If Insight have the three Hs as values, shouldn't El Reg have three Qs? Like, I dunno, let's say Quixotic, Questing and Quantum? Yeah, the last one's a cheat, but this is a management bollocks game so terms like "quantum" are triple-scorers...
776 posts • joined 24 Jul 2009
On nano server's 64-bit-onliness
Microsoft haven't released a 32bit version of Windows Server 2008 R2. So being 64-bit only isn't limited to Nano Server instances.
No, I don't know why it bothered me enough to post about it either, but there you go...
Flaws I see in the argument:
a) the assumption that all advertising is interchangeable in terms of what it's selling,
b) the assumption that users who use adblockers are uninfluenced by advertising,
c) the (incidental or deliberate) failure to consider the clickbait effect.
On the first point - nay. I don't mind, say, relevant product ads on a site like El Reg. I'm clearly interested in tech, I don't object to informative ads that tell me about products in which I may or may not have an interest. Even if I don't want to buy them right now, I can see value in knowing the state of the market. That's not true of NSFW ads, nor is it true of ads sufficiently unrelated to the topic of the site on which they appear. (And don't give me the old "contextual advertising" canard, the state of the market for that still appears to be "Hey, you bought one of these things once, do you want to buy 500 similar items now?", and if Amazon can't get that right I figure no bugger's going to any time soon).
On the second point - I'd love to think I'm uninfluenced by advertising, but as far as I know there's a great deal of research (not to mention advertising spending) that says otherwise. I can buy the "I don't want to waste bandwidth on ads" argument, but "I'm not affected by them so why bother?" is wishful thinking. Now, "I don't want to be affected by them" is another matter entirely, which takes us to the third point:
On the third point - clickbait or obtrusive ads. Whether it's flash ads with autoplaying audio (die in a fire, whoever popularised that idea), expanding overlay ads (ditto) or the myriad ads using barely-clothed women to try and flog anything other than actual products featuring barely-clothed women. Most of the time these can't be considered "informative" - they're a ballache and a pimple on the flesh of the internet. And in no small part the reason people want to be able to block advertising. It's understandable, since a lot of blogs rely on the same clickbait effect, but it's still a bad thing.
Basically, if blogs and advertising networks want to understand why people so often dislike ads, all they've got to do is look at their own willingness to flog utter crap at their audience. That disdain goes both ways.
@Andy, I'm guessing you're unfamiliar with Kickstarter then
If it hasn't completed its funding campaign, then nobody's actually been charged. Kickstart doesn't take the money but requires people backing a project to preauthorise an Amazon Payments account for the amount they're pledging. If the campaign is successful a payment request is then submitted against that account. Up until the campaign deadline is finished, you can withdraw your pledge. Meaning, nobody who'd backed the project has actually had any money taken from them so far.
For what it's worth, Indiegogo functions in a similar fashion - with the key difference last time I checked being that Indiegogo will still hand over the cash even if the campaign doesn't reach its target. The campaign still needs to finish before payments are made, though.
Air pollution "mainly a result of efforts to cut carbon emissions"?
Per title - whaaaaaaaaaaaaaaaaaaaaaaaaaaat?
Are you actually trying to piggy-back on the current story about diesel's impact on air quality and ignore the fact that for the best part of a century beforehand we'd been dumping all manner of noxious shite into the atmosphere? Even though said dumping was why efforts were being made to cut back CO2 emissions to begin with?
I suppose I shouldn't be surprised, but even Jeremy Clarkson would struggle to make that claim with a straight face...
@ Prst. V.Jeltz
For stuff found on random websites, I guess.
Although in a former role I spent some time defining workflows for packaging software installers into SFX files. This was required because some packages we had to deploy required scripted pre- and post-install cleanup tasks (think along the lines of how Java or Skype used to either not remove old versions or wig out on you if you had certain previous releases installed, requiring you to manually uninstall them before proceeding), and the software distribution system in question could accept compressed files - but only on the proviso that, when extracted, the installation command were something like "setup.exe"; it had no method for coping with scripts of any kind that I could find.
7zip is a thing of beauty as far as I'm concerned. I know Windows 10 and PowerShell 5 have finally introduced CLI support for archive-manipulation tasks but I've been very happy knowing that I can compress or extract files as part of a script using 7zip.
An alternative option that you may want to consider
Netflix is fine, but it's stupid to view it as a complete replacement for all your media. It's a complementary service to a personal library - it's great for things you might not have heard of, or are happy to watch but don't necessarily want to watch on DVD. Thanks to the nature of the marketplace, it will always be second-fiddle for things that you really want to watch right now and will want to watch over and over, because the rightsholders for those things would rather try and shaft people as hard and as often as possible. (And then wonder why their customers aren't all that happy with how they do business...)
