> But the cloud doesn't help them, they still implement bad practices, just on cloud services.

Yes, but making sure that the web app that they're using, that has a dependency on log4j (Or whatever the next thing is that's got a bug in it is) is appropriately updated is no longer the customer's responsibility. So many organisations don't even get basic patching right.

> Soft on the inside is a fast path to disaster, but based on my experience with some teams dealing with cloud instances, the difference is now it's just soft everywhere.

Yep, and that's what why I said earlier about whether people have the money to implement appropriate security, also there's apathy (They don't care) or ignorance (They don't know that there's an issue, that it's a possibility, or that it should be done).

I'm not saying it's right, but if you see how ransomware attacks and other things are happening and what the security is within most organisations (Where they're not taking the most basic of security steps, like turning off macros and not using Acrobat / keeping it updated, or having open access to S3 buckets), then this becomes the general reality for the industry.

I also see use cases for some businesses being able to use the elastic nature of cloud to be able to do scale out for a couple of months of the year when they bring in a bunch of extra staff without having to own all the infrastructure the entire time.

Yes, and then you've got to manage that security risk of being exposed to the internet.

Cloud is convenience. One of the purposes of using SaaS is that your outsourcing the updating of the software to the vendor.

From a security perspective, nothing that you've said here seems to have any basis in reality for any company that I've known for the past 25 years.

Most smaller companies don't have the money to be able to do IT right. Even medium size companies put stuff in and don't implement best practise security measures.

While in smaller companies it's easier to implement good practices as there's less to break, they very rarely get put in, whether that's apathy, ignorance or both is up for debate. They are however a much smaller target for hacktivists and ransomware attacks.

Before the cloud people ran on-prem servers, all sat in an office and security was the office firewall. Hard outside, soft on the inside.

So unless you're advocating for sending everyone back to the office, with no remote access, no cloud email, no mobile devices or anything?

They didn't prevent him using a van on days off (Which he shouldn't have been doing); they didn't listen when he raised issues about his own mental health and financial issues...

There's a lot in the links above if you look:

https://yro.slashdot.org/story...

The assumption that Linux is by default secure and doesn't require as regular patching or updates is something I've seen by multiple businesses in the past.

Some vendors say that you must run RHEL 7.2. That therefore means that all the patches that make it 7.3 won't be supported.

TLDR: Bad patch management isn't limited to Microsoft

In WWI / WWII soldiers knew of plans days / weeks out, so a person in a port might know that they're getting deployed and going to attack a certain point. Someone who was a spy in port might find that out by hanging around in a bar, and get that confirmed from somewhere else and relay that back. The enemy could then reinforce that point. It was very heavily ingrained to not ask questions, and, if you were asked, not to tell anyone.

Nowadays with information as compartmentalised as it is and modern communications, they say you only need to hold out 24 hours as that's all your information is good for.

A lot less people need to know a week in advance what's happening except for people at the top.

They produce AI Chips? Or SoC? Both? Which ones?

They might have current generation chips from Nvidia, but by not selling them any more of the current generation, they'll lose any ability to develop their next generation platforms. The next generation AI chips (Which Nvidia designed 5 years ago and are about to go into production) they won't have access to. Leaving them falling behind.

Without the AI chips, they'll have major issues designing a lot of things, especially future SoC, CPUs and GPUs. They'll also have issues with machine learning for fraud and a range other places where these chips are used now as edge cases, but will become more mainstream in the next 10 years.

Having been down the road of getting my phone repaired by someone who wasn't a distributor / authorised repairer and then dropped my phone in water and being told "We'd fix your screen, but we never said we'd make your phone waterproof again"...

I want to see / know that they're providing the same glue / seal kits that they use in the factory as opposed to whatever the third party repairers are forced to use. While the back of my phone might fit onto the case again, it's not providing a waterproof seal. I want to know that if I drop my phone at the beach / in the sink it's a wipe off as opposed to a write off.

If Samsung say that the frame needs to be replaced because 1/10 of all repairs the frame gets bent out of shape in the process of removing the back, then good on them for knowing that, I don't want someone to guess that "Looks good enough to me" is tolerance enough. Modern phones don't have those tolerances in them.

Because it's got an Oracle label on it, and I have absolutely no trust that the terms that I agree to now will look anywhere near the same at the next renewal.

Oracle seems like they just fuck over customers for fun and profit.

The only reason I didn't move was everything that I login to. I'd be happy to move my email and cloud storage out to Microsoft and host that there (I've got "free" Office 365 accounts through my partner status). It's logging into everything, my mobile phone, YouTube, a million and one websites.

I can't wait till federated identity discovery becomes a thing, I know MS, Apple and Google are working on it and have been for nearly 5 years now. Maybe in 10 years it'll be standard login for websites...

*blink*

What? You don't just get to magic up a fab and wafers.

If you think it's so simple please go work for TSMC or Intel and tell them how they're so wrong to be spending billions and billions of dollars and decades to build fabs.

They did.

SMBv2 has been the default since SAMBA 4.11 released in 2019, however, it takes a while for the linux distributions to pickup the newer SAMBA releases and those to get out there.

The problem is that a lot of people's build scripts and configs still use SMBv1, or they use older methods such as WINBIND instead of SSSD as they still work.

Things are changing now because security auditors are chasing people up, but it's slow going.

You're saying patents are worthless to society?

> Why couldn't Facebook/Meta and whatever other social media company just cut off their servers over in Europe and just still allow connections to servers in the US?

> Sure there might be a little lag, but if the europeans are accessing sites hosted outside of the EU, they they can't have reach to bitch about what data is used and stored where, right?

They can also stop taking European advertising $$$ too.

Ukraine? Moldova? Georgia?

Sorry, that's Russian territory.