Re: You know the drill
Funny you should mention that, on Tuesday, our anti-malware solution was flagging assets coming from the Shopify domain as malware...
6756 publicly visible posts • joined 27 Nov 2009
The same danger was exemplified in October's Atlassian zero-day, which was exploited eight days after disclosure.
If it was first exploited 8 days after disclosure, it wasn't a zero day. Zero day means that it was being actively exploited before the developer was informed... So, it can't be a zero day and only exploited after disclosure...
It isn't just the programming, it is the security of their systems in general. The exposure of the certificate that allowed hackers to compromise government email in M365 Exchange, for example, were captured in the clear.
MS announced they are now "leading the way" by putting those sorts of keys (and code signing keys) into hardware secure enclaves, just like everybody else has done, following best practices for years!
The same here. 90% of the virus warnings we get at work are adverts on legitimate sites.
At home, I run PiHole, which blocks most things.
Interestingly, as I was reading this article, I suddenly realised that there were no ads being displayed. I am not at home and we don't have any DNS blocking at work and I am not using an adblocker in Firefox... Just tried Safari as well, a couple of Register house ads and that was it and just checked Edge running under WoA, no ads there, either - and just checked another site, no ads there either.
Maybe our AV software has had an upgrade that blocks ads? I'll have to check the settings. Very strange, but nice.
Edit: Nope, just tried a colleague's PC and Chrome and I'm getting adverts, so not AV either. Maybe macOS? :-S
Judging by the adverts, I am a 60+ female, with a newborn baby that needs vaccinating and I wear make-up aimed at teenagers and I need hair products for my voluminous hair.
All this is derived from me watching motoring videos, GTA 5 videos, Wreckfest videos and various Simon Whistler documentary channels...
In fact, I am a 50 something bald man and I don't wear makeup - for teenagers or otherwise.
It depends on the software. A lot of industrial software is Windows only and then only certain patch levels, if you install the latest Windows security patches with the authorisation, the software is no longer supported. If it is running a multi-million dollar production facility and an outage can run to 6 figures in a couple of hours, you really don't want to be running the software on any hardware/software combination that is going to get the support desk to laugh in your face and hang up, with the words, "until it is running on a supported platform, there is nothing we can do, but thanks for the monthly maintenance payments."
A user in the production doesn't care about the OS, he just wants the system to work and to have support when it goes pear-shaped. They wouldn't know a Linux from a SCADA, or a Windows from a SCADA for that matter, they just know, when they turn up to work, the PC shows their production facility and that's it. They don't know or care what OS is running, why virtualise a Windows PC on a Linux PC, when the user spends 100% of their time in 1 application on the Windows side?
Most don't have a computer at home, or they have an aging Windows PC from the previous decade.
Most people really don't care about the hardware or the operating system. They just want to be able to do their job, which is usually some LoB software, ERP system, with a bit of email and Excel thrown in for good measure. They have learnt enough about Windows to log themselves in and start the software they need, and they've learnt to use the software they need. At home they probably use a smartphone and/or a tablet these days.
My wife, for example, has my old laptop, but she powers it up maybe once a month (and then complains that every time she turns it on, it needs to perform an update!), at work she has a 15 year old Dell Vostro laptop that she uses to make her weekly orders. The rest of the time, she uses her iPhone and iPad, she doesn't care about computers and would happily thrown the damned thing out the window! This seems to be pretty typical of the users where I work as well. The PC is a sufferance they need to use to do their job, they don't care about it and they don't want to actually learn how the OS works, let alone what OS they have, just as long as the UI doesn't change.
We generally have a 400€ PC in the production areas, connected to WinCC and our Windows based ERP software. A Mac mini would be nearly double that and would need Parallels and a Windows license on top of that, and they'd still spend most of their time in Parallels.
It very much depends on what software you are using and whether it is cross platform.
Also, most of our users don't care about computers, they don't care what operating system it is using, they don't care what brand it is, they just need to know want to know which icon to click to start their ERP software and mail client and that's about it. They live in those 2 applications, everything else is irrelevant, as long as it works. Probably less than 10% of our users care about computers, let alone know how to use Windows or macOS for more than starting their programs.
