Ben Whittle’s Uber Computer update – An early Christmas present… for nerds


Ben had an exciting day a couple of weeks ago as the final parts came into stock. He is now in possession of all of the components which will make up the computer, although before Ben could get all these components installed he had a bit of work to do.

The Legs

Ben has found varnish which closely resembles the finish on the speakers he has chosen, but after having assembled the desk before painting he encountered a slight issue – height.

When sat at the desk Ben found that the base of the desk sat too low and it was uncomfortable to sit at. This presented a bit of a challenge as it meant having to either re-manufacture some new legs or somehow extend them. At this point Ben had an idea he thought might save the existing legs and add quite a nice feature to the desk. Having established that simply extending the desk by making some blocks and sticking them on the end would look a bit… ****, Ben decided to separate the extension pieces with a lighting feature which would look like it was an intentional design feature (And then of course defeating the object by telling you lot about it via this blog).

So Ben set about making the blocks of wood and cutting out some 5mm frosted acrylic which would sit between the blocks and the existing legs. The acrylic will have a hole routed through the middle creating a concealed compartment where Ben could house a short strip of RGB LEDs which will shine through the acrylic.


The next challenge Ben faced was getting power to the LED strip, this required somehow running 4 wires to the base of each leg. Ben decided to find the smallest wire gauge he had “in stock” and route a small channel down the inside of each leg and drill through at the base to the centre of the base of each leg. Once the wiring was set in the channel, Ben would simply cover over the wires with wood filler, sand down afterward and solder the LED strip to the wires at the end.


Satisfied with the results, after having spent several hours sanding and filing away bits of excess acrylic Ben started to varnish the legs.


Having applied three coats of varnish to achieve the desired colour Ben attached the legs to the desk and tested the lighting before wiring it to the RGB controller. Safe to say the result is a success:


Cable Routing and Testing

With the legs back on it was then time for Ben to start routing the cables and installing components. Having already mounted most of the components such as cooling fans, radiator, motherboard, etc… most of this work was a breeze, simply a case of connecting the cables Ben had previously fabricated and pining them in place to keep things neat. There was one small challenge in providing power to the graphics cards, the cards take power from headers at the top and being quite tall there was a slight concern that the overlapping cables would be too close to the glass.

The original plan was to use cable combs to bind the power cables for both cards together and have then feed them through a duct in the back panel. Having tried for several hours to get the cables to sit the way he wanted and failing Ben decided to try another solution. The empty expansion slots have vented blanking plates to allow the air to flow past the graphics cards and into the rear compartment. Ben decided to cut away part of the vent nearest the 2nd card to allow enough room for the power cables to pass through the unused expansion slot.


Ben is quite happy with the result, the two separate tracks of power cables look much neater than having them overlap and all pass through the same hole.


Preparing the Motherboard


Having completed the wiring and tested the components already fixed to the desk such as fans, UPS, etc… its time for Ben to prepare the motherboard. Ben is using a custom EK waterblock designed specifically for the ASUS Rampage V motherboard he is using. The waterblock not only uses the watercooling system to cool the CPU, but also the motherboards PCH and CPU power delivery components. This will allow for greater overclocking potential and help take heat away from the main compartment creating more clean air for the graphics cards. Of course the motherboard comes pre-fitted with a selection of heatsinks and heat pipes to dissipate the heat from these components, in order to install this waterblock Ben will have to remove all of these factory fitted parts and apply thermal compound and pads to the components on the board. Let the fun begin….


After installing the CPU and applying the thermal pads and compound to the relevant areas the block is screwed to the board and the memory is installed.


With the board preparation finished Ben must now assemble the pump for the water cooling system. He has chosen a Laing DDC pump, a proven highly reliable and quiet industrial pump rated at 50,000 hours MTBF. The pump is also PWM controlled meaning the flow rate can be adjusted automatically depending on cooling requirements. In its standard form the pump is surrounded by plastic casing and top, Ben has chosen to upgrade the pump using EK aluminium parts offering superior flow and heat dissipation.


Filling and Testing the Cooling System

With all of the components now mounted, cabling and tubing in place it is now time for Ben to fill the watercooling system with coolant, purge the system of air bubbles and test for any serious issues (in other words, leaks).


Getting rid

of the air bubbles in a new watercooling setup is a surprisingly difficult, time consuming task. The pump will only move water, so as soon as an airlock hits the pump there is no pressure to push the water round the system. This meant that Ben had to fill the reservoir then suck the air bubbles through the tube at the other end of the loop, during this “activity” he found the coolant doesn’t taste so good. On the bright side, despite the EK coolant he is using containing anti-corrosion additives, scale inhibitors and biological growth inhibitors, it’s non-toxic.

Happy that the system is now free of air Ben leaves the pump running overnight with the rest of the system powered down, thankfully it passes the test with no flying colours.

It’s Alive


It is always a nervous moment for system builders firing up their rig for the first time. Ben has built a few PCs in his time but never anything which has involved quite as much time, effort, planning and money as this, safe to say he had his fingers crossed when he pressed that button.

After a couple of minutes of uncertainty, he was very relieved to be greeted with the “No bootable OS” message. The only time anybody is ever actually happy to see those words appear on their screen.

There is still a bit of work to do, the rear connection panel still needs to be designed and made and the painting still needs to be completed and placed in the right hand compartment, but the system is now up and running. Ben has applied some basic overclocking settings, configured cooling, RAID sets, installed the OS and run a couple of benchmarks. There is still some more configuration to be done before the system is running at peak performance but to give you all a small taste of what it is capable of:

Installed Windows 10 in 7 minutes.

Installed Server 2012 R2 in a VM in under 5 minutes!

Using the 3DMark FireStrike benchmark the system scored over 28000 points, which at the time of testing put this system in the top 250 most powerful machines tested with the benchmark worldwide. It currently is, and will likely remain for another year, in the top 1 %.

In the next update Ben will have refined the overclocking profiles and cooling setting and will be providing more detailed figures and full specifications. Stay tuned and thanks for reading.




We are bringing the Let’s Get Synchronized tour to the North West

This free event is taking place on:

Friday 30th September 2016
9am – 2pm
Mercure Haydock Hotel
WA11 9SG

Click Here to Register:

Event Overview

As multi-academy trusts(MATs) evolve, the need to scale services and support transition across their academy base is a priority. We work with a range of MATs across the UK to support them in overcoming their individual challenges and issues. As we are educationally focused, we have the experience and passion to understand such challenges and issues to create a bespoke ICT solution to best suit your school’s evolving needs. Whether you are an existing school, new build or converting academy, we believe this event will be beneficial to you.

On the day, Virtue Technologies Managing Director Phil Lawson, will discuss how we can assist with existing schools and new schools joining a MAT and provide you with an overview of multi-site network designs and available support structures from Virtue Technologies.

At the Let’s Get Synchronized event, hear from Sophos Engineers who will be discussing how their products offer a cloud based approach to internet security and can help with the security challenges faced by MATs. Max out on the latest security updates at the Let’s Get Synchronized Skate Park with a series of urban sports challenges including skateboarding tricks and downhill cycle racing and prizes!

Our guest speaker John Bidder, from Blippit, will be discussing social media strategies for multi-academy trusts. John will talk about how social media can be used to raise the “brand” awareness of the trust and reach parents of existing pupils and potential new pupils.

Check out the event agenda below to see what else is happening on the day.

Event Agenda

9.00am Arrival and Coffee

9.30am Introduction and overview of services for Multi- Academy Trusts

  • Introduction by Phil Lawson – Managing Director of Virtue Technologies
  • Services from Virtue for new and expanding MATs, discuss how we can assist with existing Schools and new schools joining a MAT
  • Overview of multi-site network designs and available support structures from Virtue Technologies

9.50am Audit, documentation and planning services

  • Will Stead, Virtue’s Head of Operations will discuss the documentation and planning services we can assist with. This ranges from 3-5 year budget planning, risk registers and all round IT plans.

10.10am Sophos Sessions

  • Sophos sales engineers will discuss how their products offer a cloud based approach to internet security and can help with the security challenges faced by multi-site MATs
  • Advanced protection with Next Gen Endpoint (15 mins)
  • Synchronised Security delivered through Next Gen Network (15 mins)
  • IT is hard! Find out how the cloud can help simplify IT security challenges (15 mins)

10.55am Coffee Break. Competitions and games will take place at the Let’s Get Synchronised Skate park!

11.25am Social Media Strategies for MAT’s

  • John Bidder from Blippit discusses social media strategies for MATs. How MATs can use social media to raise the “brand” awareness of the trust and reach parents of existing pupils and potential new pupils.

11.45am I Am Cloud

  • I am Cloud Identity management – Single Identity across all services giving MIS Integration and single sign on to external public cloud resources such a Office365, Google, Moodle, Frog etc.

12.05pm Virtue Technologies

  • Trust Wide Private Cloud – how we design a multi-site private cloud for a MAT, discussing the benefits to the trust and costs involved
  • Azure AD integration – integration of Microsoft Public Cloud – Azure active directory to the MAT private cloud and benefits to this
  • Cloud hosted servers – options to move servers to the cloud, costs and benefits to doing this.

12.35pm Customer Q&A

12.45pm Complimentary Lunch

Venue Details

Mercure Haydock Hotel, Penny Lane, Saint Helens, WA11 9SG


Staying safe online this Summer

With the summer holidays just around the corner, children are looking forward to having more free time.

For some, this will be spent using the internet to keep in touch with friends, catch up with the latest apps and online trends, and playing their favourite games.

For parents, it’s a great chance to sit down with your children and visit their favourite sites and games together, so you can keep in touch with their online lives, and show them you are interested. It’s a good opportunity to have positive conversations about the internet, so that if anything happened online that worried or upset your children later on, they would feel more confident in confiding in you.

Keeping in touch online

During the Summer holidays, young people may want to keep in touch with their friends through social networking sites or games. It’s a good time to ask them about what sites they use, and remind them you have to be at least 13 to use most social networks. Encourage your children to use the privacy tools on the services they use, so that the content they post is only available to people they know and trust in real life.

Managing online friendships

The holidays are also a good opportunity to talk to your children about their online friendships and encourage them to be good online friends. It’s also important to remind young people that even if you have been chatting to a friendly person on a site or in a game for a while, if you only know them from being online they are still a stranger and you should not give out your personal details to them. If you are worried about an adult pressuring your child online, you should contact the Police and report it to CEOP

 Sharing those holiday snaps

Some children may want to share photos and videos of what they are getting up to in their summer holidays online. Talk to your children about what types of photos are appropriate to share, and who they are okay to share with. Photos can hold clues that give away personal information. For example, if you share a selfie of you and friends, are there any landmarks or street signs that give away your location?

Finding a balance

Without the structure of the school day, children may spend a lot of their time on the internet. The internet is a fun place to be, and children may find it hard to manage their time between being online and offline. Talk to them about how important it is to spot the signs that they have been online for too long. For example, they might get tired eyes, a headache, interrupted sleep or mood swings. Setting a time limit can be helpful, but remember to set it before they start playing a game or chatting online, so they get less frustrated when it’s time to stop. Offer some alternative activities to being online, and remind them the summer holidays are also a time to enjoy being outside and having a rest.

Enjoy the summer holidays!

Reblog from UK Safer Internet Centre – “Staying safe online this summer” posted 12th July 2016


Ben Whittle’s latest Uber Computer Update


Ben has finally finished the fabrication and painting of most of the panels and has assembled the desk for cable routing and testing. There is still a lot of wiring to be done, and while it isn’t particularly complex it has been very time consuming. As you can see below the loom for the SSD activity indicator strip is now complete and in place.


Ben has also completed the wiring for the Asus ROG panel, intake fans and lighting. In order to test these systems Ben has removed the motherboard and drives from his existing system and mounted them in the desk. This has enabled him to test the front mounted USB ports and audio jacks, power switch, cooling fan speed control, SSD indicator strip, etc…


So far everything is working as expected, Ben is particularly pleased with the lighting and is looking forward to seeing the painting lit up in the right hand side. He is currently unsure what to do with the legs, the original plan was always to paint them black as with the rest of the desk. A few people have said they like them as they are, as a compromise Ben is considering staining them to try to match the finish of the M-Audio studio monitors which will sit either side of the screen.


Ben will give this a try first and see how it looks as it is much easier to paint black over varnish than sanding off black paint. Thankfully the colour of the lighting is much easier to change:


It is looking ok from the front but there is still much work to be done, still many cables to make, terminate and route. The rear panel still needs to be cut out and painted, then it will be on to mounting the exhaust fans and rear connectors. Currently it is just a mess of wires, pipes and components:


Ben is hoping to have the panel and cabling complete in August, then the construction will be complete and he’ll be ordering the components and testing. More updates to follow soon.


The Questions you are Probably Asking Yourself Around Sandbox Technology

In the continuing arms race between cyber criminals and the organisations whose data they covet, we continue to see new, ever more sophisticated, tools being deployed both sides.

Lately, attacks called advanced persistent threats (APT) which were originally used only against very large organisations have become more common and are now being used against smaller companies, such as schools, either to attack the smaller entity itself or as a stepping stone to other larger targets.

Small and midsized businesses such as schools are on the radar of attackers, who actually see them as low hanging fruits because many of them lack the resources, the security and the multi-layer defence programs to help protect themselves. 42% of small businesses report being a victim of cyber-attacks and the majority of the companies hacked were hacked twice or more.

