Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Lots of companies want Win10 (Score 1) 150

That may be true, but we have not yet discovered how to make a system that is truly, 100%, absolutely guaranteed secure. That means real world security is all about risk management: what risks can we identify, and what can we do to mitigate them?

Unless you are capable of building literally everything you need, from the most basic hardware components or the first line of code on up, at some point you will come to a decision between trusting some partner organisation and its staff to do what they say and looking elsewhere. And if you really need something big and you can't build it yourself, there are probably only so many potential partners to work with before you run out of options.

So, maybe no amount of assurances from Microsoft would reassure you, but if you're in charge of a hypothetical multi-year, multi-billion dollar R&D programme and you need a desktop OS to run your software on, who would you allow to reassure you? Apple? The Debian security team? A few hundred specialist developers you just hired to build you something from scratch on top of FreeBSD?

Comment Re:Lots of companies want Win10 (Score 1) 150

The real world doesn't work like that. Having independently audited the source code from a big provider, there isn't much difference between having your own background-checked people building it and having actionable assurances from senior executives at your supplier that their technicians with the same relevant background checks and security clearances have built it properly. At some point, there is always a level of trust in the individuals involved and a level of oversight in how the product is made and deployed, regardless of whose name appears on the payslip of those people.

Comment Re:The year after. (Score 1) 150

I'd guess they'd get told telemetry was optional but would be necessary for certain support functions/p>

I'm fairly sure that if you'd told them that, all of the banks I'm thinking of would have required either the ability to permanently disable all such telemetry code before going into service or, in some cases, a custom build of any relevant software with all such telemetry code removed.

or turn some automated functions (like software updates) into manual, downtime-required functions.

No-one in the environments I was dealing with would have been installing any sort of automated updates anyway. We're talking about the kind of place where taking anything out of service, other than special emergency procedures in some cases, typically requires a sign-off process that could last for weeks. Usually that would include significant amounts of lab evaluation before being put into production for literally any hardware or software change. It was also normal to require sufficient assurances to satisfy them that for large-scale deployments, what was later delivered in volume would be absolutely identical to what they had evaluated under lab conditions.

Obviously this is at the opposite end of the spectrum to "Just install it, I don't care". I'm just pointing out that in organisations with serious security or reliability concerns, this kind of thing does happen. I've encountered a similar abundance of caution in plenty of back office environments as well, say places like communications providers or the infrastructure used by big online retailers, but banks seemed like a good example here because they do also have large numbers of regular PCs accessible from front-office locations and running regular desktop OSes.

Comment Re:"Sales" = Win10 Licenses with 7 downgrade right (Score 1) 150

I think we're talking about different things here.

I'm talking about buying a new PC from a major vendor that comes with Windows 10 pre-installed but lets the customer replace that (legally) with Windows 7 or 8.1 post-sale. This is still allowed if the vendor offers it, but they aren't allowed to supply new machines with 7 or 8.1 preinstalled any more, only 10. I can't immediately find a reference, but I've seen reports that similar moves by Microsoft will prevent even selling new machines with those downgrade rights in a year or so.

I suspect you're talking about more general provisions under enterprise licensing agreements or some sort of developer programme. There are other schemes that Microsoft runs that let people do all kinds of things, but they aren't necessarily available to someone who just went to and bought a new XPS laptop.

Comment Will we get simultaneous pairing? (Score 2) 72

I mean where I can pair a set of headphones to, say, a phone and a computer at the same time and get audio from both at the same time? Or send the audio from one device to multiple devices at the same time? Two headsets paired to one phone at once?

Is this a hardware restriction of the radios, a limitation of the BT protocol or just the retarded nature of the implementation?

Comment Re:The year after. (Score 1) 150

For example, I've been involved with sales to the IT groups at certain banks, and they have strict checklists where anything connected to or running on their systems must meet 100% of the hundreds of conditions or it's game over. Nothing with any sort of telemetry built in would be getting anywhere near those systems.

I'd guess they'd get told telemetry was optional but would be necessary for certain support functions or turn some automated functions (like software updates) into manual, downtime-required functions.

I've worked with a couple of banks before and it was always amazing how their procedures would turn a 30 minute maintenance task into 6 hours of downtime. We actually negotiated our way out of a project with a bank because they were so hard to work with and I think we even modified our estimating process for anything involving a bank to have double hour estimates for everything with special riders allowing us to quit if they proved too difficult. We just couldn't make money and work within their policies.

