I'm not going to debate most of your opinions, but...
The info source does not matter.
No, no, no, no, no, no, no.
The source absolutely matters, especially considering the recent fad of leaking classified documents under the guise of "whistleblowing". Due to the classified nature of the information, there usually can be no official explanation beyond what is leaked. This means that the leaker has absolute editorial control over what can be discussed, and by exercising that control can manupilate public perception. Since nobody else can offer a rebuttal, the deception can last for decades.
Consider the well-known ethics thought experiment of a runaway railroad trolley heading towards five people tied to the track. You stand at a switch with the ability to divert the trolley to a different track, but there is one person standing on that path.
Depending on the circumstances involved, a wide variety of ethical outcomes may be selected. Sometimes it's considered more ethical to do nothing, and remain innocent. Sometimes it's considered more ethical to kill one person rather than five, and save a net of four lives. Sometimes less-conventional solutions are proposed, like sacrificing yourself to try to stop the trolley.
The perception of ethics also changes when more circumstances are known. If the one person on the other track is the villain who tied up the other five, he is almost universally chosen to die instead. If he's an innocent child, he's usually chosen to live in preference to five elderly people.
The circumstances matter, and selecting which circumstances the audience does or does not know means the ethical perception of the issue can also be selected. This was seen directly in the "Collateral Murder" video, where WikiLeaks made extensive use of editing to minimize the evidence that the targets were hostile, and emphasizing the evidence that they were innocent. They also edited around the protocols used to confirm a target, and intentionally made no acknowledgement of the fog of war, letting the viewers know from the beginning that the victims were innocent.
Even if the original footage were unclassified ("honestly and transparently", as you put it), a full understanding of events requires an expert's knowledge. As we've seen from other cases where official full reports were released, they're usually ignored because they don't agree with the earlier biased reports released to the public.
Always consider the source for all information, and consider any bias they may have. The more outrageous the scandal, the more incentive there is to editorialize it, or even to outright fabricate the information. Even if the US government were fully transparent, it would always be possible to claim that there is some secret agency (or department, or program, or person) that isn't transparent, and exists to do all of the distasteful things the rest of the government can't do.
That's a good thing. As the President of the United States, Mr. Obama is supposed to be mocked. He is supposed to be the butt of jokes, and everything he does is supposed to be criticized just like anyone else would be. Per the First Amendment, every American citizen's right to mock the President (and everyone else, for that matter) is protected to within reasonable limits. That's why he's still just Mister Obama, and not the Almighty Honorable Supreme Commander President Barack Hussein Obama.
We have elected him to lead the people, but he is still one of the people, and his basic legal protection is the same as the rest of the people.
That's my problem.... I'm usually pretty quick to dismiss conspiracy theories, for the same reason that I'm quick to dismiss WikiLeaks' publications. They both conveniently ignore facts that contradict their narrative, and don't have any way to disprove the allegations.
Unfortunately, this is a conspiracy theory that actually seems to hold water. WikiLeaks has held a heavy anti-America bias since its founding... Trump's candidacy has always been aligned contrary to recent American policies, and friendly to Russia... Attacking foreign governments is a pretty standard practice for all governments......and there isn't really much more than that, either for or against the conspiracy.
At this point, it's reasonably possible that WikiLeaks has been a pawn manipulated by Russia to help get a Russia-friendly POTUS, whether willingly or not. It's also possible that WikiLeaks is acting entirely independently of any government's involvement, serving their own ends. There's just not enough evidence to rule out either option.
The legislature already passed the laws granting power to the Executive branch. Those laws were written loosely enough that the Executive branch can determine their own policies, and that's what's happening here.
One of the reasons for having an immigration policy is so that the government-provided services don't get overwhelmed, as seems to be a major fear in Europe with the Syrian refugees. To that end, only a certain number of immigrants are allowed in, to reduce the shock to those services. A wealthy foreigner is less likely to have a large burden on those services, and by spending money in the US and paying taxes to the US governments, may even contribute more than they cost.
It's not fair, and it assumes a large number of variables, but it's not necessarily wrong.
There are certainly easier places, with far less regulation. In some cases, if you have a sign, you have a legal company.
That said, those places aren't "better", because your suppliers and customers are also little more than signs and promises. If a supplier takes your money and disappears, you have no recourse. If an engineer copies your trade secrets and starts his own competing business, the law doesn't protect you.
