Yes, just like English being a living language (where we can get away with making things up on the fly) so is the World Wide Web. It is fluid, needs to change, has to change. If the new breaks the old, too bad for the old, it should of kept up!
This is not a falsifiable statement and therefore meaningless. Any change no matter how disruptive, useless or counterproductive can be justified equally simply by invoking this device.
Every post I see so far is the generic: see Windows in the title, bash Windows in comments.
Fair enough.
The processor architecture requirement is to have a 64-bit processor so that Windows can take advantage of VBS, or Virtualization-based security, which uses the Windows hypervisor.
The idea of using hypervisors rather than operating systems for isolation is both sad and absolutely necessary. What should happen is the operating system should provide these services in a tractably verifiably secure manner. Since that seems to be practically impossible at the moment the hypervisor is the only game in town.
Highly secured Windows 10 devices should support Intel VT-d, AMD-Vi, or ARM64 SMMUs in order to take advantage of Input-Output Memory Management Unit (IOMMU) device virtualization
Not a chance in hell so long as Intel AMT exists. While I agree MMUs are necessary for security they are currently a massive enabler of insecurity.
Another recommended component is a Trusted Platform Module, or TPM â" a hardware module that is either integrated into a computer chipset or can be purchased as a separate module for supported motherboards that handles the secure generation of cryptographic keys, their storage, a secure random number generator, and hardware authentication.
I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)
In addition, Microsoft recommends platform boot verification, which is a feature that prevents the computer from loading a firmware that was not designed by the system manufacturer. This prevents attackers from uploading a malicious or compromised firmware to the computer.
I have always hated the idea of using complex cryptography guarded by keys that are bound to be compromised with global repercussions. It's a massive house of cards that seems more and more likely to fail as the profit motive for it's compromise increases.
There is a much easier way to protect operating systems from persistent threats.
1. Forbid all hardware from physically possessing any means of self-contained persistent field upgradability. All necessary firmware updates must be loaded during or after boot and they must not survive a reboot.
2. Provide an option for protected storage area the operating system boots from and is then hardware fused to read only prior to becoming available to the end user until next reboot when the process repeats.
This has the following advantages over secure boot.
1. Easier to implement.
2. Future proof, no worries about protecting crypto from unforeseeable threats.
3. Offers maximal flexibility since the OS gets to decide when to blow the fuse it can trade safety for convenience per OS preferences and whims of the end user as allowed by OS.
4. This is more secure because it does not depend on thousands of companies guarding secrets (encryption keys) that have a history of being stolen and prove difficult to practically recall. Also secure boot requires that all signed drivers that can be loaded remain secure against compromise... The attack surface is simply too big to practically address.
5. System can not be misused to deny owners of computing hardware access to load their own systems. Users always retain full control over what operating systems get loaded into the protected area.
The idea of security standards when Windows is loaded to the hilt with malware is hilarious. Like leaving the vault door open 24x7x365 and bragging about the security features of your high tech safe.
It stops any CA from mis-issuing a certificate without first publicly declaring so. They have to submit their certificate to a public log before they use it. They can't remove it from the log.
PKP gives operators control over what CAs are considered valid by FORCE.
It's really gauche to accuse Google of doing anti-security things when they're single-handedly advancing the state of the art and have caught state actors breaking PKI.
It's not an accusation. It's a statement of fact. Google *IS* removing PKP and there is nothing available to replace it.
In fact that's the incident which led Google to invent HPKP in the first place, and they knew the problems with it at the time which is why they then went on to invent certificate transparency to replace it.
Here are actual facts:
1. HPKP *IS* a standards track RFC.
2. Expect-CT is NOT a standards track document. It's an experimental draft.
3. Other major browser vendors with notable exception of Microsoft have already implemented RFC "standard".
4. Google is UNILATERALLY abandoning PKP with no industry wide consensus on replacement.
5. Google has failed to offer evidence supporting a coherent technical justification for abandonment of PKP other than subjective nonsense... "It's too hard" and "hijacking risk" which is of course an inherently necessary property of any effective security latch of this type.
6. Section 4 of the draft openly admits to allowing state sponsored hijacking.
" Site operators could themselves only cure this situation by one of:
reconfiguring their web server to transmit SCTs using the TLS
extension defined in Section 6.5 of [I-D.ietf-trans-rfc6962-bis],
obtaining a certificate from an alternative certificate authority"
HPKP on the other hand gives operators full control over what is valid without the possibility of third party override. Let me know when Expect-CT is able to achieve the same.
What about an experimental draft no browser supports? This isn't even a standards track document.
If a site is using Expect-CT, the mis-issued certificate would need to be added to a publicly verifiable append-only log or if the header mysteriously went missing, it gets reported.
