Slashdot Mirror

... as well as secure too -> http://www.bing.com/search?q=%...

* :)

How? Easy as it gets & exists for *NIX variants too: It uses a HIGHLY ESTEEMED tool http://www.computerworld.com/s... [computerworld.com]

(Whose makers have taken a few of MY suggestions to improve it no less)

CIS Tool actually makes it "fun" to do (in a nerdy kind of way) - almost like a performance benchmark software does, albeit, for security instead!

It works!

My uptime, until as of a couple weeks ago, was since 2009 when I first installed Windows 7 64-bit (after the above though, of course) circa 2009 - 2014.

APK

P.S.=> Nothing but the truth, & yes - it works. Any modern OS has facilities for making it "security-hardened" in minutes time really... & any of them are NOT nearly setup that way, outta the box/oem-stock...

... apk

Since it's MOST used worldwide on PC's & Servers combined: A good read (by "yours truly" that actually got me PAID for it no less - "the Lord works in mysterious ways") -> http://www.bing.com/search?q=%...

* It uses a HIGHLY ESTEEMED tool http://www.computerworld.com/s...

(Whose makers have taken a few of MY suggestions to improve it no less)

CIS Tool actually makes it "fun" to do (in a nerdy kind of way) - almost like a performance benchmark software does, albeit, for security instead!

It works!

APK

P.S.=> CIS Tool is also MULTI-PLATFORM capable (not just for Windows users, but also *NIX variants of many kinds as well)...

... apk

Getting to the point? We're there. We passed that threshold a while ago.

Correct. However, what many fail to realize is that in the 70's we didn't need to pay the educational extortion racket for permission to get work. The computing explosion was exploited to force the majority of the populace to seek degrees, but elementary school kids now have mastery of required technologies. The tools are more high-tech but the interface is even simpler than ever, certainly things that could be learned in on-the-job training.

The folks bitching about not being able to afford degrees are fools just now feeling the effects of an education bubble about to burst. The tech that created the education bubble has brought ">advances that made degrees obsolete. You can always tell a bubble by the final pump and dump of ramped up attempts to cash in on overly optimistic valuation. You are now aware that degree mills exist...

The requirement for college accreditation has always been a method for discrimination against the poor who would otherwise self-educate. More stringent degree requirements are a means by which corporations can drive down wages and get more government approved H1B visas and outsourcing. In reality, requiring employees to have a final exams is foolish since it doesn't actually prove they know anything at all -- That's why your boss is likely a moron. Entrance exams would instead suffice to prove applicants had the required knowledge and skills, without requiring they be saddled with debts by the educational gatekeepers of employment -- It doesn't matter how you learned what you know. Promoting to management from within makes cost cutting improvements in ability to predict and not make unrealistic expectations upon the workers, it also gives upward mobility to aging experienced workers instead of considering them dead at 40 (family raising age).

We're already on our way of getting to the point where you cannot recover your college fees during the rest of your working years.

Negative, debt levels have long since passed that point, and owing a debt to the careers you enter has always been unacceptable in the first place. College as anything more than elective learning college is just shifting around the Company Store by leveraging "intellectual property." We need college degrees less now that in the 70's. ::POP::

If you're going to bring politics into a conversation, at least get it right. It's the Democrats that have been pushing the big H-1B increased. e.g. http://www.computerworld.com/s/article/9242917/House_Democrats_push_ahead_on_immigration_H_1B/

I suspect this is because the Democrats get most of the tech (Google, Microsoft, etc.) donations. But just because you're socially liberally (presumably, given your post and bias) doesn't mean you have to believe the Democrats never do wrong. Everybody does wrong at times.

Actually, given that the top companies for H1Bs are offshoring firms, it may be a little of column A and a little of column B -- i.e., offshoring and using H1Bs to help the offshoring, or split time between countries.

http://www.computerworld.com/s...

More an educated guess than observation. here is something to read... http://www.computerworld.com/s...

Try read this for more info .... http://www.computerworld.com/s...

