Видео

Critical? In what sense? Most aren't even known anymore and one is from a different field. The Linux+ was always useless, even when new. The N+ was always pretty decent.

Great example. There was SO much of that back in the 1990s.

@@loafgaming4624 in my cade was about 2011 hahahah

People doing PhDs, I think, are typically just "work averse" and avoiding doing anything. It's a common place to hide. If they were passionate, why would they be in university at all for most things. They'd be out doing it. If you were passionate about something, you'd be wanting to learn about it or do it on your own, as quickly as you can. Not saying "let me deal with university politics and avoid actually doing what I claim to be interested in" for many years. PhDs are often people who think they are following the money, but don't understand how universities or the world works and are setting themselves up for bigger challenges. Following the money isn't always bad, but there is a reason that people making big money are typically really passionate and those that chased big money are burned out and frustrated.

It's SO true. They see it as a necessary evil or just a job, but there are enough people who want to do IT and want to learn the nuances and want to excel that there doesn't need to be other people. But all those extra people get in the way and make it all but impossible to weed through to find the good people. Everyone loses.

OMG, thanks!!

SaaS has zero effect here. And where backups are kept has no bearing. What if there was a fire? How does all that on site media survive? And how do you restore, a state away, with melted tapes? SaaS would actually have protected these businesses. It was the lack of it that left them scrambling.

@@scottalanmiller Ransomware is the hot topic because of CDK, which I'm helping with catch-up now. Many dealerships have parts and service computers which are XP. I know for a fact that XP computers are the entry point for ransomware. CDK is SaaS. You can easily prevent fire damage to hard copy backups using the same construction materials and automatic fire extinguishing systems which were originally designed for offshore oil rig living quarters. I wasn't going to argue with you, but you're wrong to say people shouldn't worry about ransomware. The Black Suit guys are using the exact same code as Wanna Cry, which is the same code that you can download for a fee from a couple of different places. All you need to do is find a network which has an XP computer connected to it. I have experience with this. Everybody has an XP computer somewhere on the network. I'm not going to mention any names, but my favorite fried chicken comes from a large conglomerate that uses XP computers to run the cash registers. I warned them years ago, I'm counting the days until I can say I told you so.

In the own words of Scott, this is an emotional reaction, problem is not SaaS, problem is crapy vendor, is like saying hardware is terrible (in general) because you bought a crapy server

No remotely competent show has XP on their network. I understand lots of ridiculous crappy shops, like those that would deploy CDK, do because once you don't care about security, you don't care. But XP isn't needed, everything about the situation invites ransomware. Yeah, IF someone has XP, that's going to be the easiest way in. But as someone who runs many companies, with zero Windows at all, let alone something as ridiculously old as Windows 10, it's crazy to suggest that XP is everywhere. I work with thousands of clients and the number that still have XP might be less than ten. And, let's be super clear, XP is only a risk to other machines if it is AUTHENTICATED to those machines. An XP machine, on the network on its own, isn't risky to any kind of reasonably good network. CDK was at no risk to XP machines, unless CDK itself left themselves exposed. How is XP on your network a risk, unless other machines trust the XP machine? In which case, that trust is the vulnerability, not the XP.

Linux can have viruses, for sure. But AV products aren't the solution to protecting it. Some tests show other products ahead of Defender, others show Defender in the lead. It's in the "tests aren't really conclusive" zone. It's more that there is a group that are all at a level that there isn't any reasonable way to test because contrived tests don't show real world results. Gartner is such a mess. Vendors pay to be on there. It's literally a sales tool and nothing else.

I recently had a customer swear up and down that MS Office could not possibly be replaced in their environment. They went on and on with reasons why nothing else could do the job. They called an hour later to apologize that they had "forgotten" that they had actually replaced it already, six months before, with the solution we had proposed, and that the change over was so transparent that no one realized that they had left MS Office and everyone still called what they had Office and it was a totally smooth transition and the entire mindset that it couldn't have been replaced was as opposite of reality as possible. LOL

I think is because small companies start with Windows by default because that is what people is used to, then, when the company grows is never analyzed and also you have a ton of technichal debt

Yes, exactly. OR they think "everyone does this, we don't have to evaluate it" and don't realize that loads of very successful businesses actually do analyze that and choose differently.

Buffer overflows are a risk in general. If you ruin something at the level necessary for an AV type product you are always going to have big risks. Linux and Mac and other UNIX systems all carry that risk. None other needs an AV product layered on which provides a LOT of protection, of course. But Windows itself isn't specifically vulnerable in this case. Just more likely to have a vulnerability there exploited.