Every restriction exists because someone abused the system at least once already.
The key is to find the people who aren't looking for anything, and show them logic first. Then when the quacks come talking about mind control and weather engineering, it sounds as absurd as it really is.
An added bonus is that there's always that one kid who asks "Why not?". We hope that he goes on to do real science in the field of weather or psychology, advancing the state of the art.
Yes, there were standards without Microsoft. There were a lot of them, usually competing and incompatible. Sure, they were open, but vendors still usually picked one based on their own technical preferences, leaving a lot of work to actually achieve interoperability between systems who chose competing standards. Lots of jobs for the programmers writing interface layers, but utter crap for actually making progress.
Microsoft's monopoly forced everyone's hand. Microsoft's way was rarely (if ever) the best way, but it was a clear and well-trodden path, and anyone doing things Microsoft's way could have a reasonable chance that others would follow suit.
The system itself worked correctly, as the containment system properly contained the leak. The problem is that the "seemingly harmless" substitution wouldn't have appeared harmless to an engineer who knew what was going on, but the person who made the substitution didn't understand the requirements for the part he was substituting.
When I worked on government computers, I often saw similar problems. The developers would specify certain hardware requirements, but over the life of a program, as equipment went obsolete, other people would make substitutions based on the specs of the old part. After a few years, the same software was running on high-end components, at only about 1% utilization. Nobody ever wanted to be the guy who made the system less capable, even though the lower-end hardware would have cost far less.
He might very well have created Microsoft, then abandoned it when the maximum he could get from it was approaching $10 billion.
Without Microsoft having continued so far, computing would be very different today. If Microsoft had stagnated (Anti-Microsoft jokes elsewhere, please) with Windows 95, and left computing to newer upstarts, I expect we wouldn't have anywhere near the compatibility and interoperability we have today. Even among non-Microsoft OSes, interoperability is a mandatory feature. In contrast, I'm reminded of the pre-Windows days where particular software was written for a particular system, and that was it. Now, we have OpenOffice, Wine, and Samba, all from different projects united in the goal of slaying the Microsoft beast.
Microsoft is certainly no longer the only option, but computing environments are all still affected by Microsoft's legacy. I detest Microsoft's monopoly as much as anybody, but I think the cohesion that came out of it is a good thing, overall.
Back to the point, that's one of the philosophies of capitalism: The more people work (economically, meaning an investment of labor, capital, or advice), the more they should make. Artificially limiting the return on investment disincentivizes the amount of work they will do, which in turn reduces the efficiency of the economy. Limiting Gates' return on his Microsoft investment would very likely have also limited how much he invested in Microsoft, and in effect also limited what Microsoft could contribute to the economy. Sure, Gates would be less wealthy... but so would most others who have been employed by the company.
This assumes, of course, that Gates wouldn't have just continued investing anyway. He seems like he's trying to be a nice guy, outside of business, so perhaps he would have just let Microsoft keep growing, regardless of its return. That's a fundamental difference between capitalism and communism: Communism assumes that all people are good-hearted helpful folks contributing to the welfare of society, and capitalism assumes that everyone is a greedy selfish individual who won't do anything without getting paid. Neither assumption is wholly correct, which is why thought experiments like this one are rather useless at predicting a person's behavior.
Maybe that's the problem... The demographic is old enough to fit the "cranky old man" role, but not enough to be the "wise old man".
There's a point where things change just as soon as you get it figured out, and that's a jarring and uncomfortable time. There's also a point where that's happened too many times already, and you just don't care any more.
There are already the usual anti-systemd flames and complaints about how it's absorbing ever more functionality.
As for the server itself, that is roughly the current plan. The devil's in the details, though, when it comes to handling errors in detecting the network configuration and mounting the remote filesystems. For example, as node A initializes, it should try to connect to (and mount) nodes B, C, and D, but if a node is down, the other node connections should function normally until the missing node returns, at which time that connection should be established and the data synchronized among the nodes.
Writing standard scripts to handle the process isn't an intractable problem, but it'd be much simpler with a more robust environment. I'm curious (and a bit hopeful) to see whether systemd can provide the necessary functionality without extensive custom scripting.
Nowhere in your post did you even mention the telemetry that everyone else is complaining about.
Why should I? That's a popular topic for discussion elsewhere under this story, but not in this thread.
