Posts by a_yank_lurker 4138 publicly visible posts • joined 16 Nov 2013
At some point the only way security is take seriously is when a major corporation has to pay a rather large sum that is many times what would have cost to do it right the first time.
Target may be able to fend off the card holders and other assorted small fry but major banks is whole new league.
Let's look at other media. Print ads are easy to ignore and most readers basically ignore them. They are rather ineffective if the reader can not remember the ad. TV/Radio ads are basically a good time to take care of the #2 business,raid the fridge, or channel surf. Many ads are never seen rendering them totally ineffective. So what is the issue with an ad blocker, again?. Ads one never notices, sees, or hears are totally ineffective no matter what the media.
The whole fiasco is totally unacceptable on MS' part. This will force some to take a strong stand and ditch Windows altogether. The tech savvy will mostly move to Linux while the masses will eventually migrate to something. Apple and Google are improvements here.
The only kit I have is a couple of laptops which might become Linux Mint only boxes in a few weeks. They are currently dual booting various non W10 and Mint.
A couple of good Linux alternatives Ubuntu (turn off Amazon searching), Linux Mint, Zorin, openSUSE, Mageia are viable alternatives. You can get a live disk of each to try it out and install from. No nagware, updates regularly come but are installed with YOUR permission. No 50 page shyster manual to agree to.
The real issue is the an iron of bureaucracies (I think Pournelle) which is bureaucracies look for "problems" to expand their power. It is not that the problem could occur, if one is willing to risk borking a router or two, but that most are not going to sideload an update of this nature. The FCC has found what is likely a very minor problem mostly affecting probably a few dozen idiots and has made it a "major" issue to justify their power grab.
The normal update pattern is for the user or the device to contact the official source for an update and to install it. Official updates have been shaky at times (MS looking at you) and unofficial updates are definitely shady.
The proposed solution is in search of a problem that does not exist. Very few people have the technical knowledge to rewrite the firmware for a phone or router. Also, firmware updates to phones, routers, etc. can bork the device. Thus, almost all users should be updating the firmware with an official update from the vendor only. In fact most users probably will not update the
Yes, there is a potential problem.But the problem exists now and appears more theoretical than practical. As the "exploit" requires sideloading of a firmware patch onto a device that has a fairly narrow, specific purpose.
Economics, "The Dismal Science", has had a long recognized problems in idealizing information flow and human behavior. The first fails to recognize that information is not known instantly in any real system. Individuals know bits, often important to them, but not all relevant bits. One knows what is in the pantry and knows what they want but they do not the inventory at the store. Also, as evens occur people react with their best navel gaze of the future, which by definition is unknown.
If most educators in Blighty are anything like their US cousins I am not surprised at the failure. Most teachers do not understand computers and as a former instructor you can teach what you do not understand. Money for training for programming will not solve the more fundamental problem. scientific and technical illiteracy.
While the nominal market share is probably about right. there are probably three issues that make it misleading. First W10 was a "free" upgrade for many so the initial surge is likely to be higher with quicker tailing off. The initial surge is almost entirely MS users so MS is cannibalizing there own user base with only potential profits. Many have reported problems with the installs and have reported reverting back to W7/8/8.1. Thus there is some churning of the numbers. The industrial scale spying may force companies to carefully review their options in about 3 years. Many industries have rather strict data protection requirements that make W10 problematic. The initial surge is interesting but how long will it play out and will enterprise move to W10 are real questions.
The real issue is whether AP's brand was damaged by this action. Given the AP ability to screw up I doubt this will hold much water. Plus the attack was targeted to very specific person who was a suspect at the time not just to everyone. In fact the first I heard of this was this particular story though I am not surprised that it has been used.
As someone who has worked importing German goods into the US manufactured goods cost money and time to move from factory to store. It is roughly a month by ship from German port to US port. Secondly duties and freight are not necessarily trivial costs either. At some point the manufacturing costs will rise to a point when it is cheaper to move manufacturing back to the consuming country.
Also, do not underestimate the problems of managing a global workforce and contractors. Outsourcing is not a panacea nor is offshoring. Both have hidden risks from issues like difficulties in coordinating meetings, travel costs, cultural issues, and political stability in some countries.
