Royal TS/TSX - The perfect tool for connecting to everything


There are some tools that you work with so often that they become invaluable. Anyone who spends their days connecting to different systems and servers will know that the tools generally available are system specific; Windows desktop = Microsoft RDP Client, Linux box = Native SSH or Telnet, FTP Server = FileZilla, Cute or WinSCP and the list goes on. Each tool has its own qwerks and issues but we learn to live with them in order to get the job done. 

A few years ago now I was looking for a better SSH client because in my job when I have many SSH windows open its easy to loose track of which is which and I downloaded the first beta of Royal TSX (For Mac). It was a work in progress but I loved it. Now I can have my SSH clients in Tabs instead of separate xterm windows and I can name the tabs so its clear to see. I can even automate the login by scripting so I no longer have to waste time looking up passwords and leaving sessions open way longer than needed just because I have to lookup passwords. Royal TSX even in its early stages was a well thought out tool that instantly made its way to my quick launch bar. 

The first beta could connect to SSH, Telnet and RDP and I quickly found time to add all my regular connections and never looked back. 

Now that was a good few years ago and today Royal TS for Windows and Royal TSX for Mac are well polished and comprehensive toolsets with connectivity options to just about everything you could ever want...

Telnet, SSH: With full control over credentials, session, scripting, emulation and much more. 

You can clearly see the TAB's showing connections to multiple servers with varying connection types. 

File Transfer whether FTP, SFTP, SCP can be a bind to manage but no longer

Simple drag-drop file transfer. But there's more, much more...

RDP: for connecting to windows workstations and servers. 

TeamViewer: For anyone that still uses it. 

VNC: For your GUI based connections to Windows, Mac, Linux, IP KVM's and more. 

File Transfer: Over FTP, SFTP, SCP and more. Simple drag-drop functionality.  

VMWare: List instances, control on and off, connect to the console and more.

Hyper-V: Instance control, data and connections. 

Serial: Yes, even Hardware Serial over USB is a click away for those serial console moments that blindside you on an idle Tuesday afternoon. 

An all-in-one Tool, one screen, one set of configs! The organisation of connections allows you to create folders and move connections into folders so finding that connection is logical. I have folders for each customer, then a folder for each site within the customer folder which really helps. Royal TS/TSX stores all your connections and configuration in a 'phonebook' file which can easily be migrated or even sync'ed between workstations. I for example sync between my main desktop, laptop and mobile phone (yes, there is a mobile/tablet companion product!) 

But that's not all, how about windows Events? We all hate those, and monitoring can be a pain especially with multiple servers over multiple domains. Royal TSX cuts through all the nonsense with direct connections to Windows Events.

Windows Services, no problem. Windows Processes a click away, simple as anything and of course Powershell is also a click away. 

If your not already looking for where to download this tool then I'd be surprised, did I mention its FREE for up to 10 connections and after than the full product is only €35 or $46 for an individual license which is seriously undervalued in my opinion. If I add up the thousands of hours I've saved over the years then the true worth of this product would be 5 figures plus. 

When I first started using TSX and it would spend a good part of the day on my screen, where co-workers, visitors and even customers would ask, What are you using to do that? The product literally sells itself through its smart clean look and feature set. 

The developer, Royal Applications, are an Austrian company with a tight focus on their core product line. The product is actively developed and there are updates with new features and connections arriving regularly. The Support is outstanding with quick responses and assistance, and there's comprehensive documentation also available.

Its important to note that Royal Applications are not paying or influencing this review in any way. I genuinely love the product, use it every single day and paid willingly for my licenses. I strongly recommend anyone not already using it to give it a try, for FREE remember. 

You will find their product at, and a quick link to their download page would be


If you found this review useful and I managed to save you hours a day then drop us a comment... 

Continue reading
  2082 Hits
  1 Comment


© (c) 2018 GEN, E&OE

2082 Hits
1 Comment

SocialMedia, Google, Bing, Yahoo, Amazon, ISP's and Government Tracking

After our post 'In defence of social media" which itself was a response to the disproportionate news coverage of Facebook specifically, there have been many responses generally accepting that it should have been common sense that nothing is 'free' but that there was a clear mis-understanding on how people are tracked online and what exactly is collected and by who. This isn't unreasonable because the whole tracking and collection industry is shady and insidious, and just for clarity I was correct when I said GDPR will make absolutely no difference. So, how about we look at a few specific examples of data capture from some big players in the market...

Let's start with Facebook, purely because it was the subject of recent news stories. 

Facebook of course collects everything you feed into it, this includes you name, address, date of birth (if anyone actually uses their real date of birth), phone numbers, email addresses and so on. This data forms the root record (the record to which everything else is attached). 

To the root record we then add everything you view, everything you like or dislike, everything you post (Images, Text, Links), every message you send and receive and every ad that is displayed or clicked. 

Associations are also added, that's "Friends" and the interactions between you and your "Friends" are also logged and common interests or appearance in common photographs are also recorded. 

If you are unfortunately enough to have used your Facebook 'login' to login to third party websites then a record of that site, when you use it and for how long is also included. 

As you can see, Facebook stores pretty much everything you do and that's their business model, you get to waste hours of your life that you'll never get back and Facebook sells the data they collect from this activity. There's nothing wrong with this business model, it works and has been around for decades. 

Pinterest, Instragram(which is now Facebook), Tumblr and so on

These sites, which are generally 'image' sites record everything you add into the profile, a to that they add everyone you follow, every image you view (and for how long) and further some of these scan the images uploaded, recognise faces and then form internal relationships between the images and users. There's nothing wrong with this business model either of course, except perhaps the fact that the moment you upload your image, its no longer your image but that still doesn't stop people using these services. 


Now Twitter has been around for a few years and is basically a 'feed' services where you follow topics and people and you'll receive updates from them. Its a simple model yet an effective one. Twitter records your posts, reads, follows and followers. It also records every link you follow from posts. Twitter inserts 'ads' into your feed which is annoying but not a show stopper and these are of course paid for by the advertisers. The rest of twitters revenue comes from selling your data to third parties which is again a good sustainable business model. In the early days Twitter was wide open to abuse where 'fake' accounts were created in celebrity's names causing unsuspecting followers to be duped and further be directed to 'donation' or 'malware' sites but Twitter put a stop (mostly) to this by 'verifying' some celebrities to remove any confusion. Twitter also allows the embedding of links, audio and now video into the feed which is great but also brings with it a new set of challenges around protecting users but also provides additional tracking metrics. 



Google is a huge company with many 'services' most of which are 'free' to use. Let's look at probably the most common service, the "search" engine. There's no denying that is a great search engine and if your looking for something a little obscure then its your go to engine, but let's look at what's captured. 

When you Search on Google, the search term is recorded along with the results, which results you click on, and the time taken for that click. This simply makes associations of interest between your google profile (if you created one, or a unique identifier if you didn't). This in itself isn't really bad and you would expect them capture this information surely? This information (search history) is further used to focus future searches so the more you use it, the more likely you are to get more applicable results but this is the official line and don't ever believe that Google is the only search engine, its not. Because of the way Google adds sites to its index, sites with large budgets and resources always find their way to the top results even if they aren't applicable at all. Moreover, Google adjust results of political, social, personal or controversial searches to add their bias to the results you see, and many would argue that this 'bias' that most don't even realise is wrong on many levels. Some other search engines such as DuckDuckGo, etc often produce more evenly weighted results and without adding their bias which some may prefer. 

Getting back to Google the company, we need to talk about google analytics which is yet another 'free' service allowing website owners to get insights into visitors which is actually really useful, but for that to work Google needs to be able to connect YOU as a person to that site which it does easily. This gives Google not only your search queries, results, and clicks but also now most websites you visit, when you visit them for how long and what you do on those sites. Now we're starting to collect some seriously valuable data and this is of course the business model again, you get lots of free services and Google makes money from advertisers and the data. Google allegedly purchased shopper data from MasterCard which again when augmented with your online profile just adds a wealth of additional behaviour data. 

Other Services (Gmail, Google Docs, Groups, Google+, Google Drive, and so on)

Google offers a bunch of other 'free' services all of which are quite useful, but each bring yet more data to the profile they are maintaining on your behalf. Every email you send and receive via Gmail is scanned, stored and linked. Every document you add to Google Docs is scanned, stored and added, any file you store on Google Drive is scanned Stored and added, are you seeing a pattern here? Nothing you do on any Google service is private. How about Google Maps? A very useful tool if you want to find somewhere, but yet again everything you look at is recorded and added to your profile. If you have an Android phone then your location data is also added to your profile along with your messages, apps installed, app usage, contacts and so on. Google Home is a voice assistant and speaker for your home, but again anything you ask it is stored and added to your profile data. 

YouTube (now owned by Google) again stores the video's you want, channels you watch, comments you make and so on. 

Google Chrome is a web browser developed by Google and is again free to download and use. Within this browser there are options to 'store' your credentials and bookmarks in the Cloud and this does then of course give Google this data to further add to the profile. We also noticed that Chrome (unlike other browsers) created several local files storing your search history, browser history, and so on for reasons unknown. The files are unprotected meaning that we (or any malicious or otherwise software) can easily read them to obtain this information. At the time of writing we also noted weak protection of your stored passwords, but this isn't specific to Chome and several other browsers are also easy to crack. 

So Google know what you search, what you view and for how long and how often, what you buy, what you look at but don't buy, how often you buy something, what you read, what you post and what posts you read, what pictures and video's you view, how often and from what websites.  

Bing & Yahoo

Bing is a search engine that is pretty useless in fact and is even more unfairly weighted towards sites with $$$ and subsequently doesn't have any significant market share (about 7% at time of writing) but that doesn't mean that they don't store you searches, links clicked etc which they do. There's a 'relationship' between Microsoft and Yahoo which goes back several years and brings Yahoo results into the Bing search engine which is probably a good thing but this also brings Yahoo free services such as Yahoo Messenger, Yahoo Groups and so on into your search footprint. Yahoo itself has been bought and sold several times and the actual ownership is hard to pin down but we do know that the majority is owned by Oath inc (part of Verizon) at time of writing. 

Generally speaking the use of Bing and Yahoo is fairly limited these days with about 4% market share (at time of writing) since Bing's search results are limited and Yahoo's reputation has been shredded with past data breaches. The use of Yahoo mail brings with it the same issues that Gmail has, your email's and everything in them are scanned and stored. Microsoft's Hotmail is exactly the same and why shouldn't it be so, its free after all. Yahoo's Geocities which is pretty much dead now and Yahoo Groups, if anyone still uses them, bring yet more profile cross linking with group 'Members' being associated by topic and post and of course you must have a 'yahoo' account to participate.

Internet Service Providers (BT, PlusNet, Virgin and so on)

Some reading this may not be aware that your Internet Service Provider has access to every website you visit. They do this via DNS which is the system that converts a domain name into an ip address. Unless you specifically override it your ISP will route your DNS requests to their servers which then accumulate your website requests against your 'session' which is your current IP Address linked to your account. Using SPI (Stateful Packet Inspection) your ISP can also record what you actually do online such as listening to music, watching video, making phone calls, instant messaging, and so on. All this data is accumulated and stored indefinitely and in this country at least is made available to law enforcement without a warrant. 


The Amazon ecosystem is slightly different to the general model as there's no 'free' services, you need an account to be able to buy online, download books, listen to music or watch videos, but that doesn't mean the company won't collect your data because they do. Everything you search for on Amazon is stored and kept, everything you listen to, read or watch is stored and kept and all this profile data is used to target search responses and advertisements to your specific interests. Amazon don't make any guarantees not to sell your data (that I can find) so its safe to assume they probably do. Amazon also has 'Alexa' which further arguments the profile by storing what you ask and do with the devices but this in itself isn't bad and can be used to tailor responses based on your past history. 

