Only an open source browser on Firefox running on an open source OS like Linux can truly be secure. All the millions of people looking over the source code ensures bugs are discovered and fixeded quickly.
Yet I infer that you'll accept a native application, which presumably has even greater privileges to access the data in your user account, over a web application running inside a web browser's sandbox. How are native applications more secure than web applications?
Abstract answer to your abstract question many native applications can get by with much less total complexity than required simply to invoke "hello world" on a modern browser stack. What does the browser weigh in at? 10-20 MLOC? All of that on top of cost of OS provided facilities. I bet many applications people use come in way under that.
Significant reductions of complexity can translate into reduced avenues for error and compromise as complex facilities of modern browsers are not needed.
As far as running untrusted code on trusted systems I'll let the wisdom of this speak for itself. The solution seems pretty straight forward to me... DON'T DO IT. I know in a word of "app stores" and predatory attitude the entire tech industry seems to have adopted toward end users this seems more than a little naive.
In my view when browsers keep piling on features intended to emulate desktop functionality they are only putting everyone at increased unnecessary risk because it is beyond anyone's capability to control/secure it.
The most technically tractable prayer we have for effective application isolation in trust challenged environments is at the level of hypervisor. Anything above that is way too complicated to support general purpose applications without resembling Swiss cheese and even this is probably asking too much.
They would even think about flying F-35's in training missions without RCS enhancement. One heck of a gift to any adversary looking to probe/defeat US stealth advantage.
You find a nice Emoji you want to send only to come to realize person receiving is likely to see something completely different than what you intended assuming it will even render properly on the target device at all.
They change between operating systems and even within versions of the same operating system. What looked awesome or conveyed an idea on earlier versions of Android looks like shit in later versions of Android. What looked awesome on Android looks like shit or barely even legible on iPhone or WP receiving it.
Emoji smileys all look like bloated gummy turds as is. Between PC BS and constant reskinning to go with "design language" of the day I don't see any hope or future in Emoji. Given the current trajectory there will be some embedded reference that takes over from Unicode and with it an end to death by committee.
The first rule of Usenet applies to the Wayback machine in spades.
More attention on it especially something like this doing the lookups automatically that make it seem part of browser the more site owners feel compelled to exclude their content from the machine as a matter of course or worse lawyers for sites and third parties third parties try their hand at nonsensical legal theories.
But.... browsers are in a disk measuring contest on how fast (convenient) they can load a page, so the average joe (luser) says "Whoa.. this browser is fast".. For fucks sake, there is an idiot at Chrome who disabled certificate revocation checking, because going and fetching CRLs and OCSP and actually making the check costs about 200ms per host that is in the page. The did provide some small CRLs for few big CAs, inside the browser itself, but if you wanted any sort of checking for those they didn't you actually had to go and make changes into chrome://settings/. It might have changed later on, but that was the time I dropped that stupid browser.
Revocation is a fantasy. Never worked and my guess too few care enough this will ever change. Personally I think the world is on balance better off without it.
- Low probability of any discernible benefit to average user - Privacy nightmare - Unnecessary resource consumption and delays - Single point of failure / DDOS magnet
AFAICT, the vulnerability isn't compression in general, but compressing sensitive data along with data controlled by an attacker. Just compressing the sensitive data by itself won't leak much
Yes it is compression in general that leaks relationships between length and content. You don't even need to influence channel to benefit from dependency between content and length.
People have for example demonstrated recovery of useful information from encrypted voice communications simply by use of complex codecs without having to compromise encryption or wield any influence on in-band messages.
Obviously the more intermediate data you can collect and the more you can influence channel (often possible in web environments) yields worse real world outcomes yet the root cause is unchanged. compression = information leak.
What we need is a structured format where data from different sources can be compressed separately. Classic MVC design, in other words; the sensitive data (the model) should be delivered independent of the view (the presentation of the data, including things like ads). The view should ideally be a static, cacheable resource, and any ads should be as isolated from the rest of the page as if they had been opened in a separate browser instance.
Not using compression or using secure compression algorithms designed to not leak information would be a far safer option than depending on people not to fuck up.
So we learn for the 1940390155th time that if you let a remote site run arbitrary scripts on your machine, that remote site might do things that are not in your best interest. Surprise surprise.
Look: we get a constant stream of these things, at least one or two per week, literally for over 10 years. They're all the same. "Run javascript, get pwned". If you care AT ALL about security, you need to block javascript by default and white-list a few sites you care about, like your bank.
If you are still running javascript by default, in 2016, that's on you. You've had over a decade to learn your lesson.
No we learned that compression is vulnerable to side channel attacks something we all knew and nothing more.
Your view is strange given the unfortunate nature of many top sites employing CDNs to pipe out all manner of java frameworks and half the content of their sites and crap. What you are essentially advocating is a nonstarter. NOTHING works without JavaScript today and expecting people to make judgments about validity of specific script files is a complete nonstarter.
