Slashdot Mirror

Ants in Weird/Odd Places:

Bugs in the computer: Sun
Microsystems, Inc. knows why Brazil is known to its native inhabitants as the kingdom of the ants.

Ants in yer... Pants? NOT!
(Toshiba notebook/laptop); Ants
Invade Apple iBook; "Yep, those are ants in that laptop".

(Tele)phones: Panasonic Cordless Phone and Ants In My Nokia Mobile Phone (A Yahoo! account is required).

Ants in Omniview switchboxes: An e-mail story of ants invading a network
switchbox.

Argentine ants invade a network hub.

Computerworld on "Ants had taken up residence in a guy's external hard drive. Seen on /.).

A photograph showing ants nesting in a guy's phone box, affecting his
digital subscriber line (DSL) connection and phone system.

A 38 seconds YouTube video showing crazy ants in a computer mouse.

One minute and 19 seconds Break video, from VideoSift: "Creepy Surprise. -- Wife asked me to try to get the printer to work, since she was having some problems with it. Imagine my surprise when I looked inside..."

Help,
A Colony Of Ants Attacked My Enterprise Rental Car And Ruined My
Vacation!

Storage is far from solved, let's look at that with your proposed theoretical limit of 1 exabyte and see how that works out. The bottom line is can you buy something like that and use it, it's a little more complicated than buying a bunch of hard drives and sticking them in a several cases and pushing the power button. You've also got to have a lot more drive overhead available to compress all this data to begin with, so you'll need more than an exabyte of working drive space.

Let's start with a company that is well know for making storage arrays. To put this in perspective Drobo in aggregate has sold n Exabyte of storage to /all/ of it's customers. How about backing up this enormous amount of data that you propose is being captured? StorageTek announced the worlds first Exabyte capable Tape drive backup only two years ago.

Now let's look at something from are pie in the sky friends over at DARPA and see what they are doing. It seems they recently announced that they will build a 4 Exabyte system in the for military surveillance. Now let's really go out there and look at marketing for a company claiming to meet the governments theoretical future demand for a really, really large array to be used for data mining and you will find contemplating a 10 exabyte capacity of storage and inquiring what it would costmodel that could meet that demand in the future.

To put some perspective on the logistics of actually doing this look at Cleversafe, they are creating a 10 exabyte array that will be housed in 8 different data centers in 8 different states and use 4.5 million disks.

"Rubber duck says he's your friend Adam. Grant access? y/n" Rubber duck strikes again!

They basically get money for every PC sold..

They get money for every Android device sold!

But we don't really know how much, and it's certainly not enough to replace the Windows+Office income they are slowly losing.

They basically get money for every PC sold..

They get money for every Android device sold!

Emergency crews, firefighters, and police, the bulk of the official response to disaster and such, for example, rely on radio not on cell phones.

Right, so you're claiming that telephones are unimportant during an emergency.

No, I merely noted that actual emergency workers don't rely on them. And given that the cell network currently can go down during a large scale emergency (not just any emergency), cell phones can't be currently an important part of large scale emergency response.

Let us recall that my reply was to your previous and very different characterization of my statements as "nobody needs a telephone during an emergency". You might need all sorts of things that aren't there in an emergency. For example, if you're seriously injured you need to be in an emergency room not underneath a pile of rubble.

These things are rare. We don't have to speculate, we just look at the occurrence of actual large scale emergencies that overwhelm the local cell network infrastructure.

How rare? I ask because I'm pretty sure you're just making this up. And what about other unrelated things that happen during an emergency? Someone bombs Boston, and what about a robbery that happens at the same time? Any one scenario is rare, but when you add up all the various possible rare scanarios, are they really so unrealistic?

Well, that's not a very honest answer. Where's this data that supports or undermines my point? I'm the only one doing work here.

This story indicates that "unusual events" happen a few times a year (including holidays like New Year's Eve). I don't know how many emergencies make that up, but some of them would be normal holidays.

and yet, we might have to shut that network down when it's most needed.

Wait, so are you admitting here that cell phone infrastructure is needed during emergencies?

No, I wasn't. It was a precondition of your argument. If we depend on cell phones to report problems during large scale emergencies (as you desire), then we need to consider reasonable scenarios where we have to turn off that network precisely at the time we most need it. If we don't, then it doesn't matter if we turn off the network.

