Skip to content

The Isoblog. Posts

Mandatory Widevine (Browser Video DRM) in Chrome

Changes are coming to Chrome. Not all of them are good.

For example the ability to actually view the details of a TLS certificate in Chrome has been moved far away into a hard to reach Developer menu.

Most Chrome plugins have been disabled and removed, and the chrome://plugins page will go away very soon (Chrome 57 and later). The remaining Plugins cannot any longer be disabled (Bug report). This will also silently re-enable disabled plugins.

One of them is the Widevine video DRM plugin, and that is widely seen as very problematic, for security and legal reasons.

Leave a Comment

git Improvements for Monorepos

Microsoft has been doing things to git, they report.

[W]e […] have a handful of teams with repos of unusual size! For example, the Windows codebase has over 3.5 million files and is over 270 GB in size. The Git client was never designed to work with repos with that many files or that much content. You can see that in action when you run “git checkout” and it takes up to 3 hours, or even a simple “git status” takes almost 10 minutes to run. That’s assuming you can get past the “git clone”, which takes 12+ hours.

What Microsoft is doing here is called a Monorepo approach. It not insane, has many advantages and is being discussed at length at Dan Luu, and is also in use with Facebook and Google and in many other places. But git is running into problems handling very large Monoreports, as discussed in an article at Atlassian.

What Microsoft GVFS does, according to their paper, is addressing the issues git has instead of working around them. And that is an awesome thing.

Leave a Comment

It’s not an APT, it’s just you sucking at basic IT

Dr. Ian Levy

So El Reg has spoken to Dr. Ian Levy, the chief technical director of GCHQ. And Levy goes:

“If you call it an advanced persistent threat, you end up with a narrative that basically says ‘you lot are too stupid to understand this and only I can possibly help you – buy my magic amulet and you’ll be fine.’ It’s medieval witchcraft, it’s genuinely medieval witchcraft.”

and continues

He pointed out that a UK telco had recently been taken offline using a SQL injection flaw that was older than the hacker alleged to have used it. That’s not advanced by any stretch of the imagination, he said.

So there you have it. It’s not an APT. It’s you sucking at running an IT organisation.

Leave a Comment

Flawed Metrics that Publishers Use all the Time

Matching the Jens Scholz article in german language, Thomas Baekdal has a similar thing, pointing into a different direction, from a publishers perspective.

Baekdal uses this article to focus on three metrics and assumptions that are used quite often, and how they are not helpful at all.

  • Engagement and Sentiment are two different things, and the audience that is “engaging” is self-selecting. Hence engagement metrics are flawed by construction.
  • All Time popularity is a weird thing, because different articles have different shapes of “engagement” over time, and that matters. So does time itself.
  • “Stupid but fun” articles can have good metrics, but they do not have a lot of value. If you follow the metrics, you are damaging your brand.

In general, subscribing to the http://www.baekdal.com is a thing I would recommend.

Leave a Comment