a more capable image editor (such as the free software image editor, GIMP).  In fact, there is even a how-to tutorial if you need help.  You might also want to have a read at the Powerpoint image-transparency help section; depending on the complexity of the image, you may be able to fix this in Powerpoint.  Nimur (talk) 15:17, 24 May 2011 (UTC)


 * (ec) You see a chequerboard on that page, incidentally, only because MediaWiki puts a chequerboard graphic into the background of that object,so that the transparent parts of GIFs and PNGs are evident. That graphic (unrepeated) is here. The chequerboard is a fairly common device used to show a generic background in such circumstances; graphics programs like Gimp do likewise. -- Finlay McWalter ☻ Talk 15:18, 24 May 2011 (UTC)

For removing the transparency I'd recommend using paint.net, which is similar to mspaint, free, and easy to use. Load the image into paint.net, fill the transparent areas with a color, and then copy the image back to mspaint / powerpoint AvrillirvA (talk) 15:22, 24 May 2011 (UTC)


 * If by "fill the transparent areas with a color" you mean the bucket tool (which does a flood fill) then I definitely wouldn't do that - flood fill has issues with tight angles, can't reach islands of background, and makes arbitrary decisions with semi-transparent edges. Instead create blank image of the same size, fill that will the desired colour, and then paste the transparent image.  Paint.net is indeed a good program (it's a sensible replacement for MS Paint in I think all circumstances). -- Finlay McWalter ☻ Talk 15:29, 24 May 2011 (UTC)


 * Thanks, I downloaded paint.net, and the image now has a white background. --Amendola90 (talk) 15:37, 24 May 2011 (UTC)

License type of magazine code listings?
Many computer magazines used to contain program snippets (and sometimes even entire programs) within their pages. Yet very rarely was any sort of license specified. Could that code be assumed to be in the public domain? Would, say, including some of that code in a library and redistributing it be kosher? -- noosph e re 15:15, 24 May 2011 (UTC)
 * There's no reason to assume such content is in the public domain. You should check the license provided by each particular magazine and/or article.  If a license or other terms of use are not explicitly stated, you shouldn't assume anything about the code.  Inclusion of "code excerpts" is a very fuzzy legal area.  Inclusion of code snippets that are licensed under the GNU General Public License, for example, requires that your entire program is licensed under a GPL-compatible license; and this has been upheld in court cases; but, gray areas arise when the "snippets" are so heavily modified as to be difficult to prove origin.  So, proceed cautiously, as inclusion of other authors' code may expose you to liability.  Nimur (talk) 15:32, 24 May 2011 (UTC)
 * This is interesting. Back when I used to actually type in programs listed in MikroBitti, I thought they were basically in the public domain. The author already had his/her name in the magazine and had been paid a token amount (in the order of 100 Finnish markka), which I thought was compensation enough. It's what I would have been content with, had any of my programs been accepted by the magazine. Of course the situation then is different from what it is now - programs today are vastly more complex. The system I am working on in my company is probably in the order of several million lines of code. <font color="#CC0000">J <font color="#00CC00">I <font color="#0000CC">P &#124; Talk 18:31, 24 May 2011 (UTC)
 * If the magazine had wanted you to put your code in to the public domain, I presume they would have asked. Most likely they are content with a license which allows them to publish the code when and where they want (which is implicit in you sending in the code to a place where you know it will be published). What people do with it downstream is up to those people and none of their concern. I can definitely imagine plenty of people would be happy for their content to appear in a magazine they sent it to, but not a commercial complation of code by some other source (e.g. a book), used in unrelated commercial products or whatever without their permission. Note that in a number of countries including the US, it's not actually clear if people can release content in to the public domain or in some it doesn't appear they can. See Granting work into the public domain Nil Einne (talk) 19:10, 24 May 2011 (UTC)

Commercial distributed computing like SETI@home
Are there any companies with distributed computing networks like SETI@home or BOINC, but which pay people for their spare CPU cycles and then resell those cycles? -- noosph e re 15:22, 24 May 2011 (UTC)
 * I don't know. But since nobody has answered yet, I'll mention that you might be interested in Bitcoin, which is a distributed currency scheme in which you can use your CPU cycles to 'mine' bitcoins, which have commercial value. SemanticMantis (talk) 13:42, 25 May 2011 (UTC)

