Re: Remember it's not just Synology
"You could at least slap all of them equally for their incompetence over the years."
6442 posts • joined 31 May 2010
"You could at least slap all of them equally for their incompetence over the years."
If it was a fnord, you wouldn't be able to see it.
As for Synology, I've got meetings scheduled with them to go over the issues here and try to convince them to invest heavily in security. So far, they seem receptive.
Fail2Ban is capable of more analysis than simply "block X number of failed logins". That just happens to be the only thing most people use it for. :)
Also: Fail2Ban wouldn't have stopped this attack, but it would stop many others. And my point here is "defense in depth." That there are layers that need to be here. I would, for example, configure Fail2Ban - or the auth system it protects - to reject any root or admin-priv user if that user was logging in from anything excepting the local subnet. Very important...
I can't say I completely disagree. At the same time, the balance between security and usability is still something tech companies are pouring research dollars into.
I personally can't claim to have all of the answers. Some, yes, but certainly not all. I think any among us who did try to claim that would be a fool; if they had the surefire answers, they'd be a mad billionaire.
So absolutely there needs to be a refocus on security within Synology. I'd like to be among the first to pound on the table about this. But this has to be balanced with usability and perhaps that means that - for now - we can't have both.
For now, at least, security is a shared responsibility, whether you're using a Synology NAS, a Supermicro IMPI controller, a Dell thin client or an HP display management computer. Systems that are largely unattended and unmanaged still need TLC. It sucks, but it's the state of technology today.
What really needs to happen is a lot of the smaller players need to get together and pool their resources into helping solve the problems to hand. A great example would be the Application Layer Gateway firewall I want. That's a beefy requirement. It take a log of RAM and a lot of CPU, at least when you're talking in the context of IoT devices.
A baseband management controller, or a low-end ARM NAS, or even your average display management computer is going to have trouble handling a proper one. Throw on monitoring, reporting, communications, etc...suddenly we start getting into the realm of a Big Ask for such small equipment.
So I think real research is required how. How can we do more with less? How can we shrink the requirements of some of this stuff so that we stay within the power/parts/price limits for that product category but still maintain both usability and security?
As I said above, I certainly don't have all the answers. I wish I did.
I could use the billions.
They're putting together a complete PR campaign around this. Their PR guy is horribly overworked, and he has been reaching out to tech journalists around the world on this. My article - and others like it - are the first line of their efforts to reach customers.
I suspect an e-mail blast is being prepared, though I personally think that should have been done about 10 minutes after learning this was an issue. Still; I do know that they will be issuing most (if not all) of the advice I wrote in this article, probably later today.
We'll see over time how the response shapes up, and I'll work with their PR guys - and hopefully their brass - to make sure they do better next time. People's files are being encrypted. Who knows how many memories are being lost. It's the least I can do.
Edit the firewall on your router, not your Synology NAS. Your Synology NAS should never be plugged directly into the internet. There should always be a router in between. If you have any questions whatsoever, contact Synology immediately, and they'll walk you through locking this down.
Edit: others go there first. :)
Absolutely. Please go to the Synology Download Center and download the update or new version of DSM for your device. You'll be able to log into your Distation or Rackstation locally and then go into "Start --> Control panel --> Update and restore (which is under "system")". Here you'll be able to feed it the file you downloaded.
I've done the above many times. It's safe and works well.
Okay, I do get the quibble about "backup first, then upgrade the DSM"...sort of. In the many years I've owned Synology Diskstations I've never had a DSM update go sideways on me. To be perfectly honest, I trust hte DSM update process enough, I'm not sure a special "out of band" backup would have even occurred to me. (I do have automated end of night backups, natch.)
But I'll make sure to pass along your advice all the same, because it is right and proper that they pay attention to the order of that.
Actually, I can't really call them on the carpet for that one, mate.
If affected, you're screwed. Your data's gone and you either pay the ransom or pray for backups. In that case, the fact that the advice is "switch it off and calling Synology" is - to my mind - exactly the right response.
