Language Selection

English French German Italian Portuguese Spanish

Microsoft

Life's better together when you avoid Windows 11

Filed under
GNU
Microsoft

October 5 marks the official release of Windows 11, a new version of the operating system that doesn't do anything at all to counteract Windows' long history of depriving users of freedom and digital autonomy. While we might have been encouraged by Microsoft's vague, aspirational slogans about community and togetherness, Windows 11 takes important steps in the wrong direction when it comes to user freedom.

Microsoft claims that "life's better together" in their advertising for this latest Windows version, but when it comes to technology, there is no surer way of keeping users divided and powerless than nonfree software. Developing nonfree software is an inherently antisocial act, for it is intentionally choosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information. Increasingly, this involves not only withholding the source code itself, but even basic information on how the software works: what it's really doing, what it's collecting, and how often it's snitching on users. "Snitching" may sound dramatic, but Windows 11 will now require a Microsoft account to be connected to every user account, granting them the ability to correlate user behavior with one's personal identity. Even those who think they have nothing to hide should be wary of sharing potentially all of their computing activity with any company, much less one with a track record of abuse like Microsoft.

Read more

Proprietary Software, Censorship (Again) by Microsoft's Proprietary GitHub, and Monopoly-Led 'Security'

Filed under
Google
Microsoft
Security
  • Cloud [cracking]: India now 2nd most targeted nation after US [iophk: Windows TCO]

    The most targeted sectors by ransomware in Q2 of 2021 were the government, followed by telecom, energy, and media and communications.

    Spam showed the highest increase of reported incidents -- 250 per cent -- from Q1 to Q2 2021, followed by Malicious Script with 125 per cent and Malware with 47 per cent.

  • The case of the insecure printer

    The latest way to make sure the vendor calls the shots is to insist that printers won't print a page unless they have internet connectivity and are linked to an "HP Smart" account. According to HP, you must connect your HP LaserJet M209dwe, MFP M234dwe, M234sdne, and M234sdwe printers to an HP Smart account before they'll work. (I expect other printers will soon face the same annoying requirement.)

    I'm not happy about this. And it's not just because I'm sure this will monitor my ink or my laserjet cartridge. I'm ticked off because this is a major security hole in my network. I do not want an unauthorized connection to printers in my network reporting who knows what to HP.

  • Github Removes GTA Fan Projects re3 & reVC Following New Take-Two DMCA Notice

    After Take-Two Interactive sent a legal letter to Github referencing a copyright infringement lawsuit against the people behind the popular re3 and reVC Grand Theft Auto fan projects, Github has now removed the repositories for a second time. Take-Two has also demanded the removal of many project forks and wants Github to take action under its repeat infringer policy.

  • Google commits $1M to new Linux Foundation open source security rewards program | VentureBeat

    Google has announced that it’s sponsoring a new open source security program hosted by the Linux Foundation. The Secure Open Source (SOS) Rewards pilot program provides financial incentives for developers working on security around critical open source projects.

    Open source software plays a key role in many essential infrastructure and national security systems, but recent data suggests “upstream” attacks on open source software have increased in the past year as bad actors seek new ways to infiltrate the software supply chain. Moreover, countless organizations — from government agencies to hospitals and corporations — have been hit by targeted software supply chain attacks, leading U.S. President Biden to issue an executive order outlining measures to combat them.

  • Google’s New Spyware in Chrome 94

    Google’s at it again.

    A few weeks ago when Google released Chrome 94 for desktop and Android, a new “feature” added by Alphabet all but slipped under the radar. The feature takes the form of a new API the company is calling Idle Detection. It’s not a feature added to benefit users, but is another way for website owners to keep tabs on you.

    Google says the feature is primarily designed for collaborative multi-user applications such as online games, meetings, and chat boxes.

    “The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification,” the company said on a web page devoted to all of the gee-whiz stuff that’s included in its ad serving platform web browser.

Web Browsers Monopolisation

Filed under
Google
Microsoft
Moz/FF
Web
  • Brave and Firefox to intercept links that force-open in Microsoft Edge

    Microsoft has inadvertently re-heated the web browser wars with the company’s anti-competitive changes to Windows 11. It made it more difficult to change the default web browser and has expanded the use of links that force-opens Edge instead of the default browser.

