Apple, on the other hand, could have come out smelling like a rose, but following the death of Steve Jobs, who apparently refused to play ball with the NSA, it stupidly jumped on board to join the PRISM club.
According to the Prism slides, it really looks so:
"Dates when Prism collection began for each provider
Microsoft 9/11/07
Yahoo 3/12/08
Google 1/14/09
Facebook 6/3/09
PalTalk 12/07/09
YouTube 9/24/10
Skype 2/6/11
AOL 3/31/11
Apple (added Oct 2012)"
If it's true, it's one reason more to deeply admire him.
And can you just imagine how much more sales Apple would get now for not being on that list?
What you're seeing in Putin is the ability to be independent. He gets to enjoy watching the Americans squirm at low cost. What's the US going to do to Russia? Our diplomats will be rude to each other, maybe we won't attend the Russian summer ball and snub the Russian ambassador, each country will declare some spies persona non grata.
At the end of the day, the areas in which the Russians and Americans cooperate are areas that they have a mutual interest to do so.
Others, like the Germans or Spain are different. They piss off the US, we cut off the faucet of intelligence, money, privileges, etc.
Not that it would be necessary in an obvious case like this, but each one of Microsoft/Skype, Google/Youtube, Apple and Facebook could easily have hired the nation's best and brightest one thousand lawyers at $1,000 an hour, full time for 10 years to defend privacy. It would have been well within their means. Yet, each of them chose to back down. Each of them chose to fail their users' trust.
I don't think its due to cowardice. If these organisations cared the slightest bit they would have acted to protect their users. Not in the wildest scenario would the US government have jailed the leaders of Apple, Google or Microsoft. My best guess is they got something in return.
http://www.wired.com/threatlevel/2013/06/yahoo-failed-fisa-f...
It's possible that there's as-yet undisclosed legal action with some of the others; the secrecy around just about any proceeding in the FISC makes it very hard to tell.
Take the battle to the real courts and ask them to decide on the matter.
That may be naive. Most people have skeletons in their closets. The government would use these to pressure those leaders to acquiesce. I suspect the most dangerous skeletons are ones which seem harmless to you, but cast in the proper light they can be used as a justification for punishment. E.g. Something which seems harmless now can retroactively be used to claim you were doing insider trading. Few people would step up to defend you, even if the charges are baseless, because recently it's been fashionable to hate capitalists, and trading stocks is the epitome of capitalism. So it'd be very much "obey us or we will litigate you into bending your knee anyway."
Jobs was immune because he was the CEO equivalent of a rockstar. To try to pull baseless charges against him would outrage the public. Yet I'd imagine the public would get grim satisfaction out of seeing Ballmer punished, even if the charges were baseless, because most people don't like him. It's shallow, but it seems true.
On one hand, the CEO of Qwest was convicted of insider trading, and he claims it was retaliation by the NSA because Qwest would not participate in warrantless wiretapping.
On the other hand, the federal government had a perfect excuse to prosecute Steve Jobs in 2006 with the options backdating scandal, but chose not to. Those would not have been baseless charges--Apple really did backdate those options. The government just concluded that Jobs was not personally culpable.
That means if you fight, they put a server in your shop.
It was just not worth it until now. That's going to be the real legacy of the Snowden leaks.
http://blog.cryptographyengineering.com/2013/06/can-apple-re...
tl;dr:
* Apple distributes the encryption keys
* Multiple keys can be associated with an account (iPhone, Mac – and the NSA?)
* Apple can retain metadata
* Apple doesn't use certificate pinningBarely any change at all, I'd bet. And not worth the legal hassle they could have been up against if it came to a knock-down, drag-out battle with the US Government over <spins the dial>.
That's not the Steve Jobs I read about. Like him or not, he was a man of principle.
everything is worth a fight.
This reminds everyone to look at different angles when we criticize people/companies and understand that, even now, an individual makes a lot of difference.
http://thenextweb.com/apple/2011/10/27/mystery-solved-why-st...
