Apart from when your OS supplier stops supporting your OS, and your app vendor has long since gone bust or been sold/moved on and won't supply versions for a later OS. On prem/on cloud - you swap one set of problems for another set.
153 posts • joined 5 Oct 2009
The evolution of C#: Lead designer describes modernization journey, breaks it down about getting func-y
Re: A mess
Mah, maybe, maybe not. They've been explicit about what they're porting across (e.g. bits of WCF, no WF), and the Windows-specific bits you have to opt into with appropriate target framework monikers. .Net Framework is still fully supported so there's no reason to kill off your old WCF services - you probably don't need to add much to those old services that's going to require all the new bits of .Net 5.
It's a pragmatic choice; resource is finite, use it where the value is greatest.
Document? Library? A new kind of component? Microsoft had a hard time explaining what its Fluid Framework is
Re: "We treat Microsoft as a partnership"
Other examples -
Google buy Nest, Tony Fadell (Nest CEO and founder) and Greg Duffy (Dropcam CEO and founder, bought by Nest before they were bought by Google) leave saying it was a mistake to sell.
Facebook buys Whatsapp, Jan Koum (Whatsapp CEO and founder) leaves citing a clash over privacy concerns.
No idea why Microsoft are the only ones to get bashed on here - let's bash 'em all!
Where's your evidence? See https://cloudhesive.com/blog/amazon-continues-cut-aws-prices/ for a discussion of how AWS in particular dropped its prices more than 60 times in its first decade - other providers have done the same (they had to or go out of business). SLAs have been there from the start, although whether the penalties they'd have to pay to you for any outage are worth it to you is a personal choice. Redundancy and flexibility have been the most important benefits of cloud since day 1. I'd argue that costs - at least OpEx costs - are the least important reason to go to the cloud, and that the flexibility and redundancy you can get there are the most important, along with the changes in your CapEx costs.
Apples to oranges comparison
AWS RDS's high-availability failover between availability zones (AZs) isn't the same thing as geo-replication and failover between regions - it's all within a region. AWS has multiple AZs within each region and you're right, it's trivial (and a good thing) to replicate and failover between them. Azure is moving to a similar AZ model but has already had update domains and fault domains for a while which kinda-sorta gives you the same features, and which automatically give you similar within-region high availability for SQL Azure. Neither cloud had a super-simple, check-a-box cross-region high availability and failover capability, but Azure is now talking about its failover groups and active geo-replication features, which do give you genuine cross-region failover which is what you need for enterprise-level high availability.
It's important to know the difference between AZs and regions - some people seem to think that single region use of multiple AZs is all they need; for many purposes it probably isn't.
Multiple AZs is a good start, but that wouldn't help you in this case as an entire region went out. AZs help you with issues at an individual data center, but AWS/Azure/GCP roll out changes at a region level so you need to be multi-region to protect you from times when that kind of thing f***s up. And it will. It may be more cost effective for you not to bother, depends on your RTO/RTP requirements.
When you get into multi-cloud conversations, you're well into the law of diminishing returns.
Machine learning - state of the art
Is it just me, or does anyone else wonder why invitations to a machine learning conference aren't tightly targeted to those with the highest propensity to want to go based on previous behaviour across a range of dimensions, instead of just a catch-all article page aimed at everyone? :-)
It couldn't be that ML/AI is still only useful in more nice applications than the hype might suggest, surely?
Might explain why I'm followed round t'internet by adverts for things I've already bought or have no intention of buying now I've done a little bit of research on them... Artificial "Throw it all out there, see what sticks" might be a more accurate description for much of this right now...
"You could spread across several different clouds, across in-house and cloud, across in-house, externally-hosted and cloud. But a particular cloud is ONE point of potential failure."
Depends which cloud. Go to one of the big boys - AWS or Azure say - and you'll get a data centre network with the capability* for you to host and run your applications with proper and complete redundancy and fault tolerance built in. Go to one of the relative minnows who have been bought and sold by a bunch of VCs with costs stripped to the bone each time and you'll get what you pay for. For better or worse this whole sector is becoming like the big supermarket chains vs the Mom'n'Pop corner stores - the bigger guys do it mostly better and cheaper, but diversity dies.
