> Companies don't want to pony up the costs and resources to fix this crap. Good intentions are failing to keep companies secure
Fire safety was a similar issue a hundred years ago. The insurance companies created Underwriters Laboratories (UL Listed) and the National Fire Protection Association, which writes the fire code. Companies buy insurance against fire, and their insurance company, in order to reduce their own cost of claims, insists that the companies meet fire codes and otherwise operate safely to minimize the risk of fire. That has worked well.
The costs are a very real and legitimate issue. A magazine publisher should NOT spend $50 million to protect from the names of their subscribers being leaked. The cost would be too high relative to the risk. Spending too much on security is a mistake just as spending too little is. Spending on security increases costs, it makes products and services cost more for the consumer. It's all about calculating the *right* amount of spending to mitigate the risk by the right amount.
As it happens, insurance companies are experts at calculating risks and costs. I expect over time they'll get involved in cyber security in a similar way as they are involved in greatly reducing fire risk.
For a thousand bucks or so, Equifax could have had our company inspecting their tools daily, scanning for any accessible systems with security issues, including the issues in the Struts plugins.
We would have also provided them with detection systems that would have caught the attempt to load the massive amount of data via the vulnerability, and systems to detect the attempt to exfiltrate the data, again at a very reasonable cost. These include 24/7 monitoring by our SOC. So if they had been even competent enough to simply sign up with a decent security provider, they would have been protected three times over.
ALL software beyond "hello world" has bugs.* A competent CIO, or even a competent programmer or network engineer, knows that and plans accordingly. Any CIO or CSO whose security planning pretends that there server software is perfect is incompetent. A software bug didn't cause this - plenty of other organizations used the same software, but didn't get breached because they had scanning and alerting set up, so they mitigated the flaw immediately after it became known.
*. All software has flaws, and well known proprietary software such as Windows, MS Office, Flash, and Oracle Java are an order of magnitude worse than well known open source software such as Linux, Libre office, Apache httpd, etc. My database I manage at work has almost every known vulnerability cataloged and rated for several measurements of severity. There's no comparison - there simply is not pride of workmanship in code nobody is allowed to see. Open source programmers know they are being judged personally for the code they put on display and it makes a HUGE difference in code quality.
>Bitcoin has value mostly as the original and primary blockchain currency.
Indeed. Even if one were to assume that crypto-currency would be around forever, that doesn't imply the same for Bitcoin. Bitcoin's value, compared to other crypto-currency, is basically because it's popular. In a way, it's popular because it's popular. Much like the leading social network. Plenty of sites offer features similar to Facebook, but people use Facebook because that's what their friends use. Everybody is on Facebook because everybody is on Facebook. But many of us remember when Myspace was the one everybody used. Just because Myspace was dominant didn't mean it would remain dominant, or even relevant. It was replaced by Facebook, and the fall of Myspace was pretty rapid. Similarly, Bitcoin could be replaced by Facecoin at any time.
There are many people who do Bitcoin arbitrage. Software for doing so is readily available. Exchange fees and the time required to settle transactions limit the profitability and increase the risk. You don't know for sure if your transaction will settle until days later. Recently, there were 200,000 transactions awaiting settlement.
There is also risk from exchange issues, and not just frauds and hacks. An FDIC-insured bank has to prove it has sufficient assets to cover liabilities, both liquid and long term. With no such regulation of Bitcoin exchanges, it's natural for exchanges to try to increase profits by pushing the limits on liabilities vs actual cash available. An honest but eager exchange owner can easily accidentally create a situation in which they aren't able to make promised pay outs.
I absolutely understand the feeling, the gut reaction, that somehow that just isn't fair.
> If Tesla can sell the same hardware at different price points and still make a profit then the higher price point is simply profiteering.
"And still make a profit", you say. Newsflash - Tesla is not making a profit. They lose money on every car.
So our gut reaction at first of "that doesn't seem right" tells us we should look into it more. Looking into it, we find the situation is more complex than our initial, visceral first impression accounted for.