This means that they will give each user a walk through their options one by one. It also means that if the user chooses to simply nuke out the OS, restore and start fresh by blanking the drives then Synology will help them do so.
Beyond that, I'm honestly not 100% sure what Synology can do. Offer to pay the ransom for you? I'm pretty sure that's actually illegal.
If they knew how to crack the thing and get you your files back should they be posting that on the internet for all to see? Or should they walk you through it on the phone where there's at least a chance that the minor obscurity will prevent the bad guys form figuring out that their operating version is done for?
Honestly, if you've any better advice at all for any of it, ping me and I'll make sure it gets in front of the right people at Synology.
As regards "how this could be prevented in the future", keep an eye out for a sysadmin blog in a few hours. That one has already been written, and Synology's brass sent a scathing hot piece of my mind besides. I have a face-to-face with these folks in a few weeks, and there will be beating about the ears, I promise you all.
Several options exist. They're all a little bit prickly. Worth a blog, perhaps.
It was "miserable as bleep" and "reliable unless you changes something."
Azure AD is one of those things that introduces a strict change management requirement into your environment. Breathe on it, and it will do something bizarre. But if you're one of those shops that sets up things and then basically doesn't touch them for 5 years, you're good.
Of course, bear in mind that Azure AD can be configured in a few different ways, depending on the wodge of cash you pay, the apps you're using, the level of integration you're seeking, etc. TBH, from a technical level, it's why I walked away from Azure. I just couldn't stand bleeping with it to keep it working.
Now, if they're correct, and it's push-button easy (with presumably similar "oh shit" buttons for when something changes) then It's worth a really good long look. That said, almost every company I deal with is moving away from Active Directory as their authentication system. It's used mostly to lash together legacy Windows boxes, but almost always with a cloud connector to a less frustrating and more widely supported service.
Identity management is a hotly contested battleground right now with dozens of new entrants every year. It is going to be a while before it all shakes out and there is absolutely zero guarantee that Microsoft will emerge the winner. (My money is on a much expanded OpenID.)
The big problem with Azure AD is that Azure AD isn't exactly like adding a domain controller. You don't just have a copy of your whole AD in the cloud.
The benefit of Azure AD is that you don't just have a copy of your whole AD in the cloud.
Active Directory - like the registry before it - has become a dumping ground for information that by all rights should be in easily editable flat text files. (And bleep you too, systemd, with a bronzed goat!) So there's layers upon layers of cruft in the average Active Directory. Some of this cruft you need to make programs run. Some of it is just "junk DNA" waiting to cause a cancerous mutation.
So the bad stuff doesn't go into the cloud...but much of the good stuff doesn't either. So it takes a lot of whitepapers to find out what's where, when and why. Frankly, I gave up. I started moving away to stuff that doesn't need the Active Directory - or the bleeping registry - to get the job done. I like that "keep it simple" mantra.
But there are a lot of folks who aren't in that situation. And so this might well be an important tool for them, especially if they are to remain wedded to Microsoft in the long term. Microsoft is certainly making it a huge part of their plans, as it is an important weapon in the Identity Wars...and that's a set of battles Microsoft's "cloud first, mobile first" future can't afford to lose.
If you could just get your identity from anywhere, why...what could be next?
Microsoft has made a confession: “integrating your on premises identities with Azure AD is harder than it should be” and requires “too many pages of documentation to read, too many different tools to download and configure, and far too much on premises hardware required.”
Oh, but when I say this exact same thing, I need to be berated, chastised and personally attacked. Groovy.
Still, cheers to MS for fixing this. It's great for their American customers. I genuinely hope it works on the service provider mini-Azures so that the rest of us can have integrated networks provided by companies with zero American legal attack surface. A proper hybrid cloud is a good thing, and Microsoft does look like they're only a few years from having the first stage of that wrapped.
Aha. Then you are the closest to having grokked my meaning so far! :)
"Sorry Trevor, that's an issue for me. The other is software quality.../soapbox"
I'm not actually sure what you intended to say. Either you were talking about "all modern computers are really inefficient and this is bad" or something I have no idea how to decipher. If the former, I lack an understanding of that connects to the topic at hand.
