Home » Posts tagged "microsoft" (Page 3)

Google 放棄對海外伺服器搜索票的抵抗了...

先前美國政府透過搜索票,要求各雲端廠商提供海外伺服器的資料而引起話題 (像是先前 Microsoft 往上打官司抵抗:「Does US have right to data on overseas servers? We’re about to find out」),而現在看起來 Google 打算放棄掙扎了:「Google stops challenging most US warrants for data on overseas servers」。

Google has quietly stopped challenging most search warrants from US judges in which the data requested is stored on overseas servers, according to the Justice Department.

Microsoft 這邊有些不錯的進展,成功在巡迴庭擋下:

Microsoft convinced the New York-based 2nd US Circuit Court of Appeals—which has jurisdiction over Connecticut, New York, and Vermont—that US search-and-seizure law does not require compliance with a warrant to turn over e-mail stored on its servers in Ireland.

不過沒看到 AWS 相關的消息,感覺不妙...

Adobe Flash 將在 2020 年 End of Life

Adobe 發出的公告,將在 2020 年中止所有對 Flash 的支援:「Flash & The Future of Interactive Content」。

Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.

然後 GoogleMicrosoft 也來補刀講兩句話:「So long, and thanks for all the Flash」、「Saying goodbye to Flash in Chrome」、「The End of an Era – Next Steps for Adobe Flash」。

Microsoft Blogs 上 TDD 的戰文...

文章標題就直接寫「#NoTDD」的戰文 XDDD

列了 Pros (一行) 跟 Cons (超長 XDDD):


  • We end up with tests that verify the behavior of the code and help prevent regressions

這個是 TDD 的目的。而 Cons:


  • It takes us longer to write code using TDD
  • The tests get in the way. Because my design does not have low coupling, I end up with tests that also do not have low coupling. This means that if I change the behavior of how class works, I often have to fix tests for other classes.
  • Because I don’t have low coupling, I need to use mocks or other tests doubles often. Tests are good to the extent that the tests use the code in precisely the same way the real system uses the code. As soon as I introduce mocks, I now have a test that only works as long as that mock faithfully matches the behavior of the real system. If I have lots of mocks – and since I don’t have low coupling, I need lots of mocks – then I’m going to have cases where the behavior does not match. This will either show up as a broken test, or a missed regression.
  • Design on the fly is a learned skill. If you don’t have the refactoring skills to drive it, it is possible that the design you reach through TDD is going to be worse than if you spent 15 minutes doing up-front design.

這四個問題講的是時間與能力兩個因子的作用,轉一個角度來討論其實是:如果 junior engineer 可以寫出好的測試,他們就不叫 junior engineer 了... 而 senior engineer 是稀缺資源,讓他們多花時間寫出「好的測試」未必是划算的。

反而是另外一種常見的方式常常跟 TDD 在對抗:透過 QA team 在完成後測試,尤其是用手動測試的 QA team XDDD

這個方法很簡單,而且行之有年。而且很無奈的,跟一般軟體工程所期望的相反,junior engineer 就可以做的不錯,所以人力的部份相當好 scale,而品質也有不錯的水準 (畢竟是直接測實際的功能了)。

剛好前陣子有提到另外一篇論文也在討論 TDD 的效果 (參考「又一篇戰文:討論 TDD 的過程」這邊),也有類似的反思。

前陣子在 Twitter 上看到這則也是很有趣,拿來當結尾 XDDD:

微軟的 Time Service 回應錯誤的時間...

