The fact that VMWare has never caused a VM and all of its snapshots to implode, whereas VBox has. The fact that VMWare doesnt tend to have a VM thread hang, causing you to have to forcibly terminate it. The fact that VMWare can handle nested virtualization, and moderately complex networking scenarios.
And that fits with the design experience MS goes for?
Hey, 3 questions during install.
* Whats your name?
* Whats the computer name?
* We detected a 438-byte bootsector on your storage device with SHA-1 c12e41289e4a294e6bd182ea7eef8a0cf50e329e and MD5 6f33616ed73ca29926ef69670e1a9880. Would you like to overwrite this with the Windows 7 bootloader, or would you prefer to start up a hex editor so that you can locate the sectors where your bootloader configuration is and manually edit in an entry to load the BOOTMGR at sector 41290?
I look forward to this option being added in Windows 10. Its so much more reasonable than taking 2 minutes to reinstall the bootsector of your choice with a live CD!
You must speak very slowly, and with a Cupertino-approved accent.
Cant speak for IOS, but Android's voice recognition is fantastic even when in noisy environments like a car, over bluetooth, with radio on.
I had an affordable SSD in 1992 for my Psion Series 3a.
Ignoring the fact that the Psion Series 3a came out in 1993, the SSD in your Psion was ~10,000 times smaller than commonly available HDDs at the time, and would have been comparable to the flash in my TI-83. Performance wise it would have been generally worse than an equivalent HDD. Its a pretty dumb comparison all around; these days the difference in size between SSDs and HDDs is ~1/10, rather than 1/1000, and the SSDs outperform the HDDs in every single benchmark, sometimes by factors of 100 or more.
To process the bloat.
Not even sure what that means. Im sure the scientific research that goes on where I work does absolutely nothing with the cheaply available multicore CPUs; certainly the fact that a handful of nodes in our datacenter can consolidate hundreds of VMs during off-peak hours is worth something, though.
Im not sure if you're ignorant, cynical, or pining for some good old days that never really existed; but it kind of sounds like all 3.
To make the point, a guy even wrote a trivial app to do this (I forget his name). He was well slandered for daring to point out the insecurity that is Windows.
Gonna need a source on that. I've written joke apps that intercept keystrokes (making them do strange things to screw with people) and they will simply not work if you do not have admin rights. Intercepting anything keyboard or hooking anything requires elevation.
The short of it is, if someone can run arbitrary code in your session you are done.
Thats true as regards your personal data, but not as regards the system as a whole. If you're saying "any access to a system = root access", thats a pretty serious claim; I think the people running shared servers might take issue with that as would VMWare, Citrix, and Microsoft.
Be it Windows where a utility can be run to hook into the keyboard....OS X and a.kext that flashes a custom ROM to the keyboard so it doubles as a keystroke logger
Now dont mind me, Ill go back to using my 14nm process CPUs, 99% accurate voice recognition phone, holographic 3d goggles, and affordable SSD computer.
On their knowledge base and using their own dedicated vpn software they say in order of preference to try OpenVPN on TCP 443, UDP, and lastly L2TP.
L2TP has nothing to do with OpenVPN. its IPSec.
OpenVPN worked reliably with the exception that they detect the network and reset it occasionally (like every 2 hours, but auto-reconnection in the client takes care of that).
So, not reliably. Thats the point. And the problem is some programs like skype auto-reconnect when theyre disconnected, which will be unprotected if your VPN resets. They can clearly see that you're using a VPN (hence the resets) and they can clearly kill the connection if they want. The thing is that enforcement varies from area to area, and time to time. See what happens around the Tianenmen Square anniversary-- Im willing to bet you'll be unable to connect.
You found links claiming otherwise? Great. Thanks for sharing, the information may come in handy. But right now I can only offer you what I have been experiencing the past month.
The OpenVPN devs know its targetted, the Tor project guys know this, and so do a lot of VPN providers.
