"the United State in charge of software security standards"
Typical. The USA gets to tell everybody else how to do their job, then sits back and watches the minions scurry.
Why am I not surprised ?
16767 publicly visible posts • joined 10 Apr 2007
There is a world of difference between securing a network and documenting it, and another world of difference between documenting it and writing a government-mandated report.
I take it you haven't written any government reports. I have written a few (unfortunately), and it is not something I enjoy doing in the slightest.
What if the companies simply don't respond in the allotted time span ?
Is there any hint of a fine anywhere ?
On the other hand, they could respond with a basic report and mention "See Appendix . . ." for all precisions, the appendices being sent 30 days later.
This whole attitude smacks of useless pressure from administrative busybodies who grant themselves a lot more importance than they have.
Businesses don't want to be hacked. Most of them do want to be secure, and a fair proportion of them actually put money on the table for that. The thought behind this new rule may be commendable, but granting a 90-day delay (given that businesses are already on a 60-day delay for something else) wouldn't kill the donkey.
Sure, it is very convenient to Sign in With FaceBook/Google/Microsoft.
On the other hand, security experts have been constantly repeating for years that you should not use the same passwords for all sites you sign up for.
How does that compute ? It doesn't. Where does that get us ? To this sort of problem.
I never sign up with any 3rd-party identifier. I manage my own passwords and I don't sign up to social platforms (well, Google signed me up for Hangouts when I got my Gmail account, but I'll be damned if I use it).
I'm glad they found solutions to correct the issue, but I still won't use those kinds of services.
Good luck hijacking my 24-character passwords.
Technically, everyone.
And everyone sees noon at his own door.
That is why these sort of discussions very often result in screaming matches. Everyone believes they are right, but not everyone can listen to someone else's arguments.
That said, not everyone is capable of presenting a reasoned argument either.
His country needs capitalism to progress, because communism has amply demonstrated its dismal failure, but Xi hates money and the power that goes with it because he wants to be the only one with power.
So he enacts decisions destined to beat down any head that rises out of the ranks, which will keep his country's progress hobbled to a rate that he thinks he can manage.
I have an RTX 3080 and, although you might say that it is air-cooled, there is still a bunch of liquid in there to get the heat from the GPU to the fans.
I wonder how that will work for the datacenter. For the moment, the A100 doesn't seem to be liquid cooled, but it sure is outrageously expensive.
On a much tamer note, I know of a database consultant whe had a thing for the name Alice, and tried to shoehorn that name in somewhere every new job he had. That is why there are a number of servers in the world that are probably still named Alice to this day.
Okay, I'll be the first to admit that networking is not always easy, especially when you're a vendor with an uncountable number of variations to handle.
Still, I stand by the idea that having a Quality Control team to test and wean out the at least some of the problems would go a long way to make these out-of-band patches rarer than they are.
"an internet platform cannot facilitate free speech for one demographic of its users while applying extensive political censorship against another demographic of its users"
Well, it seems that Borkzilla (et al) must make a choice : either it is for free speech, or it is for raking in the dough in oppressive dictatorships.
It's going to be interesting to see how this goes.
"A little more than half of the illicit proceeds, $15,111,453.84, has since been transferred from Swiss bank accounts to the US government"
So Uncle Sam gets a windfall, but the companies who paid for the non-existent ad views get what ? The satisfaction that that particular crew isn't scamming them any more ?
"speed up bag tracking, enable preemptive rerouting based on weather conditions"
Isn't that stuff they're already doing now ? With computers ? What exactly is the improvement AA is expecting after having spect weeks, if not months, handing their current system over to the single-point-of-failure platform that is Azure ?
And when Azure is down, will that mean that pre-emptive routing will not work, or will AA keep the existing system as an emergency backup (yeah, as if that would happen) ?
A terabyte of data every minute is a rather tall order to transmit via WiFi, even with 5G. Also, 60TB of data is one heck of stack of hard disks to put in the trunk (or boot), and driving for one hour is not all that uncommon. What is the data retention policy ?
So how is the car linked to the Azure server, and what is being sent/received ?
Also, when the learning phase is over, what kit is going to be left in the cars ?
No kidding.
The one good thing about COVID is that it has amply demonstrated that going to the office is not a requirement to being productive.
Oh sure, for the insecure managers who like counting heads, yes, having all your minions on hand must be very satisfying indeed, but unfortunately, your minions have worked off-site for almost two years and productivity has not gone down.
You're going to have to live with that fact now.
You don't want that.
Think about it for a minute : why are you authorizing remote access to a 3rd party in the first place ? Most likely, it is because they have the special proficiency you are lacking in your own workforce. That means they'll be coming in with near-admin level privilege. You want to be able to track that, and you don't want to give admin access to someone who clearly will never need it.
Create a specific user for that specific access, and log the interactions. That way, if something fishy happens, you either have proof of origin, or proof that you need to look somewhere else.
You might be right, but you should avoid thinking that Linux is impervious to infection. Privilege escalation exists, even in Linux world, and malware is capable of taking over a Linux box.
As usual, proceeding with caution is always a good thing.
Once you start forbidding some form of online expression, you start a game of whack-a-mole with all the derivatives.
Well Xi Ping, I'm happy that you give plenty of work for your endless pool of administrative busybodies to continue making the lives of Chinese citizens worse.
Way to go.
By the way, you will not suppress dissatisfaction by governmental decree. It will grow and, some day, it will come to bite you in the ass. If you were intelligent, you would let the people vent and listen to what they are venting about. It would give you pointers on what you need to improve.
You cannot dictate how people feel, and there's more of them than there is of you.
The author here has devoted a lot of time and work to produce this piece. I applaud the effort. I also appreciate the fact that the author has opened my eyes to the fact that, yes, basically almost everybody is implementing the Windows UI.
From a technical point of view, the Windows UI is a Good ThingTM. I remember reading about how Gates & Co really racked their brains over menu management, the homoginization of function keys and ease of use. Once upon a time, if you had access to Help, it could be via a function key, a combination of CTRL-<something>, or whatever else. Now, you just press F1, job done. That is good - except that now help is online, so if your connection is down, you're up shit creek without a paddle, and that is bad. Oh well.
But, concerning the efforts of volunteer developers, I'm sorry but nobody is forcing them to invest themselves. It's their choice, and I'm sure that they are dead set on improving some aspect or another of the user experience. The real issue is that (probably) none of them, or at least not many of them, have a lot of experience in alternative UIs, they just dive in with their idea and go for it.
It's their choice, there's nothing you can do about that. Yes, after reading this article I agree it's largely a waste of time, but it's their time to waste.
Why do the security regulations not apply to the most critical part of the entire banking infrastructure ?
I don't get it. Central banks should be the most paranoid institutions in existence. If a central banks gets infiltrated, there's no limit to the mayhem that can follow. So why are they exempt ?
My, are you a generous soul.
He's got money, and that's all he's got.
He's got no class, he's got no refinement, he's barely cultured and he's got no reserve. He's a mouthpiece on steroids and he's got all the money for all the steroids he wants.
There is absolutely nothing interesting in him, if not for the fact that he is almost single-handedly bringing Humanity back into space.
That is his only redeeming feature, and I will give him that.