Intel buys McAfee....
We will bake security right in to the processors... McAfee style.... Intel sells McAfee, Intel fails miserably to make anything secure baked in or otherwise.
So many holes, so much patching.
452 publicly visible posts • joined 13 Jul 2017
If all those companies that include FOSS, like log4J, in their products, where suddenly held accountable for the security of said software, they would then need to provide funds to support said FOSS and get it certificated.
Yes I get complete solutions such as Gimp or Libra Office may struggle, but this would only be in the corporate space where usage is limited anyway.
Instead of thinking this is a bad thing, think of it as an opportunity to get those that have been living off the back of FOSS to actually contribute to the security and support of the product.
Have two or three of those conversation every week. Oh for handy ceiling mounted projector.
Other bug bear is the amount of PowerPoint presentations I watch where the presenter (sometimes also known as the Communications director) does not know there is a presentation mode (its the one with out the slide thumbnails listed down the left hand side of screen and does not have a toolbar), shows it in notes mode or only has one slide, which is better than 24 slide, each of which has the text of the presentation on it , which the presenter then reads at half the speed I do.......
Why do so many people that hate Microsoft use their software?
I get at work you have no option but for home use?
Please jump ship to Mac (then you can complain about Apple) or Linux so you gloat about how you made the change and never looked back/FOSS is just as good as that MS BS software etc or just do the rest of us a favour and never read any post on The Register about MS or its software. (feel free to complain about Oracle, Google, BT/Openreach etc even if you never use thier services)
agree with this, reviews for tech should clearly state warranty, firmware/os and any other support. plus a company should have a start rating for previous activity or poor support.
Unfortunately I fear reviewers would scared they would have to by stuff and also be sued for defamation even if they would win.
99% of review on the web are paid for promotions, not always obvious when reviewers start with company X sent over this for us.
Most warranties are in the 100,000 miles OR 5 years.
This will include software, so you should assume that a cars software will no longer be updated after 5 years. Again it may if the unit is still in production but given the development and the fact you often see old car service computers running windows XP or even 98 i doubt very much that car companies will see the need.
This is one of the things that really needs to change, cars now days last 20-30 years quite easily, if car companies do not want to support thing (especially security fixes) then they should release the source code and provide ways to update for home users.
It interesting that many of the early Apps did not have the ability to disconnect or wipe a user account so the previous user could actually control the car, even now it has become a convoluted route to get this done if you buy on the second-hand market.
Also note this applies to service items that are listed the lifetime of the car, (like gearbox oil), the lifetime is 100,000 miles not the actual lifetime the car is used.
Basically all car companies care nothing about their old cars, once you no longer use their network for servicing etc.
Android had 50 flaws that needed patching. I assume this does not include all the unsupported versions of Android still out there on half the 5 bazillion Android devices, also may take a while for you OEM/Vendor to release said patches, creating a small window of opportunity.
Adobe has just 6 or 7 apps and still managed 29 flaws patched.
Makes MS's 96 across it's OS and much larger range of applications seem quite reasonable.
"I believe a fair bit of the blame can be laid at the feet of developers, but this sort of thing may not be part of their core competency"
never was truer word said.
Security needs to be a core competency, but interviews for high skill jobs are just a self fulfilling prophecy in that you get you developer to interview the next developer and so on, and if that skill set or you SecOps/InfoSec dude is not on the interview panel it is unlikely any security competency questions will be asked, but then how many Info sec people understand programming enough to be able to ask relevant questions? "this sort of thing may not be part of their core competency"
only flaw in that plan is the overpaid train drivers are on strike again, clippy when are you going to do self driving trains everywhere like they have in dockland in the 1980s surely that would so much easier and cheaper to run train lines and reduce fares for the poor commuters and make haulage by train cheaper and better too.
"entry-level engineers with up to two years of experience"
Could some explain what these mythical engineers are engineering?
No where in this piece does it say. Are they software/hardware/Data/application/OS or some other type of engineer that thinks a slide rule is for measuring slides?
