Wrap it up, some people did X therefore everyone did. It's not like you can prevent anyone from being a part of a self defined group.
If harassment and doxing were present in the files on the Gamergate repository, then Github's objective analysis of their repo was correct. It violated the TOS, and therefore it was removed. Github is a code repository, so it wasn't even an appropriate platform for organizing social action to begin with.
It doesn't matter what the Gamergate "movement" claims to be about; it matters that the Gamergate supporters on Github engaged in inappropriate conduct.
I do believe that 99% of Gamergate supporters are assclowns. Github discovered evidence supporting this attitude, which I find personally gratifying.
You remember when Facebook was found out to be tampering with conservative news articles and effectively preventing them from appearing on the trending news list?
I don't know that it was ever proven to be deliberate behavior, but they are allowed to do it regardless.
Based on your premise this is acceptable behavior.
Acceptability is a personal decision. With most unacceptable things, you can either opt out, ignore it, or setup an alternative.
Things like this may be legal, but it doesn't mean they are acceptable.
If it is legal and you are free to opt out, then there isn't really a problem. Opt out.
Takedowns due to philosophical disagreement or policy/disciplinary reasons should remain private unless the targeted party agrees to publicize the issue. It's like disciplinary action being handled privately at work---it's best done quietly so the matter can remain confidential if desired. If someone believes the philosophy is wrong, they can always go public on their own anyway.
Gamergate was a trash "movement" and doesn't deserve free hosting anywhere. Oh, the media covering video games isn't catering to my preferences or operating according to my standards? Well, stop visiting those sites.
And, yeah, we're not supposed to call things "retarded" anymore according to Github. Github can decide what's acceptable on Github. It's their site and their rules. Maybe they require more decorum than Slashdot. Don't go there if that's a problem for you.
DMCA is serious though because you can't just opt out of it. The US legal system will enforce it. So reporting on how it's used and who is affected is important.
Boasting about just-launched products beating a two year-old products (GTX 970 was launched in September 2014)
The GTX 970 was one of the price/performance darlings of the market prior to the RX 480 launch. For people who were looking at something in that performance bracket, the introduction of the RX 480 is huge. It offers comparable performance for 2/3 the cost (until nVidia adjusts their MSRPs, anyway).
The GTX 970 is a previous generation card from a higher performance segment than the RX 480, and comparisons like that are fairly common.
Trying to leave the impression that NVIDIA doesn't have a Pascal-based product on the market
Not sure where you're getting this.
If it's because there's no benchmarks comparing RX 480 to GTX 1080/1070, it's because they're not competing products. The RX 480 will compete with the future 1060, and the GTX 1080/1070 will compete with the future Vega-based products.
And they actually mention the impending GTX 1060 release in the summary, which is the reasonable thing to do since it is the intended competition.
Phrases like "as much as X% faster" when talking about performance.
I dislike that, but it is not uncommon among tech reviewers. Still, the graphs display the actual data, and the per-application commentary is solid.
comparison to... previous-gen AMD cards... rather than the competition when bragging about energy efficiency gains
Generation-to-generation comparisons are always part of a review. They also discuss the performance delta between current and previous AMD cards.
Everyone knows AMD's cards have been less power efficient than nVidia's for years, and nVidia made a huge leap forward with Maxwell. Everyone has been waiting to see what 14nm brings and if AMD could catch up. Sadly, they have not. But they are closer, and that is noteworthy.
Carefully selecting price points that let them pretend there's no elephant in the room: that AMD lacks a proper response to the 1070 and 1080
That isn't really relevant to the RX 480 review. We've known for months that AMD is introducing their mid-tier parts now and high-end parts later.
this whole summary is so clearly one-sided
It's not, really.
Everything you've mentioned has been covered exhaustively in the tech news already. There is simply no point in repeating it in an article focused on the RX 480.
it won't prevent the admin from whitelisting whatever he wants to execute or install
It's not supposed to stop those things.