Section 4 of draft-ietf-httpbis-expect-ct-02 "Site operators could themselves only cure this situation by one of:"... "obtaining a certificate from an alternative certificate authority"....
This doesn't fix the problem of states controlling CAs - it ignores it completely.
One RFC gives users control over what is valid while a different experimental draft intentionally takes it away.
Anyone can submit a poem about UFOs controlled by bigfoot to the IETF with only automated normative review simply by marking a document experimental. People who do this either mean it... they really want it to be an experiment in which case asking me about "Expect-CT" is premature at best OR they are actively seeking to bypass scrutiny associated with a standards track document.
It's good to see more governments acting to grant themselves the ability to overtly subvert PKI on a global basis while Google is busy removing the only technology standing any chance of offering end users a clue.
How about Intel patches remote execution hole that's been hidden in chips since 2010? That's what known publicly. I guess there are other IntelME "features" which various three letters agencies exploit.
Was not asking about the existence of vulnerabilities and or stupid design decisions. What I am seeking is public evidence Intel or QUALCOMM or whomever is (c)overtly exfiltrating data from my systems.
I have I/O MMU virtualization disabled in my systems to prevent precisely these kinds of foreseeable issues. Without MMU Intel ME can't communicate without committing acts of deliberate sabotage for which no publically available evidence exists.
Intel's implementation is defective by design even without the vulnerabilities as it relies on domain broadcast via insecure protocols (e.g. DHCP). Anyone can obtain a legitimate certificate for a domain they control and then leverage this in DHCP (Not a secure protocol) to own systems to their hearts content even when not powered on.
Also, spying is now built in Windows 7/8.1/10 which runs most of PCs in the world. Microsoft can use Windows Update services to do whatever they please with your PC. Also various remote vulnerabilities have recently been discovered in a lot of AV products. Have you been living under the rock recently?
Microsoft writes most of the source code for Windows. Obviously they have the capability to make Windows do whatever they want without question. Yet capability itself is not the issue at hand. The issue is what vendors are actually doing not hypotheticals about what they can do. When you buy a smart TV and plug in the network cable or attach wireless you are REQUIRED to accept terms of conditions to use it. Once you accept from that point forward the vendor WILL collect data from you about everything you do/watch with your TV guaranteed.
None of the desktop or mobile operating systems I use do this. Depending on operating system it may require some time and effort to disable built in malware yet I believe it to be well worth the expense. With TVs it's pointless to bother when alternatives provide way better experience, capabilities and are cheap, readily available and relatively easy to use.
Also, it's pretty much common knowledge that most cell phones sold today can be remotely turned into eavesdropping devices using special GSM codes.
Well known the cell network is less secure than the public Internet. The ability to exploit these basic facts to perform all kinds of MITM/redirect style attacks is well understood.
Yet again this is all irrelevant to the issue at hand. There is a difference between hypothetical capabilities and actual actions. Exploring everything anyone can possibly dream up is not the issue at hand.
Yeah, less than 0.005% of the population of Earth will certainly follow your advice. Strangely you don't realize it's less than 0.005%. And these open source products of yours cannot (be) run without various firmware which you cannot check for vulnerabilities.
The number of people using x, y and z is completely irrelevant.
The only point of relevance is connecting a smart TV to the Internet and accepting terms of conditions guarantees everything you do will be tracked and monitored. This is not a hypothetical probability it is a provable fact.
Denying all possibility of intentional subversion throughout all hardware and software is not a problem I have any interest in pursuing.
Without daylight time the sun would kick my ass out of bed at ~3:00 AM during summer months. Most days it would start to get light before I ever bothered going to sleep.
If your smartphone (modem firmware plus tons of closed source software) and x86 computer (IntelME, NIC firmware, closed source software) are connected to the Internet on a regular basis using the same network provider then you've already forfeited your privacy and security.
Please feel free to share any publically available supporting evidence to support the assertion my mobiles baseband, IntelME and NIC firmware are hacking host systems and covertly exfiltrating data.
So, the real question is how much additional data you'd like to share with third parties. I'm thinking your movies preferences hardly constitute something to worry about.
With "Smart TVs" (excluding some notable lapses) all you have to do is carefully read text they make you accept prior to enabling network access to know what is up. TVs with Microphones and cameras, TVs with access to data from all other inputs including PCs connected as displays you are explicitly granting carte blanche to god knows who to leverage for god knows why.
Given the fact much more capable hardware AND software is available freely in the form of open source you have control over with hardware 4k/60hz HEVC decoding can be had for less than $50... "NO" becomes an insanely easy to choice to make.
The Blu-Ray player needs to connect to the internet for updates to be able to play the latest discs. The Smart TV does not, unless you are actually using its "smart" features.
