Rebuke follows recent breach that exposed email accounts of US federal officials.
See full article...
See full article...
Yeah... as much as I would like it, most software firms would pretty much shut down if they had to be liable for bugs.Wyden's not one of the usual nutcases, but I wonder what this means in practice:
'He urged Garland to examine whether Microsoft’s “negligent practices violated federal law.” And he called on Khan to investigate Microsoft’s privacy and data security practices to determine if they violated laws enforced by the FTC.'
Software license agreements are chock full of disclaimers that make it impossible to hold manufacturers responsible for any incidental or consequential damages related to bugs/flaws, much less any configuration errors by the customer.
On the one hand, attaching liability to flaws in software could force developers to seriously clean up their practices. OTOH, given the generally immature state of software engineering, how many ISVs could survive having liability for customers' damages caused by bugs?
I'm not sure what the answer is either. You can't trust private parties to do audits (SOC2 for example) because the auditor has a vested interest in helping their customers so they can have repeat business. Government could do 'FDA style inspections' and make sure companies are actually "trying" to do cybersecurity right, but Government is typically horribly inefficient and would probably not hire the right folks to do these kinds of inspections.Wyden's not one of the usual nutcases, but I wonder what this means in practice:
'He urged Garland to examine whether Microsoft’s “negligent practices violated federal law.” And he called on Khan to investigate Microsoft’s privacy and data security practices to determine if they violated laws enforced by the FTC.'
Software license agreements are chock full of disclaimers that make it impossible to hold manufacturers responsible for any incidental or consequential damages related to bugs/flaws, much less any configuration errors by the customer.
On the one hand, attaching liability to flaws in software could force developers to seriously clean up their practices. OTOH, given the generally immature state of software engineering, how many ISVs could survive having liability for customers' damages caused by bugs?
On the other hand, nothing would ever get released since there's basically a infinite amount of bugs when you're writing complex long ass code.Security is only ever as good as the seriousness of the consequences for its failure.
Ron Wyden is literally the only member of Congress worth listening to on tech issues. He's the only one who's shown even passing understanding of Section 230 or Net Neutrality, and has been consistently the voice of reason when it comes to technology in the US.
I'm pretty sure that if Oracle manifests as a corporeal being, breaks in to your house, drinks all your beer, and kills your dog; the license agreement entitles them to bill you for the on-site hours plus travel time.On the other hand, nothing would ever get released since there's basically a infinite amount of bugs when you're writing complex long ass code.
Shit like this will always happen.
Not to mention additional charges for having non-standard beer and a dog (but no cat) on the premises in the first place.I'm pretty sure that if Oracle manifests as a corporeal being, breaks in to your house, drinks all your beer, and kills your dog; the license agreement entitles them to bill you for the on-site hours plus travel time.
Anyone know if the stolen emails from the state department and commerce department where stolen from the regular Azure cloud or the US government Azure cloud? If it's the latter, I could see there possibly being laws that supersede any language in the license agreements.Wyden's not one of the usual nutcases, but I wonder what this means in practice:
'He urged Garland to examine whether Microsoft’s “negligent practices violated federal law.” And he called on Khan to investigate Microsoft’s privacy and data security practices to determine if they violated laws enforced by the FTC.'
Software license agreements are chock full of disclaimers that make it impossible to hold manufacturers responsible for any incidental or consequential damages related to bugs/flaws, much less any configuration errors by the customer.
On the one hand, attaching liability to flaws in software could force developers to seriously clean up their practices. OTOH, given the generally immature state of software engineering, how many ISVs could survive having liability for customers' damages caused by bugs?
This is why you're still using TempleOS right.As far back as the 90s, Windows was prohibited in security-sensitive installations. The basic operating system was badly designed, user features philosophically short-sighted ("hey, let's let's let users load destructive macros via EMAIL!").
I get it. MIcrosoft has a polished sales force. They provide packaged solutions to companies which believe technology isn't their core business. They have an aura that somehow doesn't reek of an organized crime syndicate (unbelievable, after their racketeering activities in the 90s). It's a nice check box that incompetent, non-technical managers can check off and feel they've done due diligence.
But the reality? They end up with shit, often with applications written by lowest-bidder foreign companies and maintained by shitty IT houses with tech slaves imported from (or located in) India. And IT to support this mess has become a racket unto itself, with faux (and expensive!) credentialism, training on Microsoft's ecosystem, and countless thousands whose livelihood depends on supporting, well.. shit. Built-in job security.
When are we going to realize that Windows is a national security risk, whether on the desktop or on the back end?
Laws always supersede license agreements. Always. The agreements either comply with the law and are enforceable or they do not and are not. That's how laws work.Anyone know if the stolen emails from the state department and commerce department where stolen from the regular Azure cloud or the US government Azure cloud? If it's the latter, I could see there possibly being laws that supersede any language in the license agreements.
Well, you obviously do.Stop reading right here........Ron Wyden (D-Ore.)
Who gives a rats butt about ANYTHING that nut job says.