Me, I happily pay for Netflix, alongside running a home server for media files to which I rip all my DVDs and Blu-Rays. Is it a ballache? Yeah, kinda. Does it involve storing discs as well as the server? Yep. But the upside is - a server I run for myself never gives me a "no licence, PFO" error. Nor does it fall over on a recurring basis. Nor does it expire licences on me, or require me to run a bunch of accounts on external services for no good reason. Nor does it require me to install additional crapware just to decrypt the pointless DRM that encumbers the film.
Re: Mumsnet is a refuge and a support network
@mark 65 - I think it equally likely that a man or group of men with an axe to grudge against mumsnet could, despite being incompetent with computers, find someone with the relevant skills to do the site attack on his/their behalf...
At a guess, because someone well-meaning thought it might be useful for finding other members in your area - but didn't then think about how this information could be exploited by someone malicious...
Re: It's OK
@Tim - the EU requirement on tolling is fairly recent AFAIK , as in, only within the last 15 years or so and initially only applied to HGVs and capped to infrastructure costs for the road in question. As I understand it it's changed in the last few years to now apply to vehicles over with a fully-loaded capacity of 3.5 tonnes or higher , but allows member states the option of implementing other tolls.
Subtle differences, but important ones. Not least because given that the EU has funded the development of road infrastructure in the likes of Ireland in the late 20th century, if what you write were 100% accurage then travelling on most Irish roads would involve paying tolls...
On Vista and later releases you either need to get down and dirty with PowerShell or use something like WinDirStat to properly get visibility of what's using up your disk space.
I find it hilarious that someone's trying to not blame an equipment vendor for offering a hardware configuration with insufficient space for the OS they supply, though. The whole point of OEM gear is that they're supposed to take the pain out of assembling a working rig away from the end user; if they can't do that competently, they're screwing up and deserve criticism for doing so.
At least they allow you some external storage if you don't want to pony up for the larger mSATA SSD but it's still a bit of a fail to bother offering any Windows-based system with less than 64GB of internal storage.
Re: A loophole
I was thinking the same thing. The inherent assumption that only mums will actually take advantage of this and thus become an unavailable resource to the company is interesting (and, for my limited set of experience, inaccurate).
Security is about identifying and minimising all possible risk vectors. The number of people with the technical skills required to read through, meaningfully understand and usefully audit all the components of an open source package are always somewhat limited - and if you're being cautious, you need to apply this to all packages in your OS, and your compiler. Doesn't matter if making a compiler vuln is hard - the point is, minimise that risk.
Even if you don't find Ken Thompson's proof-of-concept somewhat chilling in that context, Shellshock and Heartbleed were elegant real-world demonstrations of the repercussions of over-relying on the "many eyes make bugfinding trivial" assumption. So no. The question is not "Can we see the code?" but rather "How many people with the technical knowledge required to understand it and who would happily publicise issues with the code have seen it?".
And unfortunately, the majority of us who can't roll our own OS unaided from the ground up have to accept that there are components we rely on but don't understand, and acknowledge that they're potential attack vectors. Pretending that a compiled binary is clean just because it's OSS and you've checked the hash is, at best, deluding yourself into thinking you're secure.
Re: Potential topic for Worstal...
Yes - see here. Basically in the 1920s the level of service was bloody awful, and the decision was taken to limit the number of cabs that could operate legally and require standards of service of those who were licensed to operate. This scarcity meant that operators with higher costs (carrying out proper maintenance on cars, properly trained drivers, clean cabs etc) could afford to maintain their standard service and still make a profit, and had the desired result of turning the cab service into something useful.
The problem is that medallion holders are able to lease out their medallions at ludicrous rates, essentially re-establishing the old problem of promoting undesirable behaviour from taxi drivers because nobody can afford to run a service with higher standards.
Edit: beaten to the punch by Irony Deficient
If anyone can run a taxi for a nominal fee, then there's no upper limit on the number of taxis at any given time. This means the costs of meaningful enforcement become untenable, and so what enforcement you get won't manage to either capture enough of the offenders nor serve as a deterrent to new taxi operators, so as a result there's no reasonable expectation at the user end that getting into a licensed taxi is any safer than getting into any other random car.
By defining an upper limit on the number of taxis that can be licensed, you can define a budget for enforcement that has a reasonable chance of success and devise a method for funding this budget. But what we don't yet have is a way of avoiding people selling/renting on their license/medallion at a profit, which is where a lot of the problems have emerged.
