As I always like to say, "nothing gets done until someone dies"
Microsoft is a national security threat, says ex-White House cyber policy director
Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it's fair to call Redmond's recent security failures a national security issue. Grotto this week spoke with The Register in an interview you can watch below, in …
COMMENTS
-
-
Sunday 21st April 2024 17:01 GMT Jou (Mxyzptlk)
This is so true, especially for the Unites States of America. Whether it is food, medicine, computers in critical infrastructure, name it. EU has a different approach, for example on food: You have to prove the substance is harmless before anything happens. The US way is "anything goes" until someone proves a substance is bad - which is difficult for those who are affected or already dead.
I personally think we (EU) should take over some of the freedom definitions of the US, but not in the fields mentioned above...
-
Monday 22nd April 2024 02:24 GMT kameko
I'm responding to myself here since I don't have a single specific comment in response to mine to respond to, but I would just like to say, I hate every single person who responded to my comment and I'm reconsidering even posting another comment ever again. I understand it was my fault to post a comment innocent enough to allow you all to project your political opinions on to it, but I really hope you people seek mental health support.
-
-
Monday 22nd April 2024 11:01 GMT Anonymous Coward
Re: WTF?
In Kameko's defence:
All he wrote above was:
"As I always like to say, "nothing gets done until someone dies""
With 22 upvotes and no downvotes. Victims due to poor (cyber)security are quite a plausible thing. Victims due to poor IT design already happened, think of the recent Post Office scandal if I understood correctly (non UK citizen here). The following posts might have been more then he anticipated as a (possible) new user?
-
-
Monday 22nd April 2024 15:12 GMT JohnSheeran
You didn't get downvoted on that first comment. Obviously you're going to get downvoted on this most recent comment. It appears that a lot of people that comment here at El Reg (or the internet for that matter) are complete a-holes. Most downvote with no comment to defend their downvote. It's just the internet.
That being said, I would blame you for withdrawing from commenting going forward. I generally feel the same way.
-
-
-
Sunday 21st April 2024 16:30 GMT mikus
What is surprising is that people are only now realizing just how bad Microsoft really is.
Just look at the history of Internet Explorer, where Microsoft crammed it down everyone's throat, and then left it perpetually open to exploit to hackers for it's entire lifecycle via ActiveX, their own programming framework pushed to businesses to use heavily. It wasn't until literally the rest of the world moved on to Chrome or Firefox (after choking out Netscape) that they eventually stopped, but now has the same thing via Edge, their Chrome-based but Microsoft-tainted clone in an attempt to stay relevant.
Exchange server, their at one-time almost ubiquitous business email server solution as well has been under perpetual attack and exploit for it's entire lifecycle, so much so their "solution" was to move everyone to Office365 email services to finally get them to stop people buying it and kill off the product. Still many organizations run Exchange, generally poorly, and particularly now suffer constant exploit by nation-state actors.
Thanks for the lulz Microsoft, jokes on your customers.
-
Monday 22nd April 2024 02:45 GMT kameko
The problem is Microsoft's marketing department.
The marketing department is the gestapo of the entire company. They can whatever, whenever, to whoever. This was made blatantly apparent to C# users when the .NET Core team created hot reloading, and the marketing department demanded them to not add it into .NET Core but to restrict it to Visual Studio. The community outcry was so great that it made them backtrack and let the nice folk in the .NET Core team to release the latest toolchain with the hot reload, but MS showed their hand. Their marketing department can sabotage any internal project and make it actively antagonistic to their users if it will make their other products look more marketable. It's a long-standing, rampant problem, and the MS marketing team needs to be gutted by the roots if we have any hope of not having this megalomaniac corporation burn the world down with it's own ever-growing quotas.
It really is a shame, Microsoft's developers are some of the nicest, smartest people you'd ever meet. Then they get juiced by Microsoft's internal vampire gang.
-
Monday 22nd April 2024 06:41 GMT Anonymous Coward
Expected Behaviour
It is a business, and marketing teams are often perceived as necessary (evils).
Also, someone somewhere in the business has to understand the moods in the market (even if in a company such as MS the marketing department might actually be creating those moods...). Almost by definition, developers do not get out into the world enough to see what people really do with the software they're working on. So, someone has to be in charge of what is being developed, and have an understanding of what the market will actually pay for.
You can see the issues that arise when a bunch of designers / developers in a department manage to bamboozle marketing; oh how we all hated Windows 8's UI, which was a product of MS's UI design team that had (and still has) mad ideas about flat interfaces, etc... The feedback was awful, and one wonders how many users defected to Apple at that point.
Apple is another company that understands that - it is a marketing driven company.
Though I often think that marketing is an oversold asset to a business. If your product doesn't speak for itself, you have to market it. It's only just slightly less evil than advertising!
-
-
Monday 22nd April 2024 21:08 GMT Anonymous Coward
Re: FALSE
(not an Apple user) I think Apple has been pretty sensible to do bare minimum changes with new releases. Being an MacOS developer must these days be one of the most boring jobs going; you're just tickling the colour palette occasionally, the odd CVE, but otherwise it's steady as it goes. Reigning in the developers and stop them making radical change is quite an accomplishment. About the only big things developed of late for MacOS seems to be Rosetta 2 and APFS.
Apple understands that it's important that its customers believe that its computers are secure and easy to use. The easy to use bit - ok that requires a certain amount of effort to pull off to the point where the market believes it, and the market is pretty knowledgeable (they're the one's doing the using). Fair enough, the market speaks for itself on that aspect. As a long suffering Windows and Linux user, stopping devs needlessly cocking about with the OS's UI would be most welcome.
The security bit? Well, that's where Apple are just as smoke and mirrors as anyone else. NSO Group seems to have been remarkably proficient against iPhone (for example), and the "Apple is more secure" mantra looks like it's caused people to put more at stake with greater consequences when they are targeted.
