63 posts • joined 25 Dec 2009
I wondered the same thing, you have to remember the 2nd factor validation for a certain period at least (a few days / weeks) otherwise users will just turn it off. Typically systems will remember it per location (IP/Network), but then it's easy to emulate the same private network.
I'd then guess, actual public network? Some external check of the internet-facing IP the system NATs to, to ping some (Microsoft-provided) external resource. Then just force 2 factor if no network connection is available. There are certainly quite a few security concerns with that too, but most seem solvable at first glance.
> The future for Microsoft and their ilk is most certainly not in selling software, but in selling services.
I believe that is exactly what he stated? You can't get much more service-y than subscription services to hosted & managed enterprise systems.
Re: Read between the lines
> That is the general consensus among the professionals of this industry.
No, no it is not. "Forums that you visit" do not make "the industry", no matter how much you'd love it did. There is still a massive proportion of high end corporate IT running on Windows, and excluding these people from your so called "professionals of this industry" list is just childish / wishful thinking.
> With Country, you walk the line.
With Pirate, you walk the plank!
Re: Laser eavesdropping
I was gonna say "closing the blinds" defeat this easily, but I guess the damn things will vibrate too.
Absolutely not. Any Visual Studio installer you get from an MSDN sub is a pre-keyed installer that uses a static activation key. That key is perpetual. I've renewed an MSDN sub since the early 2000s and I have many older VS installs that were installed with the original keys (on this system here, either installed directly or on VMs: 2005, 2008, 2010, 2012, 2013). When you renew MSDN you get a new set of keys, not "extensions" on old ones, and I've *never* had a VS (or any other software that comes with MSDN) ask for a new key, ever. I also manage subs for a team of a dozen people, and I guarantee that never happened to any of them either.
> Isn't that a bit like the pot calling the kettle black?
Only if the kettle has round corners.
> Why focus on Apple. Pretty sure Google, Microsoft and others are all as bad.
I'd venture it's because none of those just published its "latest environmental impact report".
Not everything is a conspiracy.
Re: Why is security still an afterthought?
> "Everyone trusted everyone else"
> I really think we did for a while. What happened?
The Internet, I believe...
lol our anonymous coward is true to form :)
and so on!
Re: It's just what changed from the 7 SDK to the 8 SDK.
This reminds me of a "Consultant" that was hired by management to do a code review on a C++ project, and his report started with "There are memory leak in the application, I did a count of NEW and DELETE statements, and there are less DELETEs than NEWs".
Disingenuous (sp?) "security bod"
While I agree with the basic sentiment expressed (adding security tools like new checked functions should be done in all currently supported operating systems), there's still a big difference between not "patching" Windows 7 (i.e. finding a bug, but not correcting it) and not adding new features (that makes programmers' jobs easier).
Try it with "Microsoft not adding TIFKAM to Windows 7!" and see if these guys are taken seriously :)
> I agree that you'll never prevent a user from clicking "OK" to install malware but there must be something fundamentally "safer" about Unix/BSD/Linux systems.
Of course there is: people that use them tend to be technical-minded people.
As for me, my team manages IT for a herd of sales drones. When the occasional email virii gets past all the protections and reaches their inbox, we *always* get tech support calls from them ranging from "Can you send someone to type in an admin password, so I can track this package delivery?" to "My package delivery tracking program won't run on my tablet".
People keep saying it's the size of the target (i.e. so many more Windows desktop installs than Linux), but the truth is, it's just as much the technical skills of the average user.
Give Linux to my sales drone and they'll bring you back trojan-ridden devices, even if they have to learn to make wine work.
Re: 17TB ??
Hmm, I bought about 12 TB of flash storage from EMC in that very same quarter. I think I'll start asking for some kind of preferential treatment seeing how I account for over 2/3 of their flash business :)
Re: I wonder if it's down to their love of complexity @John P
"gmail works fine without it"
What are you talking about, gmail.com is very, very heavily loaded up with js.
This is the exact origin of the browser/scripting engines arms race of the last few years. Chrome was created so it could run more complex script-based apps faster.
Re: Oculus Rift!
You mean Face Rift?
Re: Laptop resolutions...
> 95% of Windows applications display incorrectly on high resolution panels:
huh? I've had a 2560 x 1600 display for ... ~5 years now? And I only vaguely remember *one* piece of software that had button layout issues at that resolution. And maybe 3-4 games over the years that just did not offer the resolution in full-screen mode (but worked right at 1920x1200).