Sharing Vista & Win7
I have two laptops that I have set up sharing with. I have created a new Workgroup (with its own name) and the two laptops have no problem connecting to each other. Seriously - it's seamless. So seamless, in fact, that I don't even appear to need a password, despite having checked 'Password protected sharing' on both computers. Could this be to do with the fact that my username and password on each computer is the same? In any case, I want to make it so that nobody else can access either computer. Is it possible to password protect the Workgroup itself, so that no-one can get on the workgroup and access the computers? Or would it still be possible to access the computers without being on the workgroup? -- <font face="Freestyle Script" color="blue">KägeTorä - (影虎) (TALK) 15:42, 24 May 2011 (UTC)
 * Workgroups are meant to make sharing easy, but they don't always work seamlessly (especially between Windows versions), so consider yourself lucky in a way. Make sure you remove 'Everyone' from the share. Disable the guest account. Also remove all accounts (Control Panel|Users) except those with administrator access and make sure each one has its own password. You can of course add extra protection via Windows Firewall, but you have to know what you're doing there or other programs might stop working and you wouldn't know why. You can also enable profiles in Active Directory but this, again, could cause more pain than it's worth if you don't understand AD well. Sandman30s (talk) 09:23, 25 May 2011 (UTC)
 * You're correct, a workgroup will automatically allow access between user files if the username and password are identical. There is no way to password-protect (or otherwise stop) a computer from joining a workgroup. The only similar security on that level is to use a domain instead of a workgroup, but this is far too techy a solution for the average user. With most default setups in Windows, another PC on your network will be able to see your computers, even if it's in a different workgroup.
 * Note that Internet PCs are already separated from your local network, so no extra precaution is needed. The only way another PC can see or access your home network is if they are attached to your router, either physically or wirelessly. Barring concerns from other people in your household, a good strong WiFi password will serve you well. <sup style="color:red;">Avic <sub style="color:blue;">ennasis  @ 11:47, 24 Iyar 5771 / 28 May 2011 (UTC)

Windows XP Command Prompt questions
1) Can I change the font (including size) with a command line (versus through the menu) ?

2) Can I have more than just two colors (foreground and background) on the screen at once ? I seem to recall using escape characters in the PROMPT command to change the color scheme for each letter, but I might be thinking of UNIX. StuRat (talk) 19:20, 24 May 2011 (UTC)


 * ANSI escape codes are (or used to be) the way to do the colours in DOS. I'm not sure about font size. AndrewWTaylor (talk) 08:20, 25 May 2011 (UTC)


 * Here's what you can do to the console. The color-changing functions have been in Win32 from the beginning, but  was only added in Vista. The console does not recognize any escape characters, but there may be software out there that will translate escape sequences into calls to the console functions, like ANSI.SYS on DOS. You can also use a Unix-style terminal like MinTTY, which understands escape codes but not console functions. Unfortunately, Windows console programs are not designed to run on a Unix-style TTY, and won't necessarily work very well that way. -- BenRG (talk) 17:51, 25 May 2011 (UTC)

Thanks. So, it looks like I'm out of luck on both items, right ? StuRat (talk) 06:01, 27 May 2011 (UTC)
 * The answer to both of your original questions is yes. You just need programs that make the appropriate API calls, then you can invoke them from the command line. I don't know whether cmd.exe has support for color changes in the PROMPT, but TCC/LE, which is a freeware drop-in replacement for cmd.exe, does (using ANSI.SYS-like escape sequences that are interpreted by TCC/LE itself). -- BenRG (talk) 06:43, 29 May 2011 (UTC)

taking over a production environment
the architect of a production environment I will be taking over is going to leave abruptly; what should I ask them to write up for me? I'm looking for good questions, a good way to phrase something evocative that they might otherwise not think to include (but which is important)? Thanks. 188.156.250.194 (talk) 19:40, 24 May 2011 (UTC)


 * Can you give us more info, like what they produce ? StuRat (talk) 20:24, 24 May 2011 (UTC)


 * Sorry, I mean production servers. It's a web site-based service. 79.122.109.174 (talk) 22:40, 24 May 2011 (UTC)