    The latter issue is something I addressed in 2017 with the release of EdgeDeflector. Instead of using regular https: links, Microsoft began switching out links in the Windows shell and its apps with microsoft-edge: links. Only its Edge browser recognized these links, so it would open regardless of your default browser setting. I created EdgeDeflector to also recognizes them and rewrites them to regular https: links that would then open in your default web browser.

  • What if Chrome broke features of the web and Google forgot to tell anyone? Oh wait, that's exactly what happened

    "Browser monoculture" is often bemoaned as a threat to the web. According to Statscounter, which tracks browser use, over 70 per cent of the market is made up of people using Google Chrome or another browser based on the underlying Chromium project.

    What web advocates worry about when they say this is bad is that Google can effectively determine the future of the web by determining which features to support and which not to. That's a lot of power for a single company that also has an effective monopoly on search and advertising.

    What would happen if Chrome decided to break fundamental features of the web and didn't even feel the need to tell anyone?

    Well, we can answer that question because that's what Chrome did.

    Earlier this year Chrome developers decided that the browser should no longer support JavaScript dialogs and alert windows when they're called by third-party iframes.

Wireguard vs OpenVPN on NordVPN with T-Mobile Home Internet on Debian GNU/Linux. Bonus: T-Mobile Home Internet Nokia modem has bad WiFi defaults.

Filed under
GNU
Linux
Microsoft

Before Private Internet Access went to hell, I once spoke to their former tech support people about Windows 10 in their IRC chat room, and “Max-P” told me that writing VPN software for Windows was the worst part of the job. He said that preventing “leakage”, that is, where your kill switch doesn’t work and your traffic spills out onto the open internet, which is what you bought the VPN to avoid, is very difficult to ensure on Windows.

Furthermore, it’s hard to get any decent sort of throughput on a VPN in Windows, because Windows doesn’t have any sort of usable and secure VPN tech included in the OS. In fact, NordVPN says that if you try using IKEv2 in Windows 10, it will sabotage it by using weak cryptography. (“Note: the Windows system configuration downgrades the cipher to the weaker 3DES-CBC encryption.“)

Most Windows VPN software use “WinTun” to route traffic around and are essentially rate limited and use a ton of CPU time for overhead. That is, doing nothing important at all and tying up system resources. Creating more bottlenecks due to inherently bad design.

The VPN situation on Linux is….better. If it doesn’t make your networking stack great again, it’ll at least help make it tolerable. You can set up NetworkManager and bypass VPN software entirely, and use OpenVPN binaries from your Linux distribution, or you can use something like NordVPN’s client which makes things a little bit simpler, hopefully, with commands like “nordvpn c”, “nordvpn d”, “nordvpn set autoconnect on”, “nordvpn set killswitch on” and so on.

It takes but a few minutes to understand how to use NordVPN’s LInux software, and unlike the Windows version, there isn’t all sorts of nasty stuff going on behind the scenes. The killswitch is just firewall rules. There doesn’t need to be a lot of crazy stuff going on that can make your internet connection unusable if the connection drops out until you reboot the computer, which is what often happens on Windows 10. Also, their client for Linux doesn’t pop up notifications to go read their blog posts.

Read more

Switched from Windows 10 to Debian 11 on Lenovo ThinkBook 15 Gen2 ITL. Plus, thoughts on Ubuntu and Fedora.

Filed under
GNU
Linux
Red Hat
Microsoft
Debian
Ubuntu

I finally got off Windows again.

It seems like every time I buy a new laptop, Windows is all that really works right on it for a while, and then I find a place to hop off.

Well, Debian 11 is that place for my Lenovo Thinkbook 15 ITL Gen2 (really rolls off the tongue, doesn’t it?). This laptop is a monster, and Lenovo got a lot of hardware into it cheaply, but they do cut corners in a lot of scary places.

Like that BIOS update that killed Windows 10 a few months ago.

