"That's what makes you Special."
Shiny. Do I get a short yellow school bus? I could turn it into a testlab on wheels!
5999 posts • joined 31 May 2010
"That's what makes you Special."
Shiny. Do I get a short yellow school bus? I could turn it into a testlab on wheels!
Aye, saw it. There are 384 work mails (down from 1021 when I woke up an hour ago) to go before I can start getting into the "El Reg" folder. I'll dig myself out eventually...
That AC is so far in the "RUN, DEAR $DEITY RUN!!!!!!!" part of the crazy/hot graph that a careful reexamination might be required. :)
@Steven Raith don't bother the Anonymous Coward you're talking to is a Microsoft marketing shill. Worse, it's not capable of rational thought. Just ignore it. Hopefully it'll do the world a favor by getting ebola and dying alone.
Several options exist. They're all a little bit prickly. Worth a blog, perhaps.
It was "miserable as bleep" and "reliable unless you changes something."
Azure AD is one of those things that introduces a strict change management requirement into your environment. Breathe on it, and it will do something bizarre. But if you're one of those shops that sets up things and then basically doesn't touch them for 5 years, you're good.
Of course, bear in mind that Azure AD can be configured in a few different ways, depending on the wodge of cash you pay, the apps you're using, the level of integration you're seeking, etc. TBH, from a technical level, it's why I walked away from Azure. I just couldn't stand bleeping with it to keep it working.
Now, if they're correct, and it's push-button easy (with presumably similar "oh shit" buttons for when something changes) then It's worth a really good long look. That said, almost every company I deal with is moving away from Active Directory as their authentication system. It's used mostly to lash together legacy Windows boxes, but almost always with a cloud connector to a less frustrating and more widely supported service.
Identity management is a hotly contested battleground right now with dozens of new entrants every year. It is going to be a while before it all shakes out and there is absolutely zero guarantee that Microsoft will emerge the winner. (My money is on a much expanded OpenID.)
The big problem with Azure AD is that Azure AD isn't exactly like adding a domain controller. You don't just have a copy of your whole AD in the cloud.
The benefit of Azure AD is that you don't just have a copy of your whole AD in the cloud.
Active Directory - like the registry before it - has become a dumping ground for information that by all rights should be in easily editable flat text files. (And bleep you too, systemd, with a bronzed goat!) So there's layers upon layers of cruft in the average Active Directory. Some of this cruft you need to make programs run. Some of it is just "junk DNA" waiting to cause a cancerous mutation.
So the bad stuff doesn't go into the cloud...but much of the good stuff doesn't either. So it takes a lot of whitepapers to find out what's where, when and why. Frankly, I gave up. I started moving away to stuff that doesn't need the Active Directory - or the bleeping registry - to get the job done. I like that "keep it simple" mantra.
But there are a lot of folks who aren't in that situation. And so this might well be an important tool for them, especially if they are to remain wedded to Microsoft in the long term. Microsoft is certainly making it a huge part of their plans, as it is an important weapon in the Identity Wars...and that's a set of battles Microsoft's "cloud first, mobile first" future can't afford to lose.
If you could just get your identity from anywhere, why...what could be next?
Microsoft has made a confession: “integrating your on premises identities with Azure AD is harder than it should be” and requires “too many pages of documentation to read, too many different tools to download and configure, and far too much on premises hardware required.”
Oh, but when I say this exact same thing, I need to be berated, chastised and personally attacked. Groovy.
Still, cheers to MS for fixing this. It's great for their American customers. I genuinely hope it works on the service provider mini-Azures so that the rest of us can have integrated networks provided by companies with zero American legal attack surface. A proper hybrid cloud is a good thing, and Microsoft does look like they're only a few years from having the first stage of that wrapped.
"Isn't it a conflict of interest for Trevor to report on Synology while touting their gear to his own customers? Obviously he wouldn't want them to go bust. What exactly is his interest in the company?"
I am not entirely sure why it would be a conflict of interest to report on Synology while selling it to my customers. I sell Microsoft software and services to my customers too, and I tear them a new arse every other day. Any vendor is disposable, and - to be perfectly blunt - I don't make my living selling computers. I keep my hand it in because doing so allows me to keep a presence at the coalface of IT, making sure my skills stay sharp and that I have knowledge and experience relevant to the IT companies I report on.
