Posts by a_yank_lurker 4138 publicly visible posts • joined 16 Nov 2013
"Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide solutions via our current Update Tuesday schedule"
Slurp is doing the usual suspect buzzword bingo. How many layers of encryption are there in the quote? Now if the NSA would earns it keep.
A risk of being called a Luddite, what is the real value of IoT for most people? For most (other than the 3 people in world who need IoT) it seems to be a vanity issue not a necessity. I can only think of a handful of devices that need any access to the Internet for reasonable functionality: computers, smartphones, tablets, and e-readers are about it. Toasters, washers, microwaves, etc. work very well without any access now and will in the future.
While a win for the legal beagles, it is a hit on the balance sheet. Fiduciary trust and other legal responsibilities could leave individuals open also to lawsuits. The cautionary tale is do IT right or risk being raked over the coals like Target. I doubt ~300 M would be anywhere near the cost of doing IT right for a good 10 to 20 years.
Slurpping data and money both, what deal. Slurp needs Office36? to be a success. But who is its target market, not enterprise, SOHO and SMBs. Generally, a market that can mostly use a version about two or three releases back based on the features they need. Other than security updates, what is the killer feature this group needs? In fact I suspect most enterprise users would do quite well on the same versions.
Software subscriptions will force people to pick an choose which software they are willing shell out for every month. Many are not in the mode for Slurp to have a hand in their pockets. The return is too meager to justify the expense.
A classic move to hide financial problems in an area is how they are reported (legally). By not breaking out the info about the Cloud, etc. the consolidated financial statement can hide (legally) a lot of bad news without violating any regulations. As a former CEO, Ballmer is aware of these games and how they are played.
@Paul Crawford - I assume any box I do not either own, are not the sole user, or have sufficient knowledge about is its usage is suspect. Thus the only boxes I consider likely secure are my work laptop, my home computers, and smartphone. And these devices should be verified as needed for security and my smartphone is not used for online shopping or banking so there is very limited data exposure. Of the above devices only one is consistently used for shopping and banking.
So a friend's computers, cyber cafe computers, or library computers are not secure by default and must be proven secure before any of my passwords are entered on it.
By limiting the number of machines one uses for these activities one limits how many machines one must prove secure.
It is the AUR repositories. I suspect there are very, very, very few Linux users with 32 bit boxes and Chromium is not affected. Chromium is the open source version. Plus other browsers use the same backend as Chrome.
In Winbloat land, how many boxes running 7 or later are running 32 bit OSes? It is probably a higher percentage but I suspect a definite minority. XP and older are likely to be 32 bit only.
Two issues, too many US patents are invalid particularly software patents and the 9 Seniles have not bothered to hammer the low courts for their failure to do their judicial duties. Also, loser pays would help, one big loss by troll and they are done.
The basic problem with intelligence intercepts is how to use them without alerting the targets how you know. Fortunately for the spooks there is usually enough noise in the system for them to hide behind.
Another problem, often overlooked, is intelligence intercepts are often incomplete in some critical manner. In the movie "Tora, Tora, Tora", US cryptographers had deduced accurately the Japanese were going to attack the US. But the decrypts of foreign ministry communications did not include military details about timing and location of the attacks. The problem the interpreters had was who were the initial targets and when were they going to be hit. This was actual historical problem, the US know something big was going down but did not know when and where.
In WWII, the Admiralty Submarine Tracking Room used Enigma decrypts, traffic analysis, and shrewd guessing to anticipate the German moves in the Atlantic. The primary interpreter called his analysis "working fiction" because of the varying degree of guessing involved. Often it was shred guessing that was important. Enigma decrypts were erratic through WWII, with the Germans regularly changing the settings, number rotors, etc.
Telegram sounds like a semi-secure app some intelligence agency would write and release through a front. Create enough buzz in the right circles to get it adopted by the targets and set back and read the supposedly secure messages. Now which set of spooks wrote this who did they share it with?
Probably many of us were not aware of the app's existence until very recently when apparently its cover was blown (deliberately?).
If the engineers are a sacrificial lambs for the US EPA, it will be shown by whether they are charged in a criminal suit. I suspect there was a bit of nod, nod, wink, wink for public consumption with VW paying a fine, officially firing a few people with the real issues being swept under the rug. I have suspicious of the whole affair, the US EPA is not known as a particularly competent, apolitical, scientifically meticulous agency.
@RobHib - Slurp also got lucky that major competitors in the late 80's and early 90's almost uniformly were run by the dimmest of PHBs. Linux is a usable form (for average users) did not exist at that time. OS/2 was an IBM fiasco that the average PHB would not make. Slurp was able to capture most of the OS market by various means some rather illegal at that time.
Slurp has had a good 20 year run but the market shifted. Other products and players are entering that challenge them. Unix, BSD, and Linux in various guises are commonly used by the average user today even if the user is unaware of the fact. Users seem to be more adaptable than Slurp expected using none Winbloat OSes on many devices without any problems. What is holding most users back on the desktop is a lack of awareness of their options and the fact that most home users do not really need any Slurp products including Office. Except for some highly specialized Winbloat applications there functional equivalents to all the common applications including online services.