@I Ain't Spartacus
To be honest, though, I do think that prosecuting Uber is the right thing to do - the state prosecutor clearly feels that they're breaching applicable laws and ignoring instructions to comply with them, and I'm not convinced the approach taken elsewhere will actually result in what citizens want (which is a regulated taxi system whose regulation isn't being exploited for private financial gain, with reasonable fares and a dependable level of service).
Of course, given the built-in resistance from existing interested parties, it may be that feeble/non-existent efforts at enforcement is the pragmatic way of supporting Uber (or at least using them as leverage to implement reform) by politicians wary of wading in directly for fear of getting splashed with the brown stuff...
The initial implementation of medallions was intended at least partially to raise the standard of service provided by drivers. (See this WP story, for example). So Jason's right in that regard.
It's almost certainly not how it's working in practice now, but that doesn't mean the idea is unsound, just that its current implementation is unsound. And I'm not convinced that opting for the libertarian "Anyone can be a driver, and never mind checking things like whether they're insured, the market will correct" type approach is necessarily better either in theory or as currently implemented.
And, of course, it's always possible that both Uber and existing taxi regulators are being collosal bellends in their approach...
The interesting question for me is what, if anything, Uber (in the generalised "smartphone booking system for resource provided by others" sense) really does differently at a business level that means it should be exempt from existing taxi regulation. Because to me it looks like their argument is "but you do it on a computer" - and if it's generally accepted that this argument shouldn't be enough to get you a patent for an idea, then it shouldn't be enough to exempt you from existing regulatory and legislative requirements either.
It's going to be interesting to see how the case against Uber-the-company in France plays out.
In Ireland you can move mobile provider and get your number ported across in about 30 minutes, with no hassle and minimum bellendery. Because operators were basically made to do so. None of this "Oh, you need to give us 30 days notice to end your contract and only at the end can you ask for a PAC, at which point we'll ignore the request for two weeks" nonsense that's the norm in the UK.
So I say, as a citizen of that fine Republic - if a country as small and generally legislatively useless as Ireland can manage it, there's no reason other than tactically-pocketed brown envelopes that the same couldn't be achieved in the UK.
Re: When I started in IT in the late 80s
@OzBob: as far as "office politics for techies" goes, the Bob-Howard-centric Laundry Files books by Charlie Stross are pretty good (and have entertaining diversions into Lovecraftian weirdness for when you lose the will to live after hearing yet another rant about matrix management....)
Re: RE: Infosec isn't about "cool"
I take your point, but I still think it's a management failure as root cause.
Good training on the trainer's side is down to whatever's shown to work well. If your infosec team can't deliver good training, perhaps that's because the skills required to deliver training are significantly different to those required for their core roles. But that's only half of the issue, because if the trainees don't have any interest or willingness to engage, you're never going to get anywhere.
Teaching people about something that's fun and interesting is easy; it's very rare that Standards Compliance, Good Practice and Information Security can be described as "fun" and "interesting" unless you're of a particular mindset that, more often than not, will have you on the delivery end of the training rather than the recipient end.
I've worked in organisations that have dedicated Business Liaison teams - they're effectively at the same sort of level as service managers, but their role is to be the translation layer between the technical teams and the managers representing each user group. It's unideal, but it's better than expecting to be able to hire one person who can deliver excellent training to a diverse range of personality types and write great documentation and carry out risk analysis from a business perspective in a form that's easily understood by business management and also be worth a damn at the actual infosec role that they're nominally being hired to perform.
A lot of training is boring. Every job I've started, I've been sent on numerous mind-numbing HR-mandated courses, many of which have appeared pointless to me. The thing is, while I'll try and provide feedback on how to make them better, I don't go "well, fuck 'em, the course was boring so I'm just going to pick brown daisies and ignore what they say to do, and if that turns out to expose the company to legal liability I'll just blame the training". I grit my teeth if need be and just get through it because that's part of professional conduct. I don't like the culture that many organisations have where this idea applies everywhere except IT. Not least because most practices relating to IT and infosec aren't actually complex on a technical basis, so they can be made to apply just as easily in non-computerised areas (I've had some success explaining certain concepts to my users by taking precisely this approach - analogies to the likes of trashing can be quite helpful at times).
This is just the same old "IT-Business Alignment" bollockery, with the exact same assumption that management, HR, and basically everyone except IT are by default "aligned with the business". Which is just daft.
Yes, it is almost certainly the case that IT and infosec teams have different views on why security matters than do management. But if management don't understand that eg failing to invest in preventative infosec measures will cost them money, that's a management failure, not an IT failure. I'm always happy to learn new skills and find ways to understand the requirements and perspective of my userbase, but I'm sick to the back teeth of being told by "analysts" that it's entirely right that IT should have to put all the effort into these issues.
