Slashdot Mirror

As stated here http://windowsitpro.com/window...

and here https://technet.microsoft.com/...

enterprise users can turn off telemetry. Everyone else only gets to set it to basic.

Manage your telemetry settings You can manage your telemetry settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device-level settings.
You can set your organization’s devices to use 1 of 4 telemetry levels:
Security (only available on Windows 10 Enterprise, Windows 10 Education, and Windows 10 IoT Core (IoT Core) editions)
Basic
Enhanced
Full

Is Pale Moon fixed? I don't see any mention of that.

We switched to Pale Moon and are now not having problems with the instability of Firefox when there are many windows and tabs open. Since Pale Moon is based on Firefox, most of the Firefox add-ons work.

In the past, Google paid Mozilla Foundation $300 million each year to make Google search the default search engine in Firefox. Google apparently didn't cause problems, even though it paid a shocking amount.

Now, I understand, Mozilla Foundation gets most of its money from Microsoft. Microsoft pays Yahoo. Yahoo pays Mozilla Foundation to make "Yahoo search" (actually mostly Microsoft Bing search) the default search engine in Firefox.

The Thunderbird and SeaMonkey Composer GUIs have been damaged, apparently deliberately. File saves in the newer versions of both ask for a new file name, and don't suggest the last one chosen. The damage was reported several months ago, but has not been fixed.

Is that another example of Microsoft's Embrace, Extend, Extinguish? People who feel forced away from Thunderbird may choose Microsoft software to replace it. Is that something Microsoft is trying to accomplish?

In my opinion, dishonest people should not be employed in management. In my opinion, the managers and members of the board of directors of both Microsoft and Mozilla Foundation who approved the dishonesty of sneakily re-configuring Mozilla Foundation products should be immediately fired, and not allowed to have management positions in the future.

Mozilla Foundation may be desperate now that it has lost the incredible amount of money paid by Google.

A few of the many, many articles about abuse by Microsoft:

Microsoft has no plans to tell us what's in Windows patches. Each update is a black box, and it's going to stay that way.

Leaks show that Microsoft writes release notes, so why can't it publish them? The lack of documentation of Windows' updates is a baffling move on Microsoft's part.

Microsoft's Software is Malware. Malware means software designed to function in ways that mistreat or harm the user.

How Can Any Company Ever Trust Microsoft Again?

NSA Backdoor Exploit in Windows 8 Uncovered

Microsoft Gave the NSA Direct Backdoor Access to Outlook, Skype

Microsoft [lack of] Privacy Statement

Here's how to Block Windows 10 "Spying"

The last full version offline installer can be found at http://windows.microsoft.com/e...
It does try and attempt to call home but isn't needed at all to install and work.

But your right because older versions for Vista and XP are gone. I kept my own copy of the full offline installers for them anyway and I am sure that they will still be available on archive.org, oldapps.com or oldversion.com

I still use Windows Movie Maker as a quick and easy video editing tool. Would be nice if they could of just kept these things separate.

Photo organizers, locally installed, Windows:
Zoner Photo Studio
xnView
Nero Mediahome
Windows Live Photo Gallery
Media Pro (Not Freeware)
ACDSee (Not Freeware>
Corel Aftershot (Not Freeware)

Photo editors, browser based:
Pixlr
Polarr
Fotor
iPiccy

Image Hosting:
Piwigo (free to self-host; first party hosting available)
Zenphoto (free to self-host; third party hosting available)
JuiceBox (freemium; self-hosted only)
Flickr
Amazon Prime Photos (you have to be Prime)

Okay, I'm tired of adding links...but depending on what functions of Picasa you're looking to replace, there are plenty of alternatives.

The very last paragraph of Microsoft's technet article states:

Retention

Microsoft believes in and practices information minimization, so we only gather the info we need, and we only store it for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, particularly if there is a regulatory requirement to do so. Info is typically gathered at a fractional sampling rate, which for some client services, can be as low as 1%.