While Lenovo says this laptop has Ubuntu “Certification”, they don’t support it. In fact, they apparently tell people on Lenovo Forums looking for help to “reinstall Windows”. Hard pass.

I managed to figure out why Ubuntu can apparently see the NVME SSD on this laptop and most other Linux distributions (including Debian 11) can’t.

It turns out that Lenovo is still putting Intel’s “VMD” on laptops. I looked for what in the hell this actually is, and Intel goes on and on about how it’s a “feature” to hide the hardware from the OS which would seem to indicate that it is mostly useful on servers, so when I evaluated Debian and came to the conclusion that everything worked okay, I did a few last steps, including installing one more BIOS update from within Windows. Hoping that it would clean up the mess of warnings that are in seemingly everyone’s system logs if they boot Linux, and which spew a nice bunch of crap about failing to reserve ACPI devices and bogus ACPI AML tables. Alas, it did not.

FWIW, according to at least one Ubuntu developer, they’re an eyesore, but apparently harmless.

Turning off VMD (server article, but after using the NOVO button to get into the BIOS, same deal) managed to make the system log complaints about having access denied go away, which is nice since many people complained that they couldn’t actually boot their computer into Linux until disabling this, even though the installer ran okay.

I also disabled Secure Boot, which has never secured any Linux computer. In fact, about all it ever has done for us is put Microsoft at the “root of trust” and I’d rather trust a hungry bear with a steak in my back pocket than Microsoft.

Oh, and if anyone from the FSF is reading this, feel free to tell Stallman that they can give a Free Software Award to me next time. I haven’t written any Free Software programs, sure, but I also haven’t done anything to sabotage your movement in ways you might never recover from, like Microsoft employee Miguel de Icaza and uEFI “Secure Boot” troll and overall pervert Matthew Garrett have. While you were pinning a medal on Garrett, you also had a page blasting this Security Theater as “Restricted Boots”.

Read more

If you install Windows 11 on an unsupported PC, you will not get updates

Filed under
GNU
Linux
Microsoft

You can always install Ubuntu or Linux Mint

Being a Linux evangelist it would be very remiss of me not to at least mention it is an option that you have. Linux Distros like Ubuntu and Linux Mint are quite user friendly and easy to set up. It’s a lot easier to install Ubuntu on your laptop or PC than it is to install Windows. You can even install Ubuntu or Linux Mint alongside Windows and choose which OS you want to boot into during startup.

I am always telling people that these days it doesn’t really matter which OS you are using as long as you can install Google Chrome. Most of the stuff we do and need is in the cloud. If you are an accountant for example you can use Sage or QuickBooks in the cloud so there is no need for Windows support. You can use Office 365 or Google Workspace and so much more.

Your OS just sits behind the scenes unobtrusively facilitating your desires. There was a time when desktop apps ruled the roost and this was a big reason for you not to install Linux but those days are long gone. Ubuntu 20.04 will be supported for the next 10 years so, 2030 inenge ichipo!

Ubuntu will also run much faster than Windows 11 will ever will on your old Hardware. You can do that or just keep Windows 10 which Microsoft has said they will keep supporting and updating.

Read more

Microsoft is heading for a new antitrust showdown

Filed under
Microsoft
Legal

In July 2021, the UK government invited startups, businesses, and policymakers to a consultation about the most pressing competition problems in the tech industry, ahead of the launch of its new Digital Market Unit (DMU). One person familiar with the discussions says that something odd was happening behind closed doors. In private discussions entrepreneurs claimed Microsoft was behaving in a way they thought was detrimental to healthy competition; yet none dared to publicly call Microsoft out in the consultation.

Most startups complained about Microsoft’s tendency to “bundle” new features in its products that directly competed with the startups’ core creations. But the source says startup founders were too scared of Microsoft’s reaction to go public with their gripes. The founder of an enterprise software startup said that Microsoft would "absolutely kill" their business if they spoke out, the source claims– implying that they feared the tech giant would make their products incompatible with Microsoft’s software ecosystem.

The DMU consultation is slated to conclude on October 1 – whether any British startup will publicly denounce Microsoft is anyone’s guess.