Maybe I'm too sleepy?
Did I say "Android was currently a major desktop player?" No. I said - and I quote - "Android." No qualifiers of any kind. I let the rest of you lot fill in the blanks with your preconceptions and biases.
I did mean something very specific with that one word comment - and it relates directly to the comment it was replying to - but so far noone has gotten it. Given the absolutely fascinating responses that have developed thus far, I'm inclined not to reveal my original meaning and simply let the lot of you fire arrows into the dark.
I'm really curious to see if anyone gets what I meant.
"Everything you say sounds reasonable except for the Linux bit. UEFI Secure boot will make sure Linux will never get on consumer PCs. Ever!"
I never said the Chinese economy wouldn't take a hit. I said it wouldn't collapse. The US, OTOH, relies on cheap Chinese goods so absolutely that an inability to source them would obliterate their economy overnight.
"Would the Chinese economy survive if we bought all our production back home?"
Yes. The US just isn't that significant. There are 6.7 billion other people in the world, and they will all still buy Chinese.
Microsoft doesn't make a better mousetrap. Microsoft runs a protection racket. If you don't use their everything, they'll break your fucking kneecaps. So pay the protection money.
That's what "bundling" and "integration" and "embrace/extend/extinguish" or standards is all about. Abusing a monopoly in one area to enforce a protection racket in another.
Most people don't want to buy Microsoft. They don't trust Microsoft, and they sure as hell don't want Microsoft's broken UIs. But so long as Microsoft can keep convincing those who hold purchasing power in governments and businesses to do so, they have us all by the balls.
"MS knew it was only a matter of time before Win8 would grow on (in?) you..."
Coming from an account named "Fungus Bob" just makes that statement all the more creepy...
Ahoyhoy! You coming to VMworld? I think I owe you a keg or three of beer...
@Ben Bonsall +1 for making me larf. Good show, that man.
"Despite its user interface, when it comes to touch and digitizer support Windows 8 is far better than Windows 7. There are many under the hood improvements in handling that kind of input which 7 lacks. People got so focused about the Metro UI they missed what other was done. I understand any attempt to build a tablet with good pen input supports needs Windows 8, not 7."
Um, no. I'm pretty sure that I said Windows 7 was ass at dealing with pens, or being a tablet. I know full well that Windows 8 has many under the hood improvements over Windows 7. It's the chrome that makes it a bucket of warm ebola.
And it isn't just Metro. It's the fucking charms. And the flat everything. And the zero delineation of controls. And the "cloud integration". And the streaming of your every move back to the hivemind. And the...
Seriously man, if it were just fucking Metro we wouldn't hate it this much.
Ultimately, that's the reason why people don't want to use it, even if the digitizer support is better. It's the 10,000 "little things" in the UI that pick and nag at you like a cloud of bees in your brains. Using the damned thing is just awful, and that's why people will cheerfully pay significant amounts extra to avoid it.
I was aware of the Android one, didn't know the Win 8 one had come out yet, but it makes sense. Which brings me back to "but it runs Windows 8." If Cintiq wanted to do a Win 7 jobbie on the same hardware, that'd be just fine. Worth a premium, even.
I'm entirely aware of all the tablets with Wacom digitizers (Surface, many of Samsung's, etc.) Hell, I own several.
The reason this Macbook Pro dealie has so many backers - and it isn't remotely the first attempt to "tabletize" a Macbook - is because it runs OSX. Windows 8 is a bucked of warm ebola. Windows 7 isn't particualrly great at being a tablet OS. OSX isn't much better...but it has a cult following, especially amongst "design" types who still buy into a two decade old mythos that says "to do proper design, you need a Mac." (That isn't true, BTW, and ceased being true a long, long time ago.)
The point here is that there are poeple who are willing to spend money on convenience. How is this any different than people who pay 2x or 3x more to get a bag of cough drops at 2am by going to the 24/7 convenience store instead of waiting until the morning and hitting up the bulk shop?
