Re: Bit rich ...
You're right, but that doesn't make him wrong.
433 posts • joined 1 Feb 2010
You're right, but that doesn't make him wrong.
And I don't see why the likes of Experian or a bank or any other commercial body needs to see that I'm logging in to claim a benefit, or to check into an STD clinic or do a tax return. They're not a justifiable party. GDS also don't provide a privacy-enhancing technology that hides or masks identity providers from resource providers, and vice versa.
I'm so not signing up for that bollocks.
When your only tool is a hammer, I mean browser everything starts to look like a thumb.
Oh really? It does less than the Government Gateway. What's innovative about writing your own Id federation system that's not industry-proven, has a small subset of industry-established alternatives like Tivoli FIM, ADFS or even (*shudder*) Oracle IF?
It's worse when you consider Kim Cameron's 7 laws of identity. How is Experian a justifiable party to a driving license renewal?!?
It gets even crazier when you consider that GDS have written their own implementation of the SAML protocol to allow the likes of Experian to be ID providers. Why on earth would I rely on a home-grown, hand-crafted identity system from GDS when existing, proven, industrial-strength solutions (from IBM's DataPower appliance to Microsoft's ADFS) already exist?
The GDS solution doesn't do attribute provisioning, nor does is promote privacy (like for example the privacy-enhancing technology in U-Prove). So (dramatic example) Experian could know Peter is getting STD meds, or that Paul just got laid off...
Because (and I say this as a non-Google, but Facebook user) it just makes it so damn easy to share the odd comment with family that lives 6,008.41 miles (8,947.79 mi, if you prefer to drive) away. Even if that comment is little more than "I haven't heard from you. We saw whales today [+photo of big blubbery thing in the water]"
There's little I share on Facebook, but my dad knows I get a notification on my phone when he writes on my wall. It's good for that.
Instead of verifying the fingerprint, Milhouse sends a nonce encrypted under Bart's (actually Nelson's) public key. If Bart were legit he performs a simple operation on the nonce, re-encrypts it with Milhouse's public key and sends it back to him, thereby verifying that he holds his (Nelson's) private key.
The vulnerability is an old one. Bart can't read Nelson's stuff because he doesn't have Nelson's private key. So instead of just verifying a fingerprint, verify the existence of the private key. Kerberos does this (Needham Schroeder protocol).
Depends. If you're doing something with a lot of features, or security, or on- and offline (store and forward messaging or sync), a better alternative for an HTML5 app is a native app.
If you're doing a basic create, read, update, delete app for a single-table with look-up data, then there is probably no better alternative than HTML because efficiency. Write once, deploy everywhere.
The native approach is a ton of work, and most people (manager types) don't appreciate that a relatively complex native mobile app often needs more effort than the equivalent desktop app written in Windows Forms or similar.
Ditto. Might try one when my Lumia comes up for renewal. Never expected BB to come up with something that lies me from Windows Phone.
Dead keen to have a play work one...
Everything you read about security says how difficult it is so don't attempt to do it without a security rocket surgeon. And that no system can be secure, so you're probably better off not even bothering. better off not even bothering. Agile people can't do anything (security) without a user story.
The IT industry actively discourages security and then cries like a baby when someone gets broken into.
Security is NOT difficult. It does require effort though. Effort to learn, and effort to implement, and effort to manage.
That raises another issue governments have. Mass surveillance and the ability to get data of smart phones is only going to catch the stupid people. The clever ones are the ones you (governments) want to catch, and they're exactly the ones who don't have iPhones or Androids. So they spend 99% resources ensuring smart people don't use avenues stupid ones do, and 1% on avenues smart people do use. Net result is you (governments) don't catch exactly the people they want to catch.
So even for uncle Sam this is a zero sum game.
The US govt. CAN crack the whip. And if the whip doesn't work, they could just invade themselves and install puppet CEOs at the banks...
I like and support the decision to use ODF, but the cargo-cult statements I'm reading are a bit out there.
>> ...it will allow people to work with UK.gov without paying the MS tax
While a good thing, it's limited to those that want to -- a tiny (mostly IT-skilled) fraction of the population. ODF changes nothing. Outside UK.gov itself, people will send the government documents in the format of their choosing. UK.gov will read documents in whatever format they come in. People know what "Word" means. And "Excel". Ask the average man in the street what ODF means...
Note that the anecdotal evidence of someone's grandmammy and -pappy using Linux on a laptop != the populace.
>> It will also ensure that critical documents will still be accessible in 20 years.
