I have to say, I'm always surprised that people complain about Betamax tape length. I had both 3 and 4 hour tapes and I expect that if Sony had continue development, I would have had LP and even EP modes. Whilst I do realize that very early on there was a length issue, this was not the case for most of the life of the product.
I think by then it was too late, VHS market momentum was too great - economy of scale and content support. Recording/play time was clearly a major difference between the standards in crucial momentum building phase. VHS had 2 hours, Betamax had only 1 hour. I remember many of us having 120 minute VHS (later 240m) and a few having 60 minute Betamax (later 120m) at the time home video recording really took off (also, first Betamax half speed long play alternatives reduced the image quality advantage)
With respect to VHS being 'open', that wasn't the case either. I'm pretty certain that every VHS recorder sold included a license back to JVC.
Not according to Wikipedia. From http://en.wikipedia.org/wiki/VHS: "JVC believed that an open standard, with the format shared among competitors without licensing the technology, was better for the consumer. ". If this is wrong and there was a need for some form of licensing it was clearly very broadly and cheaply offered.
Interesting comparison, depending on what you mean by it. As someone there at the time, I think it is a myth that Betamax was a better product. It had somewhat better image quality, yes. But a video recorder that couldn't tape a full movie without you returning home from your dinner to turn the tape before leaving again is not a superior home video technology. Depending on whether you are positive or negative to Apple, this could be interpreted as "typical Apple, you are using it wrong" or very unlike the user-friendly Apple user experience.
Another reason VHS won is more directly similar to Apple vs Android. VHS won because it was an open standard a myriad of manufactors freely adopted, Betamax wasn't - it was controlled and licensed at significant cost. Because of this obvious stronger consumer appeal, they got the content owners betting on them, including porn (another myth).
Fahrenheit 451 is interesting, because contrary to what many believe it wasn't really about government censorship, and the culprit in the story isn't the state, but the people, and how they embraced apathy and lack of substance with watching TV over reading books.
For one thing, they're the same thing, as an apathetic electorate tolerates this sort of censorship. For another, a work means what it means, not what its author intended it to mean. Or does the law prevent death of the author from taking effect until 70 years after the literal death of the author?
They didn't just tolerate it, they actively caused it. Turning to mindless entertainment and shortened 'factoids' (that lack substance and depth) on TV. Bradbury saw the TV as an opiate. Only after people stopped reading did the state employ firemen to burn books.
For those who missed the reference and didn't click the links, this is a reference to Fahrenheit 451.
Fahrenheit 451 is interesting, because contrary to what many believe it wasn't really about government censorship, and the culprit in the story isn't the state, but the people, and how they embraced apathy and lack of substance with watching TV over reading books. Source:the author
Apple that everyone loved. Today they're the company that many love to hate.
Except people aren't that emotional. Apple simply produced compelling products the iPod, iPhone and iPad and many here enjoyed their computers before Apple became an electronics company. They market well, and are popular in the media (and shareholders), They are out of favour as their product lines look tired compared to the competition, and the chance of repeated success in new markets looks increasingly unlikely (iwatch, itv, iconsole), and well the share price, profits, revenues, market share, technical edge, brand value are all down.
Pretending that people are randomly emotional about mega corporations is simply weird. People on the whole buy(and respond well to companies) of products which have reasonable value and quality...marketed well, and those products are coming from Google(and their OEMs) not Apple(or Microsoft) who foolishly think their users are cattle.
For most people this is the rational way of looking at it, yes. But Apple most certainly have managed to produce a more.. fervent.. kind of supporters. That far transcends the usual fan-boys many tech companies have. If you have managed to avoid them, good for you, a few years back I found that voicing any criticism of Apple brought them out in force (and I knew a couple of them real life too). And you can often see today when the shine has come off Apple somewhat that they now think that everybody loves to hate Apple, and voice this frequently.
Gee, should I never eat again, because the food might be contaminated?
I said I fixed one instance. I didn't say I solved the entire malware problem!
Uhm.. late coming back here, but my point was that you manually fixed a symptom on this system that might (!) just be indicative of something more. I would still recommend running a good clean-boot-from-external media-based cleaner just to be sure (not the ones you mentioned, but Kaspersky perhaps, and no, I'm not a Kaspersky sales rep, their rescue disc is free).
I started with Excession some years ago, and have been working my way through the others. They've all been well worth reading. Mr. Banks death is true loss.
Yawn... I do in fact write software, and I know how long it takes to proof-test patches. That doesn't change that Microsoft has historically been incredibly sluggish at acknowledging vulnerabilities in the wild until they go public.
You did live through IE 3 and 4 right?
I did, and they knocked Netscape of the throne in all respects (seriously, IE4 was *the* best browser at the time). I don't dispute they have been sluggish. But if you know anything about large scale software QA, 3-4 weeks are nothing. That is why we used to have sensible disclosure guidelines, which this Google guy completely ignores.
Their PR shills are out in full force to try turn this into a "google is teh evil" incident.
Ah.. the new Goodwins law of Slashdot discussions. Thanks. I just also posted recommendation to use Chrome and FF over IE10, but I guess that is just part of the conspiracy.
