Slashdot Mirror

See subject: It's your resolver of host-domain names to IP addresses & first source queried by default = hosts (over DNS, especially remotely, as it's slower & prone to many security issues such as the Kaminsky redirect poisoning flaw, Open DNS (no, NOT "OpenDNS", they're great & filter vs. threats too - they're what I use in fact combined with hosts locally first)).

Hosts are part of the IP stack - in fact, hosts are a "firewall BEFORE the firewall" (operating on the MOST used threat vector in host-domain names vs. ip addresses by malware in MOST forms by FAR) since firewalls use layered drivers BEYOND the ipstack (tcpip.sys in Windows), & hosts operate WITH the ip stack itself as a filter...

SOURCE MICROSOFT -> https://support.microsoft.com/...

APK

P.S.=> Hosts get CACHED into memory, like any file (the way I do it is to TOTALLY bypass SLOWER usermode in the faulty with large hosts files dnscache clientside service & instead, I opt to use the kernelmode diskcache - THIS MEANS NO TRANSITIONS TO USERMODE & context switch overheads involved) - plus, I "up" the priority of the read in the registry (ask if you want those settings)

+

I put my FAVORITE SITES @ THE TOP OF HOSTS cached in RAM as noted above!

(They are where I spend a GOOD 95++% of my time online like most people do so they resolve MEGA fast - far faster than calling out to remote DNS servers - between that & adblocking? I fly using hosts & do it FAR safer + more reliably via this very technique as well which proofs you vs. DNS exploits)... apk

At least they do describe the telemetry levels very well now:
https://technet.microsoft.com/...

So a free utility to coordinate hardware for up to 500,000 user/privilege pairs is somehow out of reach for small businesses? (For the math challenged, that means that if you do not use any global restrictions and insist on defining everything individually, a 20 employee small business can have 25,000 AD-configured controls. You won't need that 500,000 except in the most awkwardly tyrannical 500+ employee situations.)

Either you disable everything unwanted on each piece of hardware, or you use the tool to configure it all in one place. If you think it's not worth your time to learn how to use the centralized configuration tool, then accept that you have decided it is worth your time to do the configuration manually on each system.

Either the classified message is encrypted and the email server's security is moot or the classified message is not encrypted and the sender is mishandling the information in the first place by sending it in clear text over the internet, regardless of where the server is hosted.

Communications on the wire being secure until the year 500,000 is meaningless if the server is compromised somehow. According to the article, the (Microsoft) email server had RDP ports open (which had a critical vulnerability while she was in office: https://technet.microsoft.com/...), and other computers on the same network were accessible by VNC.

Even if Hillary had been using *perfect* security in terms of encryption and information security with regards to sending her emails (which is laughable, considering the state of email) this would still be a huge problem.

What makes you think Microsoft won't help them? All they have to do is to hook their existing function to mark a window as "protected" and pat themselves on the back for a job well done.

The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

If you have not activated CEIP, the updates will not cause any information to be sent back to Microsoft. It is that simply.

https://support.microsoft.com/...

Sounds almost like you're asking for this: http://www.microsoft.com/en-us...

But that can't be right!

My one Windows 10 upgrade was flawless from the DVD. I'm scared of the download method, though, mostly because I've wasted hours trying to convince Windows 10 to *not* install on my Windows 7 PCs. Worse, Windows Update offered the Get Windows 10 App *again* this week, this time as an Important update, in case I didn't take enough punishment the first time around.

If you didn't install from ISO, this seems to be a good starting point.

Also, Microsoft requires you to successfully install every current update in order to be allowed to upgrade

That is not true at all. If you want to use the option to automatically upgrade to Windows 10 then you do need quite a few updates installed but if you download and use the you can upgrade an existing Windows 7 or Windows 8 install regardless of what updates have or have not been installed.

Indeed, Microsoft recommends that you use the Media Creation Tool on systems that are having problems installing updates or for systems that don't have reliable Internet connectivity. As long as you choose the "Upgrade" option in the installer and the existing Windows 7 or 8 install is activated you won't have to enter a product key.

This is not (unfortunately) a joke: Microsoft's response is run disk utilities then bring your computer into the Genius bar to have your hard drive changed:

http://answers.microsoft.com/e...

