393 posts • joined Monday 1st February 2010 07:59 GMT
That ID scheme cracks me up.
It's being built by GDS, will do a fraction of what the Government Gateway does (which is being switched off next year, so no pressure there then); is based on the SAML protocol (so no AD integration, but that's ok because we can haz identities in Mongo*); and best (worst?) of all, doesn't, and will not use privacy enhancing technologies (PET). I mean PET in the sense of U-Prove (or CredLib), and not the Information Commissioner's more general sense.
The upshot is that if GDS get their way, your bank, or Vodafone, Experian or Equifax (i.e. whichever identity provider you end up with) will know that you're being treated for amoebiasis because you're using your digital identity to get your amoebicide prescription. Or (less embarrassing, but equally sensitive), that you're suddenly unemployed and claiming tax credits (oh, wait...).
Quite sad really. Take a great technology (identity federation), and do a half-arsed job because GDS is dogmatic about open source, and wields said dogma through the hands of 20-something script-kiddies that haven't seen an enterprise system, let along built one. The other elephant in the room is the choice of Identity Provider. In the UK there are only two logical options (ideally a combination of the two) - the Home Office, and the DVLA. And even those two come with huge privacy implications...
But hey, it's all good. When labour wins the next election the GDS guys will move on to cushy private sector jobs, and some new version of Martha Lane Fox will scrap GDS and invent a new thing, just as what happened to Directgov.
* Unfair maybe. I've no idea what their identity providers intend using.
Re: Is no one capable
Turned on my pineapple and started up wireshark because I wanted to see what the Xbox One (or rather, Kinect) transmits to Microsoft. I got as far as that green screen, and waited for a couple minutes. Wireshark was showing what must have been an async call to Xbox.com. Lots of encrypted packets. Xbox.com wasn't responding, but came back almost instantaneously on earlier calls, so I assumed it was just running a complex or long-winded process that needs time. I was technically working from home yesterday, so I got myself a coffee and had just started Outlook when I noticed the screen was now black with a message that the first of many monster updates was downloading (Forza 5 downloads 6 f*cking gigs!!).
All said and done I think Microsoft could've done themselves a favour by providing a more informative screen than that green one, but it is just a software issue, and not hardware. I can understand that your average teenager impatience might construe the whole thing as "it's broken".
Re: 'Last EVER REAL Nokia' phone
@JahBless I said innovation. I didn't say from whom. I know I didn't, because I was there when I didn't.
But hey, if you want to talk about innovation from Microsoft and Nokia, try a 41Mbp camera. Or an outlier like the magnetic keyboard catch on the Surface. More mainstream? OneNote + pen.
Compared to a *barometer*? Or a finger print reader. Yeah. That's REAL innovation, innit.
Re: 'Last EVER REAL Nokia' phone
Dude that's starting to get really tired. Disaster how? Whatever your feelings towards Microsoft and their OS, be grateful that there's a third (albeit small) credible player in this market. Keeps them all honest, and drives innovation. Your own choice of device/OS can only but benefit.
No need for an ad blocker. Get a surface. Browse FB using the browser in Metro (touch only), and serious web sites using desktop IE (mouse).
Top them apples!
No mention of asymmetric encryption?
It's how you secure symmetric keys, after all...
Re: Out of pure curiosity...
That quarterly payment is ~equal to the WP license fees Nokia pays Microsoft, so the net effect isn't a wad in Nokia's pocket.
Re: I nearly bought a Surface Pro 2 today.
Interesting device. On paper (er, screen) those specs are compelling, but the build quality turned me off (it's not bad, but it's not as good as the Surface). I looked at it, the Yoga (nice, but too big), Vaio Pro (crappy keyboard), Vaio Duo (fiddley display contortions) and the Surface Pro 2, which I ended up getting. Reasons for the Pro 2 being 8Gb RAM, the display, the kickstand, the back-lit type cover, and the build quality. Another big one is that I expected it to just work (which it does ...so far).
The "just works" thing is big for me. My previous tablet was a Samsung Series 7 Slate. WiFi took a full two minutes before connecting. The Windows Update that followed the 8.1 update left WiFi with "limited" comms.