Growing Awareness

On a positive note, we are seeing a rise in security awareness driven by the increased coverage of cyber threats in the mainstream media. This has helped many organisations improve their security posture: Employees see news about cyber-attacks and develop more awareness of security risks and so are less likely to engage in risky online behaviour; senior management understand the risks more clearly so IT departments find it easier to obtain the budget required to strengthen and improve their defences.

Demand for Comprehensive Next-Generation Security Solutions

IT teams in organisations of all sizes now understand that sophisticated cyber-attacks can use unknown malware that can evade traditional gateway and endpoint protection. This is why many organisations are considering new solutions to combat this problem. Additionally, there’s a lot of hype encouraging you to buy additional next generation solutions to deal with these unknown threats.

However, often these technologies are too complex and expensive for many businesses to consider. Many of the complex security solutions used by larger enterprise require multiple dedicated devices which are resource and maintenance intensive. They also tend to have low accuracy; this means a skilled team is required to analyse the results. Buying more solutions from multiple vendors that don’t talk to one another isn’t a recipe for a manageable threat defence.

New Age Threats Need Next Level Security – Sandbox

One technology, that’s had more than its fair share of hype, is the sandbox.

The questions you are probably asking yourself around sandbox technology are:

What is a sandbox?

A sandbox is an isolated, safe environment, which imitates an entire computer system. In the sandbox, suspicious programs can be executed to monitor their behaviour and understand their intended purpose, without endangering an organisation’s network.

Do I really need a sandbox?

Organisations need a range of security technologies to protect them from threats both known and unknown. It’s likely you’ll already have deployed Secure Email Gateway, Secure Web Gateway, UTM or Next Generation Firewall at your internet gateway, as well as endpoint protection to your desktops and servers.
Even vendors that only supply standalone sandbox technology would never suggest that their product provides a complete defence against advanced persistent threats. They acknowledge that many security layers are essential to protect against these threats. What a sandbox does provide, is your own dedicated environment to analyse, understand and take action, on the threats to your organisation that haven’t been detected by this stack of conventional security measures. Sophisticated targeted malware, designed to evade detection, will be detected and blocked when detonated in your sandbox.

Why don’t my conventional defences protect me from these APTs?

Basic signature-based antivirus will protect you against known malware. But signature-based antivirus is reactive and increasingly outpaced by today’s attackers. Most leading security vendors us a range of approaches such as malicious traffic detection capabilities and emulation to supplement signature-based detection. However, if your data or credentials are valuable enough to the attacker, they will have spent time discovering what type of security you are using and tested their unique malware to ensure that it will evade detection by your defences.

Surely this kind of technology is only for larger organisations?

An attack on Target Stores, a large US retailer, resulted in 40 million credit card numbers stolen. This had an enormous impact on trust in the Target brand and led to the company spending a significant amount of money on breach-related expenses, like providing monitoring services to protect customers from fraud. Target is certainly a large organisation, but what’s important to consider is that the attackers stole the credentials of Target’s air conditioning contractor. This small supplier was seen as a soft target and an easier route into the larger business. So organisations of all sizes should consider sandbox technology; a targeted attack could cost you your key customers and is one factor in the statistic that 60% of small firms go out of business within six months of a data breach.

Another point solution? That sounds expensive.

Sandbox can be expensive, no doubt. But there are ways of reducing your costs. In their research note on network sandboxing Gartner recommends:

“If your organisation is budget-constrained or looking for a quick path to add sandboxing, first evaluate adding sandboxing as a feature from one of your current security vendors.”

Your existing UTM, Firewall, Secure Web Gateway or Email Gateway may have sandboxing-as-a-feature options available.

With the introduction of cloud computing, the way processing power and storage is delivered and priced has changed. Companies now have access to greater processing power at affordable prices. This has driven a revolution in what can and can’t be delivered as a service.

Sandboxes have proven very effective in identifying and stopping APTs by creating a full working environment for the malware to operate in and making it hard for it to identify that it is being analysed. Previously, such a complex solution had to run on dedicated hardware and have a team of analysts to decipher the results limiting it to large enterprises and malware research labs.

By moving sandboxing to the cloud, the reduction in cost means security vendors can apply more processing power and share resources across multiple customers. It also means companies no longer have to rely on in-house expertise as their vendors or partner can provide the analysts from a central location. This reduces the costs to such a level that all organisations can afford sandboxing.

It sounds complicated – do I have the resources to try and deploy this?