There are persistent streams of javascript implementation bugs and browser implementation bugs and style sheet implementation bugs and operating system implementation bugs which regularly require attention to prevent exploitation. It is easy to pull the plug and declare all security problems solved yet this course of action does not actually help anyone.
The takeaway we all learned many many years ago compression can be used as a side channel attack and therefore should probably never be used in conjunction with any stream containing sensitive data.
There is no need to invent different names based on where that compression occurs (CRIME, BREACH...etc.) or to assign even more aliases (HEIST) to the same damn thing. Wow you found a new set of metrics to enhance a side channel we all already knew about... so what?
This is one of the things I always hated about Defcon at least in the early days there were all kinds of talks about different ways to exploit this and that when everyone knew they weren't secure in the first place... like the old joke about someone discovering you can mount an unencrypted drive on another operating system and access all your files without knowing the password!!
It often boiled down to nothing more than implementing what everyone understood was possible anyway. Not very useful in my opinion.
At this point in the game anyone with important information to protect still vulnerable to compression attacks should probably do everyone a favor and look for a new line of work. There really isn't a valid excuse at this point.
You can run sigverif from CLI to check to see what drivers are currently being used on your system not signed by Microsoft.
I welcome any legitimate reason for this behavior requiring Microsoft cross signing when secure boot is enabled. Currently I'm at a loss to come up with one.
It seems when secure boot is not enabled all signature validation can be bypassed by malicious code one way or another if you have admin rights by changing boot settings using bcdedit and rebooting or a million other approaches given admin level access. Signature checks don't have much bite in the real world with secure boot disabled.
With secure boot enabled any effective bypass of driver signature validation is a security bug. Since only kernels trusted databases are used for driver signature validation (regardless of secure boot setting) cross signing to MS is redundant. This is especially true given the blessings seem to be superficial at best and probably nearly fully automated given cross signing does not currently cost money.
Most likely reason for MS to do this I've been able to come up with is that without MS control anyone who develops a kernel driver and gets it signed by one of the supported CAs can break out of a Microsoft walled garden on systems where secure boot is being enforced against the user.
Even if you believe any and all measures to lock down kernel access improves security and therefore unconditionally good regardless of any other considerations... I still fail to see how any actual locking downing is being accomplished here as the MS blessing is superficial and adds nothing. Any malicious actor able to develop a kernel driver and obtain an EV cert is almost certain to also obtain blessing of Microsoft.
The only "benefit" seems to be MS getting a vote to stop execution of drivers paving way for restricting usermode execution against users. (See Windows RT and Windows Phone)
The problem Windows Phone had was not that it was bad, it was that it wasn't disruptive or innovative.
This is not how I saw things go down.
Initially once upon a time there was a solid base of former CE developers very interested in windows phone. They wanted to get on board but Microsoft had to go f*** it all up.
They locked everything down emulating the Apple walled garden, required very specific versions of windows/w hyper-v and visual studio to develop anything and made you buy a Microsoft account. They militantly insisted on a Spartan ugly interface with no customization options. UI was all based on some forsaken piece of shit called Silverlight, APIs were half baked and not even finished and oh by the way you can't run any native code whatsoever.
On top of draconian bullshit, no compatibility, no apps, absence of basic core features that existed even in windows mobile and no user base developers basically gave MS the one finger salute and went to Android.
You need a feature - or set of features - that will entice users to the point they will be willing to abandon their existing applications in favor of your platform and its applications.
My personal opinion if Microsoft started out with feature parity and dropped the misfeatures (Fugly Metro/Silverlight, malware, Apple style lockin and lack of customization) windows phone would have a healthy market share today.
This is the same reason Linux hasn't been able to supplant Windows on the desktop, it's not that there is anything wrong with it, it's that it doesn't offer anything compelling in innovative or disruptive features.
If that were true you would think we wouldn't be hearing of high profile attempts to switch to Linux desktop failing.
There's no point waiting for Microsoft to screw up, if their past screwups with Windows haven't driven customers to Linux then nothing will, Linux needs that disruptive innovation to capture the users.
My opinion is they just need parity with Windows and Linux advocates need to stop pretending it already exists.
General purpose operating systems are mature technology driven by incremental accumulation of dead labor. If you bet on disruptive change you WILL lose. The only changes we are likely to see going forward will be both hard won and increasingly inconsequential. I think Linus had it exactly right on his comments about wearing the competition down.
You must watch a 30 second ad before logging into your computer
Unless purchasing enterprise edition you will not be able to run more than 4 programs at a time.
For your safety all software not signed and approved by Microsoft will no longer execute.
For your safety UWP sideloading is no longer offered. You agree all side loaded software and associated data will be automatically deleted.
To help improve customer experience your screen and key presses will be mirrored to Microsoft.