* although they give you the capability to do it right, they're kind enough to let you do it wrong if you are so inclined, so you'll be just as vulnerable to this kind of failure unless you tick the right boxes on the web console too
Re: Isn't cloud supposed to be fault tolerant?
It isn't supposed to be magic, just fault tolerant. Magic would be preventing anything failing ever - no-one who knows anything about Cloud, including the vendors, say they have that kind of magic. Fault-tolerant means providing capabilities to hide, mitigate and recover from failures. Cloud vendors do say that you need to build and architect applications to expect failures, and they provide lots of capabilities to allow you to do that. For example, AWS separates each region into Availability Zones (think "isolated data centre") and specifies that the way to get high availability and fault tolerance is to split your application hosting over at least two AZs. How difficult is it to do that? Basically check a few boxes in the web console or add a parameter to a couple of CLI/API commands.
It is completely trivial to get an application running on servers in multiple AZs talking to a database that has a master in one AZ which is real-time replicated to a read-only replica in another AZ, and then to promote that replica to be the master automatically in case of failure. Do that, and problems like the one mentioned here are barely noticeable. AWS (and Azure and GCP do similar things) handles high-speed connections, load balancing and automatic data replication between AZs for you. This handles issues with a single data-centre going down very elegantly.
Occasionally entire regions do go down, but *almost* never multiple regions at the same time. If you want to be clever and super-fault-tolerant, you build your application to work over multiple regions, not just multiple AZs. That isn't quite as trivial due to having to understand the data replication model - single-master, multi-master, eventually consistent, plus issues like latency etc. but there are good patterns out there to allow that, and if you are building from scratch rather than lifting-and-shifting and can take advantage of some of the globally-replicated NoSQL services all platforms provide then the problem largely goes away.
And yes, if you're super-super-paranoid, you can even build a multi-cloud-provider solution. That definitely isn't easy. Or cheap. But then that hasn't changed from the old on-prem days.
As a trivial example of why it's a GOOD thing to encrypt all pages, even ones that don't have a form on them to collect your data, consider this: You have a bunch of pages that just have some content on them, no forms. They DO have a link to your login page (which itself uses HTTPS). Without HTTPS, it's very simple for requests for those content-only pages to be intercepted and altered before they're sent on to the customer - so the customer receives all the same content with a login link which looks the same but which now actually sends the user to a malicious site which harvests his/her login details.
Re: Am I the only one who doesn't really have a clue what blockchain is?
By being wrong (or at least focusing on a specific use case built on top of blockchains rather than on blockchains themselves) I think you've absolutely perfectly summed up the situation. I *think* I know roughly what they are, but I'm still waiting for that Eureka moment where I understand what all the fuss is about. At the moment, to me it sounds like a different type of mousetrap, but I don't understand why some people think it's a better type of mousetrap.
"Build a better mousetrap, and the world will beat a path to your door"
There's a bit of a misunderstanding going on here - Capita's market cap (# of shares * share price) has just fallen £800m. Sounds dreadful! But this is on the back of them saying they're going to issue £700m of new shares - new shares don't create new value, they dilute the value of existing shares, and that's (mostly) what's just been priced in. So market cap as measured by shares*price falls $800m now in anticipation of more shares, assuming the share price stays the same when the new shares are issued the market cap as measured by shares*price will rise £700m, net fall £100m. Nowhere near as disastrous.
That is an assumption, mind! And I'm not defending Capita, I've had horrendous service from them in the past too.
See http://www.bbc.co.uk/news/business-42885211 for more analysis on the share price fall, explaining better than I just did why it's not as bad as it looks at face value.
I'd love to agree - that's why I bought a Roku streaming stick a few years back and why I want another one. You can get all the services on a single, cheap device which allows you to really shop around for which services you want to subscribe to. However, in the UK at least Roku have virtually pulled out; none of their latest generation products are officially available and the grey-market imports you can get don't support important local services like BBC iPlayer. Instead Roku make the locked down, completely crippled NowTV box for Rupert Murdoch. Such a shame.