This is just a clickbait story with big numbers and no real context or content.
BT offered to fibre up the country if they could sell services back when Cable TV became a thing (90s?), however the Thatcher Government of the time wanted the fledgling cable companies to get started to create competition, so it has taken 30 years for the country to start getting fibre and all those cable TV companies are now called Virgin and it still only cover about 10% of the country.
This is what happens when governments interfere with markets and artificially create competition.
Also are al those small companies obliged to allow other companies to resell internet on their fibre?
I have never lived anywhere where I had a choice for internet, be that LLU or different wires/cable. It has always been BT/Openreach and the speed/service is always been the same whoever was (re)selling it to me.
On some new housing estates near me they have HyperOptic because BT was taking forever to get anything other than ADSL set up. No one else is doing anything to get my money so it is OR i am with.
All the small companies had their chance to be nimble, get in to all the new housing estates being built, target areas where ADSL or FTTC is appalling poor, I had 13/0.5Mb on FTTC and latency that went as high as 3000ms regularly due distance and old cables, the first company to lay fibre to my door got my money, that was OR, so frankly those small companies have missed the boat that was docked, waiting for them for 30 years.
Now we are no longer part of the EU thanks to Brexit can some one in the UK actually sue Meta on the same basis given that GDPR rules are exactly the same here still?
Just to give their lawyers something else to think about and I am sure the treasury can find something useful to do with £350M since we seem to have lost that down the back of the sofa since Brexit.
One of DDGs main sources of information is Bing.
I would suggest that any search engine is better than Google, but may not return the same results as Google which may not be a bad thing.
I have never actually heard why people think Bing is a bad search engine, just too easy to slate it I guess. I wonder if Google will held similarly when people finally get board with it?
Advertising pays for all the free internet, the only other option is paywalls.
Life is sad, the end is nigh and Putin has the Nuclear option so enjoy what you do and don't worry the pain will be over soon.
American based companies treating the rest of the world the same as America?
My, what wishful thinking that is, most US companies can't even get it in their heads that 95% of the world's population do not use their messed up date format and have the decency to put the month as word rather numbers. But we (RoW) are not important to US based companies, we are there just cash cows to them as we have no bite, not even the EU could get Mark Z over to explain stuff, the UK would have no hope of imposing anything on the likes of FB, Google or MS.
There are many alternatives, take your pick and bet the company on it, MS by no means has any kind of monopoly on DB software and as for licence agreements you should read Oracle, one DB, licence every VMware host in your whole Enterprise just in case you move it, SQL is quite nice by comparison, and there is a lot free ones as well.
Personally I don't moan about Rolls Royce prices as i can't afford them, so I buy something that fits my budget and doesn't have Google or Apple built in tracking and listening to me wherever I go, but that is my choice.
Speaking of forcing a browser on users are you complete unaware of Google's tactics o break Microsoft's hold on the Browser and Phone OS market by using MS's own tactics against them and a few extra like bundling in as default install with just about every bit of software it could and making sure only its browser worked with its websites and services?
All the large Tech companies need a dose of anti-trust as they are all too big and too controlling, killing competition.
Ahh.. Optane, saviour of the universe....
Intel over hyped, delayed delivery, then under delivered and over priced.
They got away with it on their CPUs for years as no competition, but in the storage space there was always more agile faster developing competitors with cheaper solutions.
Intel has done the same with GPUs, though their pricing is better, just delivered 12 months too late.
They should licence the tech and see what other can do with it as it is basically a good product, just needs a better company to develop it.
If Arm where to choose to change its licensing model in 3 years time, what relevance does that have on whether they or Qualcomm have broken the existing licencing agreement or not?
It is all typical smoke and mirrors in a US courtroom to distract the court from what is in front of them, which is a simple contract dispute.