I. Just. Need. Shit. To. Work.
I agree that the display port is a negative when compared to full-size HDMI, but other than being a minor inconvenience when presenting, I don't need it (I don't use the Surface at home, where I have a beast of a PC with three 22" IPS displays and a Das Keyboard).
Re: It isn't a huge prblem...
Not so sure. Got mine yesterday morning, and it's got everyone that's seen it pretty interested. Granted, one wants to run Linux on it, but it's getting a fair bit of interest, nonetheless.
Re: But I'm far sighted!
Maybe it's different when you go over +2 (I'm +2). That said, I played with Glass a few weeks back, and focus is very, very adjustable, so suspect your friend didn't know, or adjust adequately.
My biggest problem is talking to the damn thing. One, it hardly understands me (the Google bloke says the current version is tuned to American English). Two, and more importantly, there is NO WAY on this earth I'm standing in the middle of Kings Cross and saying "Go Glass..."
Re: Surface Pro 2
You probably want to stop buying tablets from dodgy Nigerians. Surface Pro 2 has two 720p HD cameras, front and rear-facing. Surface RT has a 3.5 megapixel front-facing camera, and a 5.0 megapixel rear-facing camera.
The [informed] user has a choice - choice of OS.
Re: Not Funny!
Everything I read on both TechNet and MSDN made it clear by calling it a start button. Maybe you're just a victim of tech journos' seeming inability to sweat the details (like writing Windows Mobile, instead of Windows Phone).
Re: Still not enough
I do get that beating up on Microsnot and Windoze is a popular (and official) pastime these days. However:
I've been using Windows 8 since October last year. Even though I run it on a Series 7 Slate (i.e. with touch screen), the only Metro app I've used relatively frequently is Video. Everything else I do on the desktop (which really is a vast improvement on 7). My single most compelling reason for Windows 8 is taking notes and drawing diagrams with a stylus in OneNote (insanely good).
But this is about RT. So, even though I've not found a single WinRT app in the store that is compelling enough to use daily, I'm actually slowly warming to the idea of creating WinRT apps. Now that the store submission requirements have been relaxed, I think we might actually see touch-based apps on Windows that are usable.
I've a Surface Pro 2 on pre-order, so for now I can only offer my expectation - that the Pro2 will allow me to use a tablet as I would an iPad, and when I need to, to run Visual Studio, SQL Server and Office as though I was on a desktop (small screen notwithstanding).
Even more strangerer...
...is that the company that was singled out is the same one that a). created SPOT (Smart Personal Object Technology ), and launched watches with it 2003/4(?), and b). the Reg itself has stuff on Microsoft's (rumoured) Surface watch, posted as far back as July this year .
Sooo.... duh, wut?
 Microsoft Research came up with SPOT - it used FM radio signals to broadcast news, weather and stuff to wristwatches.
Note that A makes you part of a VERY tiny fraction of the installed base, and that B is logical as, in it's commercial form it can't be.
"Apple everywhere" and "security" simply don't... either. Nor, for that matter,
"Google everywhere" and "security" simply don't...
SD cards. It's one of those eternally-bitched-about things.
What is it about them that makes them so critical? Do SD-card advocates change their phone so frequently that data portability becomes important to the point that cloud storage just isn't fast enough?
Or do they need so many movies and music on their phones that 16Gb doesn't cut it anymore?
My phone doesn't have an SD card slot, and even though previous phones did, I've never had a need for it. And yet I've always got 3 or 4 movies on my phone, and more music than I have time to listen to in a weeks' commute.
Re: An obvious choice
Kevin Turner is not a good choice. I say that as an ex-Microsoft employee. He signs all his emails off with "Thank you for all that you do." *Almost* as patronising as Dick Brown's email sign-off "And remember.... Action, urgency, excellence!"
Anyway, Kevin Turner is not liked internally at Microsoft. He's a poor fit, not least because he's not a techie, and understands Microsoft's market even less than Ballmer does.
