Microsoft's actions remind me of a past romance that really, really wants you to come back
At first it's just cute little emails and then it becomes stalking.
1115 publicly visible posts • joined 23 Oct 2013
""With respect to documentation, if the door plug removal was undocumented there would be no documentation to share. We will continue to cooperate fully and transparently with the NTSB's investigation.""
I'd forbid Boeing to sell any more planes into the commercial market until they come up with the documentation.
Military/black programs - we'll never know.
Just like trying to rein in "AI" it's impossible to stop the flow of data/information once it is in the wild.
Huge penalties might work if you can catch the perps. But many of these types live in countries that don't exactly care what other nations think.
We need to look towards a future where all known data points are public. Every person, every location, every bank account, every personal interaction, etc. If it isn't this, then it'll be massive state firewalls blocking data transfers.
What will our world look like then?
Wouldn't crims be able to see a lot of client interactions?
This seems like one of the "weakest links in the chain" attacks. When a crim could install malware on the remote desktop then they essentially have access to all of the customer's information.
I imagine there are a lot more of these types of in-the-middle applications that have too much access to too many credentials. When I've looked at integrating various cloud-based applications I'm encouraged to use things like zapier - but I need to give my credentials on both ends to that software for it to function.
Of course the leakage of very critical development data into the www is horrible. But those fine MBAs who have taken a CompSci course and think they understand enough about software and security and client relations - they get to tell the C-suite to jump onto the AI bandwagon.
I'm a frequent user (past 8 years) of several of Jetbrains' products. I don't really want any more clippy-style prompts jumping onto what I'm typing. I know how to make my own mistakes, thank you - and learn by correcting them.
I was planning to get them fed into a card-reader and then transferred to 800BPI tape for subsequent upload to a rotating IBM 360 drum and then finally downloaded to a PC-XT which accepted my 5 1/4 disks.
Guess those tax authorities won't get to see my 1970's returns after all.
(I've had to use all of those technologies and many more ancient and novel. Still the same game: ETL.)
It seems the US sentencing guidelines have become rather relaxed in recent times.
200,000 federal employees whose data was sent (probably for a price) to India. That's like 3 minutes behind bars per stolen ID. Each affected person will be spending months/years trying to clean up their lives.
"Indeed Redmond itself admitted: "If the same team were to deploy the legacy tenant today, mandatory Microsoft policy and workflows would ensure MFA and our active protections are enabled to comply with current policies and guidance, resulting in better protection against these sorts of attacks.""
I guess I don't understand how a MFA challenge/response test framework works that doesn't allow some automation of the MFA. I mean, if the bot is performing the test, the bot can answer the second/third/etc. request. CAPTCHA?
The ivory-tower assumption that "Computer Science" is not really part of IT is the basis for the whole problem.
I know Knuth's brilliant "Art of Computer Programming" series didn't worry about buffer overflows or re-using unreferenced memory or being able to read data outside of your assigned space. But because our current implementations use languages and models that don't worry about these things, we are spending a huge amount of time and effort to clean up sloppy-but-effective code.
The same arguments will be made against automated testing environments, rigorous documentation, pen testing, etc. It's sort of like asking an economics major to take charge of a real banking system. Real life is hard.
Not sure why you got 3 negative votes before my positive one.
Google services are different and in some ways better, some ways not as good.
For my current needs, if I need to drop into a Word/Excel world, LibreOffice works splendidly. No license, no clouds, and rarely (if ever) any targeted malware.
"Nuance matters: Much can turn on a shaking hand, a quivering voice, a change of inflection, a bead of sweat, a moment’s hesitation, a fleeting break in eye contact,"
This is from the chief honcho of the US Supreme Court? No wonder the SCOTUS is now a joke. (Pardons to the few remaining intelligent members!)
No court should be looking at body language and other physical presentations in deciding the cases before them. Imagine the failed president #45 of the US who mocked individuals with physical disabilities? Would those disabilities lose a case in front of the Supreme Court?
Roberts (and I'm sure others) don't understand that many new cases will be presented through virtual media. Unless great(?) progress is made, beads of sweat and eye contact length will not be obvious.
