Slashdot Mirror

Jesus H. Christ...don't be so fucking lazy...it's real...

http://www.cbsnews.com/news/ca...
http://www.cnbc.com/2015/07/22...
http://www.infoworld.com/artic...
http://www.cnn.com/videos/tech...
https://www.washingtonpost.com...

While nobody wants a huge abusive spy agency tracking Americans at all times, there are going to be plenty of people on here jumping up and down hoping for the destruction of the NSA... while simultaneously running around like chickens with their heads cut off claiming that Russian Hackers are the sole reason that Trump is president.

Seriously, WTF is this comment and why is it (currently) +4 Interesting?

#1. Many, many people who have been most critical of the NSA's activities have been skeptical of the claim that Russian hackers are the sole reason Trump is president. This includes Glenn Greenwald as well as many in the security community who don't take leaked reports of CIA briefings at face value. I'm not seeing anyone who is anti-NSA spying wholesale accepting the CIA's story. So the premise of your point is not correct.

#2. Even if they DID accept the Putin story... There is no inherent conflict between not wanting a "huge abusive spy agency tracking Americans at all times" and wanting an agency to protect against foreign attack (if one has occurred, which as I said is not certain).

#3. The NSA has done very little that would have prevented the hacks, while actually having done very much to weaken national security-- the kind of thing that facilitates break-ins. They have compromised security algorithms and pushed the RSA to accept them as standards. They have deliberately inserted weaknesses into Cisco products. There are numerous examples of this. If the "Russians" has hacked us because of weak technology, the NSA very well could be to blame. The assumption that they're some kind of shield against attacks appears to be backwards.

#4. Podesta's emails were reportedly hacked via social engineering. Explain to me how you think the NSA's role has been stopping human beings from typing in their own Gmail login information when tricked to do so.

#5. Finally, elucidate on the connection you make between a "huge spy agency tracking Americans at all times" and an alleged nation state hacking campaign. What the hell does the surveillance state agency spying on all citizen activity have to do with these hacks? If anything, the alleged influence of Russian agents in our election occurred WHILE the mass-spying is occurring. Therefore, by your logic, the NSA should stop all spying to stop Putin. Right?. Right??

In short, your post makes no sense, it is not "insightful"-- it connects dots that don't have anything to do with each other. Worse, it is in some ways dangerous because it is really an attack on questioning authority. There is zero contradiction in opposing an all-powerful state surveillance agency on one hand vs. a corrupted electoral system on the other.

Not to mention that those reports of foreigners meddling in our election originate from an agency with a notorious decades of history in... well, meddling with foreign elections.

As a fellow scientific programmer, I am curious to some of those "I've read a few outstanding books on the subject since then."

Could you be so kind as to give me a few pointers? Thanks a lot!

Ugh. I knew someone would ask that. I don't actually keep a bookshelf with these tomes.

Oh, good - here's an article that has a few: http://www.infoworld.com/artic...

Since college:
"Code Complete" by Steve McConnell (2004)
"The Pragmatic Programmer" by Andrew Hunt and David Thomas

A fun book to do with colleagues:
"Seven Languages in Seven Weeks" - https://pragprog.com/book/btla...

If you're into OO:
"Design Patterns: Elements of Reusable Object-Oriented Software" Gang of four

Not coding, per se, but everyone who works in the field should read and have their boss read:
"The Mythical Man-Month" by Frederick Brooks

The best books from college (I haven't touched in nearly 20 years, but I'm really glad I had 'em back then):
"The C Programming Language" (2nd Edition, 1988) by Brian Kernighan and Dennis Richie
"Compilers: Principles, Techniques and Tools" - the dragon book

Sigh. You're right.
http://www.infoworld.com/artic...
This sucks. Systemd, no codec in ISO...

Infoworld has done better articles on the topic. A little dated (2010... Applets? Flash?), but still fun:

Nothing screams "get off my lawn" like a language controlled by Oracle, the world's largest enterprise software vendor. The chances that Java can attract the mohawks-and-tattoos set today seem slimmer than ever.