There are companies that sell vulnerabilities to anybody with deep enough pockets. They're looking at software constantly to find exploits and I wouldn't be surprised if open source wasn't on the menu for them as well. I think open source does lead to quicker fixes once they're discovered by white hats out there unlike closed source models where a company has a vested interest in not disclosing exposures while either muddling through a fix. Case in point, the fact that Oracle knew about the zero day vulnerabilities in Java for months before addressing them. The problem is that businesses and developers seem to shrug that off rather than saying it's not acceptable and other companies just follow the same pattern. In the case of Oracle it didn't hurt them much at all and validates their lousy business practice on addressing vulnerabilities. Just looking now, in early summer 2012 when the news hit, their stock sank to $25.61/share and it just hit $42 on 4/2. So in under two years that's an almost 64% increase in their stock price.

Companies will likely be influenced by economics decisions when displaying who Crimea belongs to. The same thing happened to Taiwan -- you see it on a map in China and it's part of China; http://www.computerworld.com/s...

You are apparently not aware of what the media has said about Microsoft. From my article:

The cover of the January 16, 2013 issue of BusinessWeek magazine has a large photo of Microsoft CEO Steve Ballmer with the headline calling him "Monkey Boy". See the cover by scrolling down in the article Microsoft sued for misrepresentation. The BusinessWeek cover says "No More" and "Mr.", but that doesn't take much away from the fact that the magazine called him Monkey Boy -- on its cover.

In my years of following such things I have never seen such disrespect of a CEO. Of course, whoever wrote the cover headline was merely repeating a common phrase applied to Steve Ballmer by people in the computer industry.

Worst CEO: Quote from an article in Forbes Magazine about Steve Ballmer: "Without a doubt, Mr. Ballmer is the worst CEO of a large publicly traded American company today."

Another quote: "The reach of his bad leadership has extended far beyond Microsoft when it comes to destroying shareholder value -- and jobs." (May 12, 2012)

Fired for temper tantrums: In my opinion, there is something that is necessary to understand about the Microsoft Windows 8 operating system. It is a typical attempt of Microsoft to make more money by releasing software that is not finished. But even for a company that intends to be abusive, releasing it was an example of extreme incompetence. News stories say that Steve Ballmer was fired because of severely incompetent behavior that lasted many years. For example, see the article Steve Ballmer's temper tantrum over Nokia buyout led to his firing, says report. (March 5, 2014)

No, we sold that one to the Chinese.

Already do a Ramdisk on my mac (minecraft server, can't grief a server that only exists in Ramdisk!) and have a few VMs. I still have 8-10 GB sitting idle and have for years. My money would have better served going with 8 GB and upgrading if absolutely necessary.

P.S. I carefully phrased my response just to avoid the 640k troll. The 640k statement was an absolute, for all time. I put a specific limit on mine, not to mention im speaking from direct experience. Also, your quote is probably apocryphal.

http://www.computerworld.com/s...

You would do well to just forget the phrase entirely.

Why? Because while my company does do business in the US, I despise US workers - who are generally a bunch of self-important, entitled brats who think they are God's gift to development. The worst part? They are simply lazy. My God are Americans lazy. Show up at 8:45... leave at 4:15... hour and half lunch.. sitting around surfing the Internet all day while finding a few minutes here and there to do some work in between facebook posts.

Is that you, Vineet Nayar? Racial prejudice against Westerners is OK, is it?

You go around telling the executives of big businesses that their staff are lazy, spoilt, expensive and unproductive and that you have a magic silver bullet to cure the problem: hoards of young, enthusiastic (naieve and exploitable hungry and poor) Indians with fantastic educations willing to do the work for a fifth of the cost of the Western staff! And it's all under the world's most modern management! They're empowered!

How could it possibly fail?

Because it's only half true. They may be young, hungry and ambitious, dazzled by Western corporate brands and desperate to make an impression but they are straight out of college, have no experience, are learning everything from scratch, posted to a foreign country on meager living expenses away from their families for months at a time. They are expected to acquire institutional and professional knowledge from large teams of mature professional engineers in a handful of weeks and to be productive straight away.

Every corner is cut. Design? No. Testing? No. Compiling code? No (you really have to experience this to believe it). Unit tests? Why bother, we are super-Indians and never make mistakes like you stupid fat, lazy westerners... And that would take time.... Documentation? No. Listening to instructions? No (just smile and nod and ignore).