Is this a vector for attack or is it just a bunch of FUD (its a binary answer)
Does it need to be looked at by those that manage these things (again, a binary answer)
Is the proposed solution the best on offer (again, a binary answer)
Are there other solutions, such as do we need a Open Source UEFI thingy (here we go analogue and open up the debate)
This is what open mind means, review all data from whatever source and come to a conclusion on the best course of action to address an issue if it actually exists.
Responding "the guy is a dick head Microsoft nut case therefore nothing needs to be done" is just head in the sand, going get rammed in the arse type mentality.
Someone points out what they perceive to be a weakness in the boot process of Linux, offers up some suggestions on fixing it and all Linux people can focus on is that Microsoft are trying to take over the world (Google already have that covered) and destroy Linux.
Would seem to me that the noisy minority that advocate Linux seem to be doing a great job of turning people off the OS with their rude and condescending attitudes.
Open Source obviously doesn't always mean open minds.
Its highly unlikely these are updated at all and also the software is likely too old to be run on newer hardware or OS, this is why there is loads of old kit running out of date versions of Windows such as NT up to windows 7.
I have seen modern ships being built with Windows 7 logon screens in the background, even in the control centre of the new Elizabeth line in London I saw a Windows 7 logon screen, probably running some signaling software or some such.
None of this stuff is designed to be upgraded and so never does get upgraded.
It is time the likes of Linux just supported only recent architectures, if you were writing an OS now you would not be supporting any 32 bit or early code and definitly not old hardware so why do it in a current OS.
Linus is definitely right on this one and should go even further I would say.
Ah the joys of Licensing.
The licensee will rarely win as they didn't right or read the EULA and these things are never favourable to commonsense. Qualcomm has gotten very rich of using ARM IP. It could always design its own chips r move to RISC-v or some other IP, but i dare say that would be a tad difficult and very expensive, more than ARM licence fees.
Whilst I agree MS is busy shooting itself in the foot and leaving the door wide open for Linux, I feel that the Linux ecosystem is not joined up enough, cohesive enough and way to splintered to actually take advantage, Debian has been a mainstay of stability upon which the likes of Ubuntu have built a good ecosystem but your still have differences of opinion about the direction even Debian should take let alone the rest of the distros that can't even decide which desktop to use, why would anyone "buy into" something that even the providers can not agree upon ro may not even be around in a year or two let alone get any security fixes?
Linux is not ever going to the future of the masses as it is built by geeks for geeks, not for their parents and grand parents.
The future in the consumer market will be fought over by Apple MacOS/IOS (if it can be bothered) and Google Chrome/Android.
In the business market there too much other stuff going on for the next 10 year (some minor security stuff, move to cloud and many outer TLAs that may o may not yet be around to worry about moving its user base wholesale over to a new desktop OS (+cost for qualified device replacement) when they need to have training because someone changed the layout of a menu. If it were to jump many woudl go for Apple and MacOS rather than Linux and we could just end up with the same situation (and Companies) we have in the phone market.
Current Arc is a first Gen get it out the door model. in that light it is a good starter for 10, Intel will iterate and get better quickly.
Nivida seems to have missed a few pointers. They are competing with consoles that cost about $400 all in, why would spend $900 on just a graphics card and then all the supporting hardware? only people that can afford these things are overpaid or Youtubers who get them for free.
PC shipments are starting to tank and there is no Crypto mining to support card shipments, Nvidia also have a massive surplus stock of the last model left to shift. Nvidia's answer to raise prices even further on the new model to help support the prices of the old model, but each sale of a 3000 is someone not buying the newer model. They are also cheating/lying on model names so they can again overcharge.
This started with the 2000 models that were around 20% over priced continued with the 3000 which was supported by excess demand and is now just running out of control.
Along with the excessive power requirements (add a new $300 PSU) and the loss of FVGA highlighting their poor partner practices, it feels like Nvidia's house of cards is teetering towards collapse in a perfect storm. Just needs AMD to come in low and hard for knock out blow.
Maybe ARM will buy Nvidia.......