Also, that list is a bit daft (at least 5 items on it are outright nonsense, and that's just off the top of my head). Infosec isn't about "cool", it's about good working practice and getting people to understand how they can make sure that they work in a way that minimises both the organisation and their own personal exposure to a variety of risks. Anyone who thinks that getting people to engage with training requires it to be "cool" has clearly given up on any notion of working with even remotely intelligent, professional humans, at which point why bother at all?
I'm betting that in any organisation where that list doesn't just provoke laughter, the real root problem with infosec (and any other IT-related issue) is a culture where IT are viewed as a money-draining black hole of bureaucrats who "just don't get the business" or such.
The only way this would be useful would be if you could find an unpatched machine and exploit the EFI vulnerability that was exposed a while ago. For everything else, they already have remote imaging capacity built into the OS, and the bigger stores at least have some other interesting tools running on servers on the local network - at minimum there's some sort of Enhanced Hardware Diagnostic tool on there - I tried to find out more, but unfortunately despite my asking nicely last time I had to take a work machine in to be fixed, the Genius in question refused to tell me anything about them.
(It'd be interesting to know more either from someone who is working/has worked at an Apple Store, or from someone cleverer/ballsier than I who can get their own sniffer onto the LAN in question...)
@MrWibble - kind of depends, as with the likes of /. you get some highly entertaining/informative discussions in some places and some utterly vile stuff elsewhere. (Something that rarely gets mentioned in the context of advertisers is that they also have a sizeable NSFW section, which may not be on the radar now but will probably get noticed as more people start nosing around just to see what the fuss is about).
The problem is, an increasing userbase is great as long as it can be translated reliably into increased cashflow for the company. If ad-serving is the desired approach there, it'll be tricky to attract advertisers and also retain the community with its sizeable (or at least noisy) contingent of posters for whom the ability to post offensive/controversial content is a non-optional part of the site's appeal.
On the one hand you've got specifically American attitudes - ie that constitutionally-protected freedom of speech applies even to privately-owned websites to which individuals have access, ie "freedom of speech" means "I can go on some website and say what I like, ideally without any consequences" - and on the other hand you've got the corporate/business desires - usually to make money (in the case of websites, by selling advertising, because charging for access isn't going to work) and minimise costs.
Those two things can't easily co-exist; at best you build a good community initially and volunteer mods help keep things more or less ticking over (while costing nothing and providing a reasonable answer to the whole "legal liability if we don't respond to complaints/illegal content pretty quickly"). The problem is, being a mod can limit how much you get to participate in the community and can lead to burnout - so unless your management/leadership are very astute in their understanding of the community, conflicts can happen easily between the punters and management.
Personally, I think that the lack of willingness to enforce higher standards of discussion is what makes a lot of discussion sites unpleasant from the outside. But that would limit the potential appeal to the "asshole tireless rebutter" contingent of the potential audience, so it usually won't fly on sites that need high hit-counts to drive advertising rates...
Re: THE SKY IS FALLING!
So then don't move to Win10 until you've got more information with which to decide whether you trust the manner in which new features will be rolled out.
Just because it becomes available doesn't make it mandatory.
Re: THE SKY IS FALLING!
@riparian: I think the bigger issue with Google Play is that when an app update is released it's no longer possible to roll back to the old version using the store. Those on rooted devices can get around this by manually backing up the apk file, but it's still a pain in the arse and it'd be good to have a better way of handling it - say a "test update" option that backs up the existing version & config to a separate location, installs the new one and lets you test it, but keeps the existing version until you fully accept the update.
Windows 8 in particular has substantially improved the ability to recover from failed updates (though I haven't yet deliberately borked an update on my Win10 test box to see how it copes) so I'd expect it to be OK.
Re: Here we go
I'm guessing here, but if I were in the hypothetical shoes you describe, I'd start by asking the local sysadmin why updates are auto-enabled when the organisation clearly requires* rigorous testing before widespread deployment, and address the problem at its actual source instead of incorrectly blaming an OS for doing what it's been told to do. (Addressing the problem would involve: requiring every machine in the organisation to run a professional edition of the OS, correctly configured as required, with a server running WSUS or whatever alternative patch control system you fancy used to control access to updates in co-ordination with an internally-agreed UAT procedure).
*: Subject to this actually being the case and being a position supported and enforced by management, of course.
Re: THE SKY IS FALLING!