It also very much depends on the corporate software. Office 365 runs anywhere, as you say, but most of the important software, like ERP, CRM, manufacturing control, warehouse management etc. are a lot more limited and for a majority of users, they live in those applications, with Outlook and a bit of Excel on the side, so their PCs have to run the OS that those tools dictate and for many, that means Windows...
(Says he, writing this reply on a MacBook Air M1, but the only one in the company and it was a fight to get it connected to the domain and I have Windows on ARM running in a VM for some of the legacy software, not something I'd be happy putting the average user through.)
It only matters to, say, end users? :)
Except the end users usually don't get a choice. Here they get a Core i3 desktop in the production or a Core i5 laptop in back-office due to the Corona Lockdowns, otherwise they would generally still be on Core i3 or i5 desktops as well.
In most businesses, there are very few users that actually need a powerful PC. The only ones here that get something more than a Core i5 laptop are the CAD engineers, who get workstations, but that is less than 1% of the workforce. For the majority, a Core i3 or i5 (or an M1 Mac) is more power than they will generally need.
I use a MacBook Air M1 that was left over from an MDM project and had sat in a cupboard for 2 years, until my Windows laptop broke last month. With Parallels and Windows on ARM for a couple of legacy applications, it works fine for me - and I use a Mac at home for photo retouching work, it replaced a Ryzen 1700 desktop PC, it was a little faster than the Ryzen at the tasks I need, but uses much less power.
from a software prespective I find that Apple supports an older OS a lot longer than Redmond does.
That is the argument that got me to buy a 24" iMac with Intel processor, when they can out. Apple dropped support for it in 2012, when the motherboard finally failed in 2019, Microsoft Windows was still in support on the Bootcamp partition and was all it ever got booted into.
I'm hoping that my M1 Mac will fair better...
Not where I work and have worked. The capital writeoff tends to align with how taxation allows you to write it off, and Apple's warranties are sensibly in sync with that.
I've never worked anywhere that has worked on replacing equipment on capital wirteoff timescales. Everything beyond the writeoff timescale is a bonus. We generally replace any remaining kit between year 8 and year 10, if it breaks sometime after year 5 it gets replaced, if it is under 5 years, it is assessed to see if it is economical to repair.
First off, repair is a skill that you have to acquire and is in most businesses a cost Most companies I've worked with tend to call out a Dell or Lenovo engineer to come and fix parts when they go wrong so it's not inhouse to start with,
Again, not my experience. We've replaced 3 batteries on Dell laptops this month (first ones we've had to change in the 5 years I've been with the company) and it was very easy. We had a new laptop with a defective cooling system, Dell did send an engineer out for that, as it was under warranty. And we've replaced a few SSDs, you don't generally need an engineer for that either. But over the last 5 years, with around 500 PCs in total, I'd say we've had hardware problems with less than 1% of them - ages between new and 10 years.
But I'd go further in that insofar that I also have to consider supporting people when they're travelling, and here is where Apple has a massive advantage: I can send people down to an Apple shop to either get a fix or a replacement.
Fine if you have Apple Stores near you. Our nearest one is a 3-4 hour drive away. But for the equipment under warranty, we have next-day on-site, worldwide support. The user doesn't have to go anywhere, the support comes to them. For the older kit, it will be replaced and shipped to them.
What's more, most of the tools they need are already built in - at no extra cost. Remote viewing? Messages - Conversation - Ask to share screen. Open Standards compliant SMTP/IMAP/carddav/caldav support? Part of the default loadset. Do I HAVE to use Microsoft? Hey, it's cloudy now so just start up Safari or Firefox (IMHO still better)
We are chemical production, so everything pretty much does have to be Windows - for most of the industrial equipment and lab equipment, you have the choice of Windows or Windows... And often that is connected via serial ports. We are also in an area where cloud is not an option, pretty much everything is local applications and information stored within the company firewall.
If you work in an industry where you aren't limited by the software you have to use only being available on Windows, that is fine, you have more options, but a lot of LoB software is still Windows based.