And the company has no interest in delivering more "value" than the bare minimum to maximise its profit and future income stream.

And we're starting work on a similar project for one of your major competitors. No, of course none of the knowledge we gained from your project will be used in your competitor's project...We promise. We are professional and world-class.

Here's a source that says 6 out of every 10 ATMs is running a version of XP of which support will end coming April: http://www.computerworld.com/s...

In the UK, at least the nation's top 5 banks are paying Microsoft extra fees in order to keep supporting their soon-to-be-obsolete ATMs: http://www.digitaltrends.com/c...

This wouldn't be happening if the machines in question would be running the embedded version of XP, now would it?

"What severance package?"

$14 million, apparently. See this WSJ article: Symantec Fires CEO Steve Bennett. How will he live? Should we donate some money to keep him off the street?

Have you called Symantec in the last 2 years? Or gotten emails from Symantec support? My experience was that everyone with whom I talked was amazingly disfunctional. That's what the Symantec CEO meant when he said, "Our system is just broken".

Symantec has contracts with the U.S. government. People in the U.S. government don't seem to me to understand much about the technology. I'm guessing the contracts are a waste of tax money.

EnterpriseDB is an important part of PostgreSQL development with several contributors, but they still work within the larger development community of contributors. There are other companies with just as many contributors, with one example being how 2ndQuadrant is adding logical replication features.

One way you can tell if an open source project has a real community is whether the project would go on even if the largest company contributing code disappeared. Linux would survive RedHat disappearing, and PostgreSQL would certainly survive EDB going out of business. That's not even a theoretical question, because the PostgreSQL community is informed by having seen it happen once already. A company named Great Bridge hired a good percentage of the PostgreSQL community once, and then failed after running out of VC cash.

Nope, I read it but I don't believe that's what was stated. Walton's ruling indicated that metadata over five years should be destroyed. What myself and the rest of the country is waiting for is an actual SCOTUS ruling on how this Mickey Mouse FISA court system is operating outside of normal judicial review since the Chief Justice appears to be the only oversight.

As of Monday:

In his order, Walton denied the government motion to allow the holding of data beyond five years but "without prejudice," which gives the government the option to file another motion on the issue in the light of additional facts or legal analysis.

Now if the Government was quick about it, data could have already been destroyed prior to the effect of the TRO.

Most data that people have on their hard drives can be readily re-obtained via BitTorrent or in other ways. The simple and probably best strategy is to figure out the 500 GB or less that is actually irreplaceable, and make several copies of that. I have three or more copies of my most important data.

Or, looking at the problem another way, 4 TB hard drives are selling for $160 right now including shipping. A complete insurance policy would cost $800 plus your time. What I would have done if I just had to save everything would be to simply copy all of the data in 4 TB hunks, and put each hard drive one by one into a fireproof safe, or in a safe-deposit box at the bank. A second RAID would be complete overkill, unless time to recovery is of the essence or the data churn rate is high. More than 90% of my data simply accretes over the years, and I'm sure that is true for most people.

$800 is a small price to pay for your data. I seem to recall that it cost a company I worked for over $1,000 to recover a 9 GB IBM hard drive that failed about 15 years ago.

According to this article, Seagate is promising 20 TB hard drives by 2020:

http://www.computerworld.com/s...

Why should one private company have the right to unilaterally declare this kind of planned obsolescence?

Because they made it?

You and the other responses to JDG1980 have missed the point.

Electrolux made my vacuum cleaner, but once I bought it they have no right to it. I can buy my vacuum bags and filters from Electrolux, or I can get clones of them from other manufacturers. With advances in 3D printing, I may even be able to replace parts of the machine itself without involving Electrolux.

It's not so with "intellectual property." I can't simply hire somebody else to support my Windows XP when Microsoft chooses not to. I have to get it from Microsoft itself, and Microsoft charges punitive rates to support Windows XP. You can't actually buy Windows. What you buy is a license to use Windows, with all the contractual limitations that Microsoft can apply.