Personally I find the objection to telemetry to be ridiculous, as it's based on the paradoxical trust in Microsoft's software, but not Microsoft's corporate governance. Frankly, if Microsoft was intending to do something nefarious, they wouldn't label it "telemetry" in the changelog. If a government wanted to spy on you, they wouldn't seek Microsoft's overt help. On the other hand, if you want your systems to improve based on the collective experiences of others, data collection is essentially necessary now. Better controls would be nice, but that just opens the door to still more paranoia.
You conveniently avoid it at all that microsoft has lied [w]hen they called somethnig a security update and it was actually spyware/telemetry.
Why not both? Offhand, a good example of this would be the SmartScreen filtering. To a security-focused person like me, having a hash check on files from the Internet is a good thing, because it's an additional layer of defense against malware, and that's worth the incredibly-minor loss of privacy. To a more paranoid observer, any usage information sent to Microsoft is spying for ulterior motives, and the loss of privacy is unforgivable, no matter the possible security improvements.
So either you are having a different conversation that the rest of the people here or you are trying to spin somethnig.
There's a third option that you're neglecting to acknowledge: that the conversation isn't as one-sided as you seem to prefer. My motivations are apparently different from yours. I prefer system security over user preferences, while you appear to prefer privacy over data-driven management. As a result of those different preferences, we want different things from the same product.
Ive seen many shills come through here and not a single one has ever admitted to it. Not saying you are but circumstantial evidence is pretty compelling.
Alternatively, you've seen people with different perspectives, and you stubbornly refuse to believe that they might know a bit better than you. Not saying you're an ignorant buffoon, but the circumstantial evidence is pretty compelling.
Mockery and derision aside, you should go look through my comment history. Some of the more scathing anti-Microsoft posts are rather far back, but they're there. As far as "circumstantial evidence" goes, I suspect you're looking at this one single opinion on one single issue, and using that to infer my opinions on all matters. You don't even know my circumstances at all.
Yep. That won't stop the hivemind from shouting against it, though. According to Slashdotters, everything must be done as it's always been done, regardless of any externalities.
Meanwhile, I have a server (based on an ugly inherited design) that has to figure out its remote filesystems based on the network structure, as determined by a user-run script. The process I inherited was to boot the server, run the script, then mount the filesystems it reported needing. Then and only then could the main daemon be started manually.
Fuck that.
An upcoming rework will automate the process with scripts, but it seems like the sort of thing that falls right in systemd's wheelhouse. Systemd's goal is to start the system services, which would reasonably include my daemon. It therefore also seems reasonable that systemd could have access to mounting functions, to ensure the system is ready to start that daemon.
1. Promises != reality. Their patch engine is broken if it can't scale from a machine up to date 24hours ago to fresh RTM installs.
I never mentioned scaling. What doesn't scale is the idea of testing a factorial number of patch combinations.
2. End users don't have a "support rep".
Actually, they can. Microsoft has online and phone support for end users. Companies do have more thorough (and more expensive) options, but most users have options as well.
most of these policies became SOP because of these inherent flaws in windows going back to the 90s. If patching isn't going to help this, then what's the point of patching at all? Assuming the machines are admin'd properly (users not running as admin should be enough for sane systems), such malware would have to abuse vulnerabilities to escalate.
Patches are still a last line of defense. The first defense should be a firewall/proxy to stop threats from reaching your users. Then your users should be educated, preventing the malware from being executed. Then you have antivirus and active scanning to prevent the malware from doing anything bad, followed by restricted admin rights to reduce the damage the malware can cause. Then finally, you have patches, which prevent malware from working around the admin restrictions and permission checks that are already designed into the system.
Yes, yes... I disagree with the hivemind, so I must be a shill. I've danced that tune before, and since you can't form an argument apart from a personal attack, I am forced to conclude you are an imbecile. Take that however you wish.
From the stories I heard working in defense, airframes still can't match pilots. An aircraft on a mission may need to execute some spectacular maneuvers, and the pilot can often survive quite well, especially with active flight suits. However, the airframe is still damaged by the maneuver, and might not be usable again.
Unless that other nation-state also has nuclear weapons, or a stealth-heavy navy that's hard to successfully target, or guerilla fighters and false-flag agents operating in other nations, or cyberwar capabilities that can't be quickly and reliably traced to their nation of origin.
