Slashdot Mirror

The best part of this story is that the device the NSA wanted to give Hillary uses Windows CE.

I am not shitting you.

http://arstechnica.com/informa...

Despite $18 million in development contracts for each of the vendors selected to build the competing SME PED phones (or perhaps because of it), the resulting devices were far from user-friendly. The phones—General Dynamics' Sectéra Edge and L3 Communications' Guardian—were not technically "smart phones," but instead were handheld personal digital assistants with phone capability, derived from late 1990s and early 2000s technology that had been hardened for security purposes—specifically, Windows CE technology.

Whomever this company is needs to be named. TFA mentions that this is the same data Affinity Gaming reported, and now their suing the ITSEC corp Trustwave whom they hired to contain the breach since Trustwave failed and Affinity got hit again. This article says that it was a breach of the card processing system used for non-gambling (hotel, food, etc) purchases, so it appears this "third party" is a credit card processor that sits in between Affinity and AMEX.

I'm betting AMEX isn't the only card company hit in this, but there are so many data breaches unless you work in credit card ITSEC you probably don't keep good enough track of it all to tie it all together. It could be CK Systems, they are a CC processor that got hit in 2013.

The maps of the US over the years tend to show the city and state blocking lobbyist handiwork.
133 US cities now have their own broadband networks (Mar 24, 2011)
http://arstechnica.com/tech-po...
Municipal fiber needs more FDR localism, fewer state bans ( Jan 7, 2010)
http://arstechnica.com/tech-po...
and the efforts some states have to remove the bans
Colorado’s muni broadband ban overridden in 44 communities (Nov 6, 2015)
http://arstechnica.com/busines...

The maps of the US over the years tend to show the city and state blocking lobbyist handiwork.
133 US cities now have their own broadband networks (Mar 24, 2011)
http://arstechnica.com/tech-po...
Municipal fiber needs more FDR localism, fewer state bans ( Jan 7, 2010)
http://arstechnica.com/tech-po...
and the efforts some states have to remove the bans
Colorado’s muni broadband ban overridden in 44 communities (Nov 6, 2015)
http://arstechnica.com/busines...

The maps of the US over the years tend to show the city and state blocking lobbyist handiwork.
133 US cities now have their own broadband networks (Mar 24, 2011)
http://arstechnica.com/tech-po...
Municipal fiber needs more FDR localism, fewer state bans ( Jan 7, 2010)
http://arstechnica.com/tech-po...
and the efforts some states have to remove the bans
Colorado’s muni broadband ban overridden in 44 communities (Nov 6, 2015)
http://arstechnica.com/busines...

Why is that every time you hear these oppressive state laws being made, it is usually safe to assume that it is happening in a Red State? How is it that the Republicans, the champions of liberty and freedom that they are, allowing this to go on?

I live in Oregon. You can buy as many Teslas here as you can afford. And we have a few community broadband networks too. Sandynet is one example that offers 1Gbps service to local residents. And there is no law preventing more from being setup.

According to this Ars article:
http://arstechnica.com/tech-po...

You need to blame the ALEC. ie, the corporatist takeover group that's metastasized since Citizens United.

Red, Blue, all fair game for the corporatists.

Alabama: Municipal communications services must be self-sustaining, "thus impairing bundling and other common industry marketing practices." Municipalities cannot use "local taxes or other funds to pay for the start-up expenses that any capital-intensive project must pay until the project is constructed and revenues become sufficient to cover ongoing expenses and debt service."

Arkansas: Only municipalities that operate electric utilities may provide communications services, but they aren't allowed to provide "basic local exchange service," i.e. traditional phone service.

California: Public entities are generally allowed to provide communications services, but "Community Service Districts" may not if any private entity is willing to do so.

Colorado: Municipalities must hold a referendum before providing cable, telecommunications, or broadband service, unless the community is unserved.

Florida: Imposes special tax on municipal telecommunications service and a profitability requirement that makes it difficult to approve capital-intensive communications projects.

Louisiana: Municipalities must hold referendums before providing service and "impute to themselves various costs that a private provider might pay if it were providing comparable services."

Michigan: Municipalities must seek bids before providing telecom services and can move forward only if they receive fewer than three qualified bids.

Minnesota: 65 percent of voters must approve before municipalities can offer local exchange services or operate facilities that support communications services.