Can someone explain what "telemetry" would fall under govt' regulation?

with the telemetry turned off

How? Last time I checked telemetry couldn't be disabled on 10, not even on the Enterprise version (go read the "fine print" on Microsoft's website, it's quite sneaky).

https://technet.microsoft.com/library/mt577208%28v=vs.85%29.aspx

http://windows.microsoft.com/e...

Microsoft doesn't usually reference security vulnerabilites by CVE numbers but use their own tracking system. They usually publish knowledge base articles for security updates that detail what vulnerabilities are fixed. A recent example can be found at KB3135173

Indeed security updates obtained via WSUS almost always have the KB article number included in the title and updates downloaded manually via Windows Update usually have the KB number listed somewhere in the description as well.

http://windows.microsoft.com/en-us/windows-10/update-history-windows-10

i had one of those could never use it though because we had a windows 95? machine and i couldn't work out how to get BASIC

If my memory serves me, you could download a free version of Visual Basic "Lite" from common dial-up services of the day, and it was bundled with certain VB books. I don't remember what Microsoft called it exactly; it might be this thing:

http://news.microsoft.com/1996...

It supported a subset of traditional BASIC, but I never heavily tested backward compatibility.

If you have the ability to write a malicious DLL into a folder for the executable, you already have the ability to run administrator level code. Why bother with the DLL?

cf: Raymond Chen

Exactly. Raymond covered this a few times in the past.

Using delayload to detect functionality is a security vulnerability
It rather involved being on the other side of this airtight hatchway: Disabling Safe DLL searching

If Safe DLL Search Mode is enabled, then the Current Directory isn't searched until after all the system directories are searched. Safe DLL search mode is enabled by default starting with Windows XP with Service Pack 2 (SP2).

This sounds like a complete non-story.

If you have the ability to write a malicious DLL into a folder for the executable, you already have the ability to run administrator level code. Why bother with the DLL?

cf: Raymond Chen

Exactly. Raymond covered this a few times in the past.

Using delayload to detect functionality is a security vulnerability
It rather involved being on the other side of this airtight hatchway: Disabling Safe DLL searching

If Safe DLL Search Mode is enabled, then the Current Directory isn't searched until after all the system directories are searched. Safe DLL search mode is enabled by default starting with Windows XP with Service Pack 2 (SP2).

This sounds like a complete non-story.

If you have the ability to write a malicious DLL into a folder for the executable, you already have the ability to run administrator level code. Why bother with the DLL?

cf: Raymond Chen

Exactly. Raymond covered this a few times in the past.

Using delayload to detect functionality is a security vulnerability
It rather involved being on the other side of this airtight hatchway: Disabling Safe DLL searching

If Safe DLL Search Mode is enabled, then the Current Directory isn't searched until after all the system directories are searched. Safe DLL search mode is enabled by default starting with Windows XP with Service Pack 2 (SP2).

This sounds like a complete non-story.

MSDN is saying, by default, "Safe DLL" loading is used, in which the current directory is only used if loading the DLL from most other locations failed. So this would not be viable any more. It sounds like this problem was identified and fixed long ago. Any attempt to exploit this now would require gaining greater access first, and once you're there there's no point to using DLL hijacking any more.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586%28v=vs.85%29.aspx

MSDN documents guidelines for preventing malicious DLL loading. Windows has already cut off "current directory" forms of attacks by changing the DLL load order (called "Safe DLL Search Mode" in that document), and with Vista locking down Program Files for admin-only access, "application directory" attacks are also out unless apps intentionally install themselves elsewhere (then they're on their own). As for installers, users have to get tricked into downloading the DLL first, and at least Chrome gives you a big warning that the file is suspicious due to its extension. And if you can get the user to do that, you might as well just give them an EXE and skip the warning. It's easier to put together a malicious EXE too.

Although it is very true that it is how windows was designed from the early days, modern versions of windows do have protections against loading DLLs from network locations that applications simply have to opt in to. For those that are designed to be locally installed to have NOT adopted those defenses is just like not bothering to enable ASLR (Address Space Layout Randomization), or other security measures. These applications should be updated to use the protections. Here's info on how to make the updates to applications: https://msdn.microsoft.com/lib...