The war could last for years, even with nukes, as the participants play a game of chicken, trying to make the other guy be the bad guy first.
As a sysadmin for mixed Windows/Linux environments with strict patching policies, here's what I expect:
#1 What if I install a brand new copy of Win7 (either because of a wipe and reinstall, or brand new install) I can't get updates at all because it won't have the current update?
The current update will be pushed automatically from the Windows Update server. Like you do now, you'll install vanilla Windows, and tell it to check for updates, and it will download the latest monthly patch. That patch will just include the fixes from previous months.
Think of it as being very similar to how most Linux distros handle package updates. Only the latest versions are automatically pulled. Older versions may still be available, but they won't be delivered by default.
Can you put, on paper, that your once a month update will not totally bork the windows system it's used on, and if I have to reinstall it, do I have to accept this bad update/again/ or else not have any updates at all?
I expect Microsoft will promise, once a month, that the updates won't break anything too badly, or they'll fix it real soon. I'd estimate 99.99% of patch installations are harmless. On the rare chance you happen to have a hardware configuration that doesn't work, there are already channels (through your MS support rep) to properly report it and get a fix.
If an update works fine except that it makes your fine-tuned software configuration need a bit more configuration, that's your problem.
Meanwhile, if you do have a problem with a particular fix, I expect that previous monthly patches will be available for download and manual installation, just like current superseded patches.
This year I had to clean out systems 30 times because of malware
Roughly one infection every 12 days? I don't think patching is going to help you. At that rate, I'd be suspicious of your users. Do they have any admin capability? Is software controlled? Do you forbid personal devices from touching company networks? Do you run a firewall and proxy to restrict web access? Do you monitor those things to make sure they're actually doing their job?
Patching workstations can only reduce your attack surface, but it cannot cure user stupidity. There are always users who will execute email attachments, or download "free new emoticons" or plug their phone into every available USB port.
I'll stick with linux, thank you.
I'm inclined to agree, but let's not get complacent. Just because Linux isn't under as heavy an attack doesn't mean it isn't also vulnerable. My favorite exploit happens to be a Linux-based permission elevation.
they are saying - that none of their users are smart enough to pick and choose which updates they want
It's not an issue of being smart enough... The problem is that most users who say "I will pick my own updates" never actually do so. They end up picking a handful of patches to deploy, before they lose interest and stop patching altogether.
Just wait until they screw up an update and cripple a large portion of their user base - or subject their user base to significant new security vulnerabilities in the process of trying to fix an existing vulnerability.
That happens already, and it's not nearly as big a deal as it seems. The first reports come in, and the update is halted and fixed.
I find it really hard to believe that their testing process is comprehensive enough to cover all hardware and software configurations
Believe what you will, but testing doesn't actually need to cover all configurations. Compatibility needs to be tested thoroughly according to documented interfaces, and as long as those documented interfaces don't change, it's not Microsoft's fault if something breaks. If your webcam driver relies on some undocumented quirk, and that changes, then the onus is on the webcam vendor to release a driver that follows better practices.
This is 2016, not 1970. Your user applications don't need to have direct access to the hardware, not even "for better performance", just like your software doesn't actually need administrator privileges, not even "to access shared data". APIs are complete enough that you can do what you need following the defined and documented interfaces, without concern for the implementation behind them. If software vendors* would aim for "sustainable" more than "clever", 90% of Microsoft's problematic patches wouldn't have been problems.
The other 10% are times when Microsoft changes functionality, like a recent patch where the details of Group Policy filtering changed. Those details are reported in the bulletins released with each patch... and of course your sysadmins are reading those, right?
I think that they lose a lot when they disallow users to selectively install (or roll-back) updates
I think we've lost more in the relentless pursuit of backwards-compatibility with obsolete (and arguably broken-by-design) equipment.
* Perhaps not surprisingly, the worst offender I can name for using undocumented APIs has been Microsoft for most of the last two decades. Recently, they've improved somewhat with the push to make their APIs accessible to PowerShell (and therefore documented and public), but that's a rant in itself.
Slashdot Mirror
"Five nines" of accuracy still means an error of up to 3,000 votes, which is more than the deciding margin in the 2000 presidential elections.
I'm not going to debate most of your opinions, but...
The info source does not matter.
No, no, no, no, no, no, no.