What might represent a conflict of interest - but I honestly feel does not - is that i am currently engaged with Synology on a very narrow contract to provide them a VMworld booth demo. This demo consists of a Supermicro FatTwin server, A Supermicro Switch and a Synology RackStation all configured to run various workloads that stress the Synology storage. The contract is very narrowly defined, and I have no other role (such as ongoing consulting, etc) beyond that specific deliverable.
Given the voluminous red tape that is Synology's internal marketing spend processes, there is zero reason to believe I would get another contract from them. So, being frank, there is no incentive on my part to be nice to them. I have a fixed contract that says "I gets my money if I deliver the goods" and there's nothing in there about not pissing off the natives.
And I piss off the natives rather a lot. They weren't exactly happy I ran a pair of pieces that said, in essence, "Synology made mistakes and needs to reorganize themselves internally and spend a stonking huge pile of money to make things better in the long run."
I've never tried to hide who I am working with. You can always find out information about my open-ended engagements at http://www.trevorpott.com/about/ under "disclosure".
I don't list narrowly focused, fixed-deliverable contracts unless those contracts compel me to advocate on behalf of a client. Once more being blunt: I get so many jobs creating whitepapers, blogs, demo videos, booth demos and so forth that the fixed-deliverable stuff all blurs together. They don't make me any more or less happy about a company.
A great example is Microsoft. They gave me a free year of MSDN so that I would be able to have licences to write about their software. Didn't make me any more charitable towards them.
VMware ensures I have a suite of the latest licenses, if you read my writing over at SearchVMware, I don't exactly pull punches with them either...and the VMware licenses I get are enough to run my lab.
Bottom line: if there is ever something I - or any of the circle of professionals I trust to help me make these judgements - feel presents the possibility for conflict of interest, that will be listed in the disclosure section of my personal website for all to see.
In the meantime and betweentime, I will report on anything interesting I turn up - positive or negative - with as little personal bias as I am capable of demonstrating. I will also use and abuse any and all of my contacts within every vendor I can to advocate on behalf of "the little guy": the end customer, end user and the sub-1000 seat SMB.
As regards Synology, this means using all my connections there to try to get them to take a more serious approach to security. But I don't give Synology any more of a break than I would any other company.
Well, except Ninite. They get a free pass no matter what. But I'm allowed to be an unashamed fanboy of at least one company, aren't I?
"You could at least slap all of them equally for their incompetence over the years."
If it was a fnord, you wouldn't be able to see it.
As for Synology, I've got meetings scheduled with them to go over the issues here and try to convince them to invest heavily in security. So far, they seem receptive.
Fail2Ban is capable of more analysis than simply "block X number of failed logins". That just happens to be the only thing most people use it for. :)
Also: Fail2Ban wouldn't have stopped this attack, but it would stop many others. And my point here is "defense in depth." That there are layers that need to be here. I would, for example, configure Fail2Ban - or the auth system it protects - to reject any root or admin-priv user if that user was logging in from anything excepting the local subnet. Very important...
I can't say I completely disagree. At the same time, the balance between security and usability is still something tech companies are pouring research dollars into.
I personally can't claim to have all of the answers. Some, yes, but certainly not all. I think any among us who did try to claim that would be a fool; if they had the surefire answers, they'd be a mad billionaire.
So absolutely there needs to be a refocus on security within Synology. I'd like to be among the first to pound on the table about this. But this has to be balanced with usability and perhaps that means that - for now - we can't have both.
For now, at least, security is a shared responsibility, whether you're using a Synology NAS, a Supermicro IMPI controller, a Dell thin client or an HP display management computer. Systems that are largely unattended and unmanaged still need TLC. It sucks, but it's the state of technology today.
What really needs to happen is a lot of the smaller players need to get together and pool their resources into helping solve the problems to hand. A great example would be the Application Layer Gateway firewall I want. That's a beefy requirement. It take a log of RAM and a lot of CPU, at least when you're talking in the context of IoT devices.
A baseband management controller, or a low-end ARM NAS, or even your average display management computer is going to have trouble handling a proper one. Throw on monitoring, reporting, communications, etc...suddenly we start getting into the realm of a Big Ask for such small equipment.
So I think real research is required how. How can we do more with less? How can we shrink the requirements of some of this stuff so that we stay within the power/parts/price limits for that product category but still maintain both usability and security?
As I said above, I certainly don't have all the answers. I wish I did.
I could use the billions.