Looking at the privacy statement in the tech preview they say "when you input text, handwrite notes or ink comments, we may collect samples of your input to improve these input features, (e.g., to help improve the accuracy of auto-complete and spellcheck)." Are you really going to pretend you don't understand what that means?

They also go on to say "Microsoft takes measures designed to prevent the collection of email addresses and passwords, and numeric sequences such as phone numbers and credit card numbers." Now you can play the conspiracy theorist card if you want and argue about how it's "vague" but the fact is they aren't going to be specific and supply a "war and peace"-length document detailing exactly where and how these things are used but ultimately they would still have to worry about litigious tin-foil-hatters finding a mistake in it and suing them over it.

Ultimately if you're that paranoid then just don't use it.

Are you speaking about a problem that still exists in Windows Update for Win7 beyond the fix available in https://support.microsoft.com/... that is not a mandatory update? I've recently had to install this one myself (manually) to fix a computer that became utterly unusable while Windows Update was scanning for available updates. Its memory management is a joke.

I don't think you can because I've checked and such a document does not exist. It is not 'out there' and while I only present a hypothesis

Did you search your video library, same up ampty handed and concluded that such a document does not exist? If you had looked in the "feedback & diagnostics" options, a link exists to this document:

http://windows.microsoft.com/e...

Yes really, you are a confirmation-bias idiot who is so convinced of the conspiracy that you feel that you do not even need to check your claims.

BTW, the document (and related documents) also tell you what the collected data may be used for (i.e. product improvement) and who may look at it.

> Let's not start spewing FUD like that before we actually know what is stored in the packets sent to Microsoft.

Ok AC, you reign in those accusations. The rest of us will discuss how to disable the keylogger:

http://thehackernews.com/2015/...

And be sure to disable these KBs in Windows 7 and 8:
http://thehackernews.com/2015/...

And be sure to download stuff that stops it, for now, maybe:
https://www.reddit.com/r/Windo...

The EULA states that you agree to have your keystrokes sent and such:
https://privacy.microsoft.com/...

"...we share personal data among Microsoft-controlled affiliates and subsidiaries. We also share personal data with vendors or agents working on our behalf for the purposes described in this statement..."
"We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets."

"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails in Outlook.com, or files in private folders on OneDrive), when we have a good faith belief that doing so is necessary to:

Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies...
Protect our customers... ...protect the rights or property of Microsoft..."

So basically, they'll disclose your data for almost any goddamned reason, including making an agreement with a third party to disclose your data to them in exchange for money.

And what data in question?

"Microsoft collects and uses data about your speech, inking (handwriting), and typing on Windows devices to help improve and personalize our ability to correctly recognize your input."

" It also includes associated performance data, such as changes you manually make to text..."

Microsoft also tries to guard you from Malware, a noble purpose... but in doing so it can leak pretty much all of your URLs.

The statement you respond to is not quite correct because the line about the "indexes of your harddrives and other storage devices" appears to be specific to the technical preview. But other than that, yea, it's pretty much spot on.

Some could. Amigas (and Macs too I believe?) would automatically pop up an icon for floppies when they were inserted, without needing to do anything else.

While those absolutely are technically "personal computers", everyone understands "PC" to mean "IBM PC or compatible". And yes, both Amigas and Macs had floppy detect. Actually, it was technically possible to do it on the PC as well, and ISTR some programs actually doing it. The solution to the training problem is pathetically obvious (as evinced by the fact that I figured it out while reading TFA which I just google'd) which is to train the system the first time the user successfully reads a floppy disk, and thus you know that there's a disk in the drive. But... Microsoft

https://blogs.msdn.microsoft.c... has the details as to why it was partially the drive's fault. They could have asked the user to verify which type of drive they had at the beginning, but it's a bit like the current NumLock situation today.

that can run in hyper-V too

That seems to miss a large part of the point of these containers. Of course to support this sort of strategy, Windows would have to do a whole lot of kernel work, and they probably don't have the stomach to muck with their kernel that much.

