First, it is the manufacturer who packages the stuff, not the retailer.
Second, if you want to be treated better as a customer, shop at a better store. If you are getting your receipt checked at the door, you are shopping somewhere whose main claim is that they are cheap. One of the ways they get so cheap is by minimizing shrinkage. Another is by paying a low wage, getting poorly motivated employees. You are the one making the determination 'get it cheap' or 'be treated well'.
Finally, the 'checking your receipt at the door' is not necessarily that they don't trust the customer, it is that they don't trust the cashier. I have had my receipt checked (Sam's club) and there was an item in my cart not on the receipt. They did nothing do me, didn't even ask a single question. Just said 'have a nice day', and didn't make me pay for the item. But the checker did make a note of who the cashier was.
Yeah, I told you why they (computer manufacturers) picked other CPUs - so they don't have to develop their own. If you have on one hand an architecture for which someone will sell you a processor, and on the other hand an architecture (no matter the merits of that architecture) where you have to develop your OWN processor (and probably pay royalties on it anyway), which are you going to pick? That has absolutely NOTHING to do with the merits of the architecture.
On the other hand, if you are a processor manufacturer, which would you rather do? Implement someone else's instruction set, so they get to set your direction, or make up your own, so you get to set your own direction? Of course, while designing your architecture you would probably look at other architectures and discard all the stuff from 'bad' and 'expensive' architectures. Which is why today almost all processors are 6-bit-byte machines with 15 bit words (word addressable only), the instruction set changes depending on the performance of the processor, the I/O also changes with each processor iteration, have no cache, have no concept of supervisor/problem states, and their 'virtual memory' involves swapping out/in ALL of real memory on every task switch (due to the lack of DAT and all the complexities that adds).
Oh, and in case you have the mistaken belief that a complex instruction set means a more complicated chip, you are wrong there also. All of the complex stuff is done in microcode, another 'bad' architecture from IBM.
Please provide a list of 'full compromises' involving systems certified at EAL5 or higher.
Uh, yeah, z/Architecture is 'pretty bad'. I mean, it's not like it has continued evolving for almost 50 years, while at the same time never requiring a single user to rewrite, port, or even recompile any application. Try not to be so stupid. Nobody 'rejected' IBMs architecture, they just find it cheaper and easier to buy someone else's chip instead of designing their own around zArchitecture (IBM does not sell those chips to anyone else). Take a look at any modern computer, remove all of IBMs 'bad architecture' decisions from it, and see what you have left. Start with the idea of an 'instruction set architecture' that stays constant across models and generations. Then move on to the architecture of I/O being independent of the processor, so that the same I/O devices can be used on different models and generations. Oh, and let's not forget other minor details like cache. And 8-bit bytes. And 32-bit words. And byte-addressable memory. And DAT. Yep, those minor architecture issues sure were rejected by everyone except IBM.
EAL5 does not say or imply that there are no bugs. EAL5 says that specific international standards were followed in the design and implementation. Suse and Red Hat enterprise Linux have been certified at EAL4, as has Windows 7 and Windows XP.
No, what a developer says is not a great metric of system security. Much better to have an independent metric of security (such as EAL). However, when the developers 'we hope it is secure' statement is the ONLY metric of security assurance you have, there is nothing else to use.
Ah, yes, 'the stone age of computing'. Everything that old MUST be worse than new stuff, right? Let's do a little comparison, shall we (remember, you are the one who made the statement 'achieve the same thing')?
What, exactly, can you do with it? LPAR - run any OS (z/VM, z/OS, z/VSE, Linux, OpenSolaris) that can run on z/Architecture. VServer - run Linux, and only Linux.
What are the security statements for each? LPAR - certified EAL5, worldwide. VServer - 'we hope it's secure' (from the Vserver FAQ).
How isolated are the guests from each other and the host? LPAR - 100% isolation, see EAL5 statement. VServer - FAQ has all sorts of things like a guest being able to take down not only it's own network, but the networks of the host and other guests. Also has tips on how to configure things so guests and the host don't clash. In other words, not very isolated at all.
