Funny. I have a brother. We have at times lived together, went to the same school, and after not living together, lived on the same street. A couple of times, one or more credit bureaus decided we were the same person and silently merged our credit files. Not a nightmare per se since we're both fiscally (mostly) responsible, but we generally find out how incompetent the bureaus are when we're trying to make some very large transaction (I was trying to buy a car, he was trying to buy a building for work) and suddenly get "why do you own 2 houses, a bunch of cars, and you're apparently a bigamist". And then we had to scramble to untangle the whole mess. Lawyers were involved. The bureaus do not care in the slightest.
It's not "if you're not doing anything wrong" you need to worry about, it's "what will they make wrong down the road to trip me up" you need to consider.
Up til 20 years ago there were a surprising number of ATMs still running OS/2; NCR and Diebold supported old machines for a long time. Especially small market/small regional banks wanted to get the absolute most out of their capex investment. Over the years, I've worked with a couple of those dead-enders on different GRC projects, mostly because I'd actually seen OS/2 before. AFAIK, those vendors stopped supporting OS/2 in the 2000s; I'd be very, very surprised if there were any left now.
I you're interested in how a very "not Unix" operating system is architected, I really recommend Deitels' "Design of OS/2". Very interesting.
They were, and Excel users are just as devoted if not more so. We had many people return their shiny new mac because Excel on MacOS is not exactly like Windows. And they were mad about it.
Lotus on a Sun? Why not.
How about 1-2-3 on SCO Unix. And Wordperfect. We had a salesrep (VAR) back in the day who made some scratch in the local legal market with the pitch "why give every secretary an expensive PC when you can buy one PC and a bunch of really cheap Wyse serial terminals". Our support folks came to really hate that guy (start at "you were using a typewriter 5 years ago...now you get to learn the Unix CLI" and it only got worse).
For every Solarwinds, there are hundreds of breaches that never get more that a cursory reporting (if that). And Solarwinds is still in business (and some would call "taken private at pennies on the dollar" as a feature not a bug, but I digress), as are vastly more consequential examples (Equifax, anyone?).
Yes...reputational damage is a thing, but in my experience (sitting in the decision making meetings, as a participant, many, many times in my career) it's a second-tier player at the end of the day. This is especially true of data breaches...I cannot count the number of times (in the last decade particularly) where the decision point was "What reputation damage? Everyone and their mother has had a data breach. No one cares.". I don't think they're wrong.
This, like many issues of security and risk, is the consequence of the vast majority of the customers not caring. How many users dropped Facebook in 2019, or LinkedIn in 2021 (or 2012)? How many swore off Ticketmaster? Marriott? Adobe? eBay? And that's just ungodly massive breaches. So why would the average business give a steaming crap?
In my dark little heart of hearts I sometimes think "what would it take for the average person to actually care", and then I realize what that looks like, and I don't sleep well for a couple of nights. Cheers!
For people to care of would have to be like healthcare. The Change Healthcare breach cost 2B+ and led to a huge loss in market share. Or like AMCA, which went bankrupt after the breach (Labcorp's billing company). If you're a health tech company you can no longer insure your way out of the problem over you reach a certain size.
The reality is that we need data breaches to be painful but maybe not company ending events unless it really is sensitive data. As patio11 likes to say the right level of fraud is not zero. There's a middle ground where we can increase company liability or reduce the damage caused by a beach.
Optum360, still in business. HCA Healthcare, still in business. Excellus Healthcare, still in business after paying something like 50 cents per breached user. AMCA went out of business because their biggest customers said "damage control dictates we cut ties with you so we don't look complacent" (that is, like I said, the customers have to care to make a difference). And did anyone stop going to LabCore (after their own data breach, not AMCAs) or got a different doctor because the healthcare group they're part of got breached? Not likely. I don't think healthcare is ahead of the game here.
But yes, until it becomes actually painful to companies and the people who run them, it won't get better. If a corp death penalty is off the table (I don't think it should be), I guess would be either/both proportionate fines (fines equaling a couple of hours of revenue don't cut it) or making some of the leadership personally accountable, a la SOX fines, asset forfeiture and criminal responsibility for responsible C-level execs. Hate on SOX all you want, it sure made finance executives care about what is going on in their organization.
CompuServ was used more for corporate software downloads in those days than a BBS. Companies generally don't want to rely on some random person with an extra phone line in the basement for product support; CompuServ was 'corporate BBS' and owned by H&R Block, so had biz cred. Driver downloads were pretty much the reason I had a CompuServ account, since we had a bunch of otherwise great local BBS for the other on-line things I cared about back then.
That said...files from Compuserv usually ended up on some BBS somewhere eventually, and FidoNet let you get them if they weren't on your local BBS. Maybe...if you could find them.
Oh sure...some companies had their own setup. I think one of the disk drive manufacturers had their own BBS (Western Digital?). But I think most companies looking into this kind of service saw the Compuserv infrastructure (in particular, all the ways to access it...dial, X.25, leased line, etc., with huge numbers of local PoPs) and said "I'll take that because building ourselves it would suck".
And...there was a time between this and "Internet for all the things", when for consumers, AOL was the place to get drivers and such. But that's an even farther digression from the BBS topic (other than to point out AOL started out with BBS software).
reply