Re: So, what can an individual do about it?
So you're saying security updates are useless, seeing as they're supposed to keep you from getting pwned?
10436 posts • joined 10 Jun 2009
So you're saying security updates are useless, seeing as they're supposed to keep you from getting pwned?
It's practically impossible to prevent a piece of software in a VM from finding out it IS in a VM. A timing attack is all it really takes, and there are ways to prevent the host from realizing you're performing one (either internal by instruction timings or externally by polling a timebase).
"The engineers should get up from their desks, walk out the front door, turn and look up at the company sign on the building.... (see title)"
But then they remember the logo that appears on their paychecks...AND the long lines at the unemployment office...AND the lack of good alternative jobs anywhere nearby.
Sometimes, weathering the storm is better than trying to run from it.
"I'd rather hold off on my browsing or computing until I get home than to try to make it work on that tiny touch-screen with my big fat fingers."
Even if it meant missing out on a deal you need to research on the spot to find out if it's legit or not? There ARE times when you just can't wait (you snooze, you lose).
Except that since Microsoft owns certificates, they can transmit the stuff over authenticated connections, meaning they can tell the real stuff from the junk, allowing them to easily filter.
Plus consider Whispernets...
"When did playing some childish game become a reason for making a committal decision that could destroy your privacy and eventually cost you a lot of money?"
Some people play games for a living. Think professional gaming clans. If they need to earn their daily bread by competing in Overwatch, guess what that means for their rigs?
The problem is that Microsoft knows all the tricks.
- DNS blackholing won't help you because the most important ones are hardcoded into Microsoft's DNS API DLL, and the DLL for it is signed so it can't be replaced with a neutered version.
- As for blacklisting IPs, I heard they use the same IP and ports for the telemetry as they use for Windows Update, meaning if you block the telemetry, you ALSO block the security updates, leaving you a nasty choice: get tagged or get pwned?
Next thing you know, W10 becomes able to detect it's in a VM and act funny because of it.
Could start an Activation countdown. Don't connect in 30 days and the install locks until it can.
XP was declared completely EOL some time back, meaning users can be owned at any time. Using XP now would be considered a failure of due diligence without extenuating circumstances.
They've BEEN voting with their wallets...AGAINST you. You can't fix Stupid, so another plan is called for.
And if software critical to their position can ONLY run on raw Windows, raising a Scylla-and-Charybdis situation?
"One fine commentard (Charles 9, I think) opined that the only way to ensure privacy is to become a Luddite. Well, only if you want absolute privacy, I think. This guy managed to maintain excellent privacy for 27 years, but they caught him at last. Isn't everything shades of gray and a matter of degrees? You can get "pretty good" privacy if you eschew a few things. And if you manage your usage, and don't need full-on shields-up privacy all the time."
Which actually shows privacy can't be shades of gray. It's black and white: all or nothing. Just one slip is all it takes to let the plods in and start unraveling everything.
Which means for many of us it's already too late. They're just holding the bombshells in reserve.
If you can tell a professional gaming clan how to play Overwatch on their PCs without using Windows, I'll be impressed. And no, consoles are not an option since Blizzard separates gamers by platform and all the hardcore professionals use PCs.
I think Microsoft uses authenticated connections, meaning they'd be able to tell the difference.
Bet you they're not. That's why Enterprise has a subscription attached.
"Will we ever be completely safe? Of course no - but if we let rights fly out of the Windows <G>, it will become much harder to bring them back..."
That's what I'm saying. Those lights left long ago.
It is if you're running a gaming center. Not that common in the weat, but check out the far east.
No machine juicy enough if your primary activity is 3D in nature since 3D virtualization is still pretty damn slow. Also there's a problem if your primary Windows activity is necessarily memory-intensive since the VM and host OS add overhead that can take you over the top.
That still doesn't stop the telemetry that's built into the OS and cannot be turned off (not even at the DNS level because the DNS client hardcodes a number of domains). You really need an external safeguard to block that telemetry, and that's not assuming Microsoft potholes the telemetry into the same IP as Windows Update, meaning blocking the telemetry also blocks the security updates, leaving you in a dilemma: get tagged or get pwned?
Microsoft then blackmails the EU or contributes to its dissolution. What now?
"Interestingly you can get lists for firewalls specifically to block the domains used by Microsoft's data slurping - but not Google... double-standards on the part of the tech community or what?"
No, probably Google's using SNI and other tricks to pothole too many of their services onto the same IP address, meaning too much risk of collateral damage, which you already noted.
"The biggest problem is availability of software."
That's where Microsoft gets you. They've dominated the OS atmosphere for so long that most software has no viable substitutes outside Windows. Combine this with hardware ONLY supported in Windows and you've got the recipe for a captive market. Now they're trying to pull everyone into the repeat business of a subscription model, using all the Windows lockdown as hostages.
The "Scanning for Errors" notification has been there since XP. It indicates the drive wasn't cleanly unmounted the last time it was used, and that could've come from whatever last used it, some of which lack the facility to to properly unmount the drive. Windows installs can be instructed to treat highly-portable USB drives differently so you don't have this problem, at the cost of performance since it means Windows can't use advanced drive management on them.
"While I really don't care about who slurps my data - I don't want *anyone* of them doing it."
The only way to really do that is to go full Luddite and stop using computers. Otherwise, you can't trust what your software or hardware are doing behind your back, laws be damned.