There are people - rather a lot of people - who loathe Windows 8. They loathe it enough that they would rather pay 2x, 3x or even 5x as much for what amounts to the same hardware just to get an operating system whose quirks don't drive them batty.
I sympathize. I am personally in that camp. A slightly modified (give me my fucking up button!) Windows 7 is my preferred environment. I am willing to pay extra and/or put in extra time to get that environment. Quite frankly, if my choices on my next PC were "$5000 Windows 7 box" or "$1000 Windows 8 box" there'd be no contest. I'd by the Windows 7 box.
So yeah, I get why people would mod a Macbook. I also get why they don't want a Windows 8 or Android Cintiq. Both of them are absolutely awful for the types of tasks that anyone with a digitiser is going to do.
So...despite the fretting about a few bent coppers...it's really not all that weird.
I agree that a wacom tablet is cheaper, but - and please do correct me if I'm wrong - they aren't generally portable unless they've been built into a "proper" tablet. They serve as a second (or mirrored) monitor where you do things like keep palette tools. At least, that's my experience with them...
To be fair, if I needed a pen interface to do my job, and the only available choices were "Windows 8" and "sacrifice a pill of virgins to get a frankenmac" then I would absolutely choose the frankenmac. Windows 8 is one of those things that is worth paying a significant amount of money not to have to deal with.
Alternately, I could just get an x86 tablet and hackintosh it. Or even Windows 7 it. Not exactly routes forward for large enterprises, but good enough for the lone gunman types.
To be fair, IPMI has gotten a lot better of late.
Emphatically have to disagree about the Brikk thing. I read it as an article in good fun mocking the concept of a gold-plated smartphone in general and the the "augmentation" of the iconic Apple design more specifically. I don't think the fact that he didn't include Brikk's willingness to bling up phones that nobody would ever bling up is relevant. He was having a bit of fun. He wasn't there to advertise on behalf of Brikk.
Hey, I've no problem with you disagreeing with me. Disagree away! You feel Jasper has a bias, but you manage to express it without attacking him. Yes, I do very much disagree with you, but I see no reason for wrath.
The difference is that you don't "discuss" and "poke fun at" J.H. You attack him.
I'm perfectly willing to have a discussion about my potential biases, and I'll even discuss them in my articles, with as much humour as I can muster. But attack me, and I'll punch you in the gonads. I fully expect any other writer to take a similar stance. Keep on attacking J.H. over and over in the comments and you might just get a rise. If it were me, I'd put little things into my articles just to get a rise out of such an individual.
We're reporters, not saints.
"Hmm... Trevor, can you spot a contradiction in what you wrote?
Seems like any assertion of independence by anyone - a person, a company, or a country - is now treated as a threat."
I can assert all I want, that doesn't make my independence a fact. It's those who try to go beyond asserting into "enforcement" that become threats to the powers that be.
Nope, you got the argument in a nutshell. And that's the argument the judge is throwing out.
To wit: the judge's argument is basically "it doesn't matter who owns the data, only who has access to that data. Microsoft US can access that data and so it must access that data if a US court says so, and no international warrant is required."
The repercussions of that surviving to set precedent are massive.
I use a Canadian provider, as I'm Canadian. Canada is Five Eyes, yes...but the US of A still can't just scan my e-mail "just because". Our laws very clearly prohibit that.
Now, if the US wants to use a warrant, my country will comply. I'm actually okay with that. If I've done something to draw targeted attention, then by all means, they should be doing their jobs and checking up on me.
But it's the dragnet surveillance that gets me. I'm a mostly law abiding citizen* who honestly tries to do the right thing. I make mistakes. I sometimes go a little far in having fun or asserting my independence. But I'm not a threat to anyone.
So why should my e-mails be scanned by a robot as part of a massive international fishing expedition and then taken wildly out of context and used against me? Why do I have to get hassled at the border when all I want to do is go to a conference and report on the events there?
