This would be true if software licensing was anything but a drop in the bucket for an organization's IT budget. Also, Microsoft at least gives a ton of free consulting hours with large EAs. Every organization has a mix of open and closed source stuff but the licensing costs don't determine what's most expensive, ease of update is. We get dinged by our auditors if our software isnt up to date, and the ease of transition that closed source stuff usually has (except ERP stuff and Oracle) offsets the cost of the license.
Its complicated, but man hours, power, user hardware, user training and consulting make up the bulk of an IT budgets. Training 100 000 users on something new costs WAY more than licensing 100 000 windows workstations at 60 bucks a pop. And don't get me started on migrating from Office.....
To further obfuscate, a better solution might be to go back to the honor-system activation model and then this wouldn't be such a big problem, but that's a completely separate argument that I think you and I would agree on.
I have to disagree, and I'm a lot more qualified to make that argument. If VLM code gets into the wild that has MASSIVE implications for all of their biggest customers. I run a 150k user AD environment right now, and we would have had to make large, high impact changes to our activation model if the activation code was under threat.
Its my job to be VERY aware of whats going on here, and even though I personally hate that they did this, professionally i have to stand with them, and thats why they did it.
This is a VERY long conversation, but a lot of it comes down to 3 things: Manageability, supportability, and cost to confirm (testing).
Manageability: making environment wide changes (and confirming they were successful) is very difficult in an enterprise linux environment, and prone to failure. Getting better every day, but not there yet and the least of the issues.
Supportability: Not that its necessarily harder, but it is WAY more expensive to pay a Linux systems analyst to do workstation support than it is to pay a tech support monkey with a HS education. Scale that out to 1000+ IT people, and its a multi-million dollar problem.
Confirmation/Testing: This is a lot more nuanced, and really only affects the ultra-large enterprises, but having a consistent code base among your 100 000+ computers in a large enterprise has economies of scale when testing new rollouts that is impossible to replicate in a package-based environment. It comes down to man-hours required to test changes under an ITIL/COBIT managed environment. Again, efforts are being made (successfully) to nullify this problem, but it still exists.
That's a BS argument. Exploits come from bugs, having access to source allows you to find bugs. Or workarounds. And yes, we are reliant on Microsoft OS's in the enterprise because there isn't another option. I know you are about to explain to me how Linux can do it, but I'm an Enterprise Architect and you aren't, and you're wrong.
I feel like im in the bad position of defending Microsoft, but simply attacking them for what is a VERY nuanced problem is counter-productive to solving the problem.
Show me a legal US method of subpoenaing information YOU legally own, and I will retract my defense of them. But until you can, you are arguing the wrong point.
They had no legal options, they did explore them and described them in detail. Because of the CFAA, email on a server belongs to the company that owns the server, not the user or any 3rd party. You cannot legally subpoena property or information that you yourself own.
This is a MAJOR flaw in the US legal system, and Google/Apple/Facebook would be forced to do this the same way in similar circumstances. Except they don't have enterprise customers that they have contracts with to secure their code, so they aren't as worried about this issue and are using it to attack microsoft.
There is a techdirt article from years back of Google doing the same thing (to Gchat messages) when one of their engineers was abusing his access to communicate with minors. They had no issue looking through the mis-accessed accounts to confirm that.
Get your reps to change the CFAA and make information you create, stored at a 3rd party your own property. Otherwise, cloud storage providers will ALWAYS be forced to use only internal policies to decide these matters.
Your read on this case, Mike, is a bit off. It had nothing to do with a copy of Windows 8, but source code relating to the Volume Activation mechanics in Windows 8/Server 2012. This is a REALLY BIG DEAL to people like me running open activation systems that would then be exploitable. They made a promise to other customers, paying customers, that they would do everything in their power to keep that code secure.
How they did it is one thing, and you can be against that, but claiming that they did not have a VERY good reason for doing so is intellectually dishonest.
This is actually a problem with the CFAA that makes your email sitting on a server the companies problem. I guarantee they are correct that there is no way to subpoena emails you legally own. Remember, in US cloud services the provider owns that data because of the antiquated law. Fix it! They shouldn't, and MS should require a court order to search it.
Why in the world would Netflix buckle to this. They get extra revenue without having to even compete in the region, costs them nothing and banning VPNs would be extremely difficult and privacy destroying for their paying customers. All for a country they don't have a presence in. Yeah, gonna happen for sure....
As some commenters have noted this is a lot less about MITM attacks than it is about transparent proxies. And there are already solutions that solve this problem, they are just in a layer above the protocol so are expensive from a processing standpoint.
In order to implement this the proxy manager would have to have admin access to the OS to configure the trusted prox. Unless ISPs make this mandatory to use their systems (unlikely) it shouldn't affect public users that much. And if ISPs do make it mandatory then almost everyone would freak out since it would compromise SSL universally including SSTP/SSL VPNs and banking sites. If you think Bank of America is going to allow lesser companies to increase the risk on their books you haven't been paying attention.
