* Posts by bombastic bob

5687 posts • joined 1 May 2015

The PC is dead. Gartner wishes you luck, vendors

bombastic bob Silver badge

Re: The PC...

"The PC's demise is greatly exaggerated."

WELL! SAID!

As you pointed out, SALES are dead. well, not ENTIRELY dead. Just dropping and low.

why?

a) user perception of "better". Win-10-nic and "Ape" don't 'look better' or 'perform better' than existing (say windows 7) machines. Moore's law isn't making them 'faster enough' than 'what you already own'.

b) the 4-inchers [aka 'phone zombies'] who do ALL of their computing on a 4-inch phone screen, do faceb**ch, tw*tter, and texting [the new 'messenger'] MOST of the time. They buy new 'toys' to do this with, and they're nearly always a 4-inch 'phone factor'.

- which leads to -

c) SALES are currently driven by the 4-inchers. This drives CLUELESS MARKET-DROIDS into "feeling" that "the PC is dead". which is WRONG.

HOW TO FIX IT:

give people a reason to WANT to get a new PC/laptop to replace the old one!

[as of now, "Ape" and Win-10-nic are DIS-incentives to get something new]

/me points out: sales figures are more like a derivative, not an integral, and nobody is tracking "the depletion rate" of existing machines, now are they? So it's an incomplete picture at best.

Microsoft shifts Windows 7 and 8.1 fixes to 'rollup' bundles

bombastic bob Silver badge

Will the rollup silently include KB3035583 and (unwanted) telemetry?

Has Micro-shaft discovered JUST HOW MANY OF US are NOT getting any updates (or deliberately NOT installing a certain handful of updates) because of their AGGRESSIVE GWX marketing tactics? And, the alleged SPYWARE being added to 7 and 8.x via Windows Update?

Not to mention the more RECENT discovery, having GWX 'up'grades to Win-10-nic AUTOMATICALLY SCHEDULED FOR US.

I take it that this will be THEIR way of STOPPING us from picking and choosing which updates we DO install.

Thanks, Micro-shaft. We really _NEEDED_ that...

Microsoft .NET Core update asks developers: How you doin'?

bombastic bob Silver badge

Re: Cross platform

"But like you say, lots of ill feeling in some parts of the Linux world."

yes.

I don't like '.Not's bass-ackwards way of doing things, being inefficient among other stuff. CAIRO, OpenGL, and other standard graphics libraries have been around for quite a while in the open source world, to abstract graphics from the display surface or OS. But they're not "Microsoft's Creation". Same with whatever ELSE ".Not" might do 'for you'. Poorly.

The _ONLY_ reason '.Not Core' would exist is for Microsoft to "leverage" every non-Windows operating system too, like the way they build TELEMETRY into it and require "opt out" to get rid of it. "Their fingers in EVERYTHING" in other words.

A few years ago a single 'Mono' "app" [tomboy] was added to the default Gnome 2 install. HOWLS ensued. *NOBODY* WANTED to haul in the 'mono'-lithic pile of CRAP that was needed to support THAT! ONE! APPLICATION! [one I don't even use]. It was subsequently REMOVED and eventually replaced with something that did NOT have a "mono" dependency.

I doubt ".Not Core" will be any BETTER than mono. More ginormous monolithic inefficient libraries, I'm sure.

I'll stick with gtk, qt, or native X11 coding thanks, or use something like wxWidgets which can be adapted from an MFC C++ application with some effort. [gtk and Qt and wxWidgets are _ALREADY_ cross-platform, too!]

The Windows 10 future: Imagine a boot stamping on an upgrade treadmill forever

bombastic bob Silver badge

Re: Dependency Hell

there's an easy fix to that: a) static link [don't rely on already-installed non-updated shared libs], and b) install dependencies yourself, with name changes as needed.

Example, if you need ffmpeg with your appLICATION, include ffmpeg source as part of the distro (for GPL compliance), and ship it with a re-named binary built from that source (or installed into a particular location), all nicely STATIC LINKED to avoid ANY dependency issues with shared libs / DLLs.

With the exception of certain shared MICRO-SHAFT libraries, this is practical and generally does not increase the memory footprint by much. It's what *I* do. POSIX included.

bombastic bob Silver badge

"the slow decline of Windows and PCs into irrelevance"

you're wrong about that. you can't look at NEW computer sales to measure what people are actually using, particularly for business, which is still using windows and desktop/notebook computers.