That seems to be a common thing. Often, our gut, based on first impressions, tells us one thing, but upon further analysis we find out that our first idea would be counter-productive. For example, commenting on the Equifax story, several commentors immediately said "automatically levy huge fines against any company that bgets hacked, and throw the management in prison. That'll fix it." At a guy level that feels good. Actual historical information shows us that what that does is create a huge incentive to hide any breaches. To make things safer, high penalities for accidents don't work - defining and enforcing safety standards BEFORE something bad happens is what works. Penalize companies and people for being reckless, those who fail to follow preventative safety practices - whether or not they get lucky and there is no major damage.
In the case of price differentiation, such as here, what it boils down to is that a few people who want the luxury of a little bit extra choose to pay a lot for it, therefore subsidizing the lower cost for the standard model most people get. It reduces the cost paid by the average buyer.
There are basically two possible responses when someone, or a group of people, points out something you didn't think about.
Some people try to LOOK smart by continuing to argue and hope to convince readers that they know better than all of the experts. People take this to absurd extremes, to the point of arguing that it's a good idea to allow random JavaScript from any web site (or ad) to read all of your passwords.
Another type of response is to actually BE smart and learn something. These people respond with "that's a good point; I hadn't thought about that."
The thing about the first option, trying to look smarter than the experts, is that you end up trying to argue that you really want every ad on the web to have access to your bank password, and then you look dumb. Trying to look smarter just makes you look dumb. But not any ordinary dumb. The information has been presented to you and you've purposely refused to learn anything - intentional ignorance. That's extra dumb, when a person chooses, even fights, to avoid learning anything.
> cannot argue the details with you about browser extension security or isolation from possible attack vectors... there have never to my knowledge been any compromises.
Tavis looked at LastPass in March and reported THREE different ways for web sites (malicious JavaScript and frames) to get at all of your LastPass passwords. That's what ONE guy found in just ONE month. The technical details may not be for you, but here's an article in the popular tech press about them:
I would bet my team will find at least one more if LastPass shows up on our 18-hour test we do four times per year. Basically, we get 18 hours to find as many vulnerabilities as we can in an array of software.
My company, a security company, is looking at password managers for internal use. The various security experts inside the company have been discussing LastPass.
The general consensus is that IF we use a cloud-based password manager, LastPass is a reasonable choice. However multiple co-workers and myself agree that the browser plug-in is a major risk. The browser is the #1 target not attacks, by far, and their browser plug-in is known to have security problems in the past. The browser, and therefore malicious JavaScript, should NOT have direct access to all of your passwords, in our opinion. Rather, we point out it is much more secure to copy/paste the one password you want to use at the moment from the password manager to the browser.
Additionally, if for some reason a user WAS going to use a password manager integrated with the browser, the password manager already built-inâ to Chromium / Chrome and other browsers has a better security record than LastPass.
Therefore, it is our opinion that there is more or less no use case for which the LastPass browser extension would be an appropriate solution.
Typically your private key is encrypted with a passphrase. So an attacker would need to both have your device and know your passphrase.
Typically you have one key/certificate per role; I have a certificate for work, for ray@company.com, that is different from my personal cert.
You see this all the time when you authenticate the company you're talking to via https SSL - https://ebay.com/ has one cert, not a different cert for every user. Their cert identifies eBay's web server - same cert presented to everyone. On the other hand, they probably use a different cert for email and code signing than they use for their web server. The server authenticating you works almost exactly like you authenticating the server. The difference is that often the server cert has an empty passphrase so that an admin doesn't have to type in the passphrase on each reboot.
I understand your frustration. The purpose of those questions is, of course, as a backup because people forget / lose their password.
> If my 20-length complex password of random digits, numbers, and special characters
Unless you're re-using the same password on all sites (bad idea) and never changing it (another bad idea) you're probably storing them somewhere rather than memorizing a dozen different sets of 20 random characters which means you could lose it. In which case you'll need to use the security questions to access your account.
So what to do? Entering gibberish means you may end up permanently locked out of your accounts, when you lose your passwords. What you can do is answer the questions will Bi CLINTON'S information, or Steve Jobs, or Mariah Carey. When it asks what city you were born in, enter the city Steve Jobs was born in. That way people can't break into your accounts by entering information about you; they'd have to know to instead enter information about Jobs or Mister Rogers or whoever you use info from.