Its entirely possible your provider is using a form of obfuscated tunnel like Obfs3 or ScrambleSuite or another proprietary mod, like VyprVPN or ExpressVPN offer. Its technically not OpenVPN, but a modified form. Its also up in the air whether those modifications weaken the VPN as the providers often do not disclose the details of what they did to the client.
Because you're installing an operating system, and Microsoft does not make a multi-OS bootloader.
More to the point, people installing an OS have an expectation that it will be virus free. How is Windows supposed to differentiate between a benign non-MS bootloader and a viral one?
Good luck "going and getting" something from a server location in Russia or China
1) Google is blocked in china. 2) Thats partly because of the massive police state and strong net censorship they have going on over there-- but I'm sure YOUR data would be safe over there 3) Google is probably the only company formerly doing business in China that wont give your data up to the CPC. As a consequence of that, see #1.
Or better yet...don't use an email provider with any US presence.
There are maybe a small handful of places better than the US for hosting as regards privacy, and in any of them a court order will compel you to give up customer data.
I think I'd be encrypting everything especially if it involved using a Google server.
Why especially? AFAIK Google is the only one of the big 3 webmail providers not currently bending over backwards for the Chinese Government. There was a warrant in this case; even the famed lavabit had to fold when given a warrant.
Its absurd to go after Google for following the terms of a court order; you'd do better to ask whether the order was justified, and if not ask why the courts issued it and who can be held accountable.
Theres also the problem that if you were to predict that there was a 99% chance that the world blows up today, MAYBE someone will believe you. Predict that for the next 20 years, and youre sort of nuts if you think anyone will take you seriously.
The GFW is many years beyond port-based blocking; they use DPI to identify protocols regardless of the port used. Im glad you have TCP 443 OpenVPN working; I have never been able to get that to work with client/server certs-- only static-key tunnels worked.
At the moment, my experience has been that IPSec/ is the next best contender because its more of a corporatish vpn protocol. Im really surprised that you hear people recommend OpenVPN-- I have NEVER heard anyone recommend that in China because of how heavily it is targetted. Even googling "OpenVPN China GFW" you get stuff like this: Which VPN Protocols To Use?
* OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
* L2TP: This is a fast protocol for China and currently it works quite well
And theres no shortage. OpenVPN may work for a bit, but my understanding is that about 20 minutes into the connection the remote server gets probed a bit, and then the connection gets reset. I wouldnt use PPTP because of its known security issues; it wouldnt surprise me if they had that nut cracked.
OpenVPN is trivially identifiable on port 443, and has been for some time. Im not sure why theyre not blocking you-- perhaps you're using a site-to-site tunnel with static keys. Certificate-based OpenVPN is notoriously unreliable in China because they fingerprint it within about 20 minutes and kill the connection.
Part of the reason I know it can be fingerprinted-- aside from the fact that Im well aware of what works and doesnt behind the GFW-- is that Im good buddies with my employer's security team, and they have on occasion let me know when they see my port 443 OpenVPN shenanigans. I believe it has something to do with the way the certs are exchanged; regardless, SSL and HTTPS are two different things and they have different signatures.
AFAIK its technically illegal to have an encrypted laptop in China. Any guesses as to whether my employer, or federal employees, or other major companies just go "oh gee, better turn off disk encryption"?
Businesses arent going to just sacrifice a market, but theyre also not going to blithely let their secrets be stolen upon entry into China or on net usage.
This is a variant of the venerable security through obscurity.
Not really.
Security is not an all-or-nothing proposition. In the real world, an adversary will NOT attempt to crack your encrypted filesystem. Instead they will do one of a hundred other attacks, like swapping your laptop with one that has a cloned disk and hardware but an embedded keylogger, or add in a shim between the disk and interface, or install an infected MBR that logs the decryption password, or perform a RAM sniffing attack to steal the keys, or simply extort the keys out of you.
