Tag Archive for MSFT

| March 5, 2020
Comments Off on Son of Facebook Phone

Son of Facebook Phone

Son of Facebook PhoneThe tech world never learns from its mistakes. Rumors are that data-leaker Facebook is combining two bad ideas, software from Windows NT with FB hardware. The Verge reports that Facebook is developing its own operating system. Facebook’s effort is being led by Mark Lucovsky, who co-authored the Windows NT operating system.

Could the FB OS be the greatest thing since?The reports say the FB OS could be used on Facebook’s hardware products. Oculus, Portal, and forthcoming augmented reality glasses, code-named “Orion,” currently run on a modified version of Google’s Android. FB wants to reduce or remove entirely the control GOOG has over its hardware.

Ficus Kirkpatrick, who heads Facebook’s AR and VR group hedges his bets, he told The Verge “it’s possible” that future FB hardware won’t rely on Google’s software. Facebook’s head of hardware, Andrew Bosworth is more definitive, “… we’re gonna do it ourselves.

Facebook phone crashed and burned almost immediately.The Verge points out that Facebook’s last attempt at producing its own OS did not go so well. The Facebook phone, or, more precisely, the Facebook phone mobile operating system, crashed and burned almost immediately. Unveiled in 2013, Mark Zuckerberg promised the $99 device would “turn your Android phone into a great social device.

It didn’t exactly work out that way. Instead, shortly after the Facebook phone went on sale, the price dropped to 99 cents. The operating system was called out as mediocre, and early adopters complained that it was counter-intuitive and hard to — of all things — place a phone call. By 2014, the New York Times reported that Facebook had disbanded the mobile OS engineering team.

The FB mobile OS attempt resulted in a forked version of Android that ran on an HTC produced phone back in 2013. Flooding a phone with Facebook’s social feed was wildly unpopular even back before Facebook’s brand was tarnished with numerous privacy scandals. Facebook will have an uphill battle on its hands if it wants people to give its software another shot.

For those with short memories FB has leaked nearly 1 billion personal data records that we know about since 2018:

The idea of another FB OS gets even scarier when you add the legacy of Windows NT on top of FB’s lack of respect for its user privacy. The for uninitiated, Windows NT was released in 1993. It was Microsoft’s first foray into a network operating system (NOS). WinNT had a number of issues that made the Blue Screen of Death (BSOD) a household phrase.

Blue Screen of DeathA blue screen occurs when Windows encounters a “STOP Error.” This critical failure causes Windows to crash and stop working. The only thing Windows can do at that point is to restart the PC. This can lead to data loss, as programs don’t have a chance to save their open data. FB has put Mark Lucovsky, who co-authored the Windows NT operating system in charge of writing the FB OS. Some of the more notable problems with WinNT included,

  • Allowing the default user to run at admin/root privilege without a password.
  • Noted cryptographer Bruce Schneier, noted that part of Windows NT 4.0 is so broken it can’t be fixed with patches. Schneier said, “Last time they released a fix, it broke so many other parts of Windows NT.”
  • WinNT did not support USB.
  • NTVDM (also known as Windows on Windows, or WOW) that blocked access to the hardware so that legacy applications would run as though on a DOS computer, except without access to protected areas of memory. This resulted in a substantial number of applications simply did not work.

rb-

People back then perhaps thought better of letting Facebook on their phones. Toward the end of the decade, it seems we’ve come full circle

The rumor mill also says Facebook is working on a brain control interface for its devices, which could allow users to control them with their thoughts. But of course, that also means that FB could have access to the user’s brain – and sell their thoughts and then your brain will throw a BSOD, and will you have to reboot your brain to recover.- I’m just saying……

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| January 23, 2020
Comments Off on PC Market Show Signs of Life

PC Market Show Signs of Life

PC Market Show Signs of LifeAfter 7 years of consistent declines – PC sales finally stopped their slide. Market researchers Gartner and IDC reported that PC sales grew during the fourth quarter of 2019, boosting all of 2019 into the positive. For the entire year, global PC shipments were up 2.7%, according to the IDC. That makes 2019 the “first full year of PC growth” since 2011.

Sick computerPCWorld reports that 2019 new PC numbers from Gartner and IDC and are remarkably similar. Gartner reported that PC sales grew 2.3% in 2019 Q4 to 70.6 million units and 261 million units for the year. Rival analyst firm IDC largely agreed, estimating that PC unit sales grew 4.8%, to 71.8 million units. IDC said that worldwide PC sales grew 2.7% for 2019 as a whole.