Simple. They FULLY grasp the concept of a CAPTIVE MARKET, as most people are held hostage by their applications which have no acceptable substitutes. Especially people like enterprises with custom jobs (meaning jumping risks them going under in the attempt) or gamers (just compare the compatibility lists, especially for newer games; they simply DO NOT compare).
How will they be able to force the issue if Microsoft simply decides to remove themselves from Europe, hiding themselves behind US sovereign immunity? Plus Microsoft may be helping to undermine the EU itself, removing its sovereign authority.
"Even one of the inveterate gamers I know is talking about installing Linux and is researching just what Windows games can be got to run on Linux via Steam/Wine/PlayOnLinux etc. as well as going dual-boot until they wean themselves off the games that just cant be got to work on Linux."
And he'll soon find out most of the games DON'T work well on Linux. Trust me, I looked. Especially the newer games like Fallout 4 and Overwatch. Bethesda swore off Linux, and all reports concerning Overwatch are listed as Garbage. And they are not alone. Otherwise, I'd have already jumped.
Oh, what about via external devices? Why can't you block Microsoft telemetry say at the router?
That goes to what I was saying. MODERN expensive goods are 90% bling (IOW inflated). Think iPhones versus good "imitations" from no-name companies. Apart from the name, what else are you getting spec-wise for all that markup?
The way I see it, there are two obstacles to machines taking over every job at this time: dexterity and Uncanny Valley.
Some jobs require not just fine motor control but also simultaneous adaptability (such as a position where no two jobs are the same). The first problem is being worked on steadily with more articulate mechanics, but the second one goes to machine learning and will be more difficult to apply in a generic form.
And then there's the natural human instinctual desire to see a friendly face (we have pretty strong evidence this is instinct since the behavior is shown even in newborns). If a job requires (or even just highly recommends) a face-to-face interaction, then it'll naturally prefer a human in it to provide that face.
Yup. Worse comes to worse, they can just close the walled garden and hash it out amongst themselves. As long as there's at least "two to tango", mutual commerce can still take place.
Land value due to usefulness can still fluctuate. Sometimes suddenly if discoveries are made. For example, what's to stop some barren tract of land from hiding a gold vein, a Kimberlite pipe, or a shallow source of petroleum?
Thing was, the 20th Century still had room to grow (the population was a fraction of today and lots of resources were still being discovered), plus a couple major wars and a pandemic thinned the population and provided more space. Now, the circumstances are different. The post-war baby boom is coming home to roost, resources are trickier to get, and we haven't had an inequality of wealth of this scale since before the Black Death.
If it was 1983, probably the latter, as voice synth tech was still pretty new (think the early talking videogames like Berzerk and the Votrax SC-01). Even today, using recorded voices and concatenation, the results still come out a touch weird sometimes.
And can YOU tell that to Congress who insists on only taxing assets as they're sold, not as they're held, discouraging hoarding?
I think that needs to be qualified, though. OLD expensive stuff, yes, because they were usually hand made custom jobs, sometimes with threats attached. Expensive stuff TODAY? I wouldn't be surprised if a lot of that "expensive" was really just bling.
"If everyone can make what they want or need, then we are on the path to universal wealth."
That's assuming everyone CAN make what they want or need. Trouble is, in the future, many will lack the skills, the rest will lack the resources. Making things requires BOTH, and NEITHER are guaranteed, and there's no way the haves will EVER let the governments take their wealth away. They can either move or usurp the government, and if the proles rise up, call out the killer drones; if that doesn't work, nukes.
""They" will have to do nothing. It's up to the 7,000,000,000 individuals involved to make their own choices about what they feel like doing."
Oh? What about when it comes time to find a way to earn their daily bread and nothing's available? Kinda harsh to be telling 7 billion people, "You lose. Game Over. Better luck next life."
Plus, most people using the self check-out would probably qualify for the Express lane (if it was open and not running to the back). They scan a few things, pack up and go. A minute of effort to beat a wait of several minutes at the checkout is a win for them. And before you say hire more cashiers, that would raise the labor costs which would in turn be passed to the customer: another trade-off.
The difference being that at least women tend to know when their period is coming and can schedule things around it if necessary. Epilepsy is a little more random than that.
"If the government demands back doors and those back doors are breached by criminals then the government must pay those hacked the costs incurred because of the hacking."
Guess you never heard of Sovereign Immunity before.
Now can you use it in a non-obvious, stego-hardened way to get your message across in a paranoid world where the mere use of obvious encryption makes you a target?
Wouldn't work in a world where using ANY obvious encryption (and public-key encryption, due to its mathematical nature, can't be made non-obvious) would make you a target.
But monopoly interests have the money. Plus some of them (like Facebook) ARE multinational in nature.
Besides, you have to establish that code to use it unless you the Navajo code talker trick. That puts you into the First Contact problem.
"It was not broken, and if I remember correct it is still pretty secure."
Not really, as more people know Navajo and are aware of the technique. It was just away to use native tongue to get around the First Contact problem.
As for the rest, that was mostly down to luck.
OR it could be the crook wanted detective work so they'd pick up the false leads and get thrown off the trail...
So you just switch from having Google as Big Brother to having Microsoft as Big Brother?
Biting the hand that feeds IT © 1998–2017