I don't usually say people deserve to have bad things happen to them, but this is going to be an exception.
An admin leaving a database with direct connectivity to the internet is bad enough---borderline negligence, in my opinion. But a blank admin password?
That's like walking down the street with $100 bills bulging out of your pockets on the bad side of town.
It's not just stupidity---most stupid people don't even do things that stupid.
It's too bad IT doesn't require professional licenses like doctors and lawyers, so we can kick these people out of the profession before they hurt somebody else.
Verizon can't just roll with some smartass reporter's comments about the drop in value.
They have to be prepared to prove it in court if they back out of the agreement.
I'm fairly sure that Yahoo is worthless as a tech company, but the contract probably has a lot of conditions and stipulations in it. This isn't like returning a TV to Best Buy when it doesn't work the way you thought it would.
Both pushd and popd work in PowerShell. They're technically aliases for the real PowerShell cmdlets, but they're configured by default.
Group Policy deployment has a lot of caveats and restrictions, so I would be understanding of issues there. Things should be a little better with SMS/SCCM though.
Software vendors like IBM have not provided documentation for automating much of AS/400 configuration with Powershell, it's all CMD scripts.
And this is why Microsoft is keeping CMD around. Converting complex legacy scripts is almost always a nightmare, so it will be a while before stuff like this changes over.
Oh look, another person who decides to whine instead of learn.
You can dig deeply into the OS very easily with PowerShell. WMI, registry, ACLs, etc are all easily and cleanly exposed.
The object-oriented nature of the environment is also a godsend for programmers, particularly those with Python/Java/C++/Ruby backgrounds. So much kludging disappears when you can pass a set of objects from one command to the next---because no one should ever forget the terrible text parsing capabilities that are native to Windows.
And, seriously, if you have trouble opening PowerShell with administrative privileges then you need a new job. On a clean install, Server Manager opens up as soon as you login. It is elevated and has a menu to launch PowerShell, so you can open an elevated session with two clicks. Literally two clicks---Tools, then Windows PowerShell.
CMD can do a lot, but it is really, really dated as a system management tool. If you're a Windows admin and haven't learned PowerShell, you're just making your job harder in the long run.
"If you don’t renew the Norton Core Security Plus subscription in the second year, Norton Core will continue to function as a high performance router. All network, IoT, and device level security, plus parental control features will be unavailable if the subscription is not renewed."
Yeah, thanks, but I prefer my equipment to function for more than a year.
And how many people were extorted or sued by their idiotic tactics in the meantime?
While I am glad they have addressed their ignorance, I will not be upset if the continued proliferation of indie labels castrates their influence over time.
When he couldn't perform a factory reset, they told him to have it serviced. That seems like the right response to me.
What else are they supposed to do? Step him through disassembling it over the phone? Do any consumer support lines ever go that far?
Maybe the crypto malware tampered with just the right thing, or maybe there is a physical defect preventing the reset. At the service center, I assume they can replace whatever is necessary to resolve the problem.
I'd be more pissed off at a company that wasted my time on the phone instead of arranging service when necessary.
Easy, engineers are morons. They don't think about what PEOPLE need or want
You obviously aren't an engineer. Nor do you know many. Most engineers don't decide the features and performance requirements of the product. Either management or the customer does.
So the people writing the specs are morons. If someone gives you a recipe for a turd sandwich, you're going to make them a turd sandwich---or else you'll get fired for not doing your job.
Maybe you can ask them if they want lettuce or tomato on their turd sandwich. Maybe you can tell them that they have to choose between toasted and untoasted bread (because it's impossible to have both). But, in the end, if the spec is a turd sandwich then that's what you deliver.
I'm sure any programmer with an ounce of sense realized the implications of automatic updates and always-on telemetry. And most of them would never put that crap into the spec if they had any say in the matter. But they don't get a say. So enjoy your turd sandwich.
Those engineers can refuse to do unethical things, but they choose not to because they value the money that management waves in front of them more than the wellbeing of their fellow man.