All the Linux clients handle winmail.dat without issue. Mac and AOL users are the only ones that have that problem. (I think AOL might have solved it by now.)

Here's the Transport Encapsulation Format(TNEF) that produces winmail.dat. You really ought to get a modern MUA. Winmail.dat hasn't been an issue for over 10 years, except for Apple. LOL

https://technet.microsoft.com/...

Windows Phone:
- No way to use GPS locally without sending location to Microsoft
- No way to use WiFi locally without forced participation in location crowd sourcing
- No way to practically use device / install software without a Microsoft account
- No way to prevent windows phone with Microsoft account from transmitting location data to Microsoft
- No way to maintain a local address book without having it all automatically sent to Microsoft
- No way to prevent device specific identifiers from being sent (in the clear I might add) to Microsoft servers.

Windows:
- No way to prevent transmission of telemetry (Windows 10 non-enterprise SKUs)
- No way to prevent connections to MS servers (vortext, data, settings) when everything CEIP, updates, everything has been completely disabled (Windows 7)
- No way to disable automatic updates (Windows 10)
- No way to prevent CRL queries when CRL checking has been disabled (Windows 7)
- No user reachable knobs to disable mostly annoying and counterproductive NLA queries
- Disrespectful defaults and intentional UX elements such as misleading appearance of MS account requirement to trick people into using a MS account to access their local systems (windows 10)

Lies applicable to TFA:

"In the past, Windows could be thought of as software existing only on your device. Now with Windows 10, important parts of Windows are based in the cloud, interacting with online services"

This is non-specific BS to setup excuses for unacceptable privacy violations enumerated later in TFA.

"When you communicate with your friends, family, and business associates, like text messaging (SMS, MMS, etc.) on a Windows device, we have to get the content of the message to deliver it to your inbox, display it to you, enable you to reply to it, and store it for you until you delete it."

I'll leave this nonsense speak for itself.

"For real-time communications, a phone-calling app needs to know the phone number of the contact you want to reach. "

This is priceless because the calling app does not have a local store. What it really effectively means if you want to call anyone Microsoft needs to know the number.

"If you lose your phone, you can locate your Windows phone on a map using Find My Phone at https://account.microsoft.com.... Even if you have turned off all other access to the location service on the phone, this feature can still work. "

This is the problem there is no effective way to opt out even up front when initially setting up the device. The only possible option is to not associate a MS account which effectively renders the device a brick/feature phone.

My first computer was a ZX80 -- fond memories!

I liked it enough that my hobby Calculator app for Windows is now programmable in BASIC. It turns out that making a BASIC interpreter is pretty simple these days; there's a bunch of parser-generators to make it simple to program up the language, and modern computers are super-fast even when dealing with non-optimized code. In fact, the hard part is that people expect more GUI bits in the code, and getting those to all work took longer than the actual programming.

The downside is that it doesn't emulate any particular computer, and it's missing some nice features like "graphics" and "multiple statements on a line".

Link to app: https://www.microsoft.com/en-us/store/apps/best-calculator/9wzdncrdfd6x/

Link to manual: https://bestcalculator.files.wordpress.com/2015/09/bestcalculatorbasicreference.pdf/

Wow we have to go 2 decades back to find an example.

No, it was an example to show how far back their intentional breakage of backwards compatibility runs. IOW, you can't state that oh, it was only since 2xxx. It actually goes back further, to DOS days as well, as in almost to the inception of the company.

Then you can go look up how .NET's incompatibilities between versions cause havoc.

Nope, very rarely has there been any breakage of backwards compatibility except in areas that were required for critical fixes.

Then I suppose this page is pure fiction?

Seriously if you struggle using Windows 10 coming from Windows 7 just because they changed the start menu then computers aren't for you. I am curious as to what exactly you are having so much difficulty with though.

It's not the start menu, or lack thereof, it is the randomization of the location of configuration applications and options, which have changed with each major windows release, including the menu organization itself. Such as how to forcibly configure wireless networking to connect to a non broadcasting SSID on a specific channel in a congested wireless environment, or to test that the connectivity is good. Those things used to be simple and intuitive, now they are hidden behind layers of irrelevant crap IMNSHO. As for Win10, I won't run that pile of spy-ware on any network connected computer, ever. (If you're slow, that means it's been relegated to unusable status as far as I'm concerned.)

