Hacking News
-
@LaoC said in Hacking News:
Proscribing such TOS would definitely raise insurance premiums for the vendors. Can you imagine the weeping and gnashing of teeth at such regulatory overreach, limitation on freedom of contract and general bloody murder of international competitiveness?
I'm not arguing for much regulation. Just restricting the disclaimers of warranty and liability, either completely for service providers, or subject to requirement of due diligence (which Microsoft didn't do if they knew of the problem and didn't fix it).
And the other part is terms of government's own bids, the government has the right to set those, and saying that open liability disputes disqualify that company makes sense and … is actually included in many bids.
-
@BernieTheBernie
SAP can power your kitchen sink, toaster and teledilonics device, you just need deep enough pockets
-
@Bulb said in Hacking News:
@LaoC said in Hacking News:
Proscribing such TOS would definitely raise insurance premiums for the vendors. Can you imagine the weeping and gnashing of teeth at such regulatory overreach, limitation on freedom of contract and general bloody murder of international competitiveness?
I'm not arguing for much regulation. Just restricting the disclaimers of warranty and liability, either completely for service providers, or subject to requirement of due diligence (which Microsoft didn't do if they knew of the problem and didn't fix it).
Sure, I'm the last one to argue against that, I'm just saying it would be framed as too much regulation and that's a major reason why it's not happening.
And the other part is terms of government's own bids, the government has the right to set those, and saying that open liability disputes disqualify that company makes sense and … is actually included in many bids.
Sounds good at first sight, just imagine not being able to hire an MS consultant to fix the AD/Exchange sprawl in some ministry though. They could just lean back and wait.
-
@LaoC said in Hacking News:
@Bulb said in Hacking News:
@LaoC said in Hacking News:
Proscribing such TOS would definitely raise insurance premiums for the vendors. Can you imagine the weeping and gnashing of teeth at such regulatory overreach, limitation on freedom of contract and general bloody murder of international competitiveness?
I'm not arguing for much regulation. Just restricting the disclaimers of warranty and liability, either completely for service providers, or subject to requirement of due diligence (which Microsoft didn't do if they knew of the problem and didn't fix it).
Sure, I'm the last one to argue against that, I'm just saying it would be framed as too much regulation and that's a major reason why it's not happening.
It seems it actually is going to happen in Europe, and happen in the worse way that does create a lot of red tape that will still mostly miss the point like each time politicians define the rules instead of just mandating due diligence and letting the industry experts come up with the specific guideline for it themselves.
And the other part is terms of government's own bids, the government has the right to set those, and saying that open liability disputes disqualify that company makes sense and … is actually included in many bids.
Sounds good at first sight, just imagine not being able to hire an MS consultant to fix the AD/Exchange sprawl in some ministry though. They could just lean back and wait.
The MS consultant would be hired under existing support contract, and those wouldn't be affected, just bids for new solutions would.
-
@Bulb said in Hacking News:
just bids for new solutions would.
this isn't going to work. Ongoing bids? 'short' bids for continuation (eg extending service duration, ...)? Or only the really new bids?
and the exclusion is based on what? the manufacturer (Microsoft, Oracle, ...)? But what if the issue is caused by a solution provider?
the company that is offering? so now we just raise the price and put a straw man in between.
who makes a solution anyway?
We sell SAP, bolt on some parts we have laying around, host it through our mother ship on a combo of Linux & Windows machines, hire some additional dudes to make some more bolt on parts that hire some Indians to make those bolts and then send it off to the customer with some hired help to get them started. But sometimes our mother sells a package deal that includes our SAP solution. We switch sub-contractors when we see fit. Any company in this chain can be on the list and not all of them are know or visible to the end customer. Hell, we sometimes even hire in assistance from direct competition that lost the bid.
spanking new bids are often worth it to exploit some loophole if it means you are gaining a long term customer . You just make a profit on additional stuff or on those long term service fees. Everybody's selling printers.
-
@Luhmann That's details that can be sorted out. The actual problem is that the civil servants may abuse it by filing bogus claim against the company to prevent it from biding on some important upcoming contract—the company will eventually fight off the bogus claim at a court, but the contract will be awarded to the competitor the clerk wanted in the meantime.
Things are tricky when you can't trust nobody including your own staff.