In the case of remote support about the only language issue may be the keyboard, but it appears Apple sorted the international language issue eons ago - Microsoft is STILL stuggling with multilingual setups after only being in business for what? 30 years or so?
We support users in many different coutnries, mainly Germany and USA, but Finland, Japan, Brazil, Belgium etc. and we've not really had many problems with remote support.
AD control is an absolute dog.
And a neccessity for many. If you can get along without it, fine. But many places don't really have a choice. I got my MBA connected, but I'm glad that is a one-off.
Do you want to take about card slots or USB? The USB-C socket is quite universal (and came actually from the work that Apple did with the Lightning connector) and the card slot was re-introduced recently
I thnk the OP meant PCIe card slots, as opposed to memory card slots. USB-C is fine for many general things, but again, like you SCADA example, you can't beat a genuine serial port, for example. We have a lot of PLCs, industrial scales, weighbridges and lab equipment and a lot of it doesn't like Serial to USB, let alone direct USB. Most of it has the option of Windows software, if you are lucky, it will run on Windows 10 (but not 11), we still have a lot of kit that requires XP or Windows 7, which means we have a lot of isolated PCs that can't talk to the backoffice network, let alone the Internet. For most of it, there is no Linux option, let alone Apple option for software.
Then there is our LoB software, most of that is Windows only as well. We could use Macs (I do, but I am the only one), but it adds unneeded complexity and cost, because each one would need Parallels and Windows on ARM to get that LoB running - and some of it won't run on ARM, even under emulation.
Teams works better on Mac, Microsoft's RDP client on the Mac is better, but all the important software we use is Windows only, so everybody only gets the choice of Windows. If you are in an industry where the software works on multiple platforms or is cloud based, you have a lot more options for hardware and operating system. But there are still a lot of places that need specific hardware and operating systems.
I'd like to do a lot of things differently and use different hardware and software, but I am limited to what our LoB software runs on and that is simply Windows. Many businesses can't just unplug one OS and plug in another, the software is what is important, the operating system and the underlying hardware are an afterthought, dependent on the software that is being used.
I agree for the most part. I use a Mac at home and now at work, because my Windows laptop died and we had a MacBook gathering dust in a cupboard. But all of our software (industrial scales, weighbridges, lab equipment, production controllers, warehouse management, PLC management etc.) is mainly Windows only, so for a majority of our users they would be a non-starter.
1) We are on a 7-10 year replacement cycle, if the kit doesn't die first, but no extended warranties, kit over 3 years just gets replaced, if it fails, but a majority of kit holds at least 5 years and we still have a lot in the 8 year + range that have never had any problems.
2) Yep, getting my MacBook Air into the domain involved jumping through many hoops, but it eventually worked. Okay for one device, but not something I'd want to do on a regular basis.
3) For 98% of our users, not a problem, but there are a couple of PLC programmers, where finding a Windows laptop that still has a real serial port is hard to find!
4) I use and external keyboard 99% of the time (MacBook is docked at work or at home to a 44" 4K monitor with an external keyboard and mouse), but I find the keyboard is okay, not as good as a Lenovo or HP, but better than the cheap keyboards our desktops get delivered with..
Given most of our hardware (industrial scales, weighbridges, laboratory equipment, PLCs and warehouse management systems only have Windows based applications to control them, Macs, let alone tablets or phones, are well down on our list of PCs we'd consider.
I am using a MacBook Air as an interim replacement for my old Windows laptop, which died (the MacBook Air was a left-over from an MDM project & surplus to requirements, sitting unused in a cupboard). I like it a lot, and with Windows on ARM running under Parallels, it does a great job and I'm in no hurry to order a replacement Windows device. But for the majority of our users, Macs would be non-starters as they know how to use their control software, but even getting them to do something as simple as starting an RDP session to access the ERP software is confusing enough for many, let alone trying to explain having to start Parallels to actually get to the software they need, it is just added complexity. A 400€ Core i3 PC with a 256GB SSD and a 24" monitor is a much cheaper and simpler solution that fits their needs much better than an expensive Mac plus Parallels + a Windows license.
