Language Selection

English French German Italian Portuguese Spanish

Microsoft

Proprietary Web and Vista 11 Performance Catastrophe

Filed under
Microsoft
Web
  • Client-side content scanning as an unworkable, insecure disaster for democracy • The Register

    Fourteen of the world's leading computer security and cryptography experts have released a paper arguing against the use of client-side scanning because it creates security and privacy risks.

    Client-side scanning (CSS, not to be confused with Cascading Style Sheets) involves analyzing data on a mobile device or personal computer prior to the application of encryption for secure network transit or remote storage. CSS in theory provides a way to look for unlawful content while also allowing data to be protected off-device.

    Apple in August proposed a CSS system by which it would analyze photos destined for iCloud backup on customers' devices to look for child sexual abuse material (CSAM), only to backtrack in the face of objections from the security community and many advocacy organizations.

    The paper [PDF], "Bugs in our Pockets: The Risks of Client-Side Scanning," elaborates on the concerns raised immediately following Apple's CSAM scanning announcement with an extensive analysis of the technology.

  • Vivaldi Adblock is mostly Adblock Plus and ublock-origin.

    The Vivaldi browser has a built-in ad blocker.

    However, the company hasn’t been extremely forthcoming about how it works.

    However, it seems to accept any list in adblock plus format, and Vivaldi seems to have implemented Webkit Content Blockers as well.

    Vivaldi includes a list called “DuckDuckGo Tracker Radar”, which leads to what seems to be a Webkit Content Blocker format list mirrored by Vivaldi.

    In my testing, the DuckDuckGo Tracker Radar seems to largely duplicate what Fanboy’s Ultimate List already had in it.

    While Fanboy’s Ultimate List is not in Vivaldi by default, you can add it by going to Vivaldi Menu/Settings/Privacy, and then select “Block Trackers and Ads”, and then I would suggest de-selecting everything in both columns that Vivaldi defaults to having on, then clicking + under Ad Blocking Sources, then adding https://www.fanboy.co.nz/r/fanboy-ultimate.txt and then Import. It should tell you it brought in a bunch of ad blocking rules.

  • This week's Windows 11 patch didn't fix AMD performance woes • The Register

    Windows 11 received its first bundle of fixes this week, but AMD users hoping for respite from performance issues that have dogged their PCs were to be disappointed. In fact, for some, performance might have actually got a bit worse.

    It wasn't the news AMD fangirls and fanboys were hoping for. After AMD noted performance issues with Microsoft's latest operating system, a fix had been expected to drop during October. Alas, that fix didn't turn up in this week's first Cumulative Update for the GA code. In fact, according to hardware site TechPowerUp, things might have even deteriorated.

  • Microsoft’s first Windows “11” update addresses AMD CPU scheduling problems. Ends up making them worse. – BaronHK's Rants

    Microsoft released their first “Windows 11” update.

    It was deployed to try to correct the AMD CPU problems that Windows “11” created on Ryzen, which tripled L3 CPU cache latency and slowed the processor down by an average of 15%.

    The update ended up making the problem worse. Doubling the cache latency from where it already was at launch.

    “Early adopters” of Microsoft’s latest broken operating system are seeing much worse performance than they were on Windows 10, even on the Intel side, as Microsoft’s “virtualization based security” was already wreaking havoc on video game performance.

  • The "What If" Performance Cost To Kernel Page Table Isolation On AMD CPUs - Phoronix

    Made public this week by CPU security researchers at Graz University of Technology and CISPA Helmholtz Center for Information Security was the research paper published "AMD Prefetch Attacks through Power and Time". The paper points to AMD CPUs suffering from a side-channel leakage vulnerability through timing and power variations of the PREFETCH instruction. The paper argues that AMD CPUs should activate stronger page table isolation by default. AMD has now published their security response where they are not recommending any mitigation changes at this time. But what if Kernel Page Table Isolation (KPTI/PTI) proves necessary for AMD CPUs? Here are some initial benchmarks showing what that performance impact could look like.

Microsoft and CNET confuse users with fake “This PC can’t run Windows 11” errors. Suggest buying a completely new computer.

Filed under
GNU
Linux
Microsoft

Microsoft and CNET confuse users with fake “This PC can’t run Windows 11” errors. Suggest buying a completely new computer.

Mostly, if your machine doesn’t have “Security Theater Boot” and the “Toilet Paper Module” (I jest.) available to be turned on, you need to buy another computer.