This reminds me of a friend of mine who proxies all his web traffic through something which strips user agents and referrers. It's very easy for me to tell when he visits my website, because the logs show "-" for each of these fields.
http://www.wired.com/threatlevel/2012/06/steve-jobs-security...
I find it hard to believe that the NSA didn't see one of the most valuable and popular companies in the world as a priority until 2012. I bet they were salivating as soon as the first iPhone launched.
Apple not being a priority for NSA until Oct 2012? Pfft.
Me: "Hello. Could you tell me what Microsoft is doing at this Linux conference? I honestly want to know that."
Him: "We are here to show how our products can work well together with Linux related products."
Me: "Why would I as a Linux user use Windows or any other product from you? We all know that you spy on me - at least indirectly."
Him: "Oh no. You are misinformed. We have a lot of business customers with very sensitive data. Can you imagine what would happen to us if they found out that we spy on them? Business users are very sensitive in that area. We were screwed. And we do not spy on regular users as well. You may also know that this would be totally illegal according to German law."
Me: "So you are saying that you do not spy on businesses or other kind of users of your products?"
Him: "Yes! We were screwed otherwise!" *giggle*
Microsoft is so screwed guys.
Edit: I was not rude to this guy. We had a beer together later that day. I am sure he did not know anything about PRISM and was just doing his job.
Additionally these so-called "paranoid" questions didn't came out of thin air either. 10-15 years ago I also was very distrusting of Microsoft and what they were doing (there was a lot of anti-trust going on ...). But somehow they starting doing a few things right, wrote some good software and OS in the mean time and they "regained my trust" to the point I'd speak out against senseless M$-bashing, and perceive it as something childish.
Well, that I am no longer going to do, lest I have to eat my words. That "trust" is completely gone, and I feel kind of foolish for believing it existed in the first place, "trust" is a kind of thing that happens between two persons, not between a person and a gigantic corporation. The latter is too volatile, there can be no build up or breakage, it's every moment again different, dependent on who is in charge and which individual personalities are involved in a decision. Rationally, one instant snapshot cannot make or break the trust of the next one.
I do feel kind of foolish. I'm typing this on Win7, planning to install Linux for a while now, but I had some crazy wild ideas for a dual-boot scenario in mind that I never got around to and everything just worked so there was no hurry.
Before next week I'll be back on Linux, maybe even sooner.
Senseless bashing - including intentional miss-$pellings and holding one company (Microsoft) to different standards to others (Facebook, Google, Apple) is still childish.
However, not all bashing is senseless - Microsoft has a lot of explaining to do. Sure, so do Facebook, Google and Apple but that doesn't let MS off the hook. It makes the case for installing a Linux instead a lot stronger.
You can't expect a show rep to know about anything like prism though - that information would have been "classified" and available only to those well above his pay grade.
The company I work for has absolutely no intent of dropping Microsoft products in lieu of the NSA leaks, even with large amounts of sensitive customer data. I can't imagine many large companies would. It would require such a vast amount of work it's unfathomable to even imagine most companies considering it unless they were about to lose nearly all of their customers.
Caveat: customers do not care, at this stage in the game.
I have said in the previous HN post and I will say it again here: don't pile on Microsoft alone. These spying policies make every US-based services company untrustworthy to whomever privacy is important. Come to think of it, I'm not sure whether you can rely on European services either because it seems that gov't surveillance is widespread.
On the other hand, maybe if we do pile on Microsoft, and stop using their products for this reason alone (even though Google, Apple and others are in the same boat), it will force them and their lobbyists to influence their gov't shills to put a stop to these programs.
Yahoo Google Facebook PalTalk YouTube Skype AOL Apple
Who have also been mentioned as complicit in this whole scandal.
Just to be fair :-)
By the way, I actually agree with you and have been slowly switching all my home stuff to linux and trying to get away from Google Dependence (although I type this in Chrome on a Win 8 laptop... damn work computer)
It might be extremely difficult to boycott every company involved, so why not choose one to make an example of? The idea that you must boycott all or none appears irrational.