Security is a process of analyzing the most common risks, and determining the best way to deal with them. Sometimes this means determining that a particular security action will lower your security by attracting the attention of entities with far more sophistication than you are prepared to deal with; if you are worried about criminals stealing your laptop, and your mitigation ends up attracting the attention of the NSA, you have lost the security battle.
IDS / antivirus have no ability whatsoever to detect a hardware keylogger, by the way. If you attract the attention of someone who can gain physical access to your hardware, you lose-- period.
Isn't NTFS kind of frozen in time as of 10 years ago at least?
AFAIK it gets revisions with every major release. Like the EXT family its backwards compatible, transparently.
No new features of any note for how long, a dozen years?
What big features is it missing aside from the checksumming / self-healing stuff thats already in ReFS? Feature wise its a pretty decent FS; its biggest flaw AFAICT is its bad performance in directories with huge numbers of files.
Republican speech is often characterized in exactly this way. But I cant play the victim card here, because it could very easily shift in the opposite direction.
Stifling free speech truly doesnt benefit the average citizen of any party.
You say that extreme speech needs to be controlled: Wonderful! Theres only one problem left to solve-- figuring out who makes the call of what constitutes "extreme". In the 40s and 50s it was far-left political ideology. Today, might it be the far right? Tea partiers?
Noone denies that "free speech" brings out some nasty characters like the Westboro Baptist Church. But you really cant tread down the middle on this issue; when you start saying "we're only going to allow the reasonable folks" you have to have someone deciding who that is, which in fact ends up controlling the entire political dialogue. Inevitably you will end up with a scenario where "reasonable" is synonymous with whatever ideology is in power.
Slashdot Mirror
There's a difference between This package broke a small test case" and "A large number of users are having problems across the board"
And the latter has been seen even in release candidates of major distributions a scant few years ago.
If its not production, its not considered stable yet.
Linux isnt Unix. Unix is that way.
Corporations DONT dominate life in the US; wherever you are getting your information is apparently a huge fan of hyperbole.
"The government" has also been responsible for uncountably more suffering even in the last 50 years than any corporation you could call to mind.
The fact that VMWare has never caused a VM and all of its snapshots to implode, whereas VBox has. The fact that VMWare doesnt tend to have a VM thread hang, causing you to have to forcibly terminate it. The fact that VMWare can handle nested virtualization, and moderately complex networking scenarios.
Oh, and performance.
Someone call Xzibit...
And that fits with the design experience MS goes for?
Hey, 3 questions during install.
* Whats your name?
* Whats the computer name?
* We detected a 438-byte bootsector on your storage device with SHA-1 c12e41289e4a294e6bd182ea7eef8a0cf50e329e and MD5 6f33616ed73ca29926ef69670e1a9880. Would you like to overwrite this with the Windows 7 bootloader, or would you prefer to start up a hex editor so that you can locate the sectors where your bootloader configuration is and manually edit in an entry to load the BOOTMGR at sector 41290?
I look forward to this option being added in Windows 10. Its so much more reasonable than taking 2 minutes to reinstall the bootsector of your choice with a live CD!
You must speak very slowly, and with a Cupertino-approved accent.
Cant speak for IOS, but Android's voice recognition is fantastic even when in noisy environments like a car, over bluetooth, with radio on.
I had an affordable SSD in 1992 for my Psion Series 3a.
Ignoring the fact that the Psion Series 3a came out in 1993, the SSD in your Psion was ~10,000 times smaller than commonly available HDDs at the time, and would have been comparable to the flash in my TI-83. Performance wise it would have been generally worse than an equivalent HDD. Its a pretty dumb comparison all around; these days the difference in size between SSDs and HDDs is ~1/10, rather than 1/1000, and the SSDs outperform the HDDs in every single benchmark, sometimes by factors of 100 or more.
To process the bloat.
Not even sure what that means. Im sure the scientific research that goes on where I work does absolutely nothing with the cheaply available multicore CPUs; certainly the fact that a handful of nodes in our datacenter can consolidate hundreds of VMs during off-peak hours is worth something, though.
