* Posts by Ian 7

153 publicly visible posts • joined 5 Oct 2009


Reg reader rages over Virgin Media's email password policy

Ian 7

Re: Virgin, bringing you the barely-adequate security from 2002

According to https://d1rytvr7gmk1sx.cloudfront.net/wp-content/uploads/2022/03/Hive-Systems-Password-Table-1-770x346.jpg?x54432 you're looking at 3 days with modern 2022 hardware with local decryption. Given how rubbish Virgin's consumer email passwords are, what's the betting that someone's got access to the database and is cracking the hashes directly?

Microsoft bins Azure Blockchain without explanation, gives users four months to move

Ian 7

Apart from when your OS supplier stops supporting your OS, and your app vendor has long since gone bust or been sold/moved on and won't supply versions for a later OS. On prem/on cloud - you swap one set of problems for another set.

For every disastrous rebrand, there is an IT person trying to steer away from the precipice

Ian 7

At least some Americans were aware of the implication - as anyone who knows Peggy Bundy's maiden name and home county might remember.... Married with Children was first broadcast back in 1987.

The evolution of C#: Lead designer describes modernization journey, breaks it down about getting func-y

Ian 7

Re: A mess

Mah, maybe, maybe not. They've been explicit about what they're porting across (e.g. bits of WCF, no WF), and the Windows-specific bits you have to opt into with appropriate target framework monikers. .Net Framework is still fully supported so there's no reason to kill off your old WCF services - you probably don't need to add much to those old services that's going to require all the new bits of .Net 5.

It's a pragmatic choice; resource is finite, use it where the value is greatest.

Ian 7

"And if that's in any way indicative of how your company conducts interviews, I think he'd be glad to have dodged a bullet..."

I was just thinking exactly the same...

Document? Library? A new kind of component? Microsoft had a hard time explaining what its Fluid Framework is

Ian 7

OLE, oh-lay oh-lay oh-lay (and not forgetting OpenDoc)

Compound documents again anyone?

It's Hipp to be square: What happened when SQLite creator met GitHub

Ian 7

I hate Git

... but I hate it a bit less than the alternatives (caveat - the alternatives I'VE TRIED)

Microsoft's cloudy Windows Virtual Desktop: It fills a gap, but there are plenty of annoyances

Ian 7

Re: No.

Did you miss the double negative there? "Doesn't mean you never" is the same as "means you sometimes have to", and how important your stuff is defines whether "sometimes" applies to you or not

Microsoft? Oh it's just another partnership, insists GitHub CEO

Ian 7

Re: "We treat Microsoft as a partnership"

Other examples -

Google buy Nest, Tony Fadell (Nest CEO and founder) and Greg Duffy (Dropcam CEO and founder, bought by Nest before they were bought by Google) leave saying it was a mistake to sell.

Facebook buys Whatsapp, Jan Koum (Whatsapp CEO and founder) leaves citing a clash over privacy concerns.

No idea why Microsoft are the only ones to get bashed on here - let's bash 'em all!

Microsoft slaps the Edge name on SQL, unveils the HoloLens 2 Development Edition

Ian 7

Re: Linux only for now

From that article you linked to - "Microsoft has admitted to something that used to be unthinkable: using Linux to run SOME of its own operations" (my emphasis)

There are still an army of Windows servers running Azure, and also some Linux ones.

Moneybags Buffett on ditching Oracle stake: I don't think I understand where the cloud is going

Ian 7

Where's your evidence? See https://cloudhesive.com/blog/amazon-continues-cut-aws-prices/ for a discussion of how AWS in particular dropped its prices more than 60 times in its first decade - other providers have done the same (they had to or go out of business). SLAs have been there from the start, although whether the penalties they'd have to pay to you for any outage are worth it to you is a personal choice. Redundancy and flexibility have been the most important benefits of cloud since day 1. I'd argue that costs - at least OpEx costs - are the least important reason to go to the cloud, and that the flexibility and redundancy you can get there are the most important, along with the changes in your CapEx costs.

'Occult' text from Buffy The Vampire Slayer ep actually just story about new bus lane in Dublin

Ian 7

Have some Faith!

OK, Google. Music in 2019 isn't what it was, but Play nice, will ya?