Oracle is campaigning for accountability? Sure, I love accountability.
How about:

- Improper accounting practices on your cloud service business: http://venturebeat.com/2016/06...
- Breach of contract: http://www.pcworld.com/article...
- Putting stockholders' investments at risk: http://www.theregister.co.uk/2...
- Fraudulent practices/overcharging the Deparment of Justice: https://www.justice.gov/opa/pr...
- Patent infringement: http://www.infoworld.com/artic...
- Project cost overrun and breach of contract again: http://wtnnews.com/articles/85...

If Oracle had any hint of accountability it would've closed doors a long time ago. What they want is money.

If the only ads you allow are a static JPEG which clicks through to the advertising site, you've done your job. Newspapers and magazines got along just fine for over a century with static ads. Advertisers don't need scripting, and in fact they've demonstrated they're too immature to be given the power of scripts.

Is it safe? ... Is it safe?

Is it safe?

Is anything internet connected truly safe?

Safe is not a Boolean.

If the only ads you allow are a static JPEG which clicks through to the advertising site, you've done your job. Newspapers and magazines got along just fine for over a century with static ads. Advertisers don't need scripting, and in fact they've demonstrated they're too immature to be given the power of scripts.

Is it safe? ... Is it safe?

Is it safe?

Is anything internet connected truly safe?

"Microsoft has DISABLED the weather and currency gadgets via a recent Security Update,"

So you downloaded and installed an update without reading what the security update did. it wasn't out of the air ms uninstalled the gadget you gave them permission too. But don't feel bad hundreds of millions of people installed win 10 adware http://www.infoworld.com/artic...
to get a IE security update couldn't get one without the other. this is the kinda BS we will not be able to stop we need laws made to stop this crap. but its no longer safe to just install security patches from Microsoft.

How is it "half-assed"? It actually is much more tightly integrated and seamless to the point that you can just run ELF binaries on Windows, you cannot do that with Cygwin so you can build and debug the exact same binaries that you run on both platforms.

The implementation is also a proper subsystem, unlike Cygwin which sits on top of the Win32 subsystem. For example look at fork() in cygwin that has to use Win32's CreateProcess because Win32 doesn't have the concept of fork. This makes it prone to various failures because it's a pretty nasty hack to make it work, since Subsystem for Linux is a proper subsystem it isn't burdened by incompatibilities in the design of Win32 and POSIX APIs or having to be a kludge to make Win32 kind of work like POSIX.

Do you have any links to this effect? I had heard that they would be adding bash, and thought that was kinda cool but whatev. But if they're adding an entire linux subsystem, then that's something else entirely.

I found this after a cursory google search, but better links are welcome:
http://www.infoworld.com/artic...

In 2005 you probably didn't have a phone even capable of decent world wide web access let alone a network that you could pass 100GB in one month.

In first world countries, this was utterly common by then. For example:'

The number of Internet users in Japan accessing from cell phones exceeded those using it from personal computers in 2005

And talking about home internet speeds in 2005:

"Such connections are generally capable of speeds of 100M bps (bits per second)."

This was the status over a decade ago in Japan, Korea, much of Europe, and others.

You may live in a country with more backwards infrastructure, but do not confuse your local situation with the rest of the world, who very much was enjoying 100+ MBit broadband and mobile internet access in 2005.

Telemetry in Windows 7 and 8 is still optional and easy to disable:

http://www.infoworld.com/article/2981947/microsoft-windows/the-truth-about-windows-7-and-81-spy-patches-kb-3068708-3022345-3075249-and-3080149.html

http://www.infoworld.com/artic...

How about when Windows Update helpfully started the upgrade process on domain-joined systems, despite MS claiming it wouldn't?

(take your pick on links) https://duckduckgo.com/?q=wind...

MS keeps demonstrating that they can't be trusted, and I for one am tired of having an adversarial relationship with them.

I'm done, they can go fuck themselves.

But a whitelist requires more diligence to maintain if you don't want to turn a PC into a game console

A whitelist is a gateway to an app store only system with censorship and lack of choice.

That's sort of what I was getting at. It really depends on by whom it's managed. Some PC owners can be trusted to maintain their own whitelist; others can't.

[1] Thomas U. P. Charlton. The Life of Major General James Jackson. Augusta: Randolph & Co., 1809.

Some background on async functions: http://www.infoworld.com/artic... To be fair, it was a mammoth endeavor to add proper async support in just a few months.