I took a K12 to 100% Linux in 2004. Lots and lots of schools don't use Windows already. But a school isn't mission critical. But one has to ask... what's the reason for teaching students on Windows at all? What does it bring to the table? Why are educators okay with it in the first place? I've argued for decades that schools especially have a moral obligation to teach tools accessible to all students and all people when possible and a stronger ethical obligation to never be used as a sales and marketing channel for businesses. Running Windows when it puts students at risk doesn't just break IT rules, but seriously violated pedagogical ethics. The only hurdles you typically face are "anti-education" movements from higher management who don't take the educational and ethical aspects of their jobs seriously and/or educators who just don't want to be bothered to learn something new - demonstrating a lack of faith in their own profession. Sadly, "learning better" is rarely something schools take seriously. Unlike businesses when you can demonstrate a financial value to their teams learning better, educators rarely see education as being of value in the same way. Counter intuitive, but that's where we get the most pushback. Teachers who don't see what they teach as having value and valuing "just doing what they always have done" over growth. But yes, I definitely push for that. Protecting student data, reducing IT admin load, reducing cost, lowering hardware acquisition costs, providing tools that are equally available (for free) to all students, and open source (what says 'learning' more than that) ..... it's easy to make a case.

Higher ed is more difficult because they often have political priorities and are ecstatic to get paid to use what vendors want them to use. So you often have those decisions bought and paid for as a business and "what's good for students" or what is right to use, isn't considered. In that case, providing clear value in reduced costs or avoiding things like ransomware, viruses or... patching problems like this, might be driving factors.

Ah yes, the answer of those that don't take IT seriously and have to buy "what the salesman" said. Very nice.

Funny how I've been in business after business (including those with CAD) without needing Windows. And definitely not Windows in key roles. IF you actually found a key software that had no other version, you can run Windows in isolated roles. But.... people deploying Windows rarely consider how to do their jobs and are just deploying what Best Buy suggested. Calling that "IT" is a joke and it's insulting to pretend to be in the same career field. Do your job, protec tthe business. Don't excuse your laziness by claiming nothing else exists as if there aren't companies all over the world without the risks you claim to be unavoidable.

You do realize that AutoCAD is the top CAD program around (not recommending it, just saying) and it isn't limited to Windows. In your defensiveness, you are jumping from trying to defend Windows by selecting a single case for a single alternative. Which highlights your lack of faith in your own proposal. Just because Windows specifically creates risks, doesn't mean Linux (which isn't even an operating system, just a family of them) is the sole alternative. While I do love Linux from some kind of spiritual place, I'm writing this from my Mac. Which can run AutoCAD. I can produce a Linux machine running other CAD programs. But the point is that CAD doesn't make a case for Windows. Even pricey commercial closed source industry leading CAD packages have options.

Okay wow, that's some crazy stuff right there! How is that even possible?

Third party is just the same, just someone managing it for you. A VPN opens a tunnel from one location to another. There are ways to lock down a vpn and minimize risk, but under normal, assumed use cases where people refer to "using a VPN" it is used to bypass firewall controls and provide "LAN like" access between two points. This implies two problems, even when done well: 1. That two sites that would be more secure not being exposed to each other are now exposed. 2. That the security design (probably because of application design) uses LAN based security instead of real security and the workloads that make the VPN useful are themselves problems that the VPN is exposing. Basically the nature of a VPN being useful means that the VPN is risky. In a situation where a VPN isn't useful, you could add one if done correctly, without ill effect. So while a VPN in a contrived scenario can be secure, in practice they really aren't.

Delta Air lines is seeking millions in damage$. This is a dirty diaper mess😮

That's a good theory, but paying a ransom does nothing to stop stolen data from leaking. That's also not a ransom event, that's a blackmail event. CDK was clear that they were being ransomed (e.g. no backups.) Also, if you have backups, even if you were going to separately pay foolishly to stop being blackmailed, you'd still restore customers while discussing the blackmail situation. That they stated that it was a "no backup" problem and they didn't have the ability to restore from backups, tells us a lot. PPI doesn't come "back", because it's just copies.

It's crazy. What's your current status? Are you back up?

Private Equity isn't NECESSARILY bad in that case. It often is, but you definitely don't want publicly traded companies doing cloud either. You want companies that are focused on profits, which means servicing clients, rather than companies that are focused on manipulated Wall St. perception values for blind share holders that don't check in on the company. As someone who has worked in the private cloud space for over 25 years, being private has definitely allowed us to care about customers and making good products in ways that public companies struggle to be able (or allowed) to do. Sadly I don't work in this sector, so while I think we make amazing products, we don't have anything to offer in this space. That's a missed opportunity for sure! hahaha. I work primarily in finance, government security, medical care (both human and animal), entertainment and social media. So it's good for having insight, in that sense. So many private equity companies are garbage. But not all. Some, the ones you never hear about, hide behind the scenes working hard to make good products with deep business ownership involvement in ensuring that quality, customer care, employee care are top jobs, even over profits. Private equity has the right to override profits as the driving factor where publicly traded does not.

Shouldn't be, it was made complicated for no known reason.

Even a fraction of that effort would have protected them here. Those extra steps are great, but it seems like the failure was at the most basic levels. To the point that we have to ask... what DID they do? Was this all running on a laptop somewhere that people forgot about? Like... seriously, lol.