Personally, I'm dissatisfied by your "honesty" in this discussion. My statements are misconstrued (your shifting equating of my observation that emergency response doesn't depend on cell phones with at least two different statements or my "admission" above about cell phone infrastructure just above); you demand hard numbers from me while simultaneously providing no support for your own side aside from a few contrived emergency scenarios and irrelevant analogies; repeatedly asking "But then are we really ok with that?" (when that has been answered a number of times to the affirmative, which I gather we somehow didn't "really" mean); and of course, there's the annoyingly dismissive and erroneous "The whole post sounds like you're searching for reasons for me to be wrong without having a real argument."

The bottom line is that cell phone networks are already expensive. Everything I've read implies that expanding them to handle rare emergency loads costs a lot and there just isn't a good case for spending that kind of money. That's the best I can say.

Debunked my ass. A different article from the SAME source claims in the US "it's near full employment for software developers, whose unemployment rate falls from last year to 2.2%".

http://www.computerworld.com/s/article/9238266/Unemployment_rate_for_electrical_engineers_soars

As a software engineer, I appreciate the scarcity that has caused salaries in the Bay Area to rise more quickly in the last couple of years. But as someone who has interviewed endless streams of unqualified people, the industry really does need a larger applicant pool. (Lets face, it, the percentage of current software engineers who are just plain bad is well above 2.2%, so that's about as close to full employment as it will get).

It's all about the Benjamins. Check out this article from ComputerWorld: http://www.computerworld.com/s/article/9238180/Career_Watch_A_debunker_of_H_1B_claims

Actually, I think it was Microsoft that killed them off...

Right. And they heavily pressured vendors not to sell Linux netbooks.

There is, though, a thriving Linux netbook industry in China.

At least it didn't wipe this hard drive that was found among the debris from the Columbia accident:

http://www.computerworld.com/s/article/9083718/Shuttle_i_Columbia_s_i_hard_drive_data_recovered_from_crash_site_

The camera built into my laptop most certainly can be turned off or completely disabled. It also has a little LED next to it that lights when it's active, so it's easy to know when it's on.

Actually, this can be circumvented, and as this case shows us, it has been done before.

This sounds an awful lot like what Andrew Auernheimer did.

If the justice department or any company affected by this wants to, they could claim Computer Fraud and Abuse.
Yet somehow I doubt the "researches" will get any jail time.

I thought the first paragraph was interesting. Then I thought the second paragraph sounded foilhatty. Then I googled "rfid tires" and the first article is almost a decade old:

It isn't the tires per se, its the tire pressure monitoring systems which are mandatory - manfucturers have two choices, one that broadcasts a unique id to the world around you and one that just pays attention to each wheel's rotation speed to detect changes in diameter due to changes in pressure.
TPMS security problems

After a quick skim it doesn't really answer this question, but this article (linked in TFA) has more info on the Dreamworks infrastructure and more vague-but-exciting-sounding statistics.

"The data included email addresses belonging to New York Mayor Michael Bloomberg, New York Times CEO Janet Robinson, ABC's Diane Sawyer, movie producer Harvey Weinstein, former White House chief of staff Rahm Emmanuel and numerous others." http://www.computerworld.com/s/article/9237685/Judge_ignores_leniency_plea_hands_AT_T_hacker_a_41_month_sentence?taxonomyId=17&pageNumber=1

Not really "regular" people.

Speaking as someone who was IRIF'ed during a large, showy reorganization at Xerox, I beg to differ:
http://www.computerworld.com/s/article/9228947/Xerox_s_outsourcing_one_year_later_layoffs
And that move definitely destroyed the once-proud solid engineering traditions of the Phaser printer org that Xerox acquired from Tektronix. Used to be an amazing group of innovative engineers there, and now just a burnt out husk remains.

AFAIK Bing / MS Mail (whatever its called now) has historically scanned email in the same way as google

And you would be wrong.

Here is Microsoft's statement on what Outlook does not do:

Outlook.com only scans the contents of your email to help protect you and display, categorize, and sort your mail appropriately. Just like the postal service sorts and scans mail and packages for dangerous explosives and biohazards, Outlook.com scans your mail to help prevent spam, gray mail, phishing scams, viruses, malware, and other dangers and annoyances. Microsoft and its email services, including Outlook.com, Hotmail, and Office 365, do not use the content of customers’ private emails, communications, or documents to target advertising.

http://www.scroogled.com/OurPosition

This has been Microsoft's position since at least 2010.

