Posts by Matthew Brasier

Re: So instead of...

This is the kind of argument that normally appears before someone tells you that Web3 will solve everything. Early web technologies such as PKI, web servers, email, etc envisaged high levels of decentralization, with everyone running their own web server, managing their PKI trust chains, etc. People don't want that. Cryptocurrencies and NFTs are already showing us that if you leave end-users to control their own security permissions they get scammed left, right and center. Giving people even more fine-grained permissions and asking them to take responsibility for managing that themselves is a recipe for disaster.

Re: Fun fact

Many years ago I attended a session by my local Astronomy society where one of the scientists from SOFIA presented. Its a fascinating bit of kit and did some great work, but is somewhat hindered by NASA aircraft being legally registered as military aircraft, preventing it from flying over or near countries that are unfriendly with the USA.

Re: Too good to be true?

HTTP (not HTTPS) is a stateless protocol, the server has no way of knowing that a request relates to a previous request other than if the browser sends some data (which is the cookie) to alert the server to the fact that you have communicated before. There is no reliable way for the server to see the real IP address of the client because any kind of load balancer or HTTP proxy will mean that the "source" of the HTTP connection is the LB or proxy. There is a workaround to put the source IP address in as a header, but that can be faked as easily as the cookie.

With HTTPS it gets a bit easier for the server. HTTPS has the concept of a session (the duration for which the session keys negotiated are valid) and because only the originating server should know about the session key the server can be fairly sure that the client is the one that originally logged in. The HTTP session (unless you are using client auth) doesn't know anything about who you logged in as though, because the HTTPS session is established before you log in. Most modern HTTP servers will connect the HTTP session cookie with the HTTPS connection, which makes it a lot easier for the server to ensure the session is aligned to only one (HTTPS) connection, but this functionality can break in some scenarios (such as if you want to allow a user to log in using FORM authentication if client-cert authentication failed), or when using certain SSO providers.

TLDR; Because plain HTTP is stateless, its easy to steal HTTP session cookies, HTTPS can sometimes make this easier because you can tie the HTTP Session cookie to an HTTPS session.

Re: spending limit cannot be applied to pay as you go ...in production,

The OP is talking about spending limits, which are a feature of Azure - which is a Microsoft Product, not AWS which I am sure they are aware is not.

Re: As you note...

The larger an organization is the more likely it has a wide range of software, much of which will have come from mergers and acquisitions, or from departments or operating companies selecting their own solutions. For large companies like Microsoft the answer to the question "does your company use product X" is almost always going to be yes, as it only needs one small team to be using it.

This is why I pay very little attention to logo slides in vendor presentations. You will regularly see the same large companies cited as clients of 3 or more software vendors in the same industry because different teams select different products.

Re: Helicopter danger

Going back to the point about helicopters crashing in residential areas. Cars, motorbikes, etc all crash in residential areas more often and cause a lot more injuries and fatalities. I assume you are in favour of banning these much more dangerous vehicles (for which very little training is required to operate them compared to a helicopter) first?

Re: Fairly Frequent Flier

Several years ago I went on my honeymoon to Australia, and as my wife and I are keen scuba divers, we took full sets of SCUBA equipment with us. My regulators are pretty expensive and I didn't want to trust life-maintaining equipment to airline baggage handlers so I kept mine in my hand luggage. The security staff at both Birmingham (UK) and Dubai (stop over) found the long rubber tubes with large metal attachments to be very suspicious and I was subjected to long delays at security at both airports while they performed every test they had and consulted with ever-growing chains of management. Luckily SCUBA regulators are a common sight for the security staff at all the Australian airports and they didn't even ask me to open the bag.

Re: Venus

Venus probes tend to have a very short lived lifespan, and it has a much less hospitable environment for radio signals. Simply put, for the same cost as getting a little data from venus, you can get a lot of data from mars. However it is starting to get to the point where a little data from venus offers more unique insights than "yet more data from mars".

600ft is too low for primary air traffic service radars. Radar installations are placed on high ground and look upwards, there is too much "noise" near the ground for them to be any use. They are intended to assist in deconflicting and dispatching search and rescue for aircraft, and laws generally prohibit aircraft flying below 500ft other than during take off or landing. The radar at the local airport I fly from (or did when such things were possible) can't see aircraft below about 1400ft. As such a drone flying at 600ft is literally under the radar.

