* Posts by MatthewSt

84 posts • joined 12 Jun 2013


Lawyers' secure email network goes down, firm says it'll take 2 weeks to restore


Re: Security vs Availability

I'm saying that your data can't be accessed by anyone if your system is offline.

Even the most insecure code in the world isn't going to leak data if your server goes down or is unavailable (DDoS or otherwise).


Security vs Availability

The only secure system is one that is not available

Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe


Re: GDPR says no

Let's just hope that they come forward to lodge a complaint then!

Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)


Re: exchange better than office 364 which still needs DNSSEC and DMARC

DMARC has been supported for a while - https://blogs.technet.microsoft.com/fasttracktips/2016/07/16/spf-dkim-dmarc-and-exchange-online/

There's some more docs on it here - https://docs.microsoft.com/en-us/office365/SecurityCompliance/use-dmarc-to-validate-email

Drone goal! Quadcopter menace alert freezes flights from London Heathrow Airport



Slightly confusing that a news story happening in the UK and published on a UK website gives the time of a tweet in PST first and then UTC in brackets. Just my opinion. :)

Attention all British .eu owners: Buy dotcom domains and prepare to sue, says UK govt


Re: Needs a local agent


If a job's worth doing...!

Blighty: We spent £1bn on Galileo and all we got was this lousy T-shirt


Woah there! Don't be letting facts get in the way of an EU piñata session! If they have to start telling the truth then they'll all be out of a job!

Sage CEO: £60m says we can convert more folk to Business Cloud


Re: If there's anything least suited to the cloud it's accountancy software

No upsides apart from access by multiple concurrent users (accountant and client) and portable use (being able to send invoices straight from a client's site through your phone). Not to mention the third party ecosystem and add-ons available.

With regards to "what happens if...?", what happens when your hard disk fries and, as a small business, you need to wait a couple of days for your shared IT contractor to arrive to sort the backup or new kit to be delivered?

Every system has advantages and disadvantages, and maybe the cloud isn't for you, but that doesn't mean it isn't for everybody.


Re: If there's anything least suited to the cloud it's accountancy software

That's _exactly_ why cloud is a good fit. You scale up for your busiest month and scale down for the rest of the year. Meanwhile your provider uses the capacity to cater for retailers on black Friday or super bowl, Christmas shopping, concert sales, and whatever else has peaks and troughs.

That's literally the main selling point of the cloud!

LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers


Hadn't heard of Bitwarden before, but I'm liking the look of it!

Joe Public wants NHS to spend its cash on cancer, mental health, not digital services


Re: Once again. Technology should *not* be a goal, but a tool to deliver what the people want.

I came to say just that too. IT should be an efficiency multiplier, and budgeted as part of whatever projects can use it

Azure, Office 365 go super-secure: Multi-factor auth borked in Europe, Asia, USA



Turns out it's only their MFA validation infrastructure that's flailing. If you whitelist your IP address (which we do for those of us with static IPs) here - https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx?culture=en-GB&BrandContextID=O365 - then it works fine

Congrats from 123-Reg! You can now pay us an extra £6 or £12 a year for basically nothing


Re: Oddly timed

Seconded. CloudFlare can't get into this soon enough!

Should a robo-car run over a kid or a grandad? Healthy or ill person? Let's get millions of folks to decide for AI...


Assuming the self driving car will never be at fault (big assumption I know) then why not just hit whoever was in the wrong?

I'd be pretty annoyed if a self driving car mounted the pavement and hit me because a bunch of kids ran out into the road! Whereas if I'd run out into the road it'd be my own fault.

There's a lot to be said for Darwinism

Memo to Microsoft: Windows 10 is broken, and the fixes can't wait


Re: QA Prestige

Too true. Only shoddy developers hate testers (and shoddy managers for that matter, if that's not a redundant phrase!)

UK.gov went ahead with under-planned, under-funded IT upgrade? Sounds about right


They probably already do double and double again

SMS 2FA gave us sweet FA security, says Reddit: Hackers stole database backup of user account info, posts, messages


Re: Should have used a hardware dongle

If it's a private key that exists on a dongle and never leaves the dongle (some form of challenge based auth) then there's little difference. Same goes for some app-based authenticator implementations.