Missouri: Cities and towns can't sell telecom services or lease telecom facilities to private providers "except for services used for internal purposes; services for educational, emergency, and health care uses; and 'Internet-type' services."

Nebraska: Public broadband services are generally prohibited except when provided by power utilities. However, "public power utilities are permanently prohibited from providing such services on a retail basis, and they can sell or lease dark fiber on a wholesale basis only under severely limited conditions."

Nevada: Municipalities with at least 25,000 residents and counties with at least 50,000 residents may not provide telecommunications services.

North Carolina: "Numerous" requirements make it impractical to provide public communications services. "For example, public entities must comply with unspecified legal requirements, impute phantom costs into their rates, conduct a referendum before providing service, forego popular financing mechanisms, refrain from using typical industry pricing mechanisms, and make their commercially sensitive information available to their incumbent competitors."

Pennsylvania: Municipalities cannot sell broadband services if a "local telephone company" already provides broadband, even if the local telephone company charges outrageously high prices or offers poor quality service.

South Carolina: The state "requires governmental providers to comply

Some was probably pimping their shitty blog for ad impressions. Here is a link from Ars Technica.

An article in ARS Techica calls security in IoT hilariously broken and getting worse.

http://arstechnica.com/securit...

Being that people have been claiming nobody is paying attention to IoT security, it reminds me of Clark's first Law
"When a distinguished but elderly scientist states that something is possible, he is almost certainly right."

If we give the government a back door to our data, it's only a matter of months before criminals and other nation states have that key.

I'm not even concerned about that. If the US Government has the key, that alone is bad enough. This is the same government that has systematically attacked developers as a group. Not terrorists. Software developers. They've launched the digital equivalent of a drone strike on users of this very site. They've developed malware that looks like developer tools. Coincidently, just such malware showed up to attack Chinese developers.

I am just gob smacked that Obama can show up at SXSW for any other reason than to apologize to us. He wants us to dig our own mass graves. Here is your shovel developer. Start digging.

Why not work on real pci-e ext cables / buses that does not need bios or bridge chips and is not capped at pci-e 3.0 X4 (at best)

[sarcasm]

Yes, why wouldn't AMD work on a technology that isn't well supported by many players? I mean it's not that AMD hasn't tried to develop interfaces on their own before and failed (XGH). Also I'm sure that Intel has not done any work with this fancy Thunderbolt interface and that TB devices are rare. Never mind that technology never evolves at all. I feel like a schmuck for going with USB over serial. Here I am stuck at USB 1.1 because the technology has never advanced.

1. The 5C does not have the Secure Enclave chip. This does not mean the key is in the open. Part of it is in the CPU, and therefore the iPhone can only be decrypted as itself, not by examining the flash. See this Ars article for more details. The key isn't nearly as well protected as it would be in the the Secure Enclave, but it's not trivial.

2. AES-256 has problems that raise the possibility that it may be a lot weaker than it should be for a 256-bit key. You're not citing an actual attack. It may turn out that AES-256 is practically crackable, but that's covered in my earlier "It seems highly unlikely for several reasons that the NSA has a way to crack it", considering it's still used for secret government documents. You're speculating that what I claim to be highly unlikely right now might come to pass.

3. You have no idea what you're talking about here, do you? You seem to assume that brute-forcing a 256-bit key is a matter of throwing enough computrons at the problem. It is not possible to brute-force a 128-bit key using only the resources available in the Solar System, unless using sufficiently powerful quantum computers (which may turn out to be impossible). Quantum computers halve the effective length of a key, so AES-256 might be able to be brute-forced by a Kardashev Type III civilization using sufficiently powerful quantum computers.

So, the problem is doable, if not trivial, for a Kardashev Type III civilization with powerful quantum computers.

... cloning scandal

http://www.nytimes.com/2006/05...

... Tizen, the useless OS

http://arstechnica.com/gadgets...

Seagate has terrible MTBF rates.

http://arstechnica.com/informa...

Apple makes so much money yet has such an ugly history of mistreating the people with whom they do business in a variety of ways large and small: Mistreatment of workers who build their products (continuing in 2015 only changing due to activist and journalists compelling them to), copyright infringement, ebooks that won't work on jailbroken iThings, turning a blind eye to environmental degradation, making it needlessly hard for owners to take apart their products, teaching store staff twisted psychological manipulation, avoiding US corporate tax (which is already quite low), and more. Now we can add conspiring to fix prices. Hardly surprising given how unethical, illegal, and pernicious Apple has been.