Here's a quick definition of net neutrality along with a handy example, for all those ignorant journalists out there:
A neutral network is one where filtering is performed at the protocol layer and not at the application layer. So filtering 'internet video' is not an example of neutrality violation, but filtering 'netflix' would be, if YouTube was left alone.
Someone streaming house of cards from anywhere other than Netflix either has a VERY specific reason for doing so, or is an idiot. Neither situation is going to be resolved by Google changing their algorithms.
I think that using GNU as an example of pure open source working its actually disproving your point, especially compared to Microsoft.
That example actually, when looked at neutrally , suggests that Linux and GNU should close their source and start selling because its obvious which s more in use.
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Re: Re: Recheck facts
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Re: Re: Re: Re: Recheck facts
Its complicated, but man hours, power, user hardware, user training and consulting make up the bulk of an IT budgets. Training 100 000 users on something new costs WAY more than licensing 100 000 windows workstations at 60 bucks a pop. And don't get me started on migrating from Office.....
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Recheck facts
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Recheck facts
Its my job to be VERY aware of whats going on here, and even though I personally hate that they did this, professionally i have to stand with them, and thats why they did it.
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Re: Re: Recheck facts
Manageability: making environment wide changes (and confirming they were successful) is very difficult in an enterprise linux environment, and prone to failure. Getting better every day, but not there yet and the least of the issues.
Supportability: Not that its necessarily harder, but it is WAY more expensive to pay a Linux systems analyst to do workstation support than it is to pay a tech support monkey with a HS education. Scale that out to 1000+ IT people, and its a multi-million dollar problem.
Confirmation/Testing: This is a lot more nuanced, and really only affects the ultra-large enterprises, but having a consistent code base among your 100 000+ computers in a large enterprise has economies of scale when testing new rollouts that is impossible to replicate in a package-based environment. It comes down to man-hours required to test changes under an ITIL/COBIT managed environment. Again, efforts are being made (successfully) to nullify this problem, but it still exists.
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Recheck facts
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Recheck facts
Show me a legal US method of subpoenaing information YOU legally own, and I will retract my defense of them. But until you can, you are arguing the wrong point.
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Re: Re: Recheck facts
This is a MAJOR flaw in the US legal system, and Google/Apple/Facebook would be forced to do this the same way in similar circumstances. Except they don't have enterprise customers that they have contracts with to secure their code, so they aren't as worried about this issue and are using it to attack microsoft.
There is a techdirt article from years back of Google doing the same thing (to Gchat messages) when one of their engineers was abusing his access to communicate with minors. They had no issue looking through the mis-accessed accounts to confirm that.
Get your reps to change the CFAA and make information you create, stored at a 3rd party your own property. Otherwise, cloud storage providers will ALWAYS be forced to use only internal policies to decide these matters.
On the post: Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
Recheck facts
How they did it is one thing, and you can be against that, but claiming that they did not have a VERY good reason for doing so is intellectually dishonest.
On the post: To Catch A Meaningless Leaker, Microsoft Made It Clear It Has No Concern For Your Privacy
On the post: Based On NSA Defender's Arguments Against Public Debate, The 4th Amendment Should Be Classified
On the post: House Committee To Investigate NHTSA's Roadside Blood And Saliva 'Surveys'
On the post: Australian Broadcasters, Netflix Competitors Pout Because Netflix Hasn't Banned VPN Users Yet
On the post: IETF Draft Wants To Formalize 'Man-In-The-Middle' Decryption Of Data As It Passes Through 'Trusted Proxies'
In order to implement this the proxy manager would have to have admin access to the OS to configure the trusted prox. Unless ISPs make this mandatory to use their systems (unlikely) it shouldn't affect public users that much. And if ISPs do make it mandatory then almost everyone would freak out since it would compromise SSL universally including SSTP/SSL VPNs and banking sites. If you think Bank of America is going to allow lesser companies to increase the risk on their books you haven't been paying attention.
On the post: Google Fiber Teases 34 More Cities With Actual, Honest-To-Goodness Broadband Competition
On the post: No, Netflix's New Deal With Comcast Probably Won't Destroy The Internet. Yet.
A neutral network is one where filtering is performed at the protocol layer and not at the application layer. So filtering 'internet video' is not an example of neutrality violation, but filtering 'netflix' would be, if YouTube was left alone.
On the post: If You Do A Search Almost No One Does, Google Might Point You To Unauthorized Version Of House Of Cards
Re: Re:
On the post: Microsoft Goes Open Access; When Will It Go Open Source?
That example actually, when looked at neutrally , suggests that Linux and GNU should close their source and start selling because its obvious which s more in use.
On the post: Dianne Feinstein: NSA Would Never Abuse Its Powers Because It's 'Professional'
Define "Professional"
Yeah, me either.......
On the post: Iran's FARS: Snowden Documents Finally Detail That The US Government Is Run By Aliens
Next >>