If you use a home-user OS aimed at non-technical users, don't be surprised that it assumes you're non-technical and badgers the living hell out of you to update. (Mad Mike, are you going to claim that letting ill-informed users who have no idea of what an update is run their Typhoid Mary boxes with unfettered internet access is a good idea? Or are you at least sane enough to accept that anything which makes it less likely a given machine will get co-opted into a botnet is a good idea? Can't have it both ways no matter how hard you try)
If you use the pro version, spend a couple of minutes learning what you're about (instead of flapping your digital yap in an effort to demonstrate your ignorance) and configure the group policy that controls your windows update settings and lets you do things like prevent an auto-reboot with a logged-on user, or set the interval between reboot prompts to whatever you like. (You can also spend a bit of time learning about what registry keys are set when you do this, which would let you assign the same settings on home versions which don't officially support this configuration, knowledge that may be useful when Windows 10 is officially available...)
If you don't like the announced changes in a not-yet-released OS that nobody's actually forcing you at gunpoint to use, spend a few seconds considering that maybe it's not the OS for you and move on with your life.
No, wait, I'm being silly. This is a publicly-accessible internet forum therefore uninformed bollocks spouted at nauseum is the order of the day.
Re: THE SKY IS FALLING!
Agreed, after the last couple of days I think I'll be auto-ignoring any further Windows 10 articles around here. Between the amount of weapons-grade numpties in the comments and the hysterical tone in the articles, it's getting to be a bit much...
Re: Wrong horses
@Cowherd - agree 100%.
There's a quote around somewhere from Iwata about how everyone feels intrinsically comfortable about picking up a TV remote but non-gamers can feel intimidated by the idea of picking up a games console. The simplicity of the controller coupled with a well-designed UI and straightforward yet fun games was its appeal - the price then meant that people who would otherwise end up hemming and hawing their way to deciding against buying it could pick one up.
Put it this way, the Wii represents the only time I've ever seen my parents express interest in a videogame console beyond "What's this thing he wants for Christmas then?".
The Wii U has some interesting ideas - in a party scenario the asymmetric gameplay can be a lot of fun. But it's not a compelling single-player device, especially in the absence of a steady stable of games, and it sort of feels like someone tried to bolt on the DS design onto a home console for some reason. At this point it's doing a Gamecube, I think - it may well get good games, but it's relegated to be an also-ran of the current generation.
Re: "Love it or hate it, the app store is here to stay"
Thus far there are no requirements to use the Store or Store-based apps. Nor are there requirements to use a Microsoft-enabled account for the OS itself.
Nor, to the best of my knowledge, are they stopping you from installing x86/x64 type executables of the kind that have always been used on Windows.
So while I totally share your terror of some sort of mutant Windows version which imposes iOS-like limitations on the end-user (without any iOS-like benefits), I do not share your conviction that Windows 10 is anywhere close to being that mutant Windows version.
Jesus fuck, the articles about Windows 10 seem to draw out complete numpties at times.
Anything that has run Windows 7 or later passably well, will in all probability run Windows 10 just as well or better. (My home test box is an HP Elitebook old enough to have a Vista COA on it, and 10 preview runs better on it by a good bit than the original Vista install - and that's after a I spent a bit of time applying the usual tuning to cut down the Vista bloat like disabling Aero, turning off search indexing, etc).
About the main issue you'll hit is the same issue every version since Vista has had - increased amount of disk indexing means that old and/or slow drives are a more noticeable contributing factor to slow performance. But again, it's unlikely to be worse on 10 than 7,8 or 8.1. And in any case, upgrading to an SSD will cost the bones of £100 if you decide to do it.
If you're a business that buys desktop computers on a "buy then run it 'til it dies basis" and don't have the ability to correctly guess what sort of initial spec will be required for a 5+year lifespan, you're doing your spec definitions wrong. And if you're not, well, you can install Win10 when you like without any anticipation of basic "won't boot"-type hurdles.
You're completely missing the point that the new pup turns into an old dog over time, you know how it will get treated, eventually.
Well, yes. Eventually it'll go out of support and reach the stage called "end of life".
This is hardly a surprise though, given that they tell you the supported lifespan for the OS. I mean, they even divide it into "Mainstream" and "Extended" support. And in the case of XP they even provided more support than initially anticipated on the Extended support front by several years because of the size of the userbase.
What you're saying is about as stupid as if I were to try and claim that Red Hat should provide me with ongoing free fix backporting for an ancient Fedora Core 6 install because "I've got it set up just how I want it" and "it's still perfectly usable", despite the fact that they never agreed to support it beyond the end of 2007 and the existence of over a dozen subsequent releases.