 Local Government & Agencies

You may or may not know that your local council is at liberty to sell your personal data to anyone willing to pay. They call this the electoral roll but in fact its just a dump of all the people registered to vote + council tax payers. When you combine this with data from a company like Cameo you then introduce affluence and net worth, link that with Experien or Equifax and you now have credit worthiness, loans, mortgages, bank accounts and the list goes on, all free to purchase.

The DVLA is now also selling your details to companies so if you own or are the registered 'keeper' of a vehicle that data is now also up for grabs. 

And of course the Census data, that you MUST complete legally is made available for sale to anyone who wants it and this is of course why the Government is exempt from GDPR along with the Police, the Military, and anyone else who you may want GDPR to actually apply to. 

Cross Contamination

Since tracking to your personal profile is done via Fragments left on your computer, or cookies/sessions left by website's or even by your browser screen size and in a recent discovery by your sound card then allocating your activity to you is fairly good but there are some cases, especially in companies where internet access is proxied and where only a few 'login' to accounts that others activity can be falsely attributed to your or others profiles. I have personally seen this whilst writing this article when I requested all my activity from Google. Digging through it and remember I never use Google I found a bunch of searches performed as recently as earlier in the week that were from other users on the network which somehow wound up in MY profile. I have no idea how common this is in the real world. 



There are some claims on social media that Google, Facebook and others are always 'listening' using the Microphone in your equipment, but this has largely been disproved by researchers at the time of writing this article. That doesn't mean it categorically does not happen or that it does, simply that the evidence to date suggests not. 


Services such as VPN's and of course the ever popular Tor Browser are ways to obscure your real identity online, but you'll discover fairly quickly that the services above either don't work at all or are crippled deliberately. Google for example returns some made up message about unusual traffic. As VPN's come and go there will always be a short time before the services get blacklisted but this will never be a viable solution long term. 

The sale of data and the data market

All of the above can produce fairly detailed and valuable profiles of your online activity but when the separate data collections are combined you start to have very complete profiles linked directly to an individual. This is what worries people more than Facebook and Google. Given that your data is bought and sold on a daily basis some of these companies have a complete record of everything you do online. Let's see what the total footprint of an average teenager today is

  • Your Name, Address, Race, Religion, Ethnicity, Phone Number(s), Email Addresses, family members, friends, loved ones, and associates. 
  • Your bank accounts and balances, credit cards, loans, and payment history. 
  • Your vehicle, make, model and registration, current tax and MOT status and how much you owe on it if anything. 
  • All Google/Bing/Yahoo searches, Clicks and All Sites visited.  
  • Every instant message you've ever sent or received and the content of all. 
  • All your photo's and the date/time and location they were taken along with everyone who can be identified in them. 
  • Your location to within 5m at any time of the day and where you've ever been and for how long and how often. 
  • What music, sports, products, video's, you like, dislike, watch, download or buy. 
  • Anything you've ever purchased or sold online, be that clothes, shoes, groceries, electronics, etc. 

I think now you must be starting to understand how the data business works and how your pretty powerless to stop it without some radical changes to your lifestyle and even then its too late for most people. Its important to be aware that these companies have done nothing wrong, nothing illegal or even shady, they are all businesses and their business is your data. I personally like Facebook & Twitter and Google is a good search engine but YOU need to make informed decisions on what services you use online, and what information you surrender to those services. 


Whether you believe it or not, Apple has taken a fairly adversarial approach to data protection, committing to protecting your data not only on your devices but also online with anti-tracking features in their browser (Safari), but in the scale of things and despite Apples best intentions it's not going to make very much difference in the end. The only way for Apple to make an effective dent in the data collection market would be to block all social media and search engines from users devices, which they won't do for obvious reasons and in the real world everyone has to make their own decisions on what they do and don't use. 


The near future

Imagine that every shop you visit is recorded and shared? Its already a fact for online shopping and some phones already report you actual location every few minutes so its not a huge stretch to match your location data to retain stores, public houses, peoples homes, your home, daily commute and so on. It won't be long and you should know its coming. 



Continue reading
  17589 Hits
  1 Comment


© (c) 2018 GEN. E&OE

17589 Hits
1 Comment

In defence of Facebook and Social Media


There's a lot of hysteria in the news around Facebook and personal data, and that's fine it's a slow news week, yet the real truth is that Facebook did nothing wrong. 

Facebook, like all social media, is a business, plain and simple. Their business model is to provide a free service to you, and from that collect information and then sell that information to third parties for the purposes of advertising, marketing, market research, and analysis. A wise man once said in relation to internet services,

"If you don't pay anything for a product, then you Are the product"

and its true of Facebook just as it is for Twitter, Pinterest, Instagram, Snapchat, WhatsApp and so on. You use the service for free, and the company running the service and spending significant sums to develop and maintain it gets free and unrestricted use of your data. Sounds like a fair deal to me. 

Facebook will tell you its in the agreement you accept when you setup an account, and it is, but its also just common sense. So, delete facebook if you wish or keep using it in the knowledge that they will collect and sell your data as part of their business. This same framework applies to all social media, the majority of 'free' apps you can download for you phone, and other free services such as google, gmail, yahoo, bing and so on.

If, for whatever reason you object to any of these business models and do not want your personal data scanned, analysed, sold and so forth then that's your right, but don't whine about it on the very service you're complaining about! 


To those still outraged at the idea that Facebook sold their data, Facebook is just one of many that you will undoubtably use and they are all doing what Facebook does, so singling out Facebook does indicate a certain online naivety. For anyone who uses 'free' email, did you know every email you send and receive is read and analysed by the company operating the service? Did you know that every time you use google to search for something they track not only what you search, but how long you spend looking, what you click on and for how long? Did you know that every picture you've ever uploaded to a photo service such as tumblr, pinterest, instagram, and so on is then scanned and faces recognised and cross linked between users? Did you know that the Chrome browser stores everything you've ever searched for in a file on your PC? 

I could go on and on so get with the programme and understand the model at work here and then make informed choices about what you will and won't participate in. 

Loss of control

One subject that has been asked a few times recently is how do you withdraw your consent for your data to be used? and the short answer is besides some 'settings' that change very little, you cannot. Whilst you can write to some companies and express your wish they have no obligation to take account, and further since they've already sold your data many times over the chances of you being able to track down all renditions and withdraw them all is zero. If you've used social media, search engines, free email then it's simply too late, but you have an opportunity to educate your children and ensure they make informed choices. 

This article generalises the business model although it is understood that each company may vary their model specifically for their users. There is no complaint or blame here, just education. E&OE. 

Continue reading
  4908 Hits
4908 Hits

The 2017 Toyota Prius PHEV


We recently selected the Toyota Prius PHEV for our 2017-2020 Fleet and after 6 months its time for a real world review. The New Prius PHEV comes in two flavours, the Business and the Excel. The former lacks many of the refinements yet has an optional solar roof whereas the latter is probably the only sensible choice but cannot have the solar roof.  

The Toyota website quotes "Fun to drive" as one of the USPs for the Prius PHEV and indeed it is much more fun to drive than the regular Prius. In Electric only mode its fast and sporty, so much so that even in damp conditions its hard to keep the front wheels stuck to the road. In Hybrid mode it performs pretty much as the regular Prius. The quoted range is 30 miles and we can achieve that if driven very carefully and without any heating but in the real world you can expect to get 21-26 miles range and in the winter its more like 18-20. When pushed the traction control doesn't seem to control anything and your left with the same understeer issues that you would expect from most front wheel drives. It would have been nice to have seen a rear motor as in the Estima for even more go and some 4 wheel handling but sadly not.  

The city drive is really good, very sedate and comfortable especially in traffic and you have to believe that this scenario is the real purpose of the PHEV. Motorway driving is good but there is significantly more engine and road noise which requires an adjustment in expectations, again, its a city car for sure. You have full control over EV or HV modes allowing you to mix/match to obtain maximum fuel economy on longer journeys. A good example here would be a 40 mile round trip that involves around 50% at 50mph, and the rest slower in the city, Select EV for the city driving, and HV for the longer faster runs and this works great. You can even 'charge' the battery whilst in HV mode should you need it. 

Once the battery is empty, your then back to Hybrid mode and this seems to regularly achieve 50-55mpg which is very respectable but overall performance is severely diminished. One point to note is that Toyota seem to have failed to match the relative throttle position of the EV and HV modes so when switching back and forth you're required to adjust the throttle which takes a little getting used to. 


The exterior style is unique and truly stunning, and was a large component of our purchasing decision. With its quad LED Headlights and its sleek aerodynamic profile this is one of those vehicles that stands out from the rest. The alloy wheels are also fairly unique although I would have preferred some alternative options available. The vehicle is available in only 4 colours and black isn't one of them which was a shame and again more options available here would certainly not go a miss. The rear boot glass is elegant and expensive but of course lacks a rear wiper because of this, and it could do with one. 


The interior, when compared to the previous Prius Plugin is a significant upgrade and everything feels a little more upmarket. Comfortable leather seats further enhance the experience and the cabin is quite spacious even for the larger occupant all of which enhances the driving experience. There are however a few complaints to consider, such as the dash decor that sweets to the left from the infotainment system is just a crap trap and with the sweeping dash the windscreen is hard to reach and clean but these are generally very minor issues. The cup holders are generous and easily accessible as is the Qi Charging Tray but there is a definite lack of somewhere to put your crap which now tends to occupy one of the cup holders. The storage area between the front seats is ok but the lid opens sideways and not backwards making it very awkward for the passenger to access and quite awkward for the driver. The steering wheel is smaller than most but with the power assist its more than acceptable. 

The heating however is utterly worthless. I know its an EV and I also know that EV's have poor heating but this vehicle seems to excel in poor heating. There is an option to pre-heat from the key fob before a journey but that just steams up all the windows and defrosts nothing, when you get in the vehicle you then need to use de-mist  which then starts the petrol engine so what possible benefit that is I'm not sure. At 0c outside I ran the pre-heat three times and it didn't even clear the frost from the front window let alone the rear ones. Even on FAST mode, Heat set to HI, driver only and in Power mode the heating still struggles to heat the cabin in moderate exterior temperatures. Its so bad in fact that the back and rear windows permanently steam up and this means you need the rear de-mist permanently on, which is also underpowered. There are heated seats in the front but those also seems under powered and were definitely an after thought judging by the ridiculous location of the switches (below)

But climate aside the interior is pleasant environment in which to spend your day. The infotainment system is covered separately Toyota's Touch 2 & Go Review so I'll skip over that for now and focus on something that caught us by surprise a little. The boot. 

As you can see from the picture a large part of the boot is taken up with the batteries leaving a greatly reduced cargo area. We didn't see this initially as being a problem but once you start loading it up with equipment you soon find that the back seats are lost to overflow so consider this carefully. 


The vehicle comes with a charger for a normal 13A socket which takes 4 hours to change. Additionally you can have a hard wired charger installed at your property that will charge at 16A and this reduces charging time to 2Hours 10Minutes. Unfortunately that's the fastest it will charge, even though most properties are able to supply 40A which would charge in less than an hour and this makes charging on the go a no-go unfortunately but charging at work is still do-able. 

You are able to setup charging schedules so that your daily charge can be taken in off peak times and cheaper electricity, and when you turn off the vehicle you have the option to bypass this scheduling and charge immediately if required which is nice. 

Driving Features

The new Prius PHEV comes with a wide range of driving features which I'll address individually here, but collectively its a nice package that is rarely seen on a vehicle of this price point.

HUD (Head Up Display)

The Prius has featured a heads-up display for many years and generations but in this model the display is further enhanced and very visible. It's also a colour display which is great except that the normal display is in monochrome, but I assume to be as clearly visible as it is a single colour is beneficial. The only downer for this feature I can see is that the SATNAV is *not* replicated to this display as it is in most, if not all other vehicles with a HUD. 