A whitelisting application is only supposed to stop things that admins do not want to run. It is specifically designed for competent system administrators---not home users.
A home user would have to delegate whitelist management, which translates to subscription security services or curated application stores in the real world.
to profile the binary before executing it
You're joking, right?
Enterprise applications have hundreds of interrelated binaries, and there is generally no data available on the exact functionality of each. And large enterprises tend to run a large variety of your typical non-enterprise applications---too many to investigate individually. This is way beyond the realm of practical, even for most large businesses.
If it's practically impossible for enterprises, smaller organizations won't have the skills and resources to do it either.
Linux distros all ship with SELinux or AppArmor sandboxing the privileges of the email client and browser by default
Internet Explorer ships with Protected Mode enabled, which has severely restricted privileges, and it runs perfectly fine with an unprivileged user account---which doesn't matter if a site can convince the user to disable it all. Or if it contains an exploit that escalates privileges / escapes the sandbox. Or if the user willingly downloads trojaned files.
With most users running as admins, clicking yes to every prompt they encounter, and disabling security features to try "fixing things", there is no meaningful way to protect the system without revoking their privileges. Denying privileges to owners may be anathema here, but it's a baseline required for a secured system in the wild.
People are uninterested in IT---until it gets in their way. If SELinux got in their way, how long do you think it would take the average idiot to hit google and figure out how to disable it? It's not hard. If they can follow instructions to muck about in the Windows registry, then they can certainly manage a single line of text at the CLI.
This is why desktop security will always be crap except for well-managed corporate machines. There will be a handful of home machines run by security-conscious folks, and everything else will be a mess because people dislike being told they can't do something even when it's for their own good.
yet were moaning over loss of access to low cost parking spaces.
At the same time, if everyone shrinks their parking spaces then there is nowhere to park.
If public or municipal parking spaces cannot fit every street-legal consumer vehicle, then there ought to be disclaimers or exceptions as needed.
If you're going to have a legal standard for private vehicles, you might as well employ that standard universally when it comes to traffic and parking laws.
Taxes are levied universally according to some standard. E.g., income taxes on a particular income bracket.
Fees are paid for services by those who use them. (Though, lately, some places are instituting administrative fees in a manner that functions like fines.)
Fines are penalties paid by those who violate a law or regulation.
In theory, the government would collect zero fines if everyone followed the law all the time. The same does not apply for taxes or fees.
Since you used "alliterate" rather than "aliterate", I'm not so sure your comprehension and composition are that good. Not as sure as you are, at least.
Clinton... wants the U.S. to "staple" green cards on the diplomas of STEM... masters and PhD graduates
Good. We need to balance out the culture of ignorance that is developing in this country. The people who mock learning and expertise aren't moving the country forward now, and they never will.
Plus, if these people have real green cards, they cannot be abused and underpaid the same way H1Bs are. That should stabilize the labor market a bit, especially if the program ultimately leads to a reduction in H1B issuance.
If American citizens have no interest in education, go ahead and allow *real* immigration. As long as the immigrants integrate culturally, the country will come out stronger like it always has.
Given its penetration, the Edge extensions hardly matter.
Most of the other features are niche, invasive, or useless. Seriously, does anyone release malware that can't evade Windows Defender out of the box?
Cortana will remain relatively useless until it can integrate with smartphones, which means Microsoft will have to put more effort into its Android and iOS apps, helping to make them first-class platforms.
Anything that makes the Windows Store better sounds good. That's the only thing of real value I see, and even then it's more for the future than the present.
Getting missile lock against your opponent's stealth before he does likewise will decide who wins most fights, and the pilot has little to do with that.
So evasion and countermeasures count for nothing?
Humans pass out around 10G. If you remove the human pilot, aircraft can maneuver more aggressively. Maneuverability isn't only for offense.
Cached logons ignore password expiration. They should be able to login indefinitely.
