Posts by Eeeek 11 publicly visible posts • joined 12 Sep 2012
Recently my mother's stove broke down. She had a very nice one. It arrived before all this hoopla about Internet of Things but it had a computer in it. The stove itself could detect when a pot was boiling over and would sound an alarm. It would detect if you turned on a burner, removed the pot, and forgot to turn off the burner and would proceed to turn it off for you. It had a fancy convection oven with self clean feature. It had a computer in it. It just lacked network connectivity.
Then this past Christmas day, it broke. Or more accurately, the oven got too hot and turned itself off when the turkey was only half cooked. The display showed an obscure error message ( Er and some number). The number was not mentioned in the manual (which she still had). So, I took the turkey over to my house to finish cooking it for the last 2 hours and we had a successful Christmas dinner.
The next week, with all the boxing day sales on, she called the repair man. He looked at it, said that the computer wasn't reading the temperature sensor in the oven. Possibly the sensor needed replacing, possibly it was the computer, or even something had happened to the wires. It was going to cost almost as much as the oven did to fix it.
So, instead, she went out to those boxing week sales and purchased a brand new, no computer in it at all, oven for about 1/4 the price of the one she bought about 10 years ago.
Being technical in nature, I was curious, so I borrowed an appropriate temperature sensor, set the dial on her oven, and stuck the sensor in. Sure enough, the over got to within a couple of degrees of where I had set the dial just as the light that says it's ready turned on. All this without a computer.
My non-technical mother has convinced me that there are definitely plenty of situations where I would much rather have something that lacks internet connectivity. Including my next oven.
I hope this little story illustrates to a few of you just how wasteful it is to computerize everything in our lives.
Maybe if Microsoft didn't drastically change the user interface from the way it looks in Windows 7 so that the people who don't like change were willing to give it a try (like my mother and brother), then they would see more uptake with that group of people.
Maybe if Microsoft hadn't turned Windows 10 into the biggest piece of corporate spyware yet seen, the corporations would be more willing to consider it.
Maybe if Microsoft hadn't turned Windows 10 into the biggest piece of personal privacy invading spyware yet seen from a major corporation, the security minded techs would consider using it (at lest the ones that aren't already using some sort of UNIX/LInux as a desktop).
Maybe if Microsoft stopped trying to block people from doing what they want to do with thier own computers, even when that might not be a mainstream activity, there might be more of an uptake from small development shops.
Maybe if Microsoft wasn't trying to force all software developers into the Microsoft Store, the larger developers would be more willing to consider Windows 10.
Need I go on?
I don't know if it was the lazy author at the register or the incompetent researchers at the company that conducted the research but either way there are far too many holes in what is presented to take that article as anything other that spreading fear uncertainty and doubt.
"Three in four (77 per cent) of tested SSL VPNs still use the obsolete SSLv3 protocol". Of course the biggest commercial VPN products allow for configuration of allowable protocols on a per-user (or group) basis, so you won't actual know if anyone can use that particular protocol to communicate with unless you have credentials to test it. It is quite common to allow any protocol during initial handshake and only reject it when the client attempts authentication. Since this was random, the couldn't have gotten past the initial handshake.
"Three in four (76 per cent) of tested SSL VPNS use an untrusted SSL certificate" is another completely misleading statement. It is also common for a company to set-up systems and services intended for their own people (and in some cases their clients) using an internally maintained certificate authority. This lets them improve security (by not trusting the practices of 3rd party CAs) while potentially saving money by not having to pay for 3rd party signed certificates. It can also greatly simplify their IT administration in managing end-user (and device) certificates since they won't have to deal with those 3rd parties at renewal time.
"A similar 74 per cent of certificates have an insecure SHA-1 signature, while five per cent make use of even older MD5 technology. By 1 January 2017". Seriously? The vendors of the VPN appliance and even the article itself say they are only starting to roll out change to remove support for SHA-1. That's pretty clearly an indication that corporations have an entire year to make their own changes. In other words we are still in the transition period away from SHA-1.
By the time we get down the list to things that might actually be real findings, the article has completely thrown the reliability of the "research" into question. "One in 10 of SSL VPN servers that rely on OpenSSL (e.g. Fortinet), are still vulnerable to Heartbleed." is actually something companies should be worried about, but as someone who works in the field, I'm surprised it's that low.
> Who vetted the "subset of Microsoft employees"?
> Who is the privacy governance team and who vetted them?
Hey, I work in that part of the IT industry (not for Microsoft). I'm what's called an "external auditor". So, to answer your questions...