Yahoo Google Facebook PalTalk YouTube Skype AOL Apple
Done and done (including Microsoft) for well over a decade; I don't get this whole "can't be trusted anymore" thing. These companies could never be trusted, and never should have been.
The problem that people like you don't seem to understand is that online communications can be secure, unless the companies owning the servers themselves cooperate and companies have to cooperate if they have to do so by law.
It's only the US that has such a huge budget for spying on people's communications and the US is also part of a select handful of countries going to such great lengths to suppress the freedom of speech about it.
If I were to start a company in Romania (which is part of EU btw), the NSA can suck my dick as there's absolutely nothing they could do to make me cooperate and keep my mouth shut while doing it.
He made a valid statement and didn't express much else of his opinions or state of mind.
Unfair to immediately lump somebody into a pre-judged bucket for a single statement.
That's the real bullshit here.
The only proper answer to that is to stop using American products (at least until the US government can prove with extreme oversight from Europeans and Latin Americans and others, that they aren't abusing their spying power anymore).
That was entirely a lie. From day one their system has been targeting Americans. The proof is overwhelming at this point.
There's often a critical distinction between what gets claimed and what actually occurs in government. With a government that is so undeserving of trust, that's a very important distinction to keep in mind.
The real question isn't about whether you can trust Microsoft. It's can you even trust Intel?
"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
Free, open software and hardware are less likely to have secret 'back doors' installed or embedded in them because their innards are under constant public review by multiple eyes -- out in the open, not behind closed doors.
--
Edit: added last sentence.
Open source communities have no membership committee or state-funded security apparatus. Contributions are accepted based on trust and trust is established by technical merit. The means the three-letter agencies used against Microsoft and other corporations are not the only strategies they have available.
Maybe Linus doesn't have a price. I hope so and I trust him. But regardless of my trust and hope, there is no verification. My trust still acknowledges that no one is scanning Swiss accounts for activity which might be linked to him - and even if there were someone doing so, what would be my basis for trusting them?
Again, I'm not saying I don't trust in the integrity of Linus, but it's hard for me to trust everyone contributing to my Linux distro. Patriots and mercenaries can contribute to open-source just as well as anarchists and Samaritans.
Microsoft's closed source model required a more transparent method to subvert [more transparent than a black operation]. Subverting open source requires little more than a clever branch and merge with a veneer of social engineering. The fruit is so low hanging that merely singing the Open-Source Internationale, will get one street cred. Anyone who thinks they are immune, isn't. This is state level resources - put a man on the moon and bring down communism scale.
However, the fact that Linux source is available for review does make it more secure on a relative basis. Sure, it is naive to think a zero day couldn't be buried in there, but at least there is the opportunity for review. With a closed-source OS, we don't even have the luxury of a false sense of security.
Not to get all tin foily, but I'd be more concerned about hardware exploits if you're thinking in terms of "man on the moon" resources... where are all those chips made again?
In any case, the Microsoft is providing government with the source code of at least Windows (not sure about Office), so from a source code point of view, that is somewhat ok (minus finding people experienced enough to digest an enormous code base)
The main problem that is common with both Microsoft and OSS is actually checking the binaries. Except for China (to some extend), there is no government that is actually forking the project they use in order to create custom, controlled distro. So they are always going to have to trust their binary source. And that is the weak link.
Most companies and users get their pre-compiled distros and never bother because it's an impossible task so I don't see how open source is any better in this regard.
If you didn't build your OS, you'd better trust the person/people that did.
While free software does make it possible to gain some confidence in running TLA-free code it does not make it a simple job. Just stating that you ' know the code my system was built on now' is like stating you 'know what you eat because you read the label on the can'. There might be more in that can than the label tells you...
Think of Federal employees at Fort Meade, who were hired to do the sort of work I am describing.
Think of defense contractors with nondescript offices in Fairfax who hire those same employees after they leave the government and whose employees spend their days writing and pulling and pushing and merging open-source software.