@Patpy - The best way to avoid leaking data is not to collect any more than you absolutely need. This is the first rule of operational security. No one can leak what they do not have or know. With data collection the same rule applies, what you do not need do not collect. If one does not have it, a hack on you will never expose it, you never had it.
Slurp (and others) fail to grasp that the best security policy for them is not protecting what you collect but what you do not collect from the start. The less one collects, the less one must secure. At most the OS or application vendor needs crash dumps to understand why a crash occurred.
However the complaints against Slurp is they are resetting user settings, deleting programs, and generally harassing users with W10. User alienation is their biggest risk with these tactics.
Slurp is heading into shoals they should avoid. Resetting user choices, removing software, and other mucking about when "updating" leaves a foul taste. I know people who are planning to move to another OS because of these actions - customers Slurp has permanently lost. Many are not geeks but have heard from their informal IT department the Slurp is jumped the shark with W10 and are listening.
Right now the migration is taking two forms: refusal to upgrade to W10 or switching to another OS. The first is subtly damaging. These users will not be upgrading to W10 but will not show up as a lost customer until later - the W10 kit they never bought. The second, more vocal and less numerous, are setting the stage for the first. The second is actively gaining experience with something else (Linux or OSX). As they learn that the transition is overall pretty easy, the biggest issue is application substitution (LibreOffice for MS Office, etc), they can help the first make a reasonable choice when they ditch Bloat.
The one market where Slurp will hold onto for the near future is enterprise installations. Enterprise users, however, prize stability and consistency over featuritis. W10 suffers from a fatal case of featuritis.
@AC - Having installed many versions of Windows and Linux, I detest installing Winbloat. Installing the base Winbloat is fairly easy but it is all the extra stuff one must do to have a usable system that is time consuming. Depending on what has to be done, it is an easy afternoon job (4 -6 hrs). With most Linux distros, the install of a usable system is about 30 minutes with maybe an 15 - 30 minutes of customizing to do. One is a weekend project and the other is doable in an evening.
@busycoder99 - My take on Slurp's future is more like IBM or possibly Digital. Both were extremely dominant in the 80's into the early 90's and lost their mojo very quickly. IBM is shell of what it used to be and now just another player in the IT market. Digital floundered so badly they were bought by Compaq now part of HP. Both looked invincible back in the day and now one is a rather pedestrian large company and the other does not exist. Both made critical blunders about the future of the market and failed to adjust.
If Slurp's management has a enough grey matter between them they should probably concentrate on the enterprise market and yield the consumer and small business market to others. They should provide versions of all their applications for Mac, ChromeOS, Linux, etc. not just for Winbloat.
@Charles Manning - Two issues have stalled Windows growth. First they misread the mobile market and continue to do so. Second the basic PC market has matured to the point that most replace the OS when they replace hardware. Misunderstanding the mobile market is about a scaled up cellphone not a scaled down laptop explains how many botched the market. Most smartphone users use apps as conveniences to basic phone functions - phone calls and texts. The PC market is a mature market which means most sales any given year are replacement for worn out kit. As the kit lasts longer the replacement cycles stretch out.. Also some have found replacing Winbloat on older kit with lighter Linux distro has rejuvenated aging hardware and made usable again.
@fung0 - Slurp's real stupidity is to move Windows away from a scheduled release model to rolling release model. Even the best rolling release distros are known to be fussier to maintain and will require more user expertise when the inevitable flakiness occurs. It is mostly minor stuff but it is stuff well beyond the skills of most users to cope with. When W10 hits mostly average users the howling will really begin. There will be many very frustrated, angry users and their informal IT department will not be very pleased either. Given most users do not do much more than email, shopping, surfing, Facebook, and the like they do not need a specific OS. They a stable OS with a well behaved browser with a few goodies to view photos, watch videos, and listen to music. All stuff OSX and Linux distros do very nicely.
@Ben Tasker - "legal structure in place dictating at what point" is the key point. There is an agreed upon system of assigning points and when one has "won" the lose your license lottery for moving violations. The "Six-Strikes" is not legislated but an agreement between ISPs and various semi-criminal organizations to avoid constant litigation.
Thus, until America's Native Criminal Class (Mark Twain) decides to enact such a scheme for copyright infringement the judge is not more than a prima facia example of a shyster.
@Ole Juul - Having lived in rural Ohio many years ago, I can understand the issues you are referring to. All communication services will have a history of spottiness and so one has to make the best choice between bad, worse, and worst. The only idiot is someone who refuses to acknowledge that not everyone lives in a major city with all the amenities. I do not know what is the best solution for parts of rural Canada for someone living there other than if you are lucky you might have marginally functional as option - some parts of Canada are awfully remote.
It really depends on how many sites are taken out and how easy they are to repair as to how long a blackout would last. From what I hear, replacing a SCADA system might be easier and faster than some of the transformers in some substations. I see people quote a lead time of about 18 - 24 months for transformer delivery - I do not know if the sources knew what they were talking about.
The real vulnerability over here is not taking some SCADA but there are many transmission lines and substations out in the boonies. If there is any security beyond a fence (mostly to keep finger gepokers out) it would be a camera feeding back to a control station may be an hour or so away. Take a few these out and watch the chaos. Some dynamite or C4 would do the job quite well.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