Domain accounts rely on the password expiration date stored in Active Directory, but the LSA subsystem enforces the policy locally when it authenticates via a domain controller. If the LSA falls backs to cached credentials, there is no expiration data and thus no enforcement.
The simple fact is that image and pattern recognition on radar and camera's are not good enough in real time for an AI pilot to work with.
Modern fighters can lock and fire missiles beyond visual range. So the radar is a little better than you're giving it credit for.
the computer that runs the AI is probably twice the size of the plane it is flying
Read the article next time: "To reach its current performance level, ALPHA's training has occurred on a $500 consumer-grade PC."
You can probably fit that hardware just by replacing the padding of the pilot seat.
So put that ai pilot in a predator drone, and let a real pilot in another drone fight it. I bet it loses a lot.
That used to be what happened with all AI pilots---humans wrecked them in sims.
The article is reporting a new development, and the information is as relevant as the simulation is reliable.
Military training sims are pretty powerful. They have precise aircraft physics and handling, full visual fields, craft-specific sensors/instruments/countermeasures, and an entire background of "real world" that the planes fly in.
Since we know you're 0/2 on the previous points, I'm gonna go ahead and assume you are wrong again.
Why should any temporary lodging require any such registration in the first place.
Rentals are usually taxable, so the state/local government arguably has the power to demand this information already.
Some cities, typically tourist destinations, also charge a hospitality tax on short-term rentals.
There may be a requirement for liability insurance. This ensures the owner is capable of compensating clients in the event of injury or property damage.
Most buyers want a basic guarantee that the premises are relatively clean and safe. Mandatory registration is the first step in identifying rental locations, and health/safety requirements can be be imposed later if necessary.
I want actual facts, and not emotional violence typical of those that love government intrusions into business activities.
The term "emotional violence" sounds like the very kind of nonsense you supposedly despise. Or maybe you're just trying to tip the debate in your favor without actually arguing the merits of your position.
A subscription model may actually give Linux a chance.
It might, and that's why they'll never do it for their desktop OS. They've already done it everywhere else.
They already have subscription licensing for enterprise, which is where they make the bulk of their money. To the extent that businesses pass on expenses, you're already paying for Microsoft subscriptions. Have been for years.
Office 365 is a subscription. XBox Live is a subscription.
The Windows Store functions like a subscription. They get a cut of every app sold on it. The more you use their platform, the more they collect.
Microsoft may be dirty, but they're not stupid. Everything they realistically could make money on in the future is already a subscription or close to it.
But the way they are clawing for it shows they do not understand who they are and what they produce.
Oh, they know exactly what they're doing.
There are many environments where it is undesirable or even illegal to simply throw around data so detailed as what I have seen in Windows telemetry to a third party over the internet.
And here is where the money rolls in.
Telemetry can only be fully disabled in the Enterprise edition of Windows 10. If you have privacy requirements due to national security, health care, or financial regulations then you have to license Enterprise.
Still I think especially Microsoft urgently needs to be reminded that they do not rule over a lawless wasteland but operate under the same laws as everyone else.
But they do.
Do you have any idea how much telemetry is available from smartphones? Apple and Google have been sucking up that data for years, and Microsoft is late to the party. Newer automobiles have telemetry, and it's not exactly new in the automotive industry either. Hell, even GM got embedded telemetry before MS.
Even before smartphones, there was a "diagnostic" toolkit that most manufacturers left enabled in their production software.
As much as everyone seems to love complaining about Microsoft here, they are not breaking new ground. That ship sailed years ago.
If you value privacy, it's not just a question of Linux on the desktop. It's a question of what technologies are you going to cut out of your life entirely. With just cars and cell phones, most people are already completely covered.
You basically can't be an unescorted male in this country now without some soccer mommy accusing you of things simply because you exist.
I have no problems with this. No one I know has had problems with this.
Perhaps you need to review your dress, hygiene, and behavior.