The source absolutely matters, especially considering the recent fad of leaking classified documents under the guise of "whistleblowing". Due to the classified nature of the information, there usually can be no official explanation beyond what is leaked. This means that the leaker has absolute editorial control over what can be discussed, and by exercising that control can manupilate public perception. Since nobody else can offer a rebuttal, the deception can last for decades.
Consider the well-known ethics thought experiment of a runaway railroad trolley heading towards five people tied to the track. You stand at a switch with the ability to divert the trolley to a different track, but there is one person standing on that path.
Depending on the circumstances involved, a wide variety of ethical outcomes may be selected. Sometimes it's considered more ethical to do nothing, and remain innocent. Sometimes it's considered more ethical to kill one person rather than five, and save a net of four lives. Sometimes less-conventional solutions are proposed, like sacrificing yourself to try to stop the trolley.
The perception of ethics also changes when more circumstances are known. If the one person on the other track is the villain who tied up the other five, he is almost universally chosen to die instead. If he's an innocent child, he's usually chosen to live in preference to five elderly people.
The circumstances matter, and selecting which circumstances the audience does or does not know means the ethical perception of the issue can also be selected. This was seen directly in the "Collateral Murder" video, where WikiLeaks made extensive use of editing to minimize the evidence that the targets were hostile, and emphasizing the evidence that they were innocent. They also edited around the protocols used to confirm a target, and intentionally made no acknowledgement of the fog of war, letting the viewers know from the beginning that the victims were innocent.
Even if the original footage were unclassified ("honestly and transparently", as you put it), a full understanding of events requires an expert's knowledge. As we've seen from other cases where official full reports were released, they're usually ignored because they don't agree with the earlier biased reports released to the public.
Always consider the source for all information, and consider any bias they may have. The more outrageous the scandal, the more incentive there is to editorialize it, or even to outright fabricate the information. Even if the US government were fully transparent, it would always be possible to claim that there is some secret agency (or department, or program, or person) that isn't transparent, and exists to do all of the distasteful things the rest of the government can't do.
The problem is that every solution that is 99.9% perfect in testing will still be wrong up to 3 million times in a national election.
That's a good thing. As the President of the United States, Mr. Obama is supposed to be mocked. He is supposed to be the butt of jokes, and everything he does is supposed to be criticized just like anyone else would be. Per the First Amendment, every American citizen's right to mock the President (and everyone else, for that matter) is protected to within reasonable limits. That's why he's still just Mister Obama, and not the Almighty Honorable Supreme Commander President Barack Hussein Obama.
We have elected him to lead the people, but he is still one of the people, and his basic legal protection is the same as the rest of the people.
That's my problem.... I'm usually pretty quick to dismiss conspiracy theories, for the same reason that I'm quick to dismiss WikiLeaks' publications. They both conveniently ignore facts that contradict their narrative, and don't have any way to disprove the allegations.
Unfortunately, this is a conspiracy theory that actually seems to hold water. WikiLeaks has held a heavy anti-America bias since its founding... Trump's candidacy has always been aligned contrary to recent American policies, and friendly to Russia... Attacking foreign governments is a pretty standard practice for all governments... ...and there isn't really much more than that, either for or against the conspiracy.
At this point, it's reasonably possible that WikiLeaks has been a pawn manipulated by Russia to help get a Russia-friendly POTUS, whether willingly or not. It's also possible that WikiLeaks is acting entirely independently of any government's involvement, serving their own ends. There's just not enough evidence to rule out either option.
The legislature already passed the laws granting power to the Executive branch. Those laws were written loosely enough that the Executive branch can determine their own policies, and that's what's happening here.
One of the reasons for having an immigration policy is so that the government-provided services don't get overwhelmed, as seems to be a major fear in Europe with the Syrian refugees. To that end, only a certain number of immigrants are allowed in, to reduce the shock to those services. A wealthy foreigner is less likely to have a large burden on those services, and by spending money in the US and paying taxes to the US governments, may even contribute more than they cost.
It's not fair, and it assumes a large number of variables, but it's not necessarily wrong.
There are certainly easier places, with far less regulation. In some cases, if you have a sign, you have a legal company.
That said, those places aren't "better", because your suppliers and customers are also little more than signs and promises. If a supplier takes your money and disappears, you have no recourse. If an engineer copies your trade secrets and starts his own competing business, the law doesn't protect you.