Microsoft is the world's premier supplier of Contempt as a Service. Their offerings are unmatched, whether you reside in Germany, the United States, China, or anywhere in between. Subscribe today!
"Be honest with yourself, Trevor. You know have a freetard Linux agenda and you will never be satisfied until you get your way."
You're an idiot.
I never said the Chinese economy wouldn't take a hit. I said it wouldn't collapse. The US, OTOH, relies on cheap Chinese goods so absolutely that an inability to source them would obliterate their economy overnight.
"Would the Chinese economy survive if we bought all our production back home?"
Yes. The US just isn't that significant. There are 6.7 billion other people in the world, and they will all still buy Chinese.
Microsoft doesn't make a better mousetrap. Microsoft runs a protection racket. If you don't use their everything, they'll break your fucking kneecaps. So pay the protection money.
That's what "bundling" and "integration" and "embrace/extend/extinguish" or standards is all about. Abusing a monopoly in one area to enforce a protection racket in another.
Most people don't want to buy Microsoft. They don't trust Microsoft, and they sure as hell don't want Microsoft's broken UIs. But so long as Microsoft can keep convincing those who hold purchasing power in governments and businesses to do so, they have us all by the balls.
They're putting together a complete PR campaign around this. Their PR guy is horribly overworked, and he has been reaching out to tech journalists around the world on this. My article - and others like it - are the first line of their efforts to reach customers.
I suspect an e-mail blast is being prepared, though I personally think that should have been done about 10 minutes after learning this was an issue. Still; I do know that they will be issuing most (if not all) of the advice I wrote in this article, probably later today.
We'll see over time how the response shapes up, and I'll work with their PR guys - and hopefully their brass - to make sure they do better next time. People's files are being encrypted. Who knows how many memories are being lost. It's the least I can do.
Edit the firewall on your router, not your Synology NAS. Your Synology NAS should never be plugged directly into the internet. There should always be a router in between. If you have any questions whatsoever, contact Synology immediately, and they'll walk you through locking this down.
Edit: others go there first. :)
Absolutely. Please go to the Synology Download Center and download the update or new version of DSM for your device. You'll be able to log into your Distation or Rackstation locally and then go into "Start --> Control panel --> Update and restore (which is under "system")". Here you'll be able to feed it the file you downloaded.
I've done the above many times. It's safe and works well.
Okay, I do get the quibble about "backup first, then upgrade the DSM"...sort of. In the many years I've owned Synology Diskstations I've never had a DSM update go sideways on me. To be perfectly honest, I trust hte DSM update process enough, I'm not sure a special "out of band" backup would have even occurred to me. (I do have automated end of night backups, natch.)
But I'll make sure to pass along your advice all the same, because it is right and proper that they pay attention to the order of that.
Actually, I can't really call them on the carpet for that one, mate.
If affected, you're screwed. Your data's gone and you either pay the ransom or pray for backups. In that case, the fact that the advice is "switch it off and calling Synology" is - to my mind - exactly the right response.
This means that they will give each user a walk through their options one by one. It also means that if the user chooses to simply nuke out the OS, restore and start fresh by blanking the drives then Synology will help them do so.
Beyond that, I'm honestly not 100% sure what Synology can do. Offer to pay the ransom for you? I'm pretty sure that's actually illegal.
If they knew how to crack the thing and get you your files back should they be posting that on the internet for all to see? Or should they walk you through it on the phone where there's at least a chance that the minor obscurity will prevent the bad guys form figuring out that their operating version is done for?
Honestly, if you've any better advice at all for any of it, ping me and I'll make sure it gets in front of the right people at Synology.
As regards "how this could be prevented in the future", keep an eye out for a sysadmin blog in a few hours. That one has already been written, and Synology's brass sent a scathing hot piece of my mind besides. I have a face-to-face with these folks in a few weeks, and there will be beating about the ears, I promise you all.
Aha. Then you are the closest to having grokked my meaning so far! :)
"Sorry Trevor, that's an issue for me. The other is software quality.../soapbox"
I'm not actually sure what you intended to say. Either you were talking about "all modern computers are really inefficient and this is bad" or something I have no idea how to decipher. If the former, I lack an understanding of that connects to the topic at hand.
Maybe I'm too sleepy?
Did I say "Android was currently a major desktop player?" No. I said - and I quote - "Android." No qualifiers of any kind. I let the rest of you lot fill in the blanks with your preconceptions and biases.