Windows requires Internet access for real-time exfiltration of telemetry to Microsoft and any government or intelligence agency willing to pay. Windows will no longer function without Internet access. If Internet access is interrupted windows will be suspended until access is restored.
Unless you have purchased Enterprise edition all Network data transfers are limited to the lower of 10mbit/s or 5 concurrent TCP session.
Unless you purchase Enterprise edition desktop resolution is reduced by 1/3rd. Full screen applications no longer function. The non desktop area is used to display personalized ads 24x7 based on analysis of screen mirroring to Microsoft.
Windows calculator now displays 5 second ads after every addition or subtraction operation, 10 second ads after multiplication or division and 15 second ads when any trigonometric or exponential function is used.
Registry editor, disk manager, device manager, group policy, firewall and certificate manager are no longer available for use.
It is no longer possible to login with a local user account. All accounts must be created and managed from Microsoft service.
All local storage will now be automatically wiped, all your data and software uploaded to Microsoft and drives repurposes as encrypted data caches which you will not have access to. You agree all your data is now owned by Microsoft and you grant an irrevocable license to monetize it however they want. If you don't agree you will no longer be able to login to your computer or access your data.
To login to Windows for your safety and security your web cam and microphone must be enabled and pointed at you at all times when using computer. If web cam is switched off or blocked your computer will no longer function for your safety.
All network communications even local communications with other computers on your network will now be routed thru Microsoft servers and analyzed for targeted advertising. Copies will auctioned off to anyone willing to pay for it. If you do not agree to these terms networking will be disabled. When networking is disabled windows will no longer have Internet connection and therefore it too will be disabled. All local disk storage is encrypted with a key you don't have and therefore you will permanently lose all access to everything until such time as you agree to our new terms.
Windows now requires monthly payments to use Microsoft services. If you do not agree to pay monthly fee you will not be able to access Microsoft services. This means you won't be able to login to your computer and access any of your data until such time as you agree to pay.
1) Physical comfort to start. I use cruise control in my car to relieve my leg from having to be fixed in a position for an extended period of time. It can get quite uncomfortable. Discomfort can lead to distraction and distraction can lead to accidents. (insert yoda joke here)
Autopilot is distinct from cruise control. It is hard to see how cruise control can be considered a safety feature when it has been shown to significantly reduce reaction time.
If your uncomfortable pull over or find a rest stop. There are more responsible options than continuing to drive with an impairment. Lack of personal responsibility when driving can lead to suffering.
2) Autopilot also can be useful as a safety measure precisely because people's attention routinely waivers. Computers don't get distracted as easily as we do. I challenge you to find a driver who has never accidentally veered out of their lane while distracted or had to perform an emergency stop because of some condition they failed to notice ahead. Autopilot can help ensure these situation occur less often.
What is the basis for this assumption? AEB has been shown statistically to provide very substantial benefits with significant reductions in collisions. LDW systems have been shown to be mostly shit either worthless or even slightly dangerous.
Where is the evidence Tesla's seemingly flawed implementation of autopilot improves safety overall?
We lack the technology to fully automate driving but we have technology to prevent some types of accidents. We put ABS and traction control and air bags, and seat belts and other technology on cars to improve safety. Technology that keeps you marginally safer is a good thing. If autopilot can prevent more accidents than would happen without it then it is a good thing to have. We're looking for a net benefit.
I believe every distinct safety feature has to be judged on the merits including any intended or unintended downsides.
What I am hearing on the topic of autopilot is a lot of noise dominated by nonsense and PR BS. Musk quoting statistics with worthless sample sizes and lack of controls. As near as I can tell there is no useful statistical evidence relating to Tesla autopilot available period.
Then we have the specific cases of "My car applied the brakes faster than I could during autopilot use so autopilot = good"
The arguments sound good but the reality is had that same driver been behind the same wheel in the same circumstance without autopilot the car would still have applied the brakes faster than they could anyway.
They would also have been warned about cars veering into their lane regardless of autopilot.
What is the basis for the assumption conveyed Tesla's current autopilot implementation yields better outcomes? PR releases? Wishful thinking? Assumptions?
Not exactly on topic but without BITS...windows won't update.
As you already know if you simply disable BITS Windows will automatically re-enable it and turn it on again whenever it feels like it.
The solution is to create a user account, disable the user account and then configure BITS service to run as that disabled user. This will cause it to permanently fail. Microsoft isn't yet checking for this.
I would comment further but anything I say would be obvious and repetitive like arguing with Natas over the finer points of running Microsoft.
I hope you are wrong. We let people buy chainsaws and circular saws, and people get hurt and/or killed by them. We don't hold manufacturers responsible because we expect people to know how they work and how to handle them. If Tesla explains the feature at the time of purchase, it is the owner's responsibility to know how to operate the vehicle. Period.