You're not talking about murder or espionage. You're talking about day-to-day business. Things that are entirely legal. The "unethical" thing is going to get done regardless of protest.
There is little point in resigning over such a matter---and a huge personal impact, especially if the employee is responsible for children or aging parents.
Blaming the programmers is a load of crap. It can take a year or two to realize that your company has changed and to line up a decent job.
Microsoft management could have dropped the requirement at any point in development up to final release, and they chose not to. They are the ones with the real choice and the real power.
So you're perfectly OK with unelected personnel refusing to perform perfectly legal tasks assigned to them by the legally elected leadership of the US government?
These people did their jobs as instructed for years, and Trump is apparently looking to punish or fire them for it. That is not acceptable.
If their jobs are eliminated because Trump believes climate change is a fairy tale, they can avail themselves of whatever job transition/placement programs the government has. But to target them off the bat because they worked on climate change is appalling and wrong.
Bureaucrats don't get to anticipatorily refuse lawful instructions from their employer because he *might * do something they disagree with later.
He's nobody to them until Inauguration Day. He cannot issue lawful instructions because he has no lawful authority until he assumes office.
Even then, it should be illegal for an employer to punish employees for doing exactly what they were told.
If Trump tells the DoE to stop doing climate science, it can do that without making a public spectacle of the employees. The department can look at its tasking and make its own decisions---management can assign these people to other tasks they are qualified for, or it can let them go.
Those people deserve a fair shake at keeping a job---whatever form that takes in the government---not a witch hunt.
Trump doesn't personally approve the requirements; his appointees do.
That said, if federal agencies don't follow the rules for making new regulations, those regulations can be tossed in court.
If DOT policy requires a 90-day comment period and a 4-year "warning" period before the rules take effect, they need to adhere to that schedule regardless of who is shuffling in and out of the White House.
The new models for the next several years are already in various stages of design, so rules realistically need to be finalized years in advance unless we are willing to derail automotive engineering with constant short-notice spec changes.
I seriously doubt this has anything to do with drivers, which are merely there to feed calls to the GPU, and the blame falls on a broken DirectX implementation.
You seriously have no idea WTF you are talking about.
Developers write code that hands off primitives and rendering instructions to DirectX. DirectX is a relatively thin API that exposes functionality in the GPU via the driver.
DirectX is sending roughly the same thing to the driver (barring app developers who choose multiple code paths). So if one driver breaks first and then the other breaks completely at random, it's 100% the problem of the driver devs.
Do you know why driver updates can improve performance and compatibility? Because there are different techniques they can use to turn a DirectX command queue into GPU instructions. It's a very complicated task.
Video drivers don't just "feed calls to the GPU". They are doing a lot of work translating those calls; modern GPU drivers are closer to JIT compilers than your old-fashioned device drivers.
Microsoft has done a lot of shit work, but this isn't one of those cases. Driver devs have a lot of hard work to do, and sometimes they screw it up.
They didn't terminate them "based solely on their national origin and race"
But what other reason could there be...
They terminated them based on the fact they can pay Indian workers a fraction of the salary.
...when this is clearly not the case, as the H1B program is supposed to let American companies hire foreign tech workers only when there are no domestic workers available.
It's almost like this a play to bring attention to a serious jobs issue, with the added bonus of potentially winning a judgment in court if things shake out well.
There has to be a motive behind it that is meant to screw with us.
Not really. We started kicking printers off the network if they couldn't be secured. HP was the biggest offender by far.
If departments have to choose between having a dedicated "printer PC" vs having a decent network printer, they usually want the convenience of a network printer. And when HPs aren't eligible, HP loses sales.
A lot of businesses still don't care about security, but enterprise vendors are increasingly being pressured by those who do.
Physical separation adds weight and cost. There is no need for the extra material if you ensure an adequate gap, so why include it all? It's wasteful.