I'm surprised there hasn't been that much main stream media coverage of the unpatchable **** up in Apple's own silicon (M1, M2, M3, A14). After all, if anyone does get the exploit working in JavaScript it does make most of the Apple machines that are out there in use fundamentally dangerous to use. I was considering buying a second hand Mac<something or other> with Apple silicon in it, just to see, but I'm now reckoning on the second hand prices tumbling once people realise the time bomb they've got on their laps at the moment.
>Not these ugly black Wintel contraptions
Black? You'll part me from my beige-ware over my cold dead body!
-
-
-
-
Monday 22nd April 2024 05:40 GMT Steve Davies 3
Many of us older commentards here
have been warning about Microsoft for years.... no make that decades.
It does not matter how loud we shout, Microsoft's voice is 1000x louder than ours. So we vote with our feet and avoid anything with a MS brand on it. Yes, it is hard but possible.
Personally, I'd love it if a hacker got into say... the Pentagon and wiped every windows system in the place. Perhaps... perhaps... just then, MS might be given the elbow.
I am not advocating criminal behavior but there might be a God after all and that God would see that some justice is needed.
-
-
Monday 22nd April 2024 11:55 GMT FirstTangoInParis
Re: Many of us older commentards here
So just yesterday I was fixing a family computer that had collected a rogue web site shouting notifications about alleged viruses via Edge. Having uprated the anti-virus and added browser guards, I wanted to uninstall Edge because the user wasn't using it, by choice. You can't, you can only 'modify' it, which means downloading a fresh copy and re-installing it. So having changed default browser to Chrome, you still can't get rid of Edge. I'm told some third party products rely on it somehow too.
One of these days, the EU is going to go full anti-trust against Microsoft and demand that all new PCs come with a multi-OS installer, allowing the user to choose which OS they run on it from new. Only then will the much-fabled year of Linux desktops come to pass, as people turn away from MS because of bad press.
-
Monday 29th April 2024 09:15 GMT ovation1357
Re: Many of us older commentards here
My mother in law's PC has been running with Linux Mint and Google Chrome for a few years with barely a hiccup but I have to say I'm dismayed at how easy the browser makes it for non technical users to blindly install crappy toolbar extensions and hundreds of push notifications.
Every time I look at it, it reminds me of the bad old days of IE with all the evil ActiveX add-ons and other junk. It's inundated with 'news', games and recipe pop ups, and usually has some kind of fake search engine set at the home page.
Just goes to show that if you have a user who is prone to clicking "Accept" on everything that pops up, then the default security is for all the spam and spyware to walk straight in, even on a non MS system (and it really pains me to say that because MS are the worst by miles).
It's definitely even worse on Windows but Chrome is pretty bad at this and its problems are platform independent
-
-
-
Wednesday 24th April 2024 03:51 GMT doublerot13
Re: Many of us older commentards here
> Personally, I'd love it if a hacker got into say... the Pentagon and wiped every windows system in the place
I'm amazed this hasn't happened. People have already got into other peoples' azure accounts and read / changed data, but the whole industry studiously ignores it.
Maybe the economic benefit of MS to the United States is so great, the US security services proactively defend and assist them, I don't know.
-
-
Sunday 21st April 2024 17:12 GMT fg_swe
Competition Helps
U.S.G. and everybody else must BUY ALTERNATIVES. Only when MSFT loses serious marketshare, they will become honest.
+Apple and its strong App sandboxing as opposed to no sandboxing on Windows
+Apple office
+AppArmor and Linux
+FreeBSD
+Memory Safe Rust, Sappeur, Swift for applications
+SBZ compact command line as opposed to SSH bloat(150 000 loc) https://github.com/DiplIngFrankGerlach/SBZ_git
+DeltaChat GNUpg secured instant messaging instead of Teams, WA, Telegram or Zoom bloat
+LibreOffice
+Stop VBA scripts at the firewall. They are not sandboxed and can reconnoiter the entire user account. All files, all database connections...
-
Sunday 21st April 2024 19:34 GMT aerogems
Re: Competition Helps
None of those are really options for large scale operations. It's not just a matter of which OS or other software has the better capabilities on paper. They may work as bespoke solutions for specific functions, but they are simply non-starters when it comes to something agency-wide. You may be willing to assume the risk/responsibility of scouring web forums and whatnot if something goes wrong, but if you're supporting thousands of people across an equally large area in miles, it's just not even an option.
Apple only ever really dipped their toes into the enterprise market and gave up on it long ago. They'll sell to enterprises, but the fact that they don't do things like announce when a version of macOS is going to stop getting updates and they don't really have a VIP customer support center. Also, Apple's office suite sucks major donkey balls. It's just terrible. Even internally Apple uses MS Office rather than their own suite.
FreeBSD is basically the same thing as Apple, except there's not even a nominal commercial entity behind it. It might be fine for a specific bespoke server within a government agency, but not for anything agency-wide.
You basically have IBM, Oracle, Fujitsu, HP Enterprise, and maybe one or two others I'm forgetting, besides Microsoft. Each one of them sucks in their own unique ways, and each one of them has gotten fat and lazy off of government contracts. There's no simple solution to the problem. Even if you were dictator for a day and could just snap your fingers and make whatever policy changes you want, the practical realities mean you wind up more or less where you started.
-
-
-
Monday 22nd April 2024 05:03 GMT Adair
Re: Sure
On the contrary. Some of the points against MS alternatives have some validity, but overall the argument is just FUD, albeit FUD based on the reality that human beings are generally resistant to change once established in a particular habit. And the bigger the group the bigger the inertia.
