So, the card companies can asses a fine of up to $100,000 per month per violation. Per TFA, the number affected "exceed 37 million", and they knew about this for 8 months. Therefor, Panera / the processing bank/ "someone" should be hit with a $29,600,000,000,000. Well, the "whole PAN" wasn't exposed, only the last 4 out of 16. So, to be fair, the fine should be $7,400,000,000,000. I'm sure they have proper "errors and omissions insurance" to cover about 10% of GWP (global world production). I mean, that's what insurance is for, right? Ten percent, that's in The Bible!
I work as a network security analyst at a small airline, who has some DoD contracts. 800-171 compliance is my job, and our infrastructure team bases most of our decisions around it. Wannacry was patched last year; you have only 30 days to apply patches or your non-compliant. IMHO, Boeing should be brought before Congress and threatened with loosing all their DoD contracts and forced to go through a third-party audit and fined for anything found non-compliant.
The ONLY "Saving grace" for Boeing might be that they might be able to show that the systems hit with Wannacry are not covered under any DoD contract; ie not used for anything DoD related. However, it's also my opinion that ANYTHING relating to our "national aviation infrastructure" SHOULD be, at a minimum, 800-171 compliant; as should anything relating to electrical utilities, water and sewage, and medical.
If we actually "go to war", the USA is totally fucked on this front. I fully expect any transition to a "hot war" with, say North Korea, will immediately result in most of the electrical grid shorting out / shutting down, entire city networks being corrupted, and anything with a PC being pwned within 24 hours. We, as a country, are as about prepared for "modern warfare" as the Native Americans were to meeting the Europeans and their diseases.
The US is going the opposite way; you either need a "RealID enabled ID" or a passport now to fly. My state kept pushing ReadID off (because of Obama), so now they got denied another extension on it all. They finally caved, but right now are at the 2-4 year mark on actual implementation.
$200?!? That's almost half of my after-tax paycheck. I pay less than that for a 5-10mph speeding ticket; that's more than my monthly electric bill. After tax, that's more than a weeks pay for a full-time minimum wage worker.For anyone living paycheck-to-paycheck, one fine like that can leave a person unable to pay rent.
Have you gone through an actual federal audit yet? I'm not doubting your statements, just curious. My current job revolves around 800-171 compliance, the way my company works is "if it doesn't have a STIG, it doesn't run inside our enclave" when it comes to anything server-based. I know there is a STIG for RHEL, I have yet to look over it (because I have 50+ others to work on). I'm pretty new to this particular workplace, most of my time recently has been fighting with Windows 10, parsing up STIGs to give to other departments, and working on PowerShell scripts to automate auditing.
I guess you've never heard of "civil asset forfeiture", which is quite popular with many law enforcement departments these days. If the police just "feel" that anything you have might somehow be related to drug money, they can (and often do) seize it. Then you have to take them to court and prove it's NOT, often spending more than what what seized. No proof, arrests, or real "due process" is needed from them to keep your stuff. Carrying cash to go buy something? You might be going to buy drugs (even though your record is completely clean and you've never been involved with anything like that before) and now your cash and car is theirs.
We recently had to admonish our telecom contractor over his re-use of a USB stick. He was using it to update firmware on our IPECS phone system; when asked "Is that write-protected and in read-only mode?" he didn't really know what we where talking about. When asked "How many other companies have you used that USB stick in since the last low level format?" the light bulb came on. After that we started making him download the firmware on our network, and use a USB stick we provided. We have to be 800-171 compliant for DoD contracts, so this stuff matters.
streaming from a site that has adsThat's why I use Kodi. You can screw over the MPAA by getting free content, AND the pirate streaming sites by using their bandwidth yet having to view zero ads.