If by 95% you meant "less than 0.0095%", sure, I'm with you.
> Alberta's laws are not all that different, and we have one of the most powerful economies in the world. :)
The oil does help a bit :)
> "That's why we have TCP and IP."
Ok, you owe me a keyboard.
Re: Is there anything left for the NSA to hack ?
> Oh, and when are they going to slot the "cloud" word in there ? I couldn't find it anywhere in the article.
Nah, these conferences are where they come up with next year's buzzwords, not rehash last year's.
Apple covering you breaking your iphone for 1 year still does not count as offering the minimum warranty that EU law requires (2 years).
So instead of straight up stating that their products have a 2 years warranty (and still make it "1 year if you break it" if they want), they instead went the sleazy way of saying "if you ask about the 2 years warranty, sure, we'll honor it". Basically hoping they still get to con people into buying new kit because the Apple warranty is over, unless the customer mentions the 2 years thing. Sleazy is sleazy.
Re: but why steal them
> if the currency fails then stealing them is a worthless activity.
I don't use Bitcoin so I had the same thought, but this does not seem to be happening.
After all it seems hundreds of millions worth of coins were stolen recently and news about it have had that "the sky is falling!" feel to them, yet Bitcoin value has gone up 30% in the last 7 days.
Anyone can shed light on this?
Re: Grammar nazi FTW
> I'm sure you meant to say "complement"...
hopefully he really meant "compliment", i.e. the only way anything "social" will happen on this new disaster?
Re: "He used my access to make you a domain admin?!"
"In the Linux world, there's "Blue Proximity" that requires a particular Bluetooth device to be close enough to the computer to keep it unlocked."
We've had something similar setup with our developer pool for a few years, however we've recently added a "name and shame" component to it where it sends an email promising to pay for friday's beer to the rest of the team.
Re: y'know ...
"But that would be wrist and tablet."
Re: Ok, not so quick and easy
"And from where do you think we will obtain trust-worthy hashes?"
The real issue is reading the BIOS binary to calculate the hash, which nowadays resides on a chip that is soldered on the motherboard, meaning that any attempt at reading it will actually be controlled by the compromised BIOS. It'd be a simple thing for a compromised BIOS to return the uncompromised binary when it is read like that.
Re: iOS 7
What are you saying?
That the 75% install rate for an update that your phone constantly tries to push to you, which most people probably install "because it's newer so is probably better", or "because this latest app requires it", with no possible way back to the previous version if you don't like it, is a proof that people prefer that version?
Re: I won't read this
Same reason we'll downvote someone who doesn't get, say, a Doctor Who reference, and then proceed to insult the author of an article because of it. "Embiggens" sure isn't a real word, but it's also a well-known made-up word that's been used a lot in The Simpsons - in fact it's part of the city of Springfield's motto.
Sure it's a made up word, and sure it's ok that YOU don't know it, but then you went and made an ass out of yourself by insulting the author and/or the article because you missed a (very old, very common) pop culture reference.
Didn't defend the word, rather, downvoted your dumb overreaction to it.
Re: I won't read this
A noble spirit embiggens the smallest man.
Re: how about ...
"Yeah, because none of those servers out there on the Internet run anything that anyone might care about."
I hesitate to step in a Linux vs Windows thread... However many of the classical malware spreaders go after bank accounts and the like. Or they want to make botnets for various nefarious deeds including apparently bitcoin mining now. These are all attacks that want to hit a critical mass of machines, which they'll reach by infecting of millions of desktop.
People that go after databases (the recent adobe mess comes to mind) typically don't do it by emailing dodgy .doc or .pdf files to sysadmins hoping they'll execute them on their web/database servers. So saying "lots of servers run Linux and there's not a ton of malware on it so it's proof that Linux is malware-proof" is dubious logic.
At the very least we can look at the reasonably large number of Windows servers our there, see that most of them are not malware-ridden like their desktop counterparts, and see that there is some logic behind the idea that malware attacks target the most common denominators.
Re: Make The World A Better Place? Microsoft?
Nah, by far, their best slogan was Windows 95's installer,
"Whatever you do will be more fun."
"No additional coding will be necessary."
Honestly, this being Facebook, who are known for breaking their APIs every other week and telling developers after the fact, this was actually a pretty useful clarification.
> But didn't Android copy the iOS interface?
Ergo, Jolla's UI looks like crap!
