nice post! This is interesting stuff, I can really visualise them being a major force in retail banking? Would you trust them? You already kinda do... They win instant points for not being a bank as anyone understands it these days. And the benefit to everyone having the mark of the be... sorry - a smartphone as their wallet / purse / bag - would be cool tech for magazine covers. It will be a smash. I'm pretty convinced google are on track in the thinking displayed. And yes, I agree it is more secure than existing bank cards. Massively, I wouldn't be accepting your challenge in a hurry pal, your thinking is rock solid on this. And everyone here is petrified of their smart phone becoming a SPOF of life threatening proportions, one word - backup. Doesn't take a leap of the imagination to see this being fluid, real and useful tech, and indispensable to money as a medium at all levels of the global economy. If Google can walk "don't be evil' and unleash a bit of people power in their offering too, then they're as smart as everyone says they are...

Just to add, majority of phones can be tricked into dropping down to GSM from 3G. All phones (bar the BB) should be treated as untrusted devices. Tunnel everything, encrypt everything, store nothing and you're part way there :-)

That's right - I need to look at this more, but you people should give MS a HELL of a lot more credit for what they are doing here. BYOD is the security nightmare du jour, ever since the iPad came out. Our security team have spent huge resources, and are still woefully under-resourced to make managing these devices day in day out remotely safe enough. The last thing you'd want to see, and the first thing you'd demand - from an info sec perspective - is that AD not be baked into this consumer oriented OS. Until Win RT is a couple years old every security team worth their salt would nix any directory / infrastructure tie up with a device which is easily lost, unhardened (at least through painful experience) and virtually an Alpha product.Yes it can be done, but the overhead is massive and most people wont have the headcount to secure bridging the two safely - and KEEPING THEM SAFE. Releasing in this form provides entry to a consumer market, and a platform which has a lot of the headache of apps installed from Lines of Business fixed through the separate publishing infrastructure (which the original article is ignorant of, or lying). Staff get their tablets. It sounds to me that MS are getting a head start on Android and iOS. Read the link the guy above posted. They have provided a tiered, clean way of getting business apps to a consumer device. It still requires security risk assessments and penetration testing of the apps (which would need hella strong authentication / 2FA for anything which holds sensitive or above data, but the lack of the 'generic' client for the enterprise directory will make this much easier to deploy and work with than if they had tied things together with AD. It means more work - but thats what it takes, unless you want your firm to get owned.

God I love Stephenson. Just finishing Quicksilver now. And I have to say, as an inhabitant of London, his accuracy on detail and facts is astonishing. I only spotted one potential error, where he seems to infer that the Thames is not tidal, but even that was a stretch and is plausibly deniable by way of the wording used. I may just be a pedant. On Slashdot, natch!

The guy blows me away, definitely should have had a major, major bestseller by now, and am convinced that, if he can keep something down to a reasonable size, he has a mainstream success due to him some time soon.

Very much in agreement.
I spent some time in IT audit for one of the Big 4, and it's always puzzled me that they can issue a draft audit point which if challenged is just taken away. If accepted, lots of monkeys have to run around at great expense clearing it. It seems a bit rich to me that there is no penalty on the auditor for this. effectively they can just rain paper with little consequence, and at potentially huge cost to the client.

Having said that, these firms are partnerships, there is always a partner very close to the work being undertaken, and it's their ass and their money and as a consequence the QA at these firms on their deliverables was exceptional in my experience.

But this is an issue, and I think that legal redress is deperately needed.

To illustrate this, I recall one audit I had to do. It was a follow on from the previous years IT audit a colleague had done for one of the two biggest banks in the country in question. One of the previous years recommendations, signed off on by the business, was the need for Network Intrusion Detection to be put in place. This was actioned, and when I got there they had had an expert working day in day out for months, with a huge budget for some very expensive network taps and headcount for monitoring. I reviewed the point, determined that they hadnt yet implemented the control as of that date, recommending that they proceed and introduce it within the coming year.

At the close out meeting one of the commercial directors ate us alive. The original point should never have been accepted. The banking industry, at that time, hadnt settled on NIDS as a requirement and host based should have been fine. Effectively our sloppy report made them piss millions up the wall for little reason.

Audit reports are clear documents, beautifully built, well evidenced. They always have work papers and test papers behind them. They are perfect candidates for for further inspection in a court of law and I have seen, first hand, instances where they have been harmful and inaccurate and should be subject to this scrutiny. If a process or test was missed off, it will show. Every time.

Yes, it's true that senior management at the bank signed off on the previous years report, but this was in good faith that my firm knew what they were talking about. They didnt, and should have been liable. Why not? Currently they get out of jail if they're right, and they get out of jail if they're wrong. And dont even get my started on the conflicts of interests I saw!

"There was some panic under Mexicans..."

Hey, I know that feeling. Took a Greyhound to Vegas, had to spend six hours wedged under some fat dudes armpit.

er, you're like Walter in Lebowski Dude.

Not everything has a literal connection with Australia, that was very much last weeks story, I hate to break it to you but, as you suspected, the world cares as much for Aus as Aus does for the world. What the hell have bushfires got to do with slave labour, you bibble?

Get a job sir.

I think PoP is anodyne, and the handholding took away any feeling of risk. FC2 I love. Played on hard, just getting to the required map point is brutal but always interesting due to the savagely smart, hard to see soldiers at checkpoints, road patrols, etc. It forces you to think, proceed with caution, and engage the enemy in a real seeming way. If you get gunned down, you are going to retry, and that half hour of terrain doesnt seem boring, none of it does, because the scenery, enemies, and weaponry, are just fun to hang with.

Yep,
'Experts' barely exist. I am one. And I'm not that good at all to be honest, I can barely code a 'hello world' but I've still been wheeled out countless times to point out password lengths arent up to snuff etc.
But I've got seven years experience and I know quite a lot of other things worth knowing, and I've seen some pretty sloppy practice and kicked it into touch.
Still, this book sounds cock. I mean utter cock. The review makes it sound like it is equally as worthless as me, on a bad day, trying to risk assess a three tiered app running on Websphere. They appear not to have a point, and to focus on the now dead legend of management buying the silver bullet / marketing / one stop shop is well out of date. There isn't a manager out there who is dumb enough to believe that you pay money and this crap goes away. They know it's a combination of process, people, and systems in concert that gets you out of the shit, because it's true, and because it is their language, that of business. The book sounds like a squint-eyed techie moan, from people who don't get let out of the back room to talk to the execs very much. This book sounds so far out from reality it may as well be set on the moon, and populated by Sea Monkeys. If they want to sell a new school, they could at least take the trouble to learn the 'old ' one first, instead of passing off vacuous soundbites about China and Hedgehogs or something.