I have a friend who lives in Washington. He's a systems administrator. Why does the border patrol flag up that I'm going to stop by his place for drinks on my way to San Francisco as being "obviously business related"? Seriously you guys, I met him on Spiceworks. He's a friend. We're going to have some fucking beers. It's the 21st century, that's perfectly normal!
Why does the US border patrol even have the power to snoop on my e-mail and determine that I am going to meet him? What the fucking fuck? Again: I'm not a threat to anyone, and there was no reason I would be "targeted". It was just caught up in dragnet fishing and then used against me.
So yeah, I switched my e-mail to something local. What the US is up to first of all is questionable under my nation's laws at best, and is illegal at work. More to the point, it's not okay.
My solutions aren't perfect. And maybe there aren't any good answers. But the only vote we foreigners have is the one attached to our wallets. So let's vote.
*laws are structured in such a way that it's impossible for anyone to fully comply with the law.
Oh hey cowardly scumtoad! How ya been? Totally off your rocker as usual? Awesome.
I don't know where you've ever seem me saying "Linux is great". Must be those drug induced hallucinations of yours. I seem to recall writing quite a few articles and comments that thrashed various bits of Linux, from the community to specific packages. But how great or not Linux is doesn't change the fact that Microsoft behaves in a manner that is quite decidedly evil.
As for your "Microsoft makes many billions" off of Office 365, you are again full of shit. Office 365 is still only somewhere around $1.5B annual run rate. Run rate. Not profit. And there's a lot of money to be made from Americans and from those foreigners who either don't have data protection laws or don't care about their own data protection laws. Capitalizing on stupidity has proven profitable throughout human history.
But I note again that you keep pointing to the amount of revenue Microsoft pulls in as an attempt to demonstrate that Office 365 must have some "obvious" value. You never actually manage to prove this, you just assert and assert and point to revenue figures.
So let me repeat a few things. First: the mafia makes a big swack of cash out of protection money too. They will break your kneecaps if you don't pay up. That doesn't make the "service" the mafia provides good value for dollar. Secondly, a lot of companies - especially enterprises - get in bed with services like Office 365 and Azure not because it offers the best value for dollar, but because it allows those companies to bypass their internal purchasing rules and get what they want with less fighting.
One day, maybe, cloud computing will be a good enough value for dollar that it is ready to take over for locally run systems and permanently purchased licenses for all segments. Personally, I look forward to that day.
As much as you are completely incapable of understanding this, I don't want to run servers. I'm not some locally-installed systems fetishist trying to protect their job. I hate fixing computers. It's boring and it doesn't pay well when compared to creating content for marketing or even to tech journalism. With any luck, I'll be mostly out of the game by January, keeping my hand in only for select companies and as a consultant on some larger projects. (I have a 100,000 node dual-DC project in mid 2015, as one example.)
I don't want to own and run servers. I don't want to maintain servers for my clients. I don't like doing any of that shit at all. Wanting cloud computing to take over this tedium for me still doesn't make cloud computing the best value for dollar for my company or those of my clients.
Unlike certain anonymous cowards, I'm not some deluded narcissist that thinks that whatever I happen to like or believe magically becomes true. My job isn't to proselytize a religion, or profess a belief. It isn't to shill for a company or to push one computing model. My job is to find the best solution for my client's specific needs amongst the available offerings and to do so without any blinders or biases, even if that means recommending services or products I personally dislike.
Oddly enough, that's the exact same attitude I bring to my writing.
And yes, more than just the technology matters. Value for dollar encompasses everything from the trustworthiness of the company to the availability and visibility of a long term strategy, to the planned refresh cycles, to the history (if any exists) of the company and how it treats it's customers/partners/etc all the way through to disaster planning that ranges from technology to dips in revenue that could affect the availability or functionality of subscription-based IT services.
All of it has to be looked at, analyzed, and planned for bearing in mind the level of risk acceptance/aversion of the people who actually own and operate the companies in question.
As to my continued relevance, we....I'm a systems administrator by trade. I have backup plans for everything. I suspect I'll be here to refute your bullshit for quite some time to come.