The average annualized return of the S&P 500 Index was 11.69% from 1973 - 2016. For the last ten years, it's been 11.4%.
With average returns, to amass $900,000 over 20 years, requires an investment of $12,015 / year. So roughly 10% of your income for most of us. HOWEVER, most of us probably work for employers who will match at least 3%, so we only need to invest about 7% ourselves.
If you make only $60,000 a year, and never get a raise, to be a millionaire in 20 years you need to invest about 15%-20% of your income.
But it gets even easier when you consider housing. On average, rent costs more than a mortgage payment (necessarily, so that landlords are compensated for risk by making a profit). In other words, it would cost you LESS to buy your house than to rent it. Then in the end you have a house you can sell for $300,000 or however much, without ever paying any more than you would have already been paying to rent.
Once you include a portion of your mortgage as an investment, you need to put aside only 7%-10% of your income into index mutual funds in order to become a millionaire.
Previously, Alphabet had a division that builds self-driving cars, called Waymo, another division that makes smart thermostats, another that makes Android, etc. Dozens of unrelated product lines. It's awkward and difficult to manage so many different projects as one company. What reason is there to keep them all together as divisions of the company? It just makes sense for these separate products, in different industries, so be separate companies. The new holding company allows them to be separate companies, managed separately. They can easily be sold off whenever it makes sense to do so. The holding company will own stock in each of the new seperate companies.
> When you have too much money and too many employees.
Yes, they had too many employees in too many completely different lines of business, all under one awkwardly large company.
> Meaningless wankery.
Now they are splitting different subsidiaries that do different things, like Waymo, into distinctly separate companies. Each company will have fewer employees, and be more focused. That's not meaningless.
Certainly the biggest ISPs tend to treat consumers poorly, and they implicitly "conspire"* with the politicians they have on their payroll. Which has absolutely nothing whatsoever to do with trying to explain traffic shaping and policing to the average consumer, such as yourself, who has no idea what traffic policing is, nor even such basic parameters as jitter.
When I buy an upstream network connection, there is a full page of specifications describing how "good" that connection is. Things like percentage flows may have jitter greater than 80ms? You need a lot of numbers to specify how "good" a connection is. Since you, and the average consumer, don't know what service levels you want and how to measure the different parameters, it's really impossible to explain to you how those parameters are affected by usage patterns in an optimized network. We can say THIS much to be HONEST "sometimes your connection will be 'faster', sometimes it will be 'slower'. It depends on a number of factors, including your total transfer usage for the period." One can also honestly say "we prioritize your first 5GB each month". Trying to explain it in much further detail is a tad pointless.
> Of course there is a physical limit to what they can provide
And an incompetent network engineer would allow one user to hog it all up hosting a tube site, as I said. Any network of appreciable size is going to have competent admins who set it up so that the distribution of resources is roughly "fair" - you don't have one guy hogging it, leaving little for everyone else.
There are lots of ways to configure "fair". One of the best strategies is to say every individual definitely gets their share at top speed, the heaviest users are free to use more as it's available. That is, if you use 3GB / month, and I use 300 GB, I'm not allowed to crowd you out. Instead, you get your fair share at max speed, my "excessive" packets are queued behind your "fair share" packets. (Unless other rules, such as protocol based rules, put them into a completely separate queue, possibly on a different type of router).
Obviously all companies, ISPs included, should be upfront with their customers. Unfortunately, there are 600+ page books about traffic policing, shaping and prioritization - the right rules for a network like Verizon's are super complex, maybe 60 pages of configuration in total, if not more. Communicating all that to the average customer is nearly impossible, so the marketing people have a challenge in how to be both completely upfront and understandable at the same time.
> It would be news if they were imposing the caps while saying they were uncapped.
Which is redundant. You could just as easily say "ISPs which don't list what their limits are". All ISPs have limited resources, they can only transit a certain amount of data. Only the tiniest, with fewer than 1,000 customers, can't afford a decent network engineer who will prevent one customer from hogging all the resources.