Except that you don’t. You could format Windows off your computer entirely and go on happily using GNU/Linux for many more years without fake incompatibility messages from your pals at Microsoft and Intel, where sales have been in the dumps and they need fake error messages to drive new sales.

Read more

Best Free and Open Source Alternatives to Microsoft Office

Filed under
Microsoft
OSS

This series looks at the best free and open source alternatives to products and services offered by Microsoft. This article focuses on the best free and open source alternatives to Microsoft Office.

What are the best open source alternatives to Office 365? This article focuses on replacements for only some of the components of Office 365. We’ll explore other components in later articles in this series.

Read more

Openwashing of Proprietary Traps

Filed under
Microsoft
  • Broadband Forum Launches Latest Open Source Project to Bring Full Benefits of 5G to Fixed-line Services | Business Wire

    The goal of a new Broadband Forum project, Open Broadband – WWC Reference Implementation for 5G-RG (OB-5WWC) is for vendors and operators to bring products to market in a shorter timeframe and enjoy reduced development times and cycles. The Open Source project will bring the full benefits of the 5G ecosystem to fixed-line services and offer a full end-to-end solution to operators.

  • .NET Foundation boss apologizes for pull request that sparked community row

    We covered Littles earlier this week, noting that after he ran for the board on a platform of making it more responsive to developers' needs – rather than Microsoft's. He later quit because, according to a post, "I didn't have the energy to put into an organization that doesn't share my views and stance on what I think the community needs, Sustainable Open Source Software."

    [...]

    The first comment on the apology described it as "a total non-apology" – a sentiment repeated in other comments. The conversation also features some discussion of how to withdraw projects from the foundation.

    The Register suspects the foundation may soon need some new volunteers. Brave new volunteers

  • Microsoft's .NET Foundation under fire as resigning board member questions its role
    [Ed: Microsoft Tim weighs in as well. It's him who helped Microsoft hijack Linux (exporting it to GitHub).]
  • Questions Raised About .NET Foundation

    Littles was elected and took on the role of chair for the Technical Steering Group, hoping to be able to achieve some progress towards Open Source sustainability. However, when he realized that his efforts were futile he resigned from the .NET Foundation board ahead of the 2021 elections which took place in August. He hadn't intended to draw attention to this, but changed his mind when the announcement of the election results reported on his resignation.

Proprietary Leftovers (Mostly Microsoft)

Filed under
Microsoft
  • US Rolls Out New Cybersecurity Requirements for Rail, Air [iophk: Windows TCO]

    Homeland Security Secretary Alejandro Mayorkas announced the measures Tuesday at a virtual cybersecurity conference, warning that recent incidents such as the SolarWinds [crack] and the Colonial Pipeline ransomware attack showed that "what is at stake is not simply the way we communicate or the way we work, but the way we live."

    The new security directives target what the Department of Homeland Security and the Transportation Security Administration describe as "higher risk" rail companies, "critical" airport operators, and air passenger and air cargo companies.

  • Bill requiring companies report cyber incidents moves forward in the Senate [iophk: Windows TCO]

    The bill would require owners and operators of critical infrastructure groups to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. It would also require critical infrastructure groups, nonprofits and most medium to large businesses to report making ransomware attack payments within 24 hours.

  • TSA to issue regulations to secure rail, aviation groups against cyber threats [iophk: Windows TCO]

    According to Mayorkas, the directive will require these groups to “identify a cybersecurity point person” charged with reporting cybersecurity incidents to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), along with establishing “contingency and recovery plans” in the case of cyberattacks.

  • U.S. to tell critical rail, air companies to report [breaches], name cyber chiefs [iophk: Windows TCO]

    The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical” U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose [breaches] to the government and draft recovery plans for if an attack were to occur.

  • The Gates Foundation Avoids a Reckoning on Race and Power

    Over the last year, Doctors Without Borders has faced a major scandal, as more than 1,000 current and former employees signed on to a letter accusing the Nobel Peace Prize-winning humanitarian organization of institutional racism, citing a colonial mentality in how the group’s European managers view the developing world.1

    Such an allegation would be serious in any field, but it deserves another level of scrutiny in the context of global health and humanitarianism, two fields built on a paternalistic premise: rich white people from wealthy nations setting themselves up as saviors of poor people of color. The assumptions embedded in this model have provoked increasingly popular calls to “decolonize” the sector, and many organizations have responded by invoking social justice rhetoric, claiming, for instance, that their work intersects with the Black Lives Matter movement.2

  • Canopy Parental Control App Wide Open to Unpatched XSS Bugs

    The vulnerability arises because the system is failing to sanitize user inputs. The input field allows 50 characters, Young found, “which was plenty to source an external script.”

