
The F in F-Tile is for fast, right?
No but for some reason there's a hyphen where the "u" should be.
144 publicly visible posts • joined 7 Jul 2008
So, pretty much anyone could produce this but MS seem like a good candidate.
A jumper to keep in the office to wear on days when there's a new 0day announced that affects you/your company/your cat.
The only potential issue is that the way things are going, you could be wearing it every day in December and early January. Could get a bit ripe...
"given they clearly said Windows 10 was the final release"
They kind of never did. Jerry Nixon (a developer evangelist at MS) said "Windows 10 is the last version of Windows." So it's true that he said this. Once. It's also true that when asked about it, MS has never confirmed this to be true. Sure, they didn't deny it either.
This quote is very much over-reported.
Unless you only want an expensive web browsing device.
On the low end device, you don't get a real SSD but, rather, an eMMC. This is sloooooowwww.
The "cheapest" practical device is the mid-range one. Very nice. I have bought a couple for the family and they're proving popular.
Seriously.
Maybe my gaming PC is similar to their baseline dev boxes? Maybe my play style fits the testing? I've dropped over 150 hours into playing the game and I love it. No crashes, no grief. A few floating objects and a (very) occasional T-pose. Beyond that, it runs perfectly for me. And that lets me concentrate on the oh-so-rich background and scripts.
Definitely one of my favourite games of the last few years.
OK, so FireEye got compromised.
The open disclosure and public release of countermeasures speaks to a mature, planned response. They knew the Red Team tools they had developed were a high value asset and could be targeted. That they have come forwards reasonably quickly and released the countermeasures to their toolset as open source speaks well to their approach and preparedness.
Digital security is a process, not a bounded task. They seem to have clearly assumed breach and had a response ready for the eventuality. This should be a call to us all to put our houses in similar order. I imagine the learnings internally will be considerable and valuable for them. Not suggesting for a moment that this isn't a significant hit but it literally can and does happen to anyone.
To those taking to the schadenfreude pulpit and seeking only to mock, I ask: What would you have done differently?
(PS I have no skin in this particular game...)
in the late 80s, early 90s I helped to deliver a program in the UK prison system that aimed to skill up offenders so they had attractive skills to offer upon release. The big driver then (and now?) is that if you get a released prisoner into work quickly, the chances of re-offending are reduced by an order of magnitude.
Back then, it worked well for those we could get through the courses (limited both by the number of places and the aptitude/attitude of the participants) but the programme ran onto the rocks as we tried to scale it. It was difficult to get enough competent people in place to deliver the content given civil service pay rates.
I wonder if the MOOC model might go some way to address that?
If you're finding Google Search significantly better than Bing Search, it's because Google knows more about you than MS in this context.
As an experiment, I switched my search engine at work to Bing a few years ago and left my personal devices on Google. Within a few weeks, they were pretty comparable and now there's very little difference in the quality of results.
Maps, on the other hand, is where Google definitely wears the crown. No one else has anywhere near the richness of data (and metadata) that Google Maps has and I don't see that changing in the foreseeable future.
The interesting part for me is that this is the first time I've seen a detailed analysis of the cost to the owners of the pwned devices. As opposed to the costs borne by the target of such an attack.
If anything were finally to wake up the IoT industry to the importance of securing their sh!t, it will be their enterprise customers asking them how they will prevent this sort of unexpected spend from the tens or hundreds of thousands of devices to be deployed.
Ambient and edge compute could well become a massive revenue drainer for the unaware.
Anecdotally, the issue seems to be with rebuilds and resets (like powerwashing CrhomeOS but less effective and more complex). I'm hearing from colleagues that they were having BSODs during the process which led to them reverting to the previous version apart from the one instance where the PC needed a full reinstall.
This would explain why a CU won't fix it and they needed a new build so late in the day, perhaps.
I worked with a company going through a similar transition from Office to G-Suite. In the end, they got to 80% of users migrated and did make some savings.
About 15% of users still needed full-fat Excel (VBA/Macros and database connectors were the major factors here) and 10% needed Word (again, VBA but also document automation/assembly).
The keen mathematicians amongst you will note that there was some overlap between the groups.
I hear they're mulling a return to O365 as the interop between the two is giving them headaches.
My anecdotal evidence with the Fenix 5X Sapphire is that it works fine whatever I need it to do. The downsides have been weight (which you get used to) and the cost. That said, this thing is enormously robust and has been bashed and scraped all over the place and still looks as good as new. Sapphire and Steel (the materials, no the show) really do make it all but indestructible.
"With an expansive arm gesture he said "This is the computer suite", and then, to let them see the length of it, he leaned back...."