Is there any difference between running native and running as a guest? LPAR - no. VServer - FAQ has various tips on configuring programs, as well as a list of 'problematic programs', so yes, there is a difference.
There are many other differences also. Not one of those differences provides any sort of advantage to host partitioning.
If LPAR and its' ilk are 'stone age', host partitioning is mired firmly in the Jurassic.
What do you plan to do when your voters want something impossible or utterly disastrous for the state, such as lowering taxes and raising spending at the same time?
If you are a mere puppet of the polls, and never use your own judgement or have the courage to take an unpopular position, what value are you providing to your constituents?
Very simple. It is your (the employee) responsibility to protect data you are trusted with. These rules are in place to make sure you understand that some things are not considered secure by IBM. If you use those services anyway, and information leaks out because of it, YOU are personally responsible and will be fired and/or have legal action taken against you.
That is complete nonsense. They are saying no such thing. They are saying they have a problem with SERVICES that provide absolutely no guarantee of data security, zero auditability, crappy terms of service that basically say 'we can do whatever we want with your data', etc. None of that has anything to do with any IBM hardware or software.
If IBM was saying "Don't use IBM cloud services" then you would have a point. They are not saying anything close to that.
IBM does not hate "the cloud". IBM does not want its own data stored on services that do not have contracts stating exactly how that data may be accessed and by whom, and with no penalties for intentional or inadvertent disclosure of that data.
You are missing the point. This is just part of a policy for protection of internal assets. "Don't put confidential data where outsiders can get to it" is a perfectly reasonable policy. Implementing that policy means rules like "no data on DropBox" and "no confidential data on internet-facing servers" and "no services on internet-facing servers that would allow access to the internal network". Having been informed of those rules, if information is leaked because you violated the rules, you will be held personally responsible (fired and/or sued).
Of course it is always possible that some dope will intentionally leak information. These rules are not about that. These rules are in place to so people don't make faulty assumptions about what is secure and what is not.
IBM has been providing 'cloud' services for more than 50 years. They just don't call it that. Originally it was 'service bureaus', where company could rent time on IBM systems. Now it is more of IBM running all of a companies IT operations.
I don't think anybody, musician or otherwise, thinks that simply making a recording is going to make money. However, it seems like a lot of people, including you, want a completely one-sided relationship. You want the situation to be that a musician only makes money by playing live, but meanwhile you are not restricted to only listening to their live performance. How is that in any way fair? If you want to be able to listen to any song at any time, why shouldn't the people who created that song benefit from it?
Uh, we have such a system right now. Any janitor, plumber, or bus driver can name their own price. If they set the price too high they might not get any business. On the other hand, if you do not pay the price you don't get to ride their bus. On the other hand, with music you can wind up with literally millions of people who want your product, use your product, but find any excuse possible to not pay you for your product.
If you read the interview, IBM is already giving 40000 employees Blackberrys. But there are 80000 other people who want to use their own devices. Being able to use your own device has advantages for both the employee and the company. The most obvious benefit to the employee is that they only have to carry one device. Sure, some people may be satisfied with a Blackberry, but many others will want something else, and if Blackberry is the only choice then they must carry two devices. If you have two devices, the one that will be always carried will probably not be the corporate one, so the company loses the 'always connected' benefit. And for the company, they get that 'never away from your corporate email' benefit without having to pay for another device.
There is absolutely no reason for the cashier to even look at what the register says. If they got the beep, the item scanned correctly. If it scanned correctly, there are only a few options: the price is correct (%99 of the time), the price is too high (the customer will complain and get directed to customer service), or the price is too low. If the price is too low there are two options: the store made an error (most places have a law that requires the store to honor the scanned price), or the customer is committing fraud.
It is far more important to the store that they keep the lines moving (stopped/slow lines really piss off customers) as opposed to the cashier stopping the line and accusing the customer of fraud.