Those same hypersensitive mommies believe there's a predator behind every tree even though instances of violent crime are way down.
Every generation has its bed-wetters.
actual criminals are being let off by jurors who can't comprehend why the cops can't produce a neat tidy stream of high tech evidence like they do in CSI
Prosecutors got convictions under the same "beyond a reasonable doubt" standard before high tech evidence existed. If they are having problems now, maybe it is not the jurors' tech fantasies that are to blame.
If you know it is classified and disclose it anyway, that is a felony. It doesn't matter if you figured out how they did it from their own classified documents or not.
If you don't know whether it's classified and cannot reasonably be expected to know, then you're fine. If they decide to classify it after the fact, they will tell you the information is classified and that you're no longer allowed to discuss it.
There have been a few cases where this occurred, and the creator of the documents in questions was approached in person by federal agents.
but whats to stop them just 'saying' they only use the exploit for foreign intelligence
That's simple, if the law is written properly.
When it's used for law enforcement purposes, it must be disclosed during that case---whenever the law dictates. E.g., when it is developed, after the investigation concludes, during the trial, after any appeals relevant to the exploit are decided, etc.
If they totally swear that the intelligence community is using some other exploit, they don't have to talk about that supposed exploit. We don't care at that point.
Either a particular exploit is unique to the intelligence community (and thus protected from disclosure), or else it is disclosed by law enforcement (and thus there is nothing else to tell us).
IT security and policies should support the mission of the organization - not the other way around.
This is a useless generalization.
Since most businesses do not want their trade secrets or contract information stolen, they need IT security.
Since most businesses are obliged to protect personal information or other sensitive information, they need IT security.
The value of various protections should determine how much they spend to implement security, and the potential for lost productivity should determine how much is spent on streamlining procedures and deploying enterprise tools. Most of those assessments come from upper management.
I've worked at some mid-sized and larger enterprises, and very rarely are the security measures stupid or wasteful in the larger organizations. They usually hire good people or pay for good consultants.
There is more room for stupidity to take root at smaller offices where IT is not subject to the cost analysis or external auditing.
The fact that we IT professionals have not come up with a universal replacement for passwords is the IT industry's biggest failure in my lifetime.
There are a variety of alternatives because the security needs of organizations vary. Passwords have always been the lowest common denominator in terms of security.
Some places still use passwords. Others use smart cards, and yet others use RSA tokens as multi-factor supplements to passwords.
Passwords were a universal security measure because they were fast and cheap to implement. They failed when computational capacity inevitably exceeded basic human memory capacity.
The alternatives are not universal because they are more expensive, and they involve different trade-offs in terms of upfront investment, infrastructure requirements, overhead, and operational costs.
You are basically saying there is a failure because there is no one-size-fits-all solution. You need to move beyond that and realize that everything more secure than a password is also more expensive and complicated. There is no way to avoid that, so every organization will need to assess the alternatives and make an intelligent decision.
Security professionals cannot simply demand that business stops when security policies are not met.
A lot of times, the outcry to "stop doing X" does not mean the business should stop performing one of its functions entirely. It usually means we need to figure out how to replace insecure procedure X with secure procedure Y.
While I'm sure some places have moronic IT staff, practically no one expects essential operations to halt. You can't get more than the basic security certifications without being reminded that business needs and continuity of operations are essential considerations in forming IT policies.
Slashdot Mirror
Wrap it up, some people did X therefore everyone did. It's not like you can prevent anyone from being a part of a self defined group.
If harassment and doxing were present in the files on the Gamergate repository, then Github's objective analysis of their repo was correct. It violated the TOS, and therefore it was removed. Github is a code repository, so it wasn't even an appropriate platform for organizing social action to begin with.
It doesn't matter what the Gamergate "movement" claims to be about; it matters that the Gamergate supporters on Github engaged in inappropriate conduct.
I do believe that 99% of Gamergate supporters are assclowns. Github discovered evidence supporting this attitude, which I find personally gratifying.