C-level execs reading licencing terms, seems a tad improbable to me. Most Licencing managers don't read them as they are too impenetrable and convoluted and most have terminology that means something different to what you understand. What is even worse if you ask a software vendor if something is allowed they will say read the licence, its like they don't even understand their own licencing or at least not confident they wouldn't tell you something untrue.
Then there is those that get with decent simple licencing and then once you are locked in change the terms to be more favourable to them.
It is also support contracts for software that is Open source, Red Hat is not particularly nice.
Then there is anything owned by Oracle like Java, you have licenced this in your environment as it came bundled in with some other software you bought and some dev thought it was free.
Might just be me but "a Fargo attack starts with the SQL Server process on a compromised machine being used to download a .net file via the cmd.exe and powershell.exe consoles" would seem to indicate that the best course of action is to not allow your SQL servers access to anything on the internet.
I am sure someone will point me to a valid reason but personally I am at a loss.
Its not just OSes, Google pushes Chrome via is plethora of Web services such as Googlemail and Youtube.
It implores you to install it for a better experience, whilst also degrading performance or even breaking the service for any browser that wasn't Chrome, this is one of the reasons Microsoft gave up on its own engine and joined the Chormalikes.
The attitude of some of the posters herein is exactly the reason why Linux will never be suitable as an OS for all, as newbies are often met by this sort of attitude when trying to find information.
People range from "plain stupid" through "ambivalent" to "know enough to be dangerous" and then on up to the posters levels of skill, caring and knowledge.
Unfortunately 90% of the world falls in to the first three categories and these people need to be protected from themselves, saying stupid people get what they deserve is at best condescending and shameful and at worst sneering and smug, it helps no one.
Every compromised device has the potential to be used against you and the services you use to destroy your life or business, it is us against them why do we fight so much amongst ourselves?
Will you still say they are stupid when your lights go out, bank collapses or the hospital is closed just when you need it because you were busy being smug?
For those that hate Windows, its updates and MS generally stop using it and move to MacOS, find a Linux Distro that works for you or even sell your soul to ChromeOS.
Then you can feel smug about your choice as you have done something positive and you can get on with your life and manually patch when ever you feel like it if you even think it is a requirement.
Be happy that at least on PCs you have several choices that can fit any pocket and any personal security requirements you may have unlike mobile phones.
While this a good thing as an aim, it will fail as it does not address the many issues with software development.
First you attest your software is developed with CIST, what about all the libraries and bits and bobs you have half inched from the FOSS world? Do you have to attest to them (Log4J anyone?).
Does this mean the project will be twice as long as we re-invent the wheel to ensure code security and can attest its security?
How long will that last when all these projects start to fail because of cost and time overruns so they stay where we are on 20 year old software code as it is too difficult to move on?
Whilst all FOSS is created equal, they do not evolve equally, something to bear in mind when you bet your company on it for those technical reasons the boss/bill payer will never understand but will still support because he pays you so much money you must know what you are talking about.
Having made a punt on some software only to see it stagnate and finding migration to a different product convoluted at best or impossible at worst, I know these decisions can bite you hard down the road as you struggle support an old out of date and hopeless product.
Anyone that has had to manage backups, archiving or financial software or email systems will know that your are effectively stuck once you make a choice, how many people will move away from SAP gouges its customers again? These things are never easy or simple or cheap to move away from.
I think you'll find that Chromium is not as Googleless as you would hope, I seem to remember Microsoft had to untangle 30 odd Google services that were hard coded in to the browser and replace them with their own, I am sure the smaller browsers such as Brave and Vivaldi leave most of those in as they have no alternative, so any Chromium browser is likely going to be talking back to Google in some form.
"it can harvest all kinds of sensitive data about you from these pages as you visit them"
This line made me laugh, Google worrying about something harvesting user data for reasons, not like they haven't been doing that for the last 20 years.
i don't think the client devices (including phones and MacOS and other OSes) will be as badly affected as the servers, these may have transactional time stamps that may have legal consequences if they are incorrect.