Think of $200,000 a year.
Think of Edward Snowden.
A 1000 hackers is a line item in the NSA's budget.
Or the KGB's.
Or China's.
It's asymmetric warfare. But the side without the money is disorganized and open and trusting.
You certainly could not compromise a base as large as the number of Windows users, but you could target your efforts on distributions that have key infrastructure roles, like servers, routers, firewalls...
Another vector used to compromise free software is to participate in it. Paid agents can actively participate in open source projects and allow clever exploits that could pass as bugs if uncovered.
"We" get pre-built packages from repositories, but only because "we" don't value our privacy enough.
http://cm.bell-labs.com/who/ken/trust.html
For security conscious the prefect state is the OS which changes very, very slowly, fixing only security bugs and having binaries used by as many people as possible and which change so seldom that more people can even check them by disassembling them. You don't want to only check sources, you want to disassemble the binaries and decide if they match the sources.
And only then you want to be sure that all configurations are what they should be. Not easy at all.
This only works if you are building things yourself or trust the group building things, of course, but it's way easier than audit by disassembling binaries.
Well, how well can you trust the commercial ones ? At least with open source, you can look into it more easily and eventually find security holes. It's a step towards trust. There is no trust to gain with commercial solutions, but at least with open source, it's at least possible.
The fact that proprietary agrees with a sound market economy makes it somehow more functional and more attractive, but when you're concerned about ethics, it's a totally other concern.
Ever heard of reverse engineering? It turns out you'd need even that approach even with open source as soon as you use binaries you haven't compiled yourself. And you'd have to verify the compiler and your disassembler that way too. It's all possible, but requires more than it's currently being done, at least on the level of the stuff openly available.
And even if you manage to verify everything you have to check the computer. Modern computers be it servers or notebooks start to have BIOS-es that can even phone home and allow remote access without your control (having the keys which you can't control!).
http://www.schneier.com/blog/archives/2008/05/random_number_...
The bug was introduced in September 2006. Discovery published May 2008. Affected: the most popular Linux distribution, all the keys generated on it in that period. Scary.
Moreover, the bug was not found by reading the source code. The keys generated by all the existing system were analyzed. If I remember, only the keys generated by mentioned Linux distros stood out (and some hardware devices using customized firmware or poor implementations). Windows and OSX weren't there.
Not that that will help much.
Abundant resources and mutual distrust should ensure a rather secure OS.
Is there any indication that software running on the client is at risk? The article goes to great hyperbole but unless you're using Skydrive, I don't see how Office files are at risk with the recent revelations.
Not that they aren't, it's just that I didn't see any information that they are.
I don't think storing information in the cloud using FOSS software is going to magically protect your information.
E.g. How does using Thunderbird to access Gmail afford greater protection than using Outlook to access Gmail?
Yes, Microsoft shares all of Windows vunerability with the NSA long before fixing them.
> I don't think storing information in the cloud using FOSS software is going to magically protect your information.
And you are right, it won't. Anything you send to 3rd party severs is gone.
To keep data private, you must keep it at your computers, run only audited FOSS that you compiled with a trusted compiler, encrypt it all the times it goes into a network (even your LAN), and hope that there isn't a firmware or hardware backdoor in your computer.
People want the ease of computing not secure computing. The polls show it. In the US everyone but the geeks are OK with the NSA. Sad.
The system is going to have to change to federated data. Email, Social media, everything. Appliances owned by the individual. Either located in the home or small server appliances "rented" at a colocation facility and every user's info on their appliance. Any warrants are served to the individual not the "processing" or interpreting host that parses the data in their UI or service. The host, whether Facebook, Google, Yahoo, Microsoft, etc would notify the requester that that info is on a server rented solely by the user and they have no standing to grant or honor the warrant as they are the wrong party.
Please note I use voice typing due to fine motor control and this comment may contain errors.