You remember when Facebook was found out to be tampering with conservative news articles and effectively preventing them from appearing on the trending news list?
I don't know that it was ever proven to be deliberate behavior, but they are allowed to do it regardless.
Based on your premise this is acceptable behavior.
Acceptability is a personal decision. With most unacceptable things, you can either opt out, ignore it, or setup an alternative.
Things like this may be legal, but it doesn't mean they are acceptable.
If it is legal and you are free to opt out, then there isn't really a problem. Opt out.
I believe the developer can name his program whatever he wants.
I believe Github can decide whether they will host a program with "retard" in its name.
I believe anyone can use a program with "retard" in its name if they want---although I would never do so in a professional setting.
Takedowns due to philosophical disagreement or policy/disciplinary reasons should remain private unless the targeted party agrees to publicize the issue. It's like disciplinary action being handled privately at work---it's best done quietly so the matter can remain confidential if desired. If someone believes the philosophy is wrong, they can always go public on their own anyway.
Gamergate was a trash "movement" and doesn't deserve free hosting anywhere. Oh, the media covering video games isn't catering to my preferences or operating according to my standards? Well, stop visiting those sites.
And, yeah, we're not supposed to call things "retarded" anymore according to Github. Github can decide what's acceptable on Github. It's their site and their rules. Maybe they require more decorum than Slashdot. Don't go there if that's a problem for you.
DMCA is serious though because you can't just opt out of it. The US legal system will enforce it. So reporting on how it's used and who is affected is important.
I found the review quite reasonable overall.
Boasting about just-launched products beating a two year-old products (GTX 970 was launched in September 2014)
The GTX 970 was one of the price/performance darlings of the market prior to the RX 480 launch. For people who were looking at something in that performance bracket, the introduction of the RX 480 is huge. It offers comparable performance for 2/3 the cost (until nVidia adjusts their MSRPs, anyway).
The GTX 970 is a previous generation card from a higher performance segment than the RX 480, and comparisons like that are fairly common.
Trying to leave the impression that NVIDIA doesn't have a Pascal-based product on the market
Not sure where you're getting this.
If it's because there's no benchmarks comparing RX 480 to GTX 1080/1070, it's because they're not competing products. The RX 480 will compete with the future 1060, and the GTX 1080/1070 will compete with the future Vega-based products.
And they actually mention the impending GTX 1060 release in the summary, which is the reasonable thing to do since it is the intended competition.
Phrases like "as much as X% faster" when talking about performance.
I dislike that, but it is not uncommon among tech reviewers. Still, the graphs display the actual data, and the per-application commentary is solid.
comparison to... previous-gen AMD cards... rather than the competition when bragging about energy efficiency gains
Generation-to-generation comparisons are always part of a review. They also discuss the performance delta between current and previous AMD cards.
Everyone knows AMD's cards have been less power efficient than nVidia's for years, and nVidia made a huge leap forward with Maxwell. Everyone has been waiting to see what 14nm brings and if AMD could catch up. Sadly, they have not. But they are closer, and that is noteworthy.
Carefully selecting price points that let them pretend there's no elephant in the room: that AMD lacks a proper response to the 1070 and 1080
That isn't really relevant to the RX 480 review. We've known for months that AMD is introducing their mid-tier parts now and high-end parts later.
this whole summary is so clearly one-sided
It's not, really.
Everything you've mentioned has been covered exhaustively in the tech news already. There is simply no point in repeating it in an article focused on the RX 480.
This is the right way to integrate advertisement.
1. Let the user know before the sale
2. Offer an incentive to compensate for the bandwidth/convenience/intrusion
3. Allow the same equipment to be bought with or without the advertising
While I would never buy in personally, I believe this is the first attempt to treat customers fairly when it comes to advertising and data collection.
You should also be able to disable the advertisements after the traditional subsidy period has ended---so 2 years for mobile.
it won't prevent the admin from whitelisting whatever he wants to execute or install
It's not supposed to stop those things.