I can't get over thinking the only reason for autopilot in real world practical terms is to assist drivers to not drive.
It is easy to play word games and argue otherwise claim autopilot is there to "assist" drivers to drive or confuse autopilot with other safety features such as AEB yet to me the overriding question that must be answered is what's the point of autopilot to the actual people driving? Why do people want to use autopilot in the first place?
Based on my experience and understanding of people it is not likely to be seeking assistance driving it is more they don't want to drive or pay 100% attention and autopilot helps fulfill that wish.
If you assume for the sake of argument the primary reason why people want autopilot is so that they don't have to drive then I'm quite happy with outcome of clickwrap CYA warnings not holding up in court.
I have a list of things I want to see fixed or improved in Windows. Care to post that list by chance please? TIA.
Software FT volumes should not concurrently regenerate multiple FT volumes across same set of physical disks.
Reads from redundant volumes should be striped when useful.
Regeneration should be rate limited and resumable.
DDE disaster needs to be addressed the delays and wonky behavior is a huge waste of time.
Microsoft background processes need to be tamed and be made more interrupt driven and intelligent. There is no reason for constant resource consumption when nothing is changing.
Windows needs tc and iptables like filtering and application level rate limiting.
Windows firewall should have options to prevent applications from screwing with firewall settings.
RDP and windows should support zero knowledge based authentication + encryption and allow all current insecure NTLM*/Kerberos failures exposing everyone's credentials to offline attack to be completely disabled.
Site to site VPNs must support all available VPN protocols
Hibernate option to include rather than discard cached data
Per application credential storage and isolation
Protected versioned filesystem with log backup
Keyboard shortcuts for application launching and foreground promotion must work constantly across all applications. If an app is already running it should always be promoted to foreground not invoked a second time.
There should be a means to quickly manage processes isolated from whatever is going haywire on the desktop when invoking secure attention.
Lift local and global GDI handle limits and associated annoying UI artifacts
Cooking images on a per device basis is a crazy, unnecessary unmanageable nightmare that leads to precisely this outcome complete with vendors crying "it's too hard".
There should be a single image that can be installed on anything it has drivers for like any normal operating system. This isn't a novel concept. Everyone knows what the solution is.
No smartphone vendor has ever paid any price for their customers getting owned. There is no incentive to give a shit and every incentive to use this as leverage to get customers to continually buy new hardware.
For starters f**k steam. They have the exact same goal Microsoft dreams of.
And f**k Microsoft with it's perpetual bullshit. Developers and end users are sick of being prevented from using the latest version of Direct X just because not everyone runs the latest version of Windows. As a result Microsoft's stack is on track to be ignored and left behind. Vulkan is going to win over DX12 leaving future Direct X a moot point.
Regardless it shouldn't be hard to sell software directly with numerous ecommerce packages and services available. It shouldn't be hard to get your title out to distributors.
What we have increasingly with Steam is the same problem with any successful App Store.
1. Many titles are only available via Steam. If you want to buy somewhere else your fucked.
2. Too many end users only know Steam and won't look elsewhere even if alternatives exist.
3. Nothing you buy is able to operate independent of where you bought it.
The end result is lockin the very same lockin Microsoft dreams of imposing within Windows. I don't give a shit whether it is Steam or Microsoft or Google or Apple... this bullshit is completely unnecessary.
Ultimately lockin is bad for customers and developers alike as the App store monopoly inevitably leverages itself extracting more and more value from an increasingly captive audience with nothing real to show for it in return save the bank accounts of the few "winners" at the top.
For some number of years "What's new" feature lists related to Windows has been like peering into another universe where the laws of nature are reversed.
Nothing in the lists is anything I would actually want or find valuable or helpful to me and my work in any way. It does not help me get anything done better or faster or cheaper. It does even provide intangible benefits. Doesn't make things look "cool" or any more "fun" to use.
In fact what I see from "What's new" highlights more often involve production of misfeatures actively getting in my way and wasting my time or flat out evil shit indistinguishable from malware.
I have a list of things I want to see fixed or improved in Windows. Nothing on that list includes talking to my computer, doodling all over my screen with a fake marker, turning UX into fugly windowless interfaces from the 80's complete with 4-bit pallets and persistent cyber stalking of my activities.
The way Oracle sits on so many vulns for so long until aged to perfection is quite remarkable.
Even more remarkable nature of exploits themselves "159 can be exploited remotely without authentication"
I can only assume Oracle shops will install this latest batch of updates and get back to business as usual without batting an eye or even contemplating pushing back at all against this batshit insanity.
Slashdot Mirror
Only an open source browser on Firefox running on an open source OS like Linux can truly be secure. All the millions of people looking over the source code ensures bugs are discovered and fixeded quickly.
You mean this Firefox or a different one?
https://it.slashdot.org/story/...