He reported the vuln to Microsoft early March.
Any sources for this? As all articles, including the ones linked in summary here, claims he just published them directly and did not report anything to Microsoft beforehand. The March publication included.
Do you have an citation on claiming otherwise? Or are the Google PR shills out in force?/s
History tells us that telling Microsoft privately puts it on their radar for three to five years out. Disclosing publicly actually gets a patch to users.
This guy gave them 4 weeks before publishing actual exploit code (not just vulnerability info), and did not report it to Microsoft before publishing the vulnerability. To produce and, most importantly, QA a patch to the most used OS environment in the world is not trivial and takes time. Even if you want to stick it to MS, this is a big middle-finger from this Google guy to user all over the world.
This malware (which puts up the appearance of a credit/debit card and asks for all you information) calls a server in the Ukraine. It was delivered by eMail (to a naive user) and intercepts attempts to reach your financial institution via their website. It presents, after login (did they capture the login info?), a panel looking like the credit/debit card, asking for the user to fill in all information, including account number, CVC, address, and other personal information (why anyone would fill in that data is beyond me!)
After much gnashing of teeth, I discovered it was undetectable by any known virus checker I use (AVG, Malwarebytes, Spybot), so I had to dig deeper. It turned out that the malware was using any references to 127.0.0.1 (local machine) for it's hook. All I had to do was edit the HOSTS file and add the domain names of the miscreant with a reference to a different IP address that is known to be a deadend (you could, for example, use 127.7.7.7).
When the malware couldn't execute, it couldn't disable the various malware detectors, and several files were then identified and removed.
Word of caution, "this malware" is a dangerous phrase these days, as the base hidden infection is often capable of downloading completely different payloads on the fly (often as a result of an auction business not unlike Googles - it contacts servers and download highest bidder at the moment). Doing a boot from external media cleaning is highly recommended on an infected system (and periodically regardless) to avoid that the malware blocks the antimalware.
Don't use IE6. Don't use IE7. Don't Use IE8. Its 2013. Use Chrome, Firefox, or IE 10+
Install chrome, chrome://plugins/ , block automatic execution of java and flash. Make it so you need to click. Install an adblocker to reduce driveby downloads. Install noscript + ghostery if you are wearing aluminum foil on your head.
Auto install security updates. If something disables it most likely you have a virus. Keep everything up to date.
Don't install toolbars or weather apps from unknown sources.
Right now IE10 actually seems to be the browser that out of the box has the least critical vulnerabilities according to multiple reports, and kudos deserved for that, but what it unfortunately lack are the protection addons that you list - adblocker and noscript (ghostery doesn't really help much in this context). That is a big difference, and I wouldn't surf the net without it. Safe surfing and attachment habits are simply not enough anymore. There was a report recently that most infections are now coming from legitimate websites, through ads or code injection. You can't manually protect yourself against this threat, as we used to. For this reason I would not run without (the often maligned around here) always-on AV/AM-scanner. Times have changed my friends.
A better reason to ignore the torrent of mobile malware FUD being spewed by all the Windows AV vendors.
They're terrified because their business model involves being parasites bandaiding a virus ridden OS that's now failing in the market. Like fleas without a dog, hey're desperate to find a new host, but since modern mobile OSs aren't as colander-like as Windows, they're being forced further and further into snake-oil realms.
This story deserves nothing but ridicule.
I'm an Android user myself, but I think we need to be careful with this sentiment. For Mac users this kind of sentiment led to OS-X Flashback being the biggest malware epidemic in modern times in terms of percentage of user base infected. Beating Windows Conficker for this honor. Yes, the number of Windows users are obviously larger, but in terms of infection risk and infectability of a platform, percentage of user base is the right measure.
Later versions of Flashback even did completely silent drive-by infection on OS-X, no user interaction or admin password needed, just visiting a web site was enough, something many Mac users still seem to think only happen on Windows. Even Apple has admitted that Unix-based OS-X need dedicated malware detection and cleaner tools.
There is a very sophisticated multi-billion dollar malware industry out there. Android is not immune to this threat. And its volume is making it an increasingly likely target. Especially since the far majority of the Android user base is on old vulnerable versions, with added vulnerabilities from handset makers and operators, long after Google has patched vulnerabilities and improved security.
Interesting thing is that all the * exact* same arguments and dismissals was used before the Australian gun ban. After the gun ban actually lead to undeniable positive results did even the opponents admit that it was a good thing, and have now become supporters.
I just explained on the next paragraph, but I'll gladly do it again:
The public API, full featured in order to create a working app, is open to everyone who follow TOS.
The one that google uses for Android and iOS (for their own app!!!) is googles private one Google doesn't have to give access, it's their own product! So yes, their private API has more features, that's not the same as saying the public API is broken (and that doesn't allow to follow TOS as MS is saying). So.... what is it that's so difficult to understand?
So, if Microsoft Office is using a different Windows API than is available to competitors (it is their own product!), that is ok? I know this has been claimed at various point, usually as a harsh accusation, I'm asking if you think it is ok?
