There has been a lot of condemnation in the press and social media of Hewlett Packard releasing a timed firmware update that was "set to execute in September" in their March firmware updates for popular OfficeJet, Envy and OfficeJet Pro printers. The update removes the ability to run a percentage of chipped cartridges manufactured by OEM vendors.

Ink has always been expensive whether you are using HP, Kodak, Epson and back in the day Lexmark who were drop for drop the most lucrative ink maker by a mile. I use a variety of printers on my LAN - all HP, a variety of laser MFPs an aged JetDirect enabled HP LaserJet 1100 and an HP Officejet colour inkjet. I also have three HP Envy colour inkjets at global locations and other properties connected via HP ePrint / Google Cloud Print. These mean my Chromebooks, Samsung Tablets, Apple iPads and all our family phones can print to the inkjets remotely or from anywhere in the house. We actually rely on the ePrint and Google Cloud print capabilities hugely.

All four of the HP colour inkjets run HP original ink.

But that might be expensive you all scream - OEM ink is far more expensive you all presume. And thats where you'd be hugely wrong.

OEM ink is expensive. If you go to a Walmart or in the UK any retailer and buy supermarket own brand or mail order ink it's still costly. The supermarkets and mail order places also stock HP / Epson / Brother / Kodak inks and yes these are probably 25% more expensive than the OEMs.

Now both OEM and own brand are sold at margins of 45-60% profit by retailers and in mail order probably 25-40% markup. It still might be "cheaper than the original manufacturer" but it's still sold at a mark up.

The bigger news is NOT that HP made this firmware change but actually that in Summer 2015 HP launched Instant Ink. Instant Ink is a three tiered subscription model for inkjet users for HP to supply ink direct to users - cutting out the retail market and the channel. Also by charging for what you use and delivering it direct to you it works out cheaper than OEM after market inks for HP original product.

I've got four printers in four locations subscribed to it. It makes my 70 year old mothers life easier and if you go get an HP Envy now you get low quantity inks in the box and you get 5 months free subscription plus a set of inks when you subscribe. Oh and I can see what I'm using, manage my device and do a lot more cool things into the bargain.

So... the story should read - "HP actually make inkjet usage cheaper for end users" rather than HP cut out aftermarket OEM cartridge makers and their profit margins.

I'm NOT an HP fan at all but I don't agree with many of the bylines or the way HP are being stamped on. HP could actually do PR properly but as with many things HP do badly as an organisation thats unlikely to happen.


Today I lost a good friend from the security community.

Richard James was a security technologist and one of my friends. We first worked together in the fires of what became VirginMedia. I came out of self imposed retirement after selling SmoothWall to head up a fledgling part of NTL the former cable TV telco and broadband provider. Richard worked for the security team at Telewest the other UK cable incumbent provider, the crux being that NTL and Telewest both owned by Barclay Knapp would come together to form VirginMedia.

I joined NTL at a time when I didn't want or intend to be working. I made my money and retired in 2003 and had no reason or intention of being employed having exited SmoothWall and I certainly had no reason to want or need to work with idiots. So imagine my surprise when I got talked into digging NTL out the crap to go in to head up what would not even be know as cybersecurity but as a security customer function. Going to war daily with the existing "hardware network and security guys". Working alongside some great folk many of whom I am still friends with who actually got little credit for keeping a 7m user network alive, whilst their better paid bosses did little of anything credible and took the credit.

I scared the crap out of folk at NTL. I was hired to get them out the proverbial and to realign their MTAs and their caches, their ability to reduce customer services calls from tens of thousands of infected customers and a badly deployed platform that I used to root at will and hence why by the time I left I was reporting direct to the Chairman and was his personal security and goto guy for securing his Gloucestershire mansion and his London townhouse. By the time I left I was part of the team acquiring Telewest and also involved hands on with the merger meetings that very few people knew about at NTL even people who I had to work with every day. Richard came along as part of the acquisition and was part of a small team of security folk who had worked miracles.

Press and customers assume a telco is well organised. Telewest wasn't. It was a sinking technical ship and their mailservers in Liverpool were held together with tape and string and they took our lead in walled gardening customers and understanding how I built out whitelisting and greylisting and replaced Sieve rules and the dumb stuff that we inherited when I joined that made little to no sense.

It was just as hard for the incumbent security staff and management who were mostly traditional Cisco types with almost no useful skillsets and rightly they ran scared, and rallied to kick back and anybody who knows me knows that is when I'm at my best - I genuinely am not going to back down and I don't need the hassle or the money. If I tell you something is broken and it needs fixing or it will be hacked take it as read. If the network team don't rate it as a risk trust them or me.

Difference is I already hacked it and here is your data on a USB key. An exercise we used to play out in the CEO's office whenever the network team would try to ask for my head on a stick whilst I proved them to be old school and lacking in skills useful in dealing with modern cybercriminals. One Sunday I remember rooting an entire platform remotely and copying 300k subscriber bank account details to an external drive and then walking into the CEO's office and putting it on his desk after the network team had told them the platform was secure. Richard wet himself laughing.

It must have been hell for them because with all the CISSPs and certificates in the world they'd never met a hacker before and it was like taking candy off the proverbial baby. Even if I did take a £100k+ paycut to take the job to kill time rather than sit at home it was still hopefully a learning curve for their future careers. Richard got it, he'd back me up regularly.