If push came to actual shove most agencies/institutions could change. Would it be expensive? Yes. Would it be easy? No (hence expensive). Would some people burst into tears and threaten to leave? Absolutely. Could they develop a whole different culture and practice towards acquiring and maintaining software? Absolutely they could.
None of that mitigates the sad reality that becoming a 'user', in the addict sense of the word, does anyone any good overall. MS, knowingly or not, has become a major pusher and supplier of the software world. A lot of addicts are in denial, and terrified of getting clean and changing their lifestyle to stay clean.
-
Monday 22nd April 2024 07:22 GMT fg_swe
"Expensive"
The most expensive thing that can happen to a government agency is to lose sensitive data to a competing government.
For details, you can ask Karl Dönitz and Isoroku Yamamoto.
Windows must be banned from processing any secret government information, as they are at least 20 years behind the state of the art.
-
-
-
-
Sunday 21st April 2024 21:28 GMT 43300
Re: Competition Helps
"Apple only ever really dipped their toes into the enterprise market and gave up on it long ago. They'll sell to enterprises, but the fact that they don't do things like announce when a version of macOS is going to stop getting updates and they don't really have a VIP customer support center."
They abandoned anything server-side quite a few years ago now - their current computer line is purely client devices (although they can to a reasonable extent be managed using MDM solitions such as Intune or Jamf)
-
Sunday 21st April 2024 22:47 GMT Anonymous Coward
Re: Competition Helps
Apple only ever really dipped their toes into the enterprise market and gave up on it long ago.
On the server side, because they realised it was pointless to try and replicate what Linux was already doing well (they did try, but it wasn't very impressive) and that was before you even start talking about scalability and resilience (you need about half the resources to keep a Linux solution reliably online compared to a Microsoft one).
On the desktop side, however, calculating a TRUE Total Cost of Ownership (TCO) which doesn't try to hide personnel costs by only talking about CAPEX would show that the FAR better usability, less need for eternal reboots and stable interfaces that people don't have to relearn every year result in so much time saving and more productivity that it makes their hardware and OS actually dirt cheap - and MUCH easier to secure as both iOS and MacOS have decent security out of the box and have quite advanced crypto built in that (especially via profiles) makes it also easy to create containers. By the way, if you want to see just how bad UIs are made by Microsoft, try Outlook for iOS. And no, you still have to put the work in to keep it secure but you need so dramatically fewer resources to keep it safe that Microsoft should actually be banned until it gets it right.
but the fact that they don't do things like announce when a version of macOS is going to stop getting updates .. but they do support and OS for quite some time, for free, and they don't really have a VIP customer support center. I'm guessing they don't need to make people feel special for getting actual support..
Also, Apple's office suite sucks major donkey balls. It's just terrible.
I would agree, with one blinding exception: Keynote. Keynote is so much better than Powerpoint that if it they ever made a Windows version it would take Powerpoint off the market which has the classic rubbish Microsoft approach to an UI. Which, BTW, they also applied to Visio which used to be very usable software before they got their hands on it. Thank God the Omnigroup has a far better equivalent for Mac.. For the rest I must admit that after testing LibreOffice we're checking who needs advanced Excel functionality because otherwise we may go with Collabora and so become Microsoft free..
Even internally Apple uses MS Office rather than their own suite.
That would surprise me, other than for compatibility testing. Even on an M1 chip LO is a LOT faster than O365, is a lot cheaper and has a stable UI, just like MacOS itself. That said, I would agree that Page and Numbers are indeed a waste of time because they're confusing people with layout instead of the basic WYSIWYG model that the rest of the world now uses.
And their hardware is also decent - the problem is that people seem to think that all desktops should be usable for gaming. Apple has tried gaming, but it can't make as much as a dent in that market, also because there's a chicken and egg problem with game devs writing for demand, and demand needs product.
FreeBSD is basically the same thing as Apple. More the opposite. Brilliant on servers, not very enticing as desktop. except there's not even a nominal commercial entity behind it which thus does not try to squeeze you for cash every other week. It might be fine for a specific bespoke server within a government agency, but not for anything agency-wide. I have an ISP who has not been running anything else for the last few years, and they serve an impressive chunk of the financial market.
As for gov markets, the problem there is that not quality and performance win the day but
bribesgolf course meetings and you must give Microsoft that - they know every single trick in the book to crawl their way into projects. Heck, when the Bill & Melinda Gates foundation started, Bill Gates had no problem tying aid to the switch to Microsoft. It's a shame I can't find it anymore, but one lawyer once wrote a fairly exquisite public response to an attempt to do that in his country.-
Sunday 21st April 2024 23:47 GMT aerogems
Re: Competition Helps
A thumbs up just for actually making a cogent response and not resorting to the usual tantrums and theatrics that are typical on these kinds of stories. "You didn't say 50 good things about Linux, so you must be a paid Microsoft shill!" Religious fundamentalists really annoy the shit out of me as they're always the most ignorant about their own professed beliefs. I'm all for there being increased competition, but Linux and *BSD just aren't ready to play on that level yet, and among the remaining commercial Unix vendors... well, let's just say there's a reason Microsoft displaced them. Just banning Microsoft from use in any government agency only trades one set of problems for another.
On the server side, because they realised it was pointless to try and replicate what Linux was already doing well (they did try, but it wasn't very impressive) and that was before you even start talking about scalability and resilience (you need about half the resources to keep a Linux solution reliably online compared to a Microsoft one).
XServe was actually reasonably impressive, and heavy AF, but I'm guessing a lot of people just didn't think "Apple" when thinking, "What server hardware should I buy?" Given Darwin is based on FreeBSD they already had a good leg up software-wise. I'm just guessing the sales never really justified the expenses and then when the iPod really took off, later followed by the iPhone, it made sense to just focus more on consumer electronics.