The jobs here are probably pretty much the same as any place else. The major difference might be most places are more set in the Windows environment than on the coast. Basically, whatever tech was "hot" 10-15 years ago is just now getting implemented here. But we all use the same type of switches, hardware, phone systems, etc as the rest of the country. We're not sending smoke signals and fighting off angry Indian tribes with muskets or using a horse and buggy for transportation. We lay fiber just like they do on the coast, we use VMWare, Active Directory, and Airwatch just like the rest of the planet. We even have these giant metal things in the sky, any they go so what we call an "International Airport"! We have 4G cell networks, electricity, electric cars, and all sorts of new-fangled tech. Our physics operates the same way as Silicon Valley, our electrons flow just the same.
But we both know the process is "cumbersome" because of the FDA, not your company. I'm doing 800-171 compliance at a smallish airline (we some a bunch of DoD flights), and their XML idea is pretty cumbersome too. No FTP access to the 40+ security guides (STIGs) I need, so I had to write a PowerShell script to parse out the names, version numbers, revision numbers. Oh, and not all of them are at HTTPS, about half a dozen are HTTP so there's another sub-step. Oh, and SOME have a month in the name. It is the PINNACLE of standardization.
Not to mention the DoD keeps all their "good tools" locked behind their PKI. So it's either pay $$$ from a vendor for some tool, or roll it all myself. I can't really use much OSS, because that's a whole new boatload of STIGs, plus most of those tools have no STIG so I'd have to figure out a way to audit them myself. My current idea is to make a physical CentOS box for OpenSCAP and just turn it off most of the time so it won't trigger a "finding" for an audit.
CyberDyne Systems announces their new "Neural Net CPU". Based on recent breakthroughs of quantum computing and memtransistors, the combination of these technologies promises "many more computations can be done each second, quadrillions of switching positions are possible, many of them simultaneous at each quantum level."
Well, this article isn't about working "for the government" really; most contractors (especially the mentioned health care and aerospace) have multiple clients. My workplace has a 30% DoD involvement level. We don't deal in CUI (Controlled Unclassified Information), but Transactional Information. Both of these are several steps below anything like what Snowden revealed. Thus why we fall under 800-171 instead of 800-53.
I'm assuming your not intimately familiar with these NIST publications, the related STIGs, and so forth. I can guarantee the contractors who have had breeches did not implement items such as "Microsoft Windows 10 STIG - Ver 1, Rel 12", "Database SRG - Ver 2, Rel 8", etc. The Win10 STIG itself has almost 300 very precise requirements; to the point of "if Registry Key XYZ is not found this is a finding".
Compliance with these does create one part of the security model. There is no real way of testing for "personal integrity" outside of a clinical setting; intelligent people with no "personal integrity" can fake it for a long time even hiding it from close friends and family. Low-order sociopaths are quite common in the business world, especially as one moves up the management ladder. They would claim to have "personal integrity"...BUT their definition would be more along the lines of "keeping my person ahead of everyone else and my social standing integrity intact".
Compliance to the publications like 800-171 and 800-53 _increases_ "mental capabilities available to understanding" because to implement them properly you have to have a deep holistic understanding of various underlying technologies, people's psychological reactions (to make effective training), foreign relations (to know which APT are out there and just what vector they might be using), etc.
Case in point, stopping "email phishing" requires both a technical AND personnel approach. You need to implement various safeguards to stop the bulk of the attacks, AND need proper training for end-users to correctly deal with anything that gets past those safeguards. Neither one by itself will be effective due to the constantly evolving nature of threats. Technologies like Mimecast can stop 90%-95% of attacks getting through, properly configured GPOs can help stop other issues that slip past that; but attackers will craft some way that will eventually slip past. That's the whole reason for "risk management"; you have to accept that something bad will eventually happen and have procedures in place to quickly return to a stable operational state. Off-site encrypted backups, disaster recover contracts, keeping up vendor warranties...
This whole conversation (not yours in particular, but TFA in general) seems to have taken a pear-shaped turn into the "evils of TLA agencies". While that is a worthwhile (and VERY critical) conversation to have for a functioning democracy, the original summary was about the failings of contractors to follow basic security guidelines. Not some "hard to define" ideals like "personal integrity", but very specific guidelines that have existed for years and are (mostly) freely available to the public at large. If every government agency would just "do their job" in regards to ITSec and follow the REQUIRED published guidelines, many of these breaches would have been stopped.