These people remind me of the Austrian writer Karl Kraus: "The secret of the demagogue is to make himself as stupid as his audience so that they believe they are as clever as he."
The fact is that for almost all big corporations there is so much money, training and culture involved in MS platforms that a shift away from it is just to hard to do, unfortunatelly.
No John, unfortunately it is not really an option to move 57,000 employees and a headquarters out of the United States. That is what would need to be done. None of the people making statements for these large corporations are lying voluntarily.
And Microsoft is evil, I mean in Google's sense of evil and even Microsoft admit it.
But What about the one who claim them self do no evil and itself being so righteous. Joined Prism on 1/14/09?
And I would really love if the Movie could add bits on Prism agents coming in like some fucking retard, and Steve would tell him to Fk off.
NewsPaper and Media, intentionally or not trying to diversify the hate and focus on PRISM away from Government.
They are ultimately the one to be blamed.
That's exactly what I'm hoping will happen. It may be the only way to actually roll back most of this shameless and abusive mass spying of everything and everyone. I'm not sure what else would stop it. Americans protesting it? I'm not holding my breath for that one, and even if they do, they'll only try to fix the spying internally, as they couldn't care less what they do to the world as long as the government keeps telling them "it's to keep them safe" (which obviously trumps everyone else' rights).
You know... Up until this whole NSA/PRISM thing got uncovered, Microsoft had actually rather successfully started to rebuild the perception and image of its cloud-service Azure.
It had shown the world that in less than a year, it was well on its way to catch up with Amazon Web Services. It was going from an experiment to serious business. Something the company invested in. Even more so than the traditional parts of the business.
As someone who once looked at Azure and laughed it off, I was coming around, actually considering it. I don't have any inside info on this, but I would guess/assume Azure was just about to take off. All those investments, finally about to pay off.
Then the whole NSA/PRISM thing came about. Now there's no chance in hell I'm going there. Not that I expect AWS to be any better in that regard either. I'm currently pulling out my data from Google. I trust them even less.
Hell, at this point, the only viable option privacy-vice seems to be open-source software, deployed by me, to an account I control, hosted on a service-provider outside the US's reach.
It may not be immune to unauthorized, illegal snooping, but it will be off the main grid, take a bit more effort and it wont be done automatically 24/7.
If I become paranoid enough to put in the effort, I'll just get a VPS instead and encrypt the shit out of it.
(Disclaimer: Not a US citizen.)
I don't use the hate word often, but I HATE Microsoft now.
Just for the record, I think Dvorack is bang on with this article. Couldn't agree more.
;-)
Seriously though, if you don't play ball with the NSA, they come after you, your business, and your family with the full weight of the US government. Your wealth or status means nothing against it.
Which means, as a parent, I can relate.
Yes, you and I can sit here on my keyboard and say we would have stood our ground, but when you have a children and a mortgage, suddenly things are very different. Suddenly, you think that maybe fighting this one particular fight isn't worth the damage to you and your family.
That, my HN friends, is why the whole NSA PRISM thing is so evil and why it outrages us: Even those normally beyond the law (the rich and famous) are suddenly victims like the rest of us.
With that said, do you really want to buy a Microsoft product?
Notice the words appears and apparently. Until there is specific evidence to take those two words away from those sentences, hardly anything will change.
PS. It's *buntu that spins my propeller.
PPS. I'd be interested in what RMS has to say, not just about MS in this case but the whole PRISM/NSA thing in general - he has been warning us.
Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.
Each update, a summery of all installed packages are collected and sent to Microsoft in order to "improve the experience".
WAT collects your hardware specification, including the serial number of your hard drive.
Each time you connect your operative system to the Internet, it calls home to a Microsoft server to check if the connect works. Its doubtful that they throw away the logs from this.
Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Microsoft word (and Outlook?) do also collect information, but it is supposed to be optional. I don't remember if its on by default, but I am rather sure it is.
Then we have semi-native application such as massager or skype. Both has messages being "scanned".