The Microsoft executive team should have created a policy specific for the subset of Microsoft employees. the policy should cover, at a minimum, what roles within the organization constitute that subset, and some form of vetting. Vetting would generally involve the sort of background check one expects when one applies for any IT job and possibly a few more. Background checks, such as verifying references, employment history, financial/credit checks, and criminal background checks, are generally the ones used. Most companies only do this as part of the hiring process, although a few industries (such as audit and finance) perform these checks periodically on existing staff (generally annually).
The privacy and governance team are most likely responsible for monitoring the systems and activity to ensure that it follows Microsoft's policy regarding this data. Similar to an audit but generally less intrusive and more cooperative with the people who actually have access to the data. In a large organization, like Microsoft, the governance team is usually in a separate reporting structure from the teams that they monitoring (often reporting up to a CTO or even the CEO directly).
Just how much did Microsoft pay El Reg to write this article? The privacy concerns of Windows 10 are so watered down it is absurd.
Windows 10, even in basic mode IS spying. Don't believe me: go do a search about how much the FBI and CIA love the metadata of internet traffic. And what you bothered to list in this joke of an article goes way beyond what is available from metadata of Internet traffic.
Way *WAY* back in 2002, when Windows XP was grinding desktops to a halt (mostly due to inadequate GPUs that were advertised as "XP Ready" somewhat like the more recent Vista mess), I abandoned my Window system and switched to an Apple iMac. Now Apple has started putting crappy "features" in OS X and I've been considering going back to Windows.
I had a serious look at it, even driving the guy at Bestbuy nuts with spending considerable time on the in-store demo machine. Maybe I'm not "normal" but I really don't understand why anyone would want to limit their desktop (27 inches in my case) to one application on-screen at a time. Even the "sidebar" option that seams to allow only a peek at one other application (and a limitted selection at that).
Much lower down on my list of "why did they do that" type questions, why is everyone (Apple is doing this too) making the UI so flat? It's reminding me of Windows 2.0 only with a few more colors to choose from. Will we be going back to a command line interface for Windows 9?
Davecrave said:
> 3) Since the refresh cycle of DVD players, TVs, consoles, etc., is quite low, you would have
> a converged remote for years before you would have the devices that converged to it.
> Inertia now solves your problem for you, ensuring that it never starts in the first place.
Years? Try decades. The only reason I don't have my first CD player anymore is I gave it away after I got a 200 disc player. Had the first one about 8 years and the 200 disc device is pushing 10. The only reason I got rid of my DVD player is that I got a blueray player and needed the space. Head over to my parents place and the 32 inch tube TV from the 80's is still going strong.
New is not often better when you buy quality to begin with.
Look at the trends of late... Netbooks came out to give us cheap and light laptops with a long battery life because technology progressed to the point where you don't need the high-end desktop processor to do daily tasks.
Then tablets came out because super-cheap phone CPUs had progressed to the point where you could do most of those daily tasks but you really needed a bigger screen. These have largely replaced the netbook market.
The laptop folks took what they learned from the netbooks and gave us full powered light and powerful laptops in the form of the ultrabook. A portable that can handle more than those daily tasks at a reasonable price.
Newer generation high-end tablets are now trying to rival the ultrabooks for power. What they lack is an operating system that can handle the more open access needed to run the higher end, more complicated applications. This is what Microsoft tried to do.
That next step, which we are starting to see in "convertibles" where the ultrabook gets a detachable screen, or the tablet gets an attachable keyboard is the next logical step. But... if it uses the current incarnation of phone/tablet operating systems, it will be too crippled and fail. On the other hand, if it uses the current incarnation of desktop operating systems, it will be a horrible user experience and very awkward to use (the desktop relies on the use of keyboard and mouse).
Microsoft is trying to find that fusion of fully usable operating system and new user interface that works both for touch on a small screen and keyboard/mouse on a large screen. Nobody else has put anything like it out in the mainstream yet. They are building the future and in a few more iterations, I expect we will see something that does work for both.
I've used Metro (or whatever it's called now) and I don't like it. I've used Android and I don't like it either. I've used Apple's iOS (and Cisco's IOS but that's not really relevant here) and it is far too restrictive. I see the first steps towards the future in it.
Not "Always on, like your TiVo box? Like your NAS box? Your Nexus 4? iPad? DVD Player? Kindle? Even your Xbox 360 (how the hell do you think it turns on via the controller?)" BUT Always connected to the Internet to perform DRM and probably activity monitoring and other such things of concern to privacy advocates.
> “USBs report themselves as fixed disk,” Niehaus told the crowd in his session, and therefore cannot be
> partitioned. Microsoft has therefore had to work with third parties to create devices capable of making
> Windows to Go a goer. Super Talent and Kingston Technology have created such devices.
I've been putting multiple partitions on USB attached media (flash and spinning disk) for at least 10 years. When did they stop letting me partition my USB attached media?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