Most are updatable via USB. A fact that can easily be checked prior to purchase.
Pretty much the only reason I let my "smart" TV connect to the Internet is for firmware updates. Don't think I've had one in a while though now so assuming they've stopped being developed I may disconnect it soon.
Microsoft has essentially seized all control over updates, upgrades, settings, telemetry, advertisements and will reset your preferences at will without losing any significant portion of their customers, how's that not a smashing success for Microsoft?
In my opinion there is a danger in simply thinking in terms of market share.
What percentage of customers jumping ship is sufficient to fund development of competitive alternatives standing an ever increasing likelihood of at eating away at Microsoft's default position? We are in an era of maturing technology and diminishing returns with respect to value gained per input unit of human labor.
I expect that once the Win7 EOL is over the frog will begin to boil for real, it's almost so I want to buy Microsoft stock because I think they'll make bank gouging their captive audience. No more passive resistance by not upgrading, it's now one Windows and you're along for the ride whether you want to or not.
Perhaps. Perhaps they end up creating a vacuum in the market that gets filled with something that leads to their undoing.
I see people mad at Microsoft for offering free upgrades and features and this doesn't make any sense.
Windows 10 is adware/spyware. I would rather pay to be a customer than get something for nothing and be treated like crap.
I can understand if what you have works fine and you do not want to upgrade right now, but it is negligent if it is free to not consider doing it unless you plan on dumping your system for a newer one or use Linux in the next 2 years.
Two years of not being a beta tester / guinea pig seems smart to me even for those who plan on eventually downgrading to Windows 10 stalker edition. It isn't as if anyone is missing out on anything useful by not downgrading.
Personally I am really impressed with the technology. The capabilities of systems and networks of all shapes and sizes are still a source of amazement. Mobile especially. Tiny pocket sized computers with LTE, gigs of ram, quad core CPUs and GPUs, full HD displays. It's all rather amazing.
Yet here I am wasting all of that potential pretending to be a cow.
For me using a smartphone is like being stuck in a timewarp. So slow and tedious I completely lose track of time. What takes seconds in a laptop or PC takes minutes on a smartphone. It is not devices running slow but rather software and human interfaces that are laughably insufficient.. like frantically trying to suck enough water out of a straw to fill a swimming pool.
Now thanks to mobile all of the Internet is turning into a straw. Massive fonts, giant buttons, zero useful information and endless jackpot scrolling.. perhaps this is the screen that has information relevant to what I want... no let me try the next...nope not that one... ah ha!.....nope... false alarm...
"Ground Loops"? Really bro? This isn't 70's analog audio. You get no "hum" from HDMI not because it's "balanced" to avoid ground loops - it's because it's digital and doesn't pick up noise like an analog cable.
There are many recent threads dedicated to "hum" on AVSForums. The problem is obviously not gone.
Somewhere in the system there is a digital to analogue circuit driving analogue speakers. Shield of HDMI cables act as grounds that may well facilitate the creation of ground loops.
That said - even if you could pick up the noise, it would show itself in the form of data corruption which would be audio loss/dropout. Also - HDMI is an LVDS signal, so it is the digital equivalent of a "balanced" signal. But I digress - digital is all about "getting it there perfectly" - it either does, or it doesn't - and if it doesn't - you have a broken system. There is no "noise" or "hum" that can be introduced into the cable that could be heard in the decoded, analog output.
None of this addresses sources of noise within analogue circuitry. If you don't believe interference can be induced on analogue circuits place a cell phone into TDMA mode, make a call and place it next to your receiver.
I resent hyperbolic click baiting media dragging Kodi's name thru the mud with sensational headlines "How Kodi took over piracy" when authors know full well its misleading bullshit.
My default operating position is to expect browser vendors to protect CA/Government interests at all costs. The current system gives every competent government in the world a back door. Anything that jeopardizes this by effectively deterring or enabling detection of Government and criminal enterprise subversion attempts is bad for business.
It is hard to build a pin-set that is guaranteed to work, due to the variance in both user-agent trust stores and CA operations.
Hard to install and manage TLS certificates especially if you don't know what your doing so lets not use them. I'm tired of helping people setup TLS who don't even know what a CSR is... so lets not do it.....?
What I want to see in an argument is technical and statistical evidence that useful in making an informed decision regarding tradeoffs. Just saying something is "hard" or not "guaranteed" isn't communicating objectively useful information.
There is a risk of rendering a site unusable.