Although I'd like to see them use LINUX or BSD desktop/notebook computers...

"Savvy users will make all their business apps have web frontends"

Why, so they can look like "Universal" windows CRapps? Puh-lease...

Better off using Py-gtk or Qt than web-based front-ends. Or wxWidgets [which you can translate an MFC appLICATION into with reasonable effort, as long as it's not relying on ".Not"].

Then your GUI applications will run on Winders, Linux, Mac, maybe even Open Solaris. Whatever platform you want, pretty much.

That'd kill the MICROSOFT OS NEAR-MONOPOLY really fast, wouldn't it?

bombastic bob Silver badge

Re: "Makes Windows 10 seem like an infection. Quite apt"

"Got a pop-up yesterday telling me when my Windows 10 upgrade was scheduled. Microsoft need to be hit with the world's biggest anti-trust suit."

I'm waiting for a 'The Register' article on this. Saw one on Tom's Hardware, e-mailed URL to Reg staff yesterday...

http://www.tomshardware.com/news/windows-10-auto-schedules-updates,31802.html

El Reg, this one's pretty heinous. As bad as the malware-looking "upgrade now" or "upgrade later"

bombastic bob Silver badge

Re: So...

"Or are you just going to sit on the same version of Linux forever?"

I typically don't upgrade my BSD machines [other than patches] to bleeding edge. Why bother if it's working? patch the infrequent vulnerabilities. no need for 'bleeding edge' if what you have already works. It's why I'm sticking with Windows 7 for my windows boxen.

As for Linux, I typically stick with one version of THAT as well. It's more stable, particularly for software development. If I upgraded a particular ubuntu build machine (a virtualbox VM) that has patched compilers [patched by me] for a particular CPU, I'd have to re-do the patches. better to leave it 'as-is', because it's *STABLE*. So what if it's 3 years old.

'Bleeding edge' is *OVER*-*RATED*

Flash zero day phished phoolish Microsoft Office users

bombastic bob Silver badge

Re: If I had a genie...

I've heard that in the publishing world, Adobe products are some of the best. What they should NOT have done is Flash, Shockwave, etc. [the biggest security craters on the intarwebs]. Those things are probably costing the company more than they were ever worth, especially reputation-wise.

bombastic bob Silver badge

Re: Tempting to say : 'Good'

"Or the fact you can still embed shit shit in an Office document?"

could be worse, a mail reader could OPEN THOSE AUTOMATICALLY in order to "preview" the attachment. You know. like 'Virus Outbreak' aka 'Microsoft Outlook'.

And the article suggesting that Win-10-nic is any kind of "mitigation" for this is laughable.

"Oooh look a really funny thing, it's in a '.doc' file attached to this e-mail, I need to open the document to view it, I have Office and it can open those"

The fork? Node.js: Code showdown re-opens Open Source wounds

bombastic bob Silver badge

Re: Without open source there would be no leftpad

"...and then what would we do?"

learn how to code without some 3rd party library?

Seriously, maybe it should wake people up to the *evils* of things *like* 300kb java libraries. Do we REALLY need THIS on EVERY web site? It's worse than an irritation. It's a PLAGUE, or a CANCER. 'Teh Intarwebs' needs an enema.

/me points out (again) I hand-code my html and use '<table>' to format it really nice. Why can't others do this? 1/10 the size, or even smaller, faster loads, faster renders, yotta yotta...

(fortunately, MOST open source is far less trivial, and far more useful, than 'leftpad')

Americans cutting back on online activity over security and privacy fears

bombastic bob Silver badge

credit vs debit card

Related to this is how the American banking laws protect credit cards BETTER than debit cards.

As it turns out, if you use a CREDIT card to pay for something online (from an American bank), you can reverse that charge pretty much 'for no reason' within ~30 days of getting your statement, and the money won't go to the vendor [or scammer]. As I understand it, the USA is the only country that does this. And, for this reason, I do *NOT* use debit cards for online purchases. That way if I'm ripped off I can reverse the charge. Also card holders are only responsible for $50 on scams.

but it's a LOT harder to get your money back for debit cards, or from a fraudulent e-check, or any kind of direct access to your bank account. not sure what happens in those cases.

I got new debit cards right away after both the Target and Home Depot breaches. The bank gladly handed them out when I went there in person to get them re-issued, barely any waiting, like they were waiting for me.