Yet I infer that you'll accept a native application, which presumably has even greater privileges to access the data in your user account, over a web application running inside a web browser's sandbox. How are native applications more secure than web applications?
Abstract answer to your abstract question many native applications can get by with much less total complexity than required simply to invoke "hello world" on a modern browser stack. What does the browser weigh in at? 10-20 MLOC? All of that on top of cost of OS provided facilities. I bet many applications people use come in way under that.
Significant reductions of complexity can translate into reduced avenues for error and compromise as complex facilities of modern browsers are not needed.
As far as running untrusted code on trusted systems I'll let the wisdom of this speak for itself. The solution seems pretty straight forward to me... DON'T DO IT. I know in a word of "app stores" and predatory attitude the entire tech industry seems to have adopted toward end users this seems more than a little naive.
In my view when browsers keep piling on features intended to emulate desktop functionality they are only putting everyone at increased unnecessary risk because it is beyond anyone's capability to control/secure it.
The most technically tractable prayer we have for effective application isolation in trust challenged environments is at the level of hypervisor. Anything above that is way too complicated to support general purpose applications without resembling Swiss cheese and even this is probably asking too much.
They would even think about flying F-35's in training missions without RCS enhancement. One heck of a gift to any adversary looking to probe/defeat US stealth advantage.
Judicial watch? Why not save everyone the time and link to the enquirer or Onion instead? At least their bullshit is entertaining.
You find a nice Emoji you want to send only to come to realize person receiving is likely to see something completely different than what you intended assuming it will even render properly on the target device at all.
They change between operating systems and even within versions of the same operating system. What looked awesome or conveyed an idea on earlier versions of Android looks like shit in later versions of Android. What looked awesome on Android looks like shit or barely even legible on iPhone or WP receiving it.
Emoji smileys all look like bloated gummy turds as is. Between PC BS and constant reskinning to go with "design language" of the day I don't see any hope or future in Emoji. Given the current trajectory there will be some embedded reference that takes over from Unicode and with it an end to death by committee.
The first rule of Usenet applies to the Wayback machine in spades.
More attention on it especially something like this doing the lookups automatically that make it seem part of browser the more site owners feel compelled to exclude their content from the machine as a matter of course or worse lawyers for sites and third parties third parties try their hand at nonsensical legal theories.
http://www.netdisaster.com/des...
But.... browsers are in a disk measuring contest on how fast (convenient) they can load a page, so the average joe (luser) says "Whoa.. this browser is fast".. For fucks sake, there is an idiot at Chrome who disabled certificate revocation checking, because going and fetching CRLs and OCSP and actually making the check costs about 200ms per host that is in the page. The did provide some small CRLs for few big CAs, inside the browser itself, but if you wanted any sort of checking for those they didn't you actually had to go and make changes into chrome://settings/. It might have changed later on, but that was the time I dropped that stupid browser.
Revocation is a fantasy. Never worked and my guess too few care enough this will ever change. Personally I think the world is on balance better off without it.
- Low probability of any discernible benefit to average user
- Privacy nightmare
- Unnecessary resource consumption and delays
- Single point of failure / DDOS magnet
AFAICT, the vulnerability isn't compression in general, but compressing sensitive data along with data controlled by an attacker. Just compressing the sensitive data by itself won't leak much
Yes it is compression in general that leaks relationships between length and content. You don't even need to influence channel to benefit from dependency between content and length.
People have for example demonstrated recovery of useful information from encrypted voice communications simply by use of complex codecs without having to compromise encryption or wield any influence on in-band messages.
Obviously the more intermediate data you can collect and the more you can influence channel (often possible in web environments) yields worse real world outcomes yet the root cause is unchanged. compression = information leak.
What we need is a structured format where data from different sources can be compressed separately. Classic MVC design, in other words; the sensitive data (the model) should be delivered independent of the view (the presentation of the data, including things like ads). The view should ideally be a static, cacheable resource, and any ads should be as isolated from the rest of the page as if they had been opened in a separate browser instance.
Not using compression or using secure compression algorithms designed to not leak information would be a far safer option than depending on people not to fuck up.
So we learn for the 1940390155th time that if you let a remote site run arbitrary scripts on your machine, that remote site might do things that are not in your best interest. Surprise surprise.
Look: we get a constant stream of these things, at least one or two per week, literally for over 10 years. They're all the same. "Run javascript, get pwned". If you care AT ALL about security, you need to block javascript by default and white-list a few sites you care about, like your bank.
If you are still running javascript by default, in 2016, that's on you. You've had over a decade to learn your lesson.
No we learned that compression is vulnerable to side channel attacks something we all knew and nothing more.
Your view is strange given the unfortunate nature of many top sites employing CDNs to pipe out all manner of java frameworks and half the content of their sites and crap. What you are essentially advocating is a nonstarter. NOTHING works without JavaScript today and expecting people to make judgments about validity of specific script files is a complete nonstarter.