It should also be noted that services like Facebook are completely voluntary. No account then there is no ability for data slurps. Data slurps with any OS is a concern. With mobile OSes I will tolerate some location tracking for apps to be useful. Also, phone locations need to be tracked by the carrier so calls can be properly routed. Not thrilled but tolerable. Desktop OSes, however, are generally used in fix, predictable locations (for laptops) and none of the key features depend on knowing the location of the device. The only information the OS provider really needs is crash reports/logs. W10 has an overly broad EULA that appears to be a blanket EULA for all MS services without explicitly identifying which parts apply to what services. For this MS aka HooverSoft/MicroSlurp deserve all the negative publicity and hammering they have gotten and more.
Agreed, I would also add almost all consumer oriented applications are mature products. There are very few if any features that a consumer would spend money to get the latest and greatest. This extends to OSes, the features I want are mostly kernel improvements such as the Linux 4.0 kernel hot updates. Even so, they are not something to make me go out a buy a new version to have. All the stuff MS is pushing on W10 is not really something that people are slobbering for.
Relatively old kit which runs the applications the consumer wants does not need to be replaced just because W10 has been released. Nor does anyone really need to upgrade to W10 for a fantastic new feature.
Moscow Times reported there is a complaint to the Russian government to declare W10 spyware. Now the Swiss are making noises to declare W10 spyware. I do not remember that within 1 month of release two governments beginning possible legal proceedings to ban any OS.
If this takes hold, many companies will not be able to install W10 legally. Multinationals could be asked to certify that they are using a currently supported OS and they are not using W10 by governments in order to do business with them. Now the only generally available OSes are there that are known not to spy on users are Linux and BSD distros.
Apple could easily change their license and code for OS X to be complaint if it is not already so (I have not checked their EULA); they are a hardware manufacturer. Advertising revenue from OS X is not as important, more like chocolate drizzled on desert.
The problem is not the database technology but knowing when one type is appropriate and it is not. Document NoSQL databases are best when the data is somewhat similar between each document. Relational are best when the data can be specified very well beforehand and are particularly valuable when ACID compliance is not optional.
The Windows Store, actually a very idea potentially, should be the only place the average user needs to go to get any applications for their PC or mobile device. The repository system in Linux works very well with the entire system being updated including applications in one go. It would help solve many of the security issues plaguing Windows.
I believe consumers are essentially lost to MS with tablets and smartphones being the devices of choice. MS is an enterprise oriented company and has been for years. There are enough people in most companies who are aware of the Linux and that many distros are easy to transition to. The only hold up will be specialized packages only available on Windows that keep some "loyal". Many are not actively researching their options yet - they just finished migrating from XP. Others are probably being quiet about it.
Plus many IT pros are strong FOSS advocates and Linux & BSD are FOSS OSes. We use MS because that is what we are given not by choice
"a backup system designed by a completely separate provider so that the same vulnerabilities cannot be exploited" - How many offices are MS (or more rarely Mac) mono-cultures? In ecology species diversity is one sign of a healthy ecosystem. If a company used a variety of OSes in all areas including Windows, various Linux distros from different families (Debian, Slackware, Ubuntu, Arch, Redhat, SUSE, etc.), Macs, etc. Attackers would be slowed down if not sometimes stopped because the each OS has different vulnerabilities and quirks. The only common vulnerabilities would be applications installed on all devices such as web browser.
I agree the process should be automated as much as possible. However, the article highlights security is often an eggshell with nothing behind the shell. Breach the shell or all already behind the shell (insider) you can do a tremendous amount of damage.
Security best practices include a layered defense with strict limits on user permissions including admins, user training, and white-hat attacks. Layered defense assumes the outer defenses will be breached and there are more defenses set up behind the crust. Standard military defense doctrine is "defense in depth". Users need training to identify phishing attacks - in person, phone, fax, and email - and how to respond. Also, they need training about basic physical and electronic security - do not assume they know. Irregular, unannounced white-hat attacks will help identify weaknesses to be fixed.
I understand that "fair pricing" would preclude differential pricing to different vendors under SEP scheme. Thus, along as everyone gets the same deal there is no advantage in the marketplace. MS seems to be complaining unfair practices for having to pay the according to the schedule. Rather ironic given MS' history of unethical business practices if not outright criminal behavior.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