Ian 7

All the best music was written before 1988 anyway


Microsoft tells volume customers they can stay on Windows 7... for a bit longer... for a fee

Ian 7

Re: Microsoft is giving people some extra time...

Different product, same (or at least, related) branding. Not the same thing at all, really, other than they can both edit text files.

Google Chrome: HTTPS or bust. Insecure HTTP D-Day is tomorrow, folks

Ian 7

Re: stuck on HTTP

Troy Hunt also did an excellent Pluralsight course on what developers need to know about HTTPS. If you've got an account, it's definitely an eye opener

Azure promises to keep your backups safe and snug for up to 10 years

Ian 7

Re: Up to

Don't be daft, it means you can choose any retention period up to 10 years. This is a little bit different than consumer-level service offerings like £20/month ISP deals or free Dropbox.

Ian 7

Apples to oranges comparison

AWS RDS's high-availability failover between availability zones (AZs) isn't the same thing as geo-replication and failover between regions - it's all within a region. AWS has multiple AZs within each region and you're right, it's trivial (and a good thing) to replicate and failover between them. Azure is moving to a similar AZ model but has already had update domains and fault domains for a while which kinda-sorta gives you the same features, and which automatically give you similar within-region high availability for SQL Azure. Neither cloud had a super-simple, check-a-box cross-region high availability and failover capability, but Azure is now talking about its failover groups and active geo-replication features, which do give you genuine cross-region failover which is what you need for enterprise-level high availability.

It's important to know the difference between AZs and regions - some people seem to think that single region use of multiple AZs is all they need; for many purposes it probably isn't.

Microsoft Azure Europe embraced the other GDPR: Generally Down, Possibly Recovering

Ian 7

Re: Absolutely

Multiple AZs is a good start, but that wouldn't help you in this case as an entire region went out. AZs help you with issues at an individual data center, but AWS/Azure/GCP roll out changes at a region level so you need to be multi-region to protect you from times when that kind of thing f***s up. And it will. It may be more cost effective for you not to bother, depends on your RTO/RTP requirements.

When you get into multi-cloud conversations, you're well into the law of diminishing returns.

MCubed: Speaker lineup shows how to put ML and AI to work

Ian 7

Machine learning - state of the art

Is it just me, or does anyone else wonder why invitations to a machine learning conference aren't tightly targeted to those with the highest propensity to want to go based on previous behaviour across a range of dimensions, instead of just a catch-all article page aimed at everyone? :-)

It couldn't be that ML/AI is still only useful in more nice applications than the hype might suggest, surely?

Might explain why I'm followed round t'internet by adverts for things I've already bought or have no intention of buying now I've done a little bit of research on them... Artificial "Throw it all out there, see what sticks" might be a more accurate description for much of this right now...

HostingUK drops offline after losing Farmer vs Fibre competition

Ian 7

Re: DR

"You could spread across several different clouds, across in-house and cloud, across in-house, externally-hosted and cloud. But a particular cloud is ONE point of potential failure."

Depends which cloud. Go to one of the big boys - AWS or Azure say - and you'll get a data centre network with the capability* for you to host and run your applications with proper and complete redundancy and fault tolerance built in. Go to one of the relative minnows who have been bought and sold by a bunch of VCs with costs stripped to the bone each time and you'll get what you pay for. For better or worse this whole sector is becoming like the big supermarket chains vs the Mom'n'Pop corner stores - the bigger guys do it mostly better and cheaper, but diversity dies.

* although they give you the capability to do it right, they're kind enough to let you do it wrong if you are so inclined, so you'll be just as vulnerable to this kind of failure unless you tick the right boxes on the web console too

AWS outage killed some cloudy servers, recovery time is uncertain

Ian 7

Re: Isn't cloud supposed to be fault tolerant?

It isn't supposed to be magic, just fault tolerant. Magic would be preventing anything failing ever - no-one who knows anything about Cloud, including the vendors, say they have that kind of magic. Fault-tolerant means providing capabilities to hide, mitigate and recover from failures. Cloud vendors do say that you need to build and architect applications to expect failures, and they provide lots of capabilities to allow you to do that. For example, AWS separates each region into Availability Zones (think "isolated data centre") and specifies that the way to get high availability and fault tolerance is to split your application hosting over at least two AZs. How difficult is it to do that? Basically check a few boxes in the web console or add a parameter to a couple of CLI/API commands.