In short, just because you want it doesn't mean anyone has to give it to you. It is neither new nor particularly unreasonable for vendors to have EOL dates for operating systems, nor for them to suggest that users currently on an EOL platform to migrate to a new, supported platform.
Re: Microsoft Marketing , useless beyond belief.
Nice try on the FUD. Sadly, you're talking bollocks on the technical aspects of 10 (Cortana only works if you're logged in with a Microsoft account, you can disable it if you don't want to use it with your MS account, and you don't have to have an MS account to use Windows 10 in any case. Ditto Office365 vs LibreOffice, OpenOffice and probably plenty of others....),
As for your claim that it's "perfectly reasonable" to use an OS that is at this point 4 versions back from the imminently-current release (not to mention almost 14 bloody years old and designed around a completely different hardware and usage paradigm to that which is standard today) - it's either in relation to a use case so niche it cannot possibly be considered relevant to most users, or just founded on utter ignorance about everything that's changed in the Windows ecosystem since then.
It's one thing to not run eg Fedora because you don't want to upgrade every 6-12 months, but complaining that an OS upgrade once every 10 years is too frequent is the sort of thing that deserves little except derision.
In the phrasing of your own analogy it's more like - concerned relatives stage an intervention to try and get you to accept that you need to let go of the mouldering corpse of your dog (which has been dead over a year), with an offer of a new, similar but non-identical, puppy to help you with the transition. Meanwhile, you sit there cradling the mouldering corpse and insisting that everything's fine and he's going to live for several more years. Eventually, a couple of burly chaps are called in to fit you with a new overcoat and some fancy sleeves...
Re: My PC works, and I have better things to spend money on
If you want to do HL you'd be better off (IMO, of course) playing Black Mesa than the original. I got some way into the mod version and was very impressed by it, then lost interest at some of the platformy bits, but the whole thing is being redone as a standalone game to be released soonish. Also, a sidenote to the conversation - if you haven't already done so, install and play Minerva, it is a sufficiently good HL2 mod that its developer was hired by Valve as a result.
You could always install what games you need then enable Offline Mode for your gaming partition Steam install, if you wanted to. Depends how often you buy additional old games, I guess.
Re: My PC works, and I have better things to spend money on
To be fair, if being able to run a game released in 1998 is a core requirement for your system you are at this point pretty far from the mean and median for any reasonable set of "core requirement" values.
I also wouldn't characterise 7 as near-EOL - if you've gone for the Pro version you've still got another 4 years left.
If I were in your case, I'd be keeping one partition for general use and another for gaming, with the latter unable to go online. Yes, it's a minor PITA, but then the kind of games you're talking about won't be looking for patches or other signs of connectivity anyway, so wouldn't be too big an issue for me...
Re: you've got to love it
Secunia PSI version 3 has been woeful IME. I went back to v2 a while ago (the last straw for me was their removal of the option to re-scan a single non-Windows executable to confirm that you've updated it, because I CBA running a full scan just to make sure I nuked that old Java version or whatever), which still doesn't autopatch everything - but that's because certain software vendors got shirty about Secunia redistributing their installers without the opt-out crapware option. (I wish I was making this up). The other thing to keep an eye out for is that Secunia's database will flag that new versions are available faster than their repository will get updated, so telling it to update eg your LibreOffice install can sometimes see you repeatedly "upgrade" to the same version you've already got.
Re: What can the numbers tell us?
Given the long and well recorded history of patches for Windows (of all or a particular version), can statistical analysis (and other maths) tell us roughly how many vulnerabilities there are that still need patching? I have a feeling that it would be a scary number."
Unfortunately, I'd err on the side of "no", because there are too many variables to allow for a useful comparison:
* lack of knowledge about security/testing standards and whether these are/have been enforced to a standard degree
* significant difference in scope across different versions (number of architectures supported natively by the OS, the degree to which security is a focus, the degree to which network connectivity is ingrained in the OS, the development lifetime, etc)
* significantly, a lack of proof that the distribution of vulnerabilities is uniform throughout the code
* lack of knowledge as to whether the introduction of patches introduces other vulnerabilities
* changes in the approach to service packs skewing the numbers (NT4 got 6 SPs, Win2K got 4, XP got 3, Vista got 2, 7 got 1, 8 and 8.1 didn't get any, and 10 looks set to change the whole approach anyway).
You could maybe get some sort of average values for:
* how many vulnerabilities (possibly even grouped by broad categories) have affected previous releases by an equivalent amount of time since RTM
* how many vulnerabilities have been found in total over its supported lifespan
and use these to make very crude estimates about the relative security of the current release. But there's no mathematically-sound basis for giving those estimates any more weight than a number someone makes up...