HSTS offers that same risk. Case in point on one of my machines Wikipedia would not work without not even allowing me to accept risk the site my be compromised without switching to firefox because for some reason one of the globalsign root certs were missing from my operating systems root database. In other cases accidentally allowing certs to expire completely cuts off access to sites. Those who enable these features know (or should know) the risks and tradeoffs. There are other issues with HSTS such as unrelated services that happen to be on the same domain listening on other ports being adversely affected by HSTS.
There is a risk of hostile pinning, should an attacker obtain a misissued certificate. While there are no confirmed or rumored cases of this having happened, the risk is present even for sites that donâ(TM)t use PKP.
The circular logic embodied by this statement is hilarious. Raison d'etre for PKP is protection against mississued certificates. Naturally most security latches necessarily increase lockout risk. The question of import is what affect does this have in the real world?
Use of every single bit of security technology involves tradeoffs that must be carefully considered. Just listing some with no context and no statistical evidence to inform any useful evaluation of tradeoffs is not really make a serious argument.
None of the excuses listed in Chris's post are new. They were all well known when the feature was implemented. The fact usage on a relative basis was always likely to be low for a feature like this must have also been well understood going in.
Duely noted- you shall receive a demand for $100,000 as your share of the national debt; plus several million in legal work to separate our two countries. Expect to produce a visa when reentering the country, failure to do so will be seen as an invasion- we shall retaliate by taking your land and putting you in a military prison. Because we have no trade agreement with you- you shall pay a major tariff on any goods you move between our two nations.
All I care about in life is that you support my census block having voted unanimously to succeed from the country.
Yes and no. I'm obviously against slavery and I'm glad the North intervened to stop slavery. With that said, yes, the South had the right to declare independence. It is probably turned out better for both the North and the South long term that the North won, but, yes, South had right to secede, even if they did it for an utterly despicable reason.
Couldn't agree more. Also I have the "right" to do whatever I want because I said so. You all are my slaves. Make me a sandwich.
I fully support the right of any region to decide who rules them (if decided by fair and free referendum).
All members of my census block have voted unanimously to succeed from the country and immediately cease any and all tax payments to local and national taxing authorities.
Broadcasters in America haven't been credible news sources for _decades_. They were corrupted way before the cable outlets.
So what news source is credible? Just saying x,y and z sucks without even trying to indicate what sucks less isn't helpful.
I enjoy some broadcast news programs. For example 60 minutes while far from perfect has a particular knack for shining light on issues that result in positive changes. Just a couple weeks ago they participated in an awesome piece on US government (DEA) being captured by drug industry directly leading to Trump's drug czar withdrawn from consideration and early hints at legislative action to begin to undue associated damage.
I watched that episode in VLC on my PC. It was pulled OTA from an HD home run. Also like Tokyo news and BBC broadcasts also OTA via PBS for their not US perspectives.
Only 80 year olds get their news from NBC/CBS/ABC/NPR.
This is just stating an opinion without even bothering to offer objective information to support your ideas.
Every administration is hostile to non-pet media. Have you just started paying attention?
Because everyone is "hostile" is this supposed to excuses or legitimate any and all instances of respective administrations abusing power? What's your point?
When was the last time you watched/listened to broadcast?
The kids?
Broadcast is already dead, it's just zombie media for now, same as dead tree.
The RF spectrum still has value.
Antenna business is booming and an increasing number of people (myself included) are discovering how amazing broadcast TV is post ATSC and cable company price hikes.
They did that with Windows XP SP2. However it would be far from useful for every change to increase the amount of disk space used.
From what I understand there is a static change count limit rendering shadow copy worthless for prevention of ransomware.
It would be necessary to configure minimum time and granularity guarantees when you setup a folder. One might say I want to be able to go back to previous state at any point in time over the past year, month, week... whatever and I want to keep at least one change every hour, day, week..etc allowing incremental deltas to be progressively eliminated to reduce cost.
Once configured feature would require elevated privileges to undo and should the computer run out of disk space as a result so be it.
NTFS + Volume Shadow Copy, ZFS, btrfs, they all have one thing in common here, I disable the versioning on all of them.
I personally find snapshots useful. I use them regularly.
Backups are for backups, clouds are for clouds, git is for versioning
Git is a nonstarter.
versioning filesystems are for wasting diskspace as quickly as humanly possible.
What's the going rate for a 6TB drive these days? $200? Labor cost? Size of average document? Everything I've ever done in my entire life requires less than 400 MB uncompressed to store.
I believe it would have been more productive had Microsoft given users the tools and let them decide for themselves rather than piling on yet another set of access controls and expecting them to be used for real this time.
Slashdot Mirror
Dominant market position - check.
Starting to define its own browser-specific functionality - check.
Telling developers they should use their company's browser-specific functions to improve performance - check.
One of my favorites is Google defining their own transport protocol and granting themselves full control over congestion algorithms.