Accounting software biz Intuit flogging bit barn to throw its lot in with AWS


Re: Burs[t]y workload

The tax deadline might be the same for everyone, but it's not the same time as the black Friday peak, or the Christmas rush, or the superb owl (as autocorrect calls it) so it's not like the capacity is idle the rest of the year

Et tu, Gentoo? Horrible gits meddle with Linux distro's GitHub code


Re: Everything is better in the cloud?

This won't be GitHub being hacked, this will be someone's account being used. Wouldn't make any difference whether it was on-prem or in the cloud

Azure storage adds static HTML website hosting



GNOMEs beat Microsoft: Git Virtual File System to get a new name




In other news, it's open source so why don't you write it yourself? Isn't that what the anti "micro-shaft" pro OSS movement believe?

If you're already on Git, then chances are you don't need this solution. It's designed to make working with humongous git repos bearable

Microsoft will ‘lose developers for a generation’ if it stuffs up GitHub, says future CEO


Re: Gitlab's 10x claims

The linked graphs show the normal traffic. It was about 10-100 repos per hour (very roughly averaged). Granted 10x was an understatement (they peaked at nearly 8000 repos in one hour) and they're still seeing higher traffic now, but it's likely to be a rounding error as far as GitHub's count is concerned

Still makes me chuckle that (currently) GitLab is hosted on Azure, so all these people that are "worried" that Microsoft are, at some point in the future, going to obtain their code are happy to hand it over to them now instead!

It's true – it really is grim up north, thanks to Virgin Media. ISP fined for Carlisle cable chaos


Re: Marketing

I'm on £36.50 per month for 200mb, phone line and the basic TV package. Add to that the discount for paying line rental in advance and it's easily favourable compared to the alternatives. Wouldn't mind a bit more upload though!

Open Internet lovin' Comcast: Buy our TV service – or no faster broadband for you!


Re: and now Comcast wants to come here

What do you mean "of things to come"? When I signed up for Virgin Media last year it was cheaper to take a triple play than just Internet!

Skype for Business has nasty habit of closing down… for business


Re: Why are people still on 32-bit windows

It probably won't be 32 bit Windows, just 32 bit Office. Traditional add-ons, ODBC drivers are 2 reasons why you can't run 64 bit office across the corporate world. And you can't mix and match Office apps

Europe dumps 300,000 UK-owned .EU domains into the Brexit bin



I'm expecting (hoping) that someone in the EU somewhere is making a note of everything we're complaining about losing, and puts together a proposal that says if we pay them £350 million a week* we can have access to it all. Might make people realise it wasn't such a waste after all!

* Yes I know that number is rubbish, but it'll be the only way we might actually get them to admit it if they have to turn around and say it wasn't costing that before!

$310m AWS S3-izure: Why everyone put their eggs in one region


Re: Pricing???

This argument seems to do the rounds quite often. On a small scale yes, you can do it for that price. However, you're missing the redundancy element here (so you need three to six times the number of disks that you want to store data for), you've not got any set-up costs (datacentre, the rest of the server you're running in) or running costs (power, cooling, connectivity to the rest of the world) which both need to be multiplied by three to six as well. Drives last about 4 years (https://www.backblaze.com/blog/how-long-do-disk-drives-last/), so on average you can expect to be replacing 25% of your disks per year.

It's the rest of the variables (power, staffing, space, taxes) which cause the difference in pricing in regions

There's a lot more than this, but that's the start of the difference between buying the storage outright and using a service

Sage advice: Avoid the Windows 10 Anniversary Update – it knackers our accounting app


Re: Sage has been like this since forever...

Not impossible though. Check out Movemybooks (Disclaimer: Gainfully employed by the operator of aforementioned service)

Microsoft: Our AI speech recognition mangles your words the least


Re: 6.3% eh?

Depends on your identification needs. With speech recognition you have a measurable goal which if you miss is very obvious, whereas with the 'seeing' for driving you only have a limited set of results. I don't care whether it's a person, another car or a tree. All I care about (from the car's perspective) is whether I'm going to hit it based on current trajectory. That would appear to be a lot simpler to get right than "Where can I find Sweden sour chicken?"