I don't have technical knowledge on things like the OPM hack, but I am willing to bet that that breech (in the way it actually happened) could have been avoided if they had bothered to properly implement 800-171. Personally, I feel that ALL companies that deal with any financial data (looking at you EQUIFAX), health information, or other "personal sensitive data" should be required to follow NIST guidelines. It should be part of regulatory requirements; unfortunately our current administration is moving towards "less burdensome regulations" rather than towards compliance so we should expect to see breeches like this happening far more often in the future.
And yet nothing you listed has anything to do with the issues listed in the summary: "botnet infections", "network security", and "email security". The current problems have very little to do with your list, unless your claiming that very "unethical contractors" are the ones running the botnets and purposely compromising network security.
The absolutely most loyal network admin will have a difficult time stopping end users from clicking on phishing emails. Stupidity doesn't stop because of "patriotism".
The REAL problem is the contractors are not forced to follow already existing security publications. My current position deals directly with this; I'm working on finishing up NIST 800-171 compliance for a DoD contractor. My ability to hist the various requirements, implement the STIGs, has ZERO to do with my extended family, faith, or feelings on human rights. The correct "separations of powers" in our IT means that even if I wanted to somehow compromise our network, other people working there would notice pretty quickly. I may implement a GPO, but my boss gets a report on what GPOs have been modified and by whom, for example. I'm not the only person running STIG audits, I'm not the only person at our company doing "security related stuff".
What REALLY needs to happen is the feds need to step up on their compliance audits; first going over EVERY department on a 800-171 or 800-53 (for the actual DoD) level...and work their way out down the contractor tree. IMHO, our "election system" should be at least 171 compliant but "STATES RIGHTS!" get in the way.
Is what this is all about. If you've had to work with the various DISA stigs, then you know just how much software can't really easily be deployed. You can't just "run linux and a VM for Windows", because there are only SPECIFIC versions of Red Hat that have STIGs that allow it to be "properly audited". Getting a "Certificate to field" is a complicated, torturous route that must be re-done for each different enclave the CtF is for. Software like MySQL doesn't even have a STIG, so all of that is out the window.
And it then there is Trusted Platform compatibility, Fedramp certified cloud, etc. My current job is working towards 800-171 certification, which is a watered-down version of 800-53. It's still a huge PITA, but these standards are needed because of APTs and stupid end-users. IMHO, your "electronic election system" should at least be at 800-171, but "STATES RIGHTS" means easily hackable machines.
Or use the "Long Term Service Branch" Enterprise edition, that doesn't get "feature updates" (AppX packages in layman's terms). However, it's not "so easy" to disable everything. You have to rip out all the AppX installs, then the AppXPackages, and then go into several "System folders", change permissions, and start deleting them. Be careful though, things like Calculator are now "Store apps" so just ripping out every Store app will remove half the normal features users are used to.
If you don't do all the above, then the next new user that logs in will probably have a bunch of new apps show up. Another step is to clean up a profile, remove all the tiles, then export the startlayout into the Default user Shell profile directory.
Even more baked-in shit I probably can't remove. I've been fighting with Win10E trying to rip out shit like Pandora, DuoLingo, Eclipse Manager...I've done the getappx -allusers uninstalls, getappxpackage uninstalls, every registry entry I can find relating to them. Yet still, whenever a new user on a box logs in...BOOM THEIR BACK.
Why can't Microsoft have a "store free" version for Enterprises who don't want their users to install random games and apps? My organization has to be 800-171 compliant, so keeping out unknown data leaks in a must. I can't convince management to use Long Term Branch Edition, because we're not sure how the whole "no feature updates" works with the STIG requirements. WHY THE F@CK DOES AN "ENTERPRISE OS" HAVE UNREMOVABLE XBOX APPLICATIONS?
the 91 sites the researchers had manually coded as “junk news” I want this list; I could then put them into the corporate firewall to see which users are the most easily manipulated with gossip and rumors!