Microsoft does target ads through tracking cookies, like Google, yes. But they offer, like Google, a nice way to opt out of this. This site shows all the information they have on you and a centralized way to opt out of it all: https://choice.microsoft.com/en-US

As for Bing, one of the nicer points of its privacy policy over Google is this statement:

We store search terms (and the cookie IDs associated with search terms) separately from any account information that directly identifies the user, such as name, e-mail address, or phone numbers. We have technological safeguards in place designed to prevent the unauthorized correlation of this data and we remove the entirety of the IP address after 6 months, cookies and other cross session identifiers, after 18 months.

http://www.microsoft.com/privacystatement/en-us/bing/default.aspx

I don't believe Google has a similar clause in their privacy policy.

Finally, it's worth remembering that Google earns 96% of their revenue from advertising. They are an advertising company and thrive on delivering relevant ads to you. When it comes down to it, when the choice is between your privacy and their company, your interests will always lose.

"repeat offenders will not be pursued as they are not the kind of people we can reach"

From http://blogs.computerworld.com/internet/21817/six-ways-pirates-can-get-around-coming-six-strikes
(my emphasis):

Later during the interview, when asked what happens if you get Strike 7, 8 or 9, Lesser said, "Once they've been mitigated, they've received several alerts, we're just not going to send them any more alerts. Because they are not the kind of customer that we're going to reach with this program."

I think "riding it out" as recommended in the blog is a Bad Idea. To me, the "with this program" caveat implies they have other plans for people who ignore them, probably involving the courts. By time you rack up six strikes they will have lots of evidence of infringement, and plenty of evidence that you ignored their warnings. Defending yourself in court against that kind of evidence is hard (read expensive).

Why not just fork Android ?

Because then they would still beholden to the Microsoft tax.
Why its Firefox OS, I have no idea. From this article here it sounds like its just doing what WebOS did. And given Mozilla's history, this is exactly something Netscape would do. Thinking like a telecom CEO, I could see them being slightly afraid of Meego as it came from Nokia, and it didn't save them. Firefox is probably something they have heard of and used as opposed to the likes of Ubuntu or Tizen.

2. Switch over to Usenet or a similiar site..

I never stopped using Usenet. When the ISPs killed off free access- most people didn't switch to a paid service like easynews or giganews and beginning circa 2008 there was definitely less diversity and obscurity in binaries posts. Maybe not easy to understand for every day users compared to torrents (formats, joiners, what to do with missing parts, etc.), but you're not uploading anything when you're downloading. Not to plug easynews, but they even have a web portal that joins all the parts for you and you can download everything at ISP speeds over HTTPS. Much better than dealing with trickle speeds you get from the more obscure torrents.

Wireless radio systems have been around for about a century now, and Im not aware of anyone ever pulling off a hack of a car radio system or a radio tower through radio transmission.

http://www.computerworld.com/s/article/9229919/Car_hacking_Remote_access_and_other_security_issues
http://www.caranddriver.com/features/can-your-car-be-hacked-feature

But you don't have to gain control of a car to do damage. If you can convince a V2V car that the 5 cars immediately ahead just came to a full stop because of a collision, you may be able to trick it into braking hard, causing a collision behind you.

From the 2nd fine article:

If you feel "wrongly accused" then there is a $35 'review fee' to see precisely what you are accused of. It's refunded if you win, but if the Copyright Alert System is so sure of itself then why charge at all? Why not let individuals know what they are accused of without this stipulation that the fee is to stop "frivolous appeals?"

You actually have to pay money to see what this non-government cabal is accusing you of? It costs them next to nothing to tell you what the exact accusation is. It's just a few more bytes in the warning email or in a web page linked to by the email. I could maybe understand having to pay a fee to contest the charges but it is truly Kafkaesque to have to pay a fee just to find out what the charges are.