Every restriction exists because someone abused the system at least once already.
The key is to find the people who aren't looking for anything, and show them logic first. Then when the quacks come talking about mind control and weather engineering, it sounds as absurd as it really is.
An added bonus is that there's always that one kid who asks "Why not?". We hope that he goes on to do real science in the field of weather or psychology, advancing the state of the art.
I think you missed my point.
Yes, there were standards without Microsoft. There were a lot of them, usually competing and incompatible. Sure, they were open, but vendors still usually picked one based on their own technical preferences, leaving a lot of work to actually achieve interoperability between systems who chose competing standards. Lots of jobs for the programmers writing interface layers, but utter crap for actually making progress.
Microsoft's monopoly forced everyone's hand. Microsoft's way was rarely (if ever) the best way, but it was a clear and well-trodden path, and anyone doing things Microsoft's way could have a reasonable chance that others would follow suit.
The system itself worked correctly, as the containment system properly contained the leak. The problem is that the "seemingly harmless" substitution wouldn't have appeared harmless to an engineer who knew what was going on, but the person who made the substitution didn't understand the requirements for the part he was substituting.
When I worked on government computers, I often saw similar problems. The developers would specify certain hardware requirements, but over the life of a program, as equipment went obsolete, other people would make substitutions based on the specs of the old part. After a few years, the same software was running on high-end components, at only about 1% utilization. Nobody ever wanted to be the guy who made the system less capable, even though the lower-end hardware would have cost far less.
He might very well have created Microsoft, then abandoned it when the maximum he could get from it was approaching $10 billion.
Without Microsoft having continued so far, computing would be very different today. If Microsoft had stagnated (Anti-Microsoft jokes elsewhere, please) with Windows 95, and left computing to newer upstarts, I expect we wouldn't have anywhere near the compatibility and interoperability we have today. Even among non-Microsoft OSes, interoperability is a mandatory feature. In contrast, I'm reminded of the pre-Windows days where particular software was written for a particular system, and that was it. Now, we have OpenOffice, Wine, and Samba, all from different projects united in the goal of slaying the Microsoft beast.
Microsoft is certainly no longer the only option, but computing environments are all still affected by Microsoft's legacy. I detest Microsoft's monopoly as much as anybody, but I think the cohesion that came out of it is a good thing, overall.
Back to the point, that's one of the philosophies of capitalism: The more people work (economically, meaning an investment of labor, capital, or advice), the more they should make. Artificially limiting the return on investment disincentivizes the amount of work they will do, which in turn reduces the efficiency of the economy. Limiting Gates' return on his Microsoft investment would very likely have also limited how much he invested in Microsoft, and in effect also limited what Microsoft could contribute to the economy. Sure, Gates would be less wealthy... but so would most others who have been employed by the company.
This assumes, of course, that Gates wouldn't have just continued investing anyway. He seems like he's trying to be a nice guy, outside of business, so perhaps he would have just let Microsoft keep growing, regardless of its return. That's a fundamental difference between capitalism and communism: Communism assumes that all people are good-hearted helpful folks contributing to the welfare of society, and capitalism assumes that everyone is a greedy selfish individual who won't do anything without getting paid. Neither assumption is wholly correct, which is why thought experiments like this one are rather useless at predicting a person's behavior.
Maybe that's the problem... The demographic is old enough to fit the "cranky old man" role, but not enough to be the "wise old man".
There's a point where things change just as soon as you get it figured out, and that's a jarring and uncomfortable time. There's also a point where that's happened too many times already, and you just don't care any more.
There are already the usual anti-systemd flames and complaints about how it's absorbing ever more functionality.
As for the server itself, that is roughly the current plan. The devil's in the details, though, when it comes to handling errors in detecting the network configuration and mounting the remote filesystems. For example, as node A initializes, it should try to connect to (and mount) nodes B, C, and D, but if a node is down, the other node connections should function normally until the missing node returns, at which time that connection should be established and the data synchronized among the nodes.
Writing standard scripts to handle the process isn't an intractable problem, but it'd be much simpler with a more robust environment. I'm curious (and a bit hopeful) to see whether systemd can provide the necessary functionality without extensive custom scripting.
Nowhere in your post did you even mention the telemetry that everyone else is complaining about.
Why should I? That's a popular topic for discussion elsewhere under this story, but not in this thread.