Kill Flash now? Chrome may be about to do just that

bombastic bob Silver badge

Re: Off-topic (almost)

"If you have to unblock Javascript just to view the page content, then they're doing it wrong."

WELL SAID!

A couple of years ago, things worked fine if you used noscript and 'gnash' (it's a POSIX thing) rather than Adobe's plugin. Gnash being open source was LESS likely to do evil things, and it had the extra interesting capability of doing automatic stream captures to a directory of your choice. Unfortunately gnash is behind the latest moving target on FLASH specs, and didn't work last time I tried it.

So now I happily disable all flash plugins, on everything, period (even gnash). And I use 'noscript'. It's like "safe surfing". It's amazing how many viruses and hijacks will NOT happen if you block javascript and flash. [and I have others do the same, and it works, even on a Vista system]

And blocking HTML5 content by default, particularly ads - that is *EXACTLY* what *I* want to do! More people should do the same. If *EVERYBODY* does this, then it would force ad servers to use static content again. And, NO SCRIPTING.

/me pointing out that you can make a nice, readable web page by using '<table>' to size columns. I like making the content 85% of the screen width so it's easier on the eyes. no need for script. drop-down menus are overrated.

Criminals exploit zero day Flash vulnerability

bombastic bob Silver badge

Re: Sure it can

there _WAS_ gnash, that used to "sort of" work, but doesn't seem to be keeping up with the moving target aka "standards". So after disabling flash entirely, I don't miss it at all.

Google asks Unicode to look over 13 new emoji showing professional women

bombastic bob Silver badge

Unicode has gone far too beyond what was necessary.

"Unicode has gone far too beyond what was necessary."

I suppose we could just include UNICODE alphabets for all of the Tolkein languages, and Star Trek languages (Klingon, Romulan, Vulcan), and any OTHER sci-fi fictional language for that matter.

No, wait...

http://www.klingonwiki.net/En/Unicode

(an attempt WAS made...)

bombastic bob Silver badge

Re: Why "Music = rock" only?

"Agreed. Let's have emoji for musicians playing musical saw, theremin, glass harmonica and spoons."

don't forget washboard. we can use 'Bender' the robot in that one.

bombastic bob Silver badge

Re: Prejudice

"Your post shows shameful lack of appreciation for the strands of diversity in the community we represent."

hook, line, *AND* sinker!

You did not get the humor nor satire, did you?

Personally, I am *SO* *SICK* *AND* *TIRED* of all of the political-correctness "diversity" nonsense. Why can't we just recognize people as 'human' and NOT make race/sex/appearance/behavior/whatever a criteria for ANYTHING? Are all too many of us as immature as a 4 year old, needing a doll that "looks like me" or something? Or in this case, an emoji. Cue 'rainbow brigade' emoji list ad infinitum. I wonder what the 'gay' one will look like...

But the final conclusion of the original poster was the correct one: let's just abandon the use of emojis, period.

"Your last point completely disregards the feelings of those people"

Not surprising. 'Feel', the new 'F' word as far as I'm concerned. Everybody has them, they're a poor basis for decision making, too many people *feel* instead of *think*, and maybe that's how we got here...

thanks for playing, though.

(or was the smiley at the end an indication of satire?)

Windows 10 build 14342: No more friendly Wi-Fi sharing

bombastic bob Silver badge

Re: symlink support for Linux subsystem

"Also, annoyingly, the arguments to MKLINK are swapped relative to 'ln -s'. Never miss up a chance to be incompatible with other systems, I guess."

There's the RIGHT way, the WRONG way, the MILITARY way, and the MICROSOFT way.

[guess which way THEY chose?]

what I would like to see is a hard-link to a file that does what you see in POSIX systems; that is, it increases the reference count on the physical storage for the file, allowing you to refer to it from anyplace on that volume, and it appears as if it IS "the file" from any of them, but deleting any of those references doesn't delete the actual file until the actual file has no more references.

So Microsoft's 'junctions' really are like symbolic links, and NOT like hard links at all. When you do a 'dir' listing they show up as 'junction', etc. etc. (though I don't recall if a file alias shows up differently or not). And don't even get me started on attributes like 'hidden' and the security things associated with them... *shudder*.

bombastic bob Silver badge

have they fixed the 2D FLUGLY? probably not...