It is completely trivial to get an application running on servers in multiple AZs talking to a database that has a master in one AZ which is real-time replicated to a read-only replica in another AZ, and then to promote that replica to be the master automatically in case of failure. Do that, and problems like the one mentioned here are barely noticeable. AWS (and Azure and GCP do similar things) handles high-speed connections, load balancing and automatic data replication between AZs for you. This handles issues with a single data-centre going down very elegantly.

Occasionally entire regions do go down, but *almost* never multiple regions at the same time. If you want to be clever and super-fault-tolerant, you build your application to work over multiple regions, not just multiple AZs. That isn't quite as trivial due to having to understand the data replication model - single-master, multi-master, eventually consistent, plus issues like latency etc. but there are good patterns out there to allow that, and if you are building from scratch rather than lifting-and-shifting and can take advantage of some of the globally-replicated NoSQL services all platforms provide then the problem largely goes away.

And yes, if you're super-super-paranoid, you can even build a multi-cloud-provider solution. That definitely isn't easy. Or cheap. But then that hasn't changed from the old on-prem days.

Facebook furiously pumps brakes on Euro probe into transatlantic personal data slurping

Ian 7

GDPR is being enshrined in UK law, regardless of Brexit. Granted, they "could" more easily be changed further down the line, but from day 1 of Brexit we'll still be subject to GDPR.


We wanted a camera, they gave us the eye of Gemini – and an eSIM

Ian 7

Dr Janko Mrsic-Flogel

Is the Planet CEO Dr Janko Mrsic-Flogel the same Dr Janko Mrsic-Flogel who is CTO of the ZX Spectrum mob Retro Computers Ltd? Or, you know, a completely different Dr Janko Mrsic-Flogel?

Powerful on a Scrabble board, he is!

Galileo, Galileo, Galileo, off you go: Snout of UK space forcibly removed from EU satellite trough

Ian 7

Re: #headdesk

"la la les passeports bleu!", surely ? :)

Use of HTTPS among top sites is growing, but weirdly so is deprecated HTTP public key pinning

Ian 7

Watch https://www.pluralsight.com/courses/https-every-developer-must-know and make up your own mind. If you haven't got a Pluralsight subscription, the TL;DR is "yes, there's every point in pretty much everything going HTTPS".

From July, Chrome will name and shame insecure HTTP websites

Ian 7

Re: Meh

As a trivial example of why it's a GOOD thing to encrypt all pages, even ones that don't have a form on them to collect your data, consider this: You have a bunch of pages that just have some content on them, no forms. They DO have a link to your login page (which itself uses HTTPS). Without HTTPS, it's very simple for requests for those content-only pages to be intercepted and altered before they're sent on to the customer - so the customer receives all the same content with a login link which looks the same but which now actually sends the user to a malicious site which harvests his/her login details.

If HTTPS is mandated for all pages, that kind of attack just cannot happen. HTTPS doesn't just protect data that you send, it guarantees that the data (i.e. the HTML/Javascripts) that you've received is what was intended by the site owner.

The blockchain era is here but big biz, like most folk, hasn't a clue what to do with it

Ian 7

Re: Am I the only one who doesn't really have a clue what blockchain is?

By being wrong (or at least focusing on a specific use case built on top of blockchains rather than on blockchains themselves) I think you've absolutely perfectly summed up the situation. I *think* I know roughly what they are, but I'm still waiting for that Eureka moment where I understand what all the fuss is about. At the moment, to me it sounds like a different type of mousetrap, but I don't understand why some people think it's a better type of mousetrap.

"Build a better mousetrap, and the world will beat a path to your door"

Just can't catch a break, can ya, Capita? Shares tumble 40% amid yet another profit warning

Ian 7

There's a bit of a misunderstanding going on here - Capita's market cap (# of shares * share price) has just fallen £800m. Sounds dreadful! But this is on the back of them saying they're going to issue £700m of new shares - new shares don't create new value, they dilute the value of existing shares, and that's (mostly) what's just been priced in. So market cap as measured by shares*price falls $800m now in anticipation of more shares, assuming the share price stays the same when the new shares are issued the market cap as measured by shares*price will rise £700m, net fall £100m. Nowhere near as disastrous.