Actually MS really has been slimming the kernel down to make it more mobile friendly. Here are the containers link?

that can run in hyper-V too

That seems to miss a large part of the point of these containers. Of course to support this sort of strategy, Windows would have to do a whole lot of kernel work, and they probably don't have the stomach to muck with their kernel that much.

Actually MS really has been slimming the kernel down to make it more mobile friendly. Here are the containers link?

My bad it is called nano server.

There's actually Windows Server containers / base images: https://msdn.microsoft.com/en-...

But yeah, it's still Windows, so blah, who cares. I wonder how much Docker is getting paid to work on it.

You better check the spec again idiot. UVC certainly does allow it to extended and incorporate different codecs. And yes, a driver to enable the extendable units is still within the spec - at least with MS operating systems.

It's funny, You come here crying that a cheap webcam kicked your ass and begging for help then pretend to know it all when someone offers assistance while you spout completely incorrect facts.

Here , read all of this carefully before shoveling another falsehood out of your trap.

https://msdn.microsoft.com/en-...

So, Microsoft is expected to make everything that worked on Windows 3.1 continue to work on any and all future versions of their OS and gets blasted when they don't, but Apple gets a free pass any time they EOL support for anything.

I wonder if the OP tried something similar to this: http://answers.microsoft.com/e...

Actually no, not welcome. I'll bet there are some great Windows tech support related sites out there. Maybe start here:

https://technet.microsoft.com/...

Or more likely here:

https://www.google.com/

So there's your advice.

I was going to take the opportunity to launch into a full tech-support monologue but it brought back too many old and bad memories.

Supporting old versions in the consumer market costs them money. They don't want to spend that money.

Then Microsoft should have thought that through before they published a support policy that provides for extended support into 2020 (Win 7) and 2023 (Win 8). I don't care if Microsoft wants to lower their costs after the fact; I bought and installed Win 7 based on its published lifecycle, and thus my lowered cost of upgrading. Microsoft's desire to push users to Windows 10 does not trump paid customers' right to utilize their Windows 7 and 8 systems until the published end of support dates. Microsoft should neither be nagging customers or trying to force upgrades.

Shame on Microsoft for making people get off an OS that isn't receiving updates and for pushing for people to get off an OS that will stop receiving them in a handful of years.

Windows 7 extended support runs until 14 January 2020.

That's almost four more years that Microsoft have committed to supporting the OS.

A significant number of computers that haven't even been bought yet could run Windows 7 for their entire working lifetimes and still be within the extended support period.

Also, merely "connecting to the Internet" is highly unlikely to leave a system vulnerable even if it isn't fully patched, and I'll take "outdated and unsupported" over "actively damaged at arbitrary intervals by compulsory updates you can't block".

What's the problem? Microsoft tells you how to block the automatic upgrade right on their own site. https://support.microsoft.com/...

Microsoft provides full instructions to disable the Windows 10 update offering.

"How to manage Windows 10 notification and upgrade options:" https://support.microsoft.com/...

Just in case you're looking for another reason not to switch.

I put this conversation up as a discussion topic here on /. - http://answers.microsoft.com/e...

Com port management has never been great in Windows and in Win 10, if you are doing device development work or working with different devices which allocate com ports, you may find yourself running out of them and/or applications no longer working because the allocated port number is higher than the range the application handles.

Very disappointing non-response by Microsoft and their employees.

You can't do the same thing in OS X. I don't know about Windows.

Windows has had Resource Protection since Vista. Even before that, Windows File Protection going back to Windows 2000.

Only Windows Update can run as "Trusted Installer" - and only trusted installer is allowed to replace or change system files.

You can't do the same thing in OS X. I don't know about Windows.

Windows has had Resource Protection since Vista. Even before that, Windows File Protection going back to Windows 2000.