There are persistent streams of javascript implementation bugs and browser implementation bugs and style sheet implementation bugs and operating system implementation bugs which regularly require attention to prevent exploitation. It is easy to pull the plug and declare all security problems solved yet this course of action does not actually help anyone.
The takeaway we all learned many many years ago compression can be used as a side channel attack and therefore should probably never be used in conjunction with any stream containing sensitive data.
There is no need to invent different names based on where that compression occurs (CRIME, BREACH...etc.) or to assign even more aliases (HEIST) to the same damn thing. Wow you found a new set of metrics to enhance a side channel we all already knew about... so what?
This is one of the things I always hated about Defcon at least in the early days there were all kinds of talks about different ways to exploit this and that when everyone knew they weren't secure in the first place... like the old joke about someone discovering you can mount an unencrypted drive on another operating system and access all your files without knowing the password!!
It often boiled down to nothing more than implementing what everyone understood was possible anyway. Not very useful in my opinion.
At this point in the game anyone with important information to protect still vulnerable to compression attacks should probably do everyone a favor and look for a new line of work. There really isn't a valid excuse at this point.
An open Internet and general purpose computers give peasants too much power and must be quashed at all costs.
You can run sigverif from CLI to check to see what drivers are currently being used on your system not signed by Microsoft.
I welcome any legitimate reason for this behavior requiring Microsoft cross signing when secure boot is enabled. Currently I'm at a loss to come up with one.
It seems when secure boot is not enabled all signature validation can be bypassed by malicious code one way or another if you have admin rights by changing boot settings using bcdedit and rebooting or a million other approaches given admin level access. Signature checks don't have much bite in the real world with secure boot disabled.
With secure boot enabled any effective bypass of driver signature validation is a security bug. Since only kernels trusted databases are used for driver signature validation (regardless of secure boot setting) cross signing to MS is redundant. This is especially true given the blessings seem to be superficial at best and probably nearly fully automated given cross signing does not currently cost money.
Most likely reason for MS to do this I've been able to come up with is that without MS control anyone who develops a kernel driver and gets it signed by one of the supported CAs can break out of a Microsoft walled garden on systems where secure boot is being enforced against the user.
Even if you believe any and all measures to lock down kernel access improves security and therefore unconditionally good regardless of any other considerations... I still fail to see how any actual locking downing is being accomplished here as the MS blessing is superficial and adds nothing. Any malicious actor able to develop a kernel driver and obtain an EV cert is almost certain to also obtain blessing of Microsoft.
The only "benefit" seems to be MS getting a vote to stop execution of drivers paving way for restricting usermode execution against users. (See Windows RT and Windows Phone)
The problem Windows Phone had was not that it was bad, it was that it wasn't disruptive or innovative.
This is not how I saw things go down.
Initially once upon a time there was a solid base of former CE developers very interested in windows phone. They wanted to get on board but Microsoft had to go f*** it all up.
They locked everything down emulating the Apple walled garden, required very specific versions of windows /w hyper-v and visual studio to develop anything and made you buy a Microsoft account. They militantly insisted on a Spartan ugly interface with no customization options. UI was all based on some forsaken piece of shit called Silverlight, APIs were half baked and not even finished and oh by the way you can't run any native code whatsoever.
On top of draconian bullshit, no compatibility, no apps, absence of basic core features that existed even in windows mobile and no user base developers basically gave MS the one finger salute and went to Android.
You need a feature - or set of features - that will entice users to the point they will be willing to abandon their existing applications in favor of your platform and its applications.
My personal opinion if Microsoft started out with feature parity and dropped the misfeatures (Fugly Metro/Silverlight, malware, Apple style lockin and lack of customization) windows phone would have a healthy market share today.
This is the same reason Linux hasn't been able to supplant Windows on the desktop, it's not that there is anything wrong with it, it's that it doesn't offer anything compelling in innovative or disruptive features.
If that were true you would think we wouldn't be hearing of high profile attempts to switch to Linux desktop failing.
There's no point waiting for Microsoft to screw up, if their past screwups with Windows haven't driven customers to Linux then nothing will, Linux needs that disruptive innovation to capture the users.
My opinion is they just need parity with Windows and Linux advocates need to stop pretending it already exists.
General purpose operating systems are mature technology driven by incremental accumulation of dead labor. If you bet on disruptive change you WILL lose. The only changes we are likely to see going forward will be both hard won and increasingly inconsequential. I think Linus had it exactly right on his comments about wearing the competition down.
You must watch a 30 second ad before logging into your computer
Unless purchasing enterprise edition you will not be able to run more than 4 programs at a time.
For your safety all software not signed and approved by Microsoft will no longer execute.
For your safety UWP sideloading is no longer offered. You agree all side loaded software and associated data will be automatically deleted.
To help improve customer experience your screen and key presses will be mirrored to Microsoft.