You, on the other hand, only seem to have assertions to offer. Oh, that and calling me "paranoid". Good show, that really served as a grand comeback to the real world issues of both the legal complexities of data sovereignty and the ethical issues that underpin the whole conversation. Congratulations on that riposte, it was absolutely legendary.
At the end of the day, I am who I am, and the people who read my words - as an article or as a comment - can learn about my background and me in depth quite easily. They have a dozen ways to contact me to ask me specific questions about why I might say this or that. Ultimately, if something I say worries them or makes them want to chase that topic more to understand if something could affect them the ability to do so is there...and because they know my real name they can even quite easily find people who've worked with me in the real world and ask them pointed questions. My life, in that regard at least, is an open book.
You, on the other hand, are a coward. You won't put your name and your reputation to your comments. There's no ability to check out your background or question those you've worked with. There's nothing but assertion after assertion after assertion, most of it straight out of Microsoft's marketing guide. Hell you're arguments even evolve to echo Microsoft's marketing arguments whenever their playbook changes!
You don't offer a thoughtful, considered viewpoint with any depth of complexity. There's no nuance to your assertions and there's no middle ground. You parrot back Microsoft's party line with a dull persistence that borders on an elemental force while viciously attacking Linux, often with outright lies or - at best - half truths.
I despise you. Not because of what you say, but because of how you say it. I have no respect for you because you hide behind a cloak of anonymity, and use baseless assertions, lies, half truths and ad homenims to push an agenda that you hew to with religious fervor.
I despise everything you represent not because you champion a cause I disagree with, but because you go about it in a manner that lacks any form of personal honour. You are a bad person and - to be perfectly blunt - you make Microsoft look very, very bad.
That you personally champion Microsoft is probably as responsible for my loathing of Microsoft's business practices as what Microsoft actually does. You are the living embodiment of Microsoft's marketing messaging and methodology. Their voice made manifest.
For all the evil that Microsoft actually perpetuates it is the utter contempt with which they treat customers, partners, developers and staff that I find detracts most from their credibility and their trustworthiness. Every single post you make reinforces the reasons for that for me. it reminds me all over again exactly what it is about that company that is impossible to work with.
You are a poison. One set loose on the internet without restriction or morality...but it is your host that you are poisoning. It is Microsoft's name and image that you are degrading, not that of Linux, Apple or any other Redmondian competitors.
You obviously couldn't care less about what I think, and that's entirely your right. But I am absolutely positive that I don't speak merely for myself regarding the above. I am positive of this because I have had hundreds of commenters reach out to me to either complain about you, thank me for engaging with you or both.
So by all means continue with your manufactured tirade against me, Linux and whatever else you can find while pimping and promoting Microsoft. No matter how much you frustrate me personally, you ultimately are doing Microsoft a far greater disservice than I - or anyone else on these forums - ever could.
In the future, however, your arguments might bear a little bit more weight if you disabused yourself of ridiculous notions like "Trevor hates the public cloud" or "Trevor loves Linux." For the record, I hate everything until it has proven itself to me, and even then I am only interested in those products, services, companies and individuals which can be shown to provide the maximum value for dollar for the individual or company in question. And I absolutely don't believe that one size fits all.
Now, you can take all of this and twist it around, take it out of context or attempt to use it to paint me as a small man who obviously isn't as important as yourself. (And how could anyone ever know? As an anonymous coward you are nobody and you mean nothing.) Go right ahead. I'm not posting this for you. I'm posting it for me. To vent my spleen and so that I have a post to link to for future interactions.
Good luck with all your endeavors in the future.
"the US economy would not collapse if all non-US Microsoft/Google/Amazon etc. customers abandoned them (assuming they all could find alternatives that met their requirements)."
You don't understand what I actually wrote. I said, in essence, that "in the eyes of US.gov and US.courts, anyone who does any business whatsoever in the USA makes themselves subject to US law." That's not something you get to argue, that's proven fact at this point.