A whitelisting application is only supposed to stop things that admins do not want to run. It is specifically designed for competent system administrators---not home users.
A home user would have to delegate whitelist management, which translates to subscription security services or curated application stores in the real world.
to profile the binary before executing it
You're joking, right?
Enterprise applications have hundreds of interrelated binaries, and there is generally no data available on the exact functionality of each. And large enterprises tend to run a large variety of your typical non-enterprise applications---too many to investigate individually. This is way beyond the realm of practical, even for most large businesses.
If it's practically impossible for enterprises, smaller organizations won't have the skills and resources to do it either.
Linux distros all ship with SELinux or AppArmor sandboxing the privileges of the email client and browser by default
Internet Explorer ships with Protected Mode enabled, which has severely restricted privileges, and it runs perfectly fine with an unprivileged user account---which doesn't matter if a site can convince the user to disable it all. Or if it contains an exploit that escalates privileges / escapes the sandbox. Or if the user willingly downloads trojaned files.
With most users running as admins, clicking yes to every prompt they encounter, and disabling security features to try "fixing things", there is no meaningful way to protect the system without revoking their privileges. Denying privileges to owners may be anathema here, but it's a baseline required for a secured system in the wild.
People are uninterested in IT---until it gets in their way. If SELinux got in their way, how long do you think it would take the average idiot to hit google and figure out how to disable it? It's not hard. If they can follow instructions to muck about in the Windows registry, then they can certainly manage a single line of text at the CLI.
This is why desktop security will always be crap except for well-managed corporate machines. There will be a handful of home machines run by security-conscious folks, and everything else will be a mess because people dislike being told they can't do something even when it's for their own good.
The original comment was politically charged and trollish.
Aside from the political jab, it offered no substantial commentary.
I agree that the parking enforcement is over the top, but I still believe that comment earned the negative moderation.
yet were moaning over loss of access to low cost parking spaces.
At the same time, if everyone shrinks their parking spaces then there is nowhere to park.
If public or municipal parking spaces cannot fit every street-legal consumer vehicle, then there ought to be disclaimers or exceptions as needed.
If you're going to have a legal standard for private vehicles, you might as well employ that standard universally when it comes to traffic and parking laws.
Not really.
Taxes are levied universally according to some standard. E.g., income taxes on a particular income bracket.
Fees are paid for services by those who use them. (Though, lately, some places are instituting administrative fees in a manner that functions like fines.)
Fines are penalties paid by those who violate a law or regulation.
In theory, the government would collect zero fines if everyone followed the law all the time. The same does not apply for taxes or fees.
Since you used "alliterate" rather than "aliterate", I'm not so sure your comprehension and composition are that good. Not as sure as you are, at least.
Clinton... wants the U.S. to "staple" green cards on the diplomas of STEM... masters and PhD graduates
Good. We need to balance out the culture of ignorance that is developing in this country. The people who mock learning and expertise aren't moving the country forward now, and they never will.
Plus, if these people have real green cards, they cannot be abused and underpaid the same way H1Bs are. That should stabilize the labor market a bit, especially if the program ultimately leads to a reduction in H1B issuance.
If American citizens have no interest in education, go ahead and allow *real* immigration. As long as the immigrants integrate culturally, the country will come out stronger like it always has.
Given its penetration, the Edge extensions hardly matter.
Most of the other features are niche, invasive, or useless. Seriously, does anyone release malware that can't evade Windows Defender out of the box?
Cortana will remain relatively useless until it can integrate with smartphones, which means Microsoft will have to put more effort into its Android and iOS apps, helping to make them first-class platforms.
Anything that makes the Windows Store better sounds good. That's the only thing of real value I see, and even then it's more for the future than the present.
Getting missile lock against your opponent's stealth before he does likewise will decide who wins most fights, and the pilot has little to do with that.
So evasion and countermeasures count for nothing?
