Re: Removed How?
"Still, curious to see what M$'s definition of "eventually" turns out to be.."
I wondered that too. About 5 years?
16449 posts • joined 16 Jun 2014
You're displaying a fairly common human trait: thinking that your experience is universal. Those of us who have been zapping Windows in favour of Linux for friends, relatives or clients have a different experience. Clearly this isn't one that you're going to share; from what you say it seems likely it would be outside your comfort zone although you'd probably be surprised to find it wouldn't be outside your capabilities.
'Unless you're going to fall in line, buy a lot of "apps", and be the consumer Microsoft wants for its new business model, then they don't really need to be subtle about getting rid of you.'
That depends on how many people want to buy them. On that basis they could end up getting rid of more & more possible customers.
"it seems that they feel the only way to increase sales is to force ANY business to upgrade to Enterprise, whether or not it's an appropriate choice."
Of course the message received isn't necessarily the one that was intended. It could easily be interpreted as "Windows isn't aimed at SMBs any more.".
So take it to the end of the chain, and make each website owner legally liable for all damages caused by malware served by visiting their site."
I agree that that ought to be the case. But it's not the quickest solution. The quickest solution is ad-blockers.
"you may find that the pension fund is lacking money that was given to the shareholders while BT had a pensions holiday."
The pensions holiday was forced on it by HM Treasury. Can't have companies evading tax by paying too much into pension schemes.
Ultimately, of course, it's HM Treasury on the hook because of the pensions guarantee. Other pension schemes that are in deficit because of enforced contributions holidays aren't so fortunate.
"The split of responsibility for the pension deficit would no doubt have caused some very considerable complications were BT forced to split off OR (as, arguably, most BT pensioners would have worked in areas which functionally fit with OR)."
If OR were to be floated off as O2 was with the same arrangements it would still be the BT pension scheme on the hook for those pensions in payment. I'm not sure about deferred pensions.
"The business also revealed net pension deficit of £5.2bn net of tax"
That's not exactly a revelation. It's had a deficit for years now. Like other pension deficits it's a consequence of government policy coupled with the law of unintended but-entirely-foreseeable-if-only-we-weren't-so-dumb consequences.
Once upon a time BT's pension scheme was in surplus. HM Treasury tend to treat pension contributions as a species of tax evasion* and force companies which are in surplus beyond limits to take a "contribution holiday". This means that the surplus is less than it could have been and more easily turned into a deficit. That's one side of it. The other was Brown's stealth taxation, specifically his removal of allowances on pension schemes' investment income. That was quite obviously a tax on the future. That future arrived years ago and, because pension schemes had less reserves because of the contribution holidays, they found themselves in deficit.
*Being Civil Servants they have the CS pension arrangements which are a species of Ponzi scheme. There's no pension fund. Pensions are paid out of current contributions being backed by HMG's current account where necessary. BTW, whatever the popular view of Civil Service pensions they're not that great in comparison to BT's.
"Couldn't find any clue as to who actually runs this Monster Cloud business. But it appears that the domain is registered to a sole trader (though not with real name, which might be in breach with Nominet's rules, but I can't be bothered to confirm that right now)."
Their web site gives a registered address in Regent St, London but there's no Monster Cloud on webcheck on companies house.
The whois registration address is given as Manchester and the registrant as Clever Consultants with a web address whose hosting has lapsed but with the same whois address as monstercloud.
Companies House has two Clever Consultants Limited, one dissolved with a registered address in Argyle St, not far from Regent St but not the same. The other has a registered address in Woking. Whether either was/is connected with the Clever Consultants (not limited) responsible for the registrations is not clear.
"But the idea is that the Schrems judgement has set a precedent that gives the EPDB exactly these powers. As a result courts are likely to side with the EPDB all the way up the chain making it pretty pointless for member states to challenge the EPDB over this."
What the article has to say about it is: "Decisions based on that Guidance can be challenged by another concerned supervisory authority and if there is such a challenge, the matter can go to the European Data Protection Board (EDPB)."
What's the situation if HMG waters down implementation to an unacceptable degree but the ICO does nothing about it. My reading that sentence implies that the EDPB would only get involved if another regulator complained. I suppose that might happen if a citizen of another country were dealing with a UK-based data controller. If, however, it was a UK citizen dealing with a UK data controller and the ICO wouldn't act then unless they could appeal direct to the EDPB there appears to be no other route than the court.
"Apple are also reliant on Intel investing heavy R&D into CPUs that can crunch lots of data without hammering the power.
If Intel are effectively giving up on all this, then they're placing Apple in a similar situation to the one they found themselves in back in 2003, when they had similar problems with PowerPC.
Coupled with AMD's graphics IP and this makes AMD a rather tempting purchase for Microsoft"
By the same token it must make AMD a tempting purchase for Apple, maybe even more so.
"that makes the software out of date"
No, it makes it require maintenance. Development is the process by which software is launched into maintenance. It usually spends most of its life there so it's no excuse for assigning the least competent staff to the job. Neither is it an excuse for relying on maintenance to do all the bug-fixing that should have been done during development (did someone say continuous release?) so documentation and testing are equally important in both phases.
"Information security has always been a matter of corporate survival."
It needs to be a requirement written into company law as part of the director's responsibilities so that our A/C Information Security Officer could remind his board about the possibility of their becoming HM's guests, and not at a garden party.
You need to think outside current models. Here's one.
One admin user has the power to allocate blocks of storage for a specific application. It can neither read nor write to those blocks, just allocate them. The user has to log on specifically as that user to do that - no privilege escalation is allowed.
The specific application does nothing but provide access to specific clients. It has complete and exclusive control of the blocks allocated to it. Once a block is allocated no other application can read or write to that block; there is no super-user which can also do that, not file system which kernel routines handle. The application enforces access writes based on a combination of both client application and user. The server application starts on boot-up or has to be restarted by a specific log on - no escalation of privilege is allowed.
Write access can be tied down completely - the server can be configured at source to only accept requests from specific applications. If the server isn't so configured then control is devolved to a specific admin user who can grant write access to specific clients. This admin can also specify applications from which read requests are handled and can optionally grant this right to specific users. The admin user has to log in specifically, no escalation of privilege is allowed.
Software installs and updates are handled by a specific user ID which checks signatures of install/update files. The user has to log in specifically to do this, no privilege escalation is allowed.
Granting user credentials? You guessed it. A specific admin ID to be logged in, no privileged escallation allowed.
So Cryptolocker can neither read nor write your office files directly. It probably can't have read requests accepted and it certainly can't have write requests accepted. It can't escalate its privilege to reallocate the office storage space to itself nor can it escalate its privileges to install itself as the server for that space nor even escalate its privilege to allow itself access, even if the server accepted such grants of write access, all these actions require a specific login, each with their own credentials. On a privately owned machine the user may have the credentials for all these admin IDs but in a business environment this is unlikely. This would make it significantly more difficult to persuade a owner/user to compromise their own machine and in the case of properly administered business networks it would require the collusion of one of the admin team.
You say Windows can have compartmentalisation of admin rights. But can it have compartmentalisation of access to hardware resources?
It makes admin less convenient but in part we are currently victims of a trend to make admin more convenient at the cost of reducing security. That isn't a good trend.
"Windows has much of this built in and has done for a long time."
So if, for instance, I installed MS Office on a Windows PC I could configure it so that only Word can write to Word documents and only Excel could write to spreadsheets and that either format could be read to email them but neither could be read to copy to a USB drive?
Biting the hand that feeds IT © 1998–2019