Microsoft needs someone that understands that *all* OS's (WinRT, Windows, Windows Server and Windows Phone) need to be on the same release cycle. The next thing Microsoft needs is ONE coherent strategy for dev. That means merging VBA, .NET, Silverlight for Windows Phone and Windows Runtime. It also means coalescing Windows Forms, WPF and Silverlight into a common UI framework.
That said, I've no idea how they're going to do that last one. GDI/DGI+ uses direct rendering, and Silverlight/WPF uses delayed rendering via DirectX (hardware acceleration). In a perfect world, whatever Microsoft come up with will mix hardware acceleration with WinForms' event-driven model.
Re: @ ilmari: there is no security
Email cannot be secured.
Mostly because the ciphertext must be stored on Silent Circle's (or any email provider) servers. When someone sends a plaintext email to someone's Silent Circle address, they (Silent Circle) encrypt the email on their servers. Mail amongst Silent Circle users is encrypted from the get-go. Either way, Silent Cirlce's servers retain ciphertext. And that's the weakness.
They can be forced by law (regardless of whether that law is "good" or "bad") to change their systems to retain copies of the private keys that decrypt the symmetric keys that decrypt the email.
VOIP and SMS *can* be secured, because it's peer-to-peer, and the chiphertext never goes through Silent Circle's servers, so isn't retained. It it's not stored, it cannot be decrypted.
Indeed. Two things really worry me -
Obama is willing to deny Americans their bread and butter in favour of surveillance.
Other than here and the Guardian, this story doesn't seem to appear in the UK press.
There's an up side though. It's offering a huge opportunity to services hosted in countries not subject to such surveillance or, at the very least, offer a little more transparency.
This is turning into an arms race. Client-side encryption (where private keys are generated and retained on the client device), together with distributed server-side storage (data replication across state boundaries) is where this is going next. If the Internet itself is put at risk (probably the next step for oppressive governments), then smaller, decentralised networks will spring up in its place.
If ever there's tech that deserves patent protection, then this is it.
That's because WunRT isn't useful.
Much as I like Windows 8, the apps on WinRT are abysmal. The Microsoft-authored apps are no better than the crap in the Windows Store.
There's simply no point, if I can't run desktop stuff.
Re: Several Questions:
The 920 is just as good as the faked TV ad. I shake mine like a monkey waxing his carrot and the video doesn't skip a beat. It really is that stable.
Read the 808 reviews in photography forums. Most seem to think it's as good as a DSLR. Of course I can't say anything about the 1020 until I get my hands on one.
I do too, and also love it.
A snowball has better odds of surviving Jenna Jameson's silicone cleavage that the US doing away with their spying. With enough noise from the media PRISM and it's like will just be broken up, renamed and continue. There's just too much money to be had by the president, congress and the IT suppliers.
Re: It's not about techniology, it's about risk.
This is without a doubt where you start. I'd add a contingency plan though. Mitigation reduces probability. You'd want to think about reducing the impact, too.
Whilst there are only 5 threats (spoofing, tampering, information disclosure, denial of service and elevation of privilege), the biggest impact will come from disclosure. What do you do after data loss has happened?
Re: And when the CEO demands BYOD ?
Then your problem is cultural and political. Which needs to be addressed before you start thinking about technology.
That, at least, is what Betteridge's law of headlines tells us. The reality is yes. Because no publisher will create new games for an old console. Duh.
First, WiFi is Internet only. CorpNet is wired, and devices that connect to it are suitably locked down (AD).
Second, Internet-based remote access from corporate (non-BYOD lapstops) is provisioned via DirectAccess.
Third, devices that use WiFi or come in via the Internet use policy enforced using Exchange.
Fourth, corporate apps that employees need on their devices are built either as web apps, or you build native clients.
Fifth, you create a separate AD forest, and use WS-* or SAML to create a forest-level trust, so that CorpNet credentials are never used outside the CorpNet boundary.
Sixth, corporate apps that can be accessed from the outside are protected by an application firewall (BigIP F5, UAG, or similar) - defense in depth.
Seventh, you create or use a native app for devices that copies passwords from for that separate AD to the clipboard, so that they can be pasted into to the corporate app, thus foiling the likes of CarrierIQ and the NSA.
