Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Not a surprise (Score 5, Interesting) 119

Not one organization I have ever worked for has seriously cared about IT security. The second anyone mentions security, the next question is how much it costs. So I don't think it's a Yahoo thing - I think it happens everywhere. Even banks and healthcare companies, who have some of the most regulated data in the world don't go beyond lip service and a few token defenses to protect it. Companies will continue to offshore vital functions to companies that don't care what happens to data. They'll also continue to ignore key parts of new product development relating to security. I think one of the problems is that IT security guys can't articulate this to executives. They're either from the physical security world, or they're so tech-focused that they can't give a coherent presentation to people who only understand what dollars are.

Companies have insurance, and it's always cheaper to say "oops" and give out free credit monitoring for a year than it is to build a serious defense against security breaches. Until it becomes too expensive to ignore, whether in the form of lost business, fines or lost intellectual property, nothing will change.

Comment Re:Good-but Enterprise only (Score 1) 161

"What is wrong with the pro version?"

The main complaint I have is that the Pro version lacks certain key features that Enterprises might like. There's no way to disable some of the telemetry/tracking in the Pro version, you can't run the LTSB in Pro, and it's looking like all the interesting stuff is being locked behind that Enterprise edition/subscription. Pro used to be just fine for most enterprises, but now way more companies are going to have to pay monthly for the license to use an OS that the OEM shipped you with the computer. The only time my employer ever used Windows 7's Enterprise edition was for machines they wanted BitLocker on, or multi-language support.

I agree that something like this should _definitely_ be targeted at home users. They're more likely than corporate users to be browsing sites with dodgy JavaScript, etc. Edge doesn't use applets or plugins, but there are plenty of ways in if you can get an application to execute code on a machine. As we've seen in patch after patch, all it takes is people hammering on code for months on end looking for a hole. I still have no idea where/how they find people to actually do the exploit analysis.

The problem would be trying to explain behavior like this to end users. Any site that relies on the users' ability to upload files, for example, wouldn't work properly in a sandboxed environment.

Comment Typical near-top-of-bubble stuff (Score 3, Insightful) 75

Just like the dotcom bubble, there are entire companies whose fate hinges on massive uptake of the "big data" and "deep learning" revolutions. And just like the hype cycles from the last bubble, there's some truth to them but people really take it to an extreme to get headlines and clicks. I think when the bubble pops, there will be plenty of "real" big data problems for serious qualified people to solve, as well as legions of unemployed "data scientists" and "cognitive champions."

I think applying data analysis techniques to societal problems (emergency response, environmental issues, etc.) is a good thing. I don't think the current focus of ever more intrusive advertising and behavior analysis is going to add much value in the long run. This isn't a tinfoil-hat style rejection of tracking, it's my belief that even the dumbest of consumers are going to reach a point where they can't stand having ads shoved in their face anymore and demand that it stop. Ever notice how commerce sites email you when you put an item in your cart, then don't buy it? Lots of sites have at least buried a setting somewhere in their account configs that let people turn this off. No one ever went broke overestimating the stupidity of the average consumer, but pushing things on every channel (phone, computer, tablet, streaming ads, browser ads, etc.) will lead to consumer fatigue.

Comment Good-but Enterprise only (Score 1) 161

Basically, all businesses are going to have to subscribe to Windows 10 Enterprise if they want the features they were used to getting from Pro in the past. Microsoft should just merge Home and Pro into one edition and call it Consumer or Ad-and-Telemetry-Supported or something. A lot of places, including my workplace, have been used to getting the features we need from the OEM license of the Pro version of Windows shipped with the PC. This is how Microsoft is going to work around the claim they won't be charging subscriptions, 365-style, for Windows. They aren't, oh, except for enterprise customers.

It is a good business model -- companies will pay for Enterprise if they want any hope of managing their Windows client OS fleet. Adobe is a good example of how this works out - they know they have very little competition in the video editing, photo and publishing space, so they switched to a subscription model years ago. If you can force your customers to keep paying over and over again for the same product, why wouldn't you? Microsoft is going to be the next IBM - the main reason the company hasn't gone under is the recurring mainframe revenue...they get millions and millions of dollars monthly from customers just to retain the right to run a mainframe. IBM has been in the process of eating itself for 15+ years, and they will never completely die because they keep getting this revenue stream - - no matter how many businesses they sell off.