Some of the sources: https://office.microsoft.com/en-us/word-help/privacy-stateme..., http://redmondmag.com/articles/2010/07/01/what-does-microsof...
Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.
The ones you mentioned about Updates is also true for Chrome updates. [1]
>Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Any source on this?
>Microsoft word (and Outlook?) do also collect information.
With Office 365, this is more or less a reality.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned".
Are you talking about URL scanning? So does FB, Gchat etc. Expect your messages to scanned or stored no matter what 3rd party service you use. Always use client-side encryption for secure communication.
The most important one you left out is SkyDrive. I remember installing it on my computer and then signing onto the web interface to find out I could even access files outside of my sync directory. Sure you can turn "off" the feature, but I promptly uninstalled it instead.
I don't trust Microsoft with privacy in the cloud but neither do I with any other 3rd party.
[1]https://www.google.com/intl/en-US/chrome/browser/privacy/
> Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates. - Any source on this?
https://windowssecrets.com/top-story/microsoft-updates-windo... (its old yes, and was disputed as a "bug" by Microsoft. At the same time, no security expects has said that Microsoft did fix it. As such, I default to once burned, twice shy.).
>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft. - Huh? Are you talking about hashes being sent for malware check
SmartScreen Filter and Suggested Sites (http://windows.microsoft.com/en-ca/internet-explorer/ie10-wi...). Both can be turned off, and I don't know what is default. My default assumption is that both is on (or checked in wizard) by default.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned". - Are you talking about URL scanning? So does FB, Gchat etc.
The OP talked about native MS apps as being risk free. Just because FB and Gchat also do bad thing, doesn't make someone else applications less risky to use.
Hashing the URLs won't give you any privacy, because the set of used URLs is public and relatively small. Also, I'm not aware of Firefox doing that, are you sure about it?
At IE and Chrome, sending that data is optional. It's neither opt-in nor opt-out. The browser makes a question at the first use, and you must select one option. IE's question is a bit biased toward a "opt-in or you'll get phished", but there is no reason to think that wording is malicious - one can even claim it's true.
Besides all that, MS sends all known vunerabilities of it's products to the NSA long before either publishing or fixing them. That's enough to give the NSA administrative priviledges on Windows machines.
True, but what about Windows Phone vs. Android (with Google's apps, not just a FOSS build like Replicant) vs. Apple? Which is the lesser evil for your privacy?
Cyanogen.
- low-level crypto APIs (the 'DLLs' referred to obliquely in the article); these are more interesting. I imagine they could be compromised for weak session key generation or other leakage of key / plaintext, or generate the session key in such a way that the mythical 'NSAKEY' can decrypt it. Huge impact, if so, but only to certain software; AFAIK Mozilla doesn't use the Windows crypto API / certificate key store (but Chrome does).
- SSL certificate generation (built-in CA for Windows Server builds); certificates stored and replicated via Active Directory; does anyone actually use this? In fact, does anyone actually use client SSL? It is likely also used for domain peer replication, which could potentially be over an external network (but why would you not use a VPN there?)
- Encrypted File System; already contains an escrow key-recovery mechanism to allow administrators (including domain admins) to recover a lost user key. Only likely to be relevant if hard disk or backup images seized, so less impact.
- BitLocker drive encryption; similar to EFS but uses a hardware TPM and is per-machine rather than per-user. Fairly sure escrow key recovery at the domain level is possible here too. Again, only likely to be relevant if hardware or backups seized.
- Office document encryption; did anyone SERIOUSLY think this was worth using anyway? There are so many key recovery services out there for this (Elcomsoft et al)
- Communications applications (Skype et al); again, did anyone SERIOUSLY think this wasn't already being monitored, even before Skype became a Microsoft product?
- Some other OS-level 'phoning-home' behaviour. I simply don't believe that no-one has spotted this happening, if it's there - we can do traffic analysis too, and there are plenty of people running Wireshark on their own networks.
As for updates, I imagine if you set up a domain you can run your own WSUS update server, MITM the connection, etc. - and then compare the behaviour with a "regular" home PC.