Personally I find the objection to telemetry to be ridiculous, as it's based on the paradoxical trust in Microsoft's software, but not Microsoft's corporate governance. Frankly, if Microsoft was intending to do something nefarious, they wouldn't label it "telemetry" in the changelog. If a government wanted to spy on you, they wouldn't seek Microsoft's overt help. On the other hand, if you want your systems to improve based on the collective experiences of others, data collection is essentially necessary now. Better controls would be nice, but that just opens the door to still more paranoia.
You conveniently avoid it at all that microsoft has lied [w]hen they called somethnig a security update and it was actually spyware/telemetry.
Why not both? Offhand, a good example of this would be the SmartScreen filtering. To a security-focused person like me, having a hash check on files from the Internet is a good thing, because it's an additional layer of defense against malware, and that's worth the incredibly-minor loss of privacy. To a more paranoid observer, any usage information sent to Microsoft is spying for ulterior motives, and the loss of privacy is unforgivable, no matter the possible security improvements.
So either you are having a different conversation that the rest of the people here or you are trying to spin somethnig.
There's a third option that you're neglecting to acknowledge: that the conversation isn't as one-sided as you seem to prefer. My motivations are apparently different from yours. I prefer system security over user preferences, while you appear to prefer privacy over data-driven management. As a result of those different preferences, we want different things from the same product.
Ive seen many shills come through here and not a single one has ever admitted to it. Not saying you are but circumstantial evidence is pretty compelling.
Alternatively, you've seen people with different perspectives, and you stubbornly refuse to believe that they might know a bit better than you. Not saying you're an ignorant buffoon, but the circumstantial evidence is pretty compelling.
Mockery and derision aside, you should go look through my comment history. Some of the more scathing anti-Microsoft posts are rather far back, but they're there. As far as "circumstantial evidence" goes, I suspect you're looking at this one single opinion on one single issue, and using that to infer my opinions on all matters. You don't even know my circumstances at all.
Yep. That won't stop the hivemind from shouting against it, though. According to Slashdotters, everything must be done as it's always been done, regardless of any externalities.
Meanwhile, I have a server (based on an ugly inherited design) that has to figure out its remote filesystems based on the network structure, as determined by a user-run script. The process I inherited was to boot the server, run the script, then mount the filesystems it reported needing. Then and only then could the main daemon be started manually.
Fuck that.
An upcoming rework will automate the process with scripts, but it seems like the sort of thing that falls right in systemd's wheelhouse. Systemd's goal is to start the system services, which would reasonably include my daemon. It therefore also seems reasonable that systemd could have access to mounting functions, to ensure the system is ready to start that daemon.
1. Promises != reality. Their patch engine is broken if it can't scale from a machine up to date 24hours ago to fresh RTM installs.
I never mentioned scaling. What doesn't scale is the idea of testing a factorial number of patch combinations.
2. End users don't have a "support rep".
Actually, they can. Microsoft has online and phone support for end users. Companies do have more thorough (and more expensive) options, but most users have options as well.
most of these policies became SOP because of these inherent flaws in windows going back to the 90s. If patching isn't going to help this, then what's the point of patching at all? Assuming the machines are admin'd properly (users not running as admin should be enough for sane systems), such malware would have to abuse vulnerabilities to escalate.
Patches are still a last line of defense. The first defense should be a firewall/proxy to stop threats from reaching your users. Then your users should be educated, preventing the malware from being executed. Then you have antivirus and active scanning to prevent the malware from doing anything bad, followed by restricted admin rights to reduce the damage the malware can cause. Then finally, you have patches, which prevent malware from working around the admin restrictions and permission checks that are already designed into the system.
Yes, yes... I disagree with the hivemind, so I must be a shill. I've danced that tune before, and since you can't form an argument apart from a personal attack, I am forced to conclude you are an imbecile. Take that however you wish.
Then you raise a complaint through the official channels, and Microsoft fixes it... Which is exactly what's happening right now.
If Ford promised to replace your tires when they wear out, don't complain if the standard tires don't fit your aftermarket wheels.
From the stories I heard working in defense, airframes still can't match pilots. An aircraft on a mission may need to execute some spectacular maneuvers, and the pilot can often survive quite well, especially with active flight suits. However, the airframe is still damaged by the maneuver, and might not be usable again.