Documents will be accessible anyway, whether ODF or anything else. I can access documents from 20 years ago today, and I don't see that changing. Do you mean accessible through something non-Microsoft? If. You. Just. Need. The. Information. does it even matter who created the software? Readers (even from Microsoft) are free.
I have a 920, which I loved. And stopped using when I got a 1520, which is great because I read a lot on my phone. I imagine I'll upgrade when a 1020 replacement makes an appearance.
If you're splitting hairs then Google+ is a system that manages personas - it's technically not an identity system. An identity is (in the IT sense) universal, whereas a persona has a constrained applicability. Identity has a one-to-many relationship with persona (one identity will use a G+ persona to post a doge picture, and another persona to check a bank balance).
...because I agree with you. One inaccuracy is that 911 accelerated dot.bomb. It didn't. I was out of a job six months before that, and I'd clung onto that last job well past the peak of the bust. Tough time for me, so still very familiar with those dates.
Amusing how an article about Google's new design language leads to comments predominantly about Microsoft.
The Surface Pro 3 is a non-starter for me because the screen is too big. I move around a lot, and don't want to carry a large bag so 10" is my ideal screen size. To be fair I had a Sony VAIO P-Series (VGN-P19VN) before I got a Surface Pro 2, so am used to small text at full resolution. In a perfect world the P-Series would have the grunt to run Visual Studio 2013 at the same speed as it runs Visual Studio 2008, but that ATOM processor just can't.
Cloud security is only an issue when you rely on the cloud provider's security. A solid Needham–Schroeder protocol implementation with decent security primitives and HSMs can get you client-side encryption without affecting performance. The cloud service should be a zero-knowledge service, in that it traffics in and holds encrypted data, but hasn't the keys to decrypt it. If you do your job properly this will work with both structured and unstructured data.
I guess it means admitting that we're responsible for the security of our data, and not the cloud provider. That's something I don't see often.
As opposed to what? Seal clubbers? War lovers? Whatever happened to the soldiers? Guessing someone ran corporate speak up Darpa's flagpole, and that got socialised out to the media...
Good thing Android has no glaring issues or your argument wouldn't have legs...
I've a 1520, which goes into the back (arse) pocket of my jeans. I walk with it there, cycle and sit with it there. It's near indestructible so haven't had any problems with that. Only time I worry is walking through the West End. The thought of pick pockets makes me put it into the front pocket in my jeans and that well uncomfortable.
Fair enough. I do however, wonder where IT valuations will go once enough companies list one year and fail the next...
The file system is locked down intentionally. It means that one app cannot access another app's data unless the developer built in a mechanism to do that (like for example contacts, calendar and photos). If an app does access a shared data source is must declare that requirement in the app's manifest.
If all of that's too long-winded and boring for you, just know that you can't get a usable file manager for the same reason Whatsapp cannot be pwnd on Windows Phone like it can on Android.
You can indeed opt out of cloud storage for your data. Look for "backup" in settings, where you can see what gets backed up to the cloud, and turn individual items on or off. Windows Phone 8 already acts as a "storage mode" device from your PC. Your other points are addressed by 8.1 (e.g. not needing a search button).
As for your comment further above (that 8.1 features should've been in 7) - yeah. Absolutely. Like copy/paste on IOS. Or NFC on Android.
But hey, what I really suspect would make you happy is a Samsung G5 or an HTC One M8. All the freedom you want.
Cautiously curious. If this gets real it could be the first product from Google I'd shell out cash for.
Oh, and if you'd paid attention you'd know that you can choose which parts to share, and which not, and that you can even choose to share no components at all (*gasp*).
They also open-sourced Roslyn (the C# compiler written in C#), they've open-sourced WinJS, and introduced .NET Native. And then of course there's Cortana...
Securing the network is not enough. Ever heard of the concept of defence in depth? You need to secure the network for sure, but also every resource on that network. And that includes devices, not just service endpoints or file shares.
"...If that's the way Microsoft operate..."
Have you THOUGHT about it beyond gleefully bashing Microsoft?
Imagine you're an IT guy told to allow BYOD but to make it secure. You realise you can't, unless you're allowed to enforce *some* policy on the devices. So you allow BYOD, as long as your employees agree to resetting their iPads and Nexuseses (Nexi?) to factory spec + your policy.
Of course your employees can agree to this state of affairs ...or not. If not, you cannot reap the benefits (reduced cost) of BYOD.
How do YOU think this should operate?
My suggestion? Don't allow unstructured corporate data (documents, spreadsheets, presentations) onto any cloud or BYOD service or device. Structured data (database data) is allowed, but only through a corp-sanctioned (or developed) app. Email is allowed, but PIN + remote wipe policy is enforced. BYOD allows unrestricted Internet access, but taboo on corp-net.