This is a violation of intuitive, common sense concepts of buying. I have software, I should be able to give my friend a copy of it. Microsoft says each person will individually pay Microsoft for it. The conflict goes back all the way to the beginning of Microsoft, when people shared copies of Microsoft BASIC with each other. Bill Gates disapproved.

The disastrous end of Windows XP just proves that free software is the only long-term practical software.

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

What do you mean? The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered. Ever wonder how many bug go completely unnoticed in proprietary software because no one actually reads said code? Like for example a Windows bug affecting all 32 bit Windows OS's for 17 years: http://www.computerworld.com/s....

Um no, code review didn't find this - at least not the people that are supposed to. The bad guys apparently found and have been using this bug for quite some time. So obviously the black hats are more motivated to review the code than the white hats.

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

What do you mean? The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered. Ever wonder how many bug go completely unnoticed in proprietary software because no one actually reads said code? Like for example a Windows bug affecting all 32 bit Windows OS's for 17 years: http://www.computerworld.com/s....

Just like the singularity it seems that improved battery tech is always about 5-10 years down the road.

Pretty much true.

I've had laptops that ran on Lead Acid batteries, followed by ones that run on NiCad, and Lithium, then Li-Poly.
Seems like they were all about 5 to 10 years apart.
Seems like each time, we knew the new tech would arrive about 5 years in the future.

We are doomed to always be in this cycle, of using the best tech we have while waiting for rumored better tech form the future.

We even develop government programs to ensure that this perpetual waiting game remains perpetual.

We've all gotten used to it.
You'll be happier when you do.

What is a spectacular crash in software? ... Software just doesn't fail that catastrophically

Wut.

Oh yes it does. If you don't realise that Internet security is already a catastrophe then I just don't... you really really need to get out more.

We're living through the biggest security and privacy disaster in the Internet's short history. We don't yet understand the full dimensions of the damage, but we understand this: it was almost entirely preventable. Inexcusably shoddy software workmanship, defended with exactly the argument you're making, is what caused this.

We won't progress as an industry until we learn the meaning of "first do no harm". First, deploy no root exploits to your customers. Then we can talk about efficiency, productivity, market forces, and what colour the fifth pixel from the left on the splash screen should be.

The phrase this brings to mind is "race to the bottom".

"Hey, our tech support and warranty policies don't have to be any better than the other guys'."

And the entire marketplace becomes a refuse-strewn wasteland littered with engineered-obsolescence hardware and unmaintainable firmware, populated by a few "privateering" souls who'll offer cheap contracted support by bootlegging patches and updates. (At least, until they get captured and hanged.)

Dear God, I hate what the enterprise channel has become. I'm glad I'm not a sysadmin or system manager now.

About the only bright spot is that there's much less rape and pillage in the Linux server space, if you can live with fairly vanilla commodity hardware or self-support for your chosen OS install.

Yeah looks like Surface is going to crush the ipad any moment now: Microsoft lost money on each Surface sold last quarter.

Name one thing the IEEE has actually done to protect electrical engineering jobs.

The only thing the IEEE does is print a magazine and beg for EEs to renew their memberships, and also push for more engineers to be imported to help keep wages low for the corporations who run the IEEE.

All software ends up a bloated pile of cr@p eventually
UNLESS
You have policies in place to prevent it (like code reviews) as well as no quick fix's, rush jobs, or hacks.....
Yeah right! Never worked in a company like that Ever!
Maybe the guys who get to code stuff like satellites and Mars rovers get the luxury of time to get things right/perfect

Nevermind did a quick google.
Bug 1
Bug 2

July 2011 It also states that SL is suspected to have reached EOL as of Sep 2013, based on patch release history.

I'm still using mine from 2008. An upgrade isn't even on my radar.

This may come as a surprise to you, but your single anecdote only matters to you, and is quite irrelevant to the real world.

In Another Bad Sign For Microsoft, HP Aims Its New Android PC At The Enterprise

http://www.businessinsider.com.au/hp-has-a-new-android-pc-for-businesses-2014-1

The enterprise case for Android desktops

http://www.citeworld.com/development/22850/android-desktops-enterprise

Six reasons why Android PCs can be disruptive

http://www.zdnet.com/six-reasons-why-android-pcs-can-be-disruptive-7000024845/

And most importantly, Preston Gralla's opinion:

Why Android PCs are doomed to fail

http://blogs.computerworld.com/pcs/23379/why-android-pcs-are-doomed-fail

Of course, Dice's Slashdot refuses to discuss stories about Android PCs because their sponsors don't want them to.

