Re: Update Clash
"Automatically rolling out updates may seem like the answer but the practice is not without its problems"
Hence why they only get deployed to Windows Insiders to start with.
3511 publicly visible posts • joined 17 Jan 2013
Hopefully Microsoft will release a Windows Mobile installer for Android handsets via their work with Cyanogen, then at least there will be a more secure OS update option.
(From existing dual boot testing on the same hardware, we already know WM is faster and the battery lasts longer too.)
The people who are getting Windows 10 updates right now are those that signed up to get alpha and beta code via the Windows Insider process.
i.e. they agreed to test potentially buggy software.
We therefore can't draw any conclusions as to what might be released to production Windows 10 systems from what such early test users see.
"Windows Server editions below "Enterprise" have limits on the number of HyperV VMs you can run"
No they don't. See https://www.microsoft.com/en-us/download/details.aspx?id=29189
Any install of Hyper-V supports up to 1,024 VMs per host (or up to 8,000 VMs per cluster)
"the number of RADIUS clients you have have"
Again - no - NPS is not scalability limited by version.
"Windows running on EC2 has a hard limit of 2 RDP sessions"
All Windows versions have a hard limit of 2 RDP sessions - unless you enable Remote Desktop Services.
"Windows -> Linux
Active Directory -> OpenLDAP + Samba
Exchange/Outlook -> Zimbra, Google docs, etc
Office -> LibreOffice
SharePoint -> Liferay, Alfresco, etc"
That's sounds like a great list of what to do if you want to make life hell for all your employees...
"Windows Mobile 10 is already well polished even though its still in preview "
I'm a big fan of Windows Phone / Mobile - especially for business / enterprise use, but if you say it's well polished at the monent then I have to disagree. If you used it for 5 minutes you might think that, but if you use it as your primary phone for a substantial period then you woudl find that there are still many issues and shortcomings to be fixed.
What you say about the current state of Windows Mobile 10 OS is true, but what you don't seem to make very clear is that it not even really a beta yet. I woudlnt recommend it for day to day use and neither do Microsoft. The Mobile version of Windows 10 isnt RTM until ~ October. So we have at least another 3 months or so before we should be making any conclusions as to the final product.
"Their implementation sucks, illustrated by the sort of problems you get when seeking to integrate with Libre/OpenOffice users"
The vast majority of those are problems with Open Office as per the numerous bug complaints in the forums. Microsoft have by far the best ODF implementation and by a long way the most capable Office products in Office 2013.
"The Gendarmerie did a full transition to Linux for their desktop environment in 2013"
I would imagine that their IT needs were extremely basic. Mostly filling in automated forms for instance. Open Source office software clearly doesnt cut it for any real business needs, or more companies would use it.
"Microsoft Office handles a previous version of ODF, either 1.0 or 1.1, I forget which.
It does not support ODF 1.2 recently ratified as an ISO standard (although in very long term use):"
Nope, Office 2013+ fully supports ODF 1.2 in Excel, Word and Powerpoint, and Office 365 supported it since May 2015.
"has recommended that French authorities ditch Microsoft Office tools in favour of the Open Document Format"
The best option for using the most recent version of ODF at the moment IS Microsoft Office. Also the first question it asks you when you launch Office 2010 is do you want to use ODF or XML formats.
This will likely be as successful as the French campaign not to use English words (not very)....
"Their existence is proof of a failed security model, incapable of expressing a set of privileges for a process's execution."
This is indeed a significant architectural limitation - and a security risk as SUDO must always run initially as root / UID0.
Windows is a good example of an OS that does it right with fine grained ACLs (and auditing) capabilities built in from the ground up, and features like constrained delegation meaning an account can have just the admin rights it needs for each task. So for instance in Windows you can set seperate permissions and audit requirements for each and every config item. On *nix you can only do it per file.
"Yes. How much are you prepared to pay for your childrens education"
I already pay quite a lot.
"per mile rates for road usage"
Already pay that via fuel duty.
"having fresh water tankered in"
I already pay the water company for that based on what I use.
"emptying your cesspit"
See the above - I already pay based on water usage - except we have sewers down South.
"personal bodyguards (no Police if you don't pay)"
We already have private security patrols where I live.
"And don't forget to make sure your fire insurance is paid and up to date"
It is.
"I guess the Tories will just have to cut even more public services "
Great, I would rather choose to buy services I need rather than be forced to pay for those I don't.
"and sell off the NHS even faster"
Just to point out that the last Labour government privatised approx. 10 times the value of NHS services that the Conservative ever have.
". I'm a contractor, and think the modest tax increase is not unreasonable."
+1
Especially as at the same time they are making life increasingly uncomfortable for scroungers that don't want to work, and those that are unreasonably subsidised by the state by being in social housing when they could afford commercial rents, or have extra rooms that they don't need.
"Why doesn't PAM (http://www.linux-pam.org/whatispam.html) qualify in your estimation ?"
Because apparently it doesn't prevent thousands of authentication attempts happening against privileged accounts on a default install of any Linux that has Open SSH enabled.