In fairness, there is malware on Android however I expect the risk for most people of catching it is pretty minimal. The Play market is proactively scanned and acts reactively to threats up to and including a remote kill capability. And in many cases those that do get infected have their own lack of sense to thank - installing pirated APKs, or dubious apps from untrusted sources and reaping the rewards.
Apps are not the only way in though. Web and email coupled with vulnerability exploits are obvious vectors, Bluetooth and NFC exploits have been demonstrated. I'm using an Android phone myself, but I think we are doing ourselves the same disservice Mac users did (and ended up with the biggest malware epidemic in modern times in terms of percentage of user base affected with Flashback) if we discount the malware threat to be just AV vendor marketing and not a potential real threat. Especially since such a large portion of the Android user base is on old vulnerable versions long after Google has patched vulnerabilities and improved security.
There are regulations about how different classifications of data can be moved around and stored.
When you say "classifications" you mean "Classified", etc? Ok, fair enough. I can't really imagine a situation where I'd be asked to carry those around in my own phone, though.
You can have things on your phone that you can't have in a briefcase in your car.
I'm hard pressed to imagine what I could have on my phone that couldn't be in a thumbdrive in my breifcase.
And there is more opportunity for a phone to be lost or stolen.
Seeing as I can remote wipe my own phone, and would if it were lost or stolen that seems moot. The unique security risk with a BYOD phone vs a corporate issued unit would be that when I leave the company I take data I shouldn't take.
"Classified" data are hardly suited for a normal BYOD scenario, but there are other types of data that can be regulated how the company need to handle, like customer and user data, information about sales/potential sales/deals, etc. You are right that if you copy company data to an USB drive that can be accessible for others, that is a security risk too, which is why device management that includes control over USB usage is growing rapidly. But another risk with the BYOD phone that a USB stick doesn't have, is how easily it can leak all the company information to highly insecure consumer cloud services (something an unmanaged PC can do as well of course).
I expect to get the living hell modded out of me when I say the iPhone has been a secure platform for BYOD for awhile now (I don't remember if it's the 3GS or 4 where security was tightened up). Besides the Configurator, something as humble as ActiveSync can manage them. Same goes for many of the latest Android devices. The point is it's easy to natively get strong security on a mobile device. How good it meets your needs depends on your needs.
If you let company admin access to lock and wipe your device, control what apps you install and use - like fx very insecure data-syncing services like icloud/dropbox, etc. then it is not really your personal BYOD device anymore, it is a company device. If you don't have this, the device is not company secure (it doesn't help enforcing local device encryption and password policies to prevent access to company data if you are leaking same company data to highly insecure consumer cloud services or in other ways setting up and using your phone in an insecure way).
As several others have said on the thread already, the answer for BYOD security is that the phone needs to be running a controlled separate/virtual environment for the company that is completely walled off from the personal part of your phone.
Even in the case where they collected a bunch of Wifi data with their street cars there's a) No evidence they did anything with it, and b) It was them who approached the various government agencies responsible for protecting privacy around the globe admitting they fucked up rather than simply deleting it and trying to cover it up.
Not claiming Microsoft isn't worse than Google, but you might be interested to know that point b is not entirely correct. It is the version often being repeated on sites like Slashdot, for some reason, but the actual sequence of events as extensively covered in European press as it happened:
Google actually first guaranteed the German authorities that they were not collecting anything. And first after the German authorities despite this assurance still demanded a full audit of the data anyway, did Google do their disclosure. In a situation where they would have been found out anyway. (trying to delete data after being requested for auditing would be a major crime)
I'm not saying this is making it more or less of an innocent screw-up from Google, your point a still stands, I'm just saying what the sequence of events in this story actually were.
I am an advocate of fiat money, but that is because I fear deflation more than inflation. (Well, my view is a bit more complex then that.)
Most economists would agree with you on that (not sure if that in geek circles is taken as a compliment or not, but given as one, we tend to be far too dismissive of other expertise than our own)
As for what you are saying, “years” is not the right answer. We have been in a finical crisis for the past few years, and those tend to be deflationary. The reason why we have not seen major deflation is because Central Banks have been pumping money.
As for modern systems, there is a tension between independent Central Bankers who fear inflation verse politicians who like easy money. I can point to issues in recent years, but not in big mature countries.
Indeed. And this tension is holding the balance. These are much more complex systems than most imagine, and we have developed a set of checks and balances that work. Soundbites about "feds printing money" doesn't really mean anything if you don't understand the model. And your point about the issues not being in big mature countries is my point as well. On the other hand bitocoins that some see as a better alternative loose 2/3rds of value overnight. You have you to be really idealistically theoretically motivated to compare that as equal or better.
Thanks for blog references, will read, actually interested in the various sides of this topic.
Trying to convert a general purpose computer to a phonelike environment has an inherent failure, that users recognized, then later advertisers recognized that users recognized it. I've heard windows 9 is planned to cede even more ground on the general purpose front. That would actually make me, a windows developer(currently), switch to Linux on as my main platform.
ok, so ad networks (as search business) are winner takes it all. Because of the dynamics of the bidding engine when you get volume. Any ad developer that have a business guy worth his salt would go for one of the leading ad network opportunities over the small me-too player that Microsoft pubcenter is, also when you develop apps for Windows 8 (contrary to what the summary might seem to apply, Windows 8 app developers are in no way limited to pubcenter).
Apple have this perception that they pushed for removing DRM, which might be true, but it is interesting that at the time of iTunes DRM the competing WMA "plays for sure" (*) stores actually had less DRM restrictions than Apple (you could keep and use more copies of the songs on more devices simultaneously, burn more copies, re-download if license lost, etc
"Plays for sure" - see, that's where the problem with your argument starts. PlaysForSure was introduced late in 2004 - IOW over a year after the iTunes DRM.
I have seen the future of music and its name is iTunes
[...] Many online music services are on the market, but they’ve all done poorly, most likely because, as Jobs said, they all “treat you like a criminal.” For the most part, the other services are subscription based — users pay a $10 or $20 per-month fee for access to a catalog of songs, and they must put up with a Byzantine set of rules outlining how they can use the tracks. Some services only offer “streaming” music, meaning that you have to be connected to the Internet when you want to listen to your songs; others let you download songs so long as you play them on a single machine (forget about transferring them to portable MP3 players); a few services let you burn songs to CDs, but only for selected tracks for an extra per-song fee. The worst part is, you have to keep paying to get the music; once you cancel your subscription, you can no longer listen to many of the tracks you’ve downloaded.
Universal and Sony rolled out a joint venture called Pressplay. AOL Time Warner (the parent of both Warner and FORTUNE's publisher), Bertelsmann (BMG's owner), EMI, and RealNetworks launched MusicNet. But instead of trying to cooperate to attract customers, the two ventures competed to dominate the digital market. Pressplay wouldn't license its songs to MusicNet, and MusicNet withheld its tunes from Pressplay.
[...]The record companies were also fearful about doing anything that might cannibalize CD sales. So they decided to "rent" people music through the Internet. You paid a monthly subscription fee for songs from MusicNet and Pressplay. But you could download MusicNet tunes onto only one computer, and they disappeared if you didn't pay your bill. That may have protected the record companies from piracy, but it didn't do much for consumers. Why fork over $10 a month for a subscription when you can't do anything with your music but listen to it on your PC? Pressplay launched with CD burning but only for a limited number of songs.
At the end of last year, Pressplay and MusicNet licensed their catalogues to each other, ending their standoff. MusicNet also now permits subscribers to burn certain songs onto CDs. But MusicNet users still can't download songs onto portable players. "These devices haven't caught on yet," insists MusicNet CEO Alan McGlade. Never mind that U.S. sales of portable MP3 players soared from 724,000 in 2001 to 1.6 million last year. Pressplay, for its part, lets subscribers download some songs onto devices, but only those that use Microsoft's Windows Media software. That means no iPods.
But I'm sure you can come up with others that were around at the time the iTunes Music Store came out.
My point wasn't really who launched the store first, sorry if that was unclear, but that when the WMA stores launched they had less DRM restrictions than iTunes had at the same time. I used both iTunes and MSN Music myself at the same time (yes, really). Especially the option to freely re-download songs if you lost the li
Originally, iTunes had DRM on music so it could only be played while iTunes was connected to your account (not always on). They removed the DRM later for music. It's still there for movies.
The article is incorrect to say this addition is Apple's - applying DRM was a prerequisite of the music industry for the licensing agreement with Apple. No DRM, no license. The removal of DRM has only happened because the music industry finally saw the writing on the wall and allowed Apple (and others) to remove it.
Apple have this perception that they pushed for removing DRM, which might be true, but it is interesting that at the time of iTunes DRM the competing WMA "plays for sure" (*) stores actually had less DRM restrictions than Apple (you could keep and use more copies of the songs on more devices simultaneously, burn more copies, re-download if license lost, etc - iTunes caught up on some of these eventually but was not in the lead for less DRM). And it was Amazon who was first with a full DRM-free music catalogue, and at the same price (at the time iTunes had started selling some DRM free tracks at a higher price than non-DRM).
This might be that the record companies were stricter with Apple than everybody else (which would be the opposite of the story that Apple used their power to force the record companies). But at the time Apple had a clear advantage from the lock-in that DRM gave the iPod/iTunes ecosystem in the beginning, so not sure how much they really disliked this situation for a while at least.
(*) Plays for sure became a joke when Microsoft abandoned it, but at the time I used it because my Sansa player supported it.
Slashdot Mirror
I have to say, I'm always surprised that people complain about Betamax tape length. I had both 3 and 4 hour tapes and I expect that if Sony had continue development, I would have had LP and even EP modes. Whilst I do realize that very early on there was a length issue, this was not the case for most of the life of the product.
I think by then it was too late, VHS market momentum was too great - economy of scale and content support. Recording/play time was clearly a major difference between the standards in crucial momentum building phase. VHS had 2 hours, Betamax had only 1 hour.