I did mean something very specific with that one word comment - and it relates directly to the comment it was replying to - but so far noone has gotten it. Given the absolutely fascinating responses that have developed thus far, I'm inclined not to reveal my original meaning and simply let the lot of you fire arrows into the dark.
I'm really curious to see if anyone gets what I meant.
"Everything you say sounds reasonable except for the Linux bit. UEFI Secure boot will make sure Linux will never get on consumer PCs. Ever!"
"MS knew it was only a matter of time before Win8 would grow on (in?) you..."
Coming from an account named "Fungus Bob" just makes that statement all the more creepy...
Ahoyhoy! You coming to VMworld? I think I owe you a keg or three of beer...
@Ben Bonsall +1 for making me larf. Good show, that man.
"Despite its user interface, when it comes to touch and digitizer support Windows 8 is far better than Windows 7. There are many under the hood improvements in handling that kind of input which 7 lacks. People got so focused about the Metro UI they missed what other was done. I understand any attempt to build a tablet with good pen input supports needs Windows 8, not 7."
Um, no. I'm pretty sure that I said Windows 7 was ass at dealing with pens, or being a tablet. I know full well that Windows 8 has many under the hood improvements over Windows 7. It's the chrome that makes it a bucket of warm ebola.
And it isn't just Metro. It's the fucking charms. And the flat everything. And the zero delineation of controls. And the "cloud integration". And the streaming of your every move back to the hivemind. And the...
Seriously man, if it were just fucking Metro we wouldn't hate it this much.
Ultimately, that's the reason why people don't want to use it, even if the digitizer support is better. It's the 10,000 "little things" in the UI that pick and nag at you like a cloud of bees in your brains. Using the damned thing is just awful, and that's why people will cheerfully pay significant amounts extra to avoid it.
I was aware of the Android one, didn't know the Win 8 one had come out yet, but it makes sense. Which brings me back to "but it runs Windows 8." If Cintiq wanted to do a Win 7 jobbie on the same hardware, that'd be just fine. Worth a premium, even.
I'm entirely aware of all the tablets with Wacom digitizers (Surface, many of Samsung's, etc.) Hell, I own several.
The reason this Macbook Pro dealie has so many backers - and it isn't remotely the first attempt to "tabletize" a Macbook - is because it runs OSX. Windows 8 is a bucked of warm ebola. Windows 7 isn't particualrly great at being a tablet OS. OSX isn't much better...but it has a cult following, especially amongst "design" types who still buy into a two decade old mythos that says "to do proper design, you need a Mac." (That isn't true, BTW, and ceased being true a long, long time ago.)
The point here is that there are poeple who are willing to spend money on convenience. How is this any different than people who pay 2x or 3x more to get a bag of cough drops at 2am by going to the 24/7 convenience store instead of waiting until the morning and hitting up the bulk shop?
There are people - rather a lot of people - who loathe Windows 8. They loathe it enough that they would rather pay 2x, 3x or even 5x as much for what amounts to the same hardware just to get an operating system whose quirks don't drive them batty.
I sympathize. I am personally in that camp. A slightly modified (give me my fucking up button!) Windows 7 is my preferred environment. I am willing to pay extra and/or put in extra time to get that environment. Quite frankly, if my choices on my next PC were "$5000 Windows 7 box" or "$1000 Windows 8 box" there'd be no contest. I'd by the Windows 7 box.
So yeah, I get why people would mod a Macbook. I also get why they don't want a Windows 8 or Android Cintiq. Both of them are absolutely awful for the types of tasks that anyone with a digitiser is going to do.
So...despite the fretting about a few bent coppers...it's really not all that weird.
I agree that a wacom tablet is cheaper, but - and please do correct me if I'm wrong - they aren't generally portable unless they've been built into a "proper" tablet. They serve as a second (or mirrored) monitor where you do things like keep palette tools. At least, that's my experience with them...
To be fair, if I needed a pen interface to do my job, and the only available choices were "Windows 8" and "sacrifice a pill of virgins to get a frankenmac" then I would absolutely choose the frankenmac. Windows 8 is one of those things that is worth paying a significant amount of money not to have to deal with.
Alternately, I could just get an x86 tablet and hackintosh it. Or even Windows 7 it. Not exactly routes forward for large enterprises, but good enough for the lone gunman types.
To be fair, IPMI has gotten a lot better of late.