"And going forward you can be sure there will be ways of deploying internal apps to ithings and athings."
This is the part I'm not so sure of.
At this point Apple seems to show no interest in supporting corporate control over their (iPad/iPhone) devices. If it was going to happen, it would have happened (or been announced) already.
Re: Nice cat
Holy crap, printers with their own control panels are one of my most hated things.
Not that Windows' default printer control panels are all that spectacular, but printer-specific software make adobe's software look stable in comparison!
Not to mention that most of these control panels nowadays are bloated adware to get you to order ink from the manufacturer's web site...
Re: Why did MS suddenly fall out of favour with contrast
The one trend I can't stand is all the UPPER CASE MENUS THAT NOW MAKE VISUAL STUDIO LIKE IT WAS CREATED BY THAT 65 YEARS OLD UNCLE THAT SENDS ME EMAILS IN ALL CAPS BECAUSE IT'S EASIER TO READ.
Any game released this month that does not work on windows 8 specifically (i.e. not your pc specifically) would probably be some indie title made by a small crew that only ever tested on their 5 windows 7 PCs. There's no good reason otherwise, just as the same indie guys couldn't be bothered to test their stuff on windows 7 for the first year.
Whoa there, don't get ahead of yourself, next you'll say false advertising should be illegal...
Salted passwords are not about keeping one unique salt secret, it's about having a distinct sale for each user assuming that if your shit gets stolen, the salt will get stolen too.
However since each use has a distinct salt, you need a full-blown hash generation cycle for EACH user hoping your password attempts will hit jackpot for that one guy.
As opposed to having a single common salt where you just generate your hashes for your big dictionary and just see what users have hashes that match those.
All it does is make a dictionary attack less efficient by a factor of "how many users do you have".
Because version numbers, for developers anyway, are not decimal numbers, they're incremental numbers separated by a dot. 3.10 comes after 3.9.
Now what marketing departments say about it is something else I suppose.
Re: Hang on
It's not a final requirement.
The issue is with the Release Candidate version of .NET 4.5.1 that VS 2013 RC requires. It will not install on Windows 8 "Preview" which already includes some sort of "Preview" build of it that is not upgradable.
It's "can't use on 8.1 Preview", not "won't run on 7"
Not to nitpick,
But aren't the lights in the wrong order?
Key: unlock device - green
Flip: arm - yellow
Button: kaboom - red
Re: Dev[e|i]l's advocate....
It all depends on the reason for the speedup. If it's a general "Intel-optimized compiler", you are perfectly right, this is a very legitimate reason to prefer one platform to the other.
However the past has shown us that hardware manufacturers have been more than willing to game benchmarks, all the way back to the old video cards whose actual hardware recognized testing tools and just skipped a lot of hardware work so the same software would run a lot faster...
Re: Couldn't even get arrested looking like that
The Reg needs to write an article about this event, this would make the most entertaining headline.
"I was hoping that the first Post-Eadon Patch Tuesday comment thread may have had rather more mature and rather less tediously predictable comments."
Post-Eadon? For real? I must admit I have been reading comments less and less because the fanaticism was taking up more and more effort to sift through, and obviously Eadon was one of the primary catalysts that derailed what could otherwise have been interesting arguments.
Now I realize that the few things I read lately, I've seen many Eadon references but not him actually posting.
Can we now safely open comments on articles about topics that have any sort of chance of being twisted into anti-Microsoft rants that drown out anything else?
Re: Times are changing in Googleland
The opt out wasn't there because you mindlessly clicked next. It comes up in big shiney letters. "We would like to install google toolbar, click next to accept this, or click cancel to continue the intallation"
If that's really how it is, it's clearly a cheap tactic meant to install without the user being aware. If replacing a checkbox opt-in with some phrasing that says "you must hit cancel to continue installing without this extra junk" is acceptable, then eventually this crap will get so obfuscated that you will need a lawyer to understand if the addon is going in or not.
"I understand that by clicking next I am not agreeing to the notion that I oppose the fact that adware will be installed now or at a later date and should I hit alt-F4, it will signify the opposite of that non-agreement."
Re: Give an automatic rifle
"Is the USA driving age still strangely low?"
Young men can join the air force and fly combat missions where they get to drop bombs on people while they're still considered too young to drink.
Re: @Meh ...
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Review Vulture trails claw across Lenovo's touchy N20p Chromebook
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL
- Analysis The future health of the internet comes down to ONE simple question…