So, have they fixed the 2D FLUGLY (flat/ugly)? probably not...

and I doubt they fixed the adware/spyware or the preponderance of "the Store". Or that 'start thing' (ok I can run classic shell, so it's on ME for that one).

Until Micro-shaft can address THESE! MAJOR! PROBLEMS! I'm not touching Win-10-nic for anything OTHER than verifying that the appLICATIONS that I write are COMPATIBLE with it.

they need a serious CLUE-By-FOUR applied to something...

GitHub pricing change

bombastic bob Silver badge

it's still pretty cheap

So, it's still a pretty cheap cloud-based solution for private projects where multiple developers [particularly remote developers] can collaborate. I've been doing a lot of contract work where the repositories are on (private) github repositories, and I've created a few public ones for my own stuff. It's not perfect, has it's flaws and irritations, but works well enough.

What I didn't see in the article is whether or not these prices are higher or lower than before. Or is that "forthcoming" ?

Blocking ads? Smaller digital publishers are smacked the hardest

bombastic bob Silver badge

Re: Their loss someone else's gain

"Advertising is such an all round shitty thing I am surprised it isn't more regulated for the good of everyone."

I disagree. advertising is GOOD for many reasons. It's just that we should be able to choose whether or not to view it. And, like FAX spamming, and TEXT spamming (and to some extent, e-mail spamming if you consider paid bandwidth), when it costs the RECIPIENT to view advertising, various gummint agencies should either regulate it heavily, or make bandwidth-heavy methods illegal 'for the good of everyone'.

That being said, advertising can be GOOD. You can advertise your skills to get hired, or hiring managers can advertise an available job, and maybe a simple sign on a store is a form of 'advertising' too (I'm looking for a place to buy drain cleaner - hey, there's a hardware store!). It's been around since capitalism came into existence. And I don't want to replace capitalism, because the "something else" would be a WHOLE! LOT! WORSE!!!

bombastic bob Silver badge

Re: "Incentivized" - yech!

"What pushed me to ad blocking was the fact that I can get the computational clap from reputable sites"

that sort of thing has made a few headlines recently (on 'The Register' specifically).

this is why AD BLOCKING (and script blocking, and flash blocking) is part of what I like to call "safe surfing". Think of the ad/script/flash blocker as a CONDOM on your web browser. They shouldn't blame us for using the "net condom" because the alternative is NO web surfing, or risk getting the 'computational clap' as you so eloquently put it.

bombastic bob Silver badge

"I still think network level ad blocking is a terrible idea though, and I'm still kind of expecting some legal or regulatory move to put the kibosh on the whole idea."

ACK, since it 'breaks the internet' and violates any concept of 'net neutrality'.

a simple client-based program or web browser plugin is a better idea. phone providers could even pre-install them. MITM-based filtering works for corporate firewalls, but doing that for wide release again "breaks the internet". It's a pandora's box we don't need opened.

bombastic bob Silver badge

Re: Saving bandwidth

ACK on the 'saving bandwidth' part. If ad-makers would STOP IT with the scripting and the 'flashing' and soon to come, HTML5 video, I doubt people would block them [they'd simply ignore them like I have come to do by habit].

On a related note, the article states:

"The research reckoned that smaller publishers are most at risk from the rapid adoption of ad-blocking software as they often solely rely on revenues from advertising to continue operating."

This may be true, but I doubt anybody cares. I think "better advertising revenue model" is due. They need to find out what ads people will NOT block, and then do those. I can think of ways to put ads on the page that would NOT be blocked. It's called an 'ad banner'. No scripting, no CDNs, a simple graphic with a link. It works. It won't be blocked. It won't be noticed by "the bots" because it will appear to be CONTENT. you could even put a small ad banner in the middle of article text, and as long as there's no obvious scripting and iframes and all that, it will look JUST like content to the bots.

And I doubt anyone would complain, especially if the graphics' file sizes are small. It would be like an ad 'in the middle of' a newspaper article, right below the "continued on page A5" or whatever. People see that ad. It works. And content makers can take a lesson from the hundreds of years of newspaper publishing on THAT one.

Russia poised to unleash 'Son of Satan' ICBM

bombastic bob Silver badge

Re: So ...

I think you and I posted that at about the same time (which is why I missed it when I added my previous comment)

"great minds" and all that

bombastic bob Silver badge

Pootie misses the cold war

Looks like Pootie simply misses the cold war. He "felt" more powerful back then. This new missile is his 'compensation' for... well... heh heh heh.

