I think you probably don’t realise you hate standards and certifications. No IT person wants yet another system generating more calls and complexity. but here is iso, or a cyber insurance policy, or NIST, or acsc asking minimums with checklists and a cyber review answering them with controls.
Crazy that there’s so little understanding about why it’s there, that you just think it’s the “IT guy” wanting those.
Watched mentour pilot YouTube about this a bit ago. It’s just sad. I recommend the watch if you’re interested in the story.
Why would I game in my office when my couch down stairs in front of a 70 inch TV is so much more comfortable and has no work available to do on it?
This is what I’ve done for years. It just auto starts after OS launch in big picture and I grab my controller. Occasionally I have my wireless keyboard for something but it works fine.
I don’t own a steam deck they’re not available from valve here in Australia. So I’m sure I’m missing out on some polish. But I’ve never seen it so I don’t miss it.
People come over, sit on the couch, grab a controller, steam is loaded, they play game. The OS and then steam is out of the way in a flash. After all I’m after the game not the launcher.
Well good news! Time to let yourself love again!
At this point we want antivirus and anticheat out of windows kernel. Microsoft killing access to it will genuinely fix Linux compatibility issues.
It couldn’t be more win-win.
Microsoft is trying to test that approach. The company tested restricting kernel access to third party security vendors in the past, with Vista OS in 2006, but had to backtrack the move.
Symantec and McAfee then claimed Microsoft’s decision to shut off access to the kernel amounts to “anti-competitive behavior.”
Without kernel access, this software may struggle to perform in-depth behavioral analyses of processes and applications, to meet its objectives, said Varkey. “Blocking this access can limit the software’s ability to detect and prevent sophisticated attacks.”
They can’t be trusted, kick out everyone’s access to the kernel. Everyone must use API and that can be interpreted.
I keep asking the pets for their owners secrets but they don’t tell me? I’ve tried pats, compliments and treats? Am I doing it wrong? How are you getting them to tell you about their owners?
Though I agree, you’re trading problems: https://www.forbes.com/2009/05/09/japan-downsize-mizhuho-merger-zombies-tokyo-dispatch.html
The youth can’t get jobs because the positions are filled by entrenched creating this “unless you’re the cream of the crop you won’t get a decent job” permiating from school cumulating into your ranking at education all the way through to graduating in university where only the top cream get reasonable jobs, and many don’t. Even that doesn’t even start to scratch the surface since there’s the aging population, negative population growth requiring less “low skill jobs” like trades in construction…
My point is, I wouldn’t want to replicate that either.
One rich company trying to claim money off the other rich companies using its software. The ROI on enforcing these will come from only those that really should have afforded to pay and if they can’t, shouldn’t have built on the framework. Let them duke it out. I have zero empathy for either side.
The hopeful other side is with a “budget” for the license, a company can consider using that to weigh up open source contributions and expertise. Allowing those projects to have experts who have income. Even if it’s only a few companies that then hire for that role of porting over, and contributing back to include needed features, more of that helps everyone.
The same happens in security, there used to be no budget for it, it was a cost centre. But then insurance providers wouldn’t provide cyber insurance without meeting minimum standards (after they lost billions) and now companies suddenly have a budget. Security is thriving.
When companies value something, because they need to weigh opportunity cost, they’ll find money.
Hold them all to account, no single points of failure. Make them all responsible.
When talking about vscode especially, those users aren’t your mum and dad. They’re technology professionals or enthusiasts.
With respect to vendors (Microsoft) for too long have they lived off an expectation that its always a end user or publisher responsibility, not theirs when they’re offering a brokering (store or whatever) service. They’ve tried using words like ‘custodian’ when they took the service to further detract from responsibility and fault.
Vendors of routers and firewalls and other network connected IoT for the consumer space now are being legislatively enforced to start adhering to bare minimum responsible practices such as ‘push to change’ configuration updates and automated security firmware updates, of and the long awaited mandatory random password with reset on first configuration (no more admin/Admin).
Is clear this burden will cost those providers. Good. Just like we should take a stance against polluters freely polluting, so too should we make providers take responsibility for reasonable security defaults instead of making the world less secure.
That then makes it even more the users responsibility to be responsible for what they then do insecurely since security should be the default by design. Going outside of those bounds are at your own risk.