The episode is indicative of an ongoing shift. While Microsoft has been largely absent from heated discussions about Big Tech’s anticompetitive practices for nearly a decade, new entrants are increasingly worried – if not necessarily vocal – about the company’s dominance in both the enterprise software and cloud domains. Regulators in the UK and Europe might soon start taking notice of that, too.

In the past, Microsoft’s tendency to bundle its software products – such as browsers and media players – together in a way that was considered damaging to competition was slapped down by the EU with multimillionaire fines. But since 2014, under the stewardship of CEO Satya Nadella, Microsoft has managed to pull off two great pivots. First, it swore off a software licence model in favour of Office 365’s cloud-based subscription-based model. Then it restyled itself as a tranquil benevolent actor, a far cry from both the second-wave tech giants routinely on the front pages of newspapers for data gluttony and fake news, and Microsoft’s own cutthroat reputation of yore. But several companies, especially in the less headline-grabbing b2b sector where Microsoft is king, think that it has not really changed.

Read more

Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials

Filed under
Microsoft
Security

A flaw in Microsoft's Autodiscover protocol, used to configure Exchange clients like Outlook, can cause user credentials to leak to miscreants in certain circumstances.

The upshot is that your Exchange-connected email client may give away your username and password to a stranger, if the flaw is successfully exploited. In a report scheduled to be published on Wednesday, security firm Guardicore said it has identified a design blunder that leaks web requests to Autodiscover domains that are outside the user's domain but within the same top-level domain (TLD).

Exchange's Autodiscover protocol, specifically the version based on POX XML, provides a way for client applications to obtain the configuration data necessary to communicate with the Exchange server. It gets invoked, for example, when adding a new Exchange account to Outlook. After a user supplies a name, email address, and password, Outlook tries to use Autodiscover to set up the client.

Read more

Windows 11 will be the new Vista (or Windows 8)

Filed under
Microsoft

I've been using Windows 10 in production for about two years now - testing it since even before the official release. Early on, my impression was that it was comparable to Windows 7. Okay. Nothing too special, new or revolutionary. Over time, this impression has changed. With subsequent semi-annual releases, I encountered issues I've never had in Windows before, mostly various system errors and bugs that speak of low quality and bad design. Then, Windows 10 would occasionally undo some of my tweaks and options, wasting my time, and forcing me to tighten the screws ever more. All in all, my outlook isn't bright or happy. Bored and exhausted by the nonsense would be the best word.

Now, Windows 11 is coming. As I've done many times in the past, I logged into my Insiders account and started testing, to see what awaits me. Right away, I found the experience quite dejecting. My early impression of Windows 11 Dev Build was mediocre at best, and it progressively got worse with each update. Different from Windows 10, though. What happened was, I found myself reliving 2011, when I tested Windows 8 and came to pretty much the same conclusions. To wit, this is what I think will unfold.

Read more

Security and Proprietary Software

Filed under
Microsoft
Security
  • Security updates for Monday

    Security updates have been issued by Debian (gnutls28, nettle, nextcloud-desktop, and openssl1.0), Fedora (dovecot-fts-xapian, drupal7, ghostscript, haproxy, libtpms, lynx, wordpress, and xen), openSUSE (xen), Red Hat (rh-ruby27-ruby), and SUSE (openssl, openssl1, and xen).

  • Microsoft Ruined Passwords, Now Aims for a Passwordless Future

    There’s no shortage of security people who will tell you that passwords are broken. It’s also not a coincidence how many of them sell products to supplement or replace passwords. Microsoft just announced that the passwordless future is here. In their announcement they make it clear that passwords are broken, and they should know–they broke them!

    This passwordless future requires that Microsoft follow in Apple’s and Google’s footsteps in deciding which software you are allowed to run on your computer. These vendors don’t trust you to manage your own security, instead they want you to hand all trust over to them. Without them in control, they don’t believe your hardware can be trusted and untrusted hardware isn’t allowed to login to the passwordless future. As more vendors follow in Microsoft’s footsteps to implement passwordless logins, they too will anchor their trust in the hardware and ultimately in Microsoft (or Apple or Google). In the name of security and convenience your computer will be less and less your own.