A clear and easy path to migrate off Citrix ZenServer, once enough of the current features are duplicated. Making the whole thing 800-171 compliant would also open up a huge niche market.
It's still super-difficult to remove all of M$'s "AppX" crap. Even after running a 50-line Powershell script for both AppX and AppXPackages, my syspreped image updated itself and re-installed DuoLingo, Pandora, MSN News, etc. At least the Cortana removal seems to stick. I'm working on some GPO's to keep it all off, but its all TOTAL BULLSHIT.
Why is God's name does my "Enterprise" OS come with Xbox shit that is "part of the OS" and unremovable? We are trying to make Win10E NIST 800-171 compliant, and I doubt there is any way in HELL to get it 800-53 compliant.
There are rumors of a DoD-level "version" of Win10, that I assume M$ handed it's source code to the Feds and said "here, do with it what you need" to get it complaint. Of course, the rest of the population still has to deal with their advertising, "pushed apps", and more showing up.
"can't deduct the property tax on their big mansions" Sure they can! All they need to do is transfer the house into a pass-though trust, re-structure their actual income to go through several similar trusts, funnel income through various tax-avoidance systems in various islands, and a long list of other types of systems. "Normal people" don't have the wealth required to make use of this, but the 1% does. Raising taxes on them just makes them funnel even more money out of the "normal system".
The 99% and the 1% exist in two completely different economies, two completely different monetary systems. These wealth protection schemes cross several oceans, different countries, and are not designed for us peasantry.
"because the actual cost had been negotiated by some unseen, unknown entity" I've been told it's negotiations between Cthulhu and the Hypnotoad, written down in non-Euclidean petroglyphs. Sure, they COULD show you these contracts, but it would break your puny human brain and immediately drive you insane.
Slashdot Mirror
So, the card companies can asses a fine of up to $100,000 per month per violation. Per TFA, the number affected "exceed 37 million", and they knew about this for 8 months. Therefor, Panera / the processing bank/ "someone" should be hit with a $29,600,000,000,000. Well, the "whole PAN" wasn't exposed, only the last 4 out of 16. So, to be fair, the fine should be $7,400,000,000,000. I'm sure they have proper "errors and omissions insurance" to cover about 10% of GWP (global world production). I mean, that's what insurance is for, right? Ten percent, that's in The Bible!
Source
They are one of the "preinstall AppX Packages" that Windows 10 comes with. Pandora, Bing News, Eclipse, I hate them all.
I work as a network security analyst at a small airline, who has some DoD contracts. 800-171 compliance is my job, and our infrastructure team bases most of our decisions around it. Wannacry was patched last year; you have only 30 days to apply patches or your non-compliant. IMHO, Boeing should be brought before Congress and threatened with loosing all their DoD contracts and forced to go through a third-party audit and fined for anything found non-compliant.
The ONLY "Saving grace" for Boeing might be that they might be able to show that the systems hit with Wannacry are not covered under any DoD contract; ie not used for anything DoD related. However, it's also my opinion that ANYTHING relating to our "national aviation infrastructure" SHOULD be, at a minimum, 800-171 compliant; as should anything relating to electrical utilities, water and sewage, and medical.
If we actually "go to war", the USA is totally fucked on this front. I fully expect any transition to a "hot war" with, say North Korea, will immediately result in most of the electrical grid shorting out / shutting down, entire city networks being corrupted, and anything with a PC being pwned within 24 hours. We, as a country, are as about prepared for "modern warfare" as the Native Americans were to meeting the Europeans and their diseases.
The US is going the opposite way; you either need a "RealID enabled ID" or a passport now to fly. My state kept pushing ReadID off (because of Obama), so now they got denied another extension on it all. They finally caved, but right now are at the 2-4 year mark on actual implementation.
$200?!? That's almost half of my after-tax paycheck. I pay less than that for a 5-10mph speeding ticket; that's more than my monthly electric bill. After tax, that's more than a weeks pay for a full-time minimum wage worker.For anyone living paycheck-to-paycheck, one fine like that can leave a person unable to pay rent.