Among the results:

  • The top three global PC vendors—Lenovo, HP, and Dell—all consolidated their market share, reaching 65% of the PC market.
  • Lenovo logoIDC and Gartner concur that Lenovo (LNVGY) is the world’s top PC vendor for 2019. IDC reports Lenovo had a 24.8% global market share and Gartner said it had a  24.1%.
  • Globally HP (HPQ) ranked #2 with 23.9% by IDC and 22.2% by Gartner.
  • Dell was ranked #3 worldwide with 17.4% by IDC and 16.8% by Gartner. Dell’s unit sales climbing by nearly 11%, according to IDC’s estimates.

In the U.S. market the ‘Q4-19 rankings differed:

  • HP logoHP is #1 with a 31.2% market share and a modest 4.4% bump in U.S PC sales for the quarter.
  • Dell ranked #2 with a 26.8% market share and a gain of 15.9% for the period.
  • Lenovo came in #3 with a 14.9% share and 11.2% increase in share.

The tech prognosticators attributed the surge in sales to firms swapping their hardware to Windows ahead of MSFT”s Windows 7 end of support, giving new PC sales a one-time shot in the arm. Ryan Reith, program vice president with IDC’s Worldwide Mobile Device Trackers, said in a statement.

The market will still have its challenges ahead, but this year was a clear sign that PC demand is still there despite the continued insurgence of emerging form factors and the demand for mobile computing.

Ranjit Atwal, a research senior director at Gartner, in a statement to PCWorld, cast doubt on future growth. He says,

The PC market’s future is unpredictable because there will not be a Windows 11. Instead, Windows 10 will be upgraded systematically through regular updates …As a result, peaks in PC hardware upgrade cycles driven by an entire Windows OS upgrade will end.

rb-

Don’t do your happy dance just yet.

Gartner and IDC both predict global sales to steadily decline again over 2020 as MSFT’s drives to a subscription-based model. Other threats to the PC market include:

China – The Chinese government has ordered all PC hardware and operating systems imported from foreign countries to be replaced in the next three years.

HP- Xerox – I have covered Xerox’s maneuvers to take over HP. The possible disruption to HP by a Xerox hostile takeover could rattle the entire sector. Especially if Acer or Asus cannot scale up fast enough.

History – Data from Statista says that annual PC sales have dropped nearly 1/3 from their peak in 2011.

Year# of PC's Change YoY
2011364.0-
2012349.3-14.7
2013315.1-34.2
2014308.3-6.8
2015275.8-32.5
2016260.2-15.6
2017259.6-0.6
2018258.5-1.1
2019261.02.5
2020 *254.3-6.7
Data from Statista YoY = Year over Year in millions of units

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| January 11, 2020
Comments Off on Veeam Backup Bought

Veeam Backup Bought

IVeeam Backup Boughtn a move to improve its U.S. market share, Veeam Software has agreed to be bought by private equity firm Insight Partners. The deal valued a $5 billion, is Insight’s second major acquisition of 2020. Veeam is cloud-focused data protection, backup, and disaster recovery software company.

Backup, and disaster recovery company.

Veeam logoVeeam was founded in 2006 and owned by Russians Andrei Baronov and Ratmir Timashev. The firm has grown to 365,000 customers worldwide and annual sales of more than $1 billion by capitalizing on the VMware-led server virtualization boom. As part of the take-over, the founders will leave the firm and Veeam will become a U.S. company based in New York. The company had been based in Baar, Switzerland.

Veeam’s products include backup solutions, cloud security offerings, and cloud data management. Veeam’s cloud data management portfolio consists of Veeam Backup for Amazon Web Services (AWS), Veeam Backup for Microsoft Office 365, Veeam Universal License (VUL), and Veeam Backup for Microsoft Azure.

Private equity plans

Veeam's products include backup solutionsThe private equity company has a three-stage program to help the companies in which it invests grow, including the Startup stage of focused on companies looking for early growth in their markets, the ScaleUp stage for companies with strong businesses, and the Corporate stage for companies ready for IPOs or other exits, Mike Triplett, a managing director of Insight Partners and new Veeam board member told CRN.

ZDNet says Veeam is in the second “ScaleUp” stage as customers are now also utilizing hybrid cloud setups with AWS, Azure, IBM, and Google, the firm’s “Act II” is to capitalize on a growing need for cloud data management across these environments. Mr. Triplett claims Insight Partners can bring the right resources to bear to move Veeam from the “ScaleUp” stage to the “Corporate” stage.