And don't forget all those IoT devices that may end doing weird stuff on not sending their spy data off to Samsung correctly, god it could be really bad.
Yeap, absolutely.....er how do you do that, is that on Linux only or do I need to do something on my third party software? Sorry to be pandantic but you know, my life is complicated and i have 1000 servers, 7 different OSes and 300 different applications, which ones use that thing and how would I know?
Open source, lets rely on a bunch of developers who's focus is delivering an end product, to secure every step in the development process on every open source project correctly.
People wonder why I feel embracing open source software will bite you in the bum eventually.
Unfortunately, its not like you have a choice these days, I refer you to Log4j amongst many others that are bundled in and hidden away.
Normally when you tick a box that makes something go away it disappears, but not in MS start menu, you can turn off recommendations but you still have the word Recommendations and the some text explaining you can add it back, taking up a third of the start menu for no benefit.
They just don't get I want gone to mean gone, not hanging round like a bad smell to remind you they know better. They whole thing is a mistake like windows 8 and should be backed out.
The central position is useful if you have an Ultrawide screen but not so useful for the other 99% of Windows users.
And why is there no real customisation and removing basic functionality like having the tool bar where you like? It all feels half finished.
Feedback seems to work about as well as complaining to BT.
Whilst you are correct from answering the question, you miss the point.
Why ask a question about something that 95% of your customer base has no access to, without giving them the option of indicating that?
The questions and answers were framed in such a way that it was assumed you had access to it but chosen not to use it or had experienced it.
A questionnaire should allow for those who have no access to the feature to answer accordingly or your results would be inaccurate.
It is a common mistake on surveys where the questions and answers dictate the results without allowing the truth to come through.
There is a big different between 1% of respondents had tried it and 20% of those that had the feature available had tried it.
Received a "how do like Windows 11" survey, one of the questions was what i thought of Android on Windows, unfortunately there was no option for Don't get it.
Thing about Americans is they don't realise they are only 4% of the world's population and yet they thing they are 90%.
I guess self importance counts for a lot
"our systems can now understand the notion of consensus, which is when multiple high-quality sources on the web all agree on the same fact"
would it not be better to just give Wikipedia a large wedge of loose change and just use them for all factual questions? Would actually mean Google doing something useful for the rest of humanity (ie all non share holders or the other 7billion people in the world.
...because the House Of Commons is such a good model on how to do things properly and clearly giving the general populous more say on employing more self gratifying idiots with their empty promises that evaporate upon election and swinging constantly between two opposing ideologies that between them have consistantly broken this country, well we can all see how that ends.
Democracy only works when you have no group/party with overall control (Germany) so progress is by consensus, one party with control forever (Japan) so long term planning can happen or the ideologies are not really that different. Countries doing well for long periods is generally despite the politicians (US) rather then because of them.
On topic. GDPR despite all is actual a pretty good bit of law, why not just copy it?
All the tech giants understand it so would be easy to implement for India. I am pretty certain Laws are not subject to copyright or plagiarism and by rewriting to be specific to India would be easier than reinventing the wheel, unless of course the Indian government had aspirations to steal their peoples data for their own benefit.....
The flaw in your statement here is that the assertion that the OS would not take advantage of the hardware, in reality i would suggest that the hardware has been designed to maximise the performance of the OS which is where the benefit comes from owning both and not something Intel or AMD would do for any OS even Windows.
With Apples M chips there will always be performance gains to be had but they may need some fundamental changes to the kernel to enable maximum use of the the specific functionality which can cause bloat or impact other hardware implementations and may not even be of value or use to most users, a bit like Intel's AVX-512 extensions that are great in very limited scenarios so is it worth making the changes to use them?
There are a number of things here.