The problem really is how deep the hole goes - as per Ken Thompson "Reflections on Trusting Trust", 1984.
I put "non technical" in quotes because many of the people in HR, Accounting, Marketing, etc. are very tech-savvy. Marketing folks, for example, would love an all-Mac office setup, but they generally have to have Windows PCs for Powerpoint, Visio, and CRMs, to name a few. HR needs their IE6 in-house apps. Accounting can't even hire anybody who wants to try getting their work done on a Mac.
I realize I'm not even talking about Linux here; I think that just underscores my point.
Does anyone have a counterexample? Because I would pay top dollar for a Linux solution to these problems, but haven't seen anything worth buying.
Then you'd have to de-couple the entire organisation from Active Directory. And refactor (at best) or re-write (at worst) all custom in-house apps that rely on either Windows or Active Directory.
It's just too expensive.
I've seen about 10-20% Linux use and about 0% Mac use in industry (Finance - Buy and Sell side). YMMV.
Linux is incredibly popular because people claim (rightly or wrongly) that they can have a lower latency setup. R-Project is very popular with people because they can have engineers customise it in ways not possible with Mat Lab.
But at the end of the day it all falls back down to MS Excel.
Apple don't have any enterprise ready tools for managing a system of 50,000+ client PCs and 30,000+ servers. So they don't get a look in, save the few iPads that are just perks and never used for any work that I've noticed.
What about UEFI? Should that be assumed fundamentally insecure from this point on?
RedHat / Fedora ship with SELinux.
It's sorta a big deal.
It's practically been the operative description of Microsoft for decades that they're interested in profits (and potential profits in certain circles disjoint from the end users), not the privacy or security of their users.
Seems like Microsoft has a lot of issues to worry about. Doing a reorg when the company is struggling just to put an agency person in charge seems like a lot of work. Why not just put them in charge in a small internally announced move?
Google is not actually blocked by the firewall. Gmail is slow, occasionally lots of dropped packets, and other passive-aggressive behavior, but not blocked. Search generally works ok, unless, say, you are a tourist searching for information about a certain popular tourist destination in the center of Beijing. Groups, Docs, and other free exchange of information services are blocked, though.
This seems to imply using Office, like in Word/Excel?, somehow poses a privacy risk. Is that true? And how exactly?
That is a very close minded way to look at things. Closed Source does not always = Evil and Opensource does not always = Secure. Competition and choices should always be sought for. Without competition, stagnation is as prevalent in open-source community as in closed source. I rather have the right to choose between a Mac, Windows or a Linux variant than someone making the choice for me.
So the problem is perpetuated - windows is the only platform that is basically guarenteed to have a market. So as a user of software, you'd stick to windows, and as a maker of software, you'd stick to making software for windows. Other platform is almost an afterthought. Unless web based software radically changes (i need to unzip a file - what web based software will do that for me?), this will not change.
There are probably other services/tools, because technically, there's nothing stopping you from unzipping files in the cloud, or in web based software. It's just the matter of uploading something and then downloading the content after it's been unzipped on the remote server. So it's just more expensive in terms of network traffic.
The availability of the tools that do that, other than Google Docs, is another thing. Honestly wouldn't know, don't recall ever needing it before.
/me checks byline.
Holy crap. Yeah, I remember when Dvorak was quite the Microsoft fanboi.
My how times change.
I have a feeling had Apple been first on board rather than last the journalist would argue that Microsoft were evil for not complying with a government request and that Apple clearly had the vision to help the nation's security, but maybe that's just me?
The problem here is the divide between national government and international corporations, where the corporations' actions influence far more people than the direct actions of the national government.
I cannot exert any influence over a government that isn't mine, but I can decide which companies I support and entrust with my data and business. Your dichotomy of government vs company is therefore not correct. I can (and should) be upset about both.
Crazy. I've been trusting Microsoft all this time, and now, what to do!?!
LOL. Who was dumb enough to have ever trusted them?