When you begin to trial solutions, consider solutions that are easy to try and deploy. Cloud- based solutions can be rapidly deployed giving you instant results without the need to deploy hardware or upgrade appliances.

Sophos Sandstorm

Sophos Sandstorm is an advanced persistent threat (APT) and zero-day malware defence solution that complements Sophos security products. It quickly and accurately detects, blocks, and responds to evasive threats that other solutions miss, by using powerful, cloud-based, next generation sandbox technology.

For more information about Sophos Sandstorm visit:

Stay Protected Against Ransomware – Best practices to apply immediately

The following recommended measures should always be taken into account:

Backup regularly and keep a recent backup copy off-site.

There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

Don’t enable marcos in document attachments received via email.

Microsoft deliberately turned off auto-execution of marcos by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn marcos back on, so don’t do it!

Be cautious about unsolicited attachments.

The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s the one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.

Don’t give yourself more login power than you need.

Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.

Consider installing the Microsoft Office viewers.

These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support marcos at all, so you can’t enable marcos by mistake!

Patch early, patch often.

Malware that doesn’t come in via document marcos often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

Keep informed about new security features added to your school applications.

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet” which helps protect you from external malicious content without stopping you using macros internally.

Open .JS files with Notepad by default.

This helps protect against JavaScript borne malware by enabling you to identify the file type and spot suspicious files.

Show files with their extensions.

Malware authors increasingly try to disguise the actual file extension to trick you into opening them. Avoid this by displaying files with their extensions at all times.

Join us for an informative webinar to learn about ransomware threats and how schools such as yours can stay secure against them. The webinar ‘How to Protect Against Locky and Friends’ is taking place on Thursday 23rd June 2016 – 12:00pm – 1:00pm BST. Register here:

TeslaCrypt ransomware gang reveals master key to decrypt files

Articles about ransomware often don’t make terribly happy reading, especially if you’ve gone looking for the article because you’re looking at a “pay page”. That’s the message you see from most ransomware after it has scrambled your data, when the crooks make absolutely sure you know how to go about buying your data back.

Occasionally, the malware attacks everything. That happened with ransomware called Petya that scrambled the low-level index of your C:drive so you couldn’t boot at all, let alone use a browser or copy-and-paste text, or even take a screenshot.

You had to find another computer to get online, and manually type in a long, alphanumeric personal decryption code that Petya displayed:


But most ransomware is much more commercially savvy than that, and goes to great lengths to ensure that your operating system and all your applications are left well alone. That leaves you free to get online, follow instructions, and send money to the criminals.

To leave you in doubt what to do next, some ransomware event changes your wallpaper so that the how-to-play details are permanently in your face:

jjduySo we were surprised and delighted in equal measure to read that security researchers over at ESET had reached out to the crooks behind TeslaCrypt…

…asked them for the private key used in the operation…

…and received the reply, “Project closed, master key for decrypt XXX…XXX,[…] we are sorry.”

We weren’t inclined to believe that the crooks really were sorry, but it seems that the master key was genuine.

Most ransomware uses what’s called a hybrid cryptosystem, in which files are scrambled with a regular symmetric encryption algorithm such as AES, which is fast and straightforward.

Each computer, or more commonly each file, uses a unique, randomly chosen key that is never saved on disk, so it can’t be recovered directly. Instead, the file encryption key is then itself encrypted using a public key for which only the crooks have the corresponding private key. (Public-private encryption, known as public key cryptography, relies on two related keys: one that locks data, and another that unlocks it. You can’t use mathematics to figure out the private key from the public key because they have to be generated as a pair. In other words, the public key means that other people can scramble data that only you can decrypt.)

Usually, the crooks never part with the private key – they just use it to decrypt the unique AES key or keys needed to unlock your computer.

Because your key is unique, it only works on your files, so you can’t use it to help out other victims. In other words, the announcement by the Teslacrypt gang that they’ve revealed their business secret is unusual. Indeed, various public tools have already been created to use the Teslacrypt master key to unscramble locked files for free.


Of course, only vistims who have been hit recently and haven’t yet paid up, or victims who backed up their already-encrypted data just in case, will get much use out of the master key at this stage.

Why did the crooks do it?

That really is the million pound question, and we shall probably only ever be able to guess at the answer:

We can think of the following possibilities:

  • The crooks are genuinely sorry, and have retired in a fit of conscience.
  • The crooks were hacked by another gang, who spilled the master key to ruin their rivals’ business.
  • The crooks have switched their time and effort to newer ransomware.
  • The crooks have made so much money that they want to retire in a media-friendly way before they get caught.

What do you think?