Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment To be fair, it warns you like 3-4 times... (Score 1) 55

As a user of Docs.com, I'm not sure how users would realize that the site isn't public by default... It warns you in big banners that it's a public docs site for publishing product manuals or other public consumption items that aren't websites but you want to provide links to or where folks can search for it. You can limit it down for personal, but that if you wanted that, you'd use one of the many other services on the exact same menu like OneDrive or SharePoint.

Comment There are already mature tools to do this.... (Score 1) 151

The fact you mention disk passwords leads me to believe that you are familiar with consumer grade encryption, but probably not enterprise grade encryption management. Microsoft offers some good tools for this, so do many of the other security vendors. Most of these tools have complex, rolling recovery keys for whole disk encryption and assigned users are still able to log in with their normal AD, but you can go the route of additional factors or ways of protecting the identities. If you have need of an additional layer item level file encryption goes a very long way of securing email and documents that might be sensitive. That said, you have to equally protect the user accounts that can decrypt the system with tools like Privileged Access Management, Additional login Factors and threat detection tools. I'd suggest hiring an expert for this endeavor, it's pretty specialized and if you get it wrong, you only make it harder to manage, not more secure. Consulting organizations do this all the time, and depending on what you need, it doesn't have to be insanely expensive.

Comment An area where Microsoft is doing it right (Score 0) 216

With Azure Rights Management and Azure Information Protection integration into Outlook, Exchange and mobile support, Microsoft is way ahead in terms of ease of use for encrypted emails. In most cases, internal company emails are secured and users don't even know it aside from the little banner at the top. For external sharing it has a fairly easy to use system to share docs or emails and it does federate with external IDs. Company to company emails work without any sort of extra accounts or hassle. Company to end user does have a couple requirements, but it works pretty well. Fully federated experiences are coming to Gmail users too so you won't even have to have a Microsoft ID of any sort if you don't want it. Yes, it works in email clients like Touchdown, and there is an attachment process that works in Apple Mail and such.

Comment Just use Storage Spaces + Crashplan (Score 1) 366

Sure, Storage Spaces is just fancy JBOD, but it works really well, is supported and isn't tied to hardware for migrating down the line. That said, you need to back that stuff up if it's of any importance. CrashPlan is highly recommended for good reason. There are others, but you are best off with something that can handle versioning to a local disk as well as getting that stuff sync'ed offsite.

Comment Ugh, NO - that file is the edition changer (Score 2) 285

Win 10 let's us do Workplace Join which can let us upgrade and activate an edition upgrade from Windows Home or Windows Pro to Windows Enterprise. This let's folks use their home computer but still use things like Bitlocker and DirectAccess which aren't part of Home. The way it works is we provide an edition change package, look up the Windows 10 Provisioning Package. Rather than relying on your home computer talking to the on-prem KMS, it uses essentially an old school MAC key for temporarily activating an upgrade. Once the PC is removed from the company's workplace join, it removes that edition. The goal is to let employees use any device they care to in order to get their work done and allow the company to reclaim that edition upgrade once they leave that role. Why MS insists on calling it a subscription, I'm not sure, but it probably has more to do with the fact that to have the Enterprise version, you have to have an EA agreement and a Software Assurance. Basically no, it's not what you think and the Microsoft response is reasonably accurate it's just the word subscription that should be replaced with the word "Activation." [Note, I'm a consultant who does Intune/Configuration Manager so I'm actively deploying these packages that do this with clients today.]

Comment Re:Plausible deniability (Score 2) 796

Just buy/download one of the cryptolocker malware shells. All of your data is fully encrypted and prompts you for a payment or warns that you didn't respond within the 72 hour window. That would replace your standard crypto GUI, but introduce a reasonable plausible deniability. Not necessarily encouraging this, but it fits the scenario.

Comment Scary implications for Cryptolocker victims (Score 3, Insightful) 796

It goes without saying that this would be a truly scary precedent if applied widely. Victims of cryptolocker for instance would have encrypted hard drives and literally have no way of providing the key or passphrase necessary to comply with a court order. Smart bad guys could just as easily borrow malware engines to do this to disguise their behavior, so it would not be easily apparent. My personal opinion is that passwords are firmly 5th amendment protected, I just wish it came up under a more defendable case. The investigators should have done more surveillance or traditional investigations (with warrant) before pulling the trigger on the arrest and could have easily removed the ambiguity from the situation.

Comment Re:Isn't this a dumb idea? (Score 1) 47

Hello is more flexible than the above suggests and this is really just an extension of their Single Sign On options. Microsoft really wants to push the PIN + something as better than a password (that users will just put on a post-it note and leave in their office). For low security locations, sure maybe just a IR scan of your face including vein locations heartrate and such = 1 factor (Hello only works with very specific and weird cameras), but most are going to implement it with biometric (face or fingerprint) + a PIN. Which arguably is better than a password that users have on a post-it note stuck to their monitor. Once you are initially logged in, the trust factor can reasonably be established as we already have a trusted token for your login and we can re-prompt for one factor just to make sure it's still the user at the keyboard, so we just reuse that token everywhere. This ties into stuff like their SSO for Office 365, SaaS apps and has a password manager to store other non-recognized apps. Basically what UPEK was doing in the early 2000's with their fingerprint software, but hopefully more secure.

Comment Re:Nobody fucking wants this (Score 1) 196

That last part - letting your phone cast - basically is Windows 10 Continuum. The head unit still needs a way of receiving that signal and doing processing like using the touch screen in the dash, so it isn't just a HDMI jack. It's more like Remote Desktop with some tweaks. That said, do I want a Windows 10 phone - no not really. Do I want something like it for Android to my UConnect's 9" screen, yes. Even in the summary this said when the car is parked or auto drive. As an owner of a car with adaptive cruise + lane aware, it's actually a pretty reasonable proposition. My interaction on the daily commute in heavy traffic is lane changes and turns or taking over in cases of bad weather. I don't abuse it and keep my hands on the wheel (it yells at me if I don't) but I have very little I have to do while in the traffic crawl on the highway and my car isn't one of the fancy ones like the Tesla that can do much more. Right now it's just chilling to audiobooks, but we aren't that far from large periods of being completely interaction free.

Comment Re:UK Parliament uses NSA friendly cloud (Score 1) 347

The whole Ireland stuff is still stuck in appeals. The Gov asked for the data, Microsoft took it to the courts - to my knowledge nothing was handed over yet. That's what lead to them expanding their content storage in Germany as they had more legal support for taking it there. The NSA demands stuff all the time - doesn't mean it's always handed over. Besides, if you are worried about security O365 and Azure support Bring Your Own Key encryption. That's relatively standard stuff now days with Azure Government tenants - granted, I've only done this for US customers, cannot speak for the UK. Regarding move to Germany, that's all scuttlebutt - but it's scuttlebutt from my local Microsoft Data Center folks over beers.

Comment Re:Like Microsoft Skype and Hotmail? (Score 2) 347

Not sure about the above, but to be fair, keep in mind that MS is creating new data (and expanding existing) centers in Germany - with the emphasis to get away from NSA snooping. They used the fact that the NSA pissed off Germany with basically act of war level spying to get German support to move the O365 & Azure DCs there in a safe haven. There's talk behind the scenes to start offering customers an intentional geo-deoptimization to shove sensitive data outside of NSA reach - without charging for it. The MS data center SSPs I work with regularly are actually kind of excited about it as they trust the Germans more than the American Gov - what a weird world... Not saying this will work, we might be just trading one privacy insensitive government for another, but that's the chatter that I'm hearing.

Comment One argument for switching to DC voltage (Score 1) 169

Management doesn't understand the difference between telling them it's technically possible to do live maintenance and that it's a challenge like the rest of our technical feats. I feel for the guy and his survivors. I've seen the same pressures play out on my data centers, but thankfully we were able to arrange that type of work as semi-regular full DR test and the place I was working at simply didn't have the same uptime demands when push came to shove. From a safety angle, I can't help but think that moving over the DC voltage for datacenters might be a better option. Some of the big boys are already doing it as we're currently taking AC power, running it through or along side DC power backups, then up to AC for power supplies, then DC for the servers. There's an economy to it, but DC is just safer to work with. That said, there's always going to be an AC/DC bus that's dangerous to work on and live electrical work on it will always take appropriate design ($$) and proper training.

Slashdot Top Deals

Genetics explains why you look like your father, and if you don't, why you should.

Working...