Im not sure if you're ignorant, cynical, or pining for some good old days that never really existed; but it kind of sounds like all 3.
To make the point, a guy even wrote a trivial app to do this (I forget his name). He was well slandered for daring to point out the insecurity that is Windows.
Gonna need a source on that. I've written joke apps that intercept keystrokes (making them do strange things to screw with people) and they will simply not work if you do not have admin rights. Intercepting anything keyboard or hooking anything requires elevation.
The short of it is, if someone can run arbitrary code in your session you are done.
Thats true as regards your personal data, but not as regards the system as a whole. If you're saying "any access to a system = root access", thats a pretty serious claim; I think the people running shared servers might take issue with that as would VMWare, Citrix, and Microsoft.
Be it Windows where a utility can be run to hook into the keyboard....OS X and a .kext that flashes a custom ROM to the keyboard so it doubles as a keystroke logger
Not without admin.
Innovation-starved corporations
Cynicism to the rescue!
Now dont mind me, Ill go back to using my 14nm process CPUs, 99% accurate voice recognition phone, holographic 3d goggles, and affordable SSD computer.
On their knowledge base and using their own dedicated vpn software they say in order of preference to try OpenVPN on TCP 443, UDP, and lastly L2TP.
L2TP has nothing to do with OpenVPN. its IPSec.
OpenVPN worked reliably with the exception that they detect the network and reset it occasionally (like every 2 hours, but auto-reconnection in the client takes care of that).
So, not reliably. Thats the point. And the problem is some programs like skype auto-reconnect when theyre disconnected, which will be unprotected if your VPN resets. They can clearly see that you're using a VPN (hence the resets) and they can clearly kill the connection if they want. The thing is that enforcement varies from area to area, and time to time. See what happens around the Tianenmen Square anniversary-- Im willing to bet you'll be unable to connect.
You found links claiming otherwise? Great. Thanks for sharing, the information may come in handy. But right now I can only offer you what I have been experiencing the past month.
The OpenVPN devs know its targetted, the Tor project guys know this, and so do a lot of VPN providers.
Its entirely possible your provider is using a form of obfuscated tunnel like Obfs3 or ScrambleSuite or another proprietary mod, like VyprVPN or ExpressVPN offer. Its technically not OpenVPN, but a modified form. Its also up in the air whether those modifications weaken the VPN as the providers often do not disclose the details of what they did to the client.
Because you're installing an operating system, and Microsoft does not make a multi-OS bootloader.
More to the point, people installing an OS have an expectation that it will be virus free. How is Windows supposed to differentiate between a benign non-MS bootloader and a viral one?
And the "oh, 5 million lines of code, I don't know where to look" is damned weak sauce. Debian back ports security patches all the time.
Debian isnt changing huge parts of the codebase all at once and calling it a security fix.
Good luck "going and getting" something from a server location in Russia or China
1) Google is blocked in china.
2) Thats partly because of the massive police state and strong net censorship they have going on over there-- but I'm sure YOUR data would be safe over there
3) Google is probably the only company formerly doing business in China that wont give your data up to the CPC. As a consequence of that, see #1.
Or better yet...don't use an email provider with any US presence.
There are maybe a small handful of places better than the US for hosting as regards privacy, and in any of them a court order will compel you to give up customer data.
I think I'd be encrypting everything especially if it involved using a Google server.
Why especially? AFAIK Google is the only one of the big 3 webmail providers not currently bending over backwards for the Chinese Government. There was a warrant in this case; even the famed lavabit had to fold when given a warrant.
Its absurd to go after Google for following the terms of a court order; you'd do better to ask whether the order was justified, and if not ask why the courts issued it and who can be held accountable.
>court-issued warrant
>gag order
Do tell, what would you have done in their situation? Told the courts to go stuff themselves? Cause that almost never goes well.
Theres also the problem that if you were to predict that there was a 99% chance that the world blows up today, MAYBE someone will believe you. Predict that for the next 20 years, and youre sort of nuts if you think anyone will take you seriously.