Lastly, if the benefit outweighs the expense, BYOD devices use Chip and PIN challenge/response.
The above is trivialised, but that's my strategy. If it's too sensitive to be accessed from the outside, it's simply not available from the outside.
Re: Conspiracy theoriest right all along
@ Eadon, re. open source.
As we know, closed-source (proprietary) software forces its users to trust the vendor when claims of security and freedom from back doors are made.
Your statement is based on the fact that open source software, by publishing the source code, makes it possible for anyone to inspect that source code, and thereby uncover security or other issues in the software, right?
This may sound like a pretty sweet deal, but it isn’t.
Publishing source code only provides the POSSIBILITY that it will be inspected or audited. It’s virtually impossible to find reliable audit information for an arbitrary piece of open source software.
That leaves the user to trust that the software was reviewed, that the reviewer possessed the skills required to conduct the audit, and that the reviewer’s audit was rigorous and complete.
In other words, whether open or closed source, you're basing your decision on trust. You're better off using Wireshark than being a poster child of the Khomeini Effect - the True Believer who shouts "Open source or die!", without considering practical realities.
WM stopped at 6.5. WP started at 7, and does indeed let you scroll (if that's your bag), or... you could just use jump lists. If you're scrolling in email (much like you would in either iOS or Android), then (unlike iOS or Android) the panorama items will filter your mail.
*Top concerns are the potential for significant end-user training and support and the need for application re-design to take advantage of the new interface,” Johnson writes in the report.*
Are you (Forrester) serious? What need? What complete idiot wants to rewrite a desktop application using WinRT when the desktop application runs fine on Windows 8 as-is?!?
Johnson needs to do some research, whatever his feelings toward Windows 8.
Well then it should aid the disability and no more. If it takes pictures there's no fucking way on god's earth it's coming into my house to photograph my son.
Re: So, it would appear that
So what about the fact that Google isn't allowing Microsoft access to their ad-serving APIs? And yes, many will scream bloody blue murder because the Xbox YT app shows ads, but that was developed by Google, and not Microsoft.
The ad-serving part is amusing anyway. Google has two issues with the Windows Phone app - the one is ads, and the other being able to download videos. I'm not in a position to comment on the implications of downloading, but the ad thing makes for amusing speculation - does Google feel threatened by Windows Phone's miniscule market share?
Revenue from ads on YT for content owners is miniscule in comparison to what Google keep, so I can't bring myself to take the revenue argument seriously.
What I'm really trying to figure out is motive (Google's). And find myself coming up short, other than "war with Microsoft", which strikes me as a little petulant. I'm starting to think that Ballmer and Page are as bad as each other.
I agree with you about forking and the API.
As for duplicate apps - it's Andoid's open nature that allows both manufacturers and operators to add their duplicate/bloated/useful/pointless apps - so explain to my how it isn't Androids' fault?
Serious question, because the other two OSs aren't open, and don't have that problem.
Re: Competition on Desktop
We've seen the $1,500 browser. Maybe in this next batch we get EMACS for $2,000?
Re: “niche” player - corporate speak for MARKET EPIC FAIL
As opposed to the epic success of Google's $1,500 browser? Eadon, I'd swear you're a Google employee. Just surprised they let janitors post online.
Re: Systems Thinking
Interesting, and thanks - I've not come across SSM before. A lot of what (how) I do comes from McKinsey and the management consulting world. One book that covers a lot of the non-technical aspects  that I've gotten a lot of use from, is Designing Solutions for Your Business Problems (http://www.amazon.co.uk/dp/0787967653). There's a lot that book doesn't cover though , so thanks again for mentioning SSM.
 Understanding the current environment (includes policital landscape), setting objectives, building relationships, establishing scope, and so on.
 That book focuses on solving business problems. That's close to using technology to solve business problems, but not quite the same thing. The book also doesn't cover things like conflict management or negotiation, both of which I think are part of the core skills a good architect needs.
Re: social skill and credibility
There are many things you can do. Start by talking to the manager informally about the impact of his/her non-committal (if you can't quantify the impact, quantify it). If that fails, try email, which offers a paper trail. If that fails, informally sound out other stakeholders to see if there's a reason you're missing. If that fails, raise the manager's lack of commitment as a risk. If that fails, make it an issue, stop the project, and let all stakeholders know why, providing a log of events.