Comment Re:"Sales" = Win10 Licenses with 7 downgrade right (Score 1) 150

Yep, for now there are still options to buy new PCs and run older versions of Windows (legally), though only if you're willing to jump through a few hoops at this point. There will be more serious questions when that possibility is also removed, which isn't far away now in business planning terms.

Comment Re:Ummm.. (Score 1) 150

Well, if you want Microsoft to automatically determine which update(s) are relevant for your system, obviously you're going to have to share some level of information about what you have installed already. If that counts as telemetry, then yes, of course the update tools won't be able to work properly if you disable it. I'm not sure how relevant this is for Enterprise users, though, since the odds of individual users managing the updates on their own systems in an environment running Enterprise must be pretty low to start with.

However, that kind of telemetry is a far cry from functions like search boxes or Cortana automatically and silently sending details of what you're doing back to the mothership even though everything else involved is local to your system. This is the kind of privacy problem that most people objecting to the increased telemetry in recent Windows versions are concerned about.

Comment Re:The year after. (Score 1) 150

It depends very much on context.

For example, I've been involved with sales to the IT groups at certain banks, and they have strict checklists where anything connected to or running on their systems must meet 100% of the hundreds of conditions or it's game over. Nothing with any sort of telemetry built in would be getting anywhere near those systems.

For Joe's Retail Business, if the systems involved aren't handling anything regulated/audited like credit card details, it might be a completely different story. I suspect a lot of businesses will also potentially be in violation of data protection/privacy laws or of commercial agreements like NDAs as a result of the telemetry, which is also somewhat worrying. However, in practice, those probably won't result in any substantial penalties unless either a major breach comes to light or Microsoft starts abusing its access to data it collects coincidentally, so as usual businesses will probably ignore potential leaks unless they think they'll get caught and suffer for having them.

In any case, it's more relevant that during 2017 we'll probably be looking at some larger organisations that will be running the Enterprise or Education versions starting to migrate to Win10, and those don't have the same problems with things like telemetry and forced updates as the Home and Pro editions.

Comment Re:The year after. (Score 1) 150

I think that's fantasy. Lots of high-end enterprise kit has phone-home so deeply embedded into it you basically couldn't use the product without it. Compellent actually has a feature called "Phone Home" that sends telemetry to support and support can remotely console into the system.

Everyone and their dog is scrutinizing Win10 telemetry and MS knows it. Any half-solid evidence they're grabbing proprietary data would be an instant multi-billion dollar class action suit.

Submission + - NSA's best are 'leaving in big numbers,' insiders say (

schwit1 writes: Low morale at the National Security Agency is causing some of the agency's most talented people to leave in favor of private sector jobs, former NSA Director Keith Alexander told a room full of journalism students, professors and cybersecurity executives Tuesday. The retired general and other insiders say a combination of economic and social factors — including negative press coverage — have played a part.

"I do hear that people are increasingly leaving in large numbers and it is a combination of things that start with [morale] and there's now much more money on the outside," Alexander said. "I am honestly surprised that some of these people in cyber companies make up to seven figures. That's five times what the chairman of the Joint Chiefs of Staff makes. Right? And these are people that are 32 years old."

"Do the math. [The NSA] has great competition," he said.

The rate at which these cyber-tacticians are exiting public service has increased over the last several years and has gotten considerably worse over the last 12 months, multiple former NSA officials and D.C. area-based cybersecurity employers have told CyberScoop in recent weeks.

"Morale has always been an issue at NSA, with roughly 20 percent of the workforce doing 80 percent of the actual work," a former official told CyberScoop on the condition of anonymity. "NSA is a place where people retire in place. At some point watching this behavior even for motivated people becomes highly demotivating."

Comment Re:Is malware like this proof of economic stagnati (Score 2) 186

I get that we'd always have people at the margin who have above average intelligence but otherwise to fit into a worker mold and wind up as criminals of varying levels of success. Usually, though, they seem to suffer from various other pathologies -- substance abuse, psychological defects, the kind of panoply of sociological misintegration that limits not only their legitimate success but their ability to make even life below the line very successful.

Maybe there's just a correlation between high levels of computer skills and these same sociological maladjustments, and the medium provides an outlet previously unavailable which offers reduced risk and greater rates of success.

Slashdot Top Deals

All life evolves by the differential survival of replicating entities. -- Dawkins