Windows requires Internet access for real-time exfiltration of telemetry to Microsoft and any government or intelligence agency willing to pay. Windows will no longer function without Internet access. If Internet access is interrupted windows will be suspended until access is restored.
Unless you have purchased Enterprise edition all Network data transfers are limited to the lower of 10mbit/s or 5 concurrent TCP session.
Unless you purchase Enterprise edition desktop resolution is reduced by 1/3rd. Full screen applications no longer function. The non desktop area is used to display personalized ads 24x7 based on analysis of screen mirroring to Microsoft.
Windows calculator now displays 5 second ads after every addition or subtraction operation, 10 second ads after multiplication or division and 15 second ads when any trigonometric or exponential function is used.
Registry editor, disk manager, device manager, group policy, firewall and certificate manager are no longer available for use.
It is no longer possible to login with a local user account. All accounts must be created and managed from Microsoft service.
All local storage will now be automatically wiped, all your data and software uploaded to Microsoft and drives repurposes as encrypted data caches which you will not have access to. You agree all your data is now owned by Microsoft and you grant an irrevocable license to monetize it however they want. If you don't agree you will no longer be able to login to your computer or access your data.
To login to Windows for your safety and security your web cam and microphone must be enabled and pointed at you at all times when using computer. If web cam is switched off or blocked your computer will no longer function for your safety.
All network communications even local communications with other computers on your network will now be routed thru Microsoft servers and analyzed for targeted advertising. Copies will auctioned off to anyone willing to pay for it. If you do not agree to these terms networking will be disabled. When networking is disabled windows will no longer have Internet connection and therefore it too will be disabled. All local disk storage is encrypted with a key you don't have and therefore you will permanently lose all access to everything until such time as you agree to our new terms.
Windows now requires monthly payments to use Microsoft services. If you do not agree to pay monthly fee you will not be able to access Microsoft services. This means you won't be able to login to your computer and access any of your data until such time as you agree to pay.
1) Physical comfort to start. I use cruise control in my car to relieve my leg from having to be fixed in a position for an extended period of time. It can get quite uncomfortable. Discomfort can lead to distraction and distraction can lead to accidents. (insert yoda joke here)
Autopilot is distinct from cruise control. It is hard to see how cruise control can be considered a safety feature when it has been shown to significantly reduce reaction time.
If your uncomfortable pull over or find a rest stop. There are more responsible options than continuing to drive with an impairment. Lack of personal responsibility when driving can lead to suffering.
2) Autopilot also can be useful as a safety measure precisely because people's attention routinely waivers. Computers don't get distracted as easily as we do. I challenge you to find a driver who has never accidentally veered out of their lane while distracted or had to perform an emergency stop because of some condition they failed to notice ahead. Autopilot can help ensure these situation occur less often.
What is the basis for this assumption? AEB has been shown statistically to provide very substantial benefits with significant reductions in collisions. LDW systems have been shown to be mostly shit either worthless or even slightly dangerous.
Where is the evidence Tesla's seemingly flawed implementation of autopilot improves safety overall?
We lack the technology to fully automate driving but we have technology to prevent some types of accidents. We put ABS and traction control and air bags, and seat belts and other technology on cars to improve safety. Technology that keeps you marginally safer is a good thing. If autopilot can prevent more accidents than would happen without it then it is a good thing to have. We're looking for a net benefit.
I believe every distinct safety feature has to be judged on the merits including any intended or unintended downsides.
What I am hearing on the topic of autopilot is a lot of noise dominated by nonsense and PR BS. Musk quoting statistics with worthless sample sizes and lack of controls. As near as I can tell there is no useful statistical evidence relating to Tesla autopilot available period.
Then we have the specific cases of "My car applied the brakes faster than I could during autopilot use so autopilot = good"
The arguments sound good but the reality is had that same driver been behind the same wheel in the same circumstance without autopilot the car would still have applied the brakes faster than they could anyway.
They would also have been warned about cars veering into their lane regardless of autopilot.
What is the basis for the assumption conveyed Tesla's current autopilot implementation yields better outcomes? PR releases? Wishful thinking? Assumptions?
Not exactly on topic but without BITS ...windows won't update.
As you already know if you simply disable BITS Windows will automatically re-enable it and turn it on again whenever it feels like it.
The solution is to create a user account, disable the user account and then configure BITS service to run as that disabled user. This will cause it to permanently fail. Microsoft isn't yet checking for this.
I would comment further but anything I say would be obvious and repetitive like arguing with Natas over the finer points of running Microsoft.
I hope you are wrong. We let people buy chainsaws and circular saws, and people get hurt and/or killed by them. We don't hold manufacturers responsible because we expect people to know how they work and how to handle them. If Tesla explains the feature at the time of purchase, it is the owner's responsibility to know how to operate the vehicle. Period.