Take a look at System Integrity Protection in the newest version of OS X. it doesn't limit an app to its app corner, but it definitely limits it to userspace. A description from Ars (full page here:

System Integrity Protection does this by severing the automatic kernel-level blessing given to root’s commands. The end result is that in El Cap, root is no longer an account with effectively unlimited access to either the file system or to memory and running processes. SIP places kernel-level checks on root’s privilege that can (in theory, at least, until proven otherwise by an intrepid security researcher) only be bypassed by the kernel itself. SIP’s intention is to keep the operating system’s state—both on disk and in memory at runtime—as it was installed by Apple.

This is a pretty big change from how Unix-like operating systems are "supposed" to work, though it’s not without precedent (Ars IT Editor Sean Gallagher told us that SIP sounds a bit like Trusted Solaris, and this Quora thread has some details on the history of similar "rootless" privilege escalation schemes). Rather than adding yet another superuser account, SIP provides the concept of an additional file system and process flag, and file system objects and in-memory processes so flagged cannot be altered by processes not signed with Apple’s own code signing key.

There’s more, too—the file system protections are only the start. SIP consists of four major features:

        Protected locations cannot be written to by root.
        Protected system processes cannot be attached to with a debugger and cannot be subject to code injection.
        All kernel extensions must now be signed (and old methods for disabling kernel extension signing are gone).
        SIP cannot be disabled from within the operating system, only from the OS X Recovery partition.

Link to Ars Technica version of original story, which was updated to say that it is a non-issue: http://arstechnica.com/tech-po...

Link to Ars Technica story on the fact that the first story was false: http://arstechnica.com/tech-po...

Link to Ars Technica version of original story, which was updated to say that it is a non-issue: http://arstechnica.com/tech-po...

Link to Ars Technica story on the fact that the first story was false: http://arstechnica.com/tech-po...

No need to even speculate, it's just absurdity on the surface. A totally non-technical person made up a new "security" term to scare people. If you want to find a link countering it, it's trivial - including quotes from the DA that he made it up...

http://arstechnica.com/tech-po...

"Are they hitting a wall of unmanageable complexity?" No, my view is that Microsoft has hit a wall built of many years of technically incompetent top management.

Microsoft CEO Steve Ballmer was called "Monkey Boy". The January 16, 2013 issue of BusinessWeek magazine has a large photo of Microsoft CEO Steve Ballmer (now replaced by Satya Nadella) with the headline calling him "Monkey Boy". See the BusinessWeek cover in this article: Steve Ballmer Is No Longer A Monkey Boy, Says Bloomberg BusinessWeek. The BusinessWeek cover says "No More" and "Mr.", but that doesn't take much away from the fact that the magazine called Ballmer "Monkey Boy" -- on its cover.

Worst CEO in the United States: Quote from an article in Forbes Magazine about Steve Ballmer: "Without a doubt, Mr. Ballmer is the worst CEO of a large publicly traded American company today."

Another quote: "The reach of his bad leadership has extended far beyond Microsoft when it comes to destroying shareholder value -- and jobs." (May 12, 2012)

Who would want to work for "Monkey Boy"? Microsoft is apparently not able to hire socially competent people. Apparently Satya Nadella was chosen because he was the least annoying person. However, he does not seem to me to be the kind of person who can handle the enormous conflicts inside Microsoft.

This is my guess: Someone at Microsoft said, "Google and Facebook are collecting data about customers and selling it; let's do that also." So Windows 8 was designed to try to sell "Apps", as though Windows was a particularly trashy cell phone operating system. I was shocked when I first saw the Windows 8.1 GUI. Utterly incompetent. Now Windows 10 is apparently trying to imitate Google Android, which has become more and more invasive.

People who have work to do have already learned the GUIs they need. Even if the design is imperfect, that's what they know. They don't want wild changes.

It's scary. In the last few months, Windows 10 has been shown again and again to be sloppily designed and implemented, as well as being spyware.

Judging from comments on Slashdot, people try to find some technical reason for Microsoft's policies. They apparently have difficulty imagining that Microsoft managers are as incompetent as they are.

