Posts by chuBb.

repton is still awesome that is all

Re: Any setup friction can be a killer

Lol i deleted the sentance where i mentioned average user stupidity , but even then at a previous employer all metrics we cared about in the app store improved when we consolidated flavored varients of the app to a single one. The only thing that took a short term hit (until the seo and brand awarness improved) was dumbasses purchasing the wrong version, then wanting a refund so one metric took a hit on income but as that income was refunded anyway all it did was show the old head of sales and marketings figures to be suspect anyway

The big improvement we gained though was the copycat and malware spoofs of our app suddenly stood out like sore thumbs so overall helped us even if it meant a few people gave up when having to identify what flavor they needed

Personally i cant think a valid reason for offering 3 flavors of the same app, just have a first launch screen which displays the supported logo's of av manufacturer for the user to choose from, then run the company specific discoverary, seo your one app listing properly, rather than use spammy malware ad fraud tactics

Some probably, but more to do with trans atalantic and north sea cable drops i suspect, i.e. they already have huge fibre bundles to tap into so it would be a case of run a mile or 2 fibre to closest exchange which wouldnt other wise be economically viable to light up

Re: Welcome to the 90s

Meh Npm is just a me2 package manager for those who thought Ruby on rails was more than a flash in the pan and then jumped ship to node, who are furiously reading python for dummies now to be at the vanguard of medium techno regurgitation articles, while working out of Starbucks playing at startups. Everyone else just gets on with it using boring c#, java, c or for those who know no better php (come back vbscript all is forgiven, honestly maintaining an asp classic site I developed 20 years ago was so much less brain damaging than trying to get a filter box to default to closed in the current woocommerce codebase (my own fault should refuse to help friends))

So ramble aside I fully agree ;)

Re: From my understanding...

Or a lan party...

Physical access usually means in this context connected to same switch/subnet/lan, has no need to transit a firewall, or c$ is open and accessable , not physical access is required as the device is air gapped, accessible only through 5 vault doors and 100m under ground

Re: Any MS devs looked at this?

Use it in production and its very good for what I use it for.

Bit of a faff to get started but that's more the. Net core learning curve than Linux, so learn on windows then when ready try a deployment to Linux. Docker massively simplifies here especially with the embedded framework option, it's basically the same idea as embedding the jre in a java app to side step framework incompatibilities. When you update the framework just push the container to your repo and update it on the server all pretty self contained. Oob the vs Linux experience is a bit rough but no worse than configuring a lamp/lemp stack and nothing stopping you modifying the proje t templates

Re: MS Access for Linux

How I wish I was dealing with asp classic and access everytime I have to maintain a crappy lamp app its the mysql bit I hate the most truly makes access look like a competent dB at least it had built ways of doing differencing backups... Everytime I find mysql I ask myself why not postgres did the original dev avoid because they couldn't pronounce it or copy paste the outdated snippet from php docs??? , at least asp classic burned Dsn config into my brain, ironically only place I use that tech these days is on *nix via unixodbc & freetds/ms sql Linux driver....

Your talking about mac users here, they are pretty attached to the it just works attitude, plus with the terrible mice that come with macs one less click is a good thing probably.

All told very dumb workaround to keep the it just works of a mac going

Its as old as the internet, its not even like this is first time its been an "epidemic" was hard to move on angelfire (geocities seemed to be more proactive at pr0n blocking) for all the Gillian Anderson, Terri Hatcher, Buffy, DS9 and 7of9 nudes in the mid to late '90's

Of course the difference was it required photo editing skills and wasnt a drag and drop spit it out 0 legitimate use software

And their in lies the problem, for every one of us that does change a config, isnt scared off by "here be dragons" messages, there will be 1000000 users who accept the default

Not missing the point at all, fact is that the number of VPN users is dwarfed by the number of chrome (and by extension chromium based browsers) and firefox users, DoH will be an automatic default for those users, hence a much bigger problem than VPN's; as VPNs have to be activly setup, where as DoH would be a passive setup

If their is a crack down on commercial VPN providers then it will only be a formalisation of existing law forcing them to provide logs on court order, and if they did overstep the mark then users will configure their own or just run a vpn box on aws hosted in a US region, lifehacker will have dozens or articles on how to set it up. It would be impossible to ban or even regulate VPN's as the economic damage would be to great, inter office comms made illegal, secure transport of patient records between hospital and surgery gone, etc.