The point is pushing .Net universal application concept to wider range of developers.
It's kinda like Java was supposed to be, write once, run anywhere.

WSUS is the way to go. I've used WSUS in a lot of AD domain environments, but you don't need a domain to deploy WSUS: https://technet.microsoft.com/... With WSUS you can cherry-pick and approve updates individually. You can also easily write auto-approval rules for precisely what you're looking for (If update is of type "Security Update", then Approve).

Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

KB 2952664
Compatibility update for upgrading Windows 7
https://support.microsoft.com/...

KB 2976978
Compatibility update for Windows 8.1 and Windows 8
https://support.microsoft.com/...

KB 3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3035583
Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
https://support.microsoft.com/...

KB 3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/...

KB 3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

KB 2952664
Compatibility update for upgrading Windows 7
https://support.microsoft.com/...

KB 2976978
Compatibility update for Windows 8.1 and Windows 8
https://support.microsoft.com/...

KB 3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3035583
Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
https://support.microsoft.com/...

KB 3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/...

KB 3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

KB 2952664
Compatibility update for upgrading Windows 7
https://support.microsoft.com/...

KB 2976978
Compatibility update for Windows 8.1 and Windows 8
https://support.microsoft.com/...

KB 3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3035583
Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
https://support.microsoft.com/...

KB 3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/...

KB 3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

KB 2952664
Compatibility update for upgrading Windows 7
https://support.microsoft.com/...

KB 2976978
Compatibility update for Windows 8.1 and Windows 8
https://support.microsoft.com/...

KB 3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3035583
Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
https://support.microsoft.com/...

KB 3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/...

KB 3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

KB 2952664
Compatibility update for upgrading Windows 7
https://support.microsoft.com/...

KB 2976978
Compatibility update for Windows 8.1 and Windows 8
https://support.microsoft.com/...

KB 3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3035583
Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
https://support.microsoft.com/...

KB 3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/...

KB 3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

KB 2952664
Compatibility update for upgrading Windows 7
https://support.microsoft.com/...

KB 2976978
Compatibility update for Windows 8.1 and Windows 8
https://support.microsoft.com/...

KB 3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3035583
Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
https://support.microsoft.com/...

KB 3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/...

KB 3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

Just an FYI, as this is a Windows update thread which is trying to avoid Win10 nagware + telemetry. These are the updates I've identified so far. Feel free to add/update the list:

KB 2952664
Compatibility update for upgrading Windows 7
https://support.microsoft.com/...

KB 2976978
Compatibility update for Windows 8.1 and Windows 8
https://support.microsoft.com/...

KB 3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3035583
Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
https://support.microsoft.com/...

KB 3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

KB 3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/...

KB 3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/...

Microsoft has two versions of Windows 10 for volume license users: CB and LTSB.

CB (Current Branch) is the same as what the home users have to deal with.
LTSB (Long Term Service Branch) however does things differently.

"For example, systems powering hospital emergency rooms, air traffic control towers, financial trading systems, factory floors, just to name a few, may need very strict change management policies, for prolonged periods of time. To support Windows 10 devices in these mission critical customer environments we will provide Long Term Servicing branches at the appropriate time intervals. On these branches, customer devices will receive the level of enterprise support expected for the mission critical systems, keeping systems more secure with the latest security and critical updates, while minimizing change by not delivering new features for the duration of mainstream (five years) and extended support (five years)."

Source: Windows 10 for Enterprise: More secure and up to date
https://blogs.windows.com/busi...

The only other solution I can think of would rely on setting up a WSUS server, and managing the updates from there. The OP would then just need to change some registry settings on his family's computers to point to his WSUS server for updates.

Instructions: Configure Automatic Updates using Registry Editor
https://technet.microsoft.com/...