I remember many of us having 120 minute VHS (later 240m) and a few having 60 minute Betamax (later 120m) at the time home video recording really took off (also, first Betamax half speed long play alternatives reduced the image quality advantage)
With respect to VHS being 'open', that wasn't the case either. I'm pretty certain that every VHS recorder sold included a license back to JVC.
Not according to Wikipedia. From http://en.wikipedia.org/wiki/VHS: "JVC believed that an open standard, with the format shared among competitors without licensing the technology, was better for the consumer. ". If this is wrong and there was a need for some form of licensing it was clearly very broadly and cheaply offered.
Apple is to Betamax as Android is to VHS.
Interesting comparison, depending on what you mean by it. As someone there at the time, I think it is a myth that Betamax was a better product. It had somewhat better image quality, yes. But a video recorder that couldn't tape a full movie without you returning home from your dinner to turn the tape before leaving again is not a superior home video technology. Depending on whether you are positive or negative to Apple, this could be interpreted as "typical Apple, you are using it wrong" or very unlike the user-friendly Apple user experience.
Another reason VHS won is more directly similar to Apple vs Android. VHS won because it was an open standard a myriad of manufactors freely adopted, Betamax wasn't - it was controlled and licensed at significant cost. Because of this obvious stronger consumer appeal, they got the content owners betting on them, including porn (another myth).
...maybe put that brainpower into solving the actual global problem, rather than finding a bandaid solution to the local symptom....
Getting Hot in Here
Fahrenheit 451 is interesting, because contrary to what many believe it wasn't really about government censorship, and the culprit in the story isn't the state, but the people, and how they embraced apathy and lack of substance with watching TV over reading books.
For one thing, they're the same thing, as an apathetic electorate tolerates this sort of censorship. For another, a work means what it means, not what its author intended it to mean. Or does the law prevent death of the author from taking effect until 70 years after the literal death of the author?
They didn't just tolerate it, they actively caused it. Turning to mindless entertainment and shortened 'factoids' (that lack substance and depth) on TV. Bradbury saw the TV as an opiate. Only after people stopped reading did the state employ firemen to burn books.
For those who missed the reference and didn't click the links, this is a reference to Fahrenheit 451.
Fahrenheit 451 is interesting, because contrary to what many believe it wasn't really about government censorship, and the culprit in the story isn't the state, but the people, and how they embraced apathy and lack of substance with watching TV over reading books. Source:the author
Apple that everyone loved. Today they're the company that many love to hate.
Except people aren't that emotional. Apple simply produced compelling products the iPod, iPhone and iPad and many here enjoyed their computers before Apple became an electronics company. They market well, and are popular in the media (and shareholders), They are out of favour as their product lines look tired compared to the competition, and the chance of repeated success in new markets looks increasingly unlikely (iwatch, itv, iconsole), and well the share price, profits, revenues, market share, technical edge, brand value are all down.
Pretending that people are randomly emotional about mega corporations is simply weird. People on the whole buy(and respond well to companies) of products which have reasonable value and quality...marketed well, and those products are coming from Google(and their OEMs) not Apple(or Microsoft) who foolishly think their users are cattle.
For most people this is the rational way of looking at it, yes. But Apple most certainly have managed to produce a more.. fervent.. kind of supporters. That far transcends the usual fan-boys many tech companies have. If you have managed to avoid them, good for you, a few years back I found that voicing any criticism of Apple brought them out in force (and I knew a couple of them real life too). And you can often see today when the shine has come off Apple somewhat that they now think that everybody loves to hate Apple, and voice this frequently.
BBC made a very interesting documentary that among other things included researching the emotions Apple evokes in some of their supporters (including using MRI scanners!): According to a BBC documentary, Apple stimulates the same part of the brain as religious imagery does in believing people. The program is recommended viewing for anyone interested in this topic.
Gee, should I never eat again, because the food might be contaminated? I said I fixed one instance. I didn't say I solved the entire malware problem!
Uhm.. late coming back here, but my point was that you manually fixed a symptom on this system that might (!) just be indicative of something more. I would still recommend running a good clean-boot-from-external media-based cleaner just to be sure (not the ones you mentioned, but Kaspersky perhaps, and no, I'm not a Kaspersky sales rep, their rescue disc is free).
I started with Excession some years ago, and have been working my way through the others. They've all been well worth reading. Mr. Banks death is true loss.
Excession is still my favourite. Gulp indeed.
Yawn ... I do in fact write software, and I know how long it takes to proof-test patches. That doesn't change that Microsoft has historically been incredibly sluggish at acknowledging vulnerabilities in the wild until they go public.
You did live through IE 3 and 4 right?
I did, and they knocked Netscape of the throne in all respects (seriously, IE4 was *the* best browser at the time). I don't dispute they have been sluggish. But if you know anything about large scale software QA, 3-4 weeks are nothing. That is why we used to have sensible disclosure guidelines, which this Google guy completely ignores.
Their PR shills are out in full force to try turn this into a "google is teh evil" incident.