On the desktop side, however, calculating a TRUE Total Cost of Ownership (TCO) which doesn't try to hide personnel costs by only talking about CAPEX would show that the FAR better usability, less need for eternal reboots and stable interfaces that people don't have to relearn every year result in so much time saving and more productivity that it makes their hardware and OS actually dirt cheap - and MUCH easier to secure as both iOS and MacOS have decent security out of the box and have quite advanced crypto built in that (especially via profiles) makes it also easy to create containers. By the way, if you want to see just how bad UIs are made by Microsoft, try Outlook for iOS. And no, you still have to put the work in to keep it secure but you need so dramatically fewer resources to keep it safe that Microsoft should actually be banned until it gets it right.
I remember when using things like TCO was considered Microsoft FUD. Ah how things change.
If we're talking the individual user, maybe even a small company of =<100 employees, sure. Start going beyond that and the math quickly gets more complicated. There's more than just the cost of the hardware to take into account. Though, Windows 11 Pro does actually have a specialized Sandbox VM, and there's some virtualization process isolation functionality as well. Can't claim to know much more about it other than it exists. I don't think it's quite as robust as macOS, but to say there's nothing is incorrect.
And their hardware is also decent - the problem is that people seem to think that all desktops should be usable for gaming. Apple has tried gaming, but it can't make as much as a dent in that market, also because there's a chicken and egg problem with game devs writing for demand, and demand needs product.
There are a number of reasons for that, from only the Mac Pro (pre-trash can model) having upgradeable video cards, and only then within a very small subset of supported cards. Also, let's face it, Apple took some shortcuts with the A/M-series chips. With the A-series, having things like RAM integrated onto the SoC makes sense, we're talking about an embedded platform like phones and tablets. The M-series it makes a lot less sense, unless you consider it from the angle of allowing them to leverage the A-series designs and fab capacity. Still, shortcuts or no, to be able to get within spitting distance of x86 level performance, at a significantly lower TDP, is impressive. I have nothing but respect for what Apple's chip designers have managed to accomplish.
As for gov markets, the problem there is that not quality and performance win the day but bribes golf course meetings and you must give Microsoft that - they know every single trick in the book to crawl their way into projects. Heck, when the Bill & Melinda Gates foundation started, Bill Gates had no problem tying aid to the switch to Microsoft. It's a shame I can't find it anymore, but one lawyer once wrote a fairly exquisite public response to an attempt to do that in his country.
Yes, that too, but isn't not just that lobbyists are spending loads of their client's money trying to
bribeconvince legislators that it's the best solution. With Windows, not only do you have schools churning out potential admins every year, you can walk into almost any bookstore (or search on Amazon) and find probably a dozen books on Windows for every one on Linux.There's just a big difference between what may work for you or me on our personal desktop, or even a small business of around 100 employees, vs the US State Department or EU Parliament, which is something the religious fundies have trouble comprehending. A solution that may work for an individual will very rarely scale to the thousands of users.
-
-
-
Tuesday 23rd April 2024 10:50 GMT 43300
Re: Competition Helps
Linux is much more of a practical option on the server side as it's maintained by IT pros.
On the client side it's much less practical - multiple distros, lack of familiarity in general users, much less straightforward to manage, some programs / addins simply not available (and no, Wine is not an all-purpose solution in business environments).
What the religious believers never seem to want to take into account is that if desktop Linux (outside of commercial versions such as Android / ChromeOS) was a practical proposition, it would have a far wider market share than it currently does.
-
Saturday 27th April 2024 03:42 GMT lockt-in
Re: Competition Helps (you forgot about Microsoft's vendor lock-in with document fidelity)
It appears that you (43300) intentionally forgot about Microsoft's vendor lock-in with document fidelity which is still preventing competition?
Look at a summary of massive costly work that has been required over the last few years due to "Metrically equivalent fonts cannot guarantee MS Word-interoperability any more because of the undocumented changes in MS Word line break algorithm after ODF and OOXML standardization.
See https://www.numbertext.org/typography/
Microsoft 'C' fonts. Microsoft 'Microsoft XML' how many versions of this now? Why not OOXML strict? Microsoft said this would be the default by Office 2010. It goes on and on, this needs to be addressed. Yet governments still use Microsoft as a standard.
-
Saturday 27th April 2024 12:45 GMT 43300
Re: Competition Helps (you forgot about Microsoft's vendor lock-in with document fidelity)
Sure, Microsoft imposes lock-in wherever they can - that can be taken as read. And they have a long history of imposing their own 'variants' of supposedly common standards (IE was particularly bad for this, with ActiveX controls, etc) That doesn't alter the point that Linux on the desktop is frequently not practical, though.
-
-
-
-
-
-
This post has been deleted by its author
-
-
-
Monday 22nd April 2024 06:44 GMT Anonymous Coward
Re: Competition Helps
>Stop VBA at the firewall
Trouble is, VBA is still curiously useful. Not long ago I looked at programmatically generating a PowerPoint slide. I tried really hard to do it in C#, in a "proper", "modern" way. I gave up. 6 lines of VBA accomplished what a large amount of C# was going to struggle to do. Damn it.
-
-
Monday 22nd April 2024 21:26 GMT bazza
Re: Indeed
VBA is more than good enough to encrypt your files, alter your files or send them directly to the attacker. Also, it can connect to any ODBC database and mess with your databases, too. VBA security is more than 20 years behind the state of the art(sandboxing).
Sure, just like any other run time environment that an attacker can persuade you to launch code in (if they can't wrench that doorway open themselves). It's been quite amusing of late to watch devs discover that they too are not immune to such non-sandboxed arbitrary code execution, in their build systems (ref: the libzma library scandal).
-
-
-
Sunday 21st April 2024 17:13 GMT Jou (Mxyzptlk)
"Make Windows Safe Again" als election sloagan
That will get you 50% of the votes.