Microsoft bods tell El Reg: We've re-pivoted open-source .NET Core

bombastic bob Silver badge

Lipstick on a boar

well, ".Not core" is lipstick on a boar as far as I'm concerned.

a photo of their project manager wearing a T shirt with a FLUGLY 2D 'modern' windows logo didn't help. ew.

If they wanted to put a 'face' on the open sourceness, they should've just hired the guy that invented the thing....no, wait...

".Not" is bass-ackwards, and pretends to be 'object oriented' at the expense of resources and performance. You do NOT need to get multi-verse, universe, galaxy, solar system, planet, continent, yotta yotta, atom... just to get 'atom'. It's REDONKULOUSNESS at its best, and no WONDER Windows performance took a dive beginning with Server 2003 [where the UI became VERY "dot Notty" compared to Server 2k and XP].

Windows developers are better coding for the Win32 API (on windows 7, where ~2/3 of windows computer users still are), at least until Microsoft actively tries to stop us.

Can ad biz’s LEAN avert ADPOCALYPSE?

bombastic bob Silver badge

Re: Dear Advertisers, the solution is simple.

even a simple static graphic would be ok with me, NOT in my face, NOT moving, NOT consuming excess bandwidth, NOT tracking my web browsing, and NOT scripted. 'Banners'. they're fine, too. like a newspaper, as you pointed out. They've been in the newspapers for hundreds of years, right? Only recently, when it's possible to have them grab your nose and TWEEK it a few times, did they become heinous.

and 'targeted' advertising, let's say on "El Reg", would consist of "what people who read The Register might be interested in buying". THAT kind of 'targeting' is OK with me. Like a newspaper or magazine.

Gobble away! Charter-Time Warner Cable merger OK'd by FCC

bombastic bob Silver badge

I have been putting off business cable with TWC because of this

I have been putting getting a 'business cable' connection with TWC because of this. Business expense of having a fixed IP DSL with lousy bandwidth is bad enough. monthly price more than doubles to get significantly better bandwidth with cable. I wouldn't doubt that business connections via the cable (which may be the only real option I have) are in ANY way covered by any FCC requirements prior to a merger. I can only imagine that the kinds of "boiler room support in India" I've gotten from the DSL company would be ANY BETTER after a TWC/Charter merger. And so I've tolerated the lousy DSL with a fixed IP address for way longer than I should have.

I guess some more 'wait and see' is in order. A typical TWC biz cable connection would cost around $150/month for 3Mbit up/down and a fixed IP address (or about $110 for 1.5mbit up/down). I'm sure it can only get WORSE, not better, after the merger.

FCC urged to pause its fight against America's $20bn cable-box rip-off

bombastic bob Silver badge

Re: Good. Now we know their names.

"Let's brand "Corporate Shill" on their foreheads so they can't hide that fact"

how about a mandatory mailing of all of their major contributors? One page-full would do [all that stuff is public record]. alternatively, a web page.

tracking all of the non-profit [shell?] corporations (527, 501(c)(4,6)) that have surfaced because of 'campaign finance reform' (quoted cynically) might be a bit trickier... [how many lead to 'George Soros' for example, like 'MoveOn.org']

perhaps an alternative would be a mandatory RIBBON BAR worn on the chest, similar to ribbons and medals for military. Each one indicates a major contributor. then whenever a ConGrab-man stands up to speak, you'll see it all on whatever cable network is televising. Heh, yeah, cable network televising Con-Grab. back to THAT again.

bombastic bob Silver badge

Re: "60 congressmen, largely Republican..."

"Says it all really..."

not the 'republican' part, just the 'congressmen' part. cong-grab needs an enema. [not soap-boxing any more on this, as the rest would be obvious - yeah I'm a Trump supporter]

bombastic bob Silver badge

Re: Small pay-TV providers

keep in mind that a cable provider typically has a 'localized monopoly'. I can only get Time Warner, and with their new merger, I'm sure that customer service will suffer somehow. TWC has recently been bragging (in ads) about improved service, raised their rates a couple of times, and switched us all over to digital cable boxen. The 'rent' is free... for now. Will be $/month at some point (for the cheap, featureless box).