Emphatically have to disagree about the Brikk thing. I read it as an article in good fun mocking the concept of a gold-plated smartphone in general and the the "augmentation" of the iconic Apple design more specifically. I don't think the fact that he didn't include Brikk's willingness to bling up phones that nobody would ever bling up is relevant. He was having a bit of fun. He wasn't there to advertise on behalf of Brikk.
Hey, I've no problem with you disagreeing with me. Disagree away! You feel Jasper has a bias, but you manage to express it without attacking him. Yes, I do very much disagree with you, but I see no reason for wrath.
"Hmm... Trevor, can you spot a contradiction in what you wrote?
Seems like any assertion of independence by anyone - a person, a company, or a country - is now treated as a threat."
I can assert all I want, that doesn't make my independence a fact. It's those who try to go beyond asserting into "enforcement" that become threats to the powers that be.
Nope, you got the argument in a nutshell. And that's the argument the judge is throwing out.
To wit: the judge's argument is basically "it doesn't matter who owns the data, only who has access to that data. Microsoft US can access that data and so it must access that data if a US court says so, and no international warrant is required."
The repercussions of that surviving to set precedent are massive.
I use a Canadian provider, as I'm Canadian. Canada is Five Eyes, yes...but the US of A still can't just scan my e-mail "just because". Our laws very clearly prohibit that.
Now, if the US wants to use a warrant, my country will comply. I'm actually okay with that. If I've done something to draw targeted attention, then by all means, they should be doing their jobs and checking up on me.
But it's the dragnet surveillance that gets me. I'm a mostly law abiding citizen* who honestly tries to do the right thing. I make mistakes. I sometimes go a little far in having fun or asserting my independence. But I'm not a threat to anyone.
So why should my e-mails be scanned by a robot as part of a massive international fishing expedition and then taken wildly out of context and used against me? Why do I have to get hassled at the border when all I want to do is go to a conference and report on the events there?
I have a friend who lives in Washington. He's a systems administrator. Why does the border patrol flag up that I'm going to stop by his place for drinks on my way to San Francisco as being "obviously business related"? Seriously you guys, I met him on Spiceworks. He's a friend. We're going to have some fucking beers. It's the 21st century, that's perfectly normal!
Why does the US border patrol even have the power to snoop on my e-mail and determine that I am going to meet him? What the fucking fuck? Again: I'm not a threat to anyone, and there was no reason I would be "targeted". It was just caught up in dragnet fishing and then used against me.
So yeah, I switched my e-mail to something local. What the US is up to first of all is questionable under my nation's laws at best, and is illegal at work. More to the point, it's not okay.
My solutions aren't perfect. And maybe there aren't any good answers. But the only vote we foreigners have is the one attached to our wallets. So let's vote.
*laws are structured in such a way that it's impossible for anyone to fully comply with the law.
Oh hey cowardly scumtoad! How ya been? Totally off your rocker as usual? Awesome.
I don't know where you've ever seem me saying "Linux is great". Must be those drug induced hallucinations of yours. I seem to recall writing quite a few articles and comments that thrashed various bits of Linux, from the community to specific packages. But how great or not Linux is doesn't change the fact that Microsoft behaves in a manner that is quite decidedly evil.
As for your "Microsoft makes many billions" off of Office 365, you are again full of shit. Office 365 is still only somewhere around $1.5B annual run rate. Run rate. Not profit. And there's a lot of money to be made from Americans and from those foreigners who either don't have data protection laws or don't care about their own data protection laws. Capitalizing on stupidity has proven profitable throughout human history.
But I note again that you keep pointing to the amount of revenue Microsoft pulls in as an attempt to demonstrate that Office 365 must have some "obvious" value. You never actually manage to prove this, you just assert and assert and point to revenue figures.
So let me repeat a few things. First: the mafia makes a big swack of cash out of protection money too. They will break your kneecaps if you don't pay up. That doesn't make the "service" the mafia provides good value for dollar. Secondly, a lot of companies - especially enterprises - get in bed with services like Office 365 and Azure not because it offers the best value for dollar, but because it allows those companies to bypass their internal purchasing rules and get what they want with less fighting.
One day, maybe, cloud computing will be a good enough value for dollar that it is ready to take over for locally run systems and permanently purchased licenses for all segments. Personally, I look forward to that day.