Not really. The problem with a camera is not that it is a camera, it is that it can leak information. So you could take the approach 'no cameras allowed on property', but that would mean nobody could have a cell phone - not very popular. So instead you take the approach 'you can have a camera, but don't take pictures'. Same thing with other devices - the problem is not that they exist, it is that they can leak information. So you develop policies that allow the devices and all the benefits they provide, while at the same time preventing the leakage of information. This is especially important in a company that prides itself on innovation - the last thing you want to do is seem like a stodgy old company that is afraid to do anything different.
No, the responses are the same. Both cases are about preventing unintended leakage of information, while not being so heavy-handed as to ban a useful tool (business lunches and smart phones). They are much more concerned with the leakage of information from something as seemingly innocuous as 'siri, make a note' than they are with asking Siri how to do your job.
It is just a different attitude. IBM's attitude is 'you are a trusted professional, you are responsible for protecting information you have, and we have policies to help you with that'. Your attitude is 'you are not trusted, only the IT department can be trusted with protecting our assets.'
Watson did NOT have speech recognition for the Jeopardy game (although it gave it's answers as speech). Watson has nothing to do with speech recognition at all.
Let me guess, you didn't read TFA, and you sure as hell didn't read the interview referred to in TFA. The interview was about the challenges of allowing people to use their own devices for business use. The 'clueless' CIO (not CEO) was talking about ALL of the security challenges that causes, and one of the EXAMPLES she gave was Siri.
What is wrong with that? People want to use their own devices, IBM wants to protect its information. IBM also has other rules like 'you can have lunch with colleagues in a restaurant, but don't discuss IBM confidential stuff while you're there.' What exactly is the problem?
Siri can be used for more than search. You can use it just to dictate a little note to yourself. So a little note like 'remember to bring docs on project x to meeting with customer y' is now in the hands of Apple, who is free to use that data however they want.
Siri can be used for stuff other than search. If you dictate an email using Siri, Apple now has your email, and not in a secure email system, but somewhere they can access it for their own purposes (like maybe providing answers to someone else's queries).
Or maybe the fact that Apple knows WHO is doing the queries, and also that Siri collects a bunch of other stuff like names from your address book and 'other unspecified user data' makes it MUCH less secure.
Slashdot Mirror
First, it is the manufacturer who packages the stuff, not the retailer.
Second, if you want to be treated better as a customer, shop at a better store. If you are getting your receipt checked at the door, you are shopping somewhere whose main claim is that they are cheap. One of the ways they get so cheap is by minimizing shrinkage. Another is by paying a low wage, getting poorly motivated employees. You are the one making the determination 'get it cheap' or 'be treated well'.
Finally, the 'checking your receipt at the door' is not necessarily that they don't trust the customer, it is that they don't trust the cashier. I have had my receipt checked (Sam's club) and there was an item in my cart not on the receipt. They did nothing do me, didn't even ask a single question. Just said 'have a nice day', and didn't make me pay for the item. But the checker did make a note of who the cashier was.
Yeah, I told you why they (computer manufacturers) picked other CPUs - so they don't have to develop their own. If you have on one hand an architecture for which someone will sell you a processor, and on the other hand an architecture (no matter the merits of that architecture) where you have to develop your OWN processor (and probably pay royalties on it anyway), which are you going to pick? That has absolutely NOTHING to do with the merits of the architecture.
On the other hand, if you are a processor manufacturer, which would you rather do? Implement someone else's instruction set, so they get to set your direction, or make up your own, so you get to set your own direction? Of course, while designing your architecture you would probably look at other architectures and discard all the stuff from 'bad' and 'expensive' architectures. Which is why today almost all processors are 6-bit-byte machines with 15 bit words (word addressable only), the instruction set changes depending on the performance of the processor, the I/O also changes with each processor iteration, have no cache, have no concept of supervisor/problem states, and their 'virtual memory' involves swapping out/in ALL of real memory on every task switch (due to the lack of DAT and all the complexities that adds).
Oh, and in case you have the mistaken belief that a complex instruction set means a more complicated chip, you are wrong there also. All of the complex stuff is done in microcode, another 'bad' architecture from IBM.
Please provide a list of 'full compromises' involving systems certified at EAL5 or higher.