Then 25% would be "Make Windows Stop Annoying You!".
The rest 25% "Make Windows usability good again!". Tiny things, like if you want to rename a file in a busy folder the focus gets lost, you cannot rename it (I use cmd for such cases). If the explorer refreshes the currently selected item is not centered anymore, neither in tree-pane or the item-pane - it should always have the currently selected item "immobile", i.e. not moving whereas everything around can change. Search results "view" settings are not stored since Window 7, worked in Vista - at least make "details" the default and show WHERE YOU FOUND THAT ITEM. Who the hell was so dumb to make the default view not show where an item was found (for most of the file types)? Etc etc etc.
-
Sunday 21st April 2024 17:17 GMT yetanotheraoc
Logging costs extra?
Windows has extensive logging baked in, you just need to write the queries in your tool of choice. I have used the Application, Event, and Security logs, there must be others. The Microsoft upsell is no doubt a fancy remote gui, which to my mind they _should_ be allowed to negotiate extra for. The government needs better admins, or better negotiators, or both. I'm all for bashing Microsoft when they get things wrong, but I don't think this is one of those times.
-
Sunday 21st April 2024 17:25 GMT Jou (Mxyzptlk)
Re: Logging costs extra?
Oh, I'm in for the bashing, in regarding pushing the cloud crap onto us. The useless widgets which are just web crap. The weather panel which did not ask whether it should talk home. The dark patterns with cloud pushing everywhere. Copilot pushing. And that crap appears in the newest insider SERVER versions as well, where it does not make sense to suggest such nonsense for a buitlin\Administrator or domain admin in first place and sets of the RED ALERT really loud. Some annoyances disappeared after the bad feedback, but then another whack-a-mole pops up where it should not in first place if they'd do their job right.
(I am a Windows user, and below the UI is some really amazing stuff, and that compatibility is amazing - you can copy calc.exe, pbrush.exe, the screensavers and a few others things straight out of Windows NT 3.51, and they just work in Windows 11, including unicode support in case of cardfile)
-
-
Sunday 21st April 2024 17:22 GMT fg_swe
Security Risk MS Office
A single hostile VBA script running inside MS Office can do huge damage:
-encrypt all C files of user(despite having no business in programming)
-steal all CATIA drawings (despite having no business in mechanical engineering)
-forward all VHDL files on user's network drive to Ivan Hackov in Irkutsk(despite not being an EDA tool)
Etc.
MS Office is a first order security risk ! Uninstall it !
-
Sunday 21st April 2024 17:50 GMT Jumbotron64
This headline should not be the shocker. The shocker should be that he said this on a podcast and not make it official US policy and position to name and shame Microsoft in public and announce that the Federal Government along side the Pentagon and all the alphabet agencies were now going to look at alternative OSs and Open Source software stacks and unless and until Microsoft got their shit together.
-
Monday 22nd April 2024 12:22 GMT Tubz
Why are governments agencies and military etc using a consumer OS, yes server is still a consumer OS even if it's been tweaked, they should like I believe the Chinese do or trying to do, have a homegrown hardened and secure OS, yes even if that is Linux, locked down tighter than a ducks ass in water, that every app runs in a sandbox, has predeclared requirements and limit approve communications between apps and resources, not a free for all mesh of interlinking comms processes and updates are controlled by a team that know what they are doing and actually quality control them.
Surely it can't be that hard?
and don't call me Shirley !
-
This post has been deleted by its author
-
Sunday 21st April 2024 17:57 GMT Grogan
Those futhermuckers control the very keys to boot your computer (well, not MY computer as I have that shit disabled, but still). That whole UEFI boot horseshit is their baby too. That really burns my ass that I have to keep my boot loader on an archaic Microsoft file system with poor fault tolerance and fake file permissions now.
-
Sunday 21st April 2024 20:25 GMT Jumbotron64
Why do this to yourself? I migrated from Microsoft to Ubuntu Linux even before Windows 8 and then took the family with me when 8 came out. Now my household is ‘NIX only. UNIX in the form of MacOS and Linux in the form of Ubuntu. On all three I run LibreOffice, GIMP, Blender, DaVinci Resolve, Office 2016 through WINE on all three, Firefox and Brave browsers,Thunderbird email client, even Vim and Zsh on all three. Pretty much with the exception of Apple specific apps that came with my MacBook all three platforms are harmonized software wise. They all talk to each other via my home network. I even set Ubuntu’s dock from the side to the bottom of the screen so when anyone needs to use either rhe Mac or the Ubuntu computer it’s painless. All three devices have run for years without incident. What a joy it has been since leaving Microsux for good.
-
Sunday 21st April 2024 20:52 GMT Jou (Mxyzptlk)
> UEFI boot horseshit is their baby too
That one is on Intel. And, per design, it is capable to read any filesystem. But then it came down to the lowest common filesystem since it is the cheapest and every OS can read it.
Apple is at fault too, since they are the first BIG adopter of UEFI, paving the way.
-
This post has been deleted by its author
-
-
Sunday 21st April 2024 22:46 GMT aerogems
You do realize this article wasn't about your personal desktop, right? It was about the systems that run entire government agencies. It's like the large scale ERP market. There's no good option, just "how much shit do you want in your daily shit sandwich?" Microsoft is the least bad* option, which is why they displaced all the Unix vendors of yore. You try dealing with IBM, Fujitsu, Oracle, or anyone else and you're going to quickly find that however bad you think Microsoft is (and they probably are), it can be muuuuch worse.