Apps for learning to program that allow sharing your work with other users (execute code rule)

Not sure if all of these qualify; but at least some of them do. And this list is somewhat old. And a Search of the iOS App Store came up with an impressive list of Programming utilities and IDEs for a wide variety of languages. So, I'm not sure what the problem is.

Launcher replacements for persons with disabilities

I guess Cromulent Labs' "Launcher" must be misnamed, then.

WLAN utilities, such as utilities for troubleshooting your wireless network or for contributing to a collaborative map of wireless networks (Apple deems AP enumeration in iOS to be private)

Really, I have a few on my iPhone and iPad. My favorite is "Fing".

Web browsers that implement HTML features that Apple has left out of Safari (WebKit rule)

Not sure what the big deal is: Mobile Safari seems to "Check the Boxes" as well as almost any other browser. And it looks like a couple of things that Mobile Safari has left out would have run afoul of some other iOS rule.

As for the rest of it, meh.

I admit that Trials would be nice; but most iOS Apps are cheap enough that it hardly matters.

Flash, Javascript, ActiveX... have we learned now?

Letting random web sites run any form of procedural code on your computer is NOT a good idea. Not just random web sites, but any site THEY in turn want to cross site script. Even when you try to sandbox this stuff, there are still holes. The valid use cases for such scripting are minuscule - it is chiefly used for advertising, tracking, profiling, and interfering with the user experience such as disabling cut and paste. For the very few valid use cases, it can be whitelisted.

But default-enabled? That's insane, no matter what the web-language flavor of the day is.

Captcha = mishap

Does this have to be a conspiracy to increase government surveillance? Couldn't it just be related to net neutrality?

A minor point to make: Intel didn't just accept Thunderbolt, they invented it. Apple just happens to be the only mainstream adopter that I can think of, and if something like this was in their long term plans it makes sense why they started including it years ago in the MBP line.

Not exactly true.

While Apple is far-and-away the leading evangelist and adopter of Thunderbolt (afterall, they co-developed the copper-wire version in partnership with Intel), there are Wintel PCs from major OEMs with it (sorry I couldn't find a more recent article), and their number is increasing.

I would bet that this idea of Apple's is a game changer, though. The time for attempting to pour raw pixels to the monitor is past. "Display-List-Transfer" is FAR more efficient, even at the expense (no pun) of making monitors significantly jump in price.

Think of it as "Distributed Processing".

Samsung have heard all about the horrors of Microsoft Windows 10.

It is surprising that it isn't talked about as much.

Windows will reset the settings that it feels like when it feels like it or that it doesn't fix all of the problems associated, after all.

You like to dismiss criticism of your username as meaningless, but it's not. It suggests you, like so many others, treat this company and its philosophy like a religion. This suspicion is compounded by the evidence of your post history, which shows a clear agenda: trolling this website to back up Apple wherever possible. It's literally all you do. So forgive me if I find it futile to argue with the Apple priesthood.

Criticism OF my username is meaningless. But criticism BASED ON my username is worse.

I do not "worship" at the "Church of Cupertino". In fact, I own relatively little Apple gear, HAVE never (and WILL never) camp-out in line for an Apple product, have only been to our local Apple Store about 3 or 4 times in the ten or so years it has been open, and actually spend FAR more time on my work Windows 7 laptop than I do on my MacBook Pro.

Quite frankly, one of the things I like about Apple is the fact that their hardware and software products tend to BREAK the "Computer Priesthood" mythos (unlike Windows and even more so for Linux). For example, ask IBM how much they SAVE, and how much LESS they have to rely on Computer Priests when they allow Apple products into their corporate offices.

That isn't me saying it. It is an industry giant, who, by the way, really doesn't have anything to gain by doing so.

And they are most certainly not alone. Look at the comments by several large corporations that have "discovered" the benefits of Apple in business.

Again, not my words.

Although I thoroughly reject the idea that I am a member of the "Apple Priesthood", I do have quite a history of being an Apple user, going back to the Apple 1. As such, I have watched the company through its ups, and downs, and ups, and I know for a fact that their "corporate culture" is decidedly different for almost any other company their size.