  • American Malware Purveyor That Did Nothing To Limit Misuse Now Horrified To Find Gov't Of India Misused Its Products

    Another malware purveyor is shocked, SHOCKED to discover its products have been used to do Very Bad Things. Thomas Brewster has more details for Forbes. Here's the setup:

  • Does Your Organization Have a Security.txt File?

    It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.

  • Major agriculture group New Cooperative hit by ransomware attack [iophk: Windows TCO]

    Agriculture group New Cooperative group was hit by a ransomware attack over the weekend, potentially endangering operations of a company key to the agricultural supply chain.

    A spokesperson for New Cooperative confirmed the attack to The Hill on Monday, noting in a statement that the company "recently identified a cybersecurity incident that is impacting some of our company’s devices and systems."

  • [Old] Explainer: Digitech risks for School Boards

    I'm a parent with two children in public schools in Christchurch, NZ. I'm also a software developer with an interest in education. I'm writing this post to make members of NZ school boards of trustees aware of a significant risks they face, but which I believe few if any school boards in NZ recognise, much less attempt to mitigate.

    These risks are created by the software adopted by nearly every school in NZ. This software is provided via national-level agreements made by the Ministry of Education with their vendors, who are mostly US-based multinational technology corporations. Increasingly, school curriculums completely depend on this software.

    Today, nearly every school in NZ is either a 'Microsoft Office 365' or a 'Google Classroom' school. Many schools also embed products like SeeSaw and StoryPark into their student assessment process and depend on them for parental engagement.

    My goal here is to explain the liabilities lurking within this status quo, and how the Ministry of Education has divested responsibility for these liabilities onto individual school board members.

Syndicate content

More in Tux Machines

Kernel and Graphics: Intel, AMD, and NVIDIA

  • Intel teases 'software-defined silicon' with Linux kernel contribution – and won't say why

    Intel has teased a new tech it calls "Software Defined Silicon" (SDSi) but is saying almost nothing about it – and has told The Register it could amount to nothing. SDSi popped up around three weeks ago in a post to the Linux Kernel mailing list, in which an Intel Linux software engineer named David Box described it as "a post-manufacturing mechanism for activating additional silicon features".

  • RadeonSI Lands Another "Very Large" Optimization To Further Boost SPECViewPerf - Phoronix

    In recent months we have seen a lot of RadeonSI optimizations focused on SPECViewPerf with AMD seemingly trying to get this open-source OpenGL driver into very capable shape moving forward for workstation GL workloads. Hitting Mesa 22.0-devel today is yet another round of patches for tuning SPECViewPerf.

  • Vendors Including NVIDIA Talk Up New OpenCL Extensions For Vulkan Interop, NN Inference - Phoronix

    Last Friday night we spotted OpenCL 3.0.9 with several new extensions included. Today The Khronos Group is formally announcing these latest OpenCL additions focused on Vulkan interoperability as well as neural network inferencing. These new extensions for OpenCL 3.0 include an integer dot product extension for neural network inferencing (cl_khr_integer_dot_product) with a focus on 8-bit integer support.

  • RadeonSI Enables NGG Shader Culling For Navi 1x Consumer GPUs - Phoronix

    As another possible performance win for RadeonSI Gallium3D as AMD's open-source Radeon OpenGL driver on Linux systems is enabling of NGG culling for Navi 1x consumer graphics processors rather than limiting it only to newer Navi 2x (RDNA2) GPUs. Merged on Monday was a patch to enable shader culling for Navi 1x consumer SKUs with no longer limiting it to Navi 2x / GFX10.3 or when using various debug options. This culling was also enabled for Navi 1x GPUs but only for the "Pro" graphics SKUs.