Try harder. Saying other people are stopping you is a cop-out.
There are tools.
It starts with the architect getting off his arse and speaking to people. Across the business, and up and down the management chain. Assuming you know what the end game is (SMART goal/objective), you can start on scope. And that's the difficult part done.
The problem as I encounter it is that architects withdraw into a technical bubble, rather than working on their consulting skills (applies as much in-house as to vendors).
Your architect needs the social skill and credibility you speak of. That means navigating a cultural and political minefield, managing stakeholders, risk, and solving business problems.
 Risk is one of my favourite interview subjects. Identifying risk is but the first step. And it doesn't stop with mitigation. The most common downfall of managing IT risk (based on over 20 years in IT) is that when stuff goes wrong (something always does), is that there's a mitigation plan which might, if done right, reduce probability, but the contingency is always left out. And that's what you need when the risk becomes an issue.
so if I don't like it
I can't sell it on? Really? They're not offering a try-before-you-buy, and there's no word on returns.
You could do all that...
...or you could, as an architect, assume some initiative and -
1. Start by creating and sharing a common vocabulary and approach to a problem.
2. If your approach is outside the box, don't forget to understand the box. Politics and culture, you know?
3. Create an objective for your project that's realistic and measurable.
4. Design your solution.
 Replacing an ageing system with a new one is not an objective. Improving performance by 10% is an objective.
 Worth remembering that your first idea is never the best idea. All it has going for it is being your first idea. When considering other options don't create straw men to support your first idea.
Re: Nokia fan
My experiences don't quite match yours, so each to their own I guess. That said, warranty issues like you describe wouldn't put me off. I have a 920 because -
a). It's built like a battleship (easily endures the rather violent attentions of my 14-m/o son).
b). The camera really IS that good.
c). I travel in some pretty remote places, so reliably doing offline maps is a must.
I have a Zune Pass, so I don't need an SD card slot. Many have complained that the phone is too heavy. Not sure what the implication of that is, really, because I carry it around with me as easily as I do my iPhone 5 (work phone).
Last, I also had the E90. I loved it. It didn't have a ton of apps, but those it had were better than many of the apps available today. HandySafe is still my usability benchmark for secure storage on a phone. And Nokia Profiles is the only thing I bleat about when I'm asked what Windows Phone is missing.
I've gone through all of them, starting with the 9110. I've had all the Communicators, the N900, Lumia 800 and now the Lumia 920. Barring an event of Enron proportions, or a security or privacy fail of Sony proportions, I will only consider Nokia.
Used to be a member of IASA, and found them to be much like TOGAF - a scapegoat for those that... can't.
The architects that have the biggest voice at the IASA events I've been to are the sponsors, or architects in niche environments that have zip-all to contribute to my ability as an architect, because their compliance-based world doesn't understand my preference for a risk-based approach.
The single thing that resulted in me not renewing my membership was that when I asked around, nobody could give me a basic, unambiguous definition of not only architecture, but also the role of the application architect, solution architect, or enterprise architect.
Sites like Bredemeyer.com, and freely available resources like Microsoft's Infrastructure Planning and Design series on TechNet, or MSDN have ben much more helpful to me.
The other thing I found IASA to gloss over are the people skills an architect needs - conflict, risk and stakeholder management, influence and leadership skills, strategic thinking, and so on.
Re: Still get some income
@dotdavid - It was set to 3G only. EE tells me that's the only way I can roam outside the UK on non-4G networks (I have a 4G Lumia 920).
Re: Still get some income
It is already happening. And much broader than just VOIP. I was in Cape Town last month where I consistently got a full 3G signal on my EE UK phone. As soon as I used a data connection (be that email, browser or a data call from an app) the signal (and speed) dropped to EDGE. I asked around, and it's accepted practice down there, not just for foreigners roaming.
No, I didn't.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- OHM MY GOD! Move over graphene, here comes '100% PERFECT' stanene
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Beijing leans on Microsoft to maintain Windows XP support