The whole Do not track all new cars are having a black box that will save at least the 5 seconds of a trip that can be pulled in case of an accident that shows what the car was doing before the accident happened. http://blogs.computerworld.com/20109/busted_your_cars_black_box_is_spying_may_be_used_against_you_in_court

The whole thing with this guy is that he got a free ride and then tried to make it look like the car was bad and apparently got caught. His argument should have been in the real world people will not be following exactly what the car manufacture said. Will someone wait at a fill up station for the car to be 100% when they leave. No. Will they not drive in circles to find the best parking spot. Yes. When he said he got bad advice about driving with the heater on is really a so what type situation in I can see in the summer it would have been a drive with the air on.

--Back in the day when Win7 SP1 came out, I read up on user experiences - and various people were posting things like SP1 slowed down their system, and did not offer any significant features as a worthwhile reason to update to it.

http://blogs.computerworld.com/17982/windows_7_service_pack_1_dont_install_it_yet

http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/windows-7-service-pack-1-made-my-computer-slow/0d8d1373-4267-44ef-970d-39b0349748a9

--Even now, I would ONLY install SP1 after making a full system-image backup.

Actually, Bill (Gates) got this one right when he (I have the audio recording) stated that no one needs more than 640k on any computer.

Right. Release the recording or it didn't happen!

I wish this guy had done his homework. This was fixed a long time ago:
http://blogs.computerworld.com/when_linux_does_well_the_e1000e_ethernet_bug_fixed

I am amazed that you got a patched e1000 driver working with a 82574L based piece of hardware... mighty impressive hacking! You should have written up a report on how you managed it for the rest of us to study as homework.

I'm pretty much in the same boat, but I signed up directly with the MyFICO service, which was eventually sold to Equifax. I run a wildcard email forward on a throwaway domain for all my vendor contact stuff, and I'm not getting hits like this for other domain stuff as other comments suggest. I receive obvious finance related phishing crap, related to this financial information transaction, at this specific email address. In my case, the email address was dormant for 4+ years with zero traffic before it got hit.

As close as I can tell, the source of the leak is: http://www.computerworld.com/s/article/9215527/FAQ_Epsilon_email_breach

Of course, I could be wrong, but it's unsettling to say the least. Trying to explain it to an elected official to get some sort of action (specifically, official letter requesting more information) is less entertaining than rope pushing. Direct calls to Equifax have been completely unproductive.

And there's a mass of malware to go with it. You're probably infected and don't even know.

http://www.computerworld.com/s/article/9223777/Massive_Android_malware_op_may_have_infected_5_million_users

Even Milton Friedman regarded the H-1b program as a subsidy to employers.

First of all a public service announcement: To everyone that writes "M$" in 2013...This...Is...YOU! and this is what everyone sees and instantly dismisses when you write that lame ass M$ in 2013. You could write the most brilliant post in the history of Slashdot but a good 80%+ will NEVER read it because they see M$ and think "douchebag" and move on. So don't waste your time unless you want people posting your group photo as the very next post.

Second of all lets get something VERY clear for those that don't seem to understand how these things work, okay? ALL OPERATING SYSTEMS that would be what we consider "modern" are some of the most complex pieces of software EVER written, we are talking millions of LOC in the kernel alone and thousands of little sub-programs that ALL have to work in concert to give the user the illusion that its all one program that "just works". Is Linux even close to immune? Not only is that a big NO but to even suggest it is is a symptom of what is known as "magical thinking" such as "If you buy (product X) then you will magically be safe!". We in IT have seen magical thinking used to sell everything from OSes to firewalls to routers and reality will blow holes in that lie every single time.

So if Linux is vulnerable why don't we see Linux attacks in the news? We do only they are called "Android attacks" and in fact its predicted that later in the year Android will reach the one million infected mark which considering that Android isn't even a decade old is pretty impressive.

Look its actually VERY simple, and evidence has bore this out time and time again. Criminals ARE LAZY and want to do the least amount of work for the biggest bang so they want to go after the biggest targets to yield the most infections they possibly can. I mean writing a OS/2 virus today would probably be the most trivial thing in the world yet you don't see anybody doing it, why? Because the fact is even though eComstation still sells OS/2 there are too few using it to make it a juicy target. But the malware writers WILL go where the targets are, used to be it was always Windows, then Vista bombs and everyone in the press starts talking about how Mac adoption is climbing, what happens? Mac Guardian and Mac Defender. Android phones and tablets explode in usage, what happens? Thousands of Android malware released weekly.