Yes, just like English being a living language (where we can get away with making things up on the fly) so is the World Wide Web. It is fluid, needs to change, has to change. If the new breaks the old, too bad for the old, it should of kept up!
This is not a falsifiable statement and therefore meaningless. Any change no matter how disruptive, useless or counterproductive can be justified equally simply by invoking this device.
Every post I see so far is the generic: see Windows in the title, bash Windows in comments.
Fair enough.
The processor architecture requirement is to have a 64-bit processor so that Windows can take advantage of VBS, or Virtualization-based security, which uses the Windows hypervisor.
The idea of using hypervisors rather than operating systems for isolation is both sad and absolutely necessary. What should happen is the operating system should provide these services in a tractably verifiably secure manner. Since that seems to be practically impossible at the moment the hypervisor is the only game in town.
Highly secured Windows 10 devices should support Intel VT-d, AMD-Vi, or ARM64 SMMUs in order to take advantage of Input-Output Memory Management Unit (IOMMU) device virtualization
Not a chance in hell so long as Intel AMT exists. While I agree MMUs are necessary for security they are currently a massive enabler of insecurity.
Another recommended component is a Trusted Platform Module, or TPM â" a hardware module that is either integrated into a computer chipset or can be purchased as a separate module for supported motherboards that handles the secure generation of cryptographic keys, their storage, a secure random number generator, and hardware authentication.
I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)
In addition, Microsoft recommends platform boot verification, which is a feature that prevents the computer from loading a firmware that was not designed by the system manufacturer. This prevents attackers from uploading a malicious or compromised firmware to the computer.
I have always hated the idea of using complex cryptography guarded by keys that are bound to be compromised with global repercussions. It's a massive house of cards that seems more and more likely to fail as the profit motive for it's compromise increases.
There is a much easier way to protect operating systems from persistent threats.
1. Forbid all hardware from physically possessing any means of self-contained persistent field upgradability. All necessary firmware updates must be loaded during or after boot and they must not survive a reboot.
2. Provide an option for protected storage area the operating system boots from and is then hardware fused to read only prior to becoming available to the end user until next reboot when the process repeats.
This has the following advantages over secure boot.
1. Easier to implement.
2. Future proof, no worries about protecting crypto from unforeseeable threats.
3. Offers maximal flexibility since the OS gets to decide when to blow the fuse it can trade safety for convenience per OS preferences and whims of the end user as allowed by OS.
4. This is more secure because it does not depend on thousands of companies guarding secrets (encryption keys) that have a history of being stolen and prove difficult to practically recall. Also secure boot requires that all signed drivers that can be loaded remain secure against compromise... The attack surface is simply too big to practically address.
5. System can not be misused to deny owners of computing hardware access to load their own systems. Users always retain full control over what operating systems get loaded into the protected area.
The idea of security standards when Windows is loaded to the hilt with malware is hilarious. Like leaving the vault door open 24x7x365 and bragging about the security features of your high tech safe.
It stops any CA from mis-issuing a certificate without first publicly declaring so. They have to submit their certificate to a public log before they use it. They can't remove it from the log.
PKP gives operators control over what CAs are considered valid by FORCE.
This is Expect-CT
https://www.youtube.com/watch?...
They are not the same things. Not even close.
It's really gauche to accuse Google of doing anti-security things when they're single-handedly advancing the state of the art and have caught state actors breaking PKI.
It's not an accusation. It's a statement of fact. Google *IS* removing PKP and there is nothing available to replace it.
In fact that's the incident which led Google to invent HPKP in the first place, and they knew the problems with it at the time which is why they then went on to invent certificate transparency to replace it.
Here are actual facts:
1. HPKP *IS* a standards track RFC.
2. Expect-CT is NOT a standards track document. It's an experimental draft.
3. Other major browser vendors with notable exception of Microsoft have already implemented RFC "standard".
4. Google is UNILATERALLY abandoning PKP with no industry wide consensus on replacement.
5. Google has failed to offer evidence supporting a coherent technical justification for abandonment of PKP other than subjective nonsense... "It's too hard" and "hijacking risk" which is of course an inherently necessary property of any effective security latch of this type.
6. Section 4 of the draft openly admits to allowing state sponsored hijacking.
" Site operators could themselves only cure this situation by one of:
reconfiguring their web server to transmit SCTs using the TLS
extension defined in Section 6.5 of [I-D.ietf-trans-rfc6962-bis],
obtaining a certificate from an alternative certificate authority"
HPKP on the other hand gives operators full control over what is valid without the possibility of third party override. Let me know when Expect-CT is able to achieve the same.
What about "Expect-CT" ?
What about an experimental draft no browser supports? This isn't even a standards track document.