Corporate locked-down environment
I wonder if this will help me get around the locked-down nature of my corporate IT environment and infrastructure, where it can take months to get access to the most basic of external web-based resource? And if it does, is that a good or a bad thing? Good for productivity, bad for security...?
Re: moving functionality from the server side to the client “brings its own security challenges”.
Totally agree - validation etc. on the client is purely to help improve user experience; it needs to be replicated on the server to be any kind of guarantee that it's doing what was intended. And yep, I also agree that there are too many inexperienced web developers out there who don't appreciate that. I'm being polite and swapping "inexperienced" for "idiot" :)
"...Accenture, co-founded by Microsoft..."
Accenture wasn't co-founded by Microsoft at all. Accenture came out of the Arthur Andersen accountacy firm and in it's earliest incarnation began in the 1950's, long before Microsoft was created.
Accenture and Microsoft do have a joint venture they started together called Avanade, and like all big consultancies Accenture is an accredited Microsoft partner. LIke they are with over 100 other companies (including Red Hat, Software AG and IBM) as listed here: https://www.accenture.com/gb-en/alliance-ecosystem
Re: Well, points for making it work I guess
Clearly a clever guy so kudos as you say, but you have to ask what more useful things he could have done with that time and effort...
From the article: "he's only made aware of Slack happenings that mention him by name or suggest things he really needs to know about, such as “whenever something explodes in the server"
Wouldn't it have been easier for him to just set his notification preferences to only alert him to mentions of his name, and to set up appropriate channels for live alerting?
Re: An admirable effort.
Anyone who doubts the value of HTTPS should see Troy Hunt's course on Pluralsight - https://www.pluralsight.com/courses/https-every-developer-must-know. In fact, forget the "anyone who doubts..." bit. Everyone should see Troy Hunt's course on Pluralsight (other providers are no doubt available, I have no commercial relationship with either Troy or Pluralsight, etc. etc. blah blah blah)
HTTPS is a necessary component of a secure web. It is not however a sufficient component. So yes, HTTPS == safer, HTTPS != safe
Re: Hey, did you know the editor could do that automatically?
Re: Rather unfortunately named assistant
It was David Banner who Bixby played, not Bruce. Although apparently on his gravestone (ooops, spoiler alert) it became "David Bruce Banner". Theories abound as to why... https://scifi.stackexchange.com/questions/91702/why-was-bruce-banner-named-david-banner-in-the-old-tv-show
Nation state grade
I'm loving seeing the "nation-state grade software" phrase thrown around. Would anyone rush out to buy a nation-state grade wordprocessor? The nation-state grade website I have to use to fill in my tax returns isn't exactly a shining example of the state of the art. This stuff must come from those 'other' government-paid devs, yeah? You know, the really good ones. :-)
Yes, this is (mostly) a joke. I know it's serious stuff!
Re: Java is so easily messed up... just put spaces in a path or a password...
I was tempted to downvote you for providing factually correct and interesting information plus links to external sources on a Reg anti-MS flame thread, but couldn't quite bring myself to do it... Give it time, I'm sure someone will! :)
Re: The Force Awakens is just a bad movove
Totally agree about the villain being central to any good Star Wars movie. Episode 1 had Darth CutInHalfAfter5MinutesScreenTime who looked badass till he fell apart. Episodes 2 and 3 had the Emperor to hold them together but he was still hiding in plain sight so wasn't moment-by-moment scary and he had not-quite-Darth Overacting to compensate for anyway. Episode 7 had a prefect from Slytherin as the villain *and* he lost a laserbat fight to a completely untrained opponent when he wasn't crying about how badly treated by his parents he was - wuss! Episode 3.9 ('cos it's closer to 4 than 3) had a completely mental, ass-kicking Darth Vader back in full "you took my last Rolo ya bastich" mode and that's the point that had me stood up and cheering! Finally a top-class baddy again. LONG overdue!