There is a vast difference between "Worship" and "Recognition", which is something that seems to get conveniently ignored by the Haters. I RECOGNIZE that Apple, more than most tech companies, at least TRIES to "do right" by their Customer-base, by and large, even if they don't always do what *I* would want. And if I am a bit strident in my defense of Apple, it is mostly compensation for the ridiculous, over-the-top, bend-over-backwards hyper-critical postings of not just a few, but many, slashdotters (almost all who are too pusillanimous to actually log-in), who ascribe motives and machinations and wheels-within-wheels conspiracies to Apple, and who patently and off-handedly dismiss their hardware and software, almost always without even having touched same.

I guess I feel that someone needs to "set the record straight"; which is why I almost always back-up my posts with citations.

Which I notice that, in all your diatribe, you have not offered ONE fact in rebuttal to my OP.

To me, that is most telling...

>> I'd rather they quit pestering me to do something I do not want to do.
> I understand... I don't want to pay my taxes either, but I have to...

False equivalence much? You're comparing apples and oranges assuming they are the same thing.

NOT paying taxes is illegal.

NOT upgrading is legal.

> You don't have to like it, but you have to do it.

[[Citation]]

I get to decide what patches to install on my computer, not Microshit.

> If you're online, you have to keep your computer up to date, to do otherwise is irresponsible and unsafe...

Assuming the updates are safe AND work. Oh look, why did Microsoft pull updates KB 3114409, The Windows 10 Nov. Update, /KB3001652, etc.

But keep drinking that Kool-Aid (TM) and astroturfing there buddy.

I hate to bust your bubble here but Microsoft only has mainstream support for Windows 8 (8.1 is a service pack) as well as Windows 10. Take a look here and Win 8 is only mainstream supported till January 9, 2018 which is not that far away. Sure you can get extended support for Vista, Win 7 and even Win 8 but you will be paying for that.

Actually, you're the one who has it wrong. Microsoft preempted the original Windows 8 release with the 8.1 release. They no longer support 8.0 and the 8.1, Update 1 release is the one being supported through 2023.

Think of if like Windows 98 vs 98SE.

I will concede that Microsoft only support 8.1 (which is a service pack for 8.0), however mainstream support for 8.1 is January 9, 2018 (as per the Microsoft web site). I did not explain it properly however I did provide the URL for the Microsoft support information site. Even if you still had MS Win 8 you can still get a free upgrade to 8.1 see here so even though I was technically wrong in stating Win 8 was mainstream supported till January 9, 2018 there is no associated cost with upgrading to Win 8.1 and getting free "mainstream support" at least until January 9, 2018.

There are two types of support Microsoft provides for their operating systems, they are "mainstream support" which is free while "extended support" requires you to pay for it and somehow I doubt most home PC users would pay for this service.

I hate to bust your bubble here but Microsoft only has mainstream support for Windows 8 (8.1 is a service pack) as well as Windows 10. Take a look here and Win 8 is only mainstream supported till January 9, 2018 which is not that far away. Sure you can get extended support for Vista, Win 7 and even Win 8 but you will be paying for that.

Actually, you're the one who has it wrong. Microsoft preempted the original Windows 8 release with the 8.1 release. They no longer support 8.0 and the 8.1, Update 1 release is the one being supported through 2023.

Think of if like Windows 98 vs 98SE.

*BZZZZZZT* Wrong. OpenSSL isn't open source enough.

Linux is like an ecosystem , with some companies at the top of thew food chain and others who are forced to live underneath them.

What you THINK is Linus is at the top of that foodchain. In reality, Redhat is at the top of that foodchain, and Linus, Mark and everyone else - all other distros -get a lot of code RedHat writes forced onto them whether they like it or not. They are by far the biggest, most well funded, most prolific and most influential Linux distro Plenty of core functionality issues out of them, and because so many other device makers and 3rd party software makers write code which depends on their code, all other Linux distros are forced to follow suit.

Fo course, once code is depended-upon by a large number of 3rd parties, that dependency spreads like a cancer and all Linux distros are forced to include that depended upon code.

And what makes RedHat so sucessful, what lets them maintain their position as top dog / ecosystem dictator? One thing- the contracts it has with the US government.

And what code might I be talking about? I might be talking about Systemd.

http://www.infoworld.com/artic...