 * And what service(s) do they provide ? StuRat (talk) 23:04, 24 May 2011 (UTC)


 * At an operational level, you need to know every password and security question, or know where or with whom that is kept - this can be difficult, as people forget they have passwords for stuff like domain registries, routers, and switches that they don't touch much. You need to know where from and to whom every bill, and every billing communication, and every technical communication, goes - so you don't get caught out when some service provider sends a billing email to a dead account and then turns off a neglected but vital service.  You need documents that show where every piece of equipment is logically and physically (and then you go to the rack and see what's really there) and the serial and model numbers of everything, and the installed options and software versions of everything (so you don't get caught out when the system fails over but the failover router has less memory or a different uplink card to the production one). And someone needs to match that against the asset register, so if you need to move stuff to a different physical environment (like a different CoLo) you don't get surprised that the routers or the UPSs belong to someone else and can't be moved.  You need a comprehensive failover/failback plan, showing all the possible failure modalities and how they're addressed, and you need to see a similarly comprehensive test plan that shows they've actually performed those failovers to show things really do survive, and that normal operation can then be resumed afterwards. You need comprehensive documentation of the network topology, the database schema, and all the file and data formats.  You need to the footprint of security exposures (what's exposed publicly, what a compromise on machine X means for machine Y or network Z) - you can't remove all of this, but you need to be able to justify what is exposed. And you need to be able to delineate where untrusted data becomes trusted and enumerate (and so be able to check) all the locations in the system where that happens. You need to know a lot about how the system should handle load, how it actually does, and what tests they have in place to show it actually does. In the same vein, you need a scaling plan to show what you'd change if you needed to scale over a few months to handle more load, and what you'd be able to do about a DDoS in the short term.   I'd expect that you'll get a lot of replies that say "that's engineering's job", "that's ops' job", "that's service-provider-X's job", but if you then go talk to them they all think it isn't, or they have a view of their role that's smaller than you'd been led to believe.  Lastly,you need to get the departing guy to say what he'd change if he had six months and a bunch of resources - existing systems have a bunch of baked-in assumptions that should be fixed, and some that are obscure but vital - as the new person you need to know whether some weird thing you find is really important or an artefact of old circumstances that don't apply any more.  As the new person you get six months or so of "blame Joe" time, when you can strongarm management into making changes (and spending money) that you claim the previous guy should have done. -- Finlay McWalter ☻ Talk 09:10, 25 May 2011 (UTC)


 * Has this architect announced that they are leaving, or are they being fired? And how long do you have before they're gone?  Finlay's list is good, but could take quite some time to do and depending on the architect's personality, they may be considerably less helpful if your are firing them.  Astronaut (talk) 23:08, 25 May 2011 (UTC)

Establishing a local subnet within a large organization
I work at a specialised hospital laboratory. The IT department is outsourced, and is focused mainly on streamlining the PCs for the clinical departments. The lab has a lot of instruments for various analyses, and the instruments come with PCs from the instrument manufacturers. These PCs tend to be rather fussy about automatic windows updates, and in some instances there have been conflicts with the antivirus software that is mandatory on PCs connected to the hospital network. There is AFAIK no policy for connecting external PCs to the hospital network (except that it, in general, is not allowed). In the past, problems have been solved on a case-to-case basis, with a lot of improvisation and tweaking of the rules. Due to recent reorganisations, the service level of the IT dept is now abysmal, the sequrity requirements are higher than ever, and getting new instruments connected is close to impossible.

I am considering proposing that we establish a sub-net for such instruments at the lab, with a local PC with two network cards forming the connection with the hospital network. I am asking you refdeskers for advice about exactly how to accomplish this, in a manner that limits the responsibility of the IT-dept to maintaining the "bridge" PC, and that we at the lab manage the subnet ourselves.