So anybody who thinks their OS is gonna magically protect them from malware because "(product X) doesn't get bugs!" is merely deluding themselves with magical thinking. There are even articles that helpfully helpfully explain this and point out how switching platforms just for the sake of magical thinking (in the article OSX for Linux but you can insert any from and to in there and it still fits) just doesn't work. Be it Linux, Mac, or Windows you can find plenty of bugs, I could spend 5 minutes and cover this page in reports of bugs for all 3, I already listed the 2 biggest Mac bugs of recent memory, TFA is a Windows bug, and just off the top of my head there was the KDELook theme bug and the infected Quake 3 that was served up by most repos for a year and a half on Linux. NO OS is safe, NO OS is immune, and if you are gonna claim security by obscurity is actual security you might as well run Win95 or BeOS because hey, there aren't any bugs circulating targeting those OSes either.

they tried to advertise Windows and .NET with one of their "studies" years ago when the London Stock Exchange started using their products for it's trading system and they even made a nice video about it:

Get the Facts: The London Stock Exchange
http://www.youtube.com/watch?v=BwSM55bsCrM

but it looks like it didn't turn out that well..

London Stock Exchange to abandon failed Windows platform
http://blogs.computerworld.com/london_stock_exchange_to_abandon_failed_windows_platform

London Stock Exchange dumps Windows for Linux
http://www.linuxtoday.com/high_performance/2009100702835NWDPSV

The London Stock Exchange moves to Novell Linux
http://www.zdnet.com/blog/open-source/the-london-stock-exchange-moves-to-novell-linux/8285

maybe they learned their lesson now

Possibly, but it could also have something to do with Oracle's announcement that Java will be getting regular updates on a two year schedule. Maybe he's just assuming it's going to take a major iteration - from the v8.x series due in September to the next release, v9.x to completely fix this class of flaws.

This appears to be a step taken to placate a nervous Congress, rather in response to any detected security issues.

But there *are* glaring security issues, with at least some of their products.

https://www.computerworld.com/s/article/9229785/Hackers_reveal_critical_vulnerabilities_in_Huawei_routers_at_Defcon

The majority may not but it's not unheard of that developers slip up and make their secret keys public.

'The bad guys are getting worse,' says Howard. 'Antivirus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.'"

Run your OS off a read-only USB device ... link

"Australian company Cybersource says it's currently talking to two domestic banks about providing Linux-based bootable CDs to consumers to ensure Internet banking security". link

"Accessing online banking from your home PC is unsafe, says CIO of CNL Bank", link link

A question like yours could be easily answered by a visit to Google.

How about strait from Ciscos documentation?
http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/ht_ssi.html

Microsoft Denys they put a backdoor into Windows, but the NSA worked directly with them on development of every OS since XP:
http://www.computerworld.com/s/article/9141105/NSA_helped_with_Windows_7_development
The NSA doesn't generally help private companies with their products, and Microsoft doesn't generally take advice from their customers on their design. I doubt that whatever the NSA was really doing to help with the product was anything we'd consider good.

Just because you haven't seen one doesn't mean they aren't prevalent.

If you(and others here) really want to educate yourself instead of spreading karmawhoring FUD, please read on.

Here are some references about boot malware which UEFI secure boot will prevent.

http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection [chmag.in]

http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/ [theregister.co.uk]

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft [computerworld.com]

I recommend reading atleast the first link.

Here's one juicy bit:

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original dataThe bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection.

Another bit:

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products

The OEMs offered to add Red Hat and Ubuntu etc.'s keys but they refused since they didn't want to have an exclusive solution and neither did they want to be in the position of signing keys. If the Linux foundation stepped up, the OEMs will gladly add their master key to U

Well nearly

http://blogs.computerworld.com/17345/forget_samsungs_tab_run_android_on_your_ipad

Though you are right, but so far every iPad and the majority of Android tablets have had poor implementations of locked down bootloaders which can be worked around.

Here's a list of devices that either have or will get Jelly Bean.

Also, this page shows a (fairly complete, though I hesitate to say "complete" for the fact that there's almost certainly at least one Android phone/tablet not mentioned on it that exists somewhere...) list of Android devices, including what version they run. It contains 41 mentions of 4.1 and 11 mentions of 4.2.