Automatic High/Low Beam Headlights

A well thought out system that works in the majority of cases even if its a little slow to react sometimes and it only works faster than 40mph which can be annoying. The system is activated by a switch located near your knee which is unfortunate making it a distraction to turn it on and off. Overall however its a good system as long as you understand its limits. 

Radar Cruise Control

Not so well thought out and the sort of system that seems to work great right up to the point where it quits working as you're approaching the vehicle in front at speed, which it does. Further when you are trying to engage it, it just won't engage for some reason and gives no feedback or reason why. It seems to work well in queuing traffic but again occasionally just quits working for no reason. When it quits working the warning is tame and often missed leaving you to discover that its not going to brake for you at the point when your thinking 'why isn't it breaking'. Another annoyance is that it constantly feels the need to display pointless images and messages on the dash obscuring key information and you cannot turn that off. On roads with corners, not that we have any of those in the UK it seems to regularly loose track of the car in front and accelerate then spot it and brake again usually in the corner which can be worrying and is just bad implementation. So overall it works, but you've got to be supervising it at all times and preparing for its failure. 

Road Sign Recognition

It does, but it doesn't. Road sign recognition is probably a good idea and I'm sure it works great in Japan but here it either gets it wrong or misses the signs altogether. Turn it off and move on. 

Collision Protection

Well, this kinda works and if you're using the radar cruise control then you're going to get a chance to test this from time to time. The only problem here is that when its activated and it detects an imminent crash it displays BRAKE in red on the far left dash accompanied by a fairly feeble beep that serves no purpose. Ideally for such a function to be effective it should BEEP loudly and flash everything so the driver is immediately aware that they need to take action. 

Lane Departure

This works most of the time although it can become very annoying after a short time especially on country roads where the road markings are not so clear. On the motorway however it seems to work great. There is a button on the steering wheel to switch it on and off which makes managing the feature very easy.

Automatic Parking

Well, this is one of those features that does work if you have the patience to let it do it or if your not able to park yourself. For me its a gimmick that will never get used except to test it because I can park and I can do it much quicker and more accurately, but some may find this feature of use. The vehicle does have all around sonar so parking by ear is easy to do yourself.

Driver Information

The Prius boasts two 7" displays that form the digital dashboard display and it does have all that the regular Prius has but seems severely lacking in driver information for EV mode. It does show the average MPG and average Kw/H but for a single journey you cannot get the Kw/H used or regenerated nor can you get Kw/H remaining. Furthermore on the infotainment display you can get regenerated power whilst in Hybrid mode, but in EV it shows nothing. The 'battery gauge' is confusing and the Toyota manual does a bad job of trying to explain it. 

Its as-if the software was tweaked slightly to make it work with the EV but they couldn't be bothered to add the key functionality and data that you or I might want which serves to detract from an otherwise good vehicle. To take it further all this data that's collected cannot be downloaded or exported anywhere even though there's a USB port which for a business makes it hard to track mile performance metrics. Ideally you would want to be able to download a record of Kw/H used, regenerated and fuel used which would give everything needed. I know that Toyota don't expect to sell that many PHEV's but for the price they could at least dedicate some time to driver information. 

The Economics

There's a lot of talk around the economics of EV's over conventional fuel vehicles, but its really down to your driving requirements and some math has to be done to work out if its going to be worth the extra costs so let's do that now. 

Assuming that we take the purchase cost, grant, servicing, MPG, etc from the official Toyota website and throw in servicing and tyres then we're going to get a total cost of ownership over 5 years of £31670 for the Plug-in vs £30470 for the standard Prius excluding any finance charge (because finance varies significantly so we're going to assume here that you purchased it outright). 

Next we need to know the driving patterns for the year, and initially we're going to consider 15k miles per year, with an average journey of 30 miles, that's around 500 journeys per year. I'm going to take the EV range at 25 miles as a year average, and the cost of fuel at £5.50 per gallon and electricity at 0.13p/Kwh. Given that we can calculate the fuel and electricity costs for your 500 journeys which is

£412.50 per year for the Plug-in vs £1586.54 for the regular Prius and that's £2062.50 over 5 years for the plug-in and £7932.7 for the regular Prius. 

That brings the cost of travel for your 5 years to £33732.50 for the Plug-in and £38402.70 for the regular Prius showing a saving over 5 years of £4670.20. 

So, if your'e a 15k a year driver running an average of 30 miles per journey then your going to be a winner with the plug-in. For business however we'd need to consider an average mileage of around 60k, and an average journey of 150miles so let's do the math.

£5130.00 per year for the Plug-in and £6346.15 per year for the regular Prius. Again we'll add in the cost of ownership to give a 5 year travel cost of £57320.00 for the plug-in vs £62200.77 for the regular Prius giving a nett saving of £4880.77. 

So, on a scale of economy the Prius Plug-in is a clear winner for both domestic and business travel with the benefit being significantly greater if you can keep your average journeys to 25 miles or less, and of course be aware that we're using Toyota's values here and these may not be real world applicable. I'll add these figures into a table below to make it easier to see. 

Vehicle Miles/Year Average Journey Cost of Ownership Fuel costs / Year Total Cost of Travel / 5 Year
2017 Prius Plugin Excel 60000 150 £31670 £5130.00 £57320.00
2017 Prius Excel 60000 150 £30470 £6346.15 £62200.77
2017 Prius Plugin Excel 15000 30 £31670 £412.50 £33732.50
2017 Prius Excel 15000 30 £30470 £1586.54 £38402.69

Final Thoughts

I personally like the car and I like driving it especially in Electric only mode but some may find the greatly reduced cargo area combined with the lack of colours and options too much of a stretch. It is in my opinion a far better option than the Ampera/Volt (which we had before the PHEV's) because its more fun to drive, more comfortable and more stylish. You will also find some incentives available at your local Toyota dealer which can make the relative premium more manageable. 

There is a wealth of information on the website but be aware that certain parts of it do not work, like 'My Toyota' which just gives you a blank page when you try and login so be aware of that. 




Continue reading
  3268 Hits
3268 Hits

Synology Hyperbackup and Certificates

Hyperbackup is a backup system provided by Synology on their Diskstation and Rackstations and its a good product as is the hardware, but like most things in Synology, the term "set it and forget it" does not apply as this customer found out to their detriment. 

The Synology NAS system has a web interface, which is in fact very good and well designed, it allows amongst other things for you to setup an SSL certificate to encrypt web traffic. This can be a self signed, purchased or lets-encrypt certificate and in the latter the process of renewal is automated which is nice. 

The problem comes when your SSL Certificate changes, which is would normally do annually for a purchased cert or every 90 days for lets-encrypt, at which point everything breaks including Hyperbackup and the cause isn't immediately clear. The dialogue above indicates that the destination for your backup is offline, you would of course check the backup server and find it online and running. You would check the firewall settings, probably restart the services maybe even reboot the server but nothing is going to make this work again until you go into settings and get as far as target at which point you notice...

Yes, seriously, because your certificate renewed and even though you've specifically not enabled transfer encryption the backup process crashes to a halt. You are required to press "Trust Server Certificate" to continue after which the backup will resume until the next certificate change (90 days for lets-encrypt, a year for purchased). Why? What possible purpose can there be to halting the backup every time a certificate renews? and why is there no way to prevent it? 

Just as a side note, other things that break are all the iOS applications, Cloud-Station Backup, Cloudstation, and probably more. If you are going to use a lets-encrypt certificate, and I would encourage you to do so, then every 90 days you need to make a note in your diary to go to all the servers and click all the buttons or stuff will stop working. 

Addendum: Just had another customer today who's had a volume crash and his hyper backup stopped working for this very reason about 6 months ago so we're now in the position where he's shipping the unit back to us and we're going to have to attempt volume recovery. PLEASE CHECK YOUR HYPERBACKUP IS RUNNING REGULARLY OR USE ANOTHER BACKUP PRODUCT

Update 20/04/2018 - Yet another customer lost data thanks to Hyperbackup and lets encrypt certificates. This issue is not fixed in the 6.2 beta so we now have no choice but to advise all our customers *NOT* to use Hyperbackup and instead migrate to alternatives. We're already testing a number of alternative products hosted on and off the NAS and will post a full review and recommendations in the near future. If you've come here because your Hyperbackup silently stopped backing up your data then I suggest you also look for reliable alternatives. 

Update 09/09/2018 - Another large customer suffers data loss due to this ridiculous situation. We are now removing Hyperbackup from all our customers and replacing it with proper backup software (Retrospect, Backup Exec depending on environment). Please DO NOT use Hyperbackup and rely on it to actually make backup's without daily monitoring. 


Continue reading
  1746 Hits
1746 Hits

Whois Information Fraud


A very long time ago when the internet was young, someone had a great idea that rather than remembering we could use a sensible name that people could remember like "email" and this was called its hostname and these were stored in text files, but that wasn't good enough and so this concept was further developed into what we now know as the Domain Name System. The Doman Name System (DNS) that we know and use today is basically the same; we have top level domains such as com, net, org, uk, us, eu, and so on, and under these registries administer the second level domains. 

An example would be In this case the top level domain uk is administered by the registry Nominet. If someone wants to view our website (this website) then upon entering it into their browser their computer will ask the top level name servers who's responsible for uk and be given Nominet. Then Nominet will be asked who's responsible for and that will be GEN, and finally GEN will be asked what's the server address for www. All this magic happens without any user involvement and takes fractions of a second. 

This article is specifically targeted at the registries, in the example above it was Nominet, but every country has at least one registry and with the expansion of top level domains into things like .email, .digital, .academy etc there's now even more registries that are not country specific.

When you register a domain name with a registry, they will require you to provide information such as the owner, their address, phone numbers, email address and the same for the administrative contact, Technical Contract and Billing Contact and this information is publicly available for anyone to access via a service commonly known as WHOIS. You can use our WHOIS tool on the GENSupport website to find out what information is available for any domain. Some registries allow certain information to be hidden for an additional fee, and others don't. Nominet for example will now allow information to be hidden even for an additional charge unless the registrant is an individual. Having all this information publicly available when there's absolutely no reason to do so presents fraudsters with a virtually unlimited target base with a perceived credibility greater than the usual daily scam emails. We'll look at one common fraud that regularly hits the HelpDesk here at GEN. 

Whois Information Fraud

Now that's sounds quite important and for companies who don't have their own dedicated IT department or who haven't outsourced there's an information vacuum that the fraudsters leverage with such scams. This particular one is quite expensive at $86 but even so I've no doubt that some smaller companies will pay it under fear of loosing something they need without fully understanding the implications. This example is just one of many such scams all with different wording and layouts but all trying to take your money for something you don't have.

Let's first look at how it got here...

Received: from ([])
	by localhost ( []) (amavisd-new, port 10024)
	with ESMTP id JRVvXwltlucK for <This email address is being protected from spambots. You need JavaScript enabled to view it.>;
	Sat,  9 Sep 2017 22:07:33 +0100 (BST)
Received: from ( [])
	by (Postfix) with ESMTP id 7E93D5F085
	for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Sat,  9 Sep 2017 22:07:29 +0100 (BST)
Received: from ([]) with MailEnable ESMTPA; Sun, 10 Sep 2017 05:07:26 +0800

So it originated from a host in the USA, namely [] which is operated by Ethr.Net LLC and all the information on this scam is taken from the WHOIS information for the domain in question, we know this because of the information in the fraudulent email. If we look at the 'Secure Online Payment Link' which in this case goes to "" but that's just a redirector (a website who's only purpose is to direct you to a different site) which directs us to "" and we're presented with a set of options to pay money. What is moderately entertaining is that the WHOIS information for this domain isn't obscured in any way and we see that the owner of the domain is 

Registrant Name: wu zhiying
Registrant Organization: wu zhiying
Registrant Street: cuixiangjiedao635hao
Registrant Street:
Registrant Street:
Registrant City: zhuhai
Registrant State/Province: Guangdong
Registrant Postal Code: 519000
Registrant Country: CN
Registrant Phone: +86.75638971201
Registrant Phone Ext:
Registrant Fax: +86.75638971201
Registrant Fax Ext:
Registrant Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Which could well be made up but moving on, the Payment Link from the website which doesn't even use SSL just takes us in a loop capturing card details for the fraudsters to sell or use or both. 