GitHub gets all grown-up with better code review, project management, etc


Open Source

"There are now over 19 million open source projects hosted on GitHub, with 5.8 million active users"

Just about sums it up really, more code than people out there!

Microsoft takes shot at Amazon as it wraps up UK cloud data centres



Here's hoping that there's an easier way to migrate services across datacentres than "do it yourself"


Already in the EU

From what we've been able to work out, mailboxes are automatically balanced around the Office365 network behind the scenes, so your email was probably already in Dublin or Amsterdam. With any luck there's already a plan to bring them to the UK. Microsoft would be saving themselves transit bandwidth if nothing else!

Let's Encrypt ups rate limits


Re: Maybe...

They'd reduce cert generation traffic yes, but they'd increase the amount of processing required on the certificate revocation list. Although I'd imagine this rate limit has less to do with server load and more just stopping people doing stupid things with it. How many certificates do the "paid for" providers let you issue and re-issue?

Once you get the SSL certificate set up to automatically renew you don't even notice, and it means that someone doesn't have to spend 1 day a year (or maybe 2 years) trying to work out how and where you go about renewing a certificate (which is what we used to have to do)

Microsoft adds PSTN business Skyping in Australia


Consumer vs Business

This isn't part of Skype's move from P2P to the cloud; That's only the consumer version. The Office 365 version has always been server-based (formerly known as Lync, formerly known as Office Communicator, formerly known as MSN Messenger)

MPs tell BT: Lay more fibre or face split with Openreach


The £10.5bn and £3bn are over the past 10 years. The £2.664bn is just last year.

Don’t let the Barmy Brexiteers wreck #digital #europe


Re: Aaargh

That's what Dave is betting on though, that you'll do the opposite of what he wants. He doesn't really want us to stay in Europe!

TeamViewer: So sorry we blamed you after your PC was hacked


If they wanted any of the information that you're claiming that they're after, they could actually analyse their own log files. When you login to TeamViewer where do you think your credentials are sent to (for verification)? When you establish a remote connection, which service do you think tells computer A the IP Address of Computer B (and in some cases actually provides a relay for the connection)?

A UK digital driving licence: What could possibly go wrong?


Re: It Bodes

Are you trying to argue here that having the driving licence on a phone is now more vulnerable to theft and abuse than having it on a piece of plastic in your wallet? Surely the thief who stole your phone is just as likely to have stolen your wallet? Except of course the wallet isn't going to have prompted him with a PIN code to open. (a more realistic problem is that they could possibly have logged in to your account).

Maybe the image could have been faked, but there could be supporting systems that the shopkeeper has access to to validate it independently of your device (or piece of plastic). An app on their phone (or till system) could validate the details against the central DB using some form of (bar/QR)code.

Microsoft joins the 1c/GB/month cloud storage caper


Re: Sounds good!

OK, we'll take those numbers. For redundancy (and a fair comparison) you need to be storing 6 copies of the data in two different locations. That puts us up to $3060 (or a 29 month ROI). Let's add some light IT maintenance to it of 1 day per year at $500 per day (because disks fail, stuff needs maintaining and monitoring). Also, I'm not sure what you're using the disk for, but everywhere I've worked doesn't like their disks to be running at 100% capacity so what does it do to the numbers if we run at 80% capacity (as it's pay per use)? All of a sudden you've got a 5 year ROI. As you said, this is before you start bringing in power, cooling, the hardware to run the disks on etc (but also before you factor in retrieval bandwidth costs for Azure too, as that will very much depend on the use case).

This ROI also isn't taking into consideration the fact that we have a $3k up front cost as opposed to a gradually increasing cost (again, pay per use) that tops out (in this example) at $100/month.

Yeah it's expensive if you're a home user wanting to keep your photos and documents safe, but for businesses where data integrity and reliability is key it's a lot closer to the cost they'd expect.

Broadband-pushers expand user piggyback rides on private Wi-Fi


Re: I am not

It's a shame you're getting downvoted for stating the facts (and the ideal use case for the system). It's more convenient than asking friends and family for the WiFi code as well if you can just hop on the public one!

Are second-hand MoD IPv4 addresses being used in invoice scams?