* For those of you who tend to leap immediately to absolutes, this is not saying it's a good option
-
-
Sunday 21st April 2024 18:17 GMT aerogems
That there needs to be more competition I will not dispute in any way. However, at the high end of things, Linux really just can't compete because people expect to be able to have a phone number or something they can call when things go titsup, and that a vendor will drop everything to send someone out to fix it. That leaves you with the likes of Oracle, and as bad as Microsoft is, Oracle manages to outdo them in basically every way is bad for you as a customer. Then there's Fujitsu, though after the UK Post Office thing, it should give anyone pause before signing on the dotted line. IBM keeps getting into legal trouble and selling off all their interesting business units. Who's left? HPE? They're like a combo of all the others.
-
Sunday 21st April 2024 18:52 GMT fg_swe
FALSE / Linux, Open Source Support Contractors
https://ubuntu.com/support
https://www.suse.com/solutions/business-critical-linux/
https://www.credativ.de/open-source-support-center/
https://www.postgresql.org/support/professional_support/europe/
There are plenty of commercial support companies around. Thousands of highly skilled Linux consultants in addition to that.
No, there is a different reason for the lack of love of open source software. It does not look as polished as Windows and Office. Looks are completely deceiving though, almost inversely proportional to actual security.
-
Sunday 21st April 2024 20:19 GMT aerogems
Re: FALSE / Linux, Open Source Support Contractors
Tell me you've never worked at any kind of high level operation without saying it. Those solutions may work for your average company of probably fewer than 1,000 employees, but they are not viable for Fortune 500 and above. Especially, not government agencies.
Let's just say we're talking the US Department of Defense for example. Out of those "thousands of highly skilled Linux consultants" how many do you suppose have a security clearance in the Washington DC area? A dozen maybe? Two? Now what are the odds you can get any of them on the phone if shit goes south at 3am on a Saturday and you need things fixed like last week? Probably next to zero. Maybe you get lucky once in a while, but do you really want to trust vital military operations to chance at being able to find someone with the proper security clearance picking up the phone and not being inebriated or otherwise incapacitated? Same goes for all the outfits you list. How many of them do you suppose staff people with a security clearance? You know how much it costs to have just one person go through that process? Assuming you want everyone to have the highest level clearance, so they can work on basically anything that comes up, you're looking at around 5 grand/person, and not everyone is going to be able to pass that rigorous of a background check. Again, out of the "thousands of highly skilled Linux consultants" out there, how many do you suppose could pass the necessary background check to get even your low level clearance? That's like never having been arrested, no history of drug abuse, good credit rating, US citizen, and more.
No, there is a different reason for the lack of love of open source software. It does not look as polished as Windows and Office. Looks are completely deceiving though, almost inversely proportional to actual security.
Just.... no. Some of it is inertia, some of it is "it's what people know/are familiar with" but a lot of it is interoperability. Yes, yes, you can save files in Word format using LibreOffice, but sometimes it's not 100% and there's something to be said for not having to think about that when people are trying to communicate with outside vendors/contractors. Would it work 99% of time time? Yes, but you know that 1% of the time it doesn't will be some major contract worth hundreds of millions or more. Look at the infamous city in Germany that tried switching to Linux and LibreOffice (maybe it was still OpenOffice back then) and went back to Windows after a couple years. If you read into their reasoning why it wasn't just, "Oh, everyone's familiar with Windows." It was things like their training budget exploding and support costs skyrocketing.
This is all ignoring the political element of things too. All the major companies operating in this arena have lobbyists who will make sure a few politicians with loose scruples will drag the head of an agency in front of a committee for a serious dressing down if they get wind of that agency going with some smaller outfit.
You, and people who read rags* like El Reg can probably be just fine using Linux and LibreOffice. Now, imagine the most technically illiterate person you know, who can barely manage to change the channel on a TV let alone operate a computer. You've probably met people like this in the workplace: they're very hard workers (or maybe not), but they lack any and all sense of imagination and initiative. They will forever do a job the way they were first shown how to do it, and that's the only thing they can comprehend. Now imagine you have to support literally thousands of people like that. You want to be taking calls all day from people like that?
* Meant in the most loving way possible
-
Sunday 21st April 2024 20:25 GMT fg_swe
Showing Your Hand
You are simply a paid MSFT propagandist. I can see that from all the talking points you bring up.
Let me shatter just one argument: IBM/Redhat surely has a sufficient number of employees with government/DOD clearance. The cleared ones can reach out to many top class kernel engineers inside Redhat to fix any issue.
-
Sunday 21st April 2024 22:40 GMT aerogems
Re: Showing Your Hand
Another excellent example of what keeps Linux out of large enterprises: Sure, most people might behave professionally, but for better or worse, they see assholes like you and that helps form their opinion about Linux. I mean, you can't come up with a counterargument, but rather than take the approach of a mature adult and simply admit you don't know, you take the churlish and childish approach of calling the person a propagandist. If I have a paid support contract with your employer, and I get someone like you on the phone when every minute things are down the company is losing thousands of dollars, you can damn well bet there will be a conversation happening with your boss in very short order.
I've probably forgotten more about Linux than you'll ever learn. Same for a lot of the people on here. There are a couple who could probably say the same about me, but only a couple. I was using it before it was "cool" and a status symbol to try and show how "l33t" you are when all you really want is something that looks and acts exactly like Windows, but isn't Windows so you can sound impressive to people who don't know any better. Most people had never even heard of Linux when I started using it. I created my own little shell script to grab the KDE 2.0 daily CVS source tree back before it even hit alpha and they were trying to use QT's MOC thing, configure it with my preferred GCC flags, compile, and then install it. That isn't even overly impressive really, though it's more than 90% of Linux users today can manage. I had command aliases set up for different types of tarballs, I would regularly bounce around between different window managers, and this was also back when you had to find and manually enter in modelines for LCD monitors. I was there when DRI was introduced to XFree86, I was there when X.org forked off from XFree86. I made custom tweaks to my init.d scripts, compiled my own custom kernels, configured LILO and GRUB to boot said kernel... Back when I was using Linux, this sort of thing was considered basic level stuff, but these days most Linux users will just stare blankly at you if you ask them about any of it.