First off, If there's no reason not to upgrade other than FUD, then they should update. 7 only has a little more than 4 years left and is already in extended support and windows 8/8.1 interface is crap vs 10. If they're worried about being spied on stay with a Local account and don't setup a Microsoft account. It will only take the same telemetry that they've been doing since the customer experience program in vista, which you can then turn off. That being said MS shouldn't have started downloading the OS on PC's without explicit reservations but even that can be disabled.

Easiest method to disable windows 10 from updating is to use the DisableGWX Policy setting. This site's Method 3 will walk you through setting the registry key. Microsoft Also has some other blocking methods as well.

If you just want security patches from that point forward go to windows update settings and uncheck "give me Recommended updates the same way I receive important updates"

As far as Windows goes I am happy to tolerate it for the games that I play that do not have a Linux port yet. So there is no way in hell I am upgrading to 8 or 10.

Using this: https://msdn.microsoft.com/en-...

I am fairly confident that those fuckers can't force something onto me I don't want (especially since I compiled it with TDM-gcc

C:\Users\Pyshcotria\Code> checkversion.exe
Windows10YoureFuckedOrGreater
C:\Users\Pyshcotria\Code>

Seems fine

But, as Scar told the mouse, "Life isn't fair, is it?".

Why didn't you just use the windows media creation tool and skip all of that work? http://windows.microsoft.com/e...

IIRC That tool only works once you've reserved your free upgrade otherwise your key is not properly converted. If you read his post most of his headache was getting to the point where the Windows 10 offer became available and from then on it was pretty much a single click to install windows 10.

Why didn't you just use the windows media creation tool and skip all of that work? http://windows.microsoft.com/e...

Can you tell me why should I download a program that is supposed just to download a .iso? And can anybody tell me what is it doing when it is "Verifying my download" and why it needs 10 minutes "Creating Windows 10 media" after the network transfer finishes? And if I run it twice, why do I get a different thing every time?

It does not build much confidence in paranoid people like me.

1) Download ISO from here:
http://www.microsoft.com/en-ca...

From my experience this page allows to download a .iso if you access it from Linux. When accessing from Windows it redirects to the "media creation tool".

Just yesterday I did this for a friend on Win 8 (not 8.1). This is how I did it:

1) Download ISO from here:
http://www.microsoft.com/en-ca...

2) Burn ISO to DVD (optional? I downloaded and burned from my Linux system)

3) Insert DVD into a running Win 8 system, run via autoplay or browse the DVD filesystem and execute setup.exe

4) Navigate through the prompts and let it do its thing.

There is an option in the UI to do a "clean" install, where you lose your files and applications. I went this route as the laptop in question had never been cleaned up, and all important files was already backed up.

Hope this helps someone.

You get it from Microsoft: http://windows.microsoft.com/en-us/windows-10/media-creation-tool-install

Why didn't you just use the windows media creation tool and skip all of that work? http://windows.microsoft.com/e...

Because you cannot run this tool from windows 8, nor even an non-updated windows 8.1

here's what's at the link you gave:
System Requirements for Windows 10 ISO:
Latest OS:
Make sure you are running the latest version of either Windows 7 SP1 or Windows 8.1 Update.

Why didn't you just use the windows media creation tool and skip all of that work? http://windows.microsoft.com/e...

Not sure. They are often configured with additional software (e.g. https://steelseries.com/engine), but I did not need any of that just to use such keyboards on Windows. However, since Windows installs USB drivers automatically when you plug the device (either from device partition or downloading from the net), I cannot 100% tell whether a special keyboard driver was needed or not. I guess I could check in Hardware Manager but I'm too lazy to boot that machine right now :)

The current Start Menu is horribly broken. Microsoft has known this for months, but has failed to produce a fix.

Currently, it is limited to 512 items. This also breaks Cortana's search for items in the menu.

Of course, that is separate from another issue with the Start Menu: The inexplicable "flattening" of the program files structure to a single folder level, which maddeningly produces menu folders with countless "Uninstall" and "Help" links in some cases. That was, apparently, a "design decision" by some idiot at Microsoft when they moved to the Metro UI in Windows 8, and hasn't been corrected back to the more realistic and productive way it originally worked (since Windows 95, no less)

if MS would actually merge Skype into Windows or Office

They did that back in April.