You can read about it at this link and especially the ones below but tldr; It Came From Redhat and provoked nonthing less than a civil war in Linux over whether it will be included.

Shuttleworth proclaimed it would never be included in Ubuntu and Linus railed against it, but to no avail. In the end they both submitted to the power wielded by Redhat.

True, there's only a 99% chance this inscrutable mess of code, which has staged violent coup after violent coup against the territory previously held by nicely isolated and well understood parts of Linux *at the lowest levels* isn't a government sponsered backdoor-via-oopsie-a'lookie-at-that-bug-we-wrote ! but that's small comfort to the rest of us who need somewhere to run from the privacy-raping, eavesdropping, keystroke-logging, backdoored piece of shit Torjan known as Windows 10 when Windows 7 stops being habitable.

So yeah, the guy who has root on every Ubuntu installation in the world and was publicly submitted into bowing before and pledging his eternal allegience and fealty to His Majesty the King wants everyone to know that King's clothes are marvelous and all this talk of a naked King is just bunk.

https://lkml.org/lkml/2014/8/1...

http://www.linuxuser.co.uk/fea...

The basic tension here is the use of technology by Bad Guys gives them preternatural power to do bad things in big ways. OTOH , the state sponsored panopticon which is deployed, in all earnestness- let us not pretend otherwise, seriously, I don't question their motives even a little - is a known recipe for the destruction of democracy, dissent and a death sentence for a healthy society. But only a free and healthy society has any hope to counter terrorism. Absent freedom of thought and freedom from intimidation, short-term, parochial local incentives borns of personal fiefdoms take over policy making completely and that society is doomed to fall, just like Rome.

We cannot allow ourselves to become Rome. The only way to do that is to prevent the government from deploying a system which could be used by future governments to crush dissent and independent thought. That is, to crush anonymous speech and the freedom to explore ideas and voicing opinions which run counter to powerful interests.

It not that terrorism doesn't have the potential to bring a doomsday to us all, they most certainly do, it's that through an indirect process which is nevertheless guaranteed to be realized, that potential turns into an absolute certainty if the government is able to get root on all our keystrokes.

Not even close to true. There have been many reports of the registry settings magically being reset. I have run into this myself on a machine we use for power point presentations.

Not necessarily. These criminals want to provide good "service" to their "customers". If it gets out that this sort of extortion payment has no effect on getting back their data, no one will pay it and they will lose their "business".

That doesn't prevent "me too" organizations from walking in and hacking them as well, of course.

And be aware that these organizations are often extremely professional these days, using very sophisticated spear phishing attacks and other means. It is increasingly less true that this is simply due to someone clicking on a link to a viagra spam email. They're making very concerted efforts to learn organizational charts and watching emails to ensure that they send their emails as people who you'd usually trust to send you a link.

Here's a long read about how these pro hacker outfits are using spear phishing and sophisticated attacks that could be pretty scary even to a place that takes security fairly seriously. If they fell prey to something like that, they wouldn't have to be idiots.

http://www.infoworld.com/artic...

Actually I'm still assuming user error.

I've been dodging Windows 10 for awhile. Then it came out that Windows 10 was being pushed as a "Recommended" update, and with default settings, it would be installed automatically like the rest of the "Recommended" updates. After the latest spate of news, I checked Windows Update, and sure enough, I was scheduled a few days away for an install.

This is NOT user error. And even if it was, it's clearly so prevalent that it's Microsoft heavy-handed efforts to push Windows 10 that it's Microsoft's fault, not the user. Here's an article from a tech writer that says it happened to him on a VM install of Windows 7.

FUCK YOU MICROSOFT.

Why don't you contact Infoworld as I'm sure they will be able to show you the logs...but of course you won't because its plain to see by your posting history you are shilling the living fuck out of anything MSFT.

You might want to tell your boss you've been made and to send you to another site, nobody is gonna buy your BS here.

Uhhh...you wanna tell that to the writer at Infoworld chief? I also had it happen to an Athlon X2 I had at the shop, I didn't touch shit, it was set to ONLY install critical updates, i just hadn't gotten around to installing GWX control Panel on it...found a new Win 10 install with the Win 10 EULA staring me in the face.