There are a lot of places where Macs are a much better solution (and I use a Mac at home as well), but in normal industrial businesses they aren't even on the cards. It still comes down to the best device for the job at hand, for the types of job usually found in industry, a Windows PC is still the go-to choice.
I'm lucky, my boss (IT Manager) is open minded and doesn't care what we in the IT use, as long as we can do our jobs. One has Linux, the rest have Windows and I have the only Mac the company ever bought, But for the users, it is the simplicity plus the fact that the software they use is only available on Windows that limits their choices.
My ThinkPad died last month. I looked at ordering a new laptop, but wanted to wait for the 14th Gen stuff to come out... We had an old MacBook Air M1 sitting around in a cupboard doing nothing (bought for MDM purposes, but never needed), so I thought I'd use that as an interim solution, while I wait for the new models to come online. I can run 85% of what I need on the MacBook natively, but with Parallels and Windows on ARM, it fulfills 100% of my needs and it is faster than my old ThinkPad T480 for the Windows stuff - a couple of legacy applications, plus Outlook, because Outlook for Mac can't talk to Exchange, only Outlook.com, Yahoo! and GMail...
With it connected up to my 44" monitor, it is doing a fine job and it is silent. I'm now not really in a hurry to see what new Intel processors come along, maybe wait and see what 2025 brings...
I'm the same, although I also have a PiHole at home and that puts a blanket ban on all known Meta domains.
My daughter came to visit and complained that the Internet wasn't working. I checked, all fine. Then she said, that she couldn't view Instagram, I told her, Internet working as expected. :-D
Same, I have a 32GB Ryzen, which I replaced with a 16GB Mac mini M1, same performance and no memory problems.
At work, I just replaced my dead ThinkPad with an MBA M1 8GB and it is just fine for the work I do (sys admin work). It was supposed to be an interim replacement, until I ordered a new Windows laptop, to be honest, I've seen no need to order a replacement yet.
On Windows, I'd agree with you. Doing a 5-way conference, Teams was stuttering on my 8GB Windows laptop and I had to quit Outlook, browser andjust about everything else that was running. On the Mac, with 8GB, Teams doesn't cause any problems in the same situation. I'm actually pleasantly surprised how good the M1 MacBook Air is with 8GB, that I am using as an interim replacement. To be honest, I'm happy to wait a year or so, to see what happens on the Intel/Qualcomm front, before ordering a replacement.
That said, our desktops are still 8GB for the most part and most users don't have any problems with that. Most of the laptops are now 16GB, but I'd say 75% of our fleet is 4GB or 8GB.
I would have said the same thing 2 years ago.
I bought a Mac mini with 16GB, which was a step down from the 32GB Ryzen system it was replacing, but it was fine for my needs.
My ThinkPad T480 died recently and I dug an 8GB MacBook Air out of the cupboard, which had been bought for activating iPhones for our old MDM system. It was surplus to requirements and just shoved in a cupboard. I was surprised, it runs better than the ThinkPad, with Parallels and WoA for a couple of legacy applications. It is probably at its limits, in terms of memory use (Outlook, Firefox, WoA Parallels, TeamViewer Manager, TeamViewer, Teams, VOIP client, Microsoft RDP client, Safari, Books, Excel and shell running, it takes up 7.5GB from 8GB), but it doesn't pause, doesn't stutter, it just works.
Even with a 5-way Teams conference, I don't have to quit other applications - on the ThinkPad, I had to quit just about all running applications, because it ground to a halt and started stuttering.
For normal office use, 8GB seems to be more than acceptable, although, coming from a Windows world, I wouldn't spec it with less than 16GB for my own use, but I do do photo editing on the side.
If you watch their adverts, you'd think you were working in Shangrila!
I'm currently being bombarded with 2 ads, one of a young woman who is being encouraged by Amazon to improve herself and become a manager and they are paying for her training and the other is a new father, who, thanks to the Amazon Family Bonus, could afford to take a 3rd month off after his daughter was born to help is wife.
Talking of which, a colleague was sent on a project to a flour mill. The IT manager of the customer set up a trestle table wih power strips in the production hall for the consultants to use.