The problem with that wording is the thing they slyly skip:
"There's no such thing as an obsolete game when you can revive it on any platform at any time." is that it doesn't account for license transfer. Which is what they want - "oh, we brought it back for you - just buy it again". Err. No, I paid once already, get lost.
HD remakes at least theoretically get some work put into them, but a port to a new platform is of buggerall use to me if what I want is to play it on the original platform (unless they want to offer some sort of free licence program, which is exactly what they want to avoid...)
Re: ironic who the victim is
I remember getting quite annoyed with Nintendo's attitude to old games when they'd pull silly tricks like release a Zelda Retrospective disc to promote the release of Windwaker - and include the NES games, the N64 games and a trailer for Wind Waker on it, but not A Link To The Past (the one that I at least consider far and away the best, not least because I played it first) because that instead got a full-price release on the Gameboy Advance. (Of course, the GBA also saw such unfettered greed as a Classic NES series of ports released at silly prices, because nobody in their right mind would think that ExciteBike - fun though it was - would be worth paying the bones of £20...)
They've gotten a bit better about this since then with the Virtual Console on the Wii (in that at least there was a legitimate way to access older games, particularly for those less interested/able to go through the faff that can be involved in getting emulators to work), but I still find it irritating that games companies in general think that, having bought one or more copies of a game on previous platforms, the end user should have absolutely no right to do anything enabling them to play that game on other hardware once the original platform is obsolete and unsupported by its vendor.
Re: MCP - not so interesting now
The focus on PowerShell is down to the fact that in a lot of areas (most, I reckon) the advanced configuration is no longer accessible through the GUI. And, to be fair to it, PowerShell is pretty useful once you've gotten to grips with it.
The Windows Server exams still require you to have a pretty good understanding of various concepts before letting you past - the fact that you're using Powershell to do it doesn't negate the fact that you need to understand how the technology works. There's some tedium involved in the nomenclature, admittedly, but if nothing else it's a way of proving you do in fact know what you're doing and don't have any enormous gaps in your knowledge. (At least, when priced at £99 per exam with a free resit if necessary. If they moved towards Oracle-like pricing they'd be told to GTFO...)
While I understand what you're trying to get at by pointing out the lack of democratic "accountability" (har har har) implicit in positions in the House of Lords, it's also important to remember that members of the House Of Commons have a certain tendency of pushing measures that weren't on their manifesto and which are manifestly against what the electorate actually wants (see Theresa May and the damn Snooper's Charter for example). So it's not quite as simple as saying "Oh those damn toffs in the House Of Lords, interfering with democracy again", because on numerous occasions the HoL has been the only effective barrier to barmy ideas that an interested party has managed to push past the HoC...
As for the argument that cost models should reflect usage/consumption ...well, that's effectively the old "Democracy gets you beer and pizza for dinner every night" argument, or "The public interest doesn't necessarily equate to what the public is interested in" to put it another way. I don't see any other funding model allowing the BBC to remain valuable and useful (IMO) in its current form.
Hell, just look at streaming services in the UK. If the Beeb hadn't been able to roll out iPlayer despite whingeing from ISPs keen to get paid yet again for services that they already get paid for, I doubt we'd have seen any other broadcasters bother with streaming catchup services or Netflix & Amazon rolling out the on-demand offerings.
Having said that, the changes to cover iPlayer access etc are going to be very interesting - presumably this means they'll move away from the ridiculous "only if it's plugged into the mains" clause they used to have (otherwise employers and anyone else providing public wifi access can look forward to an even more fun time trying to deal with it).
Re: Send this e-mail and keep a copy.
The problem is, it's not "point-missing nit-pickery", it's ammunition for someone with an agenda to push that allows them to dismiss those who (quite possibly for entirely valid reasons) oppose that agenda.
Yes, it's daft, but OTOH that's humans. I've worked in environments where the opinion of the only person qualified to make a decision on the technical impact of a configuration change to IT systems was ignored by management because management were all senior academics and the person from IT didn't have a PhD - and while they would never outright say it, they made it clear that they simply did not take seriously the opinions of anyone without at least a Masters to their name...
Re: IT Sales Problem
The problem with that is that, in the places that have a significant problem with IT of the "underfunded and under-resourced" variety, that kind of User Requirement Identification will end up being a timesink that's just as hard to justify as the rest of IT's operations. Try and do it in a hurry and you'll get useless feedback (because frequently the users aren't in a position to give you technical details about what they need - which is fair enough, part of our job is to identify those requirements and provide ways to meet them), but when you then spend significant time on it, you fall into the same trap of being told to stop wasting your time on anything that's not part of core operations.