As much as you are completely incapable of understanding this, I don't want to run servers. I'm not some locally-installed systems fetishist trying to protect their job. I hate fixing computers. It's boring and it doesn't pay well when compared to creating content for marketing or even to tech journalism. With any luck, I'll be mostly out of the game by January, keeping my hand in only for select companies and as a consultant on some larger projects. (I have a 100,000 node dual-DC project in mid 2015, as one example.)
I don't want to own and run servers. I don't want to maintain servers for my clients. I don't like doing any of that shit at all. Wanting cloud computing to take over this tedium for me still doesn't make cloud computing the best value for dollar for my company or those of my clients.
Unlike certain anonymous cowards, I'm not some deluded narcissist that thinks that whatever I happen to like or believe magically becomes true. My job isn't to proselytize a religion, or profess a belief. It isn't to shill for a company or to push one computing model. My job is to find the best solution for my client's specific needs amongst the available offerings and to do so without any blinders or biases, even if that means recommending services or products I personally dislike.
Oddly enough, that's the exact same attitude I bring to my writing.
And yes, more than just the technology matters. Value for dollar encompasses everything from the trustworthiness of the company to the availability and visibility of a long term strategy, to the planned refresh cycles, to the history (if any exists) of the company and how it treats it's customers/partners/etc all the way through to disaster planning that ranges from technology to dips in revenue that could affect the availability or functionality of subscription-based IT services.
All of it has to be looked at, analyzed, and planned for bearing in mind the level of risk acceptance/aversion of the people who actually own and operate the companies in question.
As to my continued relevance, we....I'm a systems administrator by trade. I have backup plans for everything. I suspect I'll be here to refute your bullshit for quite some time to come.
You, on the other hand, only seem to have assertions to offer. Oh, that and calling me "paranoid". Good show, that really served as a grand comeback to the real world issues of both the legal complexities of data sovereignty and the ethical issues that underpin the whole conversation. Congratulations on that riposte, it was absolutely legendary.
At the end of the day, I am who I am, and the people who read my words - as an article or as a comment - can learn about my background and me in depth quite easily. They have a dozen ways to contact me to ask me specific questions about why I might say this or that. Ultimately, if something I say worries them or makes them want to chase that topic more to understand if something could affect them the ability to do so is there...and because they know my real name they can even quite easily find people who've worked with me in the real world and ask them pointed questions. My life, in that regard at least, is an open book.
You, on the other hand, are a coward. You won't put your name and your reputation to your comments. There's no ability to check out your background or question those you've worked with. There's nothing but assertion after assertion after assertion, most of it straight out of Microsoft's marketing guide. Hell you're arguments even evolve to echo Microsoft's marketing arguments whenever their playbook changes!
You don't offer a thoughtful, considered viewpoint with any depth of complexity. There's no nuance to your assertions and there's no middle ground. You parrot back Microsoft's party line with a dull persistence that borders on an elemental force while viciously attacking Linux, often with outright lies or - at best - half truths.
I despise you. Not because of what you say, but because of how you say it. I have no respect for you because you hide behind a cloak of anonymity, and use baseless assertions, lies, half truths and ad homenims to push an agenda that you hew to with religious fervor.
I despise everything you represent not because you champion a cause I disagree with, but because you go about it in a manner that lacks any form of personal honour. You are a bad person and - to be perfectly blunt - you make Microsoft look very, very bad.
That you personally champion Microsoft is probably as responsible for my loathing of Microsoft's business practices as what Microsoft actually does. You are the living embodiment of Microsoft's marketing messaging and methodology. Their voice made manifest.
For all the evil that Microsoft actually perpetuates it is the utter contempt with which they treat customers, partners, developers and staff that I find detracts most from their credibility and their trustworthiness. Every single post you make reinforces the reasons for that for me. it reminds me all over again exactly what it is about that company that is impossible to work with.
You are a poison. One set loose on the internet without restriction or morality...but it is your host that you are poisoning. It is Microsoft's name and image that you are degrading, not that of Linux, Apple or any other Redmondian competitors.
You obviously couldn't care less about what I think, and that's entirely your right. But I am absolutely positive that I don't speak merely for myself regarding the above. I am positive of this because I have had hundreds of commenters reach out to me to either complain about you, thank me for engaging with you or both.
So by all means continue with your manufactured tirade against me, Linux and whatever else you can find while pimping and promoting Microsoft. No matter how much you frustrate me personally, you ultimately are doing Microsoft a far greater disservice than I - or anyone else on these forums - ever could.