Until someone actually decides that making this information public is a ridiculous idea then the endless scams will continue and we're stuck with workarounds.  

Whois Privacy Options

Assuming you don't want to publicly broadcast your name, address, phone number and email then options are limited to a whois privacy service such as the one that we offer, which simply registers the domain using a subset of our details therefore directing scams to us instead of you. This means that we need to 'administer' the domain by responding to the nonsense sent by registries from time to time but we don't mind doing this for our customers and change nothing for the service. Other Providers do charge but it's generally a fairly nominal fee of around $5 per year. 

Know Your Domain & Services

When you have one or more domains then there will be an annual registration charge which will be invoiced directly to you by your registrar. If you registered through GEN, or migrated your domain here then we'll send you an invoice yearly. There are no other annual charges for the registration of your domain name.

If you have services on that domain name such as a website and email then charges for these, which are usually annual will be invoiced to you directly so know who hosts your website and provides your email services and if your even in doubt then ask them before paying anything that arrives to your inbox unexpectedly and never pay for something if your unsure. If you are a current, past or future customer of GEN then the HelpDesk is available 24/7 to answer your questions to please ask. 



Continue reading
  2785 Hits
2785 Hits

Toyota's Touch 2 & Go Review


The Touch 2 & Go head units fitted to new Toyota Vehicles promises a great deal "The TOYOTA TOUCH® 2 multimedia system gives you a world of information and entertainment every time you get behind the wheel. And it’s all displayed in high-resolution colour-rich graphics on a simple touch screen." from the Toyota Website, and yet when you actually use it for a week or so you start to feel a little let down. Again from the Toyota Website "All smart. All simple. All for you." seems like a good place to start and for completeness we'll break this down into the main features. 


Toyota claims "To enjoy the journey even more, you can connect your iPod or MP3 remotely to the Toyota Touch® 2 multimedia system via Bluetooth® or USB and enjoy your favourite playlist in high quality audio with album, artist and track information displayed" but in reality that's not going to happen. Connecting via Bluetooth provides audio, but intermittent album, artist and track information, no ability to select or browse tracks. Connecting via USB does provide this but then you've got to leave the USB connected to your phone which you rightly want to reside in the Qi charger instead. The other significant issue with USB is that you cannot browse folders on the device but instead all the media regardless of folder is shown. This means you can't, like me, order your music into folders on your USB stick and play media from a folder. DAB is ok but with only 6 presets its kinda awkward to operate if you have more than 6 favourite stations. It has a CD player but as I've not owned a CD for the last decade I can't test that. There's no sign of Apple CarPlay or Android Auto, and 'Mirrorlink' is only compatible with phones from the last decade so practically useless today. There is no support for any form of video to be played from USB storage so don't waste time trying. 

The audio quality is very subjective. With its 6 speakers, all mid range and no subwoofer it does a reasonable job at low to moderate volume levels with even sound coverage. Turn it up too far and you start to loose what clarity it had but for the price point and in the lower end of the market it's not bad at all. 


The phone integration is ok and the hands free is very workable but there are a few obvious issues when using this. It's not clear or intuitive how to get from the "last called" list to the phone book or back again, its do-able but needs touch work that shouldn't be required whilst driving. 

When looking at the last called, dialled and missed lists there is no way to navigate without using the touchscreen (unlike every other vehicle where you can do it from the controls on the steering wheel) this means that again your distracted whilst trying to hit the right number which is actually quite hard to do whilst driving. 

Whilst you've got the "last called" list up, you can no longer see the signal strength which to my mind seems ridiculous when the main use of the 'last called' screen is to recall after getting cut off due to the miserable cell coverage in this county. To add insult to injury, once your call has been cut off and you reach to press the screen to redial, a pop up rolls down from the top of the screen, obscuring the last called number to tell you want media you're listening too just in case you had forgotten! What possible use is that and how did that ever get past QA?

There is also a significant delay between getting into the car, starting it and driving and the phone becoming available. Its as if the unit has to sync the entire phonebook from scratch on every start up, which for me with a sizeable phonebook seems to take forever. There is no search facility so you have to use the A-C, D-F and so on which is a nightmare when you've got a lot of contacts. The handling of contacts (from an iPhone) is also unusable where your contacts are for companies. An example would be for company Fred Bloggs Inc, having two contacts, in this case you can find Fred Bloggs Inc but you have no idea which contact its going to call meaning you need to pick up your phone, use its contacts to make the call which defeats the whole purpose really. Since the majority of my contacts are businesses and I'm forced to dial from my phone then I looked for a way to stop it syncing but found none. 


Toyota claims "Toyota Touch® 2 with Go features enhanced satellite navigation with clear visuals showing signposts, junctions and lanes with real-time traffic updates alerting you to congestion on your route and suggesting detours" and it does do some of that but for the first 2000 miles I've yet to see anything 'enhanced' about it. It does seem to detect traffic alerts but it simply tells you "Traffic Jam Ahead" and then directs you into the back of it without suggesting any detours. Maybe it will in the future, but so far that's a zero. 

The voice navigation also leaves a lot to be desired with 'Turn Half Right' being its favourite phrase of the moment. What exactly is a half right? I have no idea and I'm sure you don't either so looking at the Navigation screen, which is only on the centre console touchscreen and not replicated to either the dash (except for an arrow) or the heads-up display is a prerequisite of using this system.  It does sometimes show junctions and lanes, but don't rely on it as it gets this wrong from time to time and your back to looking at the map to figure it out for yourself. 

The navigation data is significantly out of date, even when updated to the 'spring 2017' data, there are still roads just in my locality that are incorrect and that's unfortunate. Whilst sitting in traffic on a road that doesn't exist in Toyota land, I loaded TomTom GO on my phone and of course the road was found. I wonder why TomTom can get their maps up to date, but Toyota can't? 

There is a definite delay in processing current vehicle position especially noticeable on roundabouts where the 'screen' and your actual position can be a junction or two out meaning you're going to come off at the wrong junction. This is annoying especially when it gets the exit number wrong, which it does periodically. Most modern Navigation systems use GPS and Wheel turns to calculate position but the laggy behaviour of this system would suggest its only using GPS. 

The route planning is fairly poor with only major roads factored into any route. We planned a series of routes and whilst it gives you the Fast, Short and Ecological routes they are invariably all the same. If you take a route which you drive regularly and get it to plan it, then it will only use main roads. If you plan a route between two villages then it will plan the route ok but if you plan a route city to city then you only get main roads and the short route simply doesn't work. 

A most notable absence from the Navigation system in our EV is any way to navigate to your nearest charging point, something that I believe every other EV we've tested has as standard. 

Another 'feature' that I was eager to test was the Speed Camera Alerts which are built into the system. The Toyota Website Claims

"Cyclops is a driver safety app that gives you professionally-verified fixed speed camera alerts combined with real-time updates for mobile cameras from the Cyclops community. Cyclops delivers the most accurate and reliable safety camera databases and smart software - you can enjoy these benefits by using our Cyclops App – specially designed to alert you to currently active mobile camera sites. And all other fixed camera types are automatically updated too! Cyclopse has comprehensive coverage of over 90,000 sites across 48 countries and automatic updates ensure that you always have the most accurate information possible."

Which sounds great, but actually finding any information is like pulling teeth out of a Donkey. There's nothing on the Toyota website and a web search eventually renders this Wikipedia link and possibly this company website which might be the company in question. Regardless in my daily drive the data seems to be outdated & inaccurate and whilst it gets the majority of long term fixed camera's its notably silent as I passed two mobile vans. There's an inference that its updated somehow online but there's certainly no feedback on the screen to show that. I'm not sure quite how much of my £199 goes to cyclops because the Toyota website doesn't say but as GARMIN seems to include it for free I suspect it's not a lot. 

Coyote on the other hand is an App that you have to pay £87 a year for, and promises "With Coyote, always be warned safely directly on your embedded screen. You will receive the relevant alert at the relevant moment, to adapt your driving style to road hazards reported by the Coyote community, in real-time." and this does indeed pop-up for the majority of fixed speed camera's, but so far not a single mobile one. There is no further information on the Toyota website (any of them) so your back to searching the web. A best guess would be this company which seems to have versions in every language except English. The Coyote app is also infuriatiating because it pops up OVER the navigation screen meaning that you can no longer see the map and in city's these days with speed camera's every 5 meters this means the navigation is impossible to use and your left with yet another distraction that you have to deal with instead of watching the road. 

One point to note is that if you have the coyote app loaded it seems to kill off the cyclops camera warnings which would indicate that Toyota believe Coyote is 'better' but again there's nothing on the website to explain the benefits/drawbacks of these two systems so once again its left to the end user to guess. 

"To keep you connected and in control wherever you are, you can send your chosen route to your mobile or device." is a claim on their website, and indeed you can send a route to the car from their website. What they don't tell you is that their website is poor and allows just simple from and to input without any navigation functionality. The best way forward I've found here is to go to, plan the route then copy/paste the destination into their website in order to send to the car. It doesn't recognise things like HOME or any of your other favourites so you have to enter the full address in to both and it's not country aware so always specify the country along with the address. 


Now for the section that I'm sure everyone has been waiting for.. The Toyota Website (as of today) says

"In today’s world of connectivity Toyota Touch® 2 (Go and Go Plus navigation systems) won’t disappoint. With our Toyota online services and applications your car can be a hub like your computer. With the ability to download great apps such as AUPEO! which gives you the chance to personalise your in-car music experience, it learns your music taste and suggests tracks by theme, genre, artist or even mood. And Coyote, the community-based speed camera awareness app, with 3 million drivers already helping one another against every road hazard. The integration of Google Street View™ and Panoramio™ provide imagery of your current location, or a location of your choice, allowing you to start navigating directly from the image, so you’ll never be lost."

So let's break this down. Firstly Google Street view is there, and it sort of works although you can't move around it like you can on google maps, but at least its there. There is no sign of "Panoramio" and AUPEO went out of business at the end of 2016, but who cares, "With our Toyota online services and applications your car can be a hub like your computer" so let's get on line and start downloading those apps!

Arriving at the website, registering, adding your vehicle and steaming over to the e-store, your invited to "Discover exciting new apps, update your navigation apps, and download the latest software for your Toyota's multimedia system" and its at this point that your expectations are quite literally crushed into dust.


There are no apps, well no useful apps anyway. If you take away Coyote which we've already talked about above, and eStore isn't an app anyway, then your left with 'Glass of water' which to my mind does absolutely nothing useful, and Park&Go which likewise has no real world use. This is what Toyota believes to constitute their "great range of apps". There is a 'weather' app that's pre-installed but seriously, a weather app? just look out of the WINDOW!

There were also some other pre-installed apps which are not on the 'e-store' such as Twitter that simply doesn't work and says "Unable to connect to the server" immediately no matter what you put into it , AUPEO that went out of business last year, A-ha that sometimes works, a parking app that only works with some car parks, and a fuel prices app which shows pricing from some fuel stations, the distance to, but fails to do the obvious mpg -> distance calculation. 


If your dealer has told you that there are 'more exciting apps coming' then you may want to ask them why there have been no new apps since the system was released, and that's now almost two years ago?  Its because there are no new apps coming, and no one is developing them. We collectively spent an entire day on the phone trying to find someone in Toyota who knew anything about apps and got nowhere. We tried contacting Harman who make the unit and again got absolutely nowhere. We sent numerous email's, left voicemails and even sacrificed a Toyota pen to the great car manufacturing eternal but so far not even the courtesy of a reply and this was weeks ago now. 