Right now it’s a wild West, and telling what is and isn’t secure would be a roll of the dice since it’s just users telling users that they think it’s fine. Are you supposed to just trust a publisher? But what if they act in bad faith? That problem needs solving. Once an app/plugin/device has millions of people using it, it’s reputation is publicly seen as ok even if completely undeserved.
Hmm rant over. I got a bit worked up.
The messaging around this so far doesn’t lead me to want to follow the fork on production. As a sysadmin I’m not rushing out to swap my reverse proxy.
The problem is I’m speculating but it seems like the developer was only continuing to develop under condition that they continued control over the nginx decision making.
So currently it looks like from a user of nginx, the cve registration is protecting me with open communication. From a security aspect, a security researcher probably needs that cve to count as a bug bounty.
From the developers perspective, f5 broke the pact of decision control being with the developer. But for me, I would rather it be registered and I’m informed even if I know my configuration doesn’t use it.
Again, assuming a lot here. But I agree with f5. That feature even beta could be in a dev or test environment. That’s enough reason to know.
Edit:Long term, I don’t know where I’ll land. Personally I’d rather be with the developer, except I need to trust that the solution is open not in source, but in communication. It’s a weird situation.
Now I’m not part of this, but a international student just got scammed $170 000 dollars over 3 months. They believed that the police had seized their Australian bank account and were contacting them related to their identity being stolen. It wasn’t at the time of call, but the international student, maybe 25, was fully profiled. They knew where he studied, who they had been talking to. At the time of call, the poor kid thought he was talking to the police, gave every bit of information including bank account which had mfa, but undid it and and followed the scmmers requests believing he would be deported. He called home to his parents and asked them for more money even in order to build a new account because he believed is other one was frozen, the new account was under order and control of the scammer who this kid trusted. The scammer even made this kid move into a hotel for a week as their “premise needed to be searched” it wasn’t for a month after this that it was found because the kid believed he couldn’t tell anyone before the school (where he was attending but kept leaving to take calls which is a no no) had to tell the kid that absenteeism will result in the student visa being cancelled. At that point it all came out, month and more of being scammed.
My point is, no it’s not business. Just look at the YouTubers, just watch Jim Browning. Just ask people, it’s a multi billion dollar industry. And it’s not limited to rules like ‘business’.
There are massive collections of databases online that find where breaches have occurred allowing attackers to dump the database of that service, then collect all those database dumps together to identify all known accounts under an email address. Then once that email account ever has a password breach attackers can look up and see ‘was this password used also on other accounts’ and attempt to use the same email and password on them. Moreover they will just try that email regardless of known affiliation, if they already have a user name and password across many online services, it’s safe to assume this will work sometimes. This is the essence of a credential stuffing attack.
https://www.abc.net.au/news/2023-05-18/data-breaches-your-identity-interactive/102175688
I’ve used abc here since I believe they write better for a lay person.
Edit: I should mean to say, they can also create a profile of you and your many email addresses as demonstrated.
You realise if it’s saved you can now use features that are built into the software, that get saved, like using ‘track changes’ to accept or discard edits granually. You have file system level version control to choose previous versions, you have an undo feature built in. Three different tools to use.
Not really, you can leave auto save on, and use the inbuilt track changes function. Best of both worlds.
Have you tried using file versioning, or using review (track changes) functions to propose changes so you can choose to accept edits or decide against them? It’s like there are specific features for this scenario that allow you to save, have backups and have that control.
This is an insane scenario: my software design decision is, despite recovery mechanisms like previous versions, file history, and undo mechanisms, I’m afraid if a cat uses a keyboard I’ll accidentally save changes I don’t want to a word document.
Lol. The only user error was choosing libre office instead of a user friendly software stack that has reasonable defaults and r recovery mechanisms.
There’s a few random projects that aim to store bulk data and human information in durable materials.
https://www.popsci.com/technology/5d-disc-stores-500-tb-of-data/
Professor Peter Kazansky, from the ORC, says: “It is thrilling to think that we have created the technology to preserve documents and information and store it in space for future generations. This technology can secure the last evidence of our civilisation: all we’ve learnt will not be forgotten.”
I’m learning most of the articles are all based on this guy from 2013 until now it’s still been in mostly research phase though proof of concepts have been done.
I’m trying to find evidence of another thing I swear I heard about where someone had some instructions from first principals how to read the data, but all the way from something like understanding the language to data format. I listened to something in a tech podcast but can’t find it.
In Australia, we say “you’ve binned it” if you crash.
For example “He’s binned it in the servo”.