Sorry dude but it happened, you can argue whether it was malice or incompetence (with MSFT you can never tell, it could go either way) but we have more than enough evidence to say with certainty that a subset of users got "Win 10'd" without having to interact with the system.

You might want to read this article from a senior editor of Infoworld who systematically tested and confirmed this on a Windows 7 virtual machine with the default windows update settings. He even explicitly unchecked the Windows 10 update, only for it to be re-selected automatically and auto-installed overnight without his consent: http://www.infoworld.com/artic...

> Windows Update Client for Windows 7 and Windows Server 2008 R2: March 2016 > This article describes an update that contains some improvements to Windows Update Client in Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This update has a prerequisite. About this update > This update contains some improvements to Windows Update Client in Windows 7 SP1 and Windows Server 2008 R2 SP1. Improvements? What constitutes an improvement? What's the problem solved? Who is it an improvement for? http://www.infoworld.com/artic... Oh, it's Windows 10 which I DO NOT WANT. I do not want a fully remote managed operating system. I want a PC. PERSONAL Computer. Didn't I hide that update option as well?

Google was more aggressive about pushing Chrome than MS ever was about pushing Windows 10.

Funny that. I never was greeted with a popup when I logged in whether I wanted to install Chrome Now or Tonight...

A few of the many stories about backdoors in U.S. hardware:

D-Link: Reverse Engineering a D-Link Backdoor (Oct. 12, 2013)

Arris: 600,000 Arris cable modems have 'backdoors in backdoors', researcher claims (Nov. 20, 2015)

Juniper Networks: Juniper drops NSA-developed code following new backdoor revelations (Jan. 10, 2016)

Cisco: Snowden: The NSA planted backdoors in Cisco products (May 15, 2014)

Netgear: Netgear Patch Said to Leave Backdoor Problem in Router (April 23, 2014)

Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)

Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)

Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)

Hard drives: Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware (Feb. 17, 2015)

Is every backdoor the work of the NSA? There is no way of knowing.

Why isn't this article entitled "Red Hat Linux executive tells the sheeple to quit buying Red Hat Linux - there are plenty of identical and cheaper alternatives available?"

Because it wouldn't be true?

Of the myriad changes found in RHEL 7, a few are certain to cause consternation. First and foremost of those is the move to the Systemd system and process manager. This represents a major departure from Red Hat's -- and Linux's -- history and from the tried-and-true Unix philosophy of using simple, modular tools for critical infrastructure components. Systemd replaces the simplicity of Init scripts with a major management system that offers new features and capabilities but adds significant complexity.

Both sides of the Systemd divide have their adherents, but in RHEL 7, the Systemd argument has clearly won. I believe, however, that this will ultimately rankle many veteran Linux admins, and we may be on the road to a real schism in the RHEL community and in the Linux world at large.

Review: RHEL 7 lands with a jolt [August 2014]

The moral of this story is, yes, Windows 10 might be pretty. Windows 10 might support all of your favourite games. But in 2016, there is nothing this OS does that Linux can not ..

There has never been less reasons to choose Windows over Linux, and therefore absolutely no reason that THIS should not be The belated year of the Linux Desktop. link

A few of the many stories about backdoors in U.S. hardware (Copied from another comment.):

D-Link: Reverse Engineering a D-Link Backdoor (Oct. 12, 2013)

Arris: 600,000 Arris cable modems have 'backdoors in backdoors', researcher claims (Nov. 20, 2015)

Juniper Networks: Juniper drops NSA-developed code following new backdoor revelations (Jan. 10, 2016)

Cisco: Snowden: The NSA planted backdoors in Cisco products (May 15, 2014)

Netgear: Netgear Patch Said to Leave Backdoor Problem in Router (April 23, 2014)

Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)

Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)

Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)

Hard drives: Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware (Feb. 17, 2015)

Is every backdoor the work of the NSA? There is no way of knowing.

That is certainly NOT a "purely political" story; although I can understand why someone would make that mistake. It's a story about the decline of technology in the United States caused by those who make money favoring secret actions by secret U.S. government organizations.

NSA = No Sales for America.