Just take a moment to consider the list of actually useful apps that Toyota could have developed - EV Charging Point Map, AllStar fuel locator, CRM integration (be able to pull salesforce, vtiger, sugar contacts into navigation/phone), Guages (show data from the CAN bus such as charge, engine, power, RPM, etc), Facebook, Youtube, Vimeo and the list goes on and on. 

If you expected to get 3 years of 'connected' services and map updates for FREE, then you don't and it'll cost you another £199 for that privilege although the only thing of use here is the map update. 


Every system has a few annoyances but Touch 2 & Go seems to have more than most and some, maybe most of these should never have made it past Quality Assurance. 

The screen is high gloss and when the sun is shining on it especially mid morning/afternoon its impossible to read it and you end up trying to shade it with your hand, which is probably the reason that other manufacturers have their screens recessed and heavily polarised. 

When you get into the car and start it, if you had the music playing loudly when you shut it off then it will start playing again at the same volume but you have to wait for the touchscreen to boot before you can shut it off again which can be annoying or embarrassing depending on who your with. 

Coyote - As we've discussed above, this app takes over the entire screen blocking your view of the navigation map which is really annoying and as a bonus it doesn't do anything when passing mobile speed camera's. Coyote rarely seems to work out of the box and you wind up having to end it, then restart it to eventually get it to work. This isn't how it should be. 

Internet Connectivity for "Connected Services" comes and goes but there's no indication on the screen at all. When your in an area with intermittent data then things just stop updating without any indication of such. You would expect an icon to be shown or something to show that connectivity has been lost but no. The only way I've found so far to verify if 'connected' means connected is by going to the Apps and selecting Weather to see if it can get any data.  

The Website

This is by far the worst website I've had the misfortune of using in recent times. The site is slow and its use of Ajax is embarrassingly poor. Even the details like the spinning icon whilst it's downloading content isn't clipped properly and in vehicle details if you want to see "Audio Information" then you have to select something else and then back to Audio Information to get it to update. Pretty much every option you select presents you with a full width picture and the content you're looking for is only visible once you scroll down, and don't even start me on mobile friendliness as the site navigation doesn't even work properly on an iPad. Something simple like the owners manual even after you've logged in still needs the VIN which of course everyone can remember. You can get to the owners manual from the my vehicle, then somewhere towards the bottom of the page but its hard to find, in fact everything is hard to find and unintuitive. 

If you're looking for detailed or technical information then expect to find it spread piecemeal over several websites sites, one often contradicting the other and all woefully out of date. If you were impressed with their new "gas-injection heat pump powers the air conditioning" and wanted more information then your out of luck because there isn't any. often links to other websites with vastly different formats and the whole approach seems disparate and messy. Whilst we all understand that Toyota isn't a Premium brand as such, there really isn't any excuse for this and I'm sure it must have an adverse effect on potential and current customers alike. If Toyota would like us to fix this then we'd probably do it for free in exchange for the source code to their head unit so we could fix that too. 

You'll also be greeted with the following or similar regularly for unknown reasons, just try again. 

iPhone/Android Apps

Unlike the earlier versions of the system there's no longer any App's available except the 'MyToyota' app that has no impact on the audio system and requires you to re-enter your password on every use which just makes you not want to use it.  

PHEV Specific complaints

The new Prius PHEV is a fantastic vehicle and fun to drive but there is a complete lack of EV information on the touchscreen. You can see the 'power' flow even though its slow to update, but with things that you'd consider essential for an EV such as KWh charged, KWh used, KWh regenerated, KWh/Mile and so on are completely missing which is a real disappointment especially as everyone else manages to provide this (even if it's not accurate). Maybe this will come with later software but I doubt it, essentials like this come with the launch or don't come at all generally. 


Its far from the best system we've used, but its not the worst. If you were wowed by the dealers promise of over the air apps in an vibrant app ecosystem, fantastic navigation, realtime mobile speed camera alerts and 'Premium Audio' then you're going to be hugely disappointed for sure, but if you were spared all that and just expected a vehicle with navigation and the ability to play music then you're going to be in luck. 

This entire article is based solely on our opinion after using the Toyota Touch 2 & Go for a few months in real world situations and its not meant to be an exhaustive analysis of the system or its features. We may well do a technically biased article in the future. If you have a specific question then please feel free to post it in the comments, or pop in to your local Toyota dealer and ask them. I'd recommend staying away from because the comments are heavily moderated and a 'difficult' question is unlikely to even make it to the site let alone be answered. We've posted a few questions and they were all just ignored. There is the This email address is being protected from spambots. You need JavaScript enabled to view it. email address but likewise in our experience awkward questions are ignored and simple ones just get passed on to a dealer so your email can be added to their spam lists. 


Continue reading
  6482 Hits


© (c) 2017 GEN, E&OE.

Recent Comments
Technical Support Team
Nope, just the opposite in fact, it seems to 'go off' rarely and even for some fixed speed camera's that have been there for years... Read More
Tuesday, 22 August 2017 09:08
Technical Support Team
Unfortunately Not. We did try a stick with some divx, mpeg4 and wmv and avi files that the Ampera can play but this system just ig... Read More
Friday, 08 September 2017 16:29
Technical Support Team
There are rumours that it can only display album art of 200x200 and no bigger, but likewise in our experience it seems to only dis... Read More
Saturday, 02 December 2017 19:23
6482 Hits

GoToAssist, problems or end user chaos?


For many years we have been a customer of GoToAssist from Citrix (now LogMeIn) as a reliable method of providing remote support where its needed with the minimum of effort. The end user client can be downloaded from on Windows & Mac (No Linux Support at present) and a simple 9 digit key connects the client to our support team. Because of the way GoToAssist works using HTTP channels for the connection it can operate through most firewalls and proxies without special considerations which puts it ahead of other point to point remote control tools. You can even remotely support users and servers from an iPad with a well implemented app. You can get a 30 day trial on the GoToAssist website.

For unattended machines such as servers or regular clients you can setup 'Unattended Support' which will allow you to remotely connect to a machine without the client having to do anything. Over the last few months we've intermittently noticed machines on our 'unattended' list that we don't recognise but as there's several people who use it regularly I had reasonably assumed it was one of my colleagues. 

Today I noticed three new Unattended hosts.

I took the time to ask around who had created these and to my surprise no one had any idea. Clicking on one of them established a remote session with a machine at a site that we knew nothing about and didn't setup. Moments later the workstation was unlocked and were given desktop access. We immediately terminated this connection and contacted GoToAssist for Support. Despite their support line dropping our calls and their community forum preventing us from posting they did get back to us quickly and conducted an investigation. 

LogMeIn, who took over GoToAssist identified that some of the workstations we were seeing on our account were in fact linked to our account and they went a step further to identify that the unique code used to identify each account was in fact ours. Further research identified that our copy of the GoToAssist unattended installer had been downloaded from our support site and that same copy had been installed on this clients machine. 

Using this installer will silently setup unattended support on the clients machine and link that back to our account. Whilst this download is rarely used by us and only in circumstances where a browser is unable to work correctly such as old windows 2003 servers with ie6 etc, the file had been downloaded 266 times. So let's consider the risks here. 

Firstly, having an unattended installer, which installs silently and without any user interaction is a good thing, it means we can in a worst case scenario use SMB to push the file onto a server and then persuade that file to be executed under the system or administrator context using the task scheduler, registry or by replacing a windows file and forcing a reboot. We can also distribute and auto-install unattended support on a corporate network by using a logon script to pull it from a server and execute it as part of the logon process and again the user doesn't get a choice. The unattended support installer does create a start menu item, but there's no 'uninstall' in there just the program so clients who have the control panel restricted can't subsequently uninstall it without permission. 

So how did we get machines on our account from the other side of the world ? Well that's simple, they downloaded the GoToAssist client from our website and installed it. Even more bizarre is that they then proceeded to enter their login credentials into the unattended client using the notification icon. Hold that thought and instead let's consider that someone less honest was to seed the internet with their installer and instead of "The GoToAssist client for receiving remote support from us" they linked it from something like "Get GoToAssist remote for FREE" or "30 day free trial of GoToAssist", then those users would be opening their PC up to whoever without realising it and that might not end well. The unattended client does have a notification icon on windows (nothing on mac), but using the registry, powershell or some vbscript that can be hidden as part of the install making it invisible to the end user. 

But taking a step back for one moment, the technical scope for abuse is about the same for GoToAssist as it is for any other remote control solution with the difference being that GoToAssist can pull the plug on any account they suspect is involved in abuse whereas some of the other products that are point to point don't have that safeguard. If you really want to stop GoToAssist, Teamviewer, RAdmin, VNC, and the rest then specifically block them at your firewall and the risk is gone. If you want to monitor their use then your firewall or proxy logs are your friend. 


This has been a voyage of discovery for us with end users again doing the unexpected and causing chaos and confusion. We've pulled the downloads from our support site now and will look at a more selective method of file distribution going forward. If I were to make a product enhancement suggestion to LogMeIn then it would be to add the IP Address, the method of install and whether credentials were stored to the unattended machines window. Having the IP Address would let us track down poorly named or unknown clients quickly and knowing that it was installed within a GoToAssist session or via a downloaded installer would further clarify the situation. Knowing if credentials were stored would save time in having to establish a connection, find they are not then disconnect, lookup the credentials and reconnect. These are only suggestions and not complaints. 


Continue reading
  2486 Hits
2486 Hits

Synology Auto-Update


We've been actively promoting Synology Rackstations for many years now and they do provide exceptional performance for our customers, but they also come with a selection of annoyances that you need to be aware of when running them. If you have managed storage or any of our support or outsourcing services then we'll take care of these units for you, but if not then please read on. 

Auto-Update is an important part of any strategy and of course Synology provides the same functionality which can be found in Control Panel / Update & Restore / Update Settings

Here we have updates to be applied automatically at 3am when available. This will mean your system will always be up to date with the latest patches and fixes. 

A second level of protection comes from the package centre auto-updates which can be enabled in Package Centre / Settings / Auto Update and will look something like...

But you can never leave your Synology servers to just update themselves without intervention as we've discovered today, for example when we found that all our customers who have managed storage were showing package updates available (via CMS) but they weren't auto-updating. We investigated this further and found that Synology have made a change that effects everyone but notified no one. 

When opening the package centre from DSM on the server you find this fascinating dialogue 

and of course all the updates have stopped auto-updating because of this.

Now we have 300+ Synology Servers on management and so far today we've only managed to do a fraction of that, but over the next few days we'll login to each of the boxes, tick the box and then let auto-update do its thing. I'm sure for domestic users this isn't important, but when you've got 300+ to do its really annoying and time consuming so thanks for that Synology. 



Continue reading
  2248 Hits
2248 Hits

Firewalld on Redhat/CentOS 7 and later

CentOS 7 brings with it a new dynamic firewall interface deamon (firewalld) which allows for a fairly easy configuration of your firewall without having to learn iptables. The firewalld daemon provides a dynamically managed firewall with support for network “zones” to assign a level of trust to a network and its associated connections and interfaces. In reality firewall-cmd is just a front end for iptables and will indeed create and maintain the iptables rules required in your configuration. In a normal configration you would expect to have a local and remote interface, the local being the LAN and the remote either being behind a firewall or NAT'ed. The rules for each would of course be different and so you can create 'zones' with firewall-cmd for Internal and Public (or whatever you want to call them). 

If your using a graphical interface then you can use the firewall-config tool but for the rest of us that live in the shell, the command line interface is fairly easy to use. 