看起來會有不少災情 (像是 SQL Server 遇到使用 server side 的時間的 SQL query):「Windows Time Service is sending out wrong times and that’s a big problem」,報導裡引用了 Reddit 上「PSA: time.windows.com NTP server seems to be sending out wrong time」這邊的討論串。

為了避免這種情況,不同單位會用不同方法解決。像是財力充足的 Google 就自己搞了原子鐘,然後還放 Google Public NTP 出來給大家用。可以不倚靠外部裝置確保自家時間的正確性。

另外是有人用 Raspberry Pi 收 GPS 訊號轉成 NTP service (像是「The Raspberry Pi as a Stratum-1 NTP Server」這邊介紹的方式),不過之前有發生過 GPS 送出來的時間差了 13ms 的事情,也不是完全可靠 (不過相較起來應該還是可以接受):「GPS error caused '12 hours of problems' for companies」。另外可能的方案有 GLONASS (俄羅斯的系統)。


修改 User-Agent 讓 Office 365 服務變快...

Facebook 上看到剛剛在 Hacker News 上熱起來的「Onedrive is slow on Linux but fast with a “Windows” user-agent (2016)」這篇,引用了 2016 年在 Microsoft Community 上的討論:「Onedrive for Business open is very slow on Linux (Chrome/Firefox) but with very fast with a "Windows" user-agent」。

Reddit 的「Office 365 Onedrive looks at user-agent to determine performance.」有更多的討論。

因為工作上也會用到 Office 365,也覺得在 Ubuntu 上用起來超級慢,然後看到有使用者也講了 Linux 下的 Google Chrome 也會有類似的問題:

I just tried this same thing--changing the OS in the user agent--on Chome on Linux. The difference really is incredible. Normally I find 365 to be so slow as to be borderline unusable, now it's almost as quick as Google docs. Even the institutional log-ins for my university are faster.

EDIT: Just to clarify, I was testing specifically the web apps for Word and OneNote hosted by my uni. I tried loading them both in normal tabs and ones where I had changed the OS useragent in Chrome's developer panel. The normal tabs hung badly as usual (30+ seconds to load the UI), while the modified tabs loaded very quickly. I tried this several times, but I suppose YMMV.

所以我也拿「User-Agent Switcher for Chrome」加上 IE11 的 user-agent 後測試:

最明顯的差異就是 redirect 變少了,然後開 Word 與 Excel 的速度變快好多 @_@


As Office 365 for Business services(e.g. SharePoint Online, including OneDrive for Business, Exchange Online) are not supported on Linux as shown below, for the best experience, we recommend the operating system listed in the article.

所以只能拿老招出來,把 User-Agent 改成 IE 後就變得超~級~快~

然後最 helpful 的回答是:

Thank you
I go back to Google Apps suite.


用 SessionGopher 拉出機器上各種密碼與 Key

同事在 Slack 上提到 fireeye/SessionGopher 這個工具,可以從機器上拉出各種敏感資訊:

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

方法是掃 registry 或是硬碟:

SessionGopher works by querying the HKEY_USERS hive for all users who have logged onto a domain-joined box at some point. It extracts PuTTY, WinSCP, SuperPuTTY, FileZilla, and RDP saved session information. It automatically extracts and decrypts WinSCP, FileZilla, and SuperPuTTY saved passwords. When run in Thorough mode, it also searches all drives for PuTTY private key files (.ppk) and extracts all relevant private key information, including the key itself, as well as for Remote Desktop (.rdp) and RSA (.sdtid) files.

是個... 好玩... 的... 東西...

微軟預定在 2017 年的西洋情人節淘汰 SHA-1 certificate

經過多次改動後,微軟這次宣佈 SHA-1 certificate 將在明年淘汰:「SHA-1 deprecation countdown」。

影響的範圍包括 Internet Explorer 11Microsoft Edge,在 2017 年 2 月 14 日之後不信任 SHA-1 certificate:

Starting on February 14th, 2017, Microsoft Edge and Internet Explorer 11 will prevent sites that are protected with a SHA-1 certificate from loading and will display an invalid certificate warning.

與其他家類似,還是提供了管道讓企業內部建立的 SHA-1 certificate 可以用:

This will only impact SHA-1 certificates that chain to a Microsoft Trusted Root CA. Manually-installed enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend for all customers to quickly migrate to SHA-256.