-
@Bulb said in Hacking News:
The actual problem is that the civil servants may abuse it by filing bogus claim against the company to prevent it from biding on some important upcoming contract—the company will eventually fight off the bogus claim at a court, but the contract will be awarded to the competitor the clerk wanted in the meantime.
Not only civil servants ... customer with a grudge.
This is already a thing in regards to GDPR where customers may fill a breach when they feel like. eg if you have a minor security issue involving limited customer, you need only one customer filling to get the ball rolling. Even worse ... if others (specifically DPOs) think there might be one filling an official breach they will also press to report a breach because they don't want to end up in official reports as 'impacted but not directly reported'.
-
@Luhmann The way it is, or at some time was, with building contracts here only included open warranty issues from other government contracts, not from anybody, so I was assuming the same here—not if anybody reported problem with that contractor, but if the state had problems with that contractor previously.
-
@Bulb
that might work for contracts with an ending but not so well with long term service contracts like modern IT has
-
@Luhmann said in Hacking News:
@Bulb said in Hacking News:
a do-not-trust list for 10 years
there would be no companies left on the trusted list within a year.
If you were to compile a list of trusted companies right now, would there be any at all?
-
@Luhmann said in Hacking News:
@BernieTheBernie
SAP can power your kitchen sink, toaster and teledilonics device, you just need deep enough pocketsCommas are important.
A toaster and teledilonics device sounds really dangerous...
-
@dcon said in Hacking News:
A toaster and teledilonics device sounds
really dangerous...like something @Tsaukpaetra would be very interested in.Filed under:
-
@dcon
it gives that toast popping out sound a new meaning
-
@HardwareGeek said in Hacking News:
@Luhmann said in Hacking News:
@Bulb said in Hacking News:
a do-not-trust list for 10 years
there would be no companies left on the trusted list within a year.
If you were to compile a list of trusted companies right now, would there be any at all?
Meta. I trust them to try to fuck me at every turn.
-
@DogsB said in Hacking News:
@HardwareGeek said in Hacking News:
@Luhmann said in Hacking News:
@Bulb said in Hacking News:
a do-not-trust list for 10 years
there would be no companies left on the trusted list within a year.
If you were to compile a list of trusted companies right now, would there be any at all?
Meta. I trust them to try to fuck me at every turn.
Excited
noises
-
Oh look: anti-virus software illegal in the US. When it is made in
, that is.
Because they could detect NSA malware.
USA bans Kaspersky software
Business with the Russian IT security company Kaspersky will become illegal in the USA, as will the use of existing software. The ban should take effect quickly
-
Synnovis, a pathology service working for the British NHS, got hacked, and the hackers are already leaking shittons of personal information.
London hospitals hackers publish stolen blood test data
Experts say the hack is one of the most "significant and harmful" cyber attacks ever in the UK.
-
@BernieTheBernie said in Hacking News:
Synnovis, a pathology service working for the British NHS, got hacked, and the hackers are already leaking shittons of personal information.
London hospitals hackers publish stolen blood test data
Experts say the hack is one of the most "significant and harmful" cyber attacks ever in the UK.
pathology
Indeed.
-
@HardwareGeek said in Hacking News:
@dcon said in Hacking News:
A toaster and teledilonics device sounds
really dangerous...like something @Tsaukpaetra would be very interested in.Filed under:
A heater for more lifelike feeling is often an expensive but useful add-on to any toy
-
@Tsaukpaetra Adds electrocution and burn risk, increases rate of decay, requires significant additional wattage...
-
-
Why do you need a hacker when the organization itself just mails out its Excel list of members?
List of members: Asthma association sends Excel file to members' mailing list
The German Allergy and Asthma Association has sent a list of all members to the members' mailing list. This contained information such as addresses.
-
Did anyone ever get a PoC on that super critical WiFi bug in all Windows versions being creamed about everywhere a week or so ago?
-
Remove Polyfill.io code from your website immediately
Scripts turn malicious, infect webpages after mysterious CDN swallows domain
Today, people learn about the perls of not serving from your own domain.
-
@DogsB said in Hacking News:
Today, people learn about the perls of not serving from your own domain.
Fortunately, PERL is just one of many things I don’t serve
-
@DogsB said in Hacking News:
Today, people learn about the perls of not serving from your own domain.
There is some benefit to getting widely used resources from their upstream CDN rather than copying them to your site, namely that the browser probably already has them cached from some other site. But if you do that, you should be using subresource integrity—i.e. add an
integrityheader with checksum of what you expect to get.