> I'd be very surprised if Amazon profited off of literally every > Prime subscription vs. users just getting the same stuff a la carte. They have to offer Prime to those people as an opportunity cost to get Prime to others.
They can, and perhaps do, "lose" money in that most customers, prime gets them less than what ala carte shipping would get them for the same items. Prime isn't, and shouldn't be, valued that way by Amazon.
The point, I think, is that ala carte customers will buy a few items from Amazon, a few from Walmart, some from eBay, few from Tiger Direct, some from Crutchfield... Ala carte customers can easily drift away from using Amazon at all. Once people pay $99 for Prime, they are likely to go to Amazon first for almost all online purchases. That, I think, is the point of Amazon Prime. The main value for Amazon isn't getting the $99, it's havimg a customer committed to Amazon.
Zillow demanded that the blogger stop cribbing images from Zillow, citing agreements Zillow has with the photographers who own the copyrights. The blogger agreed to do so. Thus the dispute ends.
The headline here is click bait. A perfectly accurate headline would be "blogger agrees to stop unlawfully using copyrighted images without license".
Yes, if you can express any such security rule in English, you can do it with Selinux.
Only this role (group of users) can access this set of files, and only by running these programs, and only has read/write/execute permission. There are other attributes you can use as well.
SELinux was released it in 1998.
It's particularly well suited to servers. You can say exactly what your mail server software, or Apache web server, has access to, under exactly what conditions.
Often enough, people no longer have access to the email address they used when they signed up a long time ago. So while "a link in an email" is the default password reset, most popular sites offer other mechanisms as well.
Perhaps we should talk. I've been working in and around security for 20 years. Currently I develop a scanner which competes with Nessus and Rapid 7. We run comparison scans comparing our product to those two weekly. Where are you located?
Yes the SIZE of a company is it's market cap, period. Revenue is revenue, profit is profit, and size is size - capitalization.
If you want to compare to Lenovo, first yes tablet computers are computers; they are the computers that everyone is buying. And Apple sells more of them than anyone. You want to pretend a tablet computer isn't a computer? You want to look only at old-fashioned desktops? Okay, Lenovo makes 1.4% on each desktop they sell. Apple makes 19%. So Apple makes more money selling desktops than Lenovo does.
> Apple needs to get back to it's roots for PC, computers as a hobby.
Apple could do that if somehow their products completely failed and they were in survival mode. Apple is currently the largest computer company in the world and the ninth largest company in the world. They sell 17 MILLION Macs every year, for 23 BILLION dollars in Mac sales.
The entire "computers as a hobby" market is maybe a 23 million dollars each year, one tenth of one percent of Mac sales. They would literally give up 99.9% of their sales by focusing on people who want to tinker with their computers. To make it worse, they'd lose most of their margin. Hobbyists aren't going to buy Apple-branded RAM for $300 if they can get similarly speced RAM from Kingston for $200.
What definitely needs to be done in-house is whatever your company is supposed to be good at. Ford designs and assembles cars - they shouldn't outsource the design and assembly of cars because that's what they DO - if they stop making cars, they are no longer doing anything and have no reason to exist. Ford is not in the business of making cleaning products, so they probably shouldn't make the cleaning products they use. They should outsource that, buying cleaning products from SC Johnson or someone. Ford is not in the business of cleaning carpets, so that's also a candidate for outsourcing.
Once you have a list of items that can be outsourced because they aren't your "core competencies", they "make or buy" decision becomes mostly a matter of arithmetic. For the same budget cost, will you get it done better by hiring people to do it, or by hiring a conpany to do it? Equivalently, for the same level of quality, does it cost less to pay in-house people to do it or to an outside source? Probably, you'll find that it's better to get an operating system from an outside source, not make your own.
While there is no hard and fast rule, a rule of thumb is to consider the company next door. If you could easily buy the same product or service from the same vendor that the company next door uses, and it would serve your purpose, you should probably do so. General purpose things like office supplies office cleaning, and payroll services should be purchased, not manufactured in house, because there is no competitive advantage to be gained from having better office supplies than the other company.