Re: "That said, it's no worse than your money held on your bank account"

The point is that it is protected when the institution becomes unstable. It is underwritten by the government financial services compensation scheme. If the bank goes bust you will eventually get your money back from the government. Although that may take some time it is better than losing it altogether.

Re: Debian on WSL

As a software developer, I generally try and pay other software developers for their work whenever I get an opportunity. I have used Ubuntu on WSL for quite some time now, it is significantly more convenient than firing up a whole virtual machine when all I want to do is fire off a few commands using SSH or the AWS CLI. However distros running on WSL often have a few bugs, and a distro specifically targeting WSL sounds like something I am happy to pay for, especially given its the cost of two beers.

Re: Does anyone still use them?

I don't like having "The device that stops be getting lost if the weather gets really bad" and "The device I would use to communicate with emergency services if I become lost" being the same device.

I can see how for navigating towns or driving, a phone can do the job (although I still use a dedicated GPS for driving) but for walking, a dedicated GPS is a very sensible investment.

Re: "The vast majority"...

Its not really the collecting of the technical and admin contacts that is the issue, it is the publishing of them in the whois database. If they were collected by the registrar, and kept private by the registrar except in the case of a court order or other legal mechanism (as nominet is doing with .co.uk addresses) there isn't an issue - the registrar has the data that it needs to perform its contract, and can provide that information where there is a legal basis to do so.

The issue is that while ICANN claims to operate in the interests of the domain registrars, its main objective here is to ensure that IP lawyers can continue to use the whois database to identify where domains may sound vaguely similar to a well-known brand, and then charge the well-known band thousands of pounds to hound the owner of the domain until they give it up.

Re: Facebook Income

It is true that their income comes from selling advertising space, but the value of that advertising space is created because it targets individuals based on their gathered personal information. If I am an advertiser, I am going to pay considerably more for an advert on a page of someone who fits my target demographic and has had conversations about my products with their friends, than for an advert on a page of a random individual.

Re: I may be misunderstanding the process but...

It isn't different to Bing etc, all the major search engines do it, because when someone searches for a topic then often a well written (if such a thing exists) wikipedia article on the subject is a great place for them to start.

Re: Problematic

It isn't completely out of your control, there are a number of things you can do to control costs in a cloud environment, from picking the right technologies in the right places, applying limits etc. This is broadly what "cloud architecture" is about (the drawing a cloud on a bit of paper with arrows going in and out of it is to real cloud architecture, what "Enterprise architecture" was to real systems architecture). Most cloud vendor architecture certifications recognize this, and focus on cost control (along with security) as one of the key pillars of architecting a system.

Re: Walks like a duck?

Its unlikely to be part of a demo - those swimmers are in some pretty rough water. It would be pretty silly for lifeguards to put swimmers (even well trained ones) in actual danger to demonstrate a new toy.

RE: I'd like "furious cycling"

You probably wouldn't, it is only ever used when a cyclist kills someone.

That's different, purchasing from Amazon US when you are in the UK is not the same as purchasing from Amazon EU when you are in the EU (independent of which EU nation you are in).

Re: What about applications

That should be fine though, the proposal isn't talking about getting rid of the ability to create dialogues, its talking about getting rid of the ability to create dialogues that you must interact with before you can do anything else.

You can still pop up a dialogue asking if the user wants to save what they were working on, you just can't force the user to interact with it.

Re: @wolfetone

Actually, Java was designed to be a language to program set top boxes, it was never designed to replace C/C++ etc. That just kind of happened along the way.

I guess your younger than you think.

Re: Ea are well practiced for something that never happens.

The fact that EA accounts are regularly compromised does not indicate that EA have been hacked, it indicates that people who play EA games have weak security.

My experience is that often people set weak passwords on accounts that aren't thought to be important (it's just a game) and then forget to update them when they later add payment details to the account for in-game purchases etc.

Re: Fair's fair

"It's completely different. They could stop their private buses anywhere that it is legal to stop a private vehicle, and do pick ups there"

Correct - however one of the places where it is not legal to stop a private vehicle in the state of California is at a public bus stop.