Then my needs changed, I used Mac OS X for a time, then my needs changed again and I'm using Windows. Who knows what the future may bring. Maybe I'll be back to using Linux again this time next year, who knows?
Let me shatter just one argument: IBM/Redhat surely has a sufficient number of employees with government/DOD clearance. The cleared ones can reach out to many top class kernel engineers inside Redhat to fix any issue.
IBM may have a lot of people with a security clearance, but how many of those people do Linux work? It's probably a relatively small subset and more a happy coincidence than any sort of deliberate choice on the part of IBM. It's also not just about kernel issues. It could be something with KDE/GNOME, it could be something with say glibc or GTK+. Maybe someone slipped through the cracks and their system wasn't updated for the last couple years, and now there are a bunch of dependency issues. Be sure not to miss that beautiful forest around you because you're so focused on the trees.
-
Monday 22nd April 2024 06:54 GMT fg_swe
Linux Support
Let me repeat this: there are probably tens of thousands of highly experienced Linux software engineers in the U.S. alone. Some of them work for the big Linux companies such as Redhat, Oracle, HPE. Many more work for smaller consultancies and many are self-employed.
A lot of them have all the clearances the government needs. Many more are eligible. Your fear-spreading about this aspect is baseless.
The government are idiots when they give more than 30% of their business to a single supplier. Instead, they should have serious Apple, Google Chrome and Linux seat populations. The data center should be a healthy mix of LInux, BSDs, commercial Unix, Windows Server and mainframes.
I have seen the internals of Deutsche Börse, which can easily compete with most government agencies in terms of computing power. Their Linux based trading system works very nicely. So does Google Chrome, Google Search, Facebook and many other large scale cloud systems.
-
This post has been deleted by its author
-
-
-
-
-
Sunday 21st April 2024 19:42 GMT Anonymous Coward
However, at the high end of things, Linux really just can't compete
"However, at the high end of things, Linux really just can't compete because people expect to be able to have a phone number or something they can call when things go titsup, and that a vendor will drop everything to send someone out to fix it."
Is this a joke???? Ever heard of Red Hat? IBM? Oracle? SUSE? Even Canonical offers mission-critical enterprise SLAs.
I guess IT must be a new field for you when you really believe Microsoft would be actually "send someone out to fix it" if its shit breaks. Because that's not how these things work.
"That leaves you with the likes of Oracle, and as bad as Microsoft is, Oracle manages to outdo them in basically every way is bad for you as a customer. Then there's Fujitsu, though after the UK Post Office thing, it should give anyone pause before signing on the dotted line. IBM keeps getting into legal trouble and selling off all their interesting business units. Who's left? HPE? They're like a combo of all the others."
Please explain what HPE has to do with your silly claim of Linux being "unable to compete", considering it's not even a Linux vendor. Same for Fujitsu.
Oracle is a Linux vendor, and of course Oracle Linux has all the DoD certifications for being used in classified environments, and as mentioned Oracle most certainly offers mission-critical SLAs. Same for IBM, which not only has Red Hat but other parts of which provide all kinds of big boy services around Linux, including mainframes.
-
-
Sunday 21st April 2024 22:45 GMT Anonymous Coward
Re: However, at the high end of things, Linux really just can't compete
"I mean... if you're not going to read my post, why bother responding?"
Well, I did read your post, this being pretty much a field of I work in. And I must say that your musings are mostly made-up nonsense. Although I'm not sure it's because you're really a Microsoft shill as the other poster concluded, as my gut feeling is that you're just talking out of your backside.
And it's not just the nonsense about how many security cleared Linux consultants there are which gave it away (for example, we have direct instant access to over 500 just in the mid-west if needed, and that's just a small group out of a much larger number). It's also very clear that you do not understand the basics of U.S. government security clearance principles, otherwise you wouldn't utter naive stuff like "Assuming you want everyone to have the highest level clearance, so they can work on basically anything that comes up" (as if giving people a higher clearance "just in case" was even a thing).
I can say with 100% confidence that you have never been near anywhere infrastructure relevant for national security, or classified infrastructure in general.
And then for some reason you go on about LibreOffice, followed by some completely made-up arguments as to why Munich's Linux migration failed (hint: it wasn't the support costs). And let's not get into the nonsense argument of Linux desktops looking different, as this has been BS all along (and not just because people manage just fine with the different UIs of smartphones, IoT stuff, smart TVs and other gizmos in life, aside from the fact that Microsoft regularly makes major UI changes to all its products, which you conveniently neglected).
I'm fairly sure any contact with IT you might have had has been limited to something more akin to MS Office on your parents' Windows laptop than to a datacenter. Your posts tell as much.
-
Monday 22nd April 2024 00:08 GMT aerogems
Re: However, at the high end of things, Linux really just can't compete
Well, I did read your post, this being pretty much a field of I work in. And I must say that your musings are mostly made-up nonsense. Although I'm not sure it's because you're really a Microsoft shill as the other poster concluded, as my gut feeling is that you're just talking out of your backside.
Uh-huh... Whatever you say coward who won't even put their name to their posts.
"I'm an expert, but I won't tell you anything about me, even my name, and I can't give any specifics. Still, you should trust me!"
And it's not just the nonsense about how many security cleared Linux consultants there are which gave it away (for example, we have direct instant access to over 500 just in the mid-west if needed, and that's just a small group out of a much larger number). It's also very clear that you do not understand the basics of U.S. government security clearance principles, otherwise you wouldn't utter naive stuff like "Assuming you want everyone to have the highest level clearance, so they can work on basically anything that comes up" (as if giving people a higher clearance "just in case" was even a thing).