Since the switchover I've noticed malfunctioning channels on more than one occasion, had them try to bill me for a tech visit post-self-install [caused by their screwed up database] because the boiler plate said "let me send a tech over" [week later] tech arrives, "I know what's going on" makes a phone call, it's fixed. THAT kind of thing (then they try to BILL ME for THEIR f-up). And some of the channels had WRONG aspect ratios that couldn't be corrected. And I can't disable channels I never want to see, like MSNBC or a spanish-language channel or whatever (so channel surfing MUST scan THROUGH them). And re-scan doesn't stop 'the weather channel' from popping up an irritating 'malfunction' message.

And let's not forget the occasional stutters, pixelization, and black screens that seem to happen now that it's "all digital". Analog didn't really have THOSE problems...

Maybe it's time to force cable companies to allow others to use THEIR WIRES (at a reasonable fee, of course), similar to the way it happened with telcos. And now it's working with POWER COMPANIES (using the local utility's lines to deliver THEIR power THEY generate, usually solar).

But yeah, utilities are like that. They're "regulated" but not necessarily in OUR favor...

(and I've never seen a 'small pay-TV provider', not even once)

New Firefox versions will make you activate all new add-ons – except one hacker favourite

bombastic bob Silver badge

HTML5 in adverts? I blocked the FLASH ones easily enough!

To think that adverts switching to HTML5 would be a GOOD thing... it's *NOT*.

they're MUCH easier to BLOCK when they use FLASH! How? DISABLE THE FLASH PLUGIN!

(we should keep advertisements in the 'flash' ghetto, for our own good)

Also 'NoScript' helps eliminate flash content. It's amazing how much FASTER a web site that does NOT load embedded video content will display, compared to the alternative...

Official: Microsoft's 'Get Windows 10' nagware to vanish from PCs in July

bombastic bob Silver badge

Re: I'll believe it when I see it...

same here (I'll believe it when I see it). you would think that GWX would have that 'drop dead date' for the offer already built-in, or COULD have. A simple update to GWX that disables the popup windows would be sufficient. How hard could THAT be? or as someone else pointed out, just add line 25 "if past the date, STOP" to their stupid BASIC program that (as Calculon would point out) has an extra 'GOTO 10' line in it.

bombastic bob Silver badge

Re: Why July

"Start thinking for yourself and you might find Windows 10 OK."

As I saw someone else say in this forum, "Dear Mr. Pot, this is Kettle, please revise your statement regarding color". Or something like that.

And I won't find Windows 10 'OK'. I gave it a fair chance a year ago during the 'insider' program. It failed to meet expectations, by a wide margin.

But I DO agree, that they ARE listening [via spyware] as you pointed out.

The 'new' Microsoft? I still wouldn't touch them with a barge pole

bombastic bob Silver badge

WOW!

nice way of putting it all in that article.

I have often said SIMILAR THINGS (and on Microsoft's own discussion board over at answers.microsoft regarding Win-10-nic, even), and generally contrasted them to 'Business 101', aka "the customer is always right, and Burger King's "Have it YOUR way" policy.

What Microsoft is doing is TAKE it OUR way, or we SHOVE IT DOWN YOUR THROAT, so we can (later on) start charging you for it as a SUBSCRIPTION because we *CAN*.

Their giveaway program for Win-10-nic is like a drug dealer giving free samples so he can later scam people with confiscatory pricing, once his 'customers' are addicted to whatever substances he's selling.

This policy dates back to the early noughties during the whole ".Net" initiative. A bit of study would reveal that PASSPORT was their new tollbooth for the information superhighway. Nobody bought into it back then, and then "dot bomb" happened. But ~15 years later that undead horse is BACK again, as the "Microsoft Logon". Who knew?

So, again, WOW to what was said in that article. I'm *VERY* happy to see that at least SOMEONE ELSE besides me thinks that way. Many thanks, kudos, 'dittos', etc.

Have Microsoft-hosted email? Love using Live Mail 2012? Bad news

bombastic bob Silver badge

Re: Give us a breakdown, MS!

well, slightly OT (but it WAS in the article), net stats (like statcounter) seem to indicate that it might be relatively accurate at 300 million. What they're NOT saying is that it's about 1/3 of their customer base using either 8, 8.1, or 10. The rest of us are on 7, Vista, XP, or maybe something else. And that's just based on "who hits the internet" and with Micro-shaft spyware running, I have to wonder how much of that 'traffic' was generated by the spyware...