Humans pass out around 10G. If you remove the human pilot, aircraft can maneuver more aggressively. Maneuverability isn't only for offense.
Cached logons ignore password expiration. They should be able to login indefinitely.
Domain accounts rely on the password expiration date stored in Active Directory, but the LSA subsystem enforces the policy locally when it authenticates via a domain controller. If the LSA falls backs to cached credentials, there is no expiration data and thus no enforcement.
The simple fact is that image and pattern recognition on radar and camera's are not good enough in real time for an AI pilot to work with.
Modern fighters can lock and fire missiles beyond visual range. So the radar is a little better than you're giving it credit for.
the computer that runs the AI is probably twice the size of the plane it is flying
Read the article next time: "To reach its current performance level, ALPHA's training has occurred on a $500 consumer-grade PC."
You can probably fit that hardware just by replacing the padding of the pilot seat.
So put that ai pilot in a predator drone, and let a real pilot in another drone fight it. I bet it loses a lot.
That used to be what happened with all AI pilots---humans wrecked them in sims.
The article is reporting a new development, and the information is as relevant as the simulation is reliable.
Military training sims are pretty powerful. They have precise aircraft physics and handling, full visual fields, craft-specific sensors/instruments/countermeasures, and an entire background of "real world" that the planes fly in.
Since we know you're 0/2 on the previous points, I'm gonna go ahead and assume you are wrong again.
Why do CCTVs have outbound access to the internet at all?
If a CCTV feed really needs to leave the premises, that's what VPN is for.
Between the security and privacy issues, someone should be losing their job.
Why should any temporary lodging require any such registration in the first place.
Rentals are usually taxable, so the state/local government arguably has the power to demand this information already.
Some cities, typically tourist destinations, also charge a hospitality tax on short-term rentals.
There may be a requirement for liability insurance. This ensures the owner is capable of compensating clients in the event of injury or property damage.
Most buyers want a basic guarantee that the premises are relatively clean and safe. Mandatory registration is the first step in identifying rental locations, and health/safety requirements can be be imposed later if necessary.
I want actual facts, and not emotional violence typical of those that love government intrusions into business activities.
The term "emotional violence" sounds like the very kind of nonsense you supposedly despise. Or maybe you're just trying to tip the debate in your favor without actually arguing the merits of your position.
A subscription model may actually give Linux a chance.
It might, and that's why they'll never do it for their desktop OS. They've already done it everywhere else.
They already have subscription licensing for enterprise, which is where they make the bulk of their money. To the extent that businesses pass on expenses, you're already paying for Microsoft subscriptions. Have been for years.
Office 365 is a subscription. XBox Live is a subscription.
The Windows Store functions like a subscription. They get a cut of every app sold on it. The more you use their platform, the more they collect.
Microsoft may be dirty, but they're not stupid. Everything they realistically could make money on in the future is already a subscription or close to it.
But the way they are clawing for it shows they do not understand who they are and what they produce.
Oh, they know exactly what they're doing.
There are many environments where it is undesirable or even illegal to simply throw around data so detailed as what I have seen in Windows telemetry to a third party over the internet.
And here is where the money rolls in.
Telemetry can only be fully disabled in the Enterprise edition of Windows 10. If you have privacy requirements due to national security, health care, or financial regulations then you have to license Enterprise.
Still I think especially Microsoft urgently needs to be reminded that they do not rule over a lawless wasteland but operate under the same laws as everyone else.
But they do.
Do you have any idea how much telemetry is available from smartphones? Apple and Google have been sucking up that data for years, and Microsoft is late to the party. Newer automobiles have telemetry, and it's not exactly new in the automotive industry either. Hell, even GM got embedded telemetry before MS.
Even before smartphones, there was a "diagnostic" toolkit that most manufacturers left enabled in their production software.
As much as everyone seems to love complaining about Microsoft here, they are not breaking new ground. That ship sailed years ago.