Also a quick read of the RFC that you link to (which you apparently didn't) implies that PAM does not deal at all with unified lockout and password policies, etc - and is just an API that sits between the code that does and other applications.
"the material difference is that an MS font rendering vuln gives root to the attacker whereas vulns such as Heartbleed compromise user processes"
Linux has had plenty of remote vulnerabilities that either give root directly or can be combined with numerous privilege escalation vulnerabilities to get root. For instance the original Slapper Worm - which spread via Open SSL!
I note that as well as the previously mentioned Open SSL remote get root exploits used by Slapper, today we find that Open SSH can allow 10,000 logon attempts per 2 minutes!!
It's a shame Linux doesn't have sensible and modular architecture that can control authentication centrally and not allow an application to compromise something so basic as account lockouts!
See http://arstechnica.com/security/2015/07/bug-in-widely-used-openssh-opens-servers-to-password-cracking/
"Closed source development hides faults so that the customers don't get scared off. "
Thanks to Open SSL etc, we know that the quality of Open Source code is often awful with zero proper security reviews in 18+ years...so being in public view doesn't mean anything is secure.
"that should tell you all you need to know about the accuracy of vulnerability counts for closed source."
It doesn't tell me anything about vulnerability counts for Microsoft OSs. However (seeing as Linux isn't really used on the desktop), try comparing defacement via remote exploit rates for internet facing webserver OSs, or malware levels on mobile phone OSs then...
"anthropogenic, rather than anthropomorphic"
Yes - ooops.
"There's a great deal of scientific uncertainty about (a) how much"
True, and over what timescale - but there is no uncertainty that things are already changing due to AGW, and that the predicted results mostly are not going to be good. At a minimum the sea level rise we already know is going to happen due to AGW is going to cause massive issues even at the most conservative estimates of eventual magnitude.
"You realize that the two reports are measuring two different things, right?
Sea ice extent vs Sea ice thickness
Which one is more important?"
Likely extent as a smaller ice extent impacts how much of the ocean surface is less reflective and will absorb more heat from the sun.
However the sea ice isn't what we really need to worry about as it is floating and when it melts doesn't cause sea level rise. The real issue is the ice shelves and glaciers - some of which do seem to be melting - and even if we stopped emitting CO2 tomorrow will likely already cause an eventual rise in sea level of several metres.
"Clear evidence that Al Gore was right"
At least in regards to Anthropomorphic Global Warming, that hasn't been in any credible scientific doubt for at least a decade now.
"and government energy policies are having the required effect"
If the desired policy is to put heads in the sand and pretend it isn't happening, and the required effect being larger short term corporate profits then yes.
""Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the all posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online,""
And the copies located on servers outside of the colonies where DMCA notices are just something to laugh at?
"It's not clear whether Jay is asserting .NET is less secure and/or easier to use... "
There have been relatively few .Net security issues compared to other commonly used runtimes like Java, PHP, etc And no cases I am aware of where those .Net vulnerabilities have been actively exploited. So it must be option b)....
"Windows Mobile 10. So that the code name for Windows 10 SP1?"
To a degree, yes. What will be released as Windows Mobile 10 will effectively be an updated release of Windows 10.
The majority of work still needed (speaking as someone currently testing Windows Mobile build 10166) is on the mobile specific stuff and core apps, but I'm sure the core OS will updated too as the RTM is allegedly somewhat later in Q4...
"Does anyone have the skinny on whether W10 Pro will have the option to take the updates monthly rather than on a rolling basis?"
No it won't.
"And IIRC eligible Retail versions of Windows will become effectively tied to the device they reside on when they are upgraded"
Yes just like they are now with the existing key.
"you will have todo all permissions file by file, which is rubbish if you do the same on the windows folder"
No - no you don't. Just because you don't understand it doesn't make it broken. If you screwed up the permissions on your Windows folder, run this from an elevated Command Prompt:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
"folder security permissions not inheriting on child folders and files is still probably broken like in windows 7"
This has never been broken as far as I know. You realise inherritance can be deliberately disabled? I suspect the actual problem is somewhere between your chair and keyboard...
"administrators group overrides authenticated users, and users,"
No, it can coexist as a separate permission. It doesnt override anything.
"you should`nt need one or the other or both"
Yes you should for a secure system. Admin / root rights should always require a different account from your normal use.
"take a new install, and program files, add administrators to the audio and ownership, and then administrators group to all child objects,"
Works fine for me. Adminstrators group has access to the Program Files folder by default though so you wouldn't need to add it unless you already screwed something up...
"and all permission will be broke in windows 7"
I assume you mean broken. Broke as an adjective only means out of money!
"In my humble experience an in-place OS upgrade or "repair" is usually a waste of time, even for most home users who are not counting time as cost."
Recent versions of Windows do deal with in place upgrades far batter than older ones, and accumulated "cruft" is mostly dumped in a windows.old folder that can later be deleted after the migration. However, yes clean install is preferable where possible.
"But Win10 is going to be mess"
Build 10166 is already close to production ready from my testing - and it's rumoured RTM is going to be around build 10240 so I can't see why it would be 'a mess'.