Only Windows Update can run as "Trusted Installer" - and only trusted installer is allowed to replace or change system files.

Well I gotta tell you I've seen programs removed and suddenly the system would not boot on Win7. Seems the uninstaller took a few system files with it. Shitty developers can fuck up absolutely anything.

On Windows, uninstallers cannot delete system files. Since Vista, Windows Resource Protection has prevented even processes running as administrator or SYSTEM from changing/deleting system resources (files, registry keys etc). Only the "trusted installer" account can write those files, and only the WindowsUpdate process runs as trusted installer. It will not install 3rd party applications.

Not saying that an uninstaller cannot do other harm which could toast the boot process, but it cannot delete system files. Safe mode will trust *only* system files, and should always be able to load - bar hardware failures.

http://natick.research.microso...

• Go to the FAQ section
• Click on: How would a Natick datacenter impact the environment?
• Read the last sentence in that section: "Natick datacenters consume no water for cooling or any other purpose."

Now, I wonder how the cooling is done.

I'm fairly sure you can self sign drivers as you need to.

With a big, ugly, always-on-top "Test mode" badge. Or what am I missing?

Considering how much spying is baked into Windows 10 frankly the thought that anything done in that OS is "private" is beyond belief.

You're completely ignoring every company that runs an Exchange server.

You can run a hybrid Exchange environment, and use Microsoft Online Protection for Exchange.

It's like $3 a month per mailbox, when solutions like McAfee's were more than $10 a month and did a poorer job at spam filtering.

So again, why would they want to pay more for spam filtering than they had to, if nobody is doing better than Google or MS these days?

Think Tanks: How a Bill [Gates Agenda] Becomes a Law: In 2012, the Center for Technology Innovation at Brookings hosted a forum on STEM education and immigration reforms, where fabricating a crisis was discussed as a strategy to succeed with Microsoft's agenda after earlier lobbying attempts by Bill Gates and Microsoft had failed. "So, Brad [Microsoft General Counsel Brad Smith]," asked the Brookings Institution's Darrell West at the event, "you're the only [one] who mentioned this topic of making the problem bigger. So, we galvanize action by really producing a crisis, I take it?" "Yeah," Smith replied (video). And, with the help of nonprofit organizations like Code.org and FWD.us that were founded shortly thereafter, a national K-12 CS and tech immigration crisis was indeed created.

Microsoft supports White House initiative to expand access to computer science: " Microsoft is one of many companies in the tech sector that is committed to this effort [said Microsoft President Brad Smith]. In addition to our business initiatives, those of us who are involved in philanthropy, including such groups as Code.org, will do more. The private sector and philanthropy cannot fill this gap without public funding. And if we're going to accelerate progress as a nation, we need federal funding. That's why today's proposal is so important. It can provide the accelerant to help more states and school districts progress more quickly."

Some of the stuff I've seen suggest that Microsoft will continue to toss money at Windows Phone. It's still being used in Microsoft advertising like the Surface Hub (tossing stuff from the Hub to OneDrive and continuing on your phone), and it wouldn't surprise me if Microsoft pushes Hub integration with Windows phone in a Superbowl commercial. Then there's the Windows 10 based Lumia Denim email I got yesterday...

And before you ask, I have a Lumia phone for work, supplied by work, and not yet released in the US. One of the fun perks of being a key Microsoft partner I guess (though that project is about 1/6 of my job). It actually is a pretty sweet phone, and definitely runs circles around my two year old Samsung Galaxy S4 (not that there is any surprise there). I've used iPhones as well, and I really don't have any issues with any of the designs. They are all a little different, but also fairly intuitive (at least for anyone that has used computers).

If you sell a new one every 2 years at $400/each, thats still almost 3 billion dollars a year in revenue. Drop it to $200/phone and its still 1.3b.

What happens when you drop that to $40/phone? http://www.microsoft.com/en-us...

So change the keyboard layout to something you like. I personally use Dvorak with a dozen accents as dead keys; the only accents I actually use are for Esperanto, but still... On Windows, https://www.microsoft.com/en-u....

https://support.microsoft.com/...