Uh, yeah, z/Architecture is 'pretty bad'. I mean, it's not like it has continued evolving for almost 50 years, while at the same time never requiring a single user to rewrite, port, or even recompile any application. Try not to be so stupid. Nobody 'rejected' IBMs architecture, they just find it cheaper and easier to buy someone else's chip instead of designing their own around zArchitecture (IBM does not sell those chips to anyone else). Take a look at any modern computer, remove all of IBMs 'bad architecture' decisions from it, and see what you have left. Start with the idea of an 'instruction set architecture' that stays constant across models and generations. Then move on to the architecture of I/O being independent of the processor, so that the same I/O devices can be used on different models and generations. Oh, and let's not forget other minor details like cache. And 8-bit bytes. And 32-bit words. And byte-addressable memory. And DAT. Yep, those minor architecture issues sure were rejected by everyone except IBM.
EAL5 does not say or imply that there are no bugs. EAL5 says that specific international standards were followed in the design and implementation. Suse and Red Hat enterprise Linux have been certified at EAL4, as has Windows 7 and Windows XP.
No, what a developer says is not a great metric of system security. Much better to have an independent metric of security (such as EAL). However, when the developers 'we hope it is secure' statement is the ONLY metric of security assurance you have, there is nothing else to use.
Ah, yes, 'the stone age of computing'. Everything that old MUST be worse than new stuff, right? Let's do a little comparison, shall we (remember, you are the one who made the statement 'achieve the same thing')?
What, exactly, can you do with it? LPAR - run any OS (z/VM, z/OS, z/VSE, Linux, OpenSolaris) that can run on z/Architecture. VServer - run Linux, and only Linux.
What are the security statements for each? LPAR - certified EAL5, worldwide. VServer - 'we hope it's secure' (from the Vserver FAQ).
How isolated are the guests from each other and the host? LPAR - 100% isolation, see EAL5 statement. VServer - FAQ has all sorts of things like a guest being able to take down not only it's own network, but the networks of the host and other guests. Also has tips on how to configure things so guests and the host don't clash. In other words, not very isolated at all.
Is there any difference between running native and running as a guest? LPAR - no. VServer - FAQ has various tips on configuring programs, as well as a list of 'problematic programs', so yes, there is a difference.
There are many other differences also. Not one of those differences provides any sort of advantage to host partitioning.
If LPAR and its' ilk are 'stone age', host partitioning is mired firmly in the Jurassic.
You clearly have no idea what you are talking about if you think things like LPARs have no place in a production environment.
What do you plan to do when your voters want something impossible or utterly disastrous for the state, such as lowering taxes and raising spending at the same time?
If you are a mere puppet of the polls, and never use your own judgement or have the courage to take an unpopular position, what value are you providing to your constituents?
Very simple. It is your (the employee) responsibility to protect data you are trusted with. These rules are in place to make sure you understand that some things are not considered secure by IBM. If you use those services anyway, and information leaks out because of it, YOU are personally responsible and will be fired and/or have legal action taken against you.
That is complete nonsense. They are saying no such thing. They are saying they have a problem with SERVICES that provide absolutely no guarantee of data security, zero auditability, crappy terms of service that basically say 'we can do whatever we want with your data', etc. None of that has anything to do with any IBM hardware or software.
If IBM was saying "Don't use IBM cloud services" then you would have a point. They are not saying anything close to that.
IBM does not hate "the cloud". IBM does not want its own data stored on services that do not have contracts stating exactly how that data may be accessed and by whom, and with no penalties for intentional or inadvertent disclosure of that data.
You are missing the point. This is just part of a policy for protection of internal assets. "Don't put confidential data where outsiders can get to it" is a perfectly reasonable policy. Implementing that policy means rules like "no data on DropBox" and "no confidential data on internet-facing servers" and "no services on internet-facing servers that would allow access to the internal network". Having been informed of those rules, if information is leaked because you violated the rules, you will be held personally responsible (fired and/or sued).
Of course it is always possible that some dope will intentionally leak information. These rules are not about that. These rules are in place to so people don't make faulty assumptions about what is secure and what is not.