I doubt the battery company only sells to Samsung, so other products are presumably using the same components safely. Samsung did the risky/bad engineering by shrinking the battery compartment as much as they did.
Even with physical separation, the battery still needs room to expand. Perhaps your failure mode would be strained PCBs and cracked soldering instead of fire---but you would still have failures. Regardless of what batteries they used, Samsung made a mistake.
Audiences do not like having this distorted version of reality shoved down their throats.
An audience can leave or complain. A television cannot compel viewership.
Those who choose to watch obviously value watching and reacting---more than anything else they could be doing at the time.
So the idea of "shoved down their throats" really only applies to the meanest, loneliest malcontents who watch things they find repulsive in order to perpetuate their bitterness and anger.
You are wrong. I suggest reading Microsoft's documentation regarding "key protectors" if anything I say is confusing.
The Windows updater runs as system, which means it can do anything an administrator can do.
An administrator can suspend Bitlocker, which temporarily stores the volume encryption key in cleartext so that it will automatically mount.
It is easily conceivable that Windows Update is preparing the updates, suspending Bitlocker, rebooting, completing the installation, and reenabling Bitlocker.
Also, note that the TPM never stores the key that encrypts the user data on the hard drive (the volume encryption key). The TPM is given a key protector container on the hard drive, which grants it access to the volume encryption key. That volume key is always stored on the hard drive.
As with most full-disk encryption packages (including LUKS), the volume encryption key is stored on the hard drive. All system/user data is encrypted with this key.
The software creates a copy of the volume key for each user. Their copies are encrypted with either their passwords or their private keys.
Encryption users do not necessarily map to user accounts. The TPM is also a user in this context---it uses its private key in whatever manner it was configured, typically after receiving a valid PIN via the keyboard.
Bitlocker encryption can be suspended by creating a cleartext copy of the volume key in one of the containers where user keys are normally stored. An administrator can do this from the command line, and apparently Windows Update can as well. Reenabling Bitlocker scrubs the cleartext copy.
Since encryption/decryption is happening in the background 24/7 while the system is running, the volume key is always somewhere in memory and thus the OS always has access to it.
You obviously have no idea how Bitlocker works. It is architecturally similar to many other full-disk encryption packages.
There is a volume encryption key which is used to encrypt the user data on the disk. This key is generally used with a fast symmetric cipher like AES. Once the initial volume encryption is completed, all reads/writes require the key to encrypt or decrypt the data.
The volume encryption key is encrypted with the public key or password for each unique user. Thus, each user has his own means of accessing the volume key, which must be the same for everyone. There is an encrypted copy of the volume key on the hard drive for every user. It could be one, or it could a hundred. (In most enterprises, the TPM is also a "user" who can unlock the drive with its key.)
In this case, the disk can be temporarily "unlocked" if an administrator suspends Bitlocker. When Bitlocker is suspended, the volume encryption key is stored in a cleartext container on disk. That volume will automatically unlock until Bitlocker protection is reenabled, which scrubs the cleartext key.
Microsoft should require administrator consent before suspending Bitlocker, so this is more of a design flaw than an exploit. Manually suspending Bitlocker does require administrator privileges.
Slashdot Mirror
I don't usually say people deserve to have bad things happen to them, but this is going to be an exception.
An admin leaving a database with direct connectivity to the internet is bad enough---borderline negligence, in my opinion. But a blank admin password?
That's like walking down the street with $100 bills bulging out of your pockets on the bad side of town.
It's not just stupidity---most stupid people don't even do things that stupid.
It's too bad IT doesn't require professional licenses like doctors and lawyers, so we can kick these people out of the profession before they hurt somebody else.
Verizon can't just roll with some smartass reporter's comments about the drop in value.
They have to be prepared to prove it in court if they back out of the agreement.
I'm fairly sure that Yahoo is worthless as a tech company, but the contract probably has a lot of conditions and stipulations in it. This isn't like returning a TV to Best Buy when it doesn't work the way you thought it would.