Unless that other nation-state also has nuclear weapons, or a stealth-heavy navy that's hard to successfully target, or guerilla fighters and false-flag agents operating in other nations, or cyberwar capabilities that can't be quickly and reliably traced to their nation of origin.
The war could last for years, even with nukes, as the participants play a game of chicken, trying to make the other guy be the bad guy first.
A quick check of my WSUS server (covering Win7, Server 2012, Server 2012 R2, and Office 2013) shows 6600 updates.
Good luck.
As a sysadmin for mixed Windows/Linux environments with strict patching policies, here's what I expect:
#1 What if I install a brand new copy of Win7 (either because of a wipe and reinstall, or brand new install) I can't get updates at all because it won't have the current update?
The current update will be pushed automatically from the Windows Update server. Like you do now, you'll install vanilla Windows, and tell it to check for updates, and it will download the latest monthly patch. That patch will just include the fixes from previous months.
Think of it as being very similar to how most Linux distros handle package updates. Only the latest versions are automatically pulled. Older versions may still be available, but they won't be delivered by default.
Can you put, on paper, that your once a month update will not totally bork the windows system it's used on, and if I have to reinstall it, do I have to accept this bad update /again/ or else not have any updates at all?
I expect Microsoft will promise, once a month, that the updates won't break anything too badly, or they'll fix it real soon. I'd estimate 99.99% of patch installations are harmless. On the rare chance you happen to have a hardware configuration that doesn't work, there are already channels (through your MS support rep) to properly report it and get a fix.
If an update works fine except that it makes your fine-tuned software configuration need a bit more configuration, that's your problem.
Meanwhile, if you do have a problem with a particular fix, I expect that previous monthly patches will be available for download and manual installation, just like current superseded patches.
This year I had to clean out systems 30 times because of malware
Roughly one infection every 12 days? I don't think patching is going to help you. At that rate, I'd be suspicious of your users. Do they have any admin capability? Is software controlled? Do you forbid personal devices from touching company networks? Do you run a firewall and proxy to restrict web access? Do you monitor those things to make sure they're actually doing their job?
Patching workstations can only reduce your attack surface, but it cannot cure user stupidity. There are always users who will execute email attachments, or download "free new emoticons" or plug their phone into every available USB port.
I'll stick with linux, thank you.
I'm inclined to agree, but let's not get complacent. Just because Linux isn't under as heavy an attack doesn't mean it isn't also vulnerable. My favorite exploit happens to be a Linux-based permission elevation.
they are saying - that none of their users are smart enough to pick and choose which updates they want
It's not an issue of being smart enough... The problem is that most users who say "I will pick my own updates" never actually do so. They end up picking a handful of patches to deploy, before they lose interest and stop patching altogether.
Just wait until they screw up an update and cripple a large portion of their user base - or subject their user base to significant new security vulnerabilities in the process of trying to fix an existing vulnerability.
That happens already, and it's not nearly as big a deal as it seems. The first reports come in, and the update is halted and fixed.
I find it really hard to believe that their testing process is comprehensive enough to cover all hardware and software configurations
Believe what you will, but testing doesn't actually need to cover all configurations. Compatibility needs to be tested thoroughly according to documented interfaces, and as long as those documented interfaces don't change, it's not Microsoft's fault if something breaks. If your webcam driver relies on some undocumented quirk, and that changes, then the onus is on the webcam vendor to release a driver that follows better practices.
This is 2016, not 1970. Your user applications don't need to have direct access to the hardware, not even "for better performance", just like your software doesn't actually need administrator privileges, not even "to access shared data". APIs are complete enough that you can do what you need following the defined and documented interfaces, without concern for the implementation behind them. If software vendors* would aim for "sustainable" more than "clever", 90% of Microsoft's problematic patches wouldn't have been problems.
The other 10% are times when Microsoft changes functionality, like a recent patch where the details of Group Policy filtering changed. Those details are reported in the bulletins released with each patch... and of course your sysadmins are reading those, right?
I think that they lose a lot when they disallow users to selectively install (or roll-back) updates
I think we've lost more in the relentless pursuit of backwards-compatibility with obsolete (and arguably broken-by-design) equipment.
* Perhaps not surprisingly, the worst offender I can name for using undocumented APIs has been Microsoft for most of the last two decades. Recently, they've improved somewhat with the push to make their APIs accessible to PowerShell (and therefore documented and public), but that's a rant in itself.