    He said there are multiple ways to exploit the issue.

Life's better together when you avoid Windows 11

Filed under
GNU
Microsoft

October 5 marks the official release of Windows 11, a new version of the operating system that doesn't do anything at all to counteract Windows' long history of depriving users of freedom and digital autonomy. While we might have been encouraged by Microsoft's vague, aspirational slogans about community and togetherness, Windows 11 takes important steps in the wrong direction when it comes to user freedom.

Microsoft claims that "life's better together" in their advertising for this latest Windows version, but when it comes to technology, there is no surer way of keeping users divided and powerless than nonfree software. Developing nonfree software is an inherently antisocial act, for it is intentionally choosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information. Increasingly, this involves not only withholding the source code itself, but even basic information on how the software works: what it's really doing, what it's collecting, and how often it's snitching on users. "Snitching" may sound dramatic, but Windows 11 will now require a Microsoft account to be connected to every user account, granting them the ability to correlate user behavior with one's personal identity. Even those who think they have nothing to hide should be wary of sharing potentially all of their computing activity with any company, much less one with a track record of abuse like Microsoft.

Read more

Proprietary Software, Censorship (Again) by Microsoft's Proprietary GitHub, and Monopoly-Led 'Security'

Filed under
Google
Microsoft
Security
  • Cloud [cracking]: India now 2nd most targeted nation after US [iophk: Windows TCO]

    The most targeted sectors by ransomware in Q2 of 2021 were the government, followed by telecom, energy, and media and communications.

    Spam showed the highest increase of reported incidents -- 250 per cent -- from Q1 to Q2 2021, followed by Malicious Script with 125 per cent and Malware with 47 per cent.

  • The case of the insecure printer

    The latest way to make sure the vendor calls the shots is to insist that printers won't print a page unless they have internet connectivity and are linked to an "HP Smart" account. According to HP, you must connect your HP LaserJet M209dwe, MFP M234dwe, M234sdne, and M234sdwe printers to an HP Smart account before they'll work. (I expect other printers will soon face the same annoying requirement.)

    I'm not happy about this. And it's not just because I'm sure this will monitor my ink or my laserjet cartridge. I'm ticked off because this is a major security hole in my network. I do not want an unauthorized connection to printers in my network reporting who knows what to HP.

  • Github Removes GTA Fan Projects re3 & reVC Following New Take-Two DMCA Notice

    After Take-Two Interactive sent a legal letter to Github referencing a copyright infringement lawsuit against the people behind the popular re3 and reVC Grand Theft Auto fan projects, Github has now removed the repositories for a second time. Take-Two has also demanded the removal of many project forks and wants Github to take action under its repeat infringer policy.

  • Google commits $1M to new Linux Foundation open source security rewards program | VentureBeat

    Google has announced that it’s sponsoring a new open source security program hosted by the Linux Foundation. The Secure Open Source (SOS) Rewards pilot program provides financial incentives for developers working on security around critical open source projects.

    Open source software plays a key role in many essential infrastructure and national security systems, but recent data suggests “upstream” attacks on open source software have increased in the past year as bad actors seek new ways to infiltrate the software supply chain. Moreover, countless organizations — from government agencies to hospitals and corporations — have been hit by targeted software supply chain attacks, leading U.S. President Biden to issue an executive order outlining measures to combat them.

  • Google’s New Spyware in Chrome 94

    Google’s at it again.

    A few weeks ago when Google released Chrome 94 for desktop and Android, a new “feature” added by Alphabet all but slipped under the radar. The feature takes the form of a new API the company is calling Idle Detection. It’s not a feature added to benefit users, but is another way for website owners to keep tabs on you.

    Google says the feature is primarily designed for collaborative multi-user applications such as online games, meetings, and chat boxes.

    “The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification,” the company said on a web page devoted to all of the gee-whiz stuff that’s included in its ad serving platform web browser.

Web Browsers Monopolisation

Filed under
Google
Microsoft
Moz/FF
Web
  • Brave and Firefox to intercept links that force-open in Microsoft Edge

    Microsoft has inadvertently re-heated the web browser wars with the company’s anti-competitive changes to Windows 11. It made it more difficult to change the default web browser and has expanded the use of links that force-opens Edge instead of the default browser.