I also said "if the US passed a law that said any company with a US presence must make available all their data for review by the US government at any time the US government says so, their economy would collapse the next day." I stick by that. Because that law would mean that any Russian, Chinese, etc company that did any sort of business in the US or had a US server, or rented a US server, or used a US cloud service etc would suddenly be on the hook to pony up unlimited amounts of data to the US without a warrant - which is what this whole case is about, BTW - and that is something that the rest of the world absolutely wouldn't put up with.
Functionally, I would instantly become illegal for Chinese, Russian and EU companies to do business in or with the US overnight. That would destroy their economy. And that is the only reason they don't do it.
"And we are, after all, apparently talking about execution of a warrant in a criminal investigation."
No, we're talking about the right of police and/or the courts to access that information without a proper international warrant. Merely the demand of a local bench judge. This is a completely unprecedented scenario and could have disastrous consequences for US economic relations, especially in sensitive industries where tensions already exist and industrial espionage is already rampant.
Google, Microsoft and Facebook reading my e-mail in order to advertise at me doesn't affect me much. They aren't likely to read my e-mail for industrial espionage purposes, because if I could catch them at it, they would lose everything.
They can't use what they learn there to hassle me when I try to enter the US to get some business done, or cover news as a reporter. They can't use what they learn there to try to prevent me from doing business via some form of protectionism.
Corporate snooping on my data for the purposes of advertisement just doesn't mean much, excepting that the adverts might be a little non-opportune and mildly embarrassing in the wrong company. Oh well.
The US government can ruin your entire life or put your company out of business based on misinterpreting what other people choose to send you in an e-mail. That is a problem.
Sorry, but no. The issue is "US legal attack surface." It doesn't matter if you are incorporated in another country. If you have any operations or assets in the US, then the US will say you must comply with them. That includes - at la megaupload - even renting servers in the US.
So not only is Microsoft legally bound to turn over all foreign data it controls, but if you use Microsoft's Azure and Office 365 then you are making yourself and your company subject to American law.
Now where is that Anonymous Coward Microsoft marketing shill to tell us how this is all totally irrelevant because Microsoft is the greatest company on Earth and the cloud is the future? Something comes up that on the face of it seems to be downright horrible for any non-Americans who might want to use cloudy computing - and it's certainly bad for Microsoft, who has bet the farm on same - and he's suddenly nowhere to be found!
Come on, let's get a debate going here, where he can jump in with things like "if you have nothing to hide you have nothing to fear". I really do want to see him worm his way out of the fact that the US feels it has sovereignty over my data.
Dance marketing shill sockpuppet, dance!
"Nah, they'll just bring in a law making it illegal to trade in the US or with US-based organisations if your infrastructure is not open to the US government - on the basis that you must have something to hide."
That would be slitting their own throat. The US economy would collapse literally - not figuratively - the next day.
Damn it, always late to the party.
"I hope someone has a secure back up of all their old strategies because they are going to need the old one that has “corporate windows” written [in gold] on the cover."
If Microsoft truly do alienate their userbase so much that this would be required, do you honestly think that the world would be willing to submit to that kind of lock-in again? With the same company that they abandoned for lack of trustworthiness?
"Withdrawing from the ECHR would be a bit like the USA withdrawing from its Constitution. Crazy."
I don't understand what you are saying. MPTCP means that there are two or more routes for data to get from A to B. It takes the fastest available route, sometimes by spamming both routes with the data. The only bit you care about is the bit that hits your network. I.E. that which travels over your network (via WiFi, for example) or where both streams enter your network and try to accomplish something.
The rest is Someone Else's Problem...and for them it's just transit traffic. Worst case scenario from a speed perspective, this makes the guys at ThousandEyes have to put a few weeks in to solve the problem.
So if MPTCP is a concern for those trying to figure out network congestion - which shouldn't care about the content of the packets at all - I don't understand how. What does matter if the ability to do intercept, because with MPTCP you could have some packets on path A and some on path B, and so intercept on any given path won't get the whole stream.
NAT isn't security. But it is obscurity. And for many of us, that's very important.