Slashdot Mirror
> Companies don't want to pony up the costs and resources to fix this crap. Good intentions are failing to keep companies secure
Fire safety was a similar issue a hundred years ago. The insurance companies created Underwriters Laboratories (UL Listed) and the National Fire Protection Association, which writes the fire code. Companies buy insurance against fire, and their insurance company, in order to reduce their own cost of claims, insists that the companies meet fire codes and otherwise operate safely to minimize the risk of fire. That has worked well.
The costs are a very real and legitimate issue. A magazine publisher should NOT spend $50 million to protect from the names of their subscribers being leaked. The cost would be too high relative to the risk. Spending too much on security is a mistake just as spending too little is. Spending on security increases costs, it makes products and services cost more for the consumer. It's all about calculating the *right* amount of spending to mitigate the risk by the right amount.
As it happens, insurance companies are experts at calculating risks and costs. I expect over time they'll get involved in cyber security in a similar way as they are involved in greatly reducing fire risk.
For a thousand bucks or so, Equifax could have had our company inspecting their tools daily, scanning for any accessible systems with security issues, including the issues in the Struts plugins.
We would have also provided them with detection systems that would have caught the attempt to load the massive amount of data via the vulnerability, and systems to detect the attempt to exfiltrate the data, again at a very reasonable cost. These include 24/7 monitoring by our SOC. So if they had been even competent enough to simply sign up with a decent security provider, they would have been protected three times over.
ALL software beyond "hello world" has bugs.* A competent CIO, or even a competent programmer or network engineer, knows that and plans accordingly. Any CIO or CSO whose security planning pretends that there server software is perfect is incompetent. A software bug didn't cause this - plenty of other organizations used the same software, but didn't get breached because they had scanning and alerting set up, so they mitigated the flaw immediately after it became known.
*. All software has flaws, and well known proprietary software such as Windows, MS Office, Flash, and Oracle Java are an order of magnitude worse than well known open source software such as Linux, Libre office, Apache httpd, etc. My database I manage at work has almost every known vulnerability cataloged and rated for several measurements of severity. There's no comparison - there simply is not pride of workmanship in code nobody is allowed to see. Open source programmers know they are being judged personally for the code they put on display and it makes a HUGE difference in code quality.
>Bitcoin has value mostly as the original and primary blockchain currency.
Indeed. Even if one were to assume that crypto-currency would be around forever, that doesn't imply the same for Bitcoin. Bitcoin's value, compared to other crypto-currency, is basically because it's popular. In a way, it's popular because it's popular. Much like the leading social network. Plenty of sites offer features similar to Facebook, but people use Facebook because that's what their friends use. Everybody is on Facebook because everybody is on Facebook. But many of us remember when Myspace was the one everybody used. Just because Myspace was dominant didn't mean it would remain dominant, or even relevant. It was replaced by Facebook, and the fall of Myspace was pretty rapid. Similarly, Bitcoin could be replaced by Facecoin at any time.
There are many people who do Bitcoin arbitrage. Software for doing so is readily available. Exchange fees and the time required to settle transactions limit the profitability and increase the risk. You don't know for sure if your transaction will settle until days later. Recently, there were 200,000 transactions awaiting settlement.
There is also risk from exchange issues, and not just frauds and hacks. An FDIC-insured bank has to prove it has sufficient assets to cover liabilities, both liquid and long term. With no such regulation of Bitcoin exchanges, it's natural for exchanges to try to increase profits by pushing the limits on liabilities vs actual cash available. An honest but eager exchange owner can easily accidentally create a situation in which they aren't able to make promised pay outs.
I absolutely understand the feeling, the gut reaction, that somehow that just isn't fair.
> If Tesla can sell the same hardware at different price points and still make a profit then the higher price point is simply profiteering.
"And still make a profit", you say. Newsflash - Tesla is not making a profit. They lose money on every car.
So our gut reaction at first of "that doesn't seem right" tells us we should look into it more. Looking into it, we find the situation is more complex than our initial, visceral first impression accounted for.