Boeing Might Lose $4B Brazil Deal For F-18 Jets After NSA Surveillance Scandal; Analysts Say Politics Won't Trump Business (09/12/13)

Three months later: President Dilma Rousseff Announces Brazil Is Buying Sweden's Saab Gripen Jet Fighters (12/18/13)

NSA = Not a Sensible Arrangement.

The NSA does not provide "Security". Instead, the secrecy makes everyone feel insecure. Anyone can claim that a secret organization did something destructive; that's an easy sale when a small group wants violence. Suppose an NSA manager wants a promotion. The manager can arrange something likely to cause violence; there is no outside review; new violence can be used as a reason for new authority.

Consider the Culture of fear. Nazi leader Hermann Goring: "The people don't want war, but they can always be brought to the bidding of the leaders. This is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism and for exposing the country to danger. It works the same in every country."

Quote from that same Wikipedia page: 'Former US National Security Advisor Zbigniew Brzezinski argues that the use of the term War on Terror was intended to generate a culture of fear deliberately because it "obscures reason, intensifies emotions and makes it easier for demagogic politicians to mobilize the public on behalf of the policies they want to pursue." '

Another quote: "... journalist Adam Curtis argues that politicians have used our fears to increase their power and control over society."

NSA = No Structural Authority.

There are complicated problems in running ANY organization. Managing secret organizations sensibly is impossible. Each manager of a secret organization has an excuse to hide his or her mistakes. There can be no outside ideas to fix problems because no outsiders are allowed to know what is happening.

Backdoors:

The U.S. government allows secret government agencies to go to any executive in any company, make demands for "security", and threaten the executive with prison if he or she doesn't do what the secret agency wants. Is that the reason that U.S. computer equipment has backdoors? We are not allowed to know. Secret agencies are allowed to lie, so even if an agency says it didn't force a backdoor, no one can know if the statement is true.

A few of the many stories about backdoors in U.S. hardware:

D-Link: Reverse Engineering a D-Link Backdoor (Oct. 12, 2013)

Arris: 600,000 Arris cable modems have 'backdoors in backdoors', researcher claims (Nov. 20, 2015)

Juniper Networks: Juniper drops NSA-developed code following new backdoor revelations (Jan. 10, 2016)

Cisco: Snowden: The NSA planted backdoors in Cisco products (May 15, 2014)

Netgear

NSA Helped British Spies Find Security Holes In Juniper Firewalls Quote: "... British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks..."

Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors Quote: "This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire."

New Discovery Around Juniper Backdoor Raises More Questions About the Company Quote: "Juniper added the insecure algorithm to its software long after the more secure one was already in it, raising questions about why the company would have knowingly undermined an already secure system."

Juniper 'fesses up to TWO attacks from 'unauthorised code'

'Unauthorized code' that decrypts VPNs found in Juniper's ScreenOS Quote: "And it may have been there since 2008, making this a late contender for FAIL of the year."

How to log into any backdoored Juniper firewall -- hard-coded password published

Juniper promises to fix ScreenOS cryptography ... eventually

Listen up, FBI: Juniper code shows the problem with backdoors Quote: "FBI director James Comey should be taking notes: The Juniper debacle shows why security experts are up in arms over government-ordered backdoors."

Another quote from that article:

"Cryptographic backdoors are one of the best ways for attackers to break into systems. '[The backdoors] take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes,' Green said.

NSA Helped British Spies Find Security Holes In Juniper Firewalls Quote: "... British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks..."

Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors Quote: "This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire."

New Discovery Around Juniper Backdoor Raises More Questions About the Company Quote: "Juniper added the insecure algorithm to its software long after the more secure one was already in it, raising questions about why the company would have knowingly undermined an already secure system."

Juniper 'fesses up to TWO attacks from 'unauthorised code'

'Unauthorized code' that decrypts VPNs found in Juniper's ScreenOS Quote: "And it may have been there since 2008, making this a late contender for FAIL of the year."

How to log into any backdoored Juniper firewall -- hard-coded password published

Juniper promises to fix ScreenOS cryptography ... eventually

Listen up, FBI: Juniper code shows the problem with backdoors Quote: "FBI director James Comey should be taking notes: The Juniper debacle shows why security experts are up in arms over government-ordered backdoors."

Another quote from that article:

"Cryptographic backdoors are one of the best ways for attackers to break into systems. '[The backdoors] take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes,' Green said.