Let's assume you have two interfaces as

eno16777984 = LAN with a private address such as

eno33557248 = Public with a public IP such as

Now the magic with firewall-cmd is that once you've defined the zones (Internal and Public or whatever you want to call them)

firewallcmd --permanent --add-zone=Internal
firewallcmd --permanent --add-zone=Public

You can then assign some services to those with 

firewall-cmd --permanent --zone=Internal --add-service=ssh

and that's assuming your SSH'ing into the box, you don't want to be locked out. So now let's assign the interfaces to the zones. 

firewall-cmd --permanent --zone=Internal --add-interface=eno16777984
firewall-cmd --permanent --zone=Public --add-interface=eno33557248

and finally a restart of the firewall with 

systemctl restart firewalld

Now you can go ahead an add more services (with --add-service=) or ports with (--add-port=) and setup the rules for your interfaces. If your curious as to how this is configuring iptables then just issue iptables -L to see the rules. You'll find for each zone you've got an IN and OUT, Permit and Deny and your rules are allocated to the correct tables. 

One big tech tip here, for some reason, especially when your changing interfaces, IP's and the whathaveyou, firewalld can sometimes move interfaces between zones. Its rare, but not realising can be bad news especially if it moves the dirty interface into the Internal zone. To ensure your always aware of what zones are on what interfaces locate your .bashrc file (in your home directory - the one you land in when you login) and add a line on the end 

firewall-cmd --get-active-zones

You'll get output similar to 

interfaces: eno16777984
interfaces: eno33557248

Every time you login so your always aware if an interface has vanished. 

The full reference can be found on the RedHat Site and there's ample community resources too. If you get stuck and need some help then feel free to post in the GENSupport Forum and someone will help you out. 


Continue reading
  854 Hits
854 Hits

USB Flash - Built in failure


With the slow decline in CD's and the long lost days of floppy diskettes, USB portable storage has become common place. A memory stick, thumb drive or pen drive are common terms for the same thing, a USB mass storage device based on FLASH, and yet many people don't know that the whole technology behind FLASH storage has a very limited lifespan - this leads me on to the relatively high volume of data recovery requests we have for USB storage coming through the channel.

Flash memory is generally of two types, NAND and NOR. Both technologies allow permenant storage of data without needing a power supply. NAND requires data to be read and written in blocks called 'pages' and is by far the most common FLASH memory in use today.

FLASH memory like all memory stores data in 0's and 1's in a vast array of cells, but the method by which the data is permanently written involves pushing a charge (electrons) through an insulated layer, once through the insulator its stuck there and will remain until its pulled back through the insulator therefore changing the state.

However, this 'pushing' and 'pulling' through the insulator, known as tunnelling slowly breaks down the insulator until it fails. When an insulator fails this only effects the cell, but of course just one bit that won't switch will adversely effect the data when read back. Furthermore certain areas of the flash drive are read and written much more than other area's and these are the master directory and the File allocation tables, both of which are changed when data is read (changing last access time) and written (changing last updated time and changing allocation of storage in the file allocation table). This means that in many instances the part of the flash drive that fails first is the most important part - the part that tells us what files are stored on the drive and where they are stored.

Cheap vs Expensive

When it comes to Flash Drives, there is a real physical difference between the budget end of the market and the professional end because NAND/NOR Flash comes in many different flavours depending on its performance and expected lifespan. Often the cheapest FLASH IC's are designed for storing firmware in embedded devices where write performance is a non issue and the expected number of writes is very limited, maybe 10 writes in its entire lifetime whereas the most expensive FLASH is designed specifically for high speed  and many write cycles and this is the correct hardware for USB Flash Drives. If you can buy a 128GB Flash drive from SANDISK for £30 and a unbranded one for £5 then the lifespan and performance of your SANDISK drive will be many many times better than the unbranded one.

I guess I should also point out that some cheap unbranded USB Flash drives (or knock off Branded) are engineered to falsely report their capacity. This is done by creating a partition on the drive with false data, so the computer you connect it to thinks its larger than it is and the only way to be sure is to try and fill it up or to perform a low level reformat. This sort of storage fraud is often seen on sites like eBay promising 1TB of flash for $10 which is nonsense.

Recovering data from failed Flash drives isn't that hard, but it does bring with it some challenges because the data will have errors in it where specific cells are stuck or indeed entire pages are stuck and non responsive and its not always possible to identify these area's during the scan, they often read as ok but with incorrect data, or they read as all 0's but after re-assembling the filesystem as best we can its over to the client to work through the recovered data and validate it.

The bottom line here is never ever rely on a USB Flash drive for data storage, its not safe and certainly not guaranteed and it will fail at some point. Stick with brand names and stay away from the budget end of the market.

Continue reading
  2836 Hits
2836 Hits

UltraEdit from IDM - Clue's in the name.


Its rare that I do product reviews, but then again its rare that I use a product for 20 years without reviewing it at some point so today is the day. 

UltraEdit (sometimes just called UE) is undoubtably the best tool for anyone working with text files of any kind. I started using UE back in the 90's when programming was still fun and computers had a MTBF (Mean time before failure) measured in minutes. 20 years later its still a tool that sits with pride on my desktop readily awaiting the next challenge. 

For anyone who has to work with files on a daily basis, be that text files, data files, batch files, shell files, C, C++, VB, HTML, PHP or in fact any type of file, you won't find a better tool for the job. UE seamlessly adapts to the task with its broad spectrum of tools and functions and I'm going to list just a few here.. 

Search and Replace? is a regular feature of most projects but how many times have you wanted to search for control characters like CR and LF? How many times have you wanted to strip blank lines or double blank lines? With UE its so simple and yet so powerful. Search for ^n^n and replace with nothing and your double blanks are gone. What about having grep a click away? Search for all occurrences of class="G" and just show me those in a new window.... done. How about regular expressions? How often have you been looking at a SIP log and just wanted to highlight the ^(SIP/2.0).(100|183) - UE's got that covered too with optional Linux, Perl or its own Regular expression options. 

Side by Side? Have you ever needed to work with two files side by side, like a debug log along side the normal log or a SIP log from the switch along side a SIP log from the endpoint? Yep its just a click away and of course the search functions work for both files simultaneously if required. 

Let's talk about LARGE files, I often come across data files that are flat formatted and run into the hundreds of megabytes range, where other editors creak and grown UE loads it as quickly as any other file and allows me to hotkey to go to the end and back to the top without any visible delays. I regularly have to deal with AS400 exports which are flat formatted and have that annoying header and tail record but with UE it takes seconds. 

Data files anyone? when converting from a flat format to a more 'modern' format such as CSV most of us would reach for awk and substr $0 into strings and then print those back out with the prerequisite , separator but wait, there's no need to even leave the editor, just hit Column/Convert to Character Delimited, give it the delimiter and a series of field widths such as 57,30,6,2,22,30,30,26,26,8,12,12,57,60 and your done - You can even script this if you were so inclined. 

Digging Deeper; Ever left scratching your head trying to figure out whats wrong with your input/output? Maybe your import tool is complaining about a line that looks fine? or maybe like me you have to fix SQLite tables by hand? one click takes you to HEXEDIT mode where you can see exactly what's going on and fix it - perfect. 

Anything else? Capitalise, Convert case, trim, wrap, unwrap, tabs to spaces, spaces to tabs, multiple clipboards, conditional highlighting, themes, customisation, encryption, decryption? No matter what you need there's an option for it and its even got a spell checker thrown in at no extra charge. 

When you use this product the impression you get is that the developers have spent decades making it the best possible product in the marketplace and with version 24 being current at time of writing its clear that UE will continue to evolve for many years to come. UE is available for Windows, Linux and OSX which is yet another plus especially for those of us who use all three daily. 

So there you have it, UltraEdit, name says it all. Its available from IDM for a very reasonable price and they offer a 30 day trial which I strongly encourage you to take and see for yourself. 


Continue reading
  1079 Hits
1079 Hits

Synology CloudStation in the Corporate Environment

Synology CloudStation in the Corporate Environment

If you've invested the time and money into Synology RackStations then your probably going to want to take advantage of some pretty cool embedded features. One such feature is CloudStation and its associated CloudStation Sync and CloudStation Backup, which collectively allow for realtime'ish local file synchronisation with a server which provides up to date files for remote users, a multiversioned backup for desktops and laptops and realtime sync between servers across sites. There is however one serious flaw in the plan that you need to be aware of before you go and roll this out across the business and that's SSL. 

When you setup your RackStation(s) you probably setup SSL and would have used the build in 'LetsEncrypt' support which promises a valid certificate every 90 days or you would have installed a paid certificate which renews annually in most cases. Having setup your SSL certificate you would of course want your clients to use SSL when connecting to the server so the transfer is a little more secure, but here's where it all goes down the tubes; If you did make the mistake of selecting SSL when you setup the clients then every 90 days (or annually) all the clients are going to silently stop working and no one is going to notice for weeks. 

If a user actually opened CloudStation Backup to restore a file then they will be met with

And should they click on Version Explorer they get the equally stupid

In fact there is no way out of this without going into Settings then Connection and re-entering the User/Password and Applying and of course in a corporate environment the end user may well know be privy to the Synology User/Password but even if they were its now too late because the CloudStation Backup hasn't been backing up since the last certificate renewal. The ONLY way around this is to turn off SSL or you'll be back here again before you know it. It's a real shame that you cannot use SSL as it's a nice feature but you just can't.  

We met this very scenario recently with a customer that had around 60 CloudStation clients on a network and it took us just over a day to round up all the clients, remote on to their PC's, update the settings, turn off SSL and then check they were sync'ing again. This created a massive issue with duplicates because when the client stopped sync'ing with the server then the clients made changes remotely and the office staff made changes locally to the same files on the server meaning there were two or more copies now which we couldn't resolve without someone actually opening both versions and manually merging them which took the customer weeks. 

So this is one to watch for before you end up with a nightmare on Synology Street. 

Continue reading
  2992 Hits
2992 Hits

eMail Security and Retention


I was asked a few days ago by one of the Partners if we could retrieve an email from a year or more ago and of course the answer was no, but that left me thinking about the question itself and the wider implications. I think its pretty much understood that if you choose to host your email at Microsoft, Google, BT, and so on then your every email is going to be archived away somewhere for all time and will no doubt be available for anyone with sufficient clearance to review, trawl, analyse and so on, but that's fine as long as you know its happening. At GEN we offer a secure service which by its very nature is not archived anywhere unless that functionality is specifically ordered by the customer, and that's rarely the case, but we do take backup's so I think its important to define exactly what we do, and what we don't do here. 


Your email is stored in an encrypted format on the physical server media and the key to decrypt this format is different for each mailbox. 

There is a snapshot of the entire server cluster taken hourly on a 96 hour rotation. That is, the oldest snapshot we have is 96 hours. These snapshots are taken as part of our disaster recovery process meaning that even if an entire datacentre was destroyed then your email service would resume shortly afterwards at a backup site which is always in place. 

Your mailbox is protected to some degree from brute force attacks by a system which actively monitors such behaviour and blocks attack routes in real time. 

Server free space is defragmented daily as an overnight process. 

Logging of email traffic including date/time, sender, recipient, size but not its contents exists for 7 days on the anti-spam and anti-virus gateways and for 3 days on the mail servers themselves. We use these logs to satisfy all those tickets that people raise complaining that their email isn't reaching someone or that someone trying to send them an email isn't getting through and so on. 

So, unless you specifically ordered email retention then when you delete an email its gone from the email server immediately, from our logs 7 days after receipt and from our snapshots within 96 hours. 

Keeping your email secure...

If you consider that when you send an email from A to B then the following are involved: 

  • Your PC, has to store the message to be able to send it
  • Our server, receives the email from you, stores it in your Sent Items (Encrypted) and then sends it on to the recipients server
  • Recipients server receives the email from us and stores it on disk, maybe in the clear and then stores it in the recipients mailbox. 
  • The recipients PC retrieves the email and stores it on disk, maybe in the clear

So there are many points of compromise here and some of the most vulnerable are on sender and recipients PC's. To completely remove this risk use only webmail or an email client that stores your email with strong encryption. 

We've already covered our servers, but the recipients server(s) are a real risk too. If the recipient is using a server which does retain everything and you wouldn't know without checking then your email is once again going to be stored for all time. 

Any way around this? 