If a site is using Expect-CT, the mis-issued certificate would need to be added to a publicly verifiable append-only log or if the header mysteriously went missing, it gets reported.
Section 4 of draft-ietf-httpbis-expect-ct-02 ... ...
"Site operators could themselves only cure this situation by one of:"
"obtaining a certificate from an alternative certificate authority".
This doesn't fix the problem of states controlling CAs - it ignores it completely.
One RFC gives users control over what is valid while a different experimental draft intentionally takes it away.
Anyone can submit a poem about UFOs controlled by bigfoot to the IETF with only automated normative review simply by marking a document experimental. People who do this either mean it... they really want it to be an experiment in which case asking me about "Expect-CT" is premature at best OR they are actively seeking to bypass scrutiny associated with a standards track document.
It's good to see more governments acting to grant themselves the ability to overtly subvert PKI on a global basis while Google is busy removing the only technology standing any chance of offering end users a clue.
How about Intel patches remote execution hole that's been hidden in chips since 2010? That's what known publicly. I guess there are other IntelME "features" which various three letters agencies exploit.
Was not asking about the existence of vulnerabilities and or stupid design decisions. What I am seeking is public evidence Intel or QUALCOMM or whomever is (c)overtly exfiltrating data from my systems.
I have I/O MMU virtualization disabled in my systems to prevent precisely these kinds of foreseeable issues. Without MMU Intel ME can't communicate without committing acts of deliberate sabotage for which no publically available evidence exists.
Intel's implementation is defective by design even without the vulnerabilities as it relies on domain broadcast via insecure protocols (e.g. DHCP). Anyone can obtain a legitimate certificate for a domain they control and then leverage this in DHCP (Not a secure protocol) to own systems to their hearts content even when not powered on.
Also, spying is now built in Windows 7/8.1/10 which runs most of PCs in the world. Microsoft can use Windows Update services to do whatever they please with your PC. Also various remote vulnerabilities have recently been discovered in a lot of AV products. Have you been living under the rock recently?
Microsoft writes most of the source code for Windows. Obviously they have the capability to make Windows do whatever they want without question. Yet capability itself is not the issue at hand. The issue is what vendors are actually doing not hypotheticals about what they can do. When you buy a smart TV and plug in the network cable or attach wireless you are REQUIRED to accept terms of conditions to use it. Once you accept from that point forward the vendor WILL collect data from you about everything you do/watch with your TV guaranteed.
None of the desktop or mobile operating systems I use do this. Depending on operating system it may require some time and effort to disable built in malware yet I believe it to be well worth the expense. With TVs it's pointless to bother when alternatives provide way better experience, capabilities and are cheap, readily available and relatively easy to use.
Also, it's pretty much common knowledge that most cell phones sold today can be remotely turned into eavesdropping devices using special GSM codes.
Well known the cell network is less secure than the public Internet. The ability to exploit these basic facts to perform all kinds of MITM/redirect style attacks is well understood.
Yet again this is all irrelevant to the issue at hand. There is a difference between hypothetical capabilities and actual actions. Exploring everything anyone can possibly dream up is not the issue at hand.
Yeah, less than 0.005% of the population of Earth will certainly follow your advice. Strangely you don't realize it's less than 0.005%. And these open source products of yours cannot (be) run without various firmware which you cannot check for vulnerabilities.
The number of people using x, y and z is completely irrelevant.
The only point of relevance is connecting a smart TV to the Internet and accepting terms of conditions guarantees everything you do will be tracked and monitored. This is not a hypothetical probability it is a provable fact.
Denying all possibility of intentional subversion throughout all hardware and software is not a problem I have any interest in pursuing.
Without daylight time the sun would kick my ass out of bed at ~3:00 AM during summer months. Most days it would start to get light before I ever bothered going to sleep.
If your smartphone (modem firmware plus tons of closed source software)
and x86 computer (IntelME, NIC firmware, closed source software) are connected to the Internet on a regular basis using the same network provider then you've already forfeited your privacy and security.
Please feel free to share any publically available supporting evidence to support the assertion my mobiles baseband, IntelME and NIC firmware are hacking host systems and covertly exfiltrating data.
So, the real question is how much additional data you'd like to share with third parties. I'm thinking your movies preferences hardly constitute something to worry about.
With "Smart TVs" (excluding some notable lapses) all you have to do is carefully read text they make you accept prior to enabling network access to know what is up. TVs with Microphones and cameras, TVs with access to data from all other inputs including PCs connected as displays you are explicitly granting carte blanche to god knows who to leverage for god knows why.
Given the fact much more capable hardware AND software is available freely in the form of open source you have control over with hardware 4k/60hz HEVC decoding can be had for less than $50... "NO" becomes an insanely easy to choice to make.