"It was dreadful, smell of mould and flour and the air was thick with flour dust!" He recalled.
Cue H&S appearing on the scene & evacuating the whole site, before shutting down the power to the section of the building where the table was! The IT Manager had just ignored the overhead pipes transferring flour from one side of the building to the other, which weren't 100% air-tight and were constantly letting flour fall down onto the table...
And pay for the licenses to use the copyrighted material in their training model or remove it all.
The problem is, theoretically, if you listen to music, you have paid for a license to listen to it - either via a streaming service or buying a license/CD/LP etc. Obviously, there are the black sheep out there, who download the music illegally, but that is the same argument as the AI using unlicensed music for training.
The rumours circulating in German IT forums are, that the networking gear licenses ran out and nobody bothered to renew them.
Rumour has it, that the person who switched from 5 or 10 year licensing for the network gear to annual left the company a few months back and nobody took over the responsibility for the licensing, so when the invoice turned up, nobody countersigned it, so accounting didn't pay, as it hadn't been signed off... The networking gear then stopped working, when the licenses expired...
When that is the case, big oops!
Probably because most people don't have graphic cards or slots to put them in. Most have laptops or compact desktops with integrated graphics.
Also, GPUs are much more efficient than current CPUs at AI tasks, but they are still a long way from being optimised for AI. Then there are bandwidth issues, the graphics RAM is quick, but you still have to shovel all the data over the bus to the graphic card.
This is where integrated designs, like the Apple Silicon range excel, fast memory directly integrated into the chiplets.
Integrating the NPU into the CPU, along with graphic cores, makes sense for a lot of devices, where GPUs are not needed or there is no energy or thermal overhead to cope with them.
I'm glad I have a dumb car, and I won't be updating it to anything smart.
Given the track records on security alone, I just don't see these companies providing monthly security updates in 10, 15 or 20 years. I'll continue to treat cars like every other appliance I buy, I'll buy a dumb version and add cheap, replaceable smarts, where they make sense.
Europe has relative good free speech rules, but you can't incite to riot, cause harm, death or racial hatred for example.
Germany is more sensitive, holocaust denial and the glorification of national socialism is illegal, which, given their history, is understandable.
The big problem with these platforms is, they ignored such laws when they were small or threw lawyers at the problem, instead of actually tackling such problems, until the cost of lawyers and fines exceeded acceptable levels or the cost of doing it properly. But, by the time they were big enough that authorities really start pressing them to comply with the law, they were too big to do any sort of compliance at scale.
If they had implemented the compliance at the beginning, it would have scaled with their userbase - the userbase wouldn't have been able to grow as quickly, as it would have to have been held in check with their compliance responsibilities, but at least we wouldn't have the problems we face today. But lawyers seem to be cheaper than staff to actually deal with the problems these companies have caused.
No, you can do that. But other programs shouldn't be able to that without your permission.
If you try and edit the config file yourself, you should get a warning, but can continue.
If another program tries to edit the settings, or replace part of the program, it is blocked and you are warned, if you started that other program, you can let it continue, but until you give it permission, it should be blocked.
This is the part that is broken, if that other program uses a sandboxed program, like TextEdit to do the dirty work for it (automation), you don't get warned. If you try and edit the config file yourself with TextEdit, you won't get a warning.
The PDF example is a system wide operating system setting, it isn't changing the PDF reader or its settings, it is using a central OS API function to define which application the OS calls, when opening a PDF file.
This is one application changing specific settings in another application, or the application's code. Only the program itself should be able to change its setting.
For example, you don't want a rogue web browser add-in changing the configuration of the AV software to whitelist the downloads folder, so that any files downloaded are no longer checked for malware, the security mechanism should stop this, but it seems, if it uses a go-between (E.g. a sandboxed app, like TextEdit) to do the work for it (automation), it can bypass this security feature.. This is what the feature in macOS is supposed to stop, but it seems that it is not doing its job properly.
SfB still exists. There is still SfB onsite. SfB in Microsoft 365 has, AFAIK been deprecated and users moved to Teams.