It is hardly new that they share their code. They have had a Shared Source Initiative since 2001 to enable "source code access for customers, partners and educators, by making enterprise systems integrators (SIs) eligible to receive access to Microsoft Windows source code" (Source).

They already did share their code with partners like Mainsoft, who was the source of the leaked Windows code for NT4 and 2000 that happened in 2004.

Interestingly, Mainsoft was "one of the main providers for the Microsoft Windows Interface Source Environment (WISE) program, a licensing program from Microsoft which allowed developers to recompile and run Windows-based applications on UNIX and Macintosh platforms. Before WINE there was WISE!

It is hardly new that they share their code. They have had a Shared Source Initiative since 2001 to enable "source code access for customers, partners and educators, by making enterprise systems integrators (SIs) eligible to receive access to Microsoft Windows source code" (Source).

They already did share their code with partners like Mainsoft, who was the source of the leaked Windows code for NT4 and 2000 that happened in 2004.

Interestingly, Mainsoft was "one of the main providers for the Microsoft Windows Interface Source Environment (WISE) program, a licensing program from Microsoft which allowed developers to recompile and run Windows-based applications on UNIX and Macintosh platforms. Before WINE there was WISE!

You may hold that view right up until the day your favorite closed-source software gets end-of-lifed with major security bugs in it, so you have to buy it all over again. Of course that never happens.

Similar things also happen with open-source projects. They sometimes get abandoned or changed in horrible ways and you have to jump ship. You don't always find a good alternative. Over the years I've been screwed in this way by both free and non-free software. I find it somewhat surprising that I've been labelled a troll for pointing this out. I think many of us have experienced it with things like Gnome 3 and even the early KDE 4 releases.

Microsoft Windows NT-based OS settings vs. DDoS/DoS:

Protect Against SYN Attacks

FROM -> http://msdn.microsoft.com/en-u...

A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.

To protect the network against SYN attacks, follow these generalized steps, explained later in this document:

Enable SYN attack protection
Set SYN protection thresholds
Set additional protections

Enable SYN Attack Protection

---

The named value to enable SYN attack protection is located beneath the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.

Value name: SynAttackProtect

Recommended value: 2

Valid values: 0, 1, 2

Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.

---

Set SYN Protection Thresholds

The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

These keys and values are:

Value name: TcpMaxPortsExhausted

Recommended value: 5

Valid values: 0?65535

Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.

Value name: TcpMaxHalfOpen

Recommended value data: 500

Valid values: 100?65535

Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.

Value name: TcpMaxHalfOpenRetried

Recommended value data: 400

Valid values: 80?65535

Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.

---

Set Additional Protections

All the keys and values in this section are located under the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:

Value name: TcpMaxConnectResponseRetransmissions

Recommended value data: 2

Valid values: 0?255

Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.

Value name: TcpMaxDataRetransmissions

Recommended value data: 2

Valid values: 0?65535

Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.

Value name: EnablePMTUDiscovery

Recommended value data: 0

Valid values: 0, 1

Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.

Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.

Value name: KeepAliveTime

Recommended value data: 300000

Valid values: 80?4294967295

Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.

---

Lastly, of cou

The only situation in which I can see myself being "restricted" by closed-source software is if I didn't trust the company, and the product was poorly supported.

You may hold that view right up until the day your favorite closed-source software gets end-of-lifed with major security bugs in it, so you have to buy it all over again. Of course that never happens.

If only there were a way to tell Windows that you're on a metered connection....

If the connection is metered you should've configured it that way. For wifi, windows assumes it's not metered but you can change it. http://windows.microsoft.com/e...

It's worse than that. Microsoft has also decided that they're going to stop posting details about patches. Check out the patch notes for Windows 10 updates (like KB3081452) and all you'll get, and I'm quoting verbatim for that update, is:

August 27, 2015, compatibility update for upgrading to Windows 10

Summary
This update makes improvements to ease the upgrade experience to Windows 10.

What does that mean? Not a clue. But that's the entirety of the upgrade notes. Everything else is instructions on installing the patch. What does it fix? Does it add new "telemetrics?" Does it fix any bugs? Microsoft won't say!