It was developed by Intel, they have not got a clue how to talk to people, so they dumb stuff down and sell Optane as hard disk replacement (this is the first time I have seen a proper explanation of what was intended). They over promise (I remember 1000x faster that current disks). They develop stuff so slowly (discrete graphics cards anyone) they get bypassed by more mature technology by the time they get it to market (NAND just got faster and cheaper, they just had an SSD that had no USP) and the DIMM stuff just didn't turn up any time soon, was almost as expensive as RAM (which keeps dropping in price) and only ones that could afford it were enterprise and they didn't see the benefit of persistent middle tier storage that complicated things as servers are always on. They were the only ones selling it.
If they could have been at least price competitive with or at least 5x faster that NAND then they may have been able to make a case for it, or licenced it out to HP on the cheap to develop systems to support it say alongside SAP or some of those big Oak ridge super computers, no wait they screwed that relationship with Itanium another good idea looking for a problem to solve.
No one else concerned that one of the most widely used SSH tools was hosted on such an elderly beast of a system? One would worry about the security of such an installation.
It is also a good example of just because you can doesn't mean you should.
I appreciate some people get attached to things like vintage cars, but they generally don't use them as daily drivers even if they have been patched and modified, migrating to some new hardware or virtual environment and fresh install of an up to date OS would seem the most prudent way forward.
Used NFS once because I needed a target for a bit of dumb kit that would only backup its config to an NFS share. Simple to set up and do and worked. I then uninstall the feature form the server and never used it again. Anything worth using will support FTP if nothing else so we just use that and TFTP for these sorts of things.
If you don't install the feature you won't see the problem, however it is a timely reminder that you should always patch your system after installing any feature.
And just for balance, Samba has had its fair share of woes over the years and can be a real pain to implement on some Nix a like systems and for that reason we just use FTP for file transfers.
For most moving off of VMware to anything other than cloud based hosting would be very difficult due to the number of systems that integrate in such as Backups, which those of us that actually do manage this stuff have to maintain. Bear in mind that if you keep your backups for any length of time, such years, you will need to maintain a recovery environment, personally we only keep 3 months so not the end of the world but would need to find a product comparable to Veeam for any of these solutions.
Also we are using HCI with VSAN so no separate storage, we would therefore need to set up all that stuff as well, would be expensive, as you don't mention anything that is comparable in this gloss over. We also use NSX and virtual networking is also not mentioned so may be addition cost add on and complexity to move.
Hyper-v is free for most people as they probably already have per core Datacenter licences on their hosts for Windows, unless you are heavy in to Linux guests then this is probably the way most would go.
Having spent almost a year migrating 500 servers from an NSX-v platform to an NSX-t one and juggling the business requirements, other projects' needs and down time etc on what was relatively simple process, moving to another completely different platform would not be joyful or quick experience.
To me this is a case of Broadcom buying something at the peak of its value, most people in medium to large sized businesses are moving to hybrid hosting ahead of a move to cloud, solutions that offer this as a reasonable simple migration path are going to be the winners especially as hardware starts to get replaced and if Broadcom do a Broadcom and stuff it up, Microsofts Azure Stack HCI seems to offer this kind of path so would be a likely first choice for many even if like most Register readers you hate Microsoft they may just have the smoothest path when you have to deal with all those technology people that are not technology people in the business.
The reason we have a monarchy is Boris Johnson and all the other career politicians that would be awful as president.
I can't think of one Prime minister we have ever had that would have been a good President.They are all a choice between pointless or megalomaniac.
We have survived as country despite our politicians causing us to lurch from one crisis to another as we flip between two opposing ideologies and from one bunch of self serving muppets to another due to the archaic way we choose our parliament which only topped by the Murkans idiotic collage system.
America does not seem to be a nice place to visit at the moment. They appear to be working through some issues, hopefully they will catch up with the rest of the planet in a few decades.
As for our government, which also appears to be working through its own issues, not least of which desperately seeking a partner to support us by agreeing to any stupid demand and not even thinking to make it reciprocal. Bunch of lame arse couch jockeys, not that any of the rest of them would be any better. Its about time we got rid of Career politicians, you get 2 terms and that is it, go and find a proper job.