That's an urban legend. When I worked there,

You are using appeal to authority and you are not doing a very good job at it.

CD C:\windows\WinSxS

Dir *CRT*

That whole directory is *designed* for backwards compat. If you fire up windows 7 and fully patched you can see no less than 3 full copies of media player.

To get 123.exe to work on windows 10 will take a bit of work and a bit of copying. You need the old DLLs and a manifest. You will need something like dependency walker and something like process explorer. Use that on the old copy of vista. Then write down which DLLs are running there. Then copy them to the same directory as 123.exe. The method that loads up DLLs looks to the local dir first then to the path. In the background the winsxs is tricking your app into running other things from the path. Your welcome go claim your bounty.

Microsoft doesn't give a damn about backwards compatibility.
That could be more true now. But https://blogs.msdn.microsoft.c... where he talks about security ABOVE backwards compat.

Win10 does seem to be missing lots of the older DLLs. That is a *good* thing. But the older DLLs do work. It is going to take a bit more work though.

Funny that you complain about conspiracies and then follow that up by falsehoods. AMD does NOT currently embed ARM chips into its CPUs, there is TALK of doing this sometime in the future for a small range of laptops aimed at the corporate market but so far that is all it is, talk. And if AMD ever does embed an ARM chip they simply licensed a standard ARM security chip design from ARM corp, last I checked it used standard crypto schemes and had specs available online, no black boxes with that design.

As for TFA....do you REALLY blame the writer for being paranoid? We have Wikileaks revealing new nasties about the US gov daily, we have Intel that has been trying to push the market towards black boxes since Palladium and Itanic, and you have MSFT doing everything short of using WU to nuke the OS of everybody that won't jump on their new OS which preliminary traffic analysis shows to be nothing more than Big Brother in a can complete with malware style keylogging and requiring a version they won't sell you to turn off the majority of spying.

So while TFA is probably paranoid frankly after all we've learned in the past few years....do you REALLY trust a large corp like Intel, especially one that has ties to a government, in the case of Intel Israel?

Nothing desperate about it. Provide a "free" upgrade to Windows 10 for people who would have bought a new computer instead for at least 2x the cost of an upgrade license to another company, then sell out all of their personal info via built in telemetry to recoup costs? Sounds like a good business strategy to me.

As a bonus any new computer they do buy still has the telemetry built in, so Microsoft still gets money from selling the user's personal info WHILE getting a payment on the Windows tax from the manufacturer.

Also, Microsoft has long used end of support to scare consumers and companies into upgrading. That's nothing new. See also KB2934207 and KB2949787 (Microsoft doesn't have a support page for this one anymore.) which provided scare tactics for the end of XP.

Don't get me wrong, I agree that if anything will displace Microsoft, it's the lack of trust that it's hell bent on pursuing. But to say that they need to do this to stay competitive is wrong. The only reason they can get away with it currently is the level of entrenchment that they have. It's very costly for both consumers and companies to switch to other products. As many people have been trained to use only Microsoft's products.

Go look at any class on "How to use a computer" and you'll find two Microsoft products proudly on display: Windows and Office. Most classes don't teach generic GUI concepts to people. They teach how to use Microsoft Windows. Most classes don't teach how to use generic office suite programs. They teach how to use the special features of Microsoft Office(365. "Now FREE to use ONLINE INTEGRATED WITH THE AZURE CLOUD!") Microsoft has spent a lot of time and money making their products the ONLY recognizable (via muscle memory) way to use a computer. They have leveraged that with their proprietary addons to various standards, and their own proprietary formats that don't inter-operate well with other solutions. (Like any other company would to ensure future profits.) That lock-in is the only reason they are getting away with their current business model for Windows 10. That and the fact it's being given away for free, and guess what? As long as people don't know about Microsoft's business plan, or don't feel any consequences from it (no pressure to switch to something else), Microsoft will stay on top of the pack just fine.