Some links:

Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)

Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)

Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)

Windows 10, Microsoft hiding what it is doing: Microsoft has no plans to tell us what's in Windows patches. Quote: "Each update is a black box, and it's going to stay that way." (Aug 21, 2015)

Windows 10, Microsoft takes even more control: Windows 10 is spying on almost everything you do -- here's how to opt out (July 31, 2015) But, of course, Microsoft can change the spyware to a

Well, there is always the possibility of hooking up an external GPU via Thunderbolt -- in principle, anyway, dunno if it will be well-supported or practical.

First I read about seized iPhone may hold “dormant cyber pathogen” http://arstechnica.com/tech-po... , and now, this new idiot.

The stupidity is strong here.

That iPhone may also hold the latitude/longitude of Jimmy Hoffa's body, and the identity of the Zodiac Killer.

The stupidity is strong here.

What would you accept as evidence?...

I'm very skeptical of requests for information from ACs on Slashdot because it tends to be followed by ENDLESS goalpost moving if I should actually provide the evidence.

Most ACs when asked what they would accept get very vague or change the subject. This leads me to believe that they were intending to goalpost move and my request for specific qualified information made them uncomfortable.

I do not cite this to you to say that I "know" you were going to do that. Merely that I must protect myself from this possibility by requesting elements of the type of information you would accept so that if I go to the effort to find the information you will either be forced to accept it or contradict yourself.

This is not meant as an insult to you, merely as what I see as a reasonable precaution to either stop people from jerking me around in topics or to filter out asshats.

Here is one link that popped up after about 2 seconds of internet searches...
http://arstechnica.com/tech-po...

I am almost positive you're not going to accept it which is fine... I don't really care. But if you want me to get some specific bit of magic bullet info... I want to know before hand that you'll concede the point if I do it.

The key is derived from a) a chip on the motherboard, and b) your PIN. The chip is specifically designed so that it ain't gonna tell you it's bit unless the PIN is right. You could probably get the hardware bit of the key by destroying the relevant chip to read it, but if you fuck that up the key is gone forever, and you still don't have a PIN. And the whole shebang kills itself (including the hardware bit of the key that you actually need if you wever want to read the iPhone's data) if you enter the wrong PIN 10 times.

The "Chip" you're talking about is the security enclave which is not on the iPhone 5C. The filesystem key is not stored in the security enclave. If you make a copy of the encrypted memory that stores the filesystem key bit for bit, then you've defeated the erasing system. It's also possible the FBI is terribly incompetent given they have multi million dollar forensic labs that can't figure out how to copy this memory.

The 5c has a hardware-defined security code that works roughly how I described. Ars Technica has a fairly good article on how hard it would be to get the relevant info out of the iPhone without the PIN. Secure Enclave's new wrinkle is that most of the process got moved out of the OS into the firmware, not that the architecture of the security system changed.

I am far from an actual CompSci or EE person, so it's probable I'm missing more then a few little wrinkles in this system that are very important to the Slashdot audience, but I think I have abetter handle on the issue then fucking Issa.

"Windows 10 hardware must support Secure Boot and won't have to let you turn it off." - or that sticker can't be used.

http://arstechnica.com/informa...

Diffie testified in the NewEgg patent troll case and was grilled pretty hard by the attorney, specifically about the work and role of Ellis/GCHQ. He has never tried to deny them credit for their work, but in most practical senses, they didn't invent it.

"Dr. Diffie, you were not the first to invent public key cryptography, were you?"

"I believe that I may have been," said Diffie, speaking cautiously. "But perhaps you could be more specific?"

"In fact, a gentleman named James Ellis in England invented it before you, right?"

Diffie sighed. He seemed, suddenly, almost tired. He had heard this one before. "I spent a lot of time talking to James Ellis, and I can't figure it out," he said. "James Ellis did very fine work."

[...]

"So, in fact, according to the IEEE, someone else invented public key cryptography before you, correct?"

"I disagree," said Diffie. "Ellis' paper is in no sense enabling. [His partner] Malcolm Williamson's paper enables Diffie-Hellman, and it was an internal secret note written two months after I presented that at the largest computer conference in the world."

[...]