No shit.

(...wait, let me guess - they'll want to move the whole damned thing to an IIS platform too, right?)

So far, this hasn't seemed to have happened, but if it does become public, there will be a backlash, especially OnStar which has the ability to track and disable cars in realtime [1].

Ahem. Just a few links that spring to mind. You can easily find others.

TomTom sorry for selling driver data to police

“Government Motors” To Track Drivers With OnStar, Sell Data to Police

OnStar Tracks Your Car Even When You Cancel Service

Busted! Your car's black box is spying, may be used against you in court

And for those too lazy to copy & paste it, here's the link.

Personally, I think it's spot-on, but I don't necessarily think that non-technical managers are a problem. If they know what their deficiencies are, and are willing to ask for help at the appropriate time, they might be just fine.

But I've also had 'technical' managers who were from different fields -- one only dealt with mainframes, and when our departments got merged, didn't understand that the unix team oversaw dozens of machines per person and didn't just have a single task; his boss wouldn't bother showing up to meetings and read the white boards afterwards and would report on that to upper management (with the boards sometimes being the 'no, that won't work, I'll show you why after the meeting' diagrams). He also didn't understand why a 35k user mail system change (spread across 15 hosts) wan't just insert a disk and double click. With the two of them together, they'd do things like plan a power outage to service the machine room UPS and not bother telling the sysadmins until the week before, so we had a mad scramble to coordinate between groups on what order the 200+ systems had to come down and back up.

I currently have more than one manager, because I'm a contractor ... my boss (who assigns the tasks) has enough IT skills to be dangerous, but he delegates to the rest of us for the most part, so it's not a big deal; my manager deals with the contracting company's HR / corporate headaches. Both come from the sciences; neither one's business-school trained, but they're not IT, either. I actually think it's better than having washed up IT people in management jobs, who think they know what they're doing. (eg, insisting on specific hardware configurations, but not realizing that the process is single threaded so they would've been better off buying more 2-cpu boxes rather than the beefier ones they got some great deal on)

TFA itself links to a better FA at: http://www.computerworld.com/s/article/9244953/Microsoft_to_face_computer_makers_rebellion_at_CES

This original source article includes a discussion of the architecture involved - and the person they interviewed admits he hasn't seen it in action, and has no idea how it works. He suggests it could be one of three approaches - dual boot, an Android API within Windows (somewhat akin to Bluestacks), or a VM running within Windows. I would add a fourth - a hypervisor, permitting both OSes to run concurrently as VMs - though that seems unlikely, as it would require the OEMs to license Windows differently, as I understand it.

Interesting times. I agree with the commenters who say MS should be afraid of this - Google has taken its sweet time maturing Android into a desktop-supporting experience, but it's close, and "Android PCs" are already in the pipeline to take advantage of it. Any familiarization for the "unwashed masses" with what it feels like to simply run Android as your laptop/desktop OS has to be viewed by MS as, well, "crossing the streams" bad.

http://www.computerworld.com/s/article/9142383/Game_over_for_Mac_clone_maker_Psystar

Only a complete and utter moron would buy from them after this.

Remember how the RSA SecureID authentication system was hacked?

Now, the way you do these tokens is to have a counter or timer inside them that's synchronized with an external system. You simply encrypt the counter and that's your verifiable ID code. The server can authenticate a couple counts in the past or present to give a wider window, and updates if drift is detected to stay in sych.

There's a concept in security called "single point of failure" that all competent security researchers are aware of and attempt to avoid, but RSA didn't. They didn't let you seed your own SecureIDs. Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim. Additionally, RSA can grant access to other people, say the NSA, by seeding a SecureID with a duplicate of yours. Furthermore, if RSA is compromised then everyone who uses SecureID is at risk, they've made themselves a single point of failure.