Corp-net services are accessed through DirectAccess (VPN) or LAN using a corp-provisioned device. If you're important enough, you get a laptop. If not, you get a desktop.
If you want to do a better job of security than the NHS, MOD, Sony or Walmart, make judicious use of X509, F5 BigIP, TMG and so on and so forth. Oh, and don't rely on TLS. Supplement TLS with stuff like VPN. If you MUST allow remote access into SharePoint or something, don't expose corp-net credentials. Set up another AD in the DMZ and federate into corp-net. Don't use Google, and don't use Heroku, Azure, AWS or Office365.
Unless you're a hipster startup with 20-something pimply-faced kids, in which case simply swap out all the "don't"s with "do"s.
Go find a Windows Phone. Preferably a Nokia, because Drive and Maps also want to phone home. Reset the thing, and power it up. And after going through that process, come back here and we can have a conversation.
Did you read that article you linked to? Clickbait. Lumias, like all other manufacturers (and Windows, Internet Explorer, SQL Server, Visual Studio...) ask on startup if you'd like to share your location data, browsing history and so on to help improve their services. Some of the more benign (search queries for predictive search) are on by default. Just like Google does. Others are off by default.
But yeah, totes the end of the world, because when do we let facts get in the way of a good vent.
It's tuned for American English, which is why it's so terrible. I tried adding "y'all" after "Go glass" but that didn't seem to help.
Consistency. Our nearly obsessive desire to be (and appear to be) consistent with what we have already done. What the downvoters are so ably demonstrating is that once we've made a choice, we encounter personal and interpersonal pressures to behave consistently with that commitment. Given that my post was a factually correct counterpoint is amusing. And a bit sad, given the assumedly enlightened audience here.
Be that as it may, Microsoft do follow their own spec, just haven't implemented all of it. The problem is quantitative rather than qualitative. ODF vendors don't fare much better with their format.
Microsoft's format is published and freely available.
But do believe that the overwhelming pro-ODF response is because the tech community is predominantly pro open. This is good, but it doesn't mean it's a fair representation of "citizens" of which I presume most, like me, couldn't particularly give a damn.
...with no idea on how it should be used. If there's a problem it solves, Google would focus on solving the problem rather than asking developers to invent problems that fit the solution. Starting to sound like a cliché I know...
Anyway, I don't give it any more cred than Google Glass, which is their last solution still looking for a problem.
Actually it's worse than that. WhatsApp uploads all contacts in your address book. This means Facebook get your number, but also the numbers and email addresses of all your mates.
When Facebook looks at WhatsApp, I think all they see is a data mining wet dream.
All queuing systems are toys - expensive, unnecessary toys: http://www.infoq.com/articles/no-reliable-messaging
I think you mistake web sites and CMS (of the content variety) with enterprise systems. Where GDS is decidedly underpowered. Mike Bracken is ex-Guardian, and it shows. Some howlers I've heard from GDS architects (also ex-Guardian, unsurprisingly) - "we don't need single sign-on - people remember their Facebook passwords, don't they" and when a gov. dept. insisted on Windows because of device driver constraints "just pay the vendor to write Linux drivers".
GDS are good for sure. But haven't a clue beyond building public web sites (which they do very, very well). They have no enterprise credibility, and their dogmatism is their weakness. F/OSS at any cost, agile or die, and just as importantly, user-needs bias. That last one completely ignores stakeholders you encounter in enterprise scenarios - sys admins, security, business admins.
And whilst I'm having a go -
ALL of UK.gov IT has one core problem - no business objective. Everything they do is in response to a crisis - usually one published in the media. A sentence you hear all too often is "we must replace our old systems". Great. Why? REALLY why?!? Are they too expensive? Don't they handle the current load? Do they need to be updated in response to changes in primary or secondary legislation?
I've worked as a consultant to gov on and off since 2001, and have never, ever been given a SMART objective. Every time I ask I'm given the "business case". Every business case I've seen is so garbled, vague and ambivalent that IT hasn't a clue why they're building something, or procuring it, or (often) what they're supposed to be building or procuring.
The other unfortunate thing about GDS is their arrogance.
I have very mixed feelings about all of this. On the one hand it means there's always going to be work for capable IT people. On the other, it's why we're paying almost £10 for a pack of fags.
...just as soon as my backend starts working as a zero-knowledge service that simply routes and stores encrypted blobs, and an encrypted search index. That work is taking time, but it's progressing. And from that point on I couldn't give a damn where my data is stored, so long as it's cheaper than doing it myself.