I can't remember the codename for the MS effort but I thought that it floundered because of, again, performance issues.
MUMPS is a forgotten multi-user language/platform that saw a lot of usage in the 70s-90s and is reported to still be used in a large percentage of US hospital systems.
While most groups involved with anything to to with "responsibility" at the x-shitter organization have been ground into soylent meal, perhaps some still whole humanoids are still roaming the lifeless corridors. I'll guess that the trons are out searching for them for further distribution.
Still waiting for that musk-zuch no-holds-barred spitting fest.
You'll get back the standard boilerplate, sometimes changed with actual agency/corporate names in the template.
"We take your security concerns very seriously. Our customers are our most important product and we will protect their secret information as if it is our own."
Foxes guarding hen houses.
Not trying to be too flippant, but nobody really wants to be in charge of these "hot potatoes".
There's no absolutely winning strategy that shows up in a staff members resume - actually this is all hush-hush.
Worked on a few DoD reports that were also deep-sixed after presentation. I think this is probably par for the course around the world.
This seems to be the real limiting factor.
I can see the pulses going along quite well as each bronto (using the familiar) bites the next ones tail. But do they need to reverse direction to make it full duplex? Can the force of the bite convey additional non-binary data? Inquisitive minds, and all that rot....
https://en.wikipedia.org/wiki/Total_Information_Awareness
It's still kicking and probably has many of the same corporations and players supporting it - and more importantly being supported by it.
"DHS envisions the system, initially projected to cost about $4.2 billion and to be completed by 2021." (Guess that has slipped by already.)
"Last year, a subsequent schedule adjustment and budget increase of $354 million left the project without a planned date of completion." (Nice work if you can get it!)
This seems to be the common refrain in the Ballad of the Microsoft Excuses.
And, of course, we'll never know that it has been corrected. Until the next refrain is sung on the same problem.
Perhaps a their culture could embrace a better response than saying "sorry". Suggesting https://en.wikipedia.org/wiki/Seppuku
Java must be at least 30 years old already. The J2EE libraries that I worked with 15 years ago were creaking with their baggage.
Not sure I'd really like to see the output product from COBOL-68 (last version I knew) to a modern language. DATA DIVISION: OBVIOUS-123 meet obfuscation_xyz.
It made a bit of sense to me - a bunch of analog devices to control flow and digital to supply the inputs and interpret the outputs. I think one of the primal examples was solving the traveling salesman problem almost instantaneously while the digital beast (IBM 7094) was still slogging along.
But the allure of working with just clean bits (on/off) was too much and the Pacer went out the door.
https://www.analogmuseum.org/english/collection/eai/pacer_700/
would guarantee that you'll never need to worry about heat or eleccy again! Under several thousand tons/tonnes of equipment you'll be insulated from any temperature fluctuations (well except the upcoming solar super-nova.)
Not to sound apocalyptic about this stuff or anything.
I know you brits had your fling with BoJo but I think he's winged his way into oblivion (other than various lordships, etc.)
The US colonies still have a solid remnant suffering from partial genetic brain damage and will vote for a trump or bojo or their dead heros like Strom Thurmond or Mitch McConnell (is he dead?)
The pustule-faced trump seems to be able to milk his low-lying partisans for every $5 they have. One would hope that they couldn't pay for necessities like toilet paper if they didn't have those $5. No worries - there's shrubberies outside.
Content is generated by a whole host of methods. Very little (if any) is original. Using an AI to craft a segment of a melody or even the vocals won't really be detectable especially once its gone through the normal blending and transformations. A fools errand just to make the "professional" societies look like they have an important part in the process.
Of course this applies to all forms of art - text, visual, music. And it's just going to get more intense.
(Speaking solely as a programmer who's artistic output is wonderfully exceeded now by the AI "helpers".)
Back in the old days, the memory bits were represented by single magnetic donuts - my recollection is about 3mm. These lil bits were weaved into a large plane with cross-wires. Apparently, flipping a single bit on and off fast enough (milliseconds?) would heat the poor thing up until it expired.