"The alleged prior inventors not only kept it secret but did very little with it," said Diffie. "In James Ellis' words to me: 'You did a lot more with it than we did.'"

[...]

"The short answer would be that James Ellis' work in 1969 and 1970 certainly does not teach the methods. Personally, I find that paper incomprehensible. I'm not clear how anybody became convinced of anything from it."

stored local to the sensor network

That still creates an exfiltration risk. Pretending that risk doesn't exist is negligence. Don't pretend any device has perfect security; most embedded hardware runs ancient kernels that have know exploits.

aggregating sensor data is not a bad idea as long as the data is ... anonymized

Yes, that's still a terrible idea. It is very difficult to "anonymize" personal data, as it can usual be re-correlated back to whomever generated the data. Even simple traffic analysis - without knowing the content of the network packets - can betray important information to the world.

Even combining a bunch of sensor data so that you can reconstruct someone's whole schedule is useless without knowing who that person is

I don't believe you are really this stupid. Of course you can connect it back to the person. Listen to when the packets were sent from their house and correlate that with the timestamps on the server. That's only one way to de-anonymize records; some creative thinking will reveal more.

"Anonymized data" is magic pixie dust that internet businesses use to disguise how they monetizing user data.

On Taxis and Rainbows

“Anonymized” data really isn’t

You are absolutely right. There is a court order, and a public one at that, so the 4th amendment is not at issue. That's what distinguishes this from the whole Snowden thing, where government intelligence-gathering entities either act without a court order, or else on a secret court order by a secret court (which is really the same thing, 'cause who knows what happened, 'cause it's a secret).

No, the thing going on here is that Apple is being asked, or even forced, to compromise their own product using means available only to them. If I understand correctly from this article from Ars Technica, that means is their private key, used to push updates to iphones. By using their key to push a custom update to this iphone to shut off some of this iphone's security measures, the FBI would have an easier time brute-forcing the PIN and thereby unlocking this phone.

Obviously, Apple doesn't want to comply. But there's plenty of precedent for why they should. Again, this is all above-board and legal... not a back-door deal done in secret where the CIA gets a special key to unlock any iphone. Instead, this is like the cops getting a warrant to a bank's safety deposit box. The bank has one key, but the owner's key is not available - so, to comply, the bank is going to have to take a drill to their box and break the owner's key socket. But with the right warrant, banks comply.

Methinks Apple's problem is the appearance of their products being hackable with compromised privacy, something dogging Microsoft and Windows 10. Methinks Apple wants to appear to offer an active role in defending the privacy of their users, whereas competitors like Google and Microsoft make it their business to snoop on their users for ad revenue. Methinks Apple is making a fuss over this because they're afraid consumers might flock to Android in the misguided belief that Android is more safe from a legal search sanctioned by a warrant.

Methinks the only issue here is whether Apple can be compelled to help the FBI break this phone. Unlike the bank and it's safety deposit box, the phone doesn't belong to Apple. It rightfully belongs to the cops as evidence in a crime, and before that it belonged to some shmuck who shot a bunch of people, and they can do what they want with it. It just so happens that Apple has something that could make breaking into it a lot easier, but Apple is arguing that they have no responsibility or liability to do so - once the phone is sold, it's out there and Apple's done... if a consumer wants to apply an update from Apple via the private key, that's their decision and that by no way implies Apple take some responsibility over the device and how it's used. Therefore, just because Apple has a private key that can help in hacking the phone, their argument is the government has no authority to compel them to use it, because although the user of the phone might have committed a crime with the phone, Apple didn't play any part in such crime and therefore are under no obligation to get involved.

Methinks, therefore, maybe Apple has perhaps one legitimate concern: complying might suggest they are somehow complicit in an alleged crime committed with their product because of the privacy measures they bake in. Unfortunately, there can be a fine line between volunteering to help with the government, and being obligated to assist the government because of some legal connection with the bad guy establishing a liability. Once Apple gives it up over this phone, Apple fears prosecutors everywhere will start hitting them up with thousands of break-this-iphone warrants, until Apple has to dedicate an entire skyscraper-full of engineers and lawyers to deal with it all. Come to think of it, that's a shitty business to be in (and I wonder how Microsoft and Google would handle it, because they'd be next).