    The latter issue is something I addressed in 2017 with the release of EdgeDeflector. Instead of using regular https: links, Microsoft began switching out links in the Windows shell and its apps with microsoft-edge: links. Only its Edge browser recognized these links, so it would open regardless of your default browser setting. I created EdgeDeflector to also recognizes them and rewrites them to regular https: links that would then open in your default web browser.

  • What if Chrome broke features of the web and Google forgot to tell anyone? Oh wait, that's exactly what happened

    "Browser monoculture" is often bemoaned as a threat to the web. According to Statscounter, which tracks browser use, over 70 per cent of the market is made up of people using Google Chrome or another browser based on the underlying Chromium project.

    What web advocates worry about when they say this is bad is that Google can effectively determine the future of the web by determining which features to support and which not to. That's a lot of power for a single company that also has an effective monopoly on search and advertising.

    What would happen if Chrome decided to break fundamental features of the web and didn't even feel the need to tell anyone?

    Well, we can answer that question because that's what Chrome did.

    Earlier this year Chrome developers decided that the browser should no longer support JavaScript dialogs and alert windows when they're called by third-party iframes.

Wireguard vs OpenVPN on NordVPN with T-Mobile Home Internet on Debian GNU/Linux. Bonus: T-Mobile Home Internet Nokia modem has bad WiFi defaults.

Filed under
GNU
Linux
Microsoft

Before Private Internet Access went to hell, I once spoke to their former tech support people about Windows 10 in their IRC chat room, and “Max-P” told me that writing VPN software for Windows was the worst part of the job. He said that preventing “leakage”, that is, where your kill switch doesn’t work and your traffic spills out onto the open internet, which is what you bought the VPN to avoid, is very difficult to ensure on Windows.

Furthermore, it’s hard to get any decent sort of throughput on a VPN in Windows, because Windows doesn’t have any sort of usable and secure VPN tech included in the OS. In fact, NordVPN says that if you try using IKEv2 in Windows 10, it will sabotage it by using weak cryptography. (“Note: the Windows system configuration downgrades the cipher to the weaker 3DES-CBC encryption.“)

Most Windows VPN software use “WinTun” to route traffic around and are essentially rate limited and use a ton of CPU time for overhead. That is, doing nothing important at all and tying up system resources. Creating more bottlenecks due to inherently bad design.

The VPN situation on Linux is….better. If it doesn’t make your networking stack great again, it’ll at least help make it tolerable. You can set up NetworkManager and bypass VPN software entirely, and use OpenVPN binaries from your Linux distribution, or you can use something like NordVPN’s client which makes things a little bit simpler, hopefully, with commands like “nordvpn c”, “nordvpn d”, “nordvpn set autoconnect on”, “nordvpn set killswitch on” and so on.

It takes but a few minutes to understand how to use NordVPN’s LInux software, and unlike the Windows version, there isn’t all sorts of nasty stuff going on behind the scenes. The killswitch is just firewall rules. There doesn’t need to be a lot of crazy stuff going on that can make your internet connection unusable if the connection drops out until you reboot the computer, which is what often happens on Windows 10. Also, their client for Linux doesn’t pop up notifications to go read their blog posts.

Read more

Syndicate content

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Android Leftovers Rianne Schestowitz 16/10/2021 - 7:42am
Story This week in KDE: Plasma 25th anniversary edition is released! Rianne Schestowitz 16/10/2021 - 7:40am
Story Ubuntu Web Remix 20.04.3 Released with /e/ on WayDroid and Linux Kernel 5.11 Marius Nestor 16/10/2021 - 3:04am
Story You Can Use Raspberry Pi 400 As a PC Keyboard and Mouse Combo Roy Schestowitz 15/10/2021 - 11:59pm
Story today's leftovers Roy Schestowitz 15/10/2021 - 11:49pm
Story Security Leftovers Roy Schestowitz 2 15/10/2021 - 11:43pm
Story Videos/Shows: Ubuntu 21.10, LHS, and Chris Titus Roy Schestowitz 15/10/2021 - 11:33pm
Story today's howtos Roy Schestowitz 15/10/2021 - 11:27pm
Story KDE's 25th Anniversary Roy Schestowitz 11 15/10/2021 - 11:21pm
Story Devuan GNU+Linux 4.0 “Chimaera” Released for Software Freedom Lovers, Based on Debian Bullseye Marius Nestor 5 15/10/2021 - 11:19pm