In the future, however, your arguments might bear a little bit more weight if you disabused yourself of ridiculous notions like "Trevor hates the public cloud" or "Trevor loves Linux." For the record, I hate everything until it has proven itself to me, and even then I am only interested in those products, services, companies and individuals which can be shown to provide the maximum value for dollar for the individual or company in question. And I absolutely don't believe that one size fits all.
Now, you can take all of this and twist it around, take it out of context or attempt to use it to paint me as a small man who obviously isn't as important as yourself. (And how could anyone ever know? As an anonymous coward you are nobody and you mean nothing.) Go right ahead. I'm not posting this for you. I'm posting it for me. To vent my spleen and so that I have a post to link to for future interactions.
Good luck with all your endeavors in the future.
"the US economy would not collapse if all non-US Microsoft/Google/Amazon etc. customers abandoned them (assuming they all could find alternatives that met their requirements)."
You don't understand what I actually wrote. I said, in essence, that "in the eyes of US.gov and US.courts, anyone who does any business whatsoever in the USA makes themselves subject to US law." That's not something you get to argue, that's proven fact at this point.
I also said "if the US passed a law that said any company with a US presence must make available all their data for review by the US government at any time the US government says so, their economy would collapse the next day." I stick by that. Because that law would mean that any Russian, Chinese, etc company that did any sort of business in the US or had a US server, or rented a US server, or used a US cloud service etc would suddenly be on the hook to pony up unlimited amounts of data to the US without a warrant - which is what this whole case is about, BTW - and that is something that the rest of the world absolutely wouldn't put up with.
Functionally, I would instantly become illegal for Chinese, Russian and EU companies to do business in or with the US overnight. That would destroy their economy. And that is the only reason they don't do it.
"And we are, after all, apparently talking about execution of a warrant in a criminal investigation."
No, we're talking about the right of police and/or the courts to access that information without a proper international warrant. Merely the demand of a local bench judge. This is a completely unprecedented scenario and could have disastrous consequences for US economic relations, especially in sensitive industries where tensions already exist and industrial espionage is already rampant.
Google, Microsoft and Facebook reading my e-mail in order to advertise at me doesn't affect me much. They aren't likely to read my e-mail for industrial espionage purposes, because if I could catch them at it, they would lose everything.
They can't use what they learn there to hassle me when I try to enter the US to get some business done, or cover news as a reporter. They can't use what they learn there to try to prevent me from doing business via some form of protectionism.
Corporate snooping on my data for the purposes of advertisement just doesn't mean much, excepting that the adverts might be a little non-opportune and mildly embarrassing in the wrong company. Oh well.
The US government can ruin your entire life or put your company out of business based on misinterpreting what other people choose to send you in an e-mail. That is a problem.
Sorry, but no. The issue is "US legal attack surface." It doesn't matter if you are incorporated in another country. If you have any operations or assets in the US, then the US will say you must comply with them. That includes - at la megaupload - even renting servers in the US.
So not only is Microsoft legally bound to turn over all foreign data it controls, but if you use Microsoft's Azure and Office 365 then you are making yourself and your company subject to American law.
Now where is that Anonymous Coward Microsoft marketing shill to tell us how this is all totally irrelevant because Microsoft is the greatest company on Earth and the cloud is the future? Something comes up that on the face of it seems to be downright horrible for any non-Americans who might want to use cloudy computing - and it's certainly bad for Microsoft, who has bet the farm on same - and he's suddenly nowhere to be found!
Come on, let's get a debate going here, where he can jump in with things like "if you have nothing to hide you have nothing to fear". I really do want to see him worm his way out of the fact that the US feels it has sovereignty over my data.
Dance marketing shill sockpuppet, dance!
"Nah, they'll just bring in a law making it illegal to trade in the US or with US-based organisations if your infrastructure is not open to the US government - on the basis that you must have something to hide."
That would be slitting their own throat. The US economy would collapse literally - not figuratively - the next day.
Damn it, always late to the party.
"I hope someone has a secure back up of all their old strategies because they are going to need the old one that has “corporate windows” written [in gold] on the cover."
If Microsoft truly do alienate their userbase so much that this would be required, do you honestly think that the world would be willing to submit to that kind of lock-in again? With the same company that they abandoned for lack of trustworthiness?
"Withdrawing from the ECHR would be a bit like the USA withdrawing from its Constitution. Crazy."