Might want to check...
all of it, line by line. But will they pass on the fixes to MS to be patched for the rest of us, or is this a map to vulns and back doors given as a present for our new president?
Satya Nadella’s team will be smiling today after the US Defense Information Systems Agency (DISA) – the IT wing of the Department of Defense (DoD) – awarded his firm a five-year $927m support contract. The deal will give the US military “access rights to Microsoft’s proprietary (closed-source) code” when it is “required to …
Good point. The DoD unlike the NSA (at least one wing of it) as far as I know has no responsibility to also share vulnerabilities with industry. I am afraid they haven't figured out what a two way sword that is either especially since a society doesn't get more vulnerable than the US.
BTW, the NSA is part of the DoD and officially part of the U.S. Navy, which is why an admiral is usually in charge at Fort Meade.
"Yeah MS, thanks for the source code. Can you forward all the Win 10 telemetry to us, strictly for anonymized data modeling purposes?"
Yeah wasn't real sure about the alphabet soup of agencies these days. Regardless my point about two edge sword stands which is going to burn these assholes real bad one of these days if they sit on zero days. Of course us proles will never know our own government did sit on it (got lucky one time with Snowden) and they will use it to their advantage.
After all,, some unpatched hole in win 10 running the SAC main computers will show a nice result to an enterprising hacker
"Would you like to play a game?
A. Chess
B. Tic tac toe
C. Global thermo-nuclear war"
And anyone not wearing factor 3 million sunblock is going to have a really bad f***ing day ....
Obviously the Department of Defense is not to be taken seriously on any statements regarding 'cyber' security.
"the Government Accounting Office reported the protectors of America were keeping the ICBM targeting codes on eight-inch floppies."
Instead of an Azure app hosted on the Microsoft Nuclear Cloud ™ :o
because the existing one absolved MS of any responsibility for anything.
"Mr President, Russia has launched a pre-emptive missile attack against us."
"That's Amazing, really Amazing. Won't that wall we just built keep them out?"
"No Mr President. We need to strike back. We have less than 5 minutes."
"No Shit. Ok Launch. I'll get Putin on the phone."
{two minutes later}
"Mr President, we can't launch any Missiles at Russia!"
"What? Were we hacked?"
"No. All the control computers were doing an operating system update. It is estimated that it will take another 30 minutes to compete."
"That's Amazing, really Amazing."
"mr President, you are mad."
"Yes I know. Don't I look good eh? Aren't I amazing? I'm really gonna make Amercia great, a great pile of Radioactive Junk. I'll bet Hillary couldn't have done this. Just Amazing."
Boom {see Icon}
Useless Movie Trivia Time:
As the article uses a picture from Kubrick's film Dr. Strangelove - the mainframe at Burpelson AFB in an IBM 7090/94.
This post has been deleted by its author
In the UK that means they would all have disabled parking?
Seriously what an opportunity to run the whole thing through some major (but slow) analysis software and pick up any bad coding practices, bad security practices etc.
You know, the ones that seem to surface every few months due to a "buffer overflow" despite the claim it's a ground up rewrite, no old code pre Windows 7 or 8 and written after all the devs had security coding training.
I got some MS written code for an old support request. Its quality was underwhelming.
MS runs a lot of automated code analysis as part of their security efforts - in fact, MS Research has some pretty state-of-the-art efforts when it comes to it.
And MS has certainly never claimed that Win7 or any other version was a complete rewrite. Quite the opposite in fact.
See for example https://channel9.msdn.com/shows/Going+Deep/Arun-Kishan-Farewell-to-the-Windows-Kernel-Dispatcher-Lock/ which details some of the efforts to improve (not rewrite) the Windows (NT) kernel (you know, the one first released in the early 90's) in Windows 7.
A complete rewrite wouldn't be a good idea for Windows, or any other comparable project. Especially not with those pesky real-world requirements like backwards compatibility.
You might be somehow confusing it with the switch of "consumer Windows" from the 95/98/Me lineage which meant an entirely different kernel and significantly, though not completely, different userland.
Wait, deja vu, I've posted this Before. Probably in a response to a similar post by you...
