* Posts by El Andy

441 posts • joined 7 Jul 2011


Vanished blog posts? Enterprise gaps? Welcome to Windows 10

El Andy

Re: Bah!

Live Tiles are just icons with built in notification support, which may come from the internet or directly from the local app itself. And if you don't like the notification part you can switch it off either globally or on a tile by tile basis, functionally turning them back into plain old icons.

Quite what all the endless fuss and complaining about them is I truly fail to see.

El Andy

You can do that in Windows 8, it's a brilliant feature. I almost always have multiple apps open on my Surface 2, as it's a really nice way of multitasking on a touch device without the awkwardness of trying to drag windows around.

El Andy

Re: Windows 7 with a flat theme

"but did you notice that the task bar in W10 retains Aero transparency"

It has a subtle transparency effect, but it's much more lightweight than Aero Glass, doesn't need the complex text drawing effect needed on Aero title bars and also doesn't get more intrusive as more windows open (since it's a fixed area of the display).

Although why anyone wants Aero, with its hard to read title bars and problems identifying the active window, is beyond me.

SMASH the Bash bug! Apple and Red Hat scramble for patch batches

El Andy

"When a second issue with Bash was found a few minutes after the first one went public, we knew there was something wrong. We could have followed a duct-tape approach and issued patches to our customers quickly or we could have done this correctly"

Perhaps the more pertinent question is why they didn't bother to do the first fix "correctly"

Hackers thrash Bash Shellshock bug: World races to cover hole

El Andy

Re: FUD whack-a-mole

"And I do want to see a site, not just some test code, but a normal commercial site, pwned by this bug."

You do realise this affects more than just websites, right? And can be used in far more subtle ways than straight up defacing, including turning devices into a zombie botnet.

El Andy

Re: How to check?

You're less vulnerable, but you are still vulnerable. There is no version of bash which has been entirely patched against this issue so just having it there means you are potentially exposed.

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

El Andy

Re: This was fixed before you even reported it

And it's still not fixed anywhere, because the "cobble together a quick fix for the specific exploit" approach so common in the FOSS world has yet again failed to patch the actual underlying flaw properly. Which given it stems from a fundamentally poor design in bash is hardly surprising. I suspect an actual fix will be notable for actually breaking genuine applications because it'll likely need to change the way bash works.

The end result of all this is an even worse security nightmare, because now the bug not only exists but every black hat knows about it too. So the attempt at "patch then announce" has utterly failed. This is why vendors like Microsoft take their time to patch issues, rather than the freetard perception that they just don't care.

UK.gov's Open Source switch WON'T get rid of Microsoft, y'know

El Andy

Given that both Office 365 and Google Docs, the only large scale SaaS offerings, support both OOXML and ODF and the desktop equivalents Office 2013 and LibreOffice/OpenOffice do too, this "format war" is literally the most pointless discussion ever.

When will Microsoft next run out of US IPv4 addresses for Azure?

El Andy

Azure is dependent upon IPv4 addresses for external facing, because you cannot talk to IPv4 parts of the internet with only an IPv6 address and, sadly, that's still the vast majority of it. Until people start to take the IPv4 problem seriously, this is going to be increasingly common (as is getting stuck behind double-NAT'd ISP addresses, with all the headaches that causes)

Alienware says it WILL ship a Steam Machine in 2014 – running Windows

El Andy

Re: Whats wrong with...

Well for one thing, SteamOS doesn't let you play as many games. Kind of crucial for a games machine.

Microsoft poised to take Web server crown from Apache

El Andy

Don't forget that Apache is Windows as well!

You can install WordPress, Magento and even Ghost on Windows just as easily as Linux. So this actually says nothing at all about Linux usage.

Redmond is patching Windows 8 but NOT Windows 7, say security bods

El Andy

The way modern Windows development works is that when changed code is checked in it has to meet certain security gateways, which prevent the use of things like older "unsafe" C functions. So if a developer has to do some work in a library to add new functionality, they'll also replace older function calls with their safe replacements at the same time.

That doesn't necessarily equate to the old code path having a definite vulnerability, but does mean that going forward the potential for unnoticed issues should go down. These sort of preventative changes won't necessarily be backported to previous versions though, because there is a higher risk of some weird application compatibility issue that could arise from the change. Once the OS has shipped and people are relying upon the fact their apps work on it, there is a much higher bar to be met to ensure on going compatibility.

Patch NOW: Six new bugs found in OpenSSL – including spying hole

El Andy

Re: All this tells me is

@Rick Giles: The OpenSSL guys are now dependent upon handouts from the likes of Microsoft. Hardly "coming of age" is it?

story gone

This post has been deleted by a moderator

New 'Windows-8.1-with-Bing': How's it different from Windows 8.1?