Ah.. the new Goodwins law of Slashdot discussions. Thanks. I just also posted recommendation to use Chrome and FF over IE10, but I guess that is just part of the conspiracy.
He reported the vuln to Microsoft early March.
Any sources for this? As all articles, including the ones linked in summary here, claims he just published them directly and did not report anything to Microsoft beforehand. The March publication included. Do you have an citation on claiming otherwise? Or are the Google PR shills out in force? /s
History tells us that telling Microsoft privately puts it on their radar for three to five years out. Disclosing publicly actually gets a patch to users.
This guy gave them 4 weeks before publishing actual exploit code (not just vulnerability info), and did not report it to Microsoft before publishing the vulnerability. To produce and, most importantly, QA a patch to the most used OS environment in the world is not trivial and takes time. Even if you want to stick it to MS, this is a big middle-finger from this Google guy to user all over the world.
This malware (which puts up the appearance of a credit/debit card and asks for all you information) calls a server in the Ukraine. It was delivered by eMail (to a naive user) and intercepts attempts to reach your financial institution via their website. It presents, after login (did they capture the login info?), a panel looking like the credit/debit card, asking for the user to fill in all information, including account number, CVC, address, and other personal information (why anyone would fill in that data is beyond me!) After much gnashing of teeth, I discovered it was undetectable by any known virus checker I use (AVG, Malwarebytes, Spybot), so I had to dig deeper. It turned out that the malware was using any references to 127.0.0.1 (local machine) for it's hook. All I had to do was edit the HOSTS file and add the domain names of the miscreant with a reference to a different IP address that is known to be a deadend (you could, for example, use 127.7.7.7). When the malware couldn't execute, it couldn't disable the various malware detectors, and several files were then identified and removed.
Word of caution, "this malware" is a dangerous phrase these days, as the base hidden infection is often capable of downloading completely different payloads on the fly (often as a result of an auction business not unlike Googles - it contacts servers and download highest bidder at the moment). Doing a boot from external media cleaning is highly recommended on an infected system (and periodically regardless) to avoid that the malware blocks the antimalware.
Don't use IE6. Don't use IE7. Don't Use IE8. Its 2013. Use Chrome, Firefox, or IE 10+ Install chrome, chrome://plugins/ , block automatic execution of java and flash. Make it so you need to click. Install an adblocker to reduce driveby downloads. Install noscript + ghostery if you are wearing aluminum foil on your head. Auto install security updates. If something disables it most likely you have a virus. Keep everything up to date. Don't install toolbars or weather apps from unknown sources.
Right now IE10 actually seems to be the browser that out of the box has the least critical vulnerabilities according to multiple reports, and kudos deserved for that, but what it unfortunately lack are the protection addons that you list - adblocker and noscript (ghostery doesn't really help much in this context). That is a big difference, and I wouldn't surf the net without it. Safe surfing and attachment habits are simply not enough anymore. There was a report recently that most infections are now coming from legitimate websites, through ads or code injection. You can't manually protect yourself against this threat, as we used to. For this reason I would not run without (the often maligned around here) always-on AV/AM-scanner. Times have changed my friends.
A better reason to ignore the torrent of mobile malware FUD being spewed by all the Windows AV vendors.
They're terrified because their business model involves being parasites bandaiding a virus ridden OS that's now failing in the market. Like fleas without a dog, hey're desperate to find a new host, but since modern mobile OSs aren't as colander-like as Windows, they're being forced further and further into snake-oil realms.
This story deserves nothing but ridicule.
I'm an Android user myself, but I think we need to be careful with this sentiment. For Mac users this kind of sentiment led to OS-X Flashback being the biggest malware epidemic in modern times in terms of percentage of user base infected. Beating Windows Conficker for this honor. Yes, the number of Windows users are obviously larger, but in terms of infection risk and infectability of a platform, percentage of user base is the right measure.
Later versions of Flashback even did completely silent drive-by infection on OS-X, no user interaction or admin password needed, just visiting a web site was enough, something many Mac users still seem to think only happen on Windows. Even Apple has admitted that Unix-based OS-X need dedicated malware detection and cleaner tools.
There is a very sophisticated multi-billion dollar malware industry out there. Android is not immune to this threat. And its volume is making it an increasingly likely target. Especially since the far majority of the Android user base is on old vulnerable versions, with added vulnerabilities from handset makers and operators, long after Google has patched vulnerabilities and improved security.
Well, guns are pretty much banned in Chicago, New York City, etc. And yet, dozens of shootings every day....
This image has a nice take on it... apparently cold weather causes violence.
http://danieljmitchell.files.wordpress.com/2013/03/houston-chicago-guns-weather.jpg?w=500&h=500
Interesting thing is that all the * exact* same arguments and dismissals was used before the Australian gun ban. After the gun ban actually lead to undeniable positive results did even the opponents admit that it was a good thing, and have now become supporters.
I just explained on the next paragraph, but I'll gladly do it again:
The public API, full featured in order to create a working app, is open to everyone who follow TOS. The one that google uses for Android and iOS (for their own app!!!) is googles private one Google doesn't have to give access, it's their own product! So yes, their private API has more features, that's not the same as saying the public API is broken (and that doesn't allow to follow TOS as MS is saying). So.... what is it that's so difficult to understand?