So if 2/3 of the customer base REFUSE to downupgrade to Win-10-nic, even when it's FREE, they should be paying a LOT of attention to that. But they're not.

bombastic bob Silver badge

Re: Modern synchronization technologies?

"However MS would be mad to drop POP3 and IMAP from Hotmail so other clients apart from Outlook-the-client would carry on working, except for WLM which sees a @hotmail.com or @outlook.com address and automatically configures itself for a nonexistent protocol. Perhaps there's some way to trick it into configuring manually for IMAP."

I certainly hope you're right about this, because if Thunderbird stops being able to read my MSN e-mail (which I've had since MSN was in beta, and I continue to pay $5/month for the e-mail along with 'just in case' dial-in access which I've used on occasion, most recently LAST YEAR), then I'm *DUMPING* my MSN account and e-mail address and anything ELSE that has to do with outlook, hotmail, msn mail, or anything SIMILAR.

I'm not going to use their Win-10-nic mail client. I tested that one a year ago during the insider program, and it tried to screw up my IMAP folders. Fortunately it did no real damage. It's also 2D FLUGLY. And it doesn't run in Linux.

'I thought my daughter clicked on ransomware – it was the damn Windows 10 installer'

bombastic bob Silver badge

Re: Slow checking for updates...

re: not believing the 300 million...

Another possibility is that, like the "Ape" (8.x) sales figures, about 1/3 of users actually *LIKE* the 2D FLUGLY and other "features" of Ape (and now Win-10-nic).

that leaves the OTHER 2/3 of us *SCREAMING* *BLOODY* *MURDER* and vowing to NEVER {down}UPGRADE to 10, *EVAR*.

strangely, Micro-shaft ignores the 2/3, believes the 1/3 to be "everyone", and *INSISTS* the rest of us MUST! HAVE! Win-10-nic!!!

bombastic bob Silver badge

Re: 300 million infections

"Did anyone watch an episode of Equinox (Channel 4) called "The King of Chaos" which aired around 2000?"

unfortunately, no. But I *did* see 'Kingsmen' and the big-bad offers free phone service with a 'special' feature... maybe that's what's behind Win-10-nic?

OK not *that* but still...

Windows 10 free upgrade offer ends on July 29th

bombastic bob Silver badge

Re: No more nagware?

"Does that mean that after July 29 Windows 7/8 users will be left in peace?"

that seems to be the MAIN concern for a lot of us. I fear it is NOT the case.

bombastic bob Silver badge

Promise?

"Windows 10 free upgrade offer ends on July 29th"

PROMISE???

And what makes us think that GWX will *GO AWAY* simply because the 'free' downupgrade goes away?

Ex-HP boss Carly Fiorina sacked one week into new job

bombastic bob Silver badge

Re: Seriously America...

"are these candidates seriously the best you can come up with to run your country?"

sorry, I couldn't run this year.

(actually, at my last on-site job, my predecessor *DID* run for president, I kid you not! In 2008. Richard something. I forget. You can google it)

bombastic bob Silver badge

Re: Next stop for Fiorina

why not put Fiorina in charge of sacking half of the U.S. gummint... "downsizing" Trump style! With Fiorina as the axe-lady. (perfect!)

DATE: January, 2017

FROM: President Trump

TO: half of the government

SUBJECT: YOU ARE FIRED!

Carly gets to pick which half

bombastic bob Silver badge

Re: well, that the UK prez you folk chose ain't much good either!

"Another Churchill quote"

Churchill was BRILLIANT. I was irked when Obaka 'dissed' him by sending the bust back... (ok it was supposedly 'on loan' from Tony Blair but still... not a smart thing to do)

bombastic bob Silver badge

Re: Same old, same old

"They elected Ronald Reagan, they elected George Bush (Jr), they will elect Trump."

hopefully. It could've been worse: Carter, Mondull, AlGore, Kerry, ...

(better to pick the lesser of 2 evils - Cthulhu or Clinton - I pick Cthulhu)

bombastic bob Silver badge

Re: President... Trum...?