At best you get someone at a Service Delivery Manager type level who handles this part of things for you, but the problems are usually more pronounced in organisations who don't see a need for SDM type roles...
One phrase whose absence surprised me in the article...
is "IT Business Alignment". Which, by itself, encapsulates the issues that can occur when management doesn't understand IT and its important to the organisation.
Yes, IT should attempt to align its procedures and operations around the organisation's goals. What management often seem to miss in this regard is that the reverse is also true, at least for any organisation where any kind of data storage and processing is part of their workflow - which means most of them, to some extent or another. Data security and integrity are areas where, based on understanding relevant legal principles, it is the responsibility of the business to align itself with IT (or, more specifically, how IT implements controls for things like Data Protection Act compliance).
Picking the higher education sector as it's one where I have a fair amount of experience - getting management to understand the extent to which trying to stop researchers from storing research data in their Dropbox account can be really challenging, because a lot of the time they view IT as "those chaps who are sort of computer janitors". Despite the fact that, depending on the nature of the research data, such actoins can actually end up with the department/university on the nasty end of a sizeable lawsuit - especially when dealing with people who don't understand why they should need to encrypt the confidential medical data with which they work because "I set a password on my Dropbox account, so it's protected, right?"
You can get some goodwill if you demonstrate flexibility where possible in aligning other policies and services around people's requirements; but ultimately management buy-in and support are vital, and unfortunately if your organisation doesn't have a (good) CTO and/or an ex-IT pro in a senior management level, you end up dealing with a lot of silliness. And nobody wins in the environment where budget requests have to be needlessly inflated only to be slashed back down to what was needed in the first place - that's wasted time on everyone's part that could've been better spent on doing something to further the organisation's actual goals...
Re: @Captain Underpants
It's not the Universal App by itself that makes it (potentially) useful, it's the Universal App combined with a Microsoft account and storage space. Personally, I'm not massively keen on it - but being able to have stuff like a single Netflix app, calendar/diary, office suite, fitness app, or whatever the hell else you want to use that can work across a multitude of devices seamlessly with access to the same cloud-sync'd data, can be useful. You've only got to look at how Apple have made this work with the iDevice range (and, to a lesser extent, Google with Android) to see that there are a lot of people who will use this sort of thing and find value in it if it works.
I have no idea whether Microsoft will be successful, but over the last ten years of people having multiple devices that are used for accessing online services, it's become clear to me at least that keeping all the devices in sync is a ballache if there hasn't been careful thought given to it. A range of OSs that can share applications and handle the UI elements locally combined with shared storage accessible from all devices/OSs on which the user account has access coud, if implemented well, be a very good solution to that problem (if you're willing to buy into the model).
Re: Widows everywhen?
To be honest I never understood what the hell Microsoft where doing with the Surface RT. Yes, I get it, cheaper than a Surface, but too bloody limited to be of use. IMO it should have either been using Windows Phone (with a goal of that being their touch device OS) or just skipped entirely. A Windows tablet, except you can't run any of your x86 software on it just doesn't make any sense, at least if you accept that the Windows Store is nowhere near as well populated with useful packages as the Google or iOS marketplaces are.
Surface as an Atom device (ie the non-Pro Surface as a spiritual successor to netbooks) makes much more sense to me, not least because I've been using effectively the same thing in the form of a Dell Venue 8 Pro for the last year and found it surprisingly useful.
For my money, Ballmer's steerage of MS (at least in the last few years) consisted of panicking when he saw rivals bringing products to market, then trying desperately to rush out shoddy versions of them in order to compete. Hell, windows on phones should've been in a much better state than it currently is - they had Windows CE working for enterprise devices a decade ago. (Though I suppose I should credit him with the fact that the Xbox business was developed during his tenure).
As for Universal Apps - it's a bit disingenuous to say there's "nowhere to run them except x86 platforms" when they aren't out yet. I imagine that from an end user perspective being able to run the same app on an XBox One as on your Dell Win10 tablet as on your self-build Win10 workstation could turn out to be pretty useful. And the Pi 2 is a useful demo of an IoT type device that could make the idea more useful still, even before Windows 10 Mobile arrives.
So the possible/maybe disappearance/reduction in focus of one part of the ecosystem on which Windows runs means "Windows everywhere is dead"? Despite not knowing what plans are for the next 12 months in that context, or whether anyone else will be releasing devices (probably business-oriented) with Windows Phone? And despite the unified platform paradigm still makes sense given that Microsoft have various platforms which are currently doing quite well?
There's extrapolating from limited facts, and then there's outright pulling something out of your arse because there's no clear information to go on...