The Java browser plugin infected millions, loaded bloatware, and generally has been a nuisance for years.

It eventually was blacklisted from browsers.

Let's not pretend SSL certs were supposed to do things they're not. You can be certain no one is imitating the malware site. And that's all a SSL cert means.

Bruce Perens.... created The Open Source Definition and published the first formal announcement and manifesto of open source. He co-founded the Open Source Initiative (OSI) with Eric S. Raymond.

Note the second name in there... I'm pretty sure ESR would completely disagree with Bruce on this topic. ESR is routinely complaining about SJWs conspiring to harm open source projects. Recently:

http://www.infoworld.com/artic...

So, if "Credentials" matter to you, that makes it a wash. It's a logical fallacy, anyhow.

From my perspective as a long time computer builder/seller, and Windows user since version 1, I think that the Windows as a service is not going to please a lot of people unless MS is much more upfront about how they are going to make money from the OS (e.g., the extent of tracking, adware on the startmenu, telemetry uses beyond fixing issues, etc.). They also need to add an opt-out option to the Windows 10 icon because now you need to know enough about Windows to delete a specific update (KB3035583) to get rid of it and "opt-out". This is extremely user unfriendly by any standards.

On top of that, the forced updates are causing problems, and that needs to be ended. Just today an update broke Microsoft's own email program Outlook with an update KB3114409. It happened to me today when I trusted MS and ran the updates manually. This "patch" forced Outlook into safe mode until the specific update was uninstalled. So this update would have been forced on people with Windows 10 until MS pulled it. See here.

http://www.infoworld.com/artic...

Windows is another experiment (Windows as a service with forced updates) and users are acting as guinea pigs. I can't afford to do that with my work computers.

So go right ahead and use it if you want, but I will not. Many things would have to change, from the Metrofied start menu to the terrible 2D look that is so uncustomizable compared with Windows 7 to the forced updates. Apps are crap and I don't want or need them on my PC. PC Settings is a downgrade from Control Panel. I could go on and on, and if you again respond by trying to defend MS I'll just post my much longer, more detailed list of complaints for everyone to see.

http://www.infoworld.com/article/3013219/microsoft-windows/microsoft-pulls-botched-patch-kb-3114409-that-triggered-problems-with-outlook-2010.html

Interesting, it appears Greenplum has recently been open sourced.

You do realize that this story starts talking about Comcast, the same company that tried to charge Netflix for data that their customers were requesting? They also kicked out Netflix's caching servers from their datacenters before this. Comcast brought their problems on themselves by refusing to upgrade connections to accommodate the needs, and intentionally pushing more traffic onto the uplinks. I can't imagine how anyone would have sympathy for a company that intentionally causes over saturation of their uplinks when they have been offered free upgrades!

http://www.infoworld.com/artic...
https://gigaom.com/2014/10/28/...

http://consumerist.com/2014/02...
https://freedom-to-tinker.com/...
http://knowmore.washingtonpost...

This is why Linux will NEVER WIN

Hmmm...I think the world begs to differ since Linux is on the vast majority of hardware out there - everything from watches to super computers (far more breadth than *any* other operating system or operating system kernel out there). And then there's also:

"If Microsoft ever does applications for Linux it means I've won." - Linus Torvalds

Which since Microsoft is now making a version fo Visual Studios for Linux, is using its own custom Linux Distro in its data center....

well, I'll just leave it to you, but it seems that Linux has indeed won.

Dell pretty much ONLY sells other people's hardware these days, I'm not really sure what TFA is smoking. They have a few internally designed products left that I know of, but almost all of it is various tiers of rebranded bullshit, from just stamping a Dell logo on someone elses turd, to having foxconn, msi, etc. do the electrical design and integrating those into assemblies someone else also puts together.

I'm not sure what *you're* smoking.

What do you think Microsoft hardware is? Made in a factory in Redmond by Microsoft employees? Hahaha. Microsoft has long had their hardware designed by ODMs and made by CMs. According to this article, Taiwanese company Pegatron makes the Surface tablets, and is also an iPad supplier.

*Every* American electronics company these days outsources their manufacturing and frequently their design to Asian companies. No one does any of that stuff here any more, except defense contractors of course.