El Andy

"Come on EU on making Microsoft put a search engine select screen in. Wouldn't that be a kicker? Lower cost version of Windows but the user will get a screen when powering it on for the first time asking what search engine they would like to use."

The EU required changes around search engine defaults were introduced in Vista SP1 and mostly stemmed around third parties being able to completely replace the built in search engine (which, AFAIK, none of them subsequently did). Suggestions that there needed to be any kind of ballot for that were dismissed at the time, so don't hold your breath.

'Microsoft Research slides' show touch-enabled Office - report

El Andy

Re: I'm guessing whomever came up with this....

@Steven Raith: Office has supported Ink and touch input for years, but this is about making it work better. If you actually watch the presentation it is very explicitly NOT about replacing the keyboard and mouse, but augmenting them in scenarios where it is suitable to do so.

Charity: Ta for the free Win 8.1, Microsoft – we'll use it to install Win 7

El Andy

Re: Two weeks

@keithpeter: http://www.microsoft.com/about/corporatecitizenship/en-us/nonprofits/whos-eligible/

Cortana, remind me to patch Windows, IE, and Adobe gear next Tues

El Andy

The IE lifecycle is inherently tied to the version of Windows it is running on (because it's classified as an OS component), so IE anything on XP was and still is out-of-support when that emergency fix was released.

How Google's Android Silver could become 'Wintel for phones'

El Andy

Is it just me or does "Silver Standard" kind of sound like the lower quality option?

Atom, GitHub's code editor based on web tech, goes open source

El Andy

"As Emacs and Vim have demonstrated over the past three decades, if you want to build a thriving, long-lasting community around a text editor..."

.. you should probably get out more.

Apple tips Shiraz down all its techies' throats (that's the rumoured name for OS X 10.10)

El Andy

Re: Worked great for Windows 8, right?

Apple took out the Apple Menu (which the Windows 95 Start Menu was pretty much based on) in 10.0, the same time they added the dock (a weird Windows taskbar hybrid that didn't settle down to even vaguely consistent for at least three releases) and they seem to change the way Finder works in every version. Not to mention completely reversing mouse scroll direction for no apparent reason.

They're hardly the proponents for keeping things the same you seem to suggest.

Ouch... right in the Androids! Google hit by another antitrust sueball

El Andy

To get the Play store you have to default search to Google. Sure OEMs could also bundle another non default search app, but then OEMs were also free to bundle a non default web browser on PCs and that didn't stop Microsoft getting sued. And neither did the existence and continued development of a mainstream competitor, Mac OS, stop them being declared a desktop monopoly.

Google has had this coming for a long time, they're so like 90's Microsoft in their arrogance and general disregard for consumers that it's hard to believe it has taken this long.

Watch out, Yahoo! EFF looses BADGER on sites that ignore Do Not Track

El Andy

Re: Well that's all well and good, but...

Don't kid yourself, the ad companies have always wanted DNT to default off and be hard to change so they can claim everyone is opting in. And that includes Google.

Windows Phone: Just as well Microsoft bought an Android maker, RIGHT?

El Andy

"If you shop in the Google Play store, and don't side-load apps from random internet websites (after disabling the huge malware warning that Google present you), then you are just fine."

You are aware that numerous apps in the Google Play store have been found to contain malware, right?


And that is what people mean when they describe Android as having security problems.

Google's self-driving car breakthrough: Stop sign no longer a problem

El Andy

Re: But I wonder

Where I grew up we couldn't afford soccer balls and had to run out into the road to fetch our plastic bags instead. Casualties were high....

Friends don't let friends use Internet Explorer – advice from US, UK, EU

El Andy

Re: So is XP OK?

XP is mentioned because it's no longer supported, same reason it doesn't mention whether Windows 2000 is vulnerable. It's a reasonably safe bet however, given that Server 2003 is vulnerable, that XP is also vulnerable.

Microsoft reissues Windows 8.1 Update for enterprise customers

El Andy

Re: Well that's all well and good, but...

Typically with major updates like Service Packs and IE versions they'll roll them out as optional for everyone then gradually move them over to automatic installs in a staged process so as not to overload the servers and to give them a way out of issues start to arise.

Revoke, reissue, invalidate: Stat! Security bods scramble to plug up Heartbleed

El Andy

It's not TDD they've used, which could easily be lacking. It's a formal mathematical proof, which is a lot harder to do, but a solid guarantee that it works. I would suspect the F# code isn't necessarily that performant, but that's a better problem to need to solve, IMO.

El Andy

This highlights two issues with Open Source software

1) The whole "many eyes" things is just a complete myth. And worryingly the sheer belief that code is somehow under constant auditing is making developers complacent.

2) Because the nature of O.S. code is to share widely, vulnerable code can end up in lots of places and actually tracking them all down becomes a lot harder. We really need automated tools to scan open source codebases to find places where bits of open ssl code might well have ended up copy-pasted.