Both pushd and popd work in PowerShell. They're technically aliases for the real PowerShell cmdlets, but they're configured by default.
Group Policy deployment has a lot of caveats and restrictions, so I would be understanding of issues there. Things should be a little better with SMS/SCCM though.
Software vendors like IBM have not provided documentation for automating much of AS/400 configuration with Powershell, it's all CMD scripts.
And this is why Microsoft is keeping CMD around. Converting complex legacy scripts is almost always a nightmare, so it will be a while before stuff like this changes over.
Microsoft makes virtually all of their software revenue from enterprise sales. And killing a legacy tool as widely-used as CMD will piss them off.
So while I believe Microsoft will not hesitate to give home users the middle finger, I seriously doubt they will kill CMD any time soon.
Everything new is in PowerShell, but we have a lot of old crud that runs in CMD because no one wants to break it.
Oh look, another person who decides to whine instead of learn.
You can dig deeply into the OS very easily with PowerShell. WMI, registry, ACLs, etc are all easily and cleanly exposed.
The object-oriented nature of the environment is also a godsend for programmers, particularly those with Python/Java/C++/Ruby backgrounds. So much kludging disappears when you can pass a set of objects from one command to the next---because no one should ever forget the terrible text parsing capabilities that are native to Windows.
And, seriously, if you have trouble opening PowerShell with administrative privileges then you need a new job. On a clean install, Server Manager opens up as soon as you login. It is elevated and has a menu to launch PowerShell, so you can open an elevated session with two clicks. Literally two clicks---Tools, then Windows PowerShell.
CMD can do a lot, but it is really, really dated as a system management tool. If you're a Windows admin and haven't learned PowerShell, you're just making your job harder in the long run.
FAQ this:
What happens if I don’t renew my subscription?
"If you don’t renew the Norton Core Security Plus subscription in the second year, Norton Core will continue to function as a high performance router. All network, IoT, and device level security, plus parental control features will be unavailable if the subscription is not renewed."
Yeah, thanks, but I prefer my equipment to function for more than a year.
And how many people were extorted or sued by their idiotic tactics in the meantime?
While I am glad they have addressed their ignorance, I will not be upset if the continued proliferation of indie labels castrates their influence over time.
So, yes, they should have thought about when a non-technical customer says "I'm blue-green colorblind!"
Who is the dipshit with the snarky un-thought through answer, exactly?
You.
There is no blue-green colorblindess. It's either red-green or blue-yellow.
When he couldn't perform a factory reset, they told him to have it serviced. That seems like the right response to me.
What else are they supposed to do? Step him through disassembling it over the phone? Do any consumer support lines ever go that far?
Maybe the crypto malware tampered with just the right thing, or maybe there is a physical defect preventing the reset. At the service center, I assume they can replace whatever is necessary to resolve the problem.
I'd be more pissed off at a company that wasted my time on the phone instead of arranging service when necessary.
You act like all of the Radiohead buyers and app buyers are hardcore pirates, and treat those donations as being 100% attributable to pirates.
Yet, you offer nothing to prove that this is case. You simply make that assumption and run with it.
Your argument is terrible, and the only reason it sounds vaguely appealing is due to an unstated and highly debatable premise.
Easy, engineers are morons. They don't think about what PEOPLE need or want
You obviously aren't an engineer. Nor do you know many. Most engineers don't decide the features and performance requirements of the product. Either management or the customer does.
So the people writing the specs are morons. If someone gives you a recipe for a turd sandwich, you're going to make them a turd sandwich---or else you'll get fired for not doing your job.
Maybe you can ask them if they want lettuce or tomato on their turd sandwich. Maybe you can tell them that they have to choose between toasted and untoasted bread (because it's impossible to have both). But, in the end, if the spec is a turd sandwich then that's what you deliver.
I'm sure any programmer with an ounce of sense realized the implications of automatic updates and always-on telemetry. And most of them would never put that crap into the spec if they had any say in the matter. But they don't get a say. So enjoy your turd sandwich.