Windows 10 is without a doubt the worst version of Windows since Windows ME. If you thought Windows 8 was bad, just wait until you try Windows 10! Explorer locks up constantly, breaking the Start menu and the desktop. The Nvidia drivers are the most unstable thing ever, and have only recently been fixed to the point where they just get restarted constantly rather than hard-locking the OS constantly. The Start menu search is now broken and finds a random subset of the installed programs. Cortana search will "find" documents on your computer ... but then not provide any way to open them. Windows 10 "tablet" mode provides no method of opening the software keyboard while "desktop" mode does.

Windows 10 is just completely, hilariously broken, to the point that Windows 8 seems amazing by comparison.

I agree that wireless is ideal. If I can ever get the budget for it, I would love to go wireless for our whole setup.

I can find a multitude of large touch screen displays that make the iPad Pro look tiny, and then attach a capable PC with an OS that makes practically any setup possible (including wireless). Or a tablet with a 17" screen. Maybe even one of these. That's "pro" in my mind.

I was waiting for a basher as this is Slashdot and only SystemD gets more hate :-)

Surface is fine. Your IT got hit with the bad update for Windows 8.1 that was revoked. Use this troubleshooter. Your team should test more before deployment

When I find someone has made an error, I tell them not only that they made the error but the nature of the error and help educate them so they learn from the experience.

lets say I'm wrong as a given here... what did I learn or did you teach me simply by saying I was wrong? I don't understand the error you're suggesting I made here. You've given me not only no opportunity to validate your opinion as to whether YOU are right but you've also given me no opportunity to correct my own opinion.

Can you explain my error in some detail please so I can validate its accuracy and if it is accurate correct my own thinking.

Good point, but I read the posts by the various other AC's, and they did in fact correct your mistaken belief and explain why.
For example you said. "As to embedding malware in a PNG file, my understanding is that you're not infecting anything with that file unless the image file is not merely displayed by run as an executable."
That was explained by the AC that responded that code can be injected without the malware running an executable file. He even gave you the MS05-009 where you read up on how it works.

You then said

"I mean, fine... you get some code into active memory... great... but what permissions does it have?"

Then an AC says
"Historically malware may combine vulnerabilities.
The first (such as the PNG vulnerability mentioned) uses a vulnerability in a trusted program to load the code, and that code contains a privilege elevation attack."

Which gets from you:

"My experience with these things is that they contain one or two things in them to break through and then the presumption is that they'll be home free.

If the security is layered and pervasive and customized and contains lots of brute force defenses like write locked files or protocol shifts or nasty firewalls.

I've never even heard of a malware that worked like that.

Its hard to tell who you're talking to, but your reply "In my experience" and "I've never heard of a malware that worked like that." tells us much.
It means that not only do you not know much about the topic at hand (malware), but also that you're just quibbling.
Quibbling is annoying, which is why you have all these trolls attacking you even about the things you are right on.

So, anyway, ignoring your jerkish and quibbling attitude, and for the benefit of other slashdot readers, here's more info.

Some of the vulnerabilities are in system calls. A low-priv program can request resources from a higher-priv resource. If the higher-priv resource has a vulnerability, and the low-priv takes advantage with a malformed request, the injected code runs with the permissions of the higher-priv program.
Read this.
https://technet.microsoft.com/...

This is an example. There are many others like it. PRETTY PLEASE DO NOT TELL ME WHY YOUR SITE IS NOT VULNERABLE TO THIS ONE EXAMPLE.
I don't give a shit about your site. I give a shit about people posting bad information.
In this case, it is your statements on how malware does or does not work.

Correct me if I'm wrong. If that works then the webbrowsers are more incompetent than I had imagined.

You are wrong.
You are confusing malwares and exploits.. Images can trigger vulnerabilities and carry exploits just as any other file type. For example (rather old but still the example) - MS05-009 "PNG Processing Vulnerability in Windows Media Player - CAN-2004-1244:
A remote code execution vulnerability exists in Windows Media Player because it does not properly handle PNG files with excessive width or height values. An attacker could try to exploit the vulnerability by constructing a malicious PNG that could potentially allow remote code execution if a user visited a malicious Web site or clicked a link in a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system."

So it's enough to display the image in order to run code on your machine. IF there's this kind of vulnerability nowadays.