Databases: Managing Database Migrations, PostgreSQL-Related Releases

KDE Plasma 5.18.8, Bugfix Release for October

Plasma 5.18 was released in February 2020 with many feature refinements and new modules to complete the desktop experience. Read more

today's howtos

  • Speak to me! – Purism

    My trusty laptop’s speakers gave up the ghost. I don’t like to sit around in headphones all the time, I don’t have any other speakers, and the replacements are still being manhandled by the postman. I’d get used to the austerity if I hadn’t started missing calls from a friend. That’s unacceptable! But what am I supposed to do? Buy extra gadgets just to throw them away after a week? Nope, I’m not that kind of a person. But hey – I have a Librem 5! It has a speaker. It’s open. I have control over it, and I’m a hacker too. So I should be able to come up with a hack to turn it into a speaker for my laptop, right? Pulseaudio to the rescue. I look through the guide. There it is: forwarding audio over a network.

  • How To Install CSF Firewall on Debian 11 - idroot

    In this tutorial, we will show you how to install CSF Firewall on Debian 11. For those of you who didn’t know, CSF is also known as “Config Server Firewall” is a free and advanced firewall for Linux systems. We should use ConfigServer Security & Firewall (CSF) since this CSF have more advanced and comprehensive features than other firewall application such as UFW, Firewalld, or Iptables. Compared to the other Linux firewall application, CSF is more user-friendly and effective which is mostly used by web hosting providers. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the ConfigServer Security & Firewall (CSF) on a Debian 11 (Bullseye).

  • What are the differences between SQL and MySQL | FOSS Linux

    Due to many organizations, businesses, companies, and firms making an online presence, databases have become the core requirement for their daily operations. A database in a layman’s language is defined as a collection of data stored and organized electronically to ensure easy retrieval, access, management, and manipulation of business data. Most business successes depend on databases since they aid in storing essential and relevant data in a central position. Besides, databases also help facilitate communication of crucial business info such as employee profiles, sales transactions, customer profiles, marketing campaigns, product inventory, etc. Furthermore, databases have ensured that the company’s data is secure through various authentication mechanisms like access specifiers, user logins, and sign-ups. This article will talk about the difference between the two popular relational databases SQL and MySQL.

  • How to install Funkin' Psych Engine on a Chromebook

    Today we are looking at how to install Friday Night Funkin' Psych Engine on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • How to Use an SSH Key with Non-root Users - Unixcop

    You can SSH to your Linux instance as root with the key. However, the key doesn’t work for non-root users. So we will illustrate two methods to use SSH keys with non-root users.

  • Allow Port Through Firewall in Ubuntu 20.04 - Linux Nightly

    Ubuntu comes with ufw (uncomplicated firewall) installed by default. This is a frontend for iptables/nftables, the built-in Linux firewall, and is meant to make firewall management a bit easier. In this guide, you’ll see how to add rules to the firewall to open ports and allow certain services to have access through the firewall on Ubuntu.

  • Some regex tests with grep, sed and AWK

    In my data work I regularly do searching and filtering with GNU grep (version 3.3), GNU sed (4.7) and GNU AWK (4.2.1). I don't know if they all use the same regex engine, but I've noticed differences in regex speed between these three programs. This post documents some of the differences.

  • Upgrade to Fedora 35 from Fedora 34 using DNF – If Not True Then False

    This is guide, howto upgrade Fedora 34 to Fedora 35 using DNF. This method works on desktop and server machines. You can also upgrade older Fedora installations (example Fedora 33/32/31/30) directly to Fedora 35. I have tested this method on several machines, but if you have problems, please let me know. Always remember backup, before upgrade!

  • Jenkins: Basic security settings - Anto ./ Online

    Jenkins contains sensitive information. Thus it must be secured, like any other sensitive platform. Thankfully Jenkins provides you with many security options. This guide will show you all the essential bits that you need to know. You access these features on the Configure Global Security page under manage Jenkins.

  • LDAP query from Python · Pablo Iranzo Gómez's blog

    Recently, some colleagues commented about validating if users in a Telegram group were or not employees anymore, so that the process could be automated without having to chase down the users that left the company. One of the fields that can be configured by each user, is the link to other platforms (Github, LinkedIn, Twitter, Telegram, etc), so querying an LDAP server could suffice to get the list of users. First, we need to get some data required, in our case, we do anonymous binding to our LDAP server and the field to search for containing the ‘other platform’ links.