Have you gone through an actual federal audit yet? I'm not doubting your statements, just curious. My current job revolves around 800-171 compliance, the way my company works is "if it doesn't have a STIG, it doesn't run inside our enclave" when it comes to anything server-based. I know there is a STIG for RHEL, I have yet to look over it (because I have 50+ others to work on). I'm pretty new to this particular workplace, most of my time recently has been fighting with Windows 10, parsing up STIGs to give to other departments, and working on PowerShell scripts to automate auditing.
I guess you've never heard of "civil asset forfeiture", which is quite popular with many law enforcement departments these days. If the police just "feel" that anything you have might somehow be related to drug money, they can (and often do) seize it. Then you have to take them to court and prove it's NOT, often spending more than what what seized. No proof, arrests, or real "due process" is needed from them to keep your stuff. Carrying cash to go buy something? You might be going to buy drugs (even though your record is completely clean and you've never been involved with anything like that before) and now your cash and car is theirs.
References: (this is just a few, there are hundreds if not thousands of these types of abuses every year now)...
nationalreview.com
forbes.com
forbes.com
metrotimes.com
newschannel5.com
onlineathens.com
vox.com
washingtonpost.com
How does this affect Windows systems that receive all their updates via WSUS?
We recently had to admonish our telecom contractor over his re-use of a USB stick. He was using it to update firmware on our IPECS phone system; when asked "Is that write-protected and in read-only mode?" he didn't really know what we where talking about. When asked "How many other companies have you used that USB stick in since the last low level format?" the light bulb came on. After that we started making him download the firmware on our network, and use a USB stick we provided. We have to be 800-171 compliant for DoD contracts, so this stuff matters.
streaming from a site that has adsThat's why I use Kodi. You can screw over the MPAA by getting free content, AND the pirate streaming sites by using their bandwidth yet having to view zero ads.
The jobs here are probably pretty much the same as any place else. The major difference might be most places are more set in the Windows environment than on the coast. Basically, whatever tech was "hot" 10-15 years ago is just now getting implemented here. But we all use the same type of switches, hardware, phone systems, etc as the rest of the country. We're not sending smoke signals and fighting off angry Indian tribes with muskets or using a horse and buggy for transportation. We lay fiber just like they do on the coast, we use VMWare, Active Directory, and Airwatch just like the rest of the planet. We even have these giant metal things in the sky, any they go so what we call an "International Airport"! We have 4G cell networks, electricity, electric cars, and all sorts of new-fangled tech. Our physics operates the same way as Silicon Valley, our electrons flow just the same.
But we both know the process is "cumbersome" because of the FDA, not your company. I'm doing 800-171 compliance at a smallish airline (we some a bunch of DoD flights), and their XML idea is pretty cumbersome too. No FTP access to the 40+ security guides (STIGs) I need, so I had to write a PowerShell script to parse out the names, version numbers, revision numbers. Oh, and not all of them are at HTTPS, about half a dozen are HTTP so there's another sub-step. Oh, and SOME have a month in the name. It is the PINNACLE of standardization.
Not to mention the DoD keeps all their "good tools" locked behind their PKI. So it's either pay $$$ from a vendor for some tool, or roll it all myself. I can't really use much OSS, because that's a whole new boatload of STIGs, plus most of those tools have no STIG so I'd have to figure out a way to audit them myself. My current idea is to make a physical CentOS box for OpenSCAP and just turn it off most of the time so it won't trigger a "finding" for an audit.
CyberDyne Systems announces their new "Neural Net CPU". Based on recent breakthroughs of quantum computing and memtransistors, the combination of these technologies promises "many more computations can be done each second, quadrillions of switching positions are possible, many of them simultaneous at each quantum level."
Well, this article isn't about working "for the government" really; most contractors (especially the mentioned health care and aerospace) have multiple clients. My workplace has a 30% DoD involvement level. We don't deal in CUI (Controlled Unclassified Information), but Transactional Information. Both of these are several steps below anything like what Snowden revealed. Thus why we fall under 800-171 instead of 800-53.