The fundamental flaw in the "they will ban vpns" argument is that its like saying "Ban roads to stop drivers speeding" a VPN is a transport, DNS is a protocol, legislating against traffic is a wholly different proposition to legislating on how the traffic is carried, regulating DoH is much more like saying mini moto bikes are not road legal and are not allowed on the roads (but their is nothing we can do stop people from doing that of they dont get caught). The real govt (civil service, not the who do you want lying to you popularity contest winners going for the click bait think of the children attention grabbers arguments) fear in my opinion is a ceding of control of domestic surveillance to the NSA as both the major infrastructure providers are US companies and accepting what ever evidence you gain may have been altered as it didnt come from your direct tap...

Interesting you mention the pr0n farce, fully agree with you, if and when it comes into effect (i also believe as currently intended is utterly impossible) it will only effect those that pay for porn online, and what comes into effect will be so watered down as to be effectively optional

DNS over HTTPS differs quite a lot from a VPN

VPN's provide you with an encrypted tunnel between point a and point b depending on how they have been configured depends what traffic gets routed to them, i.e. most remote access vpn's provided by an employer would only direct traffic destined for corporate subnets i.e. all traffic to 172.16.0.0/16 will go via the VPN, unless they are set to replace your default gateway/route when all traffic goes via the VPN (which is good for paranoid employers as all requests can go through their content filters, just crap for end user as your connection will be slower especially if you have a 50Mb+ connection at home and a crappy 20Mb line at the office....). DNS requests sent via VPN are still plain text in terms of protocol just the transmission is encrypted, and still susceptible to monitoring/filtering once they exit the tunnel.

DoH on the other hand (from a high orbit viewpoint) stuffs the UDP payload of a DNS request into a TCP HTTPS request on the client, which is transmitted using TLS (SSL is dead, deprecated should not be used, only exists as an acronym for spotting people who either used to know what they were on about or never knew in first place) to a centralised proxy controlled by the browser maker (google or mozilla here) which accepts the HTTPS request, decodes the payload and performs a normal DNS lookup, which then sent back as a HTTPS reply to the client, which decodes the DNS response and handles as usual.

Essentially its protocol stuffing and open to debate if its a good thing to move away from a decentralized name system, back to something similar to the walled gardens of AOL and Compuserve from the time that every publication came with a set of coasters.... although that reality is a way down the rabbit hole, its not unreasonable to expect google to game responses with paid for preferential results etc. The tricky bit is that by making it a client feature it can and will by pass the network config of the host, i.e. by default chrome would make DoH requests and you would have to go about:config diving to disable this (each and every auto update) and use the DNS configured on your adapter, which unless you have overiden your ISP's defaults will be their name servers. (this could also make life tricky inside enterprises running a split brain DNS for intranet access using the corp domain name)

Re: Or you could

I could but as I mentioned I mainly use the domain for family email addresses, and as I'm extended family tech support (wearing the "I will not fix your computer" t shirt to family gatherings didn't have intended effect) it's much easier to find missing emails for great aunty Doris whose fat fingered friends have forwarded some chod to drois@....

Yeah, no

three things

1) social media, i do not

2) Would be wide open to civil suits

3) As this is very sensitive information all i would do is hurt the customers (im talking sheltered housing, old folks homes, hospitals, banks, small businesses etc.) who have done nothing wrong than assume the security company gave a flying f about digital security, and even then the core of the problem seems to be US set policy from the parent company

Just the responsible thing to do, what distresses me more is why stuff like that is not sent encrypted, or even in a pass word protected zip to ya know put a speed bump in the way of casual observers... ho hum

At one point i even went as far as having an automated reply of "this is not the domain you are looking for", all that did was make them double down on the attempts to send it to the wrong address

See my post below, but thats par for the course with them, i have been trying unsuccessfully for years to try and get them to educate their technicians on what the correct email address is to use, hint its not one that ends up in one of my catch all accounts!