That is an assumption, mind! And I'm not defending Capita, I've had horrendous service from them in the past too.

See http://www.bbc.co.uk/news/business-42885211 for more analysis on the share price fall, explaining better than I just did why it's not as bad as it looks at face value.

Tech giants at war: Google pulls plug on YouTube in Amazon kit

Ian 7

Oooh didn't know that - thanks for the tip! Android-only and music-only for the moment, but hopefully a step in the right direction. iOS and video support next would be great...

Ian 7

I'd love to agree - that's why I bought a Roku streaming stick a few years back and why I want another one. You can get all the services on a single, cheap device which allows you to really shop around for which services you want to subscribe to. However, in the UK at least Roku have virtually pulled out; none of their latest generation products are officially available and the grey-market imports you can get don't support important local services like BBC iPlayer. Instead Roku make the locked down, completely crippled NowTV box for Rupert Murdoch. Such a shame.

Will you be on Cloud9? AWS emits cloudy code editor it nabbed last year

Ian 7

Corporate locked-down environment

I wonder if this will help me get around the locked-down nature of my corporate IT environment and infrastructure, where it can take months to get access to the most basic of external web-based resource? And if it does, is that a good or a bad thing? Good for productivity, bad for security...?

It's 2017, and command injection is still the top threat to web apps

Ian 7

Re: moving functionality from the server side to the client “brings its own security challenges”.

Totally agree - validation etc. on the client is purely to help improve user experience; it needs to be replicated on the server to be any kind of guarantee that it's doing what was intended. And yep, I also agree that there are too many inexperienced web developers out there who don't appreciate that. I'm being polite and swapping "inexperienced" for "idiot" :)

We had a guy apply for a job here recently who was after £60K plus benefits, which he said was a significant pay CUT from what he'd been earning in California and London, and who could boast on his CV that he'd got experience with cool stuff like Ethereum plus every Javascript framework you could care to mention, but who had no clue how to write a secure application, nor one that was scalable or highly available. Apparently "the framework takes care of that". Knob!

New UK aircraft carrier to be commissioned on Pearl Harbor anniversary

Ian 7

Re: Pearl Harbour

Sadly they didn't quite mange to sink Michael Bay's career, 60 years later

Apple whispers how its face-fingering AI works

Ian 7

Re: Blast from the past

Don't mention the wireless charging on the 920 several years before that... :-)

Munich council: To hell with Linux, we're going full Windows in 2020

Ian 7

"...Accenture, co-founded by Microsoft..."

Accenture wasn't co-founded by Microsoft at all. Accenture came out of the Arthur Andersen accountacy firm and in it's earliest incarnation began in the 1950's, long before Microsoft was created.

Accenture and Microsoft do have a joint venture they started together called Avanade, and like all big consultancies Accenture is an accredited Microsoft partner. LIke they are with over 100 other companies (including Red Hat, Software AG and IBM) as listed here: https://www.accenture.com/gb-en/alliance-ecosystem

Visual Studio Team Services having some 'performance issues'

Ian 7

Agile Manifesto

"We can't even do a standup/scrum meeting this morning because VSTS workboard is so slow :("

Individuals and interactions over processes and tools


Just sayin'

SQL Server 2017: What's new, what's missing on Linux, and what's next?

Ian 7

Re: WinFS

Not sure if that's a trolling comment, but WinFS is NOT the Windows file system they are talking about. WinFS died about 10 years or more ago, it never saw the light of day.

https://en.wikipedia.org/wiki/ReFS might be more appropriate - at least it's their current "future" file system

Chap tames Slack by piping it into Emacs

Ian 7

Re: Well, points for making it work I guess

Clearly a clever guy so kudos as you say, but you have to ask what more useful things he could have done with that time and effort...

From the article: "he's only made aware of Slack happenings that mention him by name or suggest things he really needs to know about, such as “whenever something explodes in the server"

Wouldn't it have been easier for him to just set his notification preferences to only alert him to mentions of his name, and to set up appropriate channels for live alerting?

FREE wildcard HTTPS certs from Let's Encrypt for every Reg reader*

Ian 7

Re: An admirable effort.