The Blu-Ray player needs to connect to the internet for updates to be able to play the latest discs. The Smart TV does not, unless you are actually using its "smart" features.
Most are updatable via USB. A fact that can easily be checked prior to purchase.
Pretty much the only reason I let my "smart" TV connect to the Internet is for firmware updates. Don't think I've had one in a while though now so assuming they've stopped being developed I may disconnect it soon.
All are updatable via USB stick.
Microsoft has essentially seized all control over updates, upgrades, settings, telemetry, advertisements and will reset your preferences at will without losing any significant portion of their customers, how's that not a smashing success for Microsoft?
In my opinion there is a danger in simply thinking in terms of market share.
What percentage of customers jumping ship is sufficient to fund development of competitive alternatives standing an ever increasing likelihood of at eating away at Microsoft's default position? We are in an era of maturing technology and diminishing returns with respect to value gained per input unit of human labor.
I expect that once the Win7 EOL is over the frog will begin to boil for real, it's almost so I want to buy Microsoft stock because I think they'll make bank gouging their captive audience. No more passive resistance by not upgrading, it's now one Windows and you're along for the ride whether you want to or not.
Perhaps. Perhaps they end up creating a vacuum in the market that gets filled with something that leads to their undoing.
I see people mad at Microsoft for offering free upgrades and features and this doesn't make any sense.
Windows 10 is adware/spyware. I would rather pay to be a customer than get something for nothing and be treated like crap.
I can understand if what you have works fine and you do not want to upgrade right now, but it is negligent if it is free to not consider doing it unless you plan on dumping your system for a newer one or use Linux in the next 2 years.
Two years of not being a beta tester / guinea pig seems smart to me even for those who plan on eventually downgrading to Windows 10 stalker edition. It isn't as if anyone is missing out on anything useful by not downgrading.
You are all cows. Cows say moo. MOOOO! MOOOOOO
MoooOO0OoO00Oo.
Personally I am really impressed with the technology. The capabilities of systems and networks of all shapes and sizes are still a source of amazement. Mobile especially. Tiny pocket sized computers with LTE, gigs of ram, quad core CPUs and GPUs, full HD displays. It's all rather amazing.
Yet here I am wasting all of that potential pretending to be a cow.
For me using a smartphone is like being stuck in a timewarp. So slow and tedious I completely lose track of time. What takes seconds in a laptop or PC takes minutes on a smartphone. It is not devices running slow but rather software and human interfaces that are laughably insufficient.. like frantically trying to suck enough water out of a straw to fill a swimming pool.
Now thanks to mobile all of the Internet is turning into a straw. Massive fonts, giant buttons, zero useful information and endless jackpot scrolling .. perhaps this is the screen that has information relevant to what I want... no let me try the next...nope not that one... ah ha!.....nope... false alarm...
"Ground Loops"? Really bro? This isn't 70's analog audio. You get no "hum" from HDMI not because it's "balanced" to avoid ground loops - it's because it's digital and doesn't pick up noise like an analog cable.
There are many recent threads dedicated to "hum" on AVSForums. The problem is obviously not gone.
Somewhere in the system there is a digital to analogue circuit driving analogue speakers. Shield of HDMI cables act as grounds that may well facilitate the creation of ground loops.
That said - even if you could pick up the noise, it would show itself in the form of data corruption which would be audio loss/dropout. Also - HDMI is an LVDS signal, so it is the digital equivalent of a "balanced" signal. But I digress - digital is all about "getting it there perfectly" - it either does, or it doesn't - and if it doesn't - you have a broken system. There is no "noise" or "hum" that can be introduced into the cable that could be heard in the decoded, analog output.
None of this addresses sources of noise within analogue circuitry. If you don't believe interference can be induced on analogue circuits place a cell phone into TDMA mode, make a call and place it next to your receiver.
I resent hyperbolic click baiting media dragging Kodi's name thru the mud with sensational headlines "How Kodi took over piracy" when authors know full well its misleading bullshit.
My default operating position is to expect browser vendors to protect CA/Government interests at all costs. The current system gives every competent government in the world a back door. Anything that jeopardizes this by effectively deterring or enabling detection of Government and criminal enterprise subversion attempts is bad for business.
It is hard to build a pin-set that is guaranteed to work, due to the variance in both user-agent trust stores and CA operations.
Hard to install and manage TLS certificates especially if you don't know what your doing so lets not use them. I'm tired of helping people setup TLS who don't even know what a CSR is... so lets not do it.....?
What I want to see in an argument is technical and statistical evidence that useful in making an informed decision regarding tradeoffs. Just saying something is "hard" or not "guaranteed" isn't communicating objectively useful information.