In the only slightly less old days, we were able to achieve the same thing (destruction of memory) by flipping a unit of memory (then called a "word") - probably using the wonderful XOR operation.
I guess there wasn't much use for something like Rowhammer back then.
My first job (1968) was with a university department that was funded by ARPA - "The Socialization and Rapid Acculturation of Native Cultures" - all loaded by punch cards into the mainframe. Definitely not networked.
A bit later, I worked in Northern Virginia had an IMP (Interface Message Processor) as part of a testbed in the mid 70s. It was loaded with paper-tape and had the normal plethora of toggle switches to enter codes into memory.
A bit later I ended up with Berkeley and watched the incredible tsunami of innovation and interconnections that these networks opened up. Still amazed at the technologies and dismayed at the commercialization.
A lifetime ruined and a crappy credit score as a reward.
First of all, the credit scoring agencies are just as suspect for leaking personal information as many of the merchants.
But the company that accepts personally identifiable information (or other variations) should be held accountable for all the damage that can occur if that is used for nefarious purposes.
While this particular article is about exfiltrating this information, there are lots of situations where the companies in question also mis-use the information and cause harm (sharing with "trusted" partners).
I suggest a surety bond for every customer be placed in a trusted place (not sure what that is anymore) and any negative actions and pain-and-suffering penalties be paid from that accumulated bond. Probably $100,000 per customer? Also the officers and directors of said companies be held personally responsible for payments that exceed the bond amount.
SSNs are not unique. They need to be re-used given the small range of possibilities.
9 digits, some of which are pre-allocated and possibly known by other means.
If there is a common hashing or encryption algorithm, easily deduced from the product of that algorithm.
Based on an earlier post today, it was revealed that Microsoft's practices also involve trying to open up encrypted zip files.
Perhaps this is only done when the nasty zip reaches the Azure folder and not done in semi-real time via the firewall, but the temptation to peek inside packets while in transmission must be strong.
Unless you (the consumer) has entered into some special non-sharing agreement. And unless your provider also has explicitly said that they will not share with *any* third party (including network and data services), your data will be examined. The robe will be removed, the probes will be inserted.
This is true for all the major vendors (Amazon, google, Microsoft/Azure, ...) Just today a story about how Microsoft actually opens password-protected zip files to look at the contents. That's getting pretty damn personal.
The USofA does have HIPAA (mostly written as if it's a large mammal: HIPPA) which protects (sort of) health information. Very poorly enforced and very hard to use.
Just to add the obligatory: As all of this data is munged together into these wonderful AI "models", your name, sex, last act, etc. may come bopping out - all without any way of attributing to any actual incoming data set.
Yee Haw - it's the wild west, again!
If it hasn't already begun while it was still in some TS trials.
I'm still wondering if they have solved the problem of BadUSB (https://en.wikipedia.org/wiki/BadUSB) where a device gets to tell the host what it is, leading to some unintended consequences. AFAIK, there are no software or controller-resident solutions for this.
SOP - Standard Operating Procedure
It is totally normal for the US to contract out much of its R&D and most of the production. The thrust of this breathless article seems to imply that there is DANGER in doing this.
Yes, the sensitive information needs to be protected but that is true whether for a government employee (military service or otherwise) or civilian contractor.
You know, something with an imaginary component.
While I applaud their move to providing cloud-based services (when they work, when they are fully functioning), I think they are also pushing away a whole segment of lowly developers that targeted the Windows environment, or at least included it in their cross-platform releases.
Slowly, slowly, over the last 15+ years, I've migrated to another platform (not Apple based), and have found the tools and environment to be at least as good and much more useful for multi-platform development. Maybe that's why MS has pushed WSL, but it seems strange to have a bloated whale under a slim-and-trim OS just to try to stay on the same hardware.
I'm thinking there's been a sea change at Microsoft.
For several decades most of MS's intellectual property has come by absorption from outside products and projects.
In the last few years there has been an apparent openness to sharing and be participatory rather than controlling.
I will welcome this while still harboring a sense that I'd better be checking the rear-view mirror fairly frequently.