If you value privacy, it's not just a question of Linux on the desktop. It's a question of what technologies are you going to cut out of your life entirely. With just cars and cell phones, most people are already completely covered.
Also, alliterate? Surely you mean illiterate? It's fairly obvious I choose to read.
There is a meaningful difference between aliterate and illiterate, similar to amoral vs immoral.
You would know that if you weren't aliterate.
You basically can't be an unescorted male in this country now without some soccer mommy accusing you of things simply because you exist.
I have no problems with this. No one I know has had problems with this.
Perhaps you need to review your dress, hygiene, and behavior.
Those same hypersensitive mommies believe there's a predator behind every tree even though instances of violent crime are way down.
Every generation has its bed-wetters.
actual criminals are being let off by jurors who can't comprehend why the cops can't produce a neat tidy stream of high tech evidence like they do in CSI
Prosecutors got convictions under the same "beyond a reasonable doubt" standard before high tech evidence existed. If they are having problems now, maybe it is not the jurors' tech fantasies that are to blame.
If you know it is classified and disclose it anyway, that is a felony. It doesn't matter if you figured out how they did it from their own classified documents or not.
If you don't know whether it's classified and cannot reasonably be expected to know, then you're fine. If they decide to classify it after the fact, they will tell you the information is classified and that you're no longer allowed to discuss it.
There have been a few cases where this occurred, and the creator of the documents in questions was approached in person by federal agents.
but whats to stop them just 'saying' they only use the exploit for foreign intelligence
That's simple, if the law is written properly.
When it's used for law enforcement purposes, it must be disclosed during that case---whenever the law dictates. E.g., when it is developed, after the investigation concludes, during the trial, after any appeals relevant to the exploit are decided, etc.
If they totally swear that the intelligence community is using some other exploit, they don't have to talk about that supposed exploit. We don't care at that point.
Either a particular exploit is unique to the intelligence community (and thus protected from disclosure), or else it is disclosed by law enforcement (and thus there is nothing else to tell us).
IT security and policies should support the mission of the organization - not the other way around.
This is a useless generalization.
Since most businesses do not want their trade secrets or contract information stolen, they need IT security.
Since most businesses are obliged to protect personal information or other sensitive information, they need IT security.
The value of various protections should determine how much they spend to implement security, and the potential for lost productivity should determine how much is spent on streamlining procedures and deploying enterprise tools. Most of those assessments come from upper management.
I've worked at some mid-sized and larger enterprises, and very rarely are the security measures stupid or wasteful in the larger organizations. They usually hire good people or pay for good consultants.
There is more room for stupidity to take root at smaller offices where IT is not subject to the cost analysis or external auditing.
The fact that we IT professionals have not come up with a universal replacement for passwords is the IT industry's biggest failure in my lifetime.
There are a variety of alternatives because the security needs of organizations vary. Passwords have always been the lowest common denominator in terms of security.
Some places still use passwords. Others use smart cards, and yet others use RSA tokens as multi-factor supplements to passwords.
Passwords were a universal security measure because they were fast and cheap to implement. They failed when computational capacity inevitably exceeded basic human memory capacity.
The alternatives are not universal because they are more expensive, and they involve different trade-offs in terms of upfront investment, infrastructure requirements, overhead, and operational costs.
You are basically saying there is a failure because there is no one-size-fits-all solution. You need to move beyond that and realize that everything more secure than a password is also more expensive and complicated. There is no way to avoid that, so every organization will need to assess the alternatives and make an intelligent decision.
Security professionals cannot simply demand that business stops when security policies are not met.
A lot of times, the outcry to "stop doing X" does not mean the business should stop performing one of its functions entirely. It usually means we need to figure out how to replace insecure procedure X with secure procedure Y.
While I'm sure some places have moronic IT staff, practically no one expects essential operations to halt. You can't get more than the basic security certifications without being reminded that business needs and continuity of operations are essential considerations in forming IT policies.