"Sorry Trevor. I agree with your general sentiment but you didn't live through the mess that was the UK in the 1970s."
You're right, I didn't. But trade unions still represent people directly. They are the equivalent of a music label, not of an association that represents music labels. The AARC is the equivalent of an organisation that represents a group of trade unions. Not the equivalent of trade unions themselves.
There is a difference. Good or bad, the trade union directly represents it's members. They are directly responsible for what happens. But the AARC doesn't answer to the artists at all. That's what makes it dangerous. They are far enough removed that they have lots of power and no restraints.
As for "how horrible your trade union strife was", I probably will understand. I live in a province that puts huge amounts of time and effort into union busting, so all I see is that there are damned good reasons for unions to exist, and that people in power always try to grind down individuals who seek to use collective bargaining to not end up becoming a slave class.
I'm a socialist. I believe in the right to collective bargaining. I believe in quality of opportunity and that we should strive towards equality of outcome...but that there need to be wiggle room in the outcome, because some humans are naturally far more greedy than others. If they don't have the ability to lord it over others, bad things happen.
In my view of the world we all contribute as we are able to society and we all benefit together. I have no time for those who don't want to contribute and I have even less time for those who want all the benefit and damned be those who will themselves giving their contribution.
So maybe the UK went through a bad time. That isn't going to either convince me unions are evil or that an organization that represents companies which then represent people is somehow the same as an organization that represents people directly (and whose leadership is elected by those it represents, which is still very unlike record labels!)
And I believe that difference is important.
"Since when did anyone care what you believe?"
You, evidently, since you can't stop yourself from trying to convince me of your lies.
Oh look, an anonymous coward asserts, and asserts, and asserts some more. Pretends he's a big shot. You obviously are just the bees fucking knees. You must be really important for you to spend so many hours a week on here pimping Microsoft's party line, especially if you don't work for them. You're so important that it just doesn't matter that you don't put that time into your job, or the sanity of having a life, or really anything better than repeatedly bullshitting commenters on a forum on the internet.
Oh yeah, I am thuroughly convinced that you're an indispensable big shot who just couldn't care less what I think. Good job. I bow in awe.
" Public cloud services are almost always vastly cheaper than the fully loaded costs of building, hosting, licensing and supporting infrastructure and applications in house - unless you are large enough to have massive economies of scale and are happy to run all of your support and technogy out of third world countries..."
Prove it you fucking shill. You assert, you assert, you assert. But actually prove it's cheaper for more than just the enterprise. And not using bullshit inflated numbers for OpEx. Prove it or go drink a gallon of fucking draino.
"For instance it is currently cheaper to subscribe to Office 365 (that includes the full Office client!) than to license Office on it's own - and that's without even looking at the infrastructure, license and support savings!"
Again, only if you buy into Microsoft's bullshit "upgrade every three years" fuckery and you honestly think there's value in having a new UI foisted upon you every fucking upgrade generation where you have no say and you - at best - can hold onto one version back. Unless you're a large enterprise, your upgrade horizon is 5 years, and for many companies it's 10 years.
"On which planet? I pay £23.68 per Linux VM a month before discounts:"
Okay, so the prices have come down some in the intervening few months. To get 2 GB of RAM - not 1.75 - I have to choose a 3.5GB instance. That means $892.8 per year, which is still fucking outrageous. That's $4464 for a single fucking 2GB Linux VM over a standard 5 year refresh cycle.
And, in addition, I do actually have to worry about backing up my VMs and data, lock-in and more. So my costs are higher than that $4464 per year, often up to double.
It is you, sir, who has clearly "clearly have never been anywhere near a senior role that has the information, knowledge and experience to make these type of decisions." Which makes sense, for a paid marketing coward who is afraid to put his name to his blithering idiocy.
Repeatedly asserting Microsoft's marking bullshit doesn't make it accurate.
"Custom-tuned setups can be far more efficient than white-paper solutions but known quantities bring their own efficiencies and shouldn't be discarded."
The answer being a function of whether or not you're spending your own money.