Anyone who doubts the value of HTTPS should see Troy Hunt's course on Pluralsight - https://www.pluralsight.com/courses/https-every-developer-must-know. In fact, forget the "anyone who doubts..." bit. Everyone should see Troy Hunt's course on Pluralsight (other providers are no doubt available, I have no commercial relationship with either Troy or Pluralsight, etc. etc. blah blah blah)

HTTPS is a necessary component of a secure web. It is not however a sufficient component. So yes, HTTPS == safer, HTTPS != safe

Software dev bombshell: Programmers who use spaces earn MORE than those who use tabs

Ian 7

Re: Hey, did you know the editor could do that automatically?

Isn't 2.4 years the amount of time a front end, JavaScript-framework programmer has to become expert in what they do before their skills are rendered completely irrelevant by TheNextBigThing.js and they have to start again? Ahem.


<bitterFormerCICSBMSMapDev />

<evenBittererIBelievedInAngular1.0ThenAngular2.0CameOutDev />

<totallyApocalypticReactJSSayWhatNowDev />

<thankGodForServerSideCodeDev />

<oldTechnologiesNeverDieTheyJustResurfaceWithNewPackaging />


Samsung's Bixby assistant fails English, gets held back a month

Ian 7

Re: Rather unfortunately named assistant

It was David Banner who Bixby played, not Bruce. Although apparently on his gravestone (ooops, spoiler alert) it became "David Bruce Banner". Theories abound as to why... https://scifi.stackexchange.com/questions/91702/why-was-bruce-banner-named-david-banner-in-the-old-tv-show

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

Ian 7

Nation state grade

I'm loving seeing the "nation-state grade software" phrase thrown around. Would anyone rush out to buy a nation-state grade wordprocessor? The nation-state grade website I have to use to fill in my tax returns isn't exactly a shining example of the state of the art. This stuff must come from those 'other' government-paid devs, yeah? You know, the really good ones. :-)

Yes, this is (mostly) a joke. I know it's serious stuff!

Linux on Windows 10: Will penguin treats in Creators Update be enough to lure you?

Ian 7

Re: Java is so easily messed up... just put spaces in a path or a password...

I was tempted to downvote you for providing factually correct and interesting information plus links to external sources on a Reg anti-MS flame thread, but couldn't quite bring myself to do it... Give it time, I'm sure someone will! :)

Update or shut up: Microsoft's choice for desktop Skypers

Ian 7

Re: Another Cloud con

How does the cloud make tracking your chats any easier for Microsoft to do than having a fat client app running on your PC?

Guess who's suffering an email outage. Go on, it's as easy as 123-Reg

Ian 7

You know the difference between revenue and profits, right...? Them pesky costs thingies...

What gifts did ol' kitten heels May get this year?

Ian 7

Re: the only well-known May worth talking about (IMHO)

Brian May strums a decent guitar. Other than that I'm really struggling to think of any more famous Mays...?

How Rogue One's Imperial stormtroopers SAVED Star Wars and restored order

Ian 7

Re: The Force Awakens is just a bad movove

Totally agree about the villain being central to any good Star Wars movie. Episode 1 had Darth CutInHalfAfter5MinutesScreenTime who looked badass till he fell apart. Episodes 2 and 3 had the Emperor to hold them together but he was still hiding in plain sight so wasn't moment-by-moment scary and he had not-quite-Darth Overacting to compensate for anyway. Episode 7 had a prefect from Slytherin as the villain *and* he lost a laserbat fight to a completely untrained opponent when he wasn't crying about how badly treated by his parents he was - wuss! Episode 3.9 ('cos it's closer to 4 than 3) had a completely mental, ass-kicking Darth Vader back in full "you took my last Rolo ya bastich" mode and that's the point that had me stood up and cheering! Finally a top-class baddy again. LONG overdue!

'Twas Brillo but then Android Things, which watched as Google Weaved its Nest

Ian 7


Do you guys have to exhaust your hyphen-budget before year end or you don't get given so many next year?

DNS devastation: Top websites whacked offline as Dyn dies again

Ian 7

Re: Inevitable

Not as inevitable as someone shouting "Blockchain - that's the answer!"

Chaos Monkey 2.0

Ian 7

Re: Chaos Monkey? Or as we call them

Users, in our case...