The GFW is many years beyond port-based blocking; they use DPI to identify protocols regardless of the port used. Im glad you have TCP 443 OpenVPN working; I have never been able to get that to work with client/server certs-- only static-key tunnels worked.
At the moment, my experience has been that IPSec/ is the next best contender because its more of a corporatish vpn protocol. Im really surprised that you hear people recommend OpenVPN-- I have NEVER heard anyone recommend that in China because of how heavily it is targetted. Even googling "OpenVPN China GFW" you get stuff like this:
Which VPN Protocols To Use?
* OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
* L2TP: This is a fast protocol for China and currently it works quite well
And theres no shortage. OpenVPN may work for a bit, but my understanding is that about 20 minutes into the connection the remote server gets probed a bit, and then the connection gets reset. I wouldnt use PPTP because of its known security issues; it wouldnt surprise me if they had that nut cracked.
OpenVPN is trivially identifiable on port 443, and has been for some time. Im not sure why theyre not blocking you-- perhaps you're using a site-to-site tunnel with static keys. Certificate-based OpenVPN is notoriously unreliable in China because they fingerprint it within about 20 minutes and kill the connection.
Part of the reason I know it can be fingerprinted-- aside from the fact that Im well aware of what works and doesnt behind the GFW-- is that Im good buddies with my employer's security team, and they have on occasion let me know when they see my port 443 OpenVPN shenanigans. I believe it has something to do with the way the certs are exchanged; regardless, SSL and HTTPS are two different things and they have different signatures.
AFAIK its technically illegal to have an encrypted laptop in China. Any guesses as to whether my employer, or federal employees, or other major companies just go "oh gee, better turn off disk encryption"?
Businesses arent going to just sacrifice a market, but theyre also not going to blithely let their secrets be stolen upon entry into China or on net usage.
This is a variant of the venerable security through obscurity.
Not really.
Security is not an all-or-nothing proposition. In the real world, an adversary will NOT attempt to crack your encrypted filesystem. Instead they will do one of a hundred other attacks, like swapping your laptop with one that has a cloned disk and hardware but an embedded keylogger, or add in a shim between the disk and interface, or install an infected MBR that logs the decryption password, or perform a RAM sniffing attack to steal the keys, or simply extort the keys out of you.
Security is a process of analyzing the most common risks, and determining the best way to deal with them. Sometimes this means determining that a particular security action will lower your security by attracting the attention of entities with far more sophistication than you are prepared to deal with; if you are worried about criminals stealing your laptop, and your mitigation ends up attracting the attention of the NSA, you have lost the security battle.
IDS / antivirus have no ability whatsoever to detect a hardware keylogger, by the way. If you attract the attention of someone who can gain physical access to your hardware, you lose-- period.
Isn't NTFS kind of frozen in time as of 10 years ago at least?
AFAIK it gets revisions with every major release. Like the EXT family its backwards compatible, transparently.
No new features of any note for how long, a dozen years?
What big features is it missing aside from the checksumming / self-healing stuff thats already in ReFS? Feature wise its a pretty decent FS; its biggest flaw AFAICT is its bad performance in directories with huge numbers of files.
Republican speech is often characterized in exactly this way. But I cant play the victim card here, because it could very easily shift in the opposite direction.
Stifling free speech truly doesnt benefit the average citizen of any party.
You say that extreme speech needs to be controlled: Wonderful! Theres only one problem left to solve-- figuring out who makes the call of what constitutes "extreme". In the 40s and 50s it was far-left political ideology. Today, might it be the far right? Tea partiers?
Noone denies that "free speech" brings out some nasty characters like the Westboro Baptist Church. But you really cant tread down the middle on this issue; when you start saying "we're only going to allow the reasonable folks" you have to have someone deciding who that is, which in fact ends up controlling the entire political dialogue. Inevitably you will end up with a scenario where "reasonable" is synonymous with whatever ideology is in power.