"We're all screwed. Doomed & screwed, screwed & doomed."

that's what I said in 2008 when Obaka was elected... and again in 2012

bombastic bob Silver badge

Re: On behalf of the human race

"TRUMP / PALIN 2016"

"Twice the crazy -- twice the fun!"

heh - good one

sit back and enjoy the revolution show

Microsoft sets Feb 2017 date to kill last SHA-1 zombies

bombastic bob Silver badge

"A standard HTTPS server certificate attests that the holder of a given private key is also the owner of a particular domain - nothing more. In particular it asserts nothing about the identity of the owner."

not quite accurate. the server certificate is supposed to match the IP address and/or domain of the server, and be signed by an authority [self-signing works if you allow it to when prompted by the browser] to authenticate the cert itself. As I recall, the CN needs to be the domain name for a server cert. There's a lot of discussion about this online, so it's easy to find. You can use openssl to be your own CA and issue your own server certs. Or you can use cacert.org. But their root cert isn't on Microsoft's OSs by default (or I haven't seen it, at least), so you'll have to load the root cert, and then all of their issued certs will be trusted. That's basically how it works.

so the cert doesn't determine the SSL encryption. It simply validates that the web site in question is who they say they are, and not some man in the middle trying to read your encrypted traffic.

bombastic bob Silver badge

Re: Certificates are the illusion of security

"Is there any evidence these have not had their public keys shared with the spooks. No need to break any SSL protocol or cypher if you have the key to decrypt it all."

um, I don't think you understand the following very well:

a) public/private key encryption

b) SSL protocol handshaking

c) certificate signing and how it authenticates a web site

the public keys in the certs have little to do with SSL protocol, but (as I understand) they're used for validating the signatures, sort of like the way a hashing algorithm can validate a logon and password without revealing the password.

So there's no decryption with a public key. only ENcryption. then you could match the encryption to a known result (I'm assuming) to validate it.

The SSL protocol uses different methods, among them Diffie-Hellman. Time to google if you haven't heard of it.

Or I can simply point you to it: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

so even if you had a cert's private key, you wouldn't be able to use it to decrypt SSL traffic.

bombastic bob Silver badge

Re: Certificates are the illusion of security

"Therefore, although they COULD in theory sign a fake cert of their own and have it accepted by some browsers as being valid credentials for your site and then man-in-the-middle your server so that they accept connections with THEIR generated private key instead of yours, almost any modern browser will throw a fit when they try this."

etc,

very true. I've been deep into researching cert-land over the last ~2 weeks (and some prior). A summary of what I've found: you can be your own CA, but you have to load the root (and other) certs onto the target machines somehow (let's say an application installer program, like the one I recently open sourced). Like with a self-signed cert, however, you throw warnings in web browsers.

Internet Explorer uses Windows' system cert store, and you can have an application installer (let's say) install new root certs to prevent warnings. Incidentally, this can happen without your knowledge from any application running with 'Admin' privs, calling the right functions.

Firefox and other browsers often have their OWN cert stores separate from the OS, so you'll have to get past THEIR security and warnings to load new root certs.

Intarweb filtering appliances often use the 'MITM' technique as part of their operations (did you mention those? I might've missed it), so IT people must load the appliance's root certs on everyone's workstation by policy or manually [whichever].

As for code-signing, kernel drivers require a "microsoft signature" to load from bootup, but they can dynamically load after boot using regular signed certs (so load your root and signing certs and your drivers will work post-boot, but not during boot). Enabling 'self cert' lets you test things, but apparently shuts off DRM-related things. Not like I need them...

Microsot has also added an even BIGGER "tollbooth" with regards to signing requirements in windows 10, allegedly for quality assurance, but most likely to put even BIGGER roadblocks and tolls in place for independent devs and open sourcers, and maybe lock us into all using windows 10 and playing by THEIR rules forever. That's my opinion, ok.

As for web site certs, self-signs work, but throw a warning (typically) as you pointed out. If you accept the cert by ignoring the warning, https will work just fine like it was meant to be.

openssl can create certs easily, and there are several good online resources on how to do this (including my own web page on being your own cert authority). So yeah, the info is a search engine away. code-signing resources go through Microsoft's "circle jerk" documentation hell, so it's harder to find THAT information without time and frustration.

And related, MS's own examples for code signing self-certs actually create certs that use sha1. But sha256 works fine for code signing certs as far as I can tell (creating my own, of course). But I did see some odd behavior in the kernel debug output in Win 7 checked build when using sha256, some assert about the hash length being larger than some value...

hopefully not 'too long' forcing 'did not read'

Biting the hand that feeds IT © 1998–2019