Comment Good for convenience, bad for large IT shops (Score 2) 221

Having done the end user computing engineering thing for quite some time, I've had to deal with Windows Update in places as large as 40,000+ PCs. There's a conundrum in the cumulative patching model -- it's super-easy for IT, but could leave some places more vulnerable.

The problem is that the more diverse a company's IT needs are, and the more proprietary software they rely on, the less able they are to just roll out a bundle of fixes to everyone and call it a day. I think Microsoft is forgetting how much some companies are relying on desktop Windows for line of business applications...it's almost like everyone there has drunk deep of the Cloud/Surface/Phone/Tablet/Web Services kool aid, and just assumed those crappy 20 year old applications have disappeared along with desktop/laptop use cases. In their minds, the only thing they have to make sure works correctly on site is Internet Explorer/Edge and Office.

Admittedly, updates are a confusing mess of semi-circular dependencies and it is very difficult for Microsoft to test even common combinations. But, making them all cumulative means this...Assume you have 10 updates in a bundle, 6 work fine everywhere, 1 breaks 40 PCs in Department A, 1 breaks the LOB app running on all 18,000 PCs you run, 1 breaks a behavior in IE some junky internal web app running on 2,300 PCs and 1 breaks the CEO's computer. All those computers have to wait until the problem is solved to get the protection for the 6 vulnerabilities, and they will continue to be unpatched since the bundle is cumulative.

The other thing I'm not a fan of is the removal of any sort of information about what gets patched. There used to be comprehensive descriptions of what was patched, and companies who knew what they were doing could direct testing to the right application groups. That's the other thing that's going away this month. We're a big Microsoft shop so we're pretty much resigned to upgrading to Windows 10...I guess we'll see what happens. Microsoft's been trying to cremate Windows 7 ever since early this year, messing with support dates and not backporting features. We'll see if Microsoft's "update rings" strategy that they're recommending everyone migrate to is workable.

Comment Makes sense, sell at the top of the bubble (Score 4, Interesting) 65

Remember back to 2000 when AOL and Time Warner merged. That obviously didn't go well, but it did kind of mark the top of the dotcom bubble. Yahoo and Twitter are smart to get bought out while the bubble is still going...Yahoo's pretty irrelevant now, and Twitter can't make enough money off its users. People will only pay so much for Big Data about 140-character tweets. It makes sense as a useful little service, but not really a business. I think everyone is finally realizing that it's not going to cause a communications revolution and trying to get their money out.

I'll bet Microsoft will buy it and add it to its LinkedIn acquisition. I could definitely see them trying to shoehorn both things into their business offerings -- Twitter as a customer service channel, LinkedIn as an automated recruiting department. I'm an old fart, but I don't even see younger people I know tweeting. I see businesses hiring 23-year-old marketing majors as social media managers and letting them say random things on the company's Twitter account, answer customer questions, etc. But does having that channel open actually produce anything valuable?

Comment Serious question about this (Score 1) 169

What is the root cause of most of these data breaches? I know in the Target and Home Depot cases, they hooked insecure embedded systems to their main network or enabled third party access for convenience that the hackers took advantage of. But what happens in cases like this? Does someone just exploit a security hole in a public facing service and go in from there? Or is it an inside job in most cases?

Comment Lenovo can't catch a break (Score 1) 476

It'd be interesting to see what the actual technical reason for this is, but I know the business reason.

Microsoft's Signature program (described here, is essentially an agreement with manufacturers that they won't load crapware on the PC. It's doing for the consumer what the technical among us do whenever we buy a new Windows PC -- wipe the hard drive and do a clean install-from-media of Windows.

Manufacturers of low-margin consumer hardware make up some of the margin by bundling garbage software like firewalls, AV, "helper" programs, etc. Without that source of revenue, I'll bet they're relying on payments by Microsoft to cover what is lost. The interesting thing to see is whether or not all Signature PCs have clever restrictions that make it just difficult enough to install Linux that no one will bother.

Comment Why is this bad? (Score 2, Interesting) 228

I'm a dad of a new kindergartener. They're not solving differential equations at this level; it appears that they're trying to get them on a level playing field, accounting for differences in background, etc. If a kid has spent the last 5 years doing nothing but watch TV and has never been read to, they really have to catch them up quickly. First grade is apparently where the "rigorous academics" start. My kid already learned to read and has a pretty good background in the basics, so I imagine it's going to be a less than engaging first year.

I know everyone hates the common core stuff, but I do see the point. Teachers aren't given a class full of kids with attentive parents who care about what their kid does in school. Maybe some are like that, but others are too busy, don't have the educational background, or the family is poor and education takes a back seat to living. Absent the nice home life, the schools have to do everything they can to ensure they give a kid a fighting chance education-wise.

Also, having recess is almost optional in my mind. Chinese, Indian, Korean, Japanese and other countries' students spend way more time in school than our students do. Education is valued in those societies and they make sure they turn out well-educated students. Look at some of the university entrance exams from countries on this list and compare it to high school curriculum in the US. Compared to these countries, we're doing nothing near that level of work with students. Visiting faculty from other countries send their kids to private tutors to ensure they receive a level of education on par with their country's system so the kid won't be behind when they return home. I think the school day should be longer and the school year should be year-round. Only 2% of the population works in agriculture anymore, so there's no excuse for students to be out the whole summer anymore.

Comment Sounds like a check cashing place (Score 4, Insightful) 108

If anyone wants to see how well those gig economy workers are doing overall, here's a perfect example. Admittedly it's an optional service, but the fact that they can offer someone a fee-based service to access their pay immediately doesn't paint the picture of happy carefree workers.

Check cashing places and payday loan companies are other examples of companies making money off other peoples' bad situations. If your credit sucks so badly that you can't open a bank account, helpful businesses like this will happily cash that check for you...for a price. Low-wage employers are also doing stuff like putting employee pay on a debit card loaded with extra fees to access the funds. Most of the big retailers like supermarkets, Walmart, etc. don't write paper checks to employees anymore, and present this as the only option if you can't get a checking account. Even food stamp and welfare recipients, the people who are most likely to not be able to make good financial decisions, are having their benefits paid out electronically.

I think the gig economy cheerleaders will come around to championing stable employment when traditional employers figure out a way to treat their entire workforce like this.

Comment Only applicable in urban hipster neighborhoods (Score 2) 274

Outside of cities, I can't see the economics of this working. Telephone service in rural areas had to be subsidized by a universal service fee. Why? Because the for-profit telephone company, even with a monopoly, didn't want to extend the network for a small number of customers unless there was an incentive. Imagine Uber/Lyft having to guarantee that one of their self-driving cars would be available to take you wherever you wanted to go, 24/7, with 30 minutes' notice regardless of where you live.

The other reason why I don't think personal cars are completely doomed is families. If you have kids, you know that the car becomes another room of the house if you live in the suburbs and have to drive everywhere. Imagine having to haul all your crap out of your self-driving Uber cab when you reach your destination, then put it back into another car when you want to go back.

I think some of this stuff is really cool, but the business model seems exactly like a myopic view of the entire world being a dense city filled with well-to-do hipster singles or married people who don't have kids. It's the same model as Blue Apron and all those other delivery services...Ironic mustache and goatee Swift developer and his marketing liaison coordinator wife arrive home from another 12-hour shift at the unicorn startups they work at. Rather than call an Uber to take them to the trendy new Ethiopian-Thai fusion place again, or hang out with the LUDDITES at the grocery store, Blue Apron has a box delivered to their front door with meals in it! It's brilliant! Everyone will love it! Give us $100 million!!!

Comment Brings up an interesting point... (Score 1) 81

OK, I admit I'm pretty old school, so I have a serious question. Things like the DNS standard are pretty old, yet extremely fundamental to how the Internet operates. By fundamental, I mean things in the Session layer or below that most web APIs never see...stuff like TCP/IP, BGP, DNS, etc. I'm not a network wizard (I'm a systems engineer) but I did have to learn enough about these things back in the day to get good at troubleshooting.

In the API driven world, you use a JavaScript or similar library to push a JSON, XML or similar file to a URL and wait for a response. If most programmers are working in environments like that, where the connection, name resolution, etc are totally abstracted, are people still learning a healthy dose of fundamentals? If not, I could definitely see this API-driven DNS interface as a response to that. Under the covers everyone knows DNS is required, which will send very specific messages following a standard, over a TCP or UDP connection on port 53. The details of that interaction are what is wrapped by this API, right? So the question is -- as fewer and fewer people know what's actually going on below the API layer, does anyone think this constitutes a problem? I can't argue with a way to make things easier and automate them - I'm just worried about people losing vital context knowledge as we keep wrapping it under millions of layers of code.

Comment Simple answer is money, always has been (Score 1) 537

If society woke up one day and decided that something other than money would be used to determine relative value, this argument wouldn't exist. Until then, people are going to be driven by money -- for survival at a basic level, but then for lifestyle and status improvement as the levels rise. They're going to do what they think can make them the most money so they're not out on the street or eating macaroni and cheese for most dinners.