This is the editing of the configuration file that belongs inside the application packet. This should be blocked by the OS and letting the user decide whether to continue.
The nearest equivalent on Windows would be a user trying to change a configuration file in the application folder or Windows folder, Windows will ask them to enter the administrator username and password, before they can save any changes (assuming they are following best practices and aren't logged in with an administration account). This is a bit more thorough, or rather is supposed to be more thorough, even logged in as an admin, an application shouldn't be able to change another application or its settings, without the OS informing the user of the fact and letting them decide, whether to proceed or not.
This would, for example, stop malware from changing the settings in the web browser to stop it checking for malware, or changing the AV software to whitelist a certain app or directory, for example, or overwriting an application with an infected version. Using automation and existing sandboxed apps, the malware can seemingly get around this restriction.
We had a sex-obsessed character in one game. The DM was getting tired of him wenching his way through every tavern or encounter on the road, so he had made one encounter with witch, who cursed him...
Let's just say, if it was dark, we didn't need a torch, just a trouser-less dwarf. It also made the character less appealing to the women he encountered...
My T480 is nearing its end of life. My colleague had an L480 and joined a month after me, but it died a couple of months back - it looks like that generation of Ls had a lot of problems with dry soldering joints, bad BIOS updates, it throttled itself to 400Mhz on several ocassions, for example.
But with companies championing AI, and Apple putting neural cores in their iPhone and Apple Silicon Macs, it is a poor show that they still can't work out the context of a sentence and decide whether a pronoun or a verb is needed. It is even worse in German, where every verb is also a noun and all nouns start with capital letters, even their keyboard on the iPhone and iPad gets confused with this all the time.
Having the option to mark words as pronouns would be useful - although I suspect, given the sinking levels of comprehension, that might confuse some users.
I know, when I learnt German, I had to go back and relearn some English concepts I took for granted, I knew what nouns, pronouns, adjectives and adverbs were and could use them without thinking, but actually thinking about them, when trying to apply it to a foreign language, made me realise how much I don't need to think when speaking or reading English. And verbs, present, future i/ii, conjunctive, past, past perfect, future i/ii conjunctive, future progressive and so on. Then subject, accusative, dative, genetive, singular, plural (and then in German masculine, feminine or neutum).
I feel for the author and the people he interviewed. I have the problem doubled, in that I dictate or speak to Siri in both English and German and it often confuses the system.
The same is true when typing. On the iPhone, it turns verbs, especially German verbs into nouns (capitalises them) and it often goes back and changes words earlier in a sentence, that you have already checked, with random other words, either changing the context of the sentence or turning it into complete jibberish. As you have already checked those earlier words, you often don't notice they have changed, but I will often be looking at the text whilst typing and notice random words in other parts of the text changing.
Android does this as well, to a lesser extent.
macOS does some autocomplete and if you are typing a word it doesn't know it will always replace it with a known word! I was typing a reply yesterday and it replaced a company name it didn't know with a word from its dictionary every time I spelt it out in full and pressed space. Being a touch typist and looking at some source material whilst typing, I failed to notice this for a while and had to go back and replace all instances with the company's name. I have since turned off the autocorrect feature in macOS.
I hope Apple really do pull their finger out, or realise that it is harder than they thought and go back to dictation software makers and work with them, again.
For me, doctor, dentist, shops (supermarket and clothing, shoe shops, electornics, book store etc.) are within 15 minutes walk, railway as well. When I worked in the city, I'd walk to the station every morning and catch the train to work.
I now work in the town where I live and commute on my bike - 15 minutes. I hardly need to use the car at all these days. When I was in home office, I'd walk to the local supermarket at lunch time and buy ingredients to cook a fresh meal.
I've always lived in towns, where everything was within walking distance, apart from work. I spent a long time working on contract all over the country.
But where I now live, doctor, dentist, shops, railways station are all within 15 minutes walk and work is a 15 minute bike ride (12 minutes by car). I wouldn't want to live somewhere, where I couldn't just pop to the shops at lunch time and buy fresh produce for lunch. Even at work, I can walk around the corner to the supermarket & buy fresh stuff and cook it in the office kitchen.