That seems to be a common thing. Often, our gut, based on first impressions, tells us one thing, but upon further analysis we find out that our first idea would be counter-productive. For example, commenting on the Equifax story, several commentors immediately said "automatically levy huge fines against any company that bgets hacked, and throw the management in prison. That'll fix it." At a guy level that feels good. Actual historical information shows us that what that does is create a huge incentive to hide any breaches. To make things safer, high penalities for accidents don't work - defining and enforcing safety standards BEFORE something bad happens is what works. Penalize companies and people for being reckless, those who fail to follow preventative safety practices - whether or not they get lucky and there is no major damage.
In the case of price differentiation, such as here, what it boils down to is that a few people who want the luxury of a little bit extra choose to pay a lot for it, therefore subsidizing the lower cost for the standard model most people get. It reduces the cost paid by the average buyer.
There are basically two possible responses when someone, or a group of people, points out something you didn't think about.
Some people try to LOOK smart by continuing to argue and hope to convince readers that they know better than all of the experts. People take this to absurd extremes, to the point of arguing that it's a good idea to allow random JavaScript from any web site (or ad) to read all of your passwords.
Another type of response is to actually BE smart and learn something. These people respond with "that's a good point; I hadn't thought about that."
The thing about the first option, trying to look smarter than the experts, is that you end up trying to argue that you really want every ad on the web to have access to your bank password, and then you look dumb. Trying to look smarter just makes you look dumb. But not any ordinary dumb. The information has been presented to you and you've purposely refused to learn anything - intentional ignorance. That's extra dumb, when a person chooses, even fights, to avoid learning anything.
> cannot argue the details with you about browser extension security or isolation from possible attack vectors ... there have never to my knowledge been any compromises.
Tavis looked at LastPass in March and reported THREE different ways for web sites (malicious JavaScript and frames) to get at all of your LastPass passwords. That's what ONE guy found in just ONE month. The technical details may not be for you, but here's an article in the popular tech press about them:
http://arstechnica.com/informa...
I would bet my team will find at least one more if LastPass shows up on our 18-hour test we do four times per year. Basically, we get 18 hours to find as many vulnerabilities as we can in an array of software.
My company, a security company, is looking at password managers for internal use. The various security experts inside the company have been discussing LastPass.
The general consensus is that IF we use a cloud-based password manager, LastPass is a reasonable choice. However multiple co-workers and myself agree that the browser plug-in is a major risk. The browser is the #1 target not attacks, by far, and their browser plug-in is known to have security problems in the past. The browser, and therefore malicious JavaScript, should NOT have direct access to all of your passwords, in our opinion. Rather, we point out it is much more secure to copy/paste the one password you want to use at the moment from the password manager to the browser.
Additionally, if for some reason a user WAS going to use a password manager integrated with the browser, the password manager already built-inâ to Chromium / Chrome and other browsers has a better security record than LastPass.
Therefore, it is our opinion that there is more or less no use case for which the LastPass browser extension would be an appropriate solution.
Typically your private key is encrypted with a passphrase. So an attacker would need to both have your device and know your passphrase.
Typically you have one key/certificate per role; I have a certificate for work, for ray@company.com, that is different from my personal cert.
You see this all the time when you authenticate the company you're talking to via https SSL - https://ebay.com/ has one cert, not a different cert for every user. Their cert identifies eBay's web server - same cert presented to everyone. On the other hand, they probably use a different cert for email and code signing than they use for their web server. The server authenticating you works almost exactly like you authenticating the server. The difference is that often the server cert has an empty passphrase so that an admin doesn't have to type in the passphrase on each reboot.
I understand your frustration. The purpose of those questions is, of course, as a backup because people forget / lose their password.
> If my 20-length complex password of random digits, numbers, and special characters
Unless you're re-using the same password on all sites (bad idea) and never changing it (another bad idea) you're probably storing them somewhere rather than memorizing a dozen different sets of 20 random characters which means you could lose it. In which case you'll need to use the security questions to access your account.
So what to do? Entering gibberish means you may end up permanently locked out of your accounts, when you lose your passwords. What you can do is answer the questions will Bi CLINTON'S information, or Steve Jobs, or Mariah Carey. When it asks what city you were born in, enter the city Steve Jobs was born in. That way people can't break into your accounts by entering information about you; they'd have to know to instead enter information about Jobs or Mister Rogers or whoever you use info from.