Luckily NTL had some amazing management in the form of Steve Townsend, Dom Forrest and Justin Leese who would sit back and just let me do whatever I wanted. Consistently I would prove the point that it wasn't about me being right and them being wrong but the fact that I would regularly break into critical systems and platforms, and they wouldn't see me coming. It made life fun, that and the fact I had written into my contract I never had to wear a suit and could work from home.

There is a well known story that during this time I got bored went to Spain for two weeks and replaced myself with a server running Perl scripts outputting Acrobat PDF reports on a cron that created daily emailed management reports and nobody was any the wiser. It was essentially money for old rope and it wasn't hard to shine in a bucket of crap. Richard thought it hilarious someone could drop off the face of the earth and replace himself with nine Perl statements, Postscript and QMail. A fact nobody knew apart from a few other folk in the security team.

Richard got it, he understood the changing face of security. We had long discussions night after night during the acquisition process and we became firm friends at a time when people were reapplying for their jobs. He made himself safe by being honest, stoic and steadfast and able to translate some of the threat management and identification stuff into a platform at Telewest pre acquisition. He even became part of Chatham House rules projects with me with the intelligence services that only senior management at NTL and Telewest had awareness of. Working with the betting industry, the Post Office and major banks on DDoS issues and threat mitigation. One evening Richard and I along with Nigel Beighton (then found ourselves sat having dinner in The Dorchester Hotel in London with MI6 and Whitehall security folks, it was hilarious it was like being at school and being invited to sit and eat with the teachers. We felt out of place even though we were there for good reason. After the 7th July attacks on London that feeling accelerated with us both spending time working in London with the intelligence community.

When NTL and Telewest joined forces Richard became part of the host security team. I knew I'd had enough, I was bored. I was exiting stage left knowingly to go do exiting stuff first for Bell Labs in California and Lucent Technologies (pre Alcatel) and then to San Mateo to do Zimbra.

We kept in touch and talked regularly and met up at security shows and were supposed to have dinner this week but my wife and I had tickets to go to a music concert Tuesday night. He was down from Glasgow at Aztec West where he was staying while working for T-Systems in Germany doing security work with their partner EE the multiplay cellular broadband player.

On Wednesday night we talked till 1am. We talked about doing another startup sometime in the distant future to give ourselves something to do when we hit our 50s which isn't too far off and where just like SmoothWall we'd throw the rule book out the window and we'd employ our friends.

We talked about family, he was madly in love with his partner who had been in a massive car accident 18 months ago and was about to have to face court to get damages. How he'd been so grateful that fateful day that she had been driving his BMW which gave her a survival chance in the impact with a commercial goods vehicle. He knew I was happy, he was happy I was finally a dad after having spent the majority of my adult life in a very unhappy relationship where I would never have been one. He told me regularly I was punching above my weight with my amazing wife. We talked and laughed till 1am. He said that he was proud that my name would crop up in conversations and he could say he was my friend. That was one of the last things he said to me less than two days ago. It will stick with me forever.

Thirty six hours later I am sat having lunch when I receive word he had died suddenly this morning.

World. Shattered.

He was my friend, he liked music I couldn't dance to, he had a sense of humour that would make you laugh till you hurt. He was a talented technologist, a man who loved his family and who was honest decent and true.

Richard James you were part of the change from traditional bricks and mortar security to a time where security is more intrinsic and fluid than ever before. I will do another start up one day and I will do it knowing you'd have been part of it and made it successful. You were one of the good guys, nobody could say a bad word about you. You made a dent in peoples lives and you were the difference I am sure in me not embedding folk in whiteboards back in the day. A constant source of fun, bright eyed, a bundle of fun and utterly reliable to your core. A true friend.

Rest in peace buddy, I am stunned at your passing and bereft that you aren't around to tell me crap jokes and be my DJ.


Live from RSA Conference 2016

This week I am in San Francisco recording a special radio show for and Red Hat called "Locked Down" I will be talking to the brightest and the best at RSA, expect to see a variety of shows going live over the week, discussing everything about the growing technologies, emerging products and the challenges that we are facing in security.

How do I get the show ?

If you have an iOS device simply subscribe via the Apple Podcast client on iOS available from the Apple store (or via Overcast or your podcast client of choice), simply search for "Locked Down" once installed. Stitcher Internet Radio App also is carrying the show.  SoundCloud is also carrying the stream.

If you have an Android device install Player.FM or BeyondPod and again search on "Locked Down" and subscribe. Stitcher Internet Radio App just like Player.FM and BeyondPod carries the show - all installable from the Google Play store. You can also listen in via SoundCloud.

If you are in a browser you can listen to all the shows as they appear using Player.FM directly by bookmarking and clicking directly via your desktop, or via Stitcher in Safari, Firefox or on any Mac or Windows browser. Stitcher doesn't always play well with Chrome, if you're a Chrome browser user click the Player FM link.

You can listen to episode 1 here in this post or visit SoundCloud's stream 

Alessandro Pirelli who heads up the Open Hybrid Cloud team here at Red Hat gave an impassioned presentation on his take on what the industry needs to understand to succeed and how Red Hat wants to help you get there.

If you have time make sure you sit through this video, it might be the smartest thing you do all week.