It's all the same problem:
- During the last late 90s dotcom bubble, people complained that scientists weren't going into research and scientific jobs because the startups stole all the talent away by offering inflated VC-fueled salaries.
- During the housing bubble of the early 2000s, all the math and CS guys were being stolen away by the banks to be "quants" - because the banks were paying top dollar to have a tiny edge in high-frequency trading or construction of new derivatives.
- And during the current dotcom bubble (a repeat of the 90s except replacing the Internet and websites with social media, phones and data mining) all the talented people (and lots of non-talented ones) are back in the SV startup crowd again.

In the end, people will do what makes them the most money for the level of risk they're comfortable with. As a personal example, I work on the systems engineering side of IT. I have chosen the "stable" path of full-time large corporate work over the crazy freelance consulting world. Yes, corporate work has pitfalls, but the paychecks show up every month and you're not constantly hustling for more work, worried about who's going to pay you next. I know freelance guys who are extremely talented, so much so that they make multiples of an average salary. I've often been asked by those types why I don't go this route; I'm actually pretty decent at my job. The answer is safety - If I'm willing to put up with stupid rules and play some politics, I get paid regularly. My family is happy with me, and my home life is stable. The only freelancer I know who is still married has what's basically a mail order bride - everyone else is divorced mainly because they're never home.

Want to make people more altruistic? Give them a real safety net that ensures one wrong move doesn't ruin their lives. You're not going to kill consumerism overnight, so work around it by coming up with something better than US unemployment insurance.

Comment All "consumer" PCs and printers are garbage (Score 3, Interesting) 387

I'm not defending HP on this one, but it's common knowledge that you get what you pay for when it comes to consumer hardware. When it comes to PCs and printers, you really have to step up into the business lines to get something that has a chance of lasting, or doesn't have artificial restrictions like this put in place.

I've seen HP printers at Best Buy, Costco, etc. for less than $100 in some cases, and certainly the majority are less than $300. At that price point, when you consider how much it costs to market, stock and sell that device, wouldn't you expect tricks like this? Same thing goes for PCs and laptops -- business laptops can still be over $1000 these days, and consumer ones are below $500. But, one comes with a 3 year warranty and a guarantee of a stable hardware configuration, and the other comes with a 90 day warranty and is assembled from the spare parts bin with whatever components they happen to have on hand that day. And it's not just HP -- all the PC manufacturers have a consolidated set of business-level SKUs, plus hundreds of consumer SKUs, all slightly different, to be sold at various levels of retailer (office supply stores, Costco, electronics chains, etc.) In the printer world, you need to buy at least the low end business models to have a chance of them lasting more than a few years. I bought a LaserJet P3015 years back and haven't had any complaints...but the printer retailed for about $900. Buying the office model for home is expensive but it does just work and still has echoes of the old tank-like build quality of LaserJets of yesteryear.

HP, Lenovo, etc. should all just jettison the crap consumer lines, cede the low end of the market to tablets or Chromebooks, and focus on making high-margin quality hardware for people who still need it. Their bottom lines would be much better off, and people wouldn't have to put up with stuff like this.

Comment This wouldn't be a big deal in a different world (Score 1) 495

Lately, Apple computers have pretty much been Intel reference designs in nice cases, but they do have a history of taking leaps that others haven't -- the iMac was the first computer without a floppy drive in an era when floppies were what USB sticks are now, cheap disposable storage. Same thing with getting rid of the CD-ROM drive and later the DVD in their laptops.

I think the controversy stems from a couple of things:
- Apple has been systematically turning their computers into throwaway appliances by removing expansion capability, then charging an arm and a leg for incredibly cheap RAM and storage capacity.
- They have a huge lock on the media market with the iTunes store, all of which encourages them to implement playback methods that prevent copying and give them the power to revoke licenses to content in the future
- They just happen to own a crappy overpriced line of headphones (Beats Audio) who just happens to sell wireless headphones guaranteed to work with their devices. So instead of picking up a cheap $5 throwaway pair of earbuds when you leave yours at home, you have to buy the $50 and up ones.

I'm all for technology marching on, but unless there's a major shift by all these companies away from monetizing the user rather than selling the hardware, people will assume it's for nefarious purposes.

Slashdot Top Deals

Never tell people how to do things. Tell them WHAT to do and they will surprise you with their ingenuity. -- Gen. George S. Patton, Jr.