I'm assuming your not intimately familiar with these NIST publications, the related STIGs, and so forth. I can guarantee the contractors who have had breeches did not implement items such as "Microsoft Windows 10 STIG - Ver 1, Rel 12", "Database SRG - Ver 2, Rel 8", etc. The Win10 STIG itself has almost 300 very precise requirements; to the point of "if Registry Key XYZ is not found this is a finding".
Compliance with these does create one part of the security model. There is no real way of testing for "personal integrity" outside of a clinical setting; intelligent people with no "personal integrity" can fake it for a long time even hiding it from close friends and family. Low-order sociopaths are quite common in the business world, especially as one moves up the management ladder. They would claim to have "personal integrity"...BUT their definition would be more along the lines of "keeping my person ahead of everyone else and my social standing integrity intact".
Compliance to the publications like 800-171 and 800-53 _increases_ "mental capabilities available to understanding" because to implement them properly you have to have a deep holistic understanding of various underlying technologies, people's psychological reactions (to make effective training), foreign relations (to know which APT are out there and just what vector they might be using), etc.
Case in point, stopping "email phishing" requires both a technical AND personnel approach. You need to implement various safeguards to stop the bulk of the attacks, AND need proper training for end-users to correctly deal with anything that gets past those safeguards. Neither one by itself will be effective due to the constantly evolving nature of threats. Technologies like Mimecast can stop 90%-95% of attacks getting through, properly configured GPOs can help stop other issues that slip past that; but attackers will craft some way that will eventually slip past. That's the whole reason for "risk management"; you have to accept that something bad will eventually happen and have procedures in place to quickly return to a stable operational state. Off-site encrypted backups, disaster recover contracts, keeping up vendor warranties...
This whole conversation (not yours in particular, but TFA in general) seems to have taken a pear-shaped turn into the "evils of TLA agencies". While that is a worthwhile (and VERY critical) conversation to have for a functioning democracy, the original summary was about the failings of contractors to follow basic security guidelines. Not some "hard to define" ideals like "personal integrity", but very specific guidelines that have existed for years and are (mostly) freely available to the public at large. If every government agency would just "do their job" in regards to ITSec and follow the REQUIRED published guidelines, many of these breaches would have been stopped.
I don't have technical knowledge on things like the OPM hack, but I am willing to bet that that breech (in the way it actually happened) could have been avoided if they had bothered to properly implement 800-171. Personally, I feel that ALL companies that deal with any financial data (looking at you EQUIFAX), health information, or other "personal sensitive data" should be required to follow NIST guidelines. It should be part of regulatory requirements; unfortunately our current administration is moving towards "less burdensome regulations" rather than towards compliance so we should expect to see breeches like this happening far more often in the future.
And yet nothing you listed has anything to do with the issues listed in the summary: "botnet infections", "network security", and "email security". The current problems have very little to do with your list, unless your claiming that very "unethical contractors" are the ones running the botnets and purposely compromising network security.
The absolutely most loyal network admin will have a difficult time stopping end users from clicking on phishing emails. Stupidity doesn't stop because of "patriotism".
The REAL problem is the contractors are not forced to follow already existing security publications. My current position deals directly with this; I'm working on finishing up NIST 800-171 compliance for a DoD contractor. My ability to hist the various requirements, implement the STIGs, has ZERO to do with my extended family, faith, or feelings on human rights. The correct "separations of powers" in our IT means that even if I wanted to somehow compromise our network, other people working there would notice pretty quickly. I may implement a GPO, but my boss gets a report on what GPOs have been modified and by whom, for example. I'm not the only person running STIG audits, I'm not the only person at our company doing "security related stuff".
What REALLY needs to happen is the feds need to step up on their compliance audits; first going over EVERY department on a 800-171 or 800-53 (for the actual DoD) level...and work their way out down the contractor tree. IMHO, our "election system" should be at least 171 compliant but "STATES RIGHTS!" get in the way.