To keep your email as secure as reasonably possible between sender and recipient they

  • Should be on the same server which then negates the risk of a second server with unknown retention and security and also negates the risk of a man-in-the-middle attack by anyone compromising your DNS. 
  • S/MIME or GPG should be used to provider a second layer of encryption to further protect the email's contents and in the case of S/MIME this will also provider validity guarantees. 
  • Webmail only should be used as these will not store a copy of the email on local devices
  • A secure access service such as GEN SAS can be used to ensure an encrypted tunnel into the GEN Infrastructure and onto the Mail Servers. 

But who needs that level of security? Well, anyone who wants their email to be secure and that might be you or you might be happy knowing that everything you have ever sent and received is stored and archived somewhere. 

I hope this has cleared up any confusion around retention of email data, if you have any more questions then raise them at the HelpDesk ok. 








Continue reading
  1274 Hits
1274 Hits

Browser Cache, Transparent Proxies and more

Browser Cache, Transparent Proxies and more

One of the questions that comes up time and time again on the Helpdesk is, what is my cache, where is my cache and what am I supposed to do with it? 

Well, the question itself often arrives on the back of conversations with content providers and developers often around out of date content so its worth taking a few minutes to explain what the cache is, where it is and why it is. 

A cache, pronounced "Cash" is masterfully defined as "A hiding place used especially for storing provisions." or "A place for concealment and safekeeping, as of valuables." and that's not too far from the truth. The cache is indeed a place for storing provisions of the digital kind. You see the internet isn't anywhere near as fast as you experience it from a browser on your PC, and this is because the internet is just a collection of many different networks all connected together to provide a 'route' from your PC to the server at the end of a browser request. Let's look at this in more details now: 

When you type a url into your browser, for example and press enter or go, the browser uses the operating system of your device to open a connection to on port 80 (port 443 if https://) and request that page. The actual request sent to the remote server looks like this "GET / HTTP 1.1" which means get the page at / the default or index page and use HTTP 1.1 which is just a specification. The response from the server will be a HTML page which the browser then displays to you as the client. 

Now where does caching fit in here? Well, your browser when it receives the HTML page stores in locally in a cache (which is just a hidden folder on your pc) and with that it stores a date and time the page was retrieved. Now if you close the browser, open it again and again type in then this time something magical happens; The browser realises that its just been to and just received the page at / so rather than bother requesting it again it just returns the one it stored a few moments ago. Simple and fast right? 

Well, it get's a little more complex than that because the server when returning the page to the browser can in fact indicate whether or not the browser should cache it, and if it should then it can specify for how long the browser can cache it and indeed the page at at the time of writing does not give any special instructions to your browser around caching. 

So, hopefully that's a little clearer, when you type in a url or follow a link if your browsers already been there recently then you'll get the cached version rather than the 'live' version unless the site specifically told the browser not to cache. This really becomes visible if you have your own website, and you or your developer has made changes but you just can't see them, its all in the cache. Clearing the cache is simple enough and can be found in your browsers menu's should you require it and issuing repeated refreshes (CTRL+R windows, CMD+R Apple) will also force the browser to reload the live page generally. 

Now as I said before the internet is no where near as fast as you experience it, and this is not only due to your browsers magic cache, its also due to internet service providers (mostly residential) using systems called 'transparent proxies'. This is another cache between you and the sites you browse and this cache is not optional and in many cases will not yield to servers requests not to cache. The transparent proxies intercept your requests as you make them, look to see if they have a copy of that page and of so serve it up as if it came from the server itself. Your browser has no idea its not a live page and neither do you. By using transparent proxy caching ISP's (Internet Service Providers) especially residential can significantly reduce the amount of bandwidth they use on their upstream (between them and the server). There are also, in this country at least, significant privacy concerns around transparent proxying because your ISP not only intercepts your requests but can keep a log of them tracked back to your IP Address, and therefore back to you so its a bit of a double whammy. There is a third layer of caching known as web accelerators that are sometimes used at the server side to speed up performacne by keeping a cache but this is under the control of the site owners and as such isn't an issue. 

How do you defeat this transparent proxying ? 

Well its not easy because the ISP has access to all the traffic you send and receive and can easily intercept not only your web requests, but your email too, although if your email is stored at Microsoft (hotmail, office 365 etc), google (gmail, etc), Yahoo, AOL and so on, then its already compromised many times over and this really isn't going to make any difference. There are however tools that can cut through the proxies by establishing a 'tunnel' between your browser and a server in another country and from there making browser requests and I am of course talking about VPN's, the most common of which is the Tor Project ( but having said that, the tor project based in the USA is probably not going to be filling you with overwhelming confidence in the privacy of your data but its the best we've got unless you want to spend some real money in which case you can establish real VPN's to real secure proxies and have true anonymity online. 

I think its also worth mentioning that browser plugins such as Addblock, Ghostry, Web of Trust to name a few and of course Microsoft's own 'safe browsing' nonsense also hijack every URL you visit and pass that url back to central servers somewhere giving them also a full history of your browser habits but by themselves they can't tie that data back to you personally. That is, they know that a PC on the internet with a unique ID visits these websites but without help from your ISP they can't tie that information specifically back to you as a person unless of course you login to your Facebook, Google+, twitter and so on using the same PC in which case they can now easily tie your browsing habits back to you personally the only difference is that your ISP has your postal address and generally people aren't stupid enough to enter that sort of thing into Facebook, google+ or twitter. 

So here concludes this little discussion around caching that has taken a sideways step into privacy and anonymity but its all connected of course. 

Continue reading
  1437 Hits



1437 Hits

We could eliminate SPAM tomorrow if...

We could eliminate SPAM tomorrow if...

We are all familiar with SPAM, its the huge volume of unsolicited crap that we have to wade through each day just to do our jobs, and yet there's no sign of it going away despite us all having the means to end it. So let's look at why we are all being subjected to the spam and then we'll look at why we don't end it when we all have the power to do so. 

The reason for SPAM

SPAM has three basic objectives and in order of volume, 

  • Firstly the majority of SPAM is an attempt to infect your workstation, laptop, tablet etc with a virus and/or trojan. By doing this the spammers have (a) the ability to scan your system for card numbers, passwords, and of course email addresses from your email client, (b) steal the login credentials for your email account so they can use it to propagate more spam FROM YOU, and (c) in order to leverage DoS attacks. 
  • Secondly, Spam will attempt to impersonate an organisation that you might expect an email from and then trick you into giving up your login, password, account and so on by taking you to a fake website. Whilst you may think most people are weary of this type of spam you would be surprised how many we still get at the helpdesk. 
  • Finally, Some spam can actually be trying to sell you something, which is rare these days but does still happen. 

Current SPAM defences

  • The blacklist: A number of worthy organisations like Spamhaus, SpamCop, etc are dedicated to maintaining lists of domains, hosts and subnets which are used to originate spam. Using these blacklists is an expensive but effective tool to eliminate a good percentage of spam at the first gate. Blacklists however are not realtime, and there is always a delay between a spammer launching a mass mailing and the blacklists listing it. 
  • Authentication: Several technologies exist to verify sender domains and hosts such as SPF & DKIM and these can serve (where used by the receiving server) to block spoofed spam which constitutes the vast majority of scams. For example, the HMRC who are under constant attack from scammers specify in their SPF records two hosts that are allowed to send email for and of course the spammers cannot originate email from those addresses so SPF wins the day and any email coming from, say This email address is being protected from spambots. You need JavaScript enabled to view it. that doesn't come from the two hosts listed in the SPF record are canned. This however all falls down when the receiving server doesn't check, the sending organisation doesn't use it, or the sending organisation has been compromised.
  • DNS: The domain name system is that which coverts to and back again, and when you send email to someone DNS gives up the address of the mail server that is designated to receive that email, in this case The RFC1124/1124 which form part of Internet Standard 1 specify clearly that every host on the internet should have forward and reverse DNS, that is to and to So, when a host '' connects from to our mail server, we (a) check that corresponds to '', that '' has a valid MX record and that the host listed in the MX record actually exists on the internet. This is particularly hard for a spammer to forge and therefore this check eliminates a percentage of spam as well as a percentage of legitimate email from companies who don't know how to setup very basic DNS correctly. 
  • Content Filtering: By far the most effective tool at eliminating spam which passes all the above tests is pattern matching. This involves looking and detecting elements in the body of an email and assigning a score to each detection. An example would be a HTML only email which scores 3 points, external links to pictures which scores 0.2 points each and so on. The more spammy the email the more points it will accumulate and once a threshold is reached the message is flagged as spam. Content filtering can make use of content lists which are maintained by third parties and provide known phrases and content to score. 
  • Bayesian Probability Filtering: A gross simplification of this would be that email which is known to be spam can be 'learned' and that data used to identify 'similar' spam. The area of mathematics is complex and the techniques even more so, but the result is the same in that spam that looks like spam based on learned data can be flagged as such, usually by giving it a score, such as +10

And with these methods we can and do filter around 80% of your spam, but its never ever going to be 100% because SPAMmers spend a great deal of their time trying to circumvent these filters likewise costing us a great deal of money to continually adapt the filters for maximum effect. 

BUT, we do have the ability to stop the SPAM completely, 100% total removal of spam so why don't we? Well, quite simply we cannot because in this day and age everyone's an expert when of course they aren't. Using the current standards, and systems we could easily: 

  • Eliminate the source of SPAM by authenticating the source of all email both by using DNS and SPF. This would mean that email can only be sent if it originates from an authenticated server and if all the ISP's got together an setup their systems in this manner (most already do) then spammers would ONLY be able to send spam by compromising users email credentials. That's going to immediately eliminate 67% of SPAM. 
  • Use the tools we all have available to track, trace, and block email origination 'out of zone'. That is, for every email account the email server will ONLY accept email from the senders company LAN, or their country of residence. This kind of geolocation limiting is already built into all the modern mail systems, but its rarely used. 
  • Use anti-hijack detection to automatically flag accounts that are likely to be compromised by looking for unusual email activity. For example, if a mailbox normally originates 50 email's a day and then suddenly originates 50 emails a minute then we have the systems to automatically block that behaviour until the mailbox owner contact's us.
  • The use of S/MIME certification, which is free for individuals, and only a nominal charge for businesses not only provides transparent encryption of business email, but also provides authenticity to every recipient, so that when you receive an email from This email address is being protected from spambots. You need JavaScript enabled to view it., it comes with a 'seal' that confirms the email came from fred at We've used these for the last decade, but we're pretty much alone in this. 

So, it doesn't sound that hard does it? Well its not, but unfortunately as an ISP with many customers there are always going to be the few who effect the many as in many business models. No matter how much you promise your customers a spam free life, a minority of customers don't want to hear that fredbloggs inc doesn't meet the standards and/or is blacklisted and therefore cannot send them email, they just insist how important it is that fredbloggs inc can email email them. This creates a real problem for ISP's who technically want to kill spam as promised to their customer base but are also aware of the real world cost of dealing with ticket after ticket of 'I can't receive email from xxx' and the time and effort spent identifying the sender doesn't comply or is blacklisted then trying to explain that to the customer.  

So our approach, which has been adapted over the years is to offer three levels of protection: 

  1. No Filter - All email is accepted regardless. All Spam and Viruses are delivered untouched. 
  2. Basic Filter - Some filtering is done, but spam is still delivered with [SPAM] in the subject line allowing customers to filter that into a spam folder if required. Some antivirus protection is enabled. 
  3. Max Filter - All the above fully enabled and active both Anti-Spam and Anti-Virus. 

And as we expected the vast majority of business and corporate customers opt for the Max Filter, with only a very few opting for other options. The customers who opt for and stay with the Max Filter understand the issues and stand with us on the fight against spam. If a sender winds up blacklisted then they don't tell us, they tell the sender to sort it out. 