It's being built by GDS, will do a fraction of what the Government Gateway does (which is being switched off next year, so no pressure there then); is based on the SAML protocol (so no AD integration, but that's ok because we can haz identities in Mongo*); and best (worst?) of all, doesn't, and will not use privacy enhancing technologies (PET). I mean PET in the sense of U-Prove (or CredLib), and not the Information Commissioner's more general sense.
The upshot is that if GDS get their way, your bank, or Vodafone, Experian or Equifax (i.e. whichever identity provider you end up with) will know that you're being treated for amoebiasis because you're using your digital identity to get your amoebicide prescription. Or (less embarrassing, but equally sensitive), that you're suddenly unemployed and claiming tax credits (oh, wait...).
Quite sad really. Take a great technology (identity federation), and do a half-arsed job because GDS is dogmatic about open source, and wields said dogma through the hands of 20-something script-kiddies that haven't seen an enterprise system, let along built one. The other elephant in the room is the choice of Identity Provider. In the UK there are only two logical options (ideally a combination of the two) - the Home Office, and the DVLA. And even those two come with huge privacy implications...
But hey, it's all good. When labour wins the next election the GDS guys will move on to cushy private sector jobs, and some new version of Martha Lane Fox will scrap GDS and invent a new thing, just as what happened to Directgov.
* Unfair maybe. I've no idea what their identity providers intend using.
Turned on my pineapple and started up wireshark because I wanted to see what the Xbox One (or rather, Kinect) transmits to Microsoft. I got as far as that green screen, and waited for a couple minutes. Wireshark was showing what must have been an async call to Xbox.com. Lots of encrypted packets. Xbox.com wasn't responding, but came back almost instantaneously on earlier calls, so I assumed it was just running a complex or long-winded process that needs time. I was technically working from home yesterday, so I got myself a coffee and had just started Outlook when I noticed the screen was now black with a message that the first of many monster updates was downloading (Forza 5 downloads 6 f*cking gigs!!).
All said and done I think Microsoft could've done themselves a favour by providing a more informative screen than that green one, but it is just a software issue, and not hardware. I can understand that your average teenager impatience might construe the whole thing as "it's broken".
@JahBless I said innovation. I didn't say from whom. I know I didn't, because I was there when I didn't.
But hey, if you want to talk about innovation from Microsoft and Nokia, try a 41Mbp camera. Or an outlier like the magnetic keyboard catch on the Surface. More mainstream? OneNote + pen.
Compared to a *barometer*? Or a finger print reader. Yeah. That's REAL innovation, innit.
Dude that's starting to get really tired. Disaster how? Whatever your feelings towards Microsoft and their OS, be grateful that there's a third (albeit small) credible player in this market. Keeps them all honest, and drives innovation. Your own choice of device/OS can only but benefit.
No need for an ad blocker. Get a surface. Browse FB using the browser in Metro (touch only), and serious web sites using desktop IE (mouse).
Top them apples!
It's how you secure symmetric keys, after all...
That quarterly payment is ~equal to the WP license fees Nokia pays Microsoft, so the net effect isn't a wad in Nokia's pocket.
Interesting device. On paper (er, screen) those specs are compelling, but the build quality turned me off (it's not bad, but it's not as good as the Surface). I looked at it, the Yoga (nice, but too big), Vaio Pro (crappy keyboard), Vaio Duo (fiddley display contortions) and the Surface Pro 2, which I ended up getting. Reasons for the Pro 2 being 8Gb RAM, the display, the kickstand, the back-lit type cover, and the build quality. Another big one is that I expected it to just work (which it does ...so far).
The "just works" thing is big for me. My previous tablet was a Samsung Series 7 Slate. WiFi took a full two minutes before connecting. The Windows Update that followed the 8.1 update left WiFi with "limited" comms.
I. Just. Need. Shit. To. Work.
I agree that the display port is a negative when compared to full-size HDMI, but other than being a minor inconvenience when presenting, I don't need it (I don't use the Surface at home, where I have a beast of a PC with three 22" IPS displays and a Das Keyboard).
Not so sure. Got mine yesterday morning, and it's got everyone that's seen it pretty interested. Granted, one wants to run Linux on it, but it's getting a fair bit of interest, nonetheless.
Maybe it's different when you go over +2 (I'm +2). That said, I played with Glass a few weeks back, and focus is very, very adjustable, so suspect your friend didn't know, or adjust adequately.
My biggest problem is talking to the damn thing. One, it hardly understands me (the Google bloke says the current version is tuned to American English). Two, and more importantly, there is NO WAY on this earth I'm standing in the middle of Kings Cross and saying "Go Glass..."