The hospital network is in the 10.*.*.* range, and uses uses PCs that run Microsoft Windows XP (service pack 3). The PCs on the proposed subnet are somewhat heterogeneous, but most run some version of Windows XP, some run Windows 7. I believe that the IT department will be most comfortable maintaining a Windows XP PC. Let's say the subnet is in the 192.168.* * range. The bridging PC must somehow be able to present selected directories from the hospital subnet, with read and write access, to allow communication with the laboratory information system. Is it possible to have the bridging PC translate the IP addresses, such that they when viewed from within the subnet appear to be in the 192.168.*.* range? Is it necessary? What are the security implications, would such a setup protect the hospital network if someone at the lab managed to install malware on one of the instrument PCs? Would using a Linux PC as the "bridge" improve sequrity? What software is required?

Whew. That was a lot of questions. I'll be grateful for any advice. Thanks in advance. --Karabatikos (talk) 20:08, 24 May 2011 (UTC)


 * This is not much of a Computing Desk answer, but if I were in your situation, I would be raising hell with the people who are above the entire outsourced IT department, possibly the person who is in the CEO or COO role or their equivalents. If the service level is abysmal and it is next to impossible to connect new instruments to your network, then management choices are screwing over the laboratory as a whole, and they need to know that.  IT exists for your convenience, not the other way around.  You need to bring up specific examples to show how many hours were wasted by these problems.  It'll be especially irritating to them to learn that Instrument X sat there idle for 3 weeks after they spent all that money for it.  That sort of hard data can change their policies pretty quickly.  Side notes:  If security requirements increase, IT service has to increase, too; and setting up machines on a subnet provides 0 protection for malware if you've got it set up so that they can talk to each other.  Comet Tuttle (talk) 00:26, 26 May 2011 (UTC)


 * Your inbetween box will have to function as a firewall, and possibly one that can do malware scanning on the fly such as an intrusion detection system. You can change the IP addresses using network address translation (NAT).  But a linux box allowing microsoft drive mappings though is a going to let the malware through as well. To isolate things more you can have every device on a separate VLAN and demux them at the firewall box.  To talk to each other their data has to go via the firewall and get checked. Graeme Bartlett (talk) 11:58, 26 May 2011 (UTC) Graeme Bartlett (talk) 11:58, 26 May 2011 (UTC)


 * Thank you both for your answers. Comet Tuttle, I can assure you that we (and many others) are doing exactly what you would have done. The problem is that the reorganisation (and downsizing) of IT services has made the IT dept a less attractive workplace, and many of the most competent people have left the organisation. In this situation, by raising hell and at the same time presenting a well thought-through solution, we may have a greater chance of success than if we just continue flogging a moribund horse. We have a well functioning technical department, which services our instruments and instrument PCs, but they do not have permission to configure the PCs that are directly connected to the organisation network. I'll probably request their assistance, but I would like to have a clear picture of a possible solution before doing so.
 * Graeme Bartlett, I realise that the in-between box would need to function as a firewall. We have some PCs managed by the IT dept that have two network cards, and communicate with the organisation network through one network card, and with an instrument PC on the other. This setup appears to be acceptable to the IT dept (but with their present service level, still not available to us for new instruments). Moreover, having two PCs for every instrument is quite a hassle, and we have limited space.
 * If we replace one such instrument PC with a linux box that also has two network cards, this linux box could conceivably act as the DHCP server for the subnet. Here's a drawing of a possible setup:

+> Instrument PC 192.168.0.100 eth0             eth1       eth0             eth1                    | organisation network --->[PC managed by IT dept]->[Linux box, tech dept]--->switch-+> Instrument PC 192.168.0.101 10.1.2.3    172.17.2.1   172.17.2.2   DCHP, 192.168.0.1              | +> Instrument PC 192.168.0.102
 * What packages would be needed on the Linux box, to make this reasonably secure, and to make the required directory subtree readable and writable to the instrument PCs? (I know how to do the DHCP server bit, with Apache) --Karabatikos (talk) 20:46, 26 May 2011 (UTC)
 * Addendum, @Comet tuttle. The IT dept does not worry about instrument PCs infecting each other within a subnet, they worry about malware reaching the organisation network. Malware on the instrument PCs has not been a big problem. They do not have internet access, and no-one at the lab would dream of using them for other than the intended purposes. We have, however, had one incident some years ago caused by a sloppy tech serviceperson from an instrument manufacturer, who used an infected memory stick for a software upgrade. --Karabatikos (talk) 21:25, 26 May 2011 (UTC)