Those engineers can refuse to do unethical things, but they choose not to because they value the money that management waves in front of them more than the wellbeing of their fellow man.
You're not talking about murder or espionage. You're talking about day-to-day business. Things that are entirely legal. The "unethical" thing is going to get done regardless of protest.
There is little point in resigning over such a matter---and a huge personal impact, especially if the employee is responsible for children or aging parents.
Blaming the programmers is a load of crap. It can take a year or two to realize that your company has changed and to line up a decent job.
Microsoft management could have dropped the requirement at any point in development up to final release, and they chose not to. They are the ones with the real choice and the real power.
So you're perfectly OK with unelected personnel refusing to perform perfectly legal tasks assigned to them by the legally elected leadership of the US government?
These people did their jobs as instructed for years, and Trump is apparently looking to punish or fire them for it. That is not acceptable.
If their jobs are eliminated because Trump believes climate change is a fairy tale, they can avail themselves of whatever job transition/placement programs the government has. But to target them off the bat because they worked on climate change is appalling and wrong.
Bureaucrats don't get to anticipatorily refuse lawful instructions from their employer because he *might * do something they disagree with later.
He's nobody to them until Inauguration Day. He cannot issue lawful instructions because he has no lawful authority until he assumes office.
Even then, it should be illegal for an employer to punish employees for doing exactly what they were told.
If Trump tells the DoE to stop doing climate science, it can do that without making a public spectacle of the employees. The department can look at its tasking and make its own decisions---management can assign these people to other tasks they are qualified for, or it can let them go.
Those people deserve a fair shake at keeping a job---whatever form that takes in the government---not a witch hunt.
Trump doesn't personally approve the requirements; his appointees do.
That said, if federal agencies don't follow the rules for making new regulations, those regulations can be tossed in court.
If DOT policy requires a 90-day comment period and a 4-year "warning" period before the rules take effect, they need to adhere to that schedule regardless of who is shuffling in and out of the White House.
The new models for the next several years are already in various stages of design, so rules realistically need to be finalized years in advance unless we are willing to derail automotive engineering with constant short-notice spec changes.
You think you can defend against a malicious hypervisor?
Wow, I have a bridge to sell you...
I seriously doubt this has anything to do with drivers, which are merely there to feed calls to the GPU, and the blame falls on a broken DirectX implementation.
You seriously have no idea WTF you are talking about.
Developers write code that hands off primitives and rendering instructions to DirectX. DirectX is a relatively thin API that exposes functionality in the GPU via the driver.
DirectX is sending roughly the same thing to the driver (barring app developers who choose multiple code paths). So if one driver breaks first and then the other breaks completely at random, it's 100% the problem of the driver devs.
Do you know why driver updates can improve performance and compatibility? Because there are different techniques they can use to turn a DirectX command queue into GPU instructions. It's a very complicated task.
Video drivers don't just "feed calls to the GPU". They are doing a lot of work translating those calls; modern GPU drivers are closer to JIT compilers than your old-fashioned device drivers.
Microsoft has done a lot of shit work, but this isn't one of those cases. Driver devs have a lot of hard work to do, and sometimes they screw it up.
It's actually easy to clean up:
Dism /online /Cleanup-Image /StartComponentCleanup /ResetBase
This applies to 8/8.1/10. There is a vastly different method for Windows 7.
Note that you lose the ability to uninstall old updates when their files are purged, so it might be best to run this a week or two after patching.
They didn't terminate them "based solely on their national origin and race"
But what other reason could there be...
They terminated them based on the fact they can pay Indian workers a fraction of the salary.
...when this is clearly not the case, as the H1B program is supposed to let American companies hire foreign tech workers only when there are no domestic workers available.
It's almost like this a play to bring attention to a serious jobs issue, with the added bonus of potentially winning a judgment in court if things shake out well.
There has to be a motive behind it that is meant to screw with us.