A better approach is to allow businesses to seed your security cards yourself, and run your own servers. This way there's no single point of failure for the entire card system -- Compromise one business doesn't leak to others. You don't have to rely on external servers for validation so even if all external lines are cut, your intranet can still validate cards. And you don't have to worry about the NSA compromising the folks you bought the cards from after you purchased them -- Only your systems know the authentication codes -- The crackers have to crack your database.

It wasn't surprising to me that RSA would get compromised because they were the single point of failure, it was only a matter of time (if not pre-compromised from inception). It wasn't surprising at all when defense related companies like Lockheed Martin and L-3 Communications were compromised thanks to RSA's SecureID breech.

Now, given the ineptitude you'd have to have as a team of premier security researchers to screw the pooch this badly in the design of your security product, and given how asinine it would be to select the absolute worst and slowest random number generator as the default for your BSafe security product, knowing you have many embedded platform use-cases, and given that it was known well in advance that trusting the PRNG was ill advised... Then considering Snowden leaks info explaining that the NSA was paying RSA to botch and weaken their security systems. Yeah, that makes perfect sense.

Given a gag order I'd understand RSA keeping quiet on this. If they cared about security of their customers then at that point we'd see RSA engineering a completely new line of security products with a goal to put our minds at ease, and inexplicably discontinue their past offerings. However, since they opened their fool mouths and claimed not to be screwing up everything on purpose... At least if they were forced to mess things up this bad I could understand, and once the spying apparatus has been dismantled I'd consider RSA still viable. However, if the NSA wasn't paying RSA to botch their security systems, then they can never be trusted again.

I use YubiKey instead. I can run my own server, install my own codes in the tokens, or let yubico do it if the application doesn't require such security. The protocol and server source code is open. I hear Google's partnering with them too.

Sad, really. Now anything RSA has touched I'm distancing myself from.

https://www.computerworld.com/s/article/9237869/Nokia_uses_patents_to_block_Google_VP8_video_codec

"Greenspan provided a list of reasons for increasing competition in the skilled labor force. In particular, he said it would help fix a problem -- the housing bubble -- that grew during his tenure as Fed chair, a position he held from 1987 to 2006."

This has always been about manipulating the labor market for the benefit of people like Gates and Zuckerberg.

I trust Microsoft, but for reasons that you overlooked. I trust that they'll continuously change their products in a way that requires everyone that runs a business, that uses computers, to have an IT guy. That's me trusting that I'll always have a work load, being self employed.

But yeah, if you trust that Microsoft will 'help' you 'stay silent' from the NSA, then you should read this. Because in reality, the NSA 'helped' Microsoft build Windows 7.

Pasted from one of my earlier comments:

Here are some references about boot malware which UEFI secure boot can prevent.

http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection

http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft

I recommend reading atleast the first link.

Here's one juicy bit:

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original data.

The bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection.

Another bit:

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products.

http://www.theguardian.com/technology/2013/nov/26/microsoft-kill-windows-rt-larson-green

http://www.telegraph.co.uk/technology/microsoft/10477811/Microsoft-appears-set-to-abandon-Windows-RT.html

http://www.zdnet.com/microsoft-is-hammering-the-final-nails-into-windows-rts-coffin-7000023641/

http://www.timeslive.co.za/scitech/2013/11/28/microsoft-windows-rt-faces-the-chop

http://blogs.computerworld.com/windows/23194/microsoft-confirms-windows-rt-will-die

You may find this related article amusing. Also, the relevant part of the YouTube video: http://blogs.computerworld.com/windows/23205/tech-guy-explains-windows-tablets

There is no "shortfall" of coders.

This begs the question, "How would we measure a shortfall anyway?" You can almost always get an employee with the skills you want if there is no limit to what you're willing to offer in terms of compensation. So, "They could hire as many as they want if they just paid more," isn't a good counter-argument to the claim that there's a "shortfall". Instead, we might look at the change in cost to (over time) to hire someone of a certain caliber, as compared to some other labor cost point of reference. One approach might be to look at the ratio of the average starting salary of C.S./E.E./Math 4-year degree recipients (i.e. graduates likely to be qualified for coding positions) to the average starting salary of recipients of 4-year degrees in other fields. If the ratio is increasing over time then that may indicates these graduates are becoming more scarce. Were the supply keeping up with demand for STEM graduates we might expect the ratio to stay roughly constant. I don't have stats handy, but my suspicion is that the ratio has increased over time.