Interesting side note: Wyden is 74 years old. I love how he shatters the stereotype that boomers can't understand tech.
That’s depressing. We’re going to need a proper successor and it’s just a fucking blasted landscape of partisan idiocy.Interesting side note: Wyden is 74 years old. I love how he shatters the stereotype that boomers can't understand tech.
I think Wyden is right to call out Microsoft here. It sounds like a really bad lapse of basic security policy. It's not just another breach from some random company, Azure AD is supposed to be the gold standard for security for all companies that use Microsoft for securing their network which includes my current employer.
Microsoft has plenty of cash to pay the best security people in the world to make sure Azure AD is bulletproof. The breach indicates that they either don't employ such people or don't listen to their recommendations.
Laws could be passed limiting liability to some percentage of a company's gross income, possibly increasing with sequential failures, which would better protect the tiny struggling software firm. This might reduce the "let the customers debug it; ship it now!" directives from marketing and top executives without bankrupting the company.Yeah... as much as I would like it, most software firms would pretty much shut down if they had to be liable for bugs.
Getting a new dog? That's a license fee.I'm pretty sure that if Oracle manifests as a corporeal being, breaks in to your house, drinks all your beer, and kills your dog; the license agreement entitles them to bill you for the on-site hours plus travel time.
Software license agreements are chock full of disclaimers that make it impossible to hold manufacturers responsible for any incidental or consequential damages related to bugs/flaws, much less any configuration errors by the customer.
True, but...Yeah... as much as I would like it, most software firms would pretty much shut down if they had to be liable for bugs.
Did someone put chaff in grandpa's granola again? And if he doesn't give a f___ who they are, why did he ask?Rep. Derrick Van Orden (R-Wis.) is in hot water after he cursed out a group of teenage Senate pages in the Capitol rotunda early Thursday morning.
According to a transcript written by a page minutes after the incident and obtained by The Hill, Van Orden called the pages “jackasses” and “pieces of s‑‑‑,” and told them he didn’t “give a f‑‑‑ who you are.”
The pages are a group of 16- and 17-year-olds who assist Senate operations, and when the Senate works late — as it did Wednesday night on National Defense Authorization Act amendments — pages generally rest nearby in the rotunda.
“Wake the f‑‑‑ up you little s‑‑‑‑. … What the f‑‑‑ are you all doing? Get the f‑‑‑ out of here. You are defiling the space you [pieces of s‑‑‑],” Van Orden said, according to the account provided by the page.
“Who the f‑‑‑ are you?” Van Orden asked, to which one person said they were Senate pages. “I don’t give a f‑‑‑ who you are, get out.” ...
Agreed. What sounded like a decent ask just turns into a personal attack when you start saying "and what about this one time when". It's not relevant. Don't muddy the waters and make your point less focused.With fairly limited details available, no one outside of the bad actors and/or MS can pontificate as to what did or did not happen, yet alone how to keep it from happening in the future. Clearly this is what Senator Wyden is getting at but the chaining together the SolarWinds debacle and the current incident are a stretch at best.
Wikipedia said:According to Microsoft, hackers acquired superuser access to SAML token-signing certificates. This SAML certificate was then used to forge new tokens to allow hackers trusted and highly privileged access to networks.
Easy to forget that most of the foundational tech we talk about here,the Internet, web, personal computers, mobile phones, WiFi, etc. were invented by Boomers.Interesting side note: Wyden is 74 years old. I love how he shatters the stereotype that boomers can't understand tech.
Yes they do. You watch them all run for their fainting couches when they talk about TikTok and China, especially Warner, and he wants to make entire internet and every app less secure and less safe for literally ERRYBAHDY with bills like the EARN IT Act.We really need another Senator acting in the public’s best interest in the technology space.
Not sure senator's age is the issue as much as America likes voting in stupid people. Congress has no shortage of younger but dumb.Yes they do. You watch them all run for their fainting couches when they talk about TikTok and China, especially Warner, and he wants to make entire internet and every app less secure and less safe for literally ERRYBAHDY with bills like the EARN IT Act.
Their grandkids could probably advise them better than whoever is doing it now.
IANAL, but there are certainly limits to what you can shield yourself from in a contract. Demonstrating gross negligence and/or material misrepresentations in particular could be potential ways to pierce the liability shield here. The YouTube channel Legal Eagle covered some of this regarding the liability waiver Oceangate's passengers signed:Wyden's not one of the usual nutcases, but I wonder what this means in practice:
'He urged Garland to examine whether Microsoft’s “negligent practices violated federal law.” And he called on Khan to investigate Microsoft’s privacy and data security practices to determine if they violated laws enforced by the FTC.'
Software license agreements are chock full of disclaimers that make it impossible to hold manufacturers responsible for any incidental or consequential damages related to bugs/flaws, much less any configuration errors by the customer.
On the one hand, attaching liability to flaws in software could force developers to seriously clean up their practices. OTOH, given the generally immature state of software engineering, how many ISVs could survive having liability for customers' damages caused by bugs?