Not really. We started kicking printers off the network if they couldn't be secured. HP was the biggest offender by far.
If departments have to choose between having a dedicated "printer PC" vs having a decent network printer, they usually want the convenience of a network printer. And when HPs aren't eligible, HP loses sales.
A lot of businesses still don't care about security, but enterprise vendors are increasingly being pressured by those who do.
Physical separation adds weight and cost. There is no need for the extra material if you ensure an adequate gap, so why include it all? It's wasteful.
I doubt the battery company only sells to Samsung, so other products are presumably using the same components safely. Samsung did the risky/bad engineering by shrinking the battery compartment as much as they did.
Even with physical separation, the battery still needs room to expand. Perhaps your failure mode would be strained PCBs and cracked soldering instead of fire---but you would still have failures. Regardless of what batteries they used, Samsung made a mistake.
Audiences do not like having this distorted version of reality shoved down their throats.
An audience can leave or complain. A television cannot compel viewership.
Those who choose to watch obviously value watching and reacting---more than anything else they could be doing at the time.
So the idea of "shoved down their throats" really only applies to the meanest, loneliest malcontents who watch things they find repulsive in order to perpetuate their bitterness and anger.
You are wrong. I suggest reading Microsoft's documentation regarding "key protectors" if anything I say is confusing.
The Windows updater runs as system, which means it can do anything an administrator can do.
An administrator can suspend Bitlocker, which temporarily stores the volume encryption key in cleartext so that it will automatically mount.
It is easily conceivable that Windows Update is preparing the updates, suspending Bitlocker, rebooting, completing the installation, and reenabling Bitlocker.
Also, note that the TPM never stores the key that encrypts the user data on the hard drive (the volume encryption key). The TPM is given a key protector container on the hard drive, which grants it access to the volume encryption key. That volume key is always stored on the hard drive.
As with most full-disk encryption packages (including LUKS), the volume encryption key is stored on the hard drive. All system/user data is encrypted with this key.
The software creates a copy of the volume key for each user. Their copies are encrypted with either their passwords or their private keys.
Encryption users do not necessarily map to user accounts. The TPM is also a user in this context---it uses its private key in whatever manner it was configured, typically after receiving a valid PIN via the keyboard.
Bitlocker encryption can be suspended by creating a cleartext copy of the volume key in one of the containers where user keys are normally stored. An administrator can do this from the command line, and apparently Windows Update can as well. Reenabling Bitlocker scrubs the cleartext copy.
Since encryption/decryption is happening in the background 24/7 while the system is running, the volume key is always somewhere in memory and thus the OS always has access to it.
Bitlocker can use a public/private key pair or a password to protect the volume encryption key.
The TPM's private key does not have to be given access to the volume encryption key. It can be kept on a USB drive.
Or it can be used with only a password, and then the only means of unlocking the drive is inside your head.
Key protectors can be added/removed via the command line. It takes less than a minute.
You obviously have no idea how Bitlocker works. It is architecturally similar to many other full-disk encryption packages.
There is a volume encryption key which is used to encrypt the user data on the disk. This key is generally used with a fast symmetric cipher like AES. Once the initial volume encryption is completed, all reads/writes require the key to encrypt or decrypt the data.
The volume encryption key is encrypted with the public key or password for each unique user. Thus, each user has his own means of accessing the volume key, which must be the same for everyone. There is an encrypted copy of the volume key on the hard drive for every user. It could be one, or it could a hundred. (In most enterprises, the TPM is also a "user" who can unlock the drive with its key.)
In this case, the disk can be temporarily "unlocked" if an administrator suspends Bitlocker. When Bitlocker is suspended, the volume encryption key is stored in a cleartext container on disk. That volume will automatically unlock until Bitlocker protection is reenabled, which scrubs the cleartext key.
Microsoft should require administrator consent before suspending Bitlocker, so this is more of a design flaw than an exploit. Manually suspending Bitlocker does require administrator privileges.