The real take away though is how poor the overall quality of a lot of security critical code is becoming these days. I notice that Microsoft have a TLS reference implementation written in F# that has been mathematically verified. Maybe applying formal proofs to key open source codebases, such as OpenSSL, is what really needs to start happening. As well as not using languages like C for this sort of thing, which we all know just carry far too many risks of introducing subtle bugs.

Uh oh! Here comes the first bug in the Windows 8.1 Update

El Andy

Re: Not just enterprise customers

Why is your friend using WSUS with Windows 8 Home. I mean i assume he must be since that's not only the only way he could possibly be affected by this bug, but also the only way he could have noticed that the client had stopped reporting in to WSUS.

Not just websites hit by OpenSSL's Heartbleed – PCs, phones and more under threat

El Andy

Not all clients are browers

There are a whole bunch of client applications out there that aren't web browsers. So the browser you're using might not be vulnerable, but the mail client, IM client, game with internet connectivity etc might well be exploitable. And unless you're prepared and able to check that every one has no OpenSSL dependency (or if it has, that it's been fixed), knowing that you're vulnerable is actually quite hard.

Still, can we at least declare this the end of the nonsensical "many eyes make all bugs shallow" meme that FOSS advocates have been touting for years?

Win XP usage down but not out as support cutoff deadline looms

El Andy

Re: MIcrosoft+Evil Greed

@Nigel 11:"Are similar deals in place with other governments and huge customers? "

Yes. In fact anyone can buy additional support and the bigger you are, the more clout you'll have to negotiate a bigger discount too.

Windows Phone 8.1: Like WinPho 8, but BETTER

El Andy

Re: Free?

@Ledswinger: "Bur Microsoft, make money from "free"? How?"

From apps sold in the Store, Xbox Music etc. Not to mention sales of full Windows 8 devices, given the whole Universal Apps thing.

Microsoft in OPEN-SOURCE .Net love-in with new foundation

El Andy

@Lapun Mankimasta: "I'd still like to see Microsoft release most of its obsolete OSes and software development environments and productivity software under the GPL v3"

Even if they wanted to, they couldn't, because the GPLv3 places a number of restrictions on what you can do in source code that are incompatible with existing software bases.

Back off, Siri! Microsoft debuts Halo beauty Cortana

El Andy

Re: Microsoft FAIL

Um, you may have missed it but Siri also uses Bing. HTH.

How Microsoft can keep Win XP alive – and WHY: A real-world example

El Andy

It's not just Microsoft who end up supporting XP

As a third party software developer, customers running XP is an additional expense for us. It means extra testing, having to find workarounds for APIs and technologies not supported by XP and adds a significant extra cost to doing business. However we can't really do much about that whilst Microsoft holds back the industry by propping up customers running an old PS. We essentially have to support XP at least as long as Microsoft do (and probably about a year or so later)

It's time has passed. Move on and let the world get better for it.

Microsoft issues less-than-helpful tips to XP holdouts

El Andy

Re: Linux?

@Mark Simon: "Linux, on the other hand, powers the majority of web servers and routers, which is why the Web is still working. Definitely worth targeting, I should have thought."

There are plenty of compromised Linux webservers on the internet.

El Andy

Re: Linux? @AC

@rm -rf/

"Linux does not log you in as root, which effectively is what Windows does by setting you up by default as administrator rather than a standard user."

For one thing, modern versions of Windows don't even act as "root" when you are logged in with an Administrator account, everything you run runs as a standard user unless you elect to do otherwise via a UAC prompt.

Furthermore, the issue most people actually face isn't "running as root". If you have a computer with a single user account, being root isn't really a big advantage. Most malware is perfectly capable of stealing data and doing whatever it feels like under a standard user account. And, for the record, Linux isn't really much better at protecting a user from applications/scripts they choose to run under their account, although it does make doing so marginally more difficult (which is akin to security through obscurity)

"And another windows howler is that it allows you to download and run an exe while in guest mode."

And Linux allows anyone to chmod +x anything in their home directory and run it. Your point is?

This changes everything: Microsoft slips WinXP holdouts $100 to buy new Windows 8 PCs

El Andy

Re: More effective.

@Vociferous: "I don't understand why Microsoft isn't offering a special "Upgrade From XP" version of Windows 8, with an instance of XP running in a secured hyper-v virtual machine."

They did that for Windows 7 (so called XP Mode), if the XP users didn't migrate then, why would they now?

Win XP holdouts storm eBay and licence brokers, hiss: Give us all your Windows 7

El Andy

Re: Maybe I'm missing something here...

@AC: "At the customer where this plant is operating a lot of the staff use Windows 8 displaying on 23in+ monitors. These are all recent graduates with 20/20 (or as near as) vision yet they insist in opening everything full screen. If gets really tedious to have to switch through 10+ apps to get to something that you want to refer to in another window when running decently sized windows (i.e. not full screen), for example a PDF manual. The moan like hell if they leave me alone at one of their desktop because I'll usually leave it with most of their full screen apps decently sized."