First off do not tell 90% of corps who standardize on IE 6, 7, and 8 to go hell! Google docs is absolutely useless. Not even IE 8 which is the defecto standard for every single Intranet app in existence. I could see dropping IE 6 (that itself will cost business). Corps must use IE only as it is the only one with group policy, active directory, mass deployment, and a slow release cycle. Before the IE haters mod me down, ask yourselves why aren't you writing extensions to Firefox and Chrome for these features?

Defecto standard? Ain't that the truth. IE9 and lower are now legacy. IE7 is declining in use and is increasingly not worth supporting for many companies. Facebook dropped support for it in 2011. As of November Google dropped support for IE8. Supporting IE8 does have its merits but its now 2 versions behind the current offering, not to mention the partial CSS 2.1 support.

Also GoogleDocs is a glorified wordpad in functionality but with sharing. ...Office 365 has more features, integrates with the MS ecosystem, and supports older versions of IE where upgrading is out of the question and would cost more than savings with free Google Docs.

The internet is just a glorified PC experience with sharing. Microsoft missed the bus once before.

Google needs to:

So they can be just like MS? How is MS strategy working now: their browsers are behind the curve in many respects. Behind the curve is becoming Microsoft's strong suit in many areas. This is valid criticism, not to discount their innovation in other areas (Kinect, Metro, C# etc.)

Support ancient versions of IE.

Why not just have them use a LTS version of Firefox since it supports AD? IE for the shit apps, FF for everything else. If you want legacy software support, you pay for it like everyone else, and looks like the price is increasing. With IE its a pity these proprietary browsers have such shite standards support, maybe if these companies didn't paint themselves into a corner with brittle applications, developed most likely by the lowest bidder (it's low cost for a reason), they'd not be in the boat they're in now. I think it's time to change the mantra 'Nobody was fired for picking a Microsoft solution' since its the managers who are ultimately responsible for these shit sandwich mission critical systems with no exit strategy which have the company by the balls. If you are incompetent enough to be unable to upgrade the views to a system, you're doing it wrong. If it's a boondoggle then have the heads of those responsible, otherwise you will not encourage change, nothing is a motivator like self preservation.

Ancient software is typically bad idea. Old browsers need to go away for one simple reason: they're security nightmares.

With $500,000 worth of ancient apps that browser is not going away!

Support is dwindling. Vacuum tubes still exist after all...

XP users are stuck at IE 8 not to mention IE 8 is targeted for WIndows 7 users as well as it is the universal browser that works with both operating systems.

XP users are overdue for an upgrade, they're 3 versions behind now. I'd say Firefox is arguably the universal desktop browser since it runs on most platforms. A good lesson out of the last decade is standards, screw the 'one true platform.'

You can argue technical facts until you are blue in the face. If it is a cost it wont get adopted PERIOD! It works fine, it is what the PHB bet his reputation on that he feels you are ruining on these apps, workers hate change, it is not sox or

First off do not tell 90% of corps who standardize on IE 6, 7, and 8 to go hell! Google docs is absolutely useless. Not even IE 8 which is the defecto standard for every single Intranet app in existence. I could see dropping IE 6 (that itself will cost business). Corps must use IE only as it is the only one with group policy, active directory, mass deployment, and a slow release cycle. Before the IE haters mod me down, ask yourselves why aren't you writing extensions to Firefox and Chrome for these features?

Defecto standard? Ain't that the truth. IE9 and lower are now legacy. IE7 is declining in use and is increasingly not worth supporting for many companies. Facebook dropped support for it in 2011. As of November Google dropped support for IE8. Supporting IE8 does have its merits but its now 2 versions behind the current offering, not to mention the partial CSS 2.1 support.

Also GoogleDocs is a glorified wordpad in functionality but with sharing. ...Office 365 has more features, integrates with the MS ecosystem, and supports older versions of IE where upgrading is out of the question and would cost more than savings with free Google Docs.

The internet is just a glorified PC experience with sharing. Microsoft missed the bus once before.

Google needs to:

So they can be just like MS? How is MS strategy working now: their browsers are behind the curve in many respects. Behind the curve is becoming Microsoft's strong suit in many areas. This is valid criticism, not to discount their innovation in other areas (Kinect, Metro, C# etc.)

Support ancient versions of IE.