I can't get over thinking the only reason for autopilot in real world practical terms is to assist drivers to not drive.
It is easy to play word games and argue otherwise claim autopilot is there to "assist" drivers to drive or confuse autopilot with other safety features such as AEB yet to me the overriding question that must be answered is what's the point of autopilot to the actual people driving? Why do people want to use autopilot in the first place?
Based on my experience and understanding of people it is not likely to be seeking assistance driving it is more they don't want to drive or pay 100% attention and autopilot helps fulfill that wish.
If you assume for the sake of argument the primary reason why people want autopilot is so that they don't have to drive then I'm quite happy with outcome of clickwrap CYA warnings not holding up in court.
I have a list of things I want to see fixed or improved in Windows.
Care to post that list by chance please? TIA.
Software FT volumes should not concurrently regenerate multiple FT volumes across same set of physical disks.
Reads from redundant volumes should be striped when useful.
Regeneration should be rate limited and resumable.
DDE disaster needs to be addressed the delays and wonky behavior is a huge waste of time.
Microsoft background processes need to be tamed and be made more interrupt driven and intelligent. There is no reason for constant resource consumption when nothing is changing.
Windows needs tc and iptables like filtering and application level rate limiting.
Windows firewall should have options to prevent applications from screwing with firewall settings.
RDP and windows should support zero knowledge based authentication + encryption and allow all current insecure NTLM*/Kerberos failures exposing everyone's credentials to offline attack to be completely disabled.
Site to site VPNs must support all available VPN protocols
Hibernate option to include rather than discard cached data
Per application credential storage and isolation
Protected versioned filesystem with log backup
Keyboard shortcuts for application launching and foreground promotion must work constantly across all applications. If an app is already running it should always be promoted to foreground not invoked a second time.
There should be a means to quickly manage processes isolated from whatever is going haywire on the desktop when invoking secure attention.
Lift local and global GDI handle limits and associated annoying UI artifacts
Cooking images on a per device basis is a crazy, unnecessary unmanageable nightmare that leads to precisely this outcome complete with vendors crying "it's too hard".
There should be a single image that can be installed on anything it has drivers for like any normal operating system. This isn't a novel concept. Everyone knows what the solution is.
No smartphone vendor has ever paid any price for their customers getting owned. There is no incentive to give a shit and every incentive to use this as leverage to get customers to continually buy new hardware.
For starters f**k steam. They have the exact same goal Microsoft dreams of.
And f**k Microsoft with it's perpetual bullshit. Developers and end users are sick of being prevented from using the latest version of Direct X just because not everyone runs the latest version of Windows. As a result Microsoft's stack is on track to be ignored and left behind. Vulkan is going to win over DX12 leaving future Direct X a moot point.
Regardless it shouldn't be hard to sell software directly with numerous ecommerce packages and services available. It shouldn't be hard to get your title out to distributors.
What we have increasingly with Steam is the same problem with any successful App Store.
1. Many titles are only available via Steam. If you want to buy somewhere else your fucked.
2. Too many end users only know Steam and won't look elsewhere even if alternatives exist.
3. Nothing you buy is able to operate independent of where you bought it.
The end result is lockin the very same lockin Microsoft dreams of imposing within Windows. I don't give a shit whether it is Steam or Microsoft or Google or Apple... this bullshit is completely unnecessary.
Ultimately lockin is bad for customers and developers alike as the App store monopoly inevitably leverages itself extracting more and more value from an increasingly captive audience with nothing real to show for it in return save the bank accounts of the few "winners" at the top.
For some number of years "What's new" feature lists related to Windows has been like peering into another universe where the laws of nature are reversed.
Nothing in the lists is anything I would actually want or find valuable or helpful to me and my work in any way. It does not help me get anything done better or faster or cheaper. It does even provide intangible benefits. Doesn't make things look "cool" or any more "fun" to use.
In fact what I see from "What's new" highlights more often involve production of misfeatures actively getting in my way and wasting my time or flat out evil shit indistinguishable from malware.
I have a list of things I want to see fixed or improved in Windows. Nothing on that list includes talking to my computer, doodling all over my screen with a fake marker, turning UX into fugly windowless interfaces from the 80's complete with 4-bit pallets and persistent cyber stalking of my activities.
What difference at this point does it make who hacked DNC's dammed emails?
Basically every bit of technology worth using is enumerated by this thing as dual use.
TSA is corrupt from the top of the organization on down.
To put things into perspective TSA costs something like 7-8 billion/yr. The entire fucking FBI's budget is like 8-9 billion/yr.
The way Oracle sits on so many vulns for so long until aged to perfection is quite remarkable.
Even more remarkable nature of exploits themselves "159 can be exploited remotely without authentication"
I can only assume Oracle shops will install this latest batch of updates and get back to business as usual without batting an eye or even contemplating pushing back at all against this batshit insanity.