So, if Microsoft Office is using a different Windows API than is available to competitors (it is their own product!), that is ok? I know this has been claimed at various point, usually as a harsh accusation, I'm asking if you think it is ok?
In fairness, there is malware on Android however I expect the risk for most people of catching it is pretty minimal. The Play market is proactively scanned and acts reactively to threats up to and including a remote kill capability. And in many cases those that do get infected have their own lack of sense to thank - installing pirated APKs, or dubious apps from untrusted sources and reaping the rewards.
Apps are not the only way in though. Web and email coupled with vulnerability exploits are obvious vectors, Bluetooth and NFC exploits have been demonstrated. I'm using an Android phone myself, but I think we are doing ourselves the same disservice Mac users did (and ended up with the biggest malware epidemic in modern times in terms of percentage of user base affected with Flashback) if we discount the malware threat to be just AV vendor marketing and not a potential real threat. Especially since such a large portion of the Android user base is on old vulnerable versions long after Google has patched vulnerabilities and improved security.
There are regulations about how different classifications of data can be moved around and stored.
When you say "classifications" you mean "Classified", etc? Ok, fair enough. I can't really imagine a situation where I'd be asked to carry those around in my own phone, though.
You can have things on your phone that you can't have in a briefcase in your car.
I'm hard pressed to imagine what I could have on my phone that couldn't be in a thumbdrive in my breifcase.
And there is more opportunity for a phone to be lost or stolen.
Seeing as I can remote wipe my own phone, and would if it were lost or stolen that seems moot. The unique security risk with a BYOD phone vs a corporate issued unit would be that when I leave the company I take data I shouldn't take.
"Classified" data are hardly suited for a normal BYOD scenario, but there are other types of data that can be regulated how the company need to handle, like customer and user data, information about sales/potential sales/deals, etc. You are right that if you copy company data to an USB drive that can be accessible for others, that is a security risk too, which is why device management that includes control over USB usage is growing rapidly. But another risk with the BYOD phone that a USB stick doesn't have, is how easily it can leak all the company information to highly insecure consumer cloud services (something an unmanaged PC can do as well of course).
I expect to get the living hell modded out of me when I say the iPhone has been a secure platform for BYOD for awhile now (I don't remember if it's the 3GS or 4 where security was tightened up). Besides the Configurator, something as humble as ActiveSync can manage them. Same goes for many of the latest Android devices. The point is it's easy to natively get strong security on a mobile device. How good it meets your needs depends on your needs.
If you let company admin access to lock and wipe your device, control what apps you install and use - like fx very insecure data-syncing services like icloud/dropbox, etc. then it is not really your personal BYOD device anymore, it is a company device. If you don't have this, the device is not company secure (it doesn't help enforcing local device encryption and password policies to prevent access to company data if you are leaking same company data to highly insecure consumer cloud services or in other ways setting up and using your phone in an insecure way).
As several others have said on the thread already, the answer for BYOD security is that the phone needs to be running a controlled separate/virtual environment for the company that is completely walled off from the personal part of your phone.
Even in the case where they collected a bunch of Wifi data with their street cars there's a) No evidence they did anything with it, and b) It was them who approached the various government agencies responsible for protecting privacy around the globe admitting they fucked up rather than simply deleting it and trying to cover it up.
Not claiming Microsoft isn't worse than Google, but you might be interested to know that point b is not entirely correct. It is the version often being repeated on sites like Slashdot, for some reason, but the actual sequence of events as extensively covered in European press as it happened:
Google actually first guaranteed the German authorities that they were not collecting anything. And first after the German authorities despite this assurance still demanded a full audit of the data anyway, did Google do their disclosure. In a situation where they would have been found out anyway. (trying to delete data after being requested for auditing would be a major crime)
I'm not saying this is making it more or less of an innocent screw-up from Google, your point a still stands, I'm just saying what the sequence of events in this story actually were.
I am an advocate of fiat money, but that is because I fear deflation more than inflation. (Well, my view is a bit more complex then that.)
Most economists would agree with you on that (not sure if that in geek circles is taken as a compliment or not, but given as one, we tend to be far too dismissive of other expertise than our own)
As for what you are saying, “years” is not the right answer. We have been in a finical crisis for the past few years, and those tend to be deflationary. The reason why we have not seen major deflation is because Central Banks have been pumping money.
As for modern systems, there is a tension between independent Central Bankers who fear inflation verse politicians who like easy money. I can point to issues in recent years, but not in big mature countries.
Indeed. And this tension is holding the balance. These are much more complex systems than most imagine, and we have developed a set of checks and balances that work. Soundbites about "feds printing money" doesn't really mean anything if you don't understand the model. And your point about the issues not being in big mature countries is my point as well. On the other hand bitocoins that some see as a better alternative loose 2/3rds of value overnight. You have you to be really idealistically theoretically motivated to compare that as equal or better.
Thanks for blog references, will read, actually interested in the various sides of this topic.