Why not just have them use a LTS version of Firefox since it supports AD? IE for the shit apps, FF for everything else. If you want legacy software support, you pay for it like everyone else, and looks like the price is increasing. With IE its a pity these proprietary browsers have such shite standards support, maybe if these companies didn't paint themselves into a corner with brittle applications, developed most likely by the lowest bidder (it's low cost for a reason), they'd not be in the boat they're in now. I think it's time to change the mantra 'Nobody was fired for picking a Microsoft solution' since its the managers who are ultimately responsible for these shit sandwich mission critical systems with no exit strategy which have the company by the balls. If you are incompetent enough to be unable to upgrade the views to a system, you're doing it wrong. If it's a boondoggle then have the heads of those responsible, otherwise you will not encourage change, nothing is a motivator like self preservation.

Ancient software is typically bad idea. Old browsers need to go away for one simple reason: they're security nightmares.

With $500,000 worth of ancient apps that browser is not going away!

Support is dwindling. Vacuum tubes still exist after all...

XP users are stuck at IE 8 not to mention IE 8 is targeted for WIndows 7 users as well as it is the universal browser that works with both operating systems.

XP users are overdue for an upgrade, they're 3 versions behind now. I'd say Firefox is arguably the universal desktop browser since it runs on most platforms. A good lesson out of the last decade is standards, screw the 'one true platform.'

There's a problem with their printers as well

http://www.computerworld.com/s/article/9234079/Samsung_printers_contain_hardcoded_backdoor_account_US_CERT_warns

I'm feeling nice today. Here ya go: http://www.huffingtonpost.com/2011/05/24/internet-industrial-revolution-gdp-mckinsey-study_n_866167.html
Here is a second: http://www.computerworld.com/s/article/9134231/Study_Internet_economy_has_created_1.2M_jobs

And if you don't feel like reading it, or it's behind a paywall, here's the part you want:

In "mature" countries--which excludes India, China, Brazil and Russia--the Internet accounts for 21 percent growth. Though it has eliminated 500,000 jobs, it has created 1.2 million new jobs, meaning that 2.4 jobs were created for each job lost.

Fact: Microsoft is selling exponentially more licenses with Windows 8 than it did with Windows 7.

Huh? Microsoft themselves has already admitted that Windows 8 sales are at nearly the EXACT same pace as Windows 7 sales.

Okay... How about actual web usage: http://www.zdnet.com/statcounter-windows-8-license-sales-not-yet-translating-into-usage-7000008148/

Even though Microsoft sold as many licenses of Windows 8 as they did of Windows 7, Windows 7 saw much higher actual usage after one month on the market compared to Windows 8 after one month on the market. Windows 7 made up 4.93% of internet users 1 month after launch compared to Windows 8's 1.31% 1 month after launch. That paints a pretty bleak picture of actual Windows 8 usage. Even Windows Vista managed to get nearly 2% of web browser share after the first month.

So lets assume that both statistics are correct. Microsoft sold 40 million licenses of Windows 8, the same as Windows 7 for the same time period AND Windows 8's web usage 1 month after launch is only 27% of Windows 7's web usage 1 month after launch. Let's add in a few more facts, like NewEgg saying that windows 8 sales are slow and that sales of Windows devices are down 21% from last year since the launch of Windows 8. Based on these facts, we can extrapolate a story.

The story I extrapolated is this: Microsoft sold 40 million licenses of Windows 8 in several ways: 1) end users taking advantage of the cheap $40 upgrade option that has never been offered before, 2) the volume license sales of Windows that are now Windows 8 licenses that are almost ALL being downgraded to Windows 7 because Microsoft no longer sells Windows 7 licenses, and 3) a whole TON of licenses to OEMs so they could get the initial supply of Windows 8 devices in to sales channels for launch.

So lets go over these sales paths:

1) The end user upgrades are legitimate sales of Windows 8. However, I would expect these numbers to be much higher than the initial Windows 7 upgrade sales simply because of the huge discount that didn't exist for the Windows 7 launch. The $40 upgrade price is either a 60% or 80% discount depending on whether you would buy the home or professional edition. I would expect to see a small rush of people buying to take advantage of the lower price...even over the normal PC enthusiast sales of people who must have the latest-and-greatest. The $40 upgrade option would also explain why direct to consumer upgrades of Windows 8 are selling at a faster pace than Windows 7 did. When you give a very hefty discount to pretty much everyone, people are going to jump on the deal.