Other Insight Partners investments

Insight Partners has invested heavily in cybersecurity and MSP-friendly technology markets.Insight Partners also owns other data protection companies — including Unitrends and Spanning. In addition to data protection, the VC has invested heavily in cybersecurity and MSP-friendly technology markets. Other key Insight Partners investments include:

rb-

private equity firms and hedge funds have a bad reputationExpect to see lots of PE activity this year (decade?). Channele2e reports that private equity investors are sitting on a record $1.5 trillion in cash. This kind of war chest is no wonder private equity firms and hedge funds have a bad reputation. VC firms have a history of acquiring businesses, loading them up with debt, and cutting staff to boost profits. The most recent examples being Sears and Toys R Us. Channele2e points out that U.S. presidential candidate Elizabeth Warren is calling for new private equity restraints to combat “legalized looting.”

I have seen that Veeam has a Russian problem. Back in the day when I shared technical services, I tried to replace an HP LTO2 tape library (PDF) with a Veeam solution and the powers-that-were did not want Veeam  – we spent a lot more money to maintain the old HP LTO2 technology.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , , , , , , , , ,
| December 11, 2019
Comments Off on Your Smart TV is Spying On You

Your Smart TV is Spying On You

Your Smart TV is Spying On YouMany people will find a smart TV under their tree this year. Smart TVs are like regular televisions but with an internet connection. The global smart TVs market is expected to reach 249.9M units by 2024. And all those smart TVs may be spying on you. A while ago I wrote about Vizio (VZIO) getting caught invading your privacy by collecting and selling your personal data. Despite the fact that Vizo had to pay a $2.2M fine, smart TV manufacturers continue to spy on their customers.

Data leakZDNet reports that that smart TVs send user data to tech titans including Facebook (FB), Google (GOOG), and Netflix. These devices are spying on you even when they are idle. U.S. and UK researchers say smart television sets produced by popular vendors including Samsung (005930), Apple (AAPL), and LG (LGLD), alongside content and app streaming devices such as Amazon (AMZN) FireTV, and Roku, are sending out information potentially without the knowledge or consent of users.

Smart TV's sharing users' personal data

Financial Times

Your Smart TV is Spying On You

In a paper titled, “Information Exposure From Consumer IoT Devices” (PDF), the team said that 34,586 controlled experiments found that 88% of devices send information to firms other than the device manufacturer; 56% of U.S. devices and 83.8% of UK devices send your info overseas. They also report every device they studied exposed some kind of information in plain-text.

eavesdroppingThe researchers from Northeastern University and Imperial College London found that 37% could “reliably inferred” user and device behavior from eavesdropping on the user’s interactions with television sets and other household IoT products.

The study found that almost half of the tested devices contacted Amazon. That includes devices not manufactured by Amazon. David Choffnes, one of the authors of the paper warns that Amazon has a lot of information about what you are doing in your home.

According to the paper location data and IP addresses were commonly sent by our IoT devices to third parties in the cloud including Netflix, Spotify, Microsoft (MSFT), Akamai (AKAM), and Google.

Netflix logoWhen it came to smart TVs, however, almost all of the devices included in the study would contact Netflix — whether or not a TV was configured with an account for the content streaming service. “This, at the very least, exposes information to Netflix about the model of [a] TV at a given location,” the paper reads.

Some of the tech titans collecting your data responded to the researchers.

  • Facebook said that it was “common” for services with Facebook integrated into them to send data to third-party services.
  • Netflix said that data transfers were “confined to how Netflix performs and appears on screen,” and
  • Google said user preferences and consent levels dictate how publishers “may share data with Google’s that’s similar to data used for ads in apps or on the web.”

Internet-connected smart TVs combined with streaming services like Netflix and Hulu seem to be a cord-cutter’s dream. But like anything else that connects to the internet, it opens up smart TVs to security vulnerabilities and hackers. But as is the case with most other internet-connected devices, manufacturers often don’t put security as a priority. Not only that, many smart TVs come with a camera and a microphone that attackers can access.

FBI warning

FBI issued a warning about smart TVsBecause manufacturers don’t put security as a priority, the FBI issued a warning about the risks that smart TVs pose. The FBI warned that hackers can take control of your unsecured smart TV and in worst cases, take control of the camera and microphone to watch and listen in.

… TV manufacturers and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home … your unsecured TV can give him or her an easy way in the backdoor through your router.

TechCrunch notes that some of the biggest attacks targeting smart TVs were developed by the CIA, but were stolen. The files were later published online by WikiLeaks.

rb-

If you are interested in inspecting the IoT network traffic in your smart home, Princeton University has developed and released an open source tool called IoT Inspector. The software uses ARP spoofing to analyze what IoT devices are connected to the Internet, how much data is exchanged, and how often information is traded.

