Comment Re: Context? (Score 1) 121
The original source code is still free to anyone else who cares to use it. Nothing changed there so it isn't false advertising, as you allege.
Submission + - Physicists create first room-temperature quantum material (phys.org)
Comment An AMAZING number of flaws (Score 4, Insightful) 73
Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)
The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.
Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.
The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.
Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.
“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.
In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.
It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.
A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.
Comment Re: In the beginning (Score 1) 81
Iâ(TM)m okay with either approach. Adblock filters all ads that are separate origins, and I can just fast forward past the inline ads.
Comment Re: Remove Encryption? (Score 1) 87
RFS is dead. Like his wife.
Comment Remove Encryption? (Score -1, Redundant) 87
What could possibly go wrong?
Apple is becoming more MS every day.
Comment Re:SCO and IBM (Score 1) 109
"Now that's a name I've not heard in a long time"
Comment Fingerprinting (Score 3, Interesting) 55
Its called fingerprinting, and it has been going on a very long time, using techniques that go back decades. This just makes it more persistent and spans attempts to obfuscate fingerprinting in easier ways.
If you want to avoid this, work from a non-persistent VM that is created and destroyed every online session, using no identifiable information (no-logins ever).
Security isn't convenient.
Comment Re: Get off of VMWARE ASAP, but be warned (Score 1) 56
We moved off on-prem VmWare to Azure cloud. VmWare had a workload management function called VmMotion - to automatically pauses and move VMs between hardware blades, supposedly without skipping a beat. But VMotion used to break cluster management software we ran. So our admins turned it off for susceptible VMs - those stayed 'sticky' on the blade they spun up on.
As we moved to Azure, I asked how we could avoid a similar situation. Turns out Azure has a similar 'feature' called 'Live Migration'. The difference is you cannot turn off 'Live Migration'. Microsoft uses it when it wants to. Thankfully, our cluster management software was fixed/desensitized by the time we moved to Azure.
Despite that, I think the on-prem VmWare was at least a couple times more stable than Azure.
Comment Glib answer to a real concern (Score 1) 183
So theft of physical mail involving thieves putting sticky rods in mailboxes is now common. And the banks are denying their responsibility to detect check alteration. And your response is to blame the victim! Do you not realise the societal breakdown this implies? Has the frog been boiled that well?
Comment Re: So cops are complete cowards now? (Score 0) 31
This!
Get some sense into you cops. That is a human just like you. Unless he's a suspected suicide bomber approach him with caution and sympathy
Submission + - Feds Want to Drop Requirement for Autonomous Cars to Have a Brake Pedal (caranddriver.com)
Braking distance regulations would stick around, but the physical pedals would no longer be required for cars designed to be exclusively autonomous.
I would want any autonomous car to have emergency brake and/or shutoff.
Comment Re: Don't jump to conclusions (Score 1) 214
"Yes, comrade Stalin"
The truth has no bias