So Windows 8 is crap because it opens apps full screen, which the staff at the company all seem to prefer? Do you even realise how dumb that sounds?

In my experience, most non technical people use their computers with apps maximised. They always have done and generally always will. And I don't believe apps being full screen is nearly as problematic for the average user and some of the other interface changes have proven to be, despite what some of the internet rants would have you believe.

El Andy

Re: Viruses and malware

@Hairy Spod: "Fact of the matter is that the UI used by XP and many of the non Unity/Gnome3 Linux desktop environments are pretty much close to the optimal"

That's what people used to say about DOS. And then Windows 3....

Microsoft to push out penultimate XP patch on March Patch Tuesday

El Andy

Re: Is it done?

"Does this fix it? Is XP now of merchantable quality, after more than a decade of fixes?"

Security is a journey, not a destination, regardless of which OS you use.

El Andy

Re: Critical Internet Explorer vulnerability ..

Notepad could be uninstalled easily from XP. Internet Explorer, on the other hand...

Mostly because the Add/Remove Programs dialog box (amongst other things) is actually written in HTML on XP and rendered using IE.

Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge

El Andy

Re: Mozillidiots

@AC: "Their Firefox trademark is not free and they can choose to do what they want with it, charges or distribution."

Irrelevant. Trademark protection doesn't work like that, you can't just add arbitrary rules and assume they're legal requirements. In exactly the same way Coca-Cola can't insist that shopkeepers selling their product have to paint the walls blue.

Windows 8.1 becomes world's fourth-most-popular desktop OS

El Andy

Re: MS took that to heart and people still complain.

Because most of XPs problems stem from user mode and not the kernel (specifically the fact that, by default, users run with unrestricted Administrator tokens which bypass much of the OS security) and that's where many of the changes in Vista and beyond were.

It gets worse post-EOL, because an unpatched OS is always vulnerable to whatever the patch was for, regardless of how "secure" it is otherwise.

UK picks Open Document Format for all government files

El Andy

Re: Important change

Except that ODF has always been vague on numerous parts of the specification, leading to the exciting prospect of "standards compliant" documents that can only be reliably opened in whatever version of whatever software originally created them.


Fine! We'll keep updating WinXP's malware sniffer after April, says Microsoft

El Andy

Re: Will XP really "never be updated"?

Experience shows that the companies paying thousands of dollars for Microsoft to hotfix issues after extended support don't tend to leak them (try finding one for NT4 or Windows 2000 for example, it just doesn't happen). And they will only be paying for specific fixes to specific issues they encounter, not necessarily everything if they can mitigate it in other ways.

Remember, everyone said *exactly* the same thing about NT4 which loads of businesses were running past the end of support, often because they were assuming the same thing you are - that Microsoft would somehow have a last minute change of heart and extend support further. And Microsoft duly stopped providing updates, exactly as had always been claimed.

If you're running XP past the first patch Tuesday after EOL, I really hope you have it very much isolated from the internet, because it's going to be open season.

Italy's 'Google tax law' could fall foul of EU discrimination rules

El Andy

Re: Hmm

"Even if it were not found illegal under EU law (as I've been predicting it would be) all Google would need to do is appoint an agent in Rome, give him a 0.5% margin on all sales and still send all the cash to Ireland."

The way these avoidance scams work at the moment is that an Italian company, wanting to advertise on Italian websites go speak to an agent of Google in Italy. That agent negotiates prices etc and then, for no logical reason, the "sale" is completed in Ireland by someone the Italian company have probably never dealt with in any way shape or form, and Google get to pay Irish tax only.

What this law is, rather clumsily, attempting to do is force that final step to count as a sale in Italy - which 99% of people would probably agree it should be - and thus be subject to Italian taxation. This way big multinationals have to compete on a level playing field with smaller local companies who aren't in a position to play the system in the same way.

This particular implementation may be wrong and almost certainly tramples over a bunch of EU rules, but it's hard to disagree with the principles behind it, that companies should be subject to the tax laws in the countries they do business and not be able to simply divert profits to anywhere they like without consequence.

Microsoft now using next-gen Roslyn C#, Visual Basic compilers in house

El Andy

Of course it did, things like that end up being awfully bloated and slow with pretty much any kind of framework - because it isn't the kind of thing the framework is built to support. For more realistic apps, the difference drops significantly.

But since Rosyln can compile C# right down to native code (even as far as stripping out dependencies on the .NET framework libraries) and does things like whole program optimization (something the existing JIT compilers don't), you may well find it reduces your "Hello World" to something surprisingly small.


Biting the hand that feeds IT © 1998–2019