There is a risk of rendering a site unusable.
HSTS offers that same risk. Case in point on one of my machines Wikipedia would not work without not even allowing me to accept risk the site my be compromised without switching to firefox because for some reason one of the globalsign root certs were missing from my operating systems root database. In other cases accidentally allowing certs to expire completely cuts off access to sites. Those who enable these features know (or should know) the risks and tradeoffs. There are other issues with HSTS such as unrelated services that happen to be on the same domain listening on other ports being adversely affected by HSTS.
There is a risk of hostile pinning, should an attacker obtain a misissued certificate. While there are no confirmed or rumored cases of this having happened, the risk is present even for sites that donâ(TM)t use PKP.
The circular logic embodied by this statement is hilarious. Raison d'etre for PKP is protection against mississued certificates. Naturally most security latches necessarily increase lockout risk. The question of import is what affect does this have in the real world?
Use of every single bit of security technology involves tradeoffs that must be carefully considered. Just listing some with no context and no statistical evidence to inform any useful evaluation of tradeoffs is not really make a serious argument.
None of the excuses listed in Chris's post are new. They were all well known when the feature was implemented. The fact usage on a relative basis was always likely to be low for a feature like this must have also been well understood going in.
Duely noted- you shall receive a demand for $100,000 as your share of the national debt; plus several million in legal work to separate our two countries. Expect to produce a visa when reentering the country, failure to do so will be seen as an invasion- we shall retaliate by taking your land and putting you in a military prison. Because we have no trade agreement with you- you shall pay a major tariff on any goods you move between our two nations.
All I care about in life is that you support my census block having voted unanimously to succeed from the country.
Yes and no. I'm obviously against slavery and I'm glad the North intervened to stop slavery. With that said, yes, the South had the right to declare independence. It is probably turned out better for both the North and the South long term that the North won, but, yes, South had right to secede, even if they did it for an utterly despicable reason.
Couldn't agree more. Also I have the "right" to do whatever I want because I said so. You all are my slaves. Make me a sandwich.
I fully support the right of any region to decide who rules them (if decided by fair and free referendum).
All members of my census block have voted unanimously to succeed from the country and immediately cease any and all tax payments to local and national taxing authorities.
Thanks for your support.
Broadcasters in America haven't been credible news sources for _decades_. They were corrupted way before the cable outlets.
So what news source is credible? Just saying x,y and z sucks without even trying to indicate what sucks less isn't helpful.
I enjoy some broadcast news programs. For example 60 minutes while far from perfect has a particular knack for shining light on issues that result in positive changes. Just a couple weeks ago they participated in an awesome piece on US government (DEA) being captured by drug industry directly leading to Trump's drug czar withdrawn from consideration and early hints at legislative action to begin to undue associated damage.
I watched that episode in VLC on my PC. It was pulled OTA from an HD home run. Also like Tokyo news and BBC broadcasts also OTA via PBS for their not US perspectives.
Only 80 year olds get their news from NBC/CBS/ABC/NPR.
This is just stating an opinion without even bothering to offer objective information to support your ideas.
Every administration is hostile to non-pet media. Have you just started paying attention?
Because everyone is "hostile" is this supposed to excuses or legitimate any and all instances of respective administrations abusing power? What's your point?
When was the last time you watched/listened to broadcast?
The kids?
Broadcast is already dead, it's just zombie media for now, same as dead tree.
The RF spectrum still has value.
Antenna business is booming and an increasing number of people (myself included) are discovering how amazing broadcast TV is post ATSC and cable company price hikes.
They did that with Windows XP SP2. However it would be far from useful for every change to increase the amount of disk space used.
From what I understand there is a static change count limit rendering shadow copy worthless for prevention of ransomware.
It would be necessary to configure minimum time and granularity guarantees when you setup a folder. One might say I want to be able to go back to previous state at any point in time over the past year, month, week... whatever and I want to keep at least one change every hour, day, week..etc allowing incremental deltas to be progressively eliminated to reduce cost.
Once configured feature would require elevated privileges to undo and should the computer run out of disk space as a result so be it.
NTFS + Volume Shadow Copy, ZFS, btrfs, they all have one thing in common here, I disable the versioning on all of them.
I personally find snapshots useful. I use them regularly.
Backups are for backups, clouds are for clouds, git is for versioning
Git is a nonstarter.
versioning filesystems are for wasting diskspace as quickly as humanly possible.
What's the going rate for a 6TB drive these days? $200? Labor cost? Size of average document? Everything I've ever done in my entire life requires less than 400 MB uncompressed to store.
I believe it would have been more productive had Microsoft given users the tools and let them decide for themselves rather than piling on yet another set of access controls and expecting them to be used for real this time.