So what's the future? Well unfortunately as it stands with some ISP's favouring an easy life rather than deploying the available protections, with players like Microsoft and Google seemingly doing nothing to limit the spam they collectively originate, and with senders especially in the less advanced countries not able to configure even the very basic standard requirements we're going to be up to our armpits in spam for a good while to come but I do feel that things are changing as we're already seeing customers migrating to us solely for the benefits of our protection systems and that means we're doing it right. 

There are a number of articles on Blacklists, SFP, DKIM on our FAQ as well as the internet standards 1 RFC's. They are all technically orientated but available for anyone who's interested. 


Continue reading
  1655 Hits
  1 Comment


© (c) 2017 GEN Partnership, E&OE

1655 Hits
1 Comment

Apple Wi-Fi Assist and Mobile Data Charges

Today at the HelpDesk we were dealing with a corporate customer who was experiencing HIGH mobile data charges and wasn't able to pin down the cause. We had a pretty good idea of the cause and this was confirmed when we took a look at one of the mobile handsets with high usage. In IOS 10 Apple introduced a new 'feature' called Wi-Fi Assist which is supposted to increase mobile data reliability for customers with poor wifi, which is great, but the issue is that even if you make sure you only use traffic intensive App's like YouTube etc when your on wifi, with WiFi Assist enabled the device can and will use mobile data (without telling you) if your wifi signal becomes weak, and that's ok if you have an unlimited data plan but we all know those don't exist in any form. 

Turning it off is easy if you can find it, go into setting, then mobile data (towards the top) then scroll all the way down to the bottom and there is it. in the example below, Wi-Fi Assist had assisted us to use 478K of mobile data whilst we were on Wifi. Whilst your in the screen and have turned off Wi-Fi Assist then its worth having a look through the apps listed to make sure you've allowed/denied mobile data as needed. 

Continue reading
  1365 Hits


© (c) 2016 GEN Partnership, E&OE

1365 Hits

Just Don't

I've just returned from a new customer who has experienced a serious data breach and the ensuing blackmail and extortion that follows. We were introduced to this customer by recommendation after they were contacted by an unknown third party asking for money to return their confidential data and of course supplying proof in the form of attachments. The nature of the clients business is such that the confidential data, if in the wrong hands would present a significant risk to the business hence our involvement. So, not wanting to name any particular company, the previous 'supplier' of our new clients IT seemingly had no idea about security and probably wouldn't know a risk assessment if it hit them in the face and that annoys me, not only because we come across this situation on a very regular basis but because there's really no excuse for putting a companies very existence at risk by simply not understanding the sector in which you operate. In any industry there will always be suppliers who know the industry and those who don't but in IT the actions of one supplier can very literally mean the end of their customers business as potentially in the case that prompted this article. 

Start with this question, what is your data worth to someone else? If you sell washing machine spares, then its worth money to your competitors and the pain will be felt gradually as you loose customers for unknown reasons, but if your a solicitors, a financial organisation, a doctors, the value of the data goes far beyond its monetary value, there's the exposure, the embarrassment and the compensation that would ensue along with sanctions from regulators and so on. 

So, I will try my best to educate customers in what is and is not a good idea when considering IT and security. I have a list which isn't exhaustive but certainly covers some of the main issues...

  • If you have an internet connection, NEVER EVER under ANY circumstances connect a cheap Chinese router to your LAN. So if for example you have an internet service from BT and they supply you a cheap Huawei router, then never connect that directly to your LAN, just don't. These devices are cheap as chips and have about as much security as a paper bag. They are easily compromised, have absolutely no outbound security and their firewall is laughable, but they aren't supposed to be connected directly to your lan in most cases they are 'residential' quality and as a business your expected to understand the risks and mitigate them by either replacing them with a competent router or simply connect them to a separate security appliance. But trust me on this, just don't connect it to the lan, ever. 
  • Local services, and more specifically if you have a local (in your business) web server, or email server, then under no circumstances allow it to be connected to the internet directly. This is bad on so many levels, many of which are quite technical, but the key point here is that *IF* you allow it to be connected directly to the internet, then you have of course got to allow the internet into your network as communication is a two way process. This is the very attack vector (method of the data breach) that was used in the incident that prompted this article. The clients 'IT' supplied setup Microsoft exchange on a server and then opened ports on the cheap router which was directly connected to the LAN. The server was quickly compromised and whilst it was used to originate spam the hackers also vectored out from there to the company's NAS and downloaded the entire thing, how? well because the administrative account on the exchange server was the same account/password as the admin account on the NAS - seriously.
  • Never rely on free or bundled antivirus, and never on 'windows defender', they DO NOT STOP ANYTHING. A good antivirus solution will protect your network and its endpoints to a degree, but it can never be 100% no matter how much you spend. Our AV solution comes out at £2 per month per machine and includes support should you experience a virus event and require it which is also an important provision. But be aware that an antivirus solution will not protect you from poorly designed, poorly implemented network security. 
  • Never rely on the poorly implemented and weak VPN services built into cheap routers, just don't. PPTP is so weak it should be considered unusable. There are far better solutions for VPN and having a dedicated vpn appliance, or having it combined with your security appliance is the best option. Better still is to use a secure access service such as SAS or Juniper SA etc. 
  • Never install applications such as teamviewer, radmin, vnc etc, these applications will create tunnels through your weak firewall to the internet which are persistent (always there) and these can easily lead to additional attack vectors especially when combined with social engineering techniques. A good firewall will not even let these programs run and block them by default. If you do need remote access then use a secure VPN method as above. 
  • Wireless, when setup correctly can be very useful, but when setup poorly presents a significant risk to the business. This is of course because wifi isn't just in your office, its outside in the street, next door, other floors and cheaper wifi equipment has flaws that can be exploited to determine the wifi password and associate with the access point. Even more effective are social engineering techniques to gain a wifi password, and of course there's always Microsoft's wifi sense password sharing endeavour which we talked about before. So stick with high end Wifi access points, have centralised management and oversight, use WPA2 with TKIP or AES encryption and use mac based security as a second level of protection. 
  • Ports or not Ports; Almost all businesses have Category 3, 5, 7 or 8 cabling throughout, and these terminate at the wall with RJ45 jacks and that's great because this is where you plug your computers and phones into, but managing the availability and security of these jack points is a critical concern. Consider this scenario.... a business has cat5 throughout the offices including reception, canteen, locker room etc. A person pretending to be a potential customer enters the premises and whilst no one is paying attention plugs a small device no bigger than a thumb drive into a vacant cat5 port then leaves. You might think that'll never happen but I can tell you in the IS audits we do for our clients it HAS happened and will continue to happen. The device that is connected is a small battery powered wifi access point that doesn't broadcast its SSID (network name). With this the 'visitor' can, from the car park find a local IP address, and then initiate a network scan for services such as email, files and so on. With a little effort and some automated software a selection of attacks can be performed and if successful, systems and data compromised. The nice person who perpetrated this crime will then upload some software which opens a connection through your firewall to a remote server and waits for instructions. Everything from here onwards can be done from anywhere in the world and there is very little anyone can do to track this down. This is becoming an effective attack vector and awareness is the key. Don't have any ports live that don't need to be, have managed switches and allow lists by mac and some form of intrusion detection either in the security appliance or separate. 

The bottom line here is that any IT infrastructure should not in any way directly connect the public internet to your local network and likewise your local network should never directly connect to the public internet. This one is simple.

More challenging is making staff aware of vulnerabilities in your infrastructure and how to detect, and deal with them. We've touched on social engineering above but this is becoming more and more common and whereas you might be very good at spotting spam or fishing email's, suspect phone calls from 'it support', or are aware of the possibility of rogue devices and subversion, is everyone in your organisation?  in this modern world they need to be, through both training and auditing. No matter how secure your network is, with its expensive firewalls and security appliances, it only takes one member of staff to bring the whole thing crashing down - Staff are and will always be the biggest risk to any organisation, but trust me on the crappy router. 

Continue reading
  1358 Hits


© (c) 2016 GEN

1358 Hits

Data Security of Warranty and End of Life Drives

I'm sure everyone has had to return a failed hard drive or replace drives that are end of life and this process is well documented in many security policy, but how do you ensure the data is irrecoverable before disposal or return? 

You would be surprised to learn just how much data can be recovered from a seemingly destroyed hard drive, and we are well aware because we spend a great deal of time every month recovering data from Hard Drives, SSD's, tablets, phones, USB sticks and more with significant success rates. 

So, in order to satisfy this need the group has decided to offer *FREE* non destructive hard drive data destruction for all our customers. Simply return the drive to us and we will securely erase the data using a device which emits very strong magnetic fields in patterns desgined to purge data from magentic media. If the drive is a warranty return then we will take care of the return to the manufacturer for you too, again at no charge. 

Thank you for taking the time to read this post and have a great week!

Continue reading
  1256 Hits


© (c) 2016 GEN Partnership

1256 Hits

Windows 10 and Wifi Sense

Windows 10 and Wifi Sense

Windows 10 has a lot of additional features over previous versions and most are safe enough, but a few stand out as being a little dangerous. Wifi Sense is one of those because it doesn't clearly explain the ramifications of setting it to the end user. Microsoft describe Wifi Sense as "WiFi Sense automatically connects you to WiFi, so that you can get online quickly in more places. It can connect you to open WiFi hotspots it knows about via crowdsourcing, or to WiFi networks your contacts have shared with you by using WiFi Sense."

Sounds great! if your out and about your laptop or phone will automatically connect to wifi that has been shared by 'crowdsourcing' without even telling you. So why is that bad? 

Well its bad on many levels, and I'm going to try and be as non-technical as possible here so as to benefit as many readers as possible....

  • Firstly, automatically connecting to anything is bad except for your trusted wifi in your home and/or office. This is because malicious individuals could setup a wifi hotspot, leave it without WEP or WPA (i.e. no password needed) and then wait for unsuspecting people to connect to it at which point a crafted attack is performed at your device. If passwords are being shared between these hotspots and many microsoft devices then everyone who passes is at risk. You should always be careful when connecting to wifi especially from a Windows Phone or Computer. 
  • Wifi Passwords are there for a reason; to limit access to the wifi network to those who know the password. Wifi Sense, as described by Microsoft will "Automatically connect you to WiFi networks that your Facebook friends, contacts or Skype contacts have shared with you after you've shared at least one network with your contacts.". So, that means that if, by chance you have not disabled "Share network with my contacts" which is found in Settings > Network & Internet > WiFi > Manage WiFi settings, then your home and office wifi passwords are shared with all your facebook friends and contacts. That is bad for so many reasons, but here's a few; Firstly do you really want everyone on your facebook friends list having your personal Wifi Password and being able to connect to your personal Wifi network at home remembering that your personal wifi network at home is treated as your local area network and is trusted? Wose still do you want your social media contacts and email contacts having the company Wifi password to access that at will? I don't think anyone does, but that's what's going to happen unless you disable this feature. 
  • Did you know that Wifi Sense also captures your GPS location as well as your wifi password? How save is this data that your sharing? Where is it stored and how is it shared? Consider the potential risk of having that data compromised and revealing the wifi passwords of millions of users worldwide, that alone should be enough to turn this feature off. 

So its up to you, as users to make your own deicision on how this goes down, all I can do is point out the risks and leave it with you. Microsoft have a FAQ on the subject which I recommend reading for additional information. 

To Disable Wifi Sense follow the instructions found HERE. Remember, even if YOU disable it and then let someone you know have access who has NOT disabled it then there is a possibility of your Wifi Password being shared, so check with everyone who give access to that they have also disabled WifiSense. If you are still worried then you can change your SSID to something followed by _optout as per the Microsoft FAQ but that seems a little extreme unless you have already shared your Wifi Password unknowingly with the world in which case change both the SSID AND WIFI Password once you've disabled WifiSense. 

You may also want to consider disabling location tracking by following the instructions HERE


Continue reading
  1784 Hits


© (c) 2016 E&OE

1784 Hits