He also assumed a return of only 5%
The average annualized return of the S&P 500 Index was 11.69% from 1973 - 2016. For the last ten years, it's been 11.4%.
With average returns, to amass $900,000 over 20 years, requires an investment of $12,015 / year. So roughly 10% of your income for most of us. HOWEVER, most of us probably work for employers who will match at least 3%, so we only need to invest about 7% ourselves.
If you make only $60,000 a year, and never get a raise, to be a millionaire in 20 years you need to invest about 15%-20% of your income.
But it gets even easier when you consider housing. On average, rent costs more than a mortgage payment (necessarily, so that landlords are compensated for risk by making a profit). In other words, it would cost you LESS to buy your house than to rent it. Then in the end you have a house you can sell for $300,000 or however much, without ever paying any more than you would have already been paying to rent.
Once you include a portion of your mortgage as an investment, you need to put aside only 7%-10% of your income into index mutual funds in order to become a millionaire.
Previously, Alphabet had a division that builds self-driving cars, called Waymo, another division that makes smart thermostats, another that makes Android, etc. Dozens of unrelated product lines. It's awkward and difficult to manage so many different projects as one company. What reason is there to keep them all together as divisions of the company? It just makes sense for these separate products, in different industries, so be separate companies. The new holding company allows them to be separate companies, managed separately. They can easily be sold off whenever it makes sense to do so. The holding company will own stock in each of the new seperate companies.
> When you have too much money and too many employees.
Yes, they had too many employees in too many completely different lines of business, all under one awkwardly large company.
> Meaningless wankery.
Now they are splitting different subsidiaries that do different things, like Waymo, into distinctly separate companies. Each company will have fewer employees, and be more focused. That's not meaningless.
Certainly the biggest ISPs tend to treat consumers poorly, and they implicitly "conspire"* with the politicians they have on their payroll. Which has absolutely nothing whatsoever to do with trying to explain traffic shaping and policing to the average consumer, such as yourself, who has no idea what traffic policing is, nor even such basic parameters as jitter.
When I buy an upstream network connection, there is a full page of specifications describing how "good" that connection is. Things like percentage flows may have jitter greater than 80ms? You need a lot of numbers to specify how "good" a connection is. Since you, and the average consumer, don't know what service levels you want and how to measure the different parameters, it's really impossible to explain to you how those parameters are affected by usage patterns in an optimized network. We can say THIS much to be HONEST "sometimes your connection will be 'faster', sometimes it will be 'slower'. It depends on a number of factors, including your total transfer usage for the period." One can also honestly say "we prioritize your first 5GB each month". Trying to explain it in much further detail is a tad pointless.
> Of course there is a physical limit to what they can provide
And an incompetent network engineer would allow one user to hog it all up hosting a tube site, as I said. Any network of appreciable size is going to have competent admins who set it up so that the distribution of resources is roughly "fair" - you don't have one guy hogging it, leaving little for everyone else.
There are lots of ways to configure "fair". One of the best strategies is to say every individual definitely gets their share at top speed, the heaviest users are free to use more as it's available. That is, if you use 3GB / month, and I use 300 GB, I'm not allowed to crowd you out. Instead, you get your fair share at max speed, my "excessive" packets are queued behind your "fair share" packets. (Unless other rules, such as protocol based rules, put them into a completely separate queue, possibly on a different type of router).
Obviously all companies, ISPs included, should be upfront with their customers. Unfortunately, there are 600+ page books about traffic policing, shaping and prioritization - the right rules for a network like Verizon's are super complex, maybe 60 pages of configuration in total, if not more. Communicating all that to the average customer is nearly impossible, so the marketing people have a challenge in how to be both completely upfront and understandable at the same time.
> It would be news if they were imposing the caps while saying they were uncapped.
Which is redundant. You could just as easily say "ISPs which don't list what their limits are". All ISPs have limited resources, they can only transit a certain amount of data. Only the tiniest, with fewer than 1,000 customers, can't afford a decent network engineer who will prevent one customer from hogging all the resources.