Right, so again no specific complaints about any of the sources, just general vague ad-homs against the sources. In any case, here are the full, uncensored IRC logs:

http://puu.sh/boAEC/f072f259b6...
http://archive.today/Ler4O

The second one was released by GamerGaters themselves. Documented here: http://arstechnica.com/gaming/...

You can grep those logs yourself, and watch as they plan false flag operations, create fake social media accounts etc.

As for Sarkeesian doxing, I tracked down the original tweet: https://twitter.com/femfreq/st...

As you can see, the person in your source has carefully edited the image to make it look like there might have been some personal information there. In fact the information that was blacked out was an obviously fake email address and the "name" is "W.G., the Daily Telegraph interview request", not even an actual name.

You really should spend 1 minute checking these things out before believing them. That's how long it too to type the text of the tweet into Google and reveal the scam.

Requiring the net isn't just a hassle, it's an invasion of privacy. But maybe on the flip side, somebody will track what your local public employees are watching too.

Considering things that some of the media companies do, some may want to avoid doing business with them anyway. Smaller independent studios seem much less apt to be evil.

http://arstechnica.com/tech-po...

Wasn't Disney recently trying to outsource their IT?
A new flat screen tv is cheaper than a family trip to the theme park. It seems the air of magic has been replaced by a cloud of greed. And then there is the status of network tv news. They're sure doing a great job covering those trade deals aren't they.

When it comes to media company behavior, vote with your wallets. Democracy needs better.

I'm not really sure what you're talking about. Hard Disks have been and continue to be multi-platter. The latest 10 TB Seagate HE drive has 7 platters and 14 heads, and this is only their playing "catch up" with Hitachi/WD. http://arstechnica.com/gadgets/2016/01/seagate-unveils-its-own-10tb-helium-filled-hard-drive/

It sounds like you think that manufacturers have stopped making multi-platter drives. That's not true. Seagate and WD both use seven platters in their highest-capacity (10TB, standard-height) drives. The linked article further states that they use seven platters "instead of the usual six".

I don't know how prevalent single-platter drives are today, but multi-platter drives certainly haven't disappeared.

According to the article on Ars, the prosecutor had this to say:

"If the potential for unauthorized access to an encryption key is truly motivating Apple’s unwillingness to assist in downloading information from specific iPhones, then let’s define the problem in those terms and work on that concern"

If only he really meant that.

http://arstechnica.com/tech-po...

Please refrain from posting wired links, they block users who have adblocks active (as they just did to me), and as such do not deserve the traffic.

Here is a link for those with similar objections.

They have just recently tried removing cancer via modified cells, forcing the immune-system to remove the cancer-cells: http://arstechnica.com/science...

There are some downsides to this at the moment, but they are trying to perfect the technique. The takeout that someone should take from this, however, is that the researchers have shown it's possible to create a "vaccine" against certain kinds of cancers -- that is a MAJOR fucking step forward.

About half of my family is running Linux instead of Windows. We're geekier than the average, but I can tell you that non-geeks in my family have no problem at all running a Linux desktop. (And I've installed Windows and Linux, and overall it's easier to do a Linux install.)

It has never been easier to junk Windows and switch to Linux. Many people just use email, a web browser, and Facebook; those all Just Work on Linux. Video, sound, it's all fine.

And desktop is getting less important all the time; people are using mobile devices more and more. And Microsoft missed the boat on mobile.

So even as the "network" that makes Windows important is crumbling ("network" as in "network effect"), even as Microsoft's actual power to push people is waning, they keep finding new ways to punish people who stick with them. Hey, nobody will mind if we monitor them a bunch, right? Make it almost impossible to figure out whether it's enabled or not. (If it's even possible to disable it... maybe it isn't!) And start pushing ads, because nobody hates having full-screen ads in their faces.

Is Microsoft actually trying to achieve Windows 8 levels of hatred for Windows 10? Does Linus Torvalds have sleeper agents inside Microsoft trying to make Windows crumble from inside?

Keep this up, MIcrosoft, and we may yet see the Year of Linux on the Desktop.

P.S. I haven't bothered to keep up with all the settings one must change to disable all the bad behaviors in Windows 10. I just checked to see if there's a tool for it... there's a bunch and it's not obvious which one(s) to use. Is there a clear favorite tool to fix the Windows 10 settings?

http://www.ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools/

Hmm... maybe this one: Spybot Anti-Beacon

http://arstechnica.com/gaming/...

http://arstechnica.com/gaming/...