Ones they can lay off at any time.

Ones that can quite and move on to greener pastures at any time, leaving their former employer in the lurch. It's a two-way street.

Women went into IT in the late 1990s, when it looked like a good career choice.

In fact the peak percentage of C.S. degrees awarded to women (which is arguably a reasonable proxy for "women going into IT") occurred in the early 1980s and has been declining ever since. See the graph "C.S. Bachelor's Degrees Granted By Sex" here. My off-the-cuff theory is that the field has become less "stable" over time, with employees hopping around to different employers with much greater frequency than they once did, either because of layoffs or because they found more interesting (or lucrative) work elsewhere, and that this increased instability is disproportionate turnoff to women (as opposed to men).

Now it isn't, so they don't.

On what basis do you claim software dev. isn't a "good career choice"? Maybe I'm atypical, but from where I'm sitting it's not too shabby. My individual income is around the 5th percentile, I rarely work more than 40 hours a week and I get to go to work in shorts and flip-flops. The worst thing that happens to me is being asked to implement a feature that's stupid or poorly designed.

It really doesn't seem like it should be, does it?

Yet I swear, 9 out of 10 applicants we get for a job literally can't get much past Hello World. It's mind boggling. And these are the applicants that have made it through the filters, not even the raw stack! I don't care if they have a decade of verifiable experience, they're still bunk. These are the guys applying for "Senior" positions....I can't imagine what we'd scrape up if we were looking for less seasoned canidates.

And we're not even all that picky. We'll quickly jump all over competent.

I think that's the mistake gifted programmers make: This stuff comes naturally to us so we can't really understand that it's difficult for most others.

Or... It could just be that the tech boom is back, with a vengeance.

Everything I hear out of my friends in the San Francisco area is that the industry is booming bigger then even the dot.com days. The unemployment rate for software engineers has fallen through the floor, now nationally around 2% and below 1% in some major markets.

true but Google is recording all your calls

http://www.computerworld.com/s/article/9244207/Fake_Windows_tech_support_calls_continue_to_plague_consumers

This is exciting development.
Finally getting some Filipino competition to the fucking Indian monopoly.

This looks more like an advertisement for sdt.bz than an actual Slashdot article.

Here's the real article:
http://www.computerworld.com/s/article/9244207/Fake_Windows_tech_support_calls_continue_to_plague_consumers

I'd like to see a gizmo that could not only measure the current available, but act as a universal adaptor for those sorts of devices.

The answer is not a different gizmo to work around existing limitations in the spec but updating the USB spec to reflect real world conditions and handle more power and handle power more gracefully than it does now. There is some evidence that this might occur in the near future.

Which (blankety-blank-censored-blank) is no longer available. And since the cables are no longer made or sold and since they were notoriously prone to fail means that I've been trickle-charging my unit for about a year now.

Exactly why I avoid devices with weird custom cables whenever possible in consumer electronics. It's been my experience that unless a custom cable is so popular as to become a standard itself (like Apple's Lightning) that eventually you are going to run into a problem. Furthermore it adds to the cost of the device (custom cables = $) and it usually means that the company making the device had lazy and/or incompetent engineers. Now admittedly the USB spec is pretty flawed, particularly when it comes to power, but even so I've still seen lots of devices that could have used standard USB (or Firewire etc) had they taken the time to do so.

Now sometimes the standard needs to be updated. I think USB should be beefed up to handle up to 100 watts with all due haste.

Bear in mind that my day job is to run a company that makes custom cables. Think about that. I make a living off of custom cables, have the ability and equipment to make a copy of pretty much any cable, and I still think they are a bad idea for most consumer electronics.

"They should be encrypting the data on disk, on network connections ..."

Let's see how that paranoia thing works in practice.

"Microsoft's Azure service hit by expired SSL certificate"
http://www.computerworld.com/s/article/9237076/Microsoft_39_s_Azure_service_hit_by_expired_SSL_certificate

Hmm, needs more work.