IBM has been providing 'cloud' services for more than 50 years. They just don't call it that. Originally it was 'service bureaus', where company could rent time on IBM systems. Now it is more of IBM running all of a companies IT operations.
I don't think anybody, musician or otherwise, thinks that simply making a recording is going to make money. However, it seems like a lot of people, including you, want a completely one-sided relationship. You want the situation to be that a musician only makes money by playing live, but meanwhile you are not restricted to only listening to their live performance. How is that in any way fair? If you want to be able to listen to any song at any time, why shouldn't the people who created that song benefit from it?
Uh, we have such a system right now. Any janitor, plumber, or bus driver can name their own price. If they set the price too high they might not get any business. On the other hand, if you do not pay the price you don't get to ride their bus. On the other hand, with music you can wind up with literally millions of people who want your product, use your product, but find any excuse possible to not pay you for your product.
If you read the interview, IBM is already giving 40000 employees Blackberrys. But there are 80000 other people who want to use their own devices. Being able to use your own device has advantages for both the employee and the company. The most obvious benefit to the employee is that they only have to carry one device. Sure, some people may be satisfied with a Blackberry, but many others will want something else, and if Blackberry is the only choice then they must carry two devices. If you have two devices, the one that will be always carried will probably not be the corporate one, so the company loses the 'always connected' benefit. And for the company, they get that 'never away from your corporate email' benefit without having to pay for another device.
There is absolutely no reason for the cashier to even look at what the register says. If they got the beep, the item scanned correctly. If it scanned correctly, there are only a few options: the price is correct (%99 of the time), the price is too high (the customer will complain and get directed to customer service), or the price is too low. If the price is too low there are two options: the store made an error (most places have a law that requires the store to honor the scanned price), or the customer is committing fraud.
It is far more important to the store that they keep the lines moving (stopped/slow lines really piss off customers) as opposed to the cashier stopping the line and accusing the customer of fraud.
Not really. The problem with a camera is not that it is a camera, it is that it can leak information. So you could take the approach 'no cameras allowed on property', but that would mean nobody could have a cell phone - not very popular. So instead you take the approach 'you can have a camera, but don't take pictures'. Same thing with other devices - the problem is not that they exist, it is that they can leak information. So you develop policies that allow the devices and all the benefits they provide, while at the same time preventing the leakage of information. This is especially important in a company that prides itself on innovation - the last thing you want to do is seem like a stodgy old company that is afraid to do anything different.
No, the responses are the same. Both cases are about preventing unintended leakage of information, while not being so heavy-handed as to ban a useful tool (business lunches and smart phones). They are much more concerned with the leakage of information from something as seemingly innocuous as 'siri, make a note' than they are with asking Siri how to do your job.
It is just a different attitude. IBM's attitude is 'you are a trusted professional, you are responsible for protecting information you have, and we have policies to help you with that'. Your attitude is 'you are not trusted, only the IT department can be trusted with protecting our assets.'
Watson did NOT have speech recognition for the Jeopardy game (although it gave it's answers as speech). Watson has nothing to do with speech recognition at all.
Let me guess, you didn't read TFA, and you sure as hell didn't read the interview referred to in TFA. The interview was about the challenges of allowing people to use their own devices for business use. The 'clueless' CIO (not CEO) was talking about ALL of the security challenges that causes, and one of the EXAMPLES she gave was Siri.
What is wrong with that? People want to use their own devices, IBM wants to protect its information. IBM also has other rules like 'you can have lunch with colleagues in a restaurant, but don't discuss IBM confidential stuff while you're there.' What exactly is the problem?
Siri can be used for more than search. You can use it just to dictate a little note to yourself. So a little note like 'remember to bring docs on project x to meeting with customer y' is now in the hands of Apple, who is free to use that data however they want.
Siri can be used for stuff other than search. If you dictate an email using Siri, Apple now has your email, and not in a secure email system, but somewhere they can access it for their own purposes (like maybe providing answers to someone else's queries).
Or maybe the fact that Apple knows WHO is doing the queries, and also that Siri collects a bunch of other stuff like names from your address book and 'other unspecified user data' makes it MUCH less secure.