Is what this is all about. If you've had to work with the various DISA stigs, then you know just how much software can't really easily be deployed. You can't just "run linux and a VM for Windows", because there are only SPECIFIC versions of Red Hat that have STIGs that allow it to be "properly audited". Getting a "Certificate to field" is a complicated, torturous route that must be re-done for each different enclave the CtF is for. Software like MySQL doesn't even have a STIG, so all of that is out the window.
And it then there is Trusted Platform compatibility, Fedramp certified cloud, etc. My current job is working towards 800-171 certification, which is a watered-down version of 800-53. It's still a huge PITA, but these standards are needed because of APTs and stupid end-users. IMHO, your "electronic election system" should at least be at 800-171, but "STATES RIGHTS" means easily hackable machines.
Because that adds a whole huge issue doing your 800-53 auditing.
It does push DuoLingo, Bing News, Pandora, Eclipse Manager, etc.
Or use the "Long Term Service Branch" Enterprise edition, that doesn't get "feature updates" (AppX packages in layman's terms). However, it's not "so easy" to disable everything. You have to rip out all the AppX installs, then the AppXPackages, and then go into several "System folders", change permissions, and start deleting them. Be careful though, things like Calculator are now "Store apps" so just ripping out every Store app will remove half the normal features users are used to.
If you don't do all the above, then the next new user that logs in will probably have a bunch of new apps show up. Another step is to clean up a profile, remove all the tiles, then export the startlayout into the Default user Shell profile directory.
Even more baked-in shit I probably can't remove. I've been fighting with Win10E trying to rip out shit like Pandora, DuoLingo, Eclipse Manager...I've done the getappx -allusers uninstalls, getappxpackage uninstalls, every registry entry I can find relating to them. Yet still, whenever a new user on a box logs in...BOOM THEIR BACK.
Why can't Microsoft have a "store free" version for Enterprises who don't want their users to install random games and apps? My organization has to be 800-171 compliant, so keeping out unknown data leaks in a must. I can't convince management to use Long Term Branch Edition, because we're not sure how the whole "no feature updates" works with the STIG requirements. WHY THE F@CK DOES AN "ENTERPRISE OS" HAVE UNREMOVABLE XBOX APPLICATIONS?
the 91 sites the researchers had manually coded as “junk news” I want this list; I could then put them into the corporate firewall to see which users are the most easily manipulated with gossip and rumors!
A clear and easy path to migrate off Citrix ZenServer, once enough of the current features are duplicated. Making the whole thing 800-171 compliant would also open up a huge niche market.
It's still super-difficult to remove all of M$'s "AppX" crap. Even after running a 50-line Powershell script for both AppX and AppXPackages, my syspreped image updated itself and re-installed DuoLingo, Pandora, MSN News, etc. At least the Cortana removal seems to stick. I'm working on some GPO's to keep it all off, but its all TOTAL BULLSHIT.
Why is God's name does my "Enterprise" OS come with Xbox shit that is "part of the OS" and unremovable? We are trying to make Win10E NIST 800-171 compliant, and I doubt there is any way in HELL to get it 800-53 compliant.
There are rumors of a DoD-level "version" of Win10, that I assume M$ handed it's source code to the Feds and said "here, do with it what you need" to get it complaint. Of course, the rest of the population still has to deal with their advertising, "pushed apps", and more showing up.
"can't deduct the property tax on their big mansions" Sure they can! All they need to do is transfer the house into a pass-though trust, re-structure their actual income to go through several similar trusts, funnel income through various tax-avoidance systems in various islands, and a long list of other types of systems. "Normal people" don't have the wealth required to make use of this, but the 1% does. Raising taxes on them just makes them funnel even more money out of the "normal system".
The 99% and the 1% exist in two completely different economies, two completely different monetary systems. These wealth protection schemes cross several oceans, different countries, and are not designed for us peasantry.
"because the actual cost had been negotiated by some unseen, unknown entity" I've been told it's negotiations between Cthulhu and the Hypnotoad, written down in non-Euclidean petroglyphs. Sure, they COULD show you these contracts, but it would break your puny human brain and immediately drive you insane.