I spy, with my little eye, an anonymous coward who can't provide a single specific example. It's consulting 101 that the more things you can work on the more valuable you are. If I only have Secret level clearance, I can't work on systems with Top Secret level info, but if I have Top Secret clearance, I can work on Secret level systems as well.
And then for some reason you go on about LibreOffice, followed by some completely made-up arguments as to why Munich's Linux migration failed (hint: it wasn't the support costs). And let's not get into the nonsense argument of Linux desktops looking different, as this has been BS all along (and not just because people manage just fine with the different UIs of smartphones, IoT stuff, smart TVs and other gizmos in life, aside from the fact that Microsoft regularly makes major UI changes to all its products, which you conveniently neglected).
This is why I asked why you bothered responding if you weren't going to read my post, because this was all covered.
I'm fairly sure any contact with IT you might have had has been limited to something more akin to MS Office on your parents' Windows laptop than to a datacenter. Your posts tell as much.
And ending with a personal attack. <chef's kiss>
-
Monday 22nd April 2024 16:33 GMT Anonymous Coward
Re: However, at the high end of things, Linux really just can't compete
Uh-huh... Whatever you say coward who won't even put their name to their posts.
"I'm an expert, but I won't tell you anything about me, even my name, and I can't give any specifics. Still, you should trust me!"
So you're suggesting that you putting a made up name to your posts makes your arguments somehow better (which they are not, but I digress)?
Wow. So who exactly is going personal here? As someone who actually *has* a clearance I am very happy with anonymity, also because I know it cannot be abused as El Reg still knows exactly who I am. Anyway, that as an aside.
I have worked on country wide systems and I thus know from practical experience that MS products are by no means capable of handling anything sizeable. I know of a finance department in a nation that has just got a manager who is a total Microsoft fan, and now they're forcing a change to systems that have been running for almost eons (and would continue to do so with a lot of resilience) to run MS products and the results would already be called farcical if it weren't for this pending disaster hurting literally millions of people - that's what I vehemently object to.
You have large swaths of consultants leading organisations down that path because it makes them money, not because it's better for the client, and governments are no different - they just use the taxpayer's money instead, but it's still people who take decisions they barely have the competence for so they rely on consultants to advise them. And sadly it shows.
-
-
-
-
-
-
Sunday 21st April 2024 22:07 GMT Anonymous Coward
Here is a simple test.
Take all the resources that control and/or store your data flows and find one that is not a subdomain of a Microsoft owned domain. Found one? Yeah, quite impossible, isn't it?
Let me translate that for you: you are not in control. As a matter of fact, you're not even in exclusive control of your access control facility, MFA/2FA or not, and let's not forget who assisted in getting the CLOUD Act established.
If you're doing something you don't want US entities to see (say, working on a world changing patent), don't do it on MS infrastructure, and that has been true for literally decades.
China may be spying, but that doesn't mean the US is not.
-
Monday 22nd April 2024 00:20 GMT RedGreen925
Too bad
he didn't have the balls to say this while in power with the opportunity to do something about it at hand. But then that might have been doing his job properly and crippling his chance at the big bucks jobs once leaving government going to the same parasite companies he regulated poorly. Apparently nothing has come up so now he will tell the truth he should have been doing all along.
-
Monday 22nd April 2024 08:05 GMT Mike 137
"Microsoft has a shocking level of control over IT within the US federal government"
M$ has had an effective stranglehold over most organisations on the planet for decades now (not just over governments, although of course governments think they're more important than businesses).
Particularly now they're driving businesses into the "cloud", they can turn off your IT in many ways, intentional or accidental -- from rescinding licenses to driving incompatible 'upgrades' that kill your computers. But it's not just an M$ issue. The IT vendor community as a whole has long forgotten that it's there to provide a service to users rather than just to
maketake money. -
Monday 22nd April 2024 12:12 GMT Tubz
The megacorps have got too big to be held accountable, a lot of the time, I bet they don't even know what's going on in various departments. I personally believe that the O/S's, be that Windows, Android, ChromeOS, IOS, should spun off in to smaller companies that can focus on making the OS the bets it can be and secure. As it stands, an O/S is something of an afterthought to the megacorps.
-
Monday 22nd April 2024 13:39 GMT fg_swe
Steve Jobs
He was running a tight ship while he was alive. He surely knew how to assemble great technologies and technologists. A great attention to detail, while capable of seeing the big picture*. A giant businessman in the best sense.
All while being a total a$$ relative to his daughter, before you accuse me of worshipping.
*seeing the smartphone before Nokia could see it.
-
-
Monday 22nd April 2024 14:37 GMT Marty McFly
Microsoft is not a security company!
Exceptionally irresponsible to charge money to fix security related product defects.
They do it every time they EOL an OS. They will continue to fix security defects(*), but they will charge extra money to customer who are stuck on the platform. https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-7-eos-faq/windows-7-extended-security-updates-faq
'We created a shoddy product. You are stuck with it. We know it. Bend over and grab your ankles. Here is your bill.'
Why do we keep tolerating this? I guarantee any other industry would be forced to do a product recall.
* Defects, specifically security related. Not performance related, not crash related, and certainly not new features. Security defects, built in to the product to generate future revenue.
-
Monday 22nd April 2024 15:04 GMT Version 1.0
Re: Microsoft is not a security company!
This whole thing is normal American views ... for example locally the news is "3 separate shootings overnight in Baton Rouge leave 2 dead, 1 hurt" and America is saying everywhere that all the laws that would have stopped people walking around with guns in their pockets are deleted.
Another situation is that Microsoft is not a national security threat, it just uses the Internet (a bit like walking around town with a big gun in your pocket) - guns a only a problem when people use them badly and the internet is only a problem when people use it badly.
Today's world is that companies are busy making lots of money without worrying about people being shot or malware delivered.
-