* Posts by jimbot

9 publicly visible posts • joined 25 Oct 2013

Microsoft fixes the fix for the Windows Server 2019 NTLM problem

jimbot

It's slightly mindboggling how random parts of Windows seem to be tightly coupled to each other. Here we have the presence/absence of a language pack changing the behaviour of a legacy authentication protocol and triggering a bug.

A few years back I remember investigating an issue with either graphics or wifi (I forget which), and the root cause turned out to be in BitLocker! Do these folk ever do design or code reviews?

Microsoft smartens up Edge for Business with screenshot blocking, logo branding, more

jimbot

I wonder if the screenshot blocker has an "elephant in the room" limitation they forgot to mention, e.g. it only works with the screenshot tool included in the OS and not third-party screenshot tools. Other workarounds that spring to mind are running the OS in a VM and accessing it through an RDP session. ...or just using a different browser.

I suppose it might block the casual, non-technical, non-malicious/accidental snappers as part of a wider solution if their machine and the web site they connect to are thoroughly locked down.

Developers beware, Microsoft's domain shakeup is coming soon

jimbot

This might be a useful change for organisations whose staff access Office 365 through firewalls and proxy servers. Microsoft recommend allowing direct (non-proxied) connectivity to their service endpoints in order to minimise latency and give the best user experience, or at least disable proxy authentication when accessing them. If your browser traffic goes down a corporate VPN connection then Microsoft recommend configuring a split tunnel for Office 365. Yes, they are that pretentious. No, for the most part it isn't actually necessary. The exception is Teams, which needs its media streams to be firewalled through in order to work adequately. If this isn't done it will fall back to encapsulating the traffic within HTTPS which doesn't tend to work very well.

Microsoft publish an updated list of endpoint host/domain names and IP addresses each *month* that admins of such organisations should supposedly use to update their firewalls/proxies/PAC files/group policies that control the flow of Office 365 traffic. Mercifully the list is available in machine-readable (JSON) format, but it's very helpfully left as an exercise for you to figure out how to script it into place. See here for the gorey details:

https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

The list of domain names gives me the distinct impression of a bunch of people working on Office 365 without any coordination, throwing the product back-end together at random with no real plan. If all that rubbish can be simplified down to *.cloud.microsoft then that would be useful. I wouldn't be surprised if Microsoft found it a burden to keep track of it all too. This just leaves the IP addresses, which is more forgivable as it hopefully provides some redundancy/resilience.

Microsoft sends OneDrive URL upload feature to the cloud graveyard

jimbot

Re: This .ru site has a solution

I seem to recall OneDrive modifying Microsoft Office files that get uploaded to it, adding some extra metadata or something.

You can't rely on your files remaining unmodified.

VMware takes a swing at Nutanix, Red Hat with KVM conversion tool

jimbot

VMware also provide ovftool, a command line utility which converts VMs between VMware and Open Virtualisation Format (OVF). That can be used to migrate to/from other hypervisors that support OVF, including KVM.

https://developer.vmware.com/web/tool/4.6.2/ovf-tool/

It's just 'Pro' now, guys: Microsoft gives Surface a subtle resurfacing

jimbot

Two different products with same name

The first-generation product line included a "Surface Pro" as well. Doh!

Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

jimbot

I wonder if there's anything "interesting" in Mr. Trump's browsing history

I'll bet access can be sold for a lot more than $30.

Emacs and Vim both release first new updates in years

jimbot

Re: So neither...

It seems the new Emacs incorporates a relational database and security monitoring/alerting system. (Apparently also has functions for editing text files.)

Not a standalone OS yet though... still need to add a kernel.

Euro Parliament votes to end data sharing with US – the NSA swiped the bytes anyway

jimbot
Coat

The name "Terrorist Finance Tracking Program" (TFTP)

Ironic that it shares the same initials as the Trivial File Transfer Protocol (typically used by IT departments for network booting/OS installation).

Has a geek with a sense of humour has infiltrated the US government?