2) volume license sales: Business need Windows licenses and you can only buy Windows 8 now. So even though the business is installing Windows 7 with those Windows 8 licenses, they are still being counted as a "Windows 8 sale". These are licenses Microsoft would've sold whether Windows 8 was released or not. Also, i'd be curious to know whether Microsoft is including any previous Windows 7 licenses with Software Assurance as a "Windows 8 sale" as well.

3) OEM sales: This is where I bet Microsoft sold the bulk of their Windows 8 licenses. OEMs had to buy their initial set of licenses to cover their initial stock of Windows 8 devices being shipped to sales channels. World wide PC sales for 2012 are expected to be around 350 million units...or about 30 million PCs per month. I would also expect the sales numbers t

and all you'll be left with is your conspiracy theories.

You mean Information Week's conspiracy theories. I just copy/pasted.

Here's SMH's conspiracy theory:

Windows 8 sales in Australia and overseas are below expectations, with one US expert describing its user interface as "a monster that terrorises poor office workers and strangles their productivity".

http://www.smh.com.au/digital-life/computers/windows-8-sales-flounder-as-critics-pan-clumsy-interface-20121126-2a2d0.html#ixzz2Drq6iNt7/

The Register's conspiracy theory:

Reports that Windows 8 hasn't been moving as briskly as the industry had hoped continue to emerge, with major retailers reporting slow sales and Microsoft insiders allegedly describing the initial numbers as "disappointing."

http://www.theregister.co.uk/2012/11/19/retailers_report_slow_win8_sales/

Reuters conspiracy theory:

Consumer sales of Windows-powered personal computers fell 21 percent overall last month, figures released by a leading retail research firm showed on Thursday, indicating a lackluster debut for Microsoft Corp's Windows 8 operating system.

http://www.reuters.com/article/2012/11/29/us-microsoft-windows-idUSBRE8AS12Y20121129

ComputerWorld's conspiracy theory:

Microsoft has been touting its claim of 40 million Windows 8 licenses sold as evidence of a booming launch. But analysts and Asian PC makers beg to disagree, and say sales of the new operating system have been sluggish.

http://blogs.computerworld.com/windows/21410/windows-8-sales-are-sluggish-not-booming-say-analysts-and-asian-pc-makers

Looks like the whole damn world's in on it!

This is an unrealistic attack and to present it as plausible and likely is laughable, since more mundane and common attacks are far more likely to be an actual problem. It's like recommending that I go outside every day with a hardhat to avoid falling meteors when the actual threat to my safety is people speeding through the neighborhood and not stopping at stop signs as I attempt to cross the street

You don't seem know much about malware and how it works. Here are some references about boot malware which UEFI secure boot can prevent.

http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection

http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft

I recommend reading atleast the first link.

Here's one juicy bit:

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original data.

The bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection.

Another bit:

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products.

As a result of the Pi using it, the BCM2835 is now the only ARM System-on-a-Chip that has functional, open source drivers, that were provided by the vendor and not produced by reverse engineering.

This represents something of a sea-change in thinking for Broadcom, who have a reputation for poor Linux support.

Microsoft Windows SQL virus takes down SPDS safety system in Nuclear power plant

Blaster worm linked to severity of blackout

Engineers Befuddled by Blackout

Yes, quite often. The most annoying offenders pop up the full screen shit saying in big scary letters that you have a virus and that bad things are going to happen if you don't clean it (install their program). These tend to reopen themselves again and again unless you kill the browser off. The worst offenders target Flash exploits to auto-install their payload.

These kinds of attack have hit almost every big site. Sometimes it makes major news stories.

https://www.computerworld.com/s/article/9200899/Google_Microsoft_ad_networks_briefly_hit_with_malware

It's fine for small projects and it can, with difficulty, be scaled up for large ones (there are real-world examples aplenty), but if you are designing a big project from the ground up, ASP.NET might be a reasonable choice.

While I know it wasn't all ASP.net are we talking London Stock Exchange big? There are some additional hidden costs when using a Microsoft tool chain such as SQL Server license(s) and Windows Server license(s). If you're designing a big project this is where Java shines (I'm not a Java guy either). At the end of the day they're tools to get the job done and infrastructure considerations are part of the project.