I think they might head in this direction: Random Key Generator, "on" Silicone using randomly wired chips created with carbon nanotubes.

And https? Please!

Dependency on UIDs provided by hardware.

There's a fresh article on Ars about how they could, in theory, decap the chip and read the UID data, then spin up clones for brute forcing, yes. But you have to know where the data is physically located, and you're likely to just destroy stuff and make it completely unrecoverable.

http://arstechnica.com/securit...

It appears to me that Microsoft is selling itself to secret U.S. government agencies. Who tried to kill the excellent TrueCrypt? The old original TrueCrypt web site pushes people toward a Microsoft product.

Can Microsoft be trusted? Here are some articles:

Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)

Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)

Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)

Windows 10, Microsoft hiding what it is doing: Microsoft has no plans to tell us what's in Windows patches. Quote: "Each update is a black box, and it's going to stay that way." (Aug 21, 2015)

Windows 10, Microsoft takes even more control: Windows 10 is spying on almost everything you do -- here's how to opt out But, of course, Microsoft can change the spyware to avoid blocking. (July 31, 2015)

Microsoft can't be trusted: How Can Any Company Ever Trust Microsoft Again? (June 17, 2013)

Microsoft releases EXTREMELY buggy software: Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert It is likely that there are many bugs Microsoft hasn't yet found. Are Microsoft products intentionally made insecure? (December 9, 2015)

In the context of this article it is worth pointing out the letter that Tim Cook sent out to Apple employees:

http://arstechnica.com/tech-po...

I believe he makes good points, and where ever we end up, it should be because of proper discussion understanding implications, rather than because 'Apple is evil' mantra, that will end up burning everyone.

What worries me is that he is falling back on democracy and representative government... which if you are talking about rights and Liberty is not where you want to go. The dictatorship of the majority is not a sufficient replacement for the rule of law with constitutional liberties. We already agreed as a society to live under a set of rules established by the constitution.

The proper place to have these fundamental disputes over the interpretation and extent of the law IS the courts. Setting up some committee with partisans and "experts" is not substitute for the Appeals Courts and eventually the Supreme Court settling the issues as best they can, either narrowly or more broadly.

Apple has an opportunity to make hardware that it won't have the capacity to break the encryption on. That is what they were working towards, even if they didn't achieve that with these phones. That is the real test.

But it really sounds like Cook is pushing the government to tell them not to make phones that can't be hacked. I don't think that is a good idea. Apple should just make the phones they want to make and make their stand on hardware that actually can't be hacked rather than make their stand on this phone which they can.

In the context of this article it is worth pointing out the letter that Tim Cook sent out to Apple employees:

http://arstechnica.com/tech-po...

I believe he makes good points, and where ever we end up, it should be because of proper discussion understanding implications, rather than because 'Apple is evil' mantra, that will end up burning everyone.

That no, zero, zilch, long term use has been shown, is a fairly solid indication that the tests conducted have not gone well

I'm not sure that's a safe conclusion. Do hardware companies normally release the results of their internal user-testing? But they are betting their own money on the product, which suggests their in-house testing can't have gone gone too badly, can it?

I can tell you the Vive doesn't induce sickness is me, while the DK1 and DK2 do. I'm not sure if that's down to the accurate tracking, or the "room-scale" environments or what. I'm not sure how universal my experience is, but I think there's a real chance Valve has solved the problem for most users.

On the subject of extreme long-term use... its not a study, but they recently held a publicity stunt to show that they had "cured vr sickness."
http://arstechnica.com/gaming/...

You said, 'You obviously have no idea what the word "spyware" means.'

You obviously haven't been reading the many, many, many stories. Here are links to just 7 of the stories about insecurity and links to 2 stories about bad management:

Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)

Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)

Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)

Windows 10, Microsoft hiding what it is doing: Microsoft has no plans to tell us what's in Windows patches. Each update is a black box, and it's going to stay that way. (Aug 21, 2015)

Windows 10, Microsoft takes even more control: Windows 10 is spying on almost everything you do -- here's how to opt out (July 31, 2015) But, of course, Microsoft can change the spyware to avoid blocking.