Related Posts

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,
| June 9, 2019
Comments Off on Password Reset Practices “Obsolete”

Password Reset Practices “Obsolete”

Password Reset Practices "Obsolete" Followers of the Bach Seat know that passwords suck. And now Microsoft (MSFT) has joined me in that revelation. The boys in Redmond recently recommended that organizations no longer force employees to change their password every 60 days.

Microsoft logoIn a TechNet blog penned by Aaron Margosis, a principal consultant for Microsoft, the company called the practice – once a cornerstone of enterprise identity management – “ancient and obsolete” as it told IT, administrators, that other approaches are much more effective in keeping users safe.

Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value

Windows-10-logoIn the latest security configuration baseline for Windows 10, which allows administrators to use Microsoft-recommended GPO baselines for improving the overall security posture of a system and reduce a Windows 10 machine’s attack surface, “May 2019 Update” (1903) – (available as a ZIP file for download here) Microsoft dropped the idea that passwords should be frequently changed. Previous baselines had advised enterprises to mandate a password change every 60 days. (And that was down from an earlier 90 days.)

Mr. Margosis acknowledged that policies to automatically expire passwords – and other group policies that set security standards – are often misguided. He wrote,

The small set of ancient password policies enforceable through Windows’ security templates is not and cannot be a complete security strategy for user credential management … Better practices, however, cannot be expressed by a set value in a group policy and coded into a template.

Multi-factor authenticationAmong those other, better practices, Mr. Margosis mentioned multi-factor authentication – also known as two-factor authentication – and banning weak, vulnerable, easily guessed, or frequently revealed passwords.

ComputerWorld points out that Microsoft is not the first to doubt the convention. The National Institute of Standards and Technology (NIST) made similar arguments as it downgraded regular password replacement. “Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically),” NIST said in a FAQ that accompanied the June 2017 version of SP 800-63, “Digital Identity Guidelines,” using the term “memorized secrets” in place of “passwords.”

Then, the institute had explained why mandated password changes were a bad idea this way:

Users tend to choose weaker memorized secrets when they know that they will have to change them in the near future. When those changes do occur, they often select a secret that is similar to their old memorized secret by applying a set of common transformations such as increasing a number in the password.

NIST logoBoth the NIST and Microsoft urged organizations to require password resets when there is evidence that the passwords had been stolen or otherwise compromised. And if they haven’t been touched? “If a password is never stolen, there’s no need to expire it,” Microsoft’s Margosis said.

John Pescatore, the director of emerging security trends at the SANS Institute told ComputerWorld;

I agree 100% with Microsoft’s logic for enterprises, which are who uses [group policies] anyway … Forcing every employee to change passwords at some arbitrary period almost invariably causes more vulnerabilities to appear in the password reset process (because there are now frequent spikes of users forgetting their passwords) which increases risk more than the forced password reset ever decreases it.

hobgoblins of little mindsLike Microsoft and NIST, SAN’s Pescatore thought periodic password resets are the hobgoblins of little minds, “Having [this] as part of the baseline makes it easier for security teams to claim compliance because auditors are happy,” Pescatore told ComputerWorld. “Focusing on password reset compliance was a huge part of all the money wasted on Sarbanes-Oxley audits 15 years ago. A great example of how compliance does not equal security.”

ComputerWorld notes other changes in the Windows 10 1903 draft baseline, Microsoft also dropped policies for the BitLocker drive encryption method and its cipher strength. The prior recommendation was to use the strongest available BitLocker encryption, but that, Microsoft said, was overkill: (“Our crypto experts tell us that there is no known danger of [128-bit encryption] being broken in the foreseeable future,” MSFT’s Margosis told ComputerWorld.) And it could easily degrade device performance.

Microsoft is also looking for feedback on a proposed change that would drop the forced disabling of Windows’ built-in Guest and Administrator accounts. Microsoft’s Margosis hedged a bit;

Removing these settings from the baseline would not mean that we recommend that these accounts be enabled, nor would removing these settings mean that the accounts will be enabled,”Removing the settings from the baselines would simply mean that administrators could now choose to enable these accounts as needed.

rb-

We have covered this before, forcing users to change passwords over short time-frames inevitably leads to users choosing the simplest, most memorable, and most crackable passwords possible. Things have changed over the years, including technology that now enables threat actors to crack simplistic passwords easily.

MSFT is now actively pushing MFA in the enterprise so it is not surprising they are going away from this general password policy.

MSFT changing its security baselines won’t change requirements made by regulatory authorities (PCI-DSS, HIPAA, SOX, NERC) and auditors. It takes years and years for them to change.

The change does not affect home users – but maybe it will make them think?

Slowly the world of passwords is starting to come under control.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »