So because Amazon is being a prick and violating terms of use, Google should block... users that aren't Amazon?
That's some incredible thinking you've got there. Very fanboy-ish.
How about if Google has a problem with Amazon products that violate Google terms of use, then maybe Google should take some action directly against Amazon, and leave users that:
A. have no idea what the hell;
and B. couldn't give a rats ass anyway
out of it.
Google is stooping to Amazon levels of asshattery here, and doesn't need you to make excuses for them.
Yeah, because spending millions of dollars to on planning, buying hardware, imaging, installing, testing, and migrating hundreds if not thousands of servers to replace a production data center or two as a massive overreaction is a super feasible plan.
Or you could install a patch that reduces performance but makes you secure right now (though if you are doing your job right as an administrator, your servers are not running with the CPU pegged anyway, because that would mean you under-provisioned for growth and scaling) and re-evaluate technology selections for current and future purchases, as well as evaluating the shortening of operational lifetime of installed equipment in order to swap out affected systems more rapidly, but at higher than projected budgeted costs. Note: higher, not 3x or 4x depending on how much operational lifetime your organization plans on.
"Just move to vendor X" is a great solution if you are just a guy with a laptop, and you were planning to replace that laptop anyway. It is not a feasible suggestion for any business that actually likes being profitable, and is a completely useless suggestion to any medium / large business. Plus, there's the "oh shit now AMD has a design flaw that nobody knew about for the last 10 years" possibility and you're back at square one - grimace and deploy the patch, or make some knee-jerk reaction and spend way too much money on something that isn't really a solution to the problem at hand.
And yet, Charter / Spectrum decided it would be a good idea to raise my bandwidth to 230 mbit/sec and charge me less than I was paying for 60 mbit.
Maybe they understand simple economics better than you think. A regional telco has been rolling fiber here, and it's got the cable company improving service without increasing price... sounds like competition might actually be a thing, and may actually be paying off for the subscribers.
They'll be fine with it, as long as it is "features" a sealed and encrypted software image that reads their sealed, encrypted, DRM'd licensed recipes for making their drugs.
Why wouldn't they want to distribute the manufacturing for recurring license fees, in addition to selling the equivalent of ink-jet cartridges of chemical precursors? That's a god damn gold mine - even more than making the pills themselves.
Especially since if you pay with a VISA or MasterCard backed "debit" card, it defaults to PIN entry.
We've had this in the US for decades. I don't know why anyone would give two damns if their credit card asked for it too, as long as you know what the hell the PIN is.
Except all the signature does today is give you that warm fuzzy feeling that you're authorizing something, without it actually being used for a single thing.
I'd like to thank Visa / MasterCard / American Express for committing to not waste my time asking for something they don't use, and the terminals are amazingly bad at capturing anyway.
Apparently it's now a "flaw" with Kwikset, Schlage, Yale locks if I don't turn the lever on the inside to the 'lock' position. These lock manufacturers must do something about this immediately!
So what you are saying, is that if you set up a PC for security, you shouldn't half ass it?
To be immune from this "flaw": 1. actually provision AMT if it's present on your PC (note: AMT != Intel ME, which is in all chipsets of the last 10 years or so) 2. put a BIOS password to protect from AMT local reset.
This takes about 30 seconds, and it can actually be done en masse if you are doing AMT properly.
Or you could just have the IT guy provision it when he does all the other crap to the machine before it's deployed, and it's no longer a concern. Also, in addition to being immune to this "flaw", you get the remote administration and monitoring advantages of AMT! How about that!
Here's the good news about AMT and vPro: You can spend $30/system to have vPro on it, you can mass-configure with software Intel provides for free (but you need to buy a signed certificate specifically for AMT provisioning that matches your DHCP's DNS suffix for it to work), and then you can remotely reboot provisioned hardware from ISO images to reimage hardware from anywhere in the world, if you have granted access. It just needs to be on your network, and this includes notebooks that are wireless only.
I implemented this at a Fortune 500 that has about 50,000 Windows PCs spread across the US like trading stamps, and contracted with a 3rd party for on-site support. They charged a minimum 2 hours for a service call. vPro paid for itself in the first year just from reimage tickets alone - never mind the cost savings of not having to license a remote viewer for the help desk that is worth a damn and has the required security features for this company (HIPPA).
If you opt-in on something that:
- allows remote access in hardware
- leave it unconfigured
- allow some bad actor physical access then you get what you deserve. Change any one of those three, and you're fine.
I guess using shit that incompetent admins spent extra money for and then left wide open by never configuring is now Intel's fault? This is the manual single-machine way to provision AMT / vPro. The only way this is a "flaw" is because the monkey in IT either didn't know what they were buying, or didn't bother to actually use what they were sold. By the way, once AMT / vPro are configured in any way (and if the admin of a machine is at all smart, they are doing this through a software provisioner when installing the OS in order to make sure the settings are the same each and every time), this "flaw" is no longer an option without the password, or without a few reboots and access to the BIOS.
Oh wait, is being able to press DEL, F1, F12, etc. and access the BIOS because a password wasn't set a "flaw" now too? Because that's the same fucking thing.
Don't want nefarious people configuring your vPro for you? Either don't buy a machine with vPro built in (yes, vPro is different from AMT - AMT is the base tech, vPro is a feature set running on top that allows the remote control, remote boot options, remote BIOS access, etc.), or fucking configure the thing you paid an extra $30 or so for.
What a sensationalist clickbait article that has been completely documented by Intel and the vast majority of their OEMs for like 6 years.
I don't claim to be any kind of semiconductor engineer, but I am a customer that paid for something, and post-facto have a choice between insecure, or less performance than I paid for.
If you think this is fine, then you are either a paid shill or a deluded fanboy.
Apple made imaging the data off the device impossible with the addition of the "Secure Enclave" in the CPU - half of the encryption key comes from a burned-in value inside the CPU at manufacture, and that value is not recorded anywhere.
If you pull an image and attempt to unlock it, you would have to crack 256-bit elliptic curve private keys. Good luck with that.
It's user selectable to have either an increasing hardware-enforced delay between attempts, or wipe-after-X-attempts. iPhone defaults to the first behavior.
Or, if I'm doing something with my phone that the FBI may use to lock me up, how about I just turn off the fingerprint thing and set a password instead of a 4-digit pin. Oh, and turn on the thing that wipes the device after X incorrect attempts. And, because it's an iPhone, you can't extract the flash because half the encryption key is burned into the CPU. Good luck, fuckers.
After all, if I'm conducting some kind of criminal conspiracy involving my phone, why wouldn't I go the whole way to protect it and myself?
The FBI has had their head up their ass on this thing from the start. They should be championing encryption, as it alone is responsible for preventing possibly millions of cross-state-line ID theft and wire fraud cases that they would be saddled with investigating.
DRM and encryption are two different very things that only on the surface appear to be similar.
Encryption is "here is a lock. It's made of a material that cannot be physically compromised, and the lock mechanism has billions of variable length pins at hundreds of different angles along the keyway, making it impossible to pick. I'm keeping the key and only giving it to people I want to. Good luck."
DRM is "here is a lock, and a key. We've also put a bit of gum over the keyhole on the lock. Don't take that off unless we say so, and absolutely don't put the key in there."
You know there's a difference between "investment" and "currency" right? You've created a false equivalency.
I can't pay for a ticket to investor seminars with Tesla or Apple stock either. Nor would I expect to be able to. However, in a conference by and for bitcoin currency fanatics, I would think that being able to pay your way in with Bitcoin would be a given, if it's such a great currency.
If anybody called not accepting gold as currency at a "Gold as an investment" conference (if such a thing exists) ironic, they would just be wrong. Either people need to stop pretending Bitcoin is anything but a wildly inflating speculation bubble with zero tangible assets backing it, or admit there are serious flaws and scale issues with the design that are preventing it's intended use as a currency.
Slashdot Mirror
So because Amazon is being a prick and violating terms of use, Google should block... users that aren't Amazon?
That's some incredible thinking you've got there. Very fanboy-ish.
How about if Google has a problem with Amazon products that violate Google terms of use, then maybe Google should take some action directly against Amazon, and leave users that:
A. have no idea what the hell;
and B. couldn't give a rats ass anyway
out of it.
Google is stooping to Amazon levels of asshattery here, and doesn't need you to make excuses for them.
Yeah, because spending millions of dollars to on planning, buying hardware, imaging, installing, testing, and migrating hundreds if not thousands of servers to replace a production data center or two as a massive overreaction is a super feasible plan.
Or you could install a patch that reduces performance but makes you secure right now (though if you are doing your job right as an administrator, your servers are not running with the CPU pegged anyway, because that would mean you under-provisioned for growth and scaling) and re-evaluate technology selections for current and future purchases, as well as evaluating the shortening of operational lifetime of installed equipment in order to swap out affected systems more rapidly, but at higher than projected budgeted costs. Note: higher, not 3x or 4x depending on how much operational lifetime your organization plans on.
"Just move to vendor X" is a great solution if you are just a guy with a laptop, and you were planning to replace that laptop anyway. It is not a feasible suggestion for any business that actually likes being profitable, and is a completely useless suggestion to any medium / large business. Plus, there's the "oh shit now AMD has a design flaw that nobody knew about for the last 10 years" possibility and you're back at square one - grimace and deploy the patch, or make some knee-jerk reaction and spend way too much money on something that isn't really a solution to the problem at hand.
That's not what Ferrari does.
If you are looking for "affordable" don't even bother reading a press release from Ferrari, Lamborghini, Porsche, etc. You won't find it there.
Why would you think differently?
And yet, Charter / Spectrum decided it would be a good idea to raise my bandwidth to 230 mbit/sec and charge me less than I was paying for 60 mbit.
Maybe they understand simple economics better than you think. A regional telco has been rolling fiber here, and it's got the cable company improving service without increasing price... sounds like competition might actually be a thing, and may actually be paying off for the subscribers.
They'll be fine with it, as long as it is "features" a sealed and encrypted software image that reads their sealed, encrypted, DRM'd licensed recipes for making their drugs.
Why wouldn't they want to distribute the manufacturing for recurring license fees, in addition to selling the equivalent of ink-jet cartridges of chemical precursors? That's a god damn gold mine - even more than making the pills themselves.
Especially since if you pay with a VISA or MasterCard backed "debit" card, it defaults to PIN entry.
We've had this in the US for decades. I don't know why anyone would give two damns if their credit card asked for it too, as long as you know what the hell the PIN is.
The terminal tells the cashier to get a signature from you. There's no line on the receipt for it, but they'll ask you to sign.
I had this exact answer when I was in the Paris airport a month or so ago, and that's what happened.
Except all the signature does today is give you that warm fuzzy feeling that you're authorizing something, without it actually being used for a single thing.
I'd like to thank Visa / MasterCard / American Express for committing to not waste my time asking for something they don't use, and the terminals are amazingly bad at capturing anyway.
Now why would you go and destroy the crux of his incredibly flawed and untrue statement with things like facts and experience?
What kind of argumentative strategy is that?!
Apparently it's now a "flaw" with Kwikset, Schlage, Yale locks if I don't turn the lever on the inside to the 'lock' position. These lock manufacturers must do something about this immediately!
And by "nobody" you mean "all Fortune 500 companies, and hundreds of millions of home users"
Did you even use the link he provided? Did you read anything past "AMD has their own" before clicking reply?
He linked to an article about AMD's own in-hardware sideband management solution that is essentially the same fucking thing as Intel ME / AMT.
Who's the fucking shill now? Fanboyism + incompetence + ignorance = Slashdot hilarity.
So what you are saying, is that if you set up a PC for security, you shouldn't half ass it?
To be immune from this "flaw":
1. actually provision AMT if it's present on your PC (note: AMT != Intel ME, which is in all chipsets of the last 10 years or so)
2. put a BIOS password to protect from AMT local reset.
This takes about 30 seconds, and it can actually be done en masse if you are doing AMT properly.
Or you could just have the IT guy provision it when he does all the other crap to the machine before it's deployed, and it's no longer a concern. Also, in addition to being immune to this "flaw", you get the remote administration and monitoring advantages of AMT! How about that!
Here's the good news about AMT and vPro: You can spend $30/system to have vPro on it, you can mass-configure with software Intel provides for free (but you need to buy a signed certificate specifically for AMT provisioning that matches your DHCP's DNS suffix for it to work), and then you can remotely reboot provisioned hardware from ISO images to reimage hardware from anywhere in the world, if you have granted access. It just needs to be on your network, and this includes notebooks that are wireless only.
I implemented this at a Fortune 500 that has about 50,000 Windows PCs spread across the US like trading stamps, and contracted with a 3rd party for on-site support. They charged a minimum 2 hours for a service call. vPro paid for itself in the first year just from reimage tickets alone - never mind the cost savings of not having to license a remote viewer for the help desk that is worth a damn and has the required security features for this company (HIPPA).
If you opt-in on something that:
- allows remote access in hardware
- leave it unconfigured
- allow some bad actor physical access
then you get what you deserve. Change any one of those three, and you're fine.
This "flaw" is in IT staff, not the product.
I guess using shit that incompetent admins spent extra money for and then left wide open by never configuring is now Intel's fault? This is the manual single-machine way to provision AMT / vPro. The only way this is a "flaw" is because the monkey in IT either didn't know what they were buying, or didn't bother to actually use what they were sold. By the way, once AMT / vPro are configured in any way (and if the admin of a machine is at all smart, they are doing this through a software provisioner when installing the OS in order to make sure the settings are the same each and every time), this "flaw" is no longer an option without the password, or without a few reboots and access to the BIOS.
Oh wait, is being able to press DEL, F1, F12, etc. and access the BIOS because a password wasn't set a "flaw" now too? Because that's the same fucking thing.
Don't want nefarious people configuring your vPro for you? Either don't buy a machine with vPro built in (yes, vPro is different from AMT - AMT is the base tech, vPro is a feature set running on top that allows the remote control, remote boot options, remote BIOS access, etc.), or fucking configure the thing you paid an extra $30 or so for.
What a sensationalist clickbait article that has been completely documented by Intel and the vast majority of their OEMs for like 6 years.
I don't claim to be any kind of semiconductor engineer, but I am a customer that paid for something, and post-facto have a choice between insecure, or less performance than I paid for.
If you think this is fine, then you are either a paid shill or a deluded fanboy.
Apple made imaging the data off the device impossible with the addition of the "Secure Enclave" in the CPU - half of the encryption key comes from a burned-in value inside the CPU at manufacture, and that value is not recorded anywhere.
If you pull an image and attempt to unlock it, you would have to crack 256-bit elliptic curve private keys. Good luck with that.
Source: https://developer.apple.com/do...
It's user selectable to have either an increasing hardware-enforced delay between attempts, or wipe-after-X-attempts. iPhone defaults to the first behavior.
Please now link to any Apple advertisement where they are deliberately targeting criminals. Or shut the fuck up and stop making shit up.
Or, if I'm doing something with my phone that the FBI may use to lock me up, how about I just turn off the fingerprint thing and set a password instead of a 4-digit pin. Oh, and turn on the thing that wipes the device after X incorrect attempts. And, because it's an iPhone, you can't extract the flash because half the encryption key is burned into the CPU. Good luck, fuckers.
After all, if I'm conducting some kind of criminal conspiracy involving my phone, why wouldn't I go the whole way to protect it and myself?
The FBI has had their head up their ass on this thing from the start. They should be championing encryption, as it alone is responsible for preventing possibly millions of cross-state-line ID theft and wire fraud cases that they would be saddled with investigating.
DRM and encryption are two different very things that only on the surface appear to be similar.
Encryption is "here is a lock. It's made of a material that cannot be physically compromised, and the lock mechanism has billions of variable length pins at hundreds of different angles along the keyway, making it impossible to pick. I'm keeping the key and only giving it to people I want to. Good luck."
DRM is "here is a lock, and a key. We've also put a bit of gum over the keyhole on the lock. Don't take that off unless we say so, and absolutely don't put the key in there."
Sure. But in order for it to be of any use, it needs to not have severe penalties to it's use in comparison to the competition*
*the competition being government-issued currencies and the last 30 years of electronic funds transfers
You know there's a difference between "investment" and "currency" right? You've created a false equivalency.
I can't pay for a ticket to investor seminars with Tesla or Apple stock either. Nor would I expect to be able to. However, in a conference by and for bitcoin currency fanatics, I would think that being able to pay your way in with Bitcoin would be a given, if it's such a great currency.
If anybody called not accepting gold as currency at a "Gold as an investment" conference (if such a thing exists) ironic, they would just be wrong. Either people need to stop pretending Bitcoin is anything but a wildly inflating speculation bubble with zero tangible assets backing it, or admit there are serious flaws and scale issues with the design that are preventing it's intended use as a currency.