Trying to convert a general purpose computer to a phonelike environment has an inherent failure, that users recognized, then later advertisers recognized that users recognized it. I've heard windows 9 is planned to cede even more ground on the general purpose front. That would actually make me, a windows developer(currently), switch to Linux on as my main platform.
citation?
ok, so ad networks (as search business) are winner takes it all. Because of the dynamics of the bidding engine when you get volume. Any ad developer that have a business guy worth his salt would go for one of the leading ad network opportunities over the small me-too player that Microsoft pubcenter is, also when you develop apps for Windows 8 (contrary to what the summary might seem to apply, Windows 8 app developers are in no way limited to pubcenter).
Apple have this perception that they pushed for removing DRM, which might be true, but it is interesting that at the time of iTunes DRM the competing WMA "plays for sure" (*) stores actually had less DRM restrictions than Apple (you could keep and use more copies of the songs on more devices simultaneously, burn more copies, re-download if license lost, etc
"Plays for sure" - see, that's where the problem with your argument starts. PlaysForSure was introduced late in 2004 - IOW over a year after the iTunes DRM.
But that's just a technicality, so let's look at the actual competition. http://www.salon.com/2003/04/29/itunes/
I have seen the future of music and its name is iTunes
[...] Many online music services are on the market, but they’ve all done poorly, most likely because, as Jobs said, they all “treat you like a criminal.” For the most part, the other services are subscription based — users pay a $10 or $20 per-month fee for access to a catalog of songs, and they must put up with a Byzantine set of rules outlining how they can use the tracks. Some services only offer “streaming” music, meaning that you have to be connected to the Internet when you want to listen to your songs; others let you download songs so long as you play them on a single machine (forget about transferring them to portable MP3 players); a few services let you burn songs to CDs, but only for selected tracks for an extra per-song fee. The worst part is, you have to keep paying to get the music; once you cancel your subscription, you can no longer listen to many of the tracks you’ve downloaded.
http://money.cnn.com/magazines/fortune/fortune_archive/2003/05/12/342289/
Universal and Sony rolled out a joint venture called Pressplay. AOL Time Warner (the parent of both Warner and FORTUNE's publisher), Bertelsmann (BMG's owner), EMI, and RealNetworks launched MusicNet. But instead of trying to cooperate to attract customers, the two ventures competed to dominate the digital market. Pressplay wouldn't license its songs to MusicNet, and MusicNet withheld its tunes from Pressplay.
[...]The record companies were also fearful about doing anything that might cannibalize CD sales. So they decided to "rent" people music through the Internet. You paid a monthly subscription fee for songs from MusicNet and Pressplay. But you could download MusicNet tunes onto only one computer, and they disappeared if you didn't pay your bill. That may have protected the record companies from piracy, but it didn't do much for consumers. Why fork over $10 a month for a subscription when you can't do anything with your music but listen to it on your PC? Pressplay launched with CD burning but only for a limited number of songs.
At the end of last year, Pressplay and MusicNet licensed their catalogues to each other, ending their standoff. MusicNet also now permits subscribers to burn certain songs onto CDs. But MusicNet users still can't download songs onto portable players. "These devices haven't caught on yet," insists MusicNet CEO Alan McGlade. Never mind that U.S. sales of portable MP3 players soared from 724,000 in 2001 to 1.6 million last year. Pressplay, for its part, lets subscribers download some songs onto devices, but only those that use Microsoft's Windows Media software. That means no iPods.
But I'm sure you can come up with others that were around at the time the iTunes Music Store came out.
My point wasn't really who launched the store first, sorry if that was unclear, but that when the WMA stores launched they had less DRM restrictions than iTunes had at the same time. I used both iTunes and MSN Music myself at the same time (yes, really). Especially the option to freely re-download songs if you lost the li
Originally, iTunes had DRM on music so it could only be played while iTunes was connected to your account (not always on). They removed the DRM later for music. It's still there for movies.
The article is incorrect to say this addition is Apple's - applying DRM was a prerequisite of the music industry for the licensing agreement with Apple. No DRM, no license. The removal of DRM has only happened because the music industry finally saw the writing on the wall and allowed Apple (and others) to remove it.
Apple have this perception that they pushed for removing DRM, which might be true, but it is interesting that at the time of iTunes DRM the competing WMA "plays for sure" (*) stores actually had less DRM restrictions than Apple (you could keep and use more copies of the songs on more devices simultaneously, burn more copies, re-download if license lost, etc - iTunes caught up on some of these eventually but was not in the lead for less DRM). And it was Amazon who was first with a full DRM-free music catalogue, and at the same price (at the time iTunes had started selling some DRM free tracks at a higher price than non-DRM).
This might be that the record companies were stricter with Apple than everybody else (which would be the opposite of the story that Apple used their power to force the record companies). But at the time Apple had a clear advantage from the lock-in that DRM gave the iPod/iTunes ecosystem in the beginning, so not sure how much they really disliked this situation for a while at least.
(*) Plays for sure became a joke when Microsoft abandoned it, but at the time I used it because my Sansa player supported it.