And finally - I have read a lot of MS source code. Like any big project spanning decades and thousands of developers, or even most significantly smaller ones, the overall quality is mixed, but with a decent average. And when it comes to the kernel (the one that has been in use all the way from the first release of NT to latest Win10 according to both MS marketing and reality), it's certainly a lot better structured and maintains a higher average quality than the kernel frequently held as the gold standard by rabid MS haters.
MS had significant issues with security in the early 2000's. They actually dealt with those, but some people's opinions persist. Nowadays if you actually compare vulnerability counts and severity between eg. IE/Edge and open source browsers they are at the very least comparable.
Ms problems with security and the like are not caused by poor QA, its poor design.
The MS code base and install is too big and too interconnected.
I can strip down a Linux or BSD system to bare minimum; chuck all the stuff I dont want in it out. Christ I can even re-compile and use a different magic number in the ELF file, so the system will not run a binary that ive not built.
Cant get close to that with Windows.
Is because when they announce they're going to "modernize", they hold meetings to produce requirements and everyone throws in their pet features and the project inevitably sinks under its own weight.
They should instead have a project with the directive "replace exactly the functionality the current solution provides, nothing more, but be designed so that it can be incrementally extended with new functionality".
"replace exactly the functionality the current solution provides, nothing more, but be designed so that it can be incrementally extended with new functionality".
"Nothing new, but something new". That's the sort of vague requirement that leaves the project undeliverable and yet still massively over-budget...
Vic.
If you take an old mainframe program for which there's no source and replicate its functionality in a modern language on a modern system, it will automatically be extensible because you'll have source code and programmers who understand it (because they wrote it)
Same thing with replacing some ancient system using 8" floppies with a new one using USB (or maybe CDs would be better, since they can't be written) They probably can't add any functionality to the system using 8" floppies because it has only 32K RAM or something crazy like that. Put it on a modern system and that wouldn't be an issue.
But the first step in either case is "make it do exactly what the old system does". Then you can see what you want to add and start prioritizing. The project might go off the rails then if you try to do too much, but at least the modernization part will have been accomplished.
Why would the IRS be using a 56 year old IBM mainframe? You can just buy a new one and get massively increased performance and storage (among many other benefits, like actual availability of support and spares). They are 100% backwards compatible with old software (even binaries) going all the way back.
Sounds like some hack think "mainframe" and/or "old software" means "ancient hardware".
The fact that System/360 was announced in the early 60's does not imply that every one using a z-Series system nowadays is "using a 56 year old mainframe".
The z-Series systems are based on high advanced hardware, https://en.wikipedia.org/wiki/IBM_z13_(microprocessor)
I guess that owners of modern Ford Mustangs or Dodge Challengers do not perceive their cars as being from the 60's or early 70's.
... they'll be trying to resurrect their Windows for Warships development program.
Before this, we hadn't had a ship disabled by a Zero since WWII
For its money the US is getting Blue Badge Cardholder support, meaning it gets first dibs on Microsoft code libraries, and technical support from actual Redmond employees instead of having to go through third-party suppliers – who typically wear orange badges when visiting the temple of St Bill.
When PAR for the course, is such a lock-in real news, Iain T, or much more a simple money churning exercise to keep an aged system from croaking online?
And should Microsoft be considered a titanic systemic risk and weapon graded for Wassenaar Arrangement inclusion. It ticks all the boxes with regard to practices …… http://forums.theregister.co.uk/forum/1/2016/12/21/wassenar_negotiations_fail/#c_3061289
Quite clearly is such thought and realised to be so here. And that is a catastrophically massive hole in defences to be filled and made good/properly safe and perfectly secure against both state and non-state actor exploitation.
One has to also accept the very real likelihood in an alternate way of working with Live Operational Virtual Environments of a catastrophically massive hole in defences to be filled and made good/properly safe and perfectly secure against both state and non-state actor exploitation, with both state and non-state actor exploitation to XSSXXXX Code Levels. Holes in defences are great business opportunities worth gazillions and quite naturally would IT invite all manner of interesting and interested parties to the attraction.
seems to ME that this has been an example of 'waste, fraud, and abuse' rather than ensuring readiness. Micro-shaft's last-minute reward for contributing to OBAKA and Mrs. Clinton, perhaps?
As the old guard leaves the white house, they get in some last minute return of favors. "Corporate Welfare" indeed.