Did we work together in the '80s or is this more common than I thought?
In our case, the reason the Kill Switch wasn't covered over was that we had just moved the "datacentre" into one end of a Portakabin while our office was demolished/rebuilt.
I noticed the data switch right after upgrading and killed it then. I do a sweep through all the settings after an OS bump but never dreamed that it would have been caused by a part of the process. My assumption was that some app or other had "helped" me to optimise my phone.
As a punishment, I have seen battery life go down the drain. As much as 14% per hour with pretty light use. Anecdotally, this "sorts itself out" after a few days but I'm not seeing any evidence of that so far.
A quick search of t'interweb shows this to be pretty common and there are no obvious solutions other than going back to Nougat.
And, weirdly, my Garmin seems somewhat distressed by the update. The voice updates during activities have gone a bit high piched and wobbly. It really sounds like "she" is very upset. Perhaps by my poor athletic performance?
No. No, they don't. They want to sell through enough units to prove the tech and bed down the manufacturing processes and drivers.
They literally can't sell more than a certain number (No, I don't know what that is but I've heard guesstimates of around 50k units.) as , for example, they can't ramp up production of the titanium frame in the phone to massive scale just yet.
The next model will be the one to watch if they can survive the cash bonfire needed to iron out the wrinkles and extend the range and robustness of the mods.
I guess it was almost inevitable that when Blackberry stopped actually making handsets, they would be able to take all those defensive patents and make some money of them. Nokia seems an odd choice of target to go after, though, as they also don't make handsets any more.
All music/video items are used to pause/restart whatever is playing so you can take/make a call. Also for custom ring tones.
Photos are used to send/receive images and to select an avatar,
Use data on external devices required if any of the above data items is stored on an SD card.
Use your phone is used to switch to/from calls over your MSP service.
Anonymous MS account is a way to associate the device with an account without logging on so that Skype can ring when it gets a call even if you aren't yet logged into it.
Information about device is used to determine device capabilities. (Screen resolution, number of microphones, noise cancellation, etc.
Sensors is used for several things. One example is proximity to auto switch on/off the speaker when you put the phone down or pick it up.
Act as a server is required under the current perr-to-peer environment to do things like group calls.
The ones I don't know about are location, maps and calendar access. Anyone else?
NFC is used for contact 'bumps'. (I assume.)
Patching 100,000 isn't all that hard. You just have to plan and resource it right. And be fanatical about standardisation.
But...
PCs are a fairly generic block of code and hardware when it comes to patching. Aside from BIOS and driver management, they all run the same OS(es) and pull from the a standard set of applications. IoT, on the other hand, promises to need specific devices for each task, each class of device probably running different code on different hardware.
I lean strongly towards simple-at-the-edge, clever-at-the-core unless you have a very limited range of devices. I see one of the challenges for a dispersed IoT environment in replacing failed devices. At least Backblaze have them all in nice, easy-to-find racks...
Never10 implements MSs own KB to disable the nagware. It's the KB that is issued to enterprise customers. These guys are the goose a-laying golden eggs so MS is unlikely to crater them.
Normally, I'm an unashamed MS apologist but this latest twist is too much to find an excuse for. W10 is a great product but these practices are appalling.
So currently, it's seen as riskier to try getting a payload aloft on a second use of the first stage. (30-50% discount).
If it turns out that they can reuse it 20 to 100 times, it'll be the first couple of launches and those as the tail end of expected life that are seen as risky. The premium will be paid for the "tested and reliable" vehicles.
I'm well aware of the provenance of AD's LDAP component. It's delightful that you think that's all it does. It's the additional bits (you say cruft, I say features) that round out AD as the most complete and widely adopted solution.
And there's the thing. I'm not talking about technical merit, provenance, suitability, functionality or anything else. Just that it needs to be recognised that in almost every enterprise, you will find AD implemented. In most of those cases, it is the base on which the rest of the IAM infrastructure is built.
I'm willing to bet the exceptions are few and far between. There must be some enterprises using pure LDAP out there. Probably about the same number as those still relying on Banyan Vines or NetWare.
Honeytokens are going to become a necessity for enterprises using AD. Which is basically everyone. (Cue howling from the 1% that "Never let the Beast of Redmond loose on their iron." News flash: You're an almost insignificant minority. Active Directory is pretty much ubiquitous.)
For example, in recent versions the telltale signature of Mimikatz has been removed so that, without honeytokens or behavioural analytics, this kind of credential theft is very hard to detect.
Definitely one to examine and, if it works well, this could become an essential part of the AD security toolbox.