> I'd be very surprised if Amazon profited off of literally every
> Prime subscription vs. users just getting the same stuff a la carte. They have to offer Prime to those people as an opportunity cost to get Prime to others.
They can, and perhaps do, "lose" money in that most customers, prime gets them less than what ala carte shipping would get them for the same items. Prime isn't, and shouldn't be, valued that way by Amazon.
The point, I think, is that ala carte customers will buy a few items from Amazon, a few from Walmart, some from eBay, few from Tiger Direct, some from Crutchfield ... Ala carte customers can easily drift away from using Amazon at all. Once people pay $99 for Prime, they are likely to go to Amazon first for almost all online purchases. That, I think, is the point of Amazon Prime. The main value for Amazon isn't getting the $99, it's havimg a customer committed to Amazon.
Zillow demanded that the blogger stop cribbing images from Zillow, citing agreements Zillow has with the photographers who own the copyrights. The blogger agreed to do so. Thus the dispute ends.
The headline here is click bait. A perfectly accurate headline would be "blogger agrees to stop unlawfully using copyrighted images without license".
Yes, if you can express any such security rule in English, you can do it with Selinux.
Only this role (group of users) can access this set of files, and only by running these programs, and only has read/write/execute permission. There are other attributes you can use as well.
SELinux was released it in 1998.
It's particularly well suited to servers. You can say exactly what your mail server software, or Apache web server, has access to, under exactly what conditions.
Often enough, people no longer have access to the email address they used when they signed up a long time ago. So while "a link in an email" is the default password reset, most popular sites offer other mechanisms as well.
Perhaps we should talk. I've been working in and around security for 20 years. Currently I develop a scanner which competes with Nessus and Rapid 7. We run comparison scans comparing our product to those two weekly. Where are you located?
Yes the SIZE of a company is it's market cap, period. Revenue is revenue, profit is profit, and size is size - capitalization.
If you want to compare to Lenovo, first yes tablet computers are computers; they are the computers that everyone is buying. And Apple sells more of them than anyone. You want to pretend a tablet computer isn't a computer? You want to look only at old-fashioned desktops? Okay, Lenovo makes 1.4% on each desktop they sell. Apple makes 19%. So Apple makes more money selling desktops than Lenovo does.
> Apple needs to get back to it's roots for PC, computers as a hobby.
Apple could do that if somehow their products completely failed and they were in survival mode. Apple is currently the largest computer company in the world and the ninth largest company in the world. They sell 17 MILLION Macs every year, for 23 BILLION dollars in Mac sales.
The entire "computers as a hobby" market is maybe a 23 million dollars each year, one tenth of one percent of Mac sales. They would literally give up 99.9% of their sales by focusing on people who want to tinker with their computers. To make it worse, they'd lose most of their margin. Hobbyists aren't going to buy Apple-branded RAM for $300 if they can get similarly speced RAM from Kingston for $200.
What definitely needs to be done in-house is whatever your company is supposed to be good at. Ford designs and assembles cars - they shouldn't outsource the design and assembly of cars because that's what they DO - if they stop making cars, they are no longer doing anything and have no reason to exist. Ford is not in the business of making cleaning products, so they probably shouldn't make the cleaning products they use. They should outsource that, buying cleaning products from SC Johnson or someone. Ford is not in the business of cleaning carpets, so that's also a candidate for outsourcing.
Once you have a list of items that can be outsourced because they aren't your "core competencies", they "make or buy" decision becomes mostly a matter of arithmetic. For the same budget cost, will you get it done better by hiring people to do it, or by hiring a conpany to do it? Equivalently, for the same level of quality, does it cost less to pay in-house people to do it or to an outside source? Probably, you'll find that it's better to get an operating system from an outside source, not make your own.
While there is no hard and fast rule, a rule of thumb is to consider the company next door. If you could easily buy the same product or service from the same vendor that the company next door uses, and it would serve your purpose, you should probably do so. General purpose things like office supplies office cleaning, and payroll services should be purchased, not manufactured in house, because there is no competitive advantage to be gained from having better office supplies than the other company.
'ere
[Coughing]