Microsoft can't be trusted: How Can Any Company Ever Trust Microsoft Again? (June 17, 2013)

Microsoft releases EXTREMELY buggy software: Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert (December 9, 2015) It is likely that there are many bugs Microsoft hasn't yet found.

Badly managed companies don't produce good products:

Microsoft has extremely bad management: The January 16, 2013 issue of BusinessWeek magazine has a large photo of Microsoft CEO Steve Ballmer (now replaced) with the headline calling him "Monkey Boy". See the BusinessWeek cover in this article: Steve Ballmer Is No Longer A Monkey Boy, Says Bloomberg BusinessWeek. The BusinessWeek cover says "No More" and "Mr.", but that doesn't take much away from the fact that the magazine called Ballmer Monkey Boy -- on its cover.

Worst CEO in the United States: Quote from an article in Forbes Magazine about Steve Ballmer: "Without a doubt, Mr. Ballmer is the worst CEO of a large publicly traded American company today."

Another quote: "The reach of his bad leadership has extended far beyond Microsoft when it comes to destroying shareholder value -- and jobs." (May 12, 2012)

If you want more LEGITIMATE sources how about Ars Technica, or how about MSFT themselves for a source? And please note that 19 pages of shit running in the background that CANNOT be turned off by anybody that isn't running Enterprise, aka "Not you you filthy peasant pissant". Also note that MSFT themselves have stated that will NOT turn off all phoning home, so even Enterprise can't completely STFU that OS!

It takes about 15 minutes to make Win 7 as quiet as a church mouse, with no phoning anybody, about 30 for 8.1, Windows 10? So far nobody has been able to stop it, not using MSFT's own tools, not using third party, NOBODY. Hmmm...let me think...is there any other software that the user 1.- Has no control over, 2.- Makes connections the user cannot stop, and 3.- Resists both first and third party tools to try to deal with it? Why yes there is...its called malware.

Actually, according to Ars Technica, LG is planning on creating some sort of open ecosystem for third-party hardware. What exactly that means is yet to be seen, but they've at least said that is in their plans.

It's not their fault, they are running their simulations on that same computer modeling software that says the Global Warning is real.

Spoken like a willfully and proudly ignorant troll.

How climate scientists test, test again, and use their simulation tools

Steve Easterbrook, a professor of computer science at the University of Toronto, has been studying climate models for several years. “I'd done a lot of research in the past studying the development of commercial and open source software systems, including four years with NASA studying the verification and validation processes used on their spacecraft flight control software,” he told Ars.

When Easterbrook started looking into the processes followed by climate modeling groups, he was surprised by what he found. “I expected to see a messy process, dominated by quick fixes and muddling through, as that's the typical practice in much small-scale scientific software. What I found instead was a community that takes very seriously the importance of rigorous testing, and which is already using most of the tools a modern software development company would use (version control, automated testing, bug tracking systems, a planned release cycle, etc.).”

“I was blown away by the testing process that every proposed change to the model has to go through,” Easterbrook wrote. “Basically, each change is set up like a scientific experiment, with a hypothesis describing the expected improvement in the simulation results. The old and new versions of the code are then treated as the two experimental conditions. They are run on the same simulations, and the results are compared in detail to see if the hypothesis was correct. Only after convincing each other that the change really does offer an improvement is it accepted into the model baseline.”

But don't let reality get in the way of your anti-science jihad.

Actually, ignoring the unique hardware key associated with the Secure Enclave (because it can't be read by anything except the Secure Enclave), each iPhone does have several other unique identifiers that can be used to lock OS firmware to the device, such as the serial number, the cellular radio IMEI, and the Wi-Fi and Bluetooth MAC. As already pointed out, Apple could hard-encode those values in the firmware update and sign that. The resulting binary could not be used with any device where those identifiers did not match. Bad actors could not just change the numbers to match a random victim's phone, because the Apple signature would not match the binary. This is discussed at http://arstechnica.com/apple/2....

It is true that even having the source code for firmware creates a risk, but that risk cannot be turned into an exploit without Apple's secret key. And of course if someone gets Apple's secret key, all iOS devices are in trouble.

I think the real issue we should be talking about is whether the government can force companies to redesign their products to help the government spy on their customers. If it can do this, then why can't the government similarly require that circumvention mechanisms be built into devices in the first place to make snooping easy?