For it's VPN process, Logmein's Hamachi uses the 25.x.x.x range. I'm always surprised this hasn't caused a problem for it so far...!

Sneaky Microsoft renamed its data slurper before sticking it back in Windows 10


Re: @ MatthewSt

http://www.urbandictionary.com/define.php?term=wow%20just%20wow - just sayin' ;)



Just to clarify here, I'm not saying that the behaviour listed in the article is acceptable for a shipping product, I'm saying that there's not a chance that's what they're doing. We're living on a continent where it's now illegal to operate a website that places cookies on someone's computer without notifying them what a cookie is and what it's there for and promising not to track them so I don't think for one minute that if this data was being collected then they'd be getting away with it.

Yes there are lots of commentators out there that are saying this is what Microsoft are doing, but they're all quoting each other and there isn't actually any documentation or evidence of any kind about this. This particular article links to Reddit, a forum with no Microsoft staff present on it, and other Reg articles as "evidence" for what is going on. The quote from the website isn't on the page linked to, and it's not on the page that that links to either. The only official documentation they list in the support article is about the CEIP, which has been around for years and is for collecting crash dumps and stats.

Maybe I'll be proved wrong, maybe they'll get hacked and everyone's personally identifiable information will be out there all of a sudden and no one will be safe, or maybe all of a sudden they'll realise that I'm not interested in Sky TV (which wouldn't necessarily be a bad thing!) but I doubt it.


Phone Call and SMS Data

Yes, and this is one of the best bits. If my phone rings, a message pops up on my computer. I can then reply by text message.

I can do all of this even if I've left my phone at home or in the car, because this data is "collected". Microsoft aren't doing anything with it apart from using it to provide a service that I personally think is incredibly useful.


OK, should have probably specified that I meant Microsoft aren't a big player in the advertising space. I've got all of those options enabled and I have never seen an ad that looks targeted at me, based on gender, location, age, emails, conversation history etc


Re: re: Matthew St

That's the key though, telemetry is not personally identifiable information. As a developer (who doesn't work for Microsoft and doesn't get paid by Microsoft in any way shape or form) I think telemetry is a fantastic way to make your products better.

This is basically just the current version of Watson


Actually no. No affiliation with Microsoft apart from being a customer


Come on, using a third party quote from a preview version of Windows to demonstrate how bad privacy is in an older version of Windows?

Cortana knows my name so it can put it on the screen and on my phone. Windows uses it to put it on emails.

Windows knows my email address so I can log in, so it can download my emails, so I can buy stuff.

Everything else in that list is collected so that apps can be written to make use of the data, and so that the data can be synchronised across devices. Microsoft aren't in the advertising business so don't have the need or the inclination to mine personal data. I can't remember where I read it now, but I saw a quote the other week about Microsoft's health dashboard; Wearing a Band, Microsoft now have months of his sleep data and activity logs, and they haven't seen a single advert for pillows or gyms or whatever else.

Windows 10 is only bad for your privacy if you read the press. If you actually look at the options in the release build of Windows (previews don't count, as they have telemetry in for debugging, which is the whole point of the preview) you can disable anything related to personal information.

I know that facts ruin a good story, but Microsoft have published what they do and don't collect at https://www.microsoft.com/en-us/privacystatement/default.aspx and http://windows.microsoft.com/en-us/windows-10/windows-privacy-faq. If you think they're lying and are collecting more than they're stating, start a class action suit and take them to court. If there's any evidence out there then I doubt you'll have any problems getting people to jump on the bandwagon. Failing that, can we have some real stories?

128GB DDR4 DIMMs have landed so double your RAM cram plan


Re: Consumer version soon please

Trend sort of holds true with Windows 10 10586. One of the things it does is perform well with less RAM because it has vastly improved the logic for paging stuff in and out (using compression) - http://blogs.windows.com/windowsexperience/2015/08/18/announcing-windows-10-insider-preview-build-10525/

I'd imagine there's been some optimisations for general memory usage as well

Fuming Google tears Symantec a new one over rogue SSL certs


They are sort of their own CA. The kind of certificates that they get issued allow them to generate their own SSL certificates for whatever domain they fancy. They just have to make sure that they don't abuse it themselves


Biting the hand that feeds IT © 1998–2019