MS Support consistently and repeatedly told me that enterprise allowed me to disable this stuff.
If I can't control the egress then I can't verify PCI compliance. I've already had to revert a client to Win 7 because they failed a PCI compliance audit using Win 10 Enterprise. Which, by the way, is very expensive for small businesses.
Win 10 Enterprise isn't viable for business.
I have a bunch of small business clients and I've had to use a whitelist firewall to pass PCI compliance, someone said here that a whitelist firewall is borderline unusable.
I've sunk so much time into that solution and I can attest, it's not viable.
It's kind of interesting, is it common for you to have Win10 systems in scope for PCI compliance?
It seems unusual to me if any desktop systems are anywhere close to card data, IMHO usually you'd have in scope only a bunch of servers (so, Linux or Windows Server for normal businesses who don't have a reason to wrestle mainframes) in an isolated network, but most of company computers including all the user desktops shouldn't have a way to touch in-scope data or systems in any way whatsoever, so if they're properly isolated (as they should be anyway) they would be out of scope for most of PCI DSS requirements.
Use LTSB. Microsoft tries to scare you into not using it because it doesn't support the Windows store or Edge or have telemetry or any of that fun stuff.
But they keep coming out with respins of it to otherwise keep feature parity with CB Enterprise. A 2017 LTSB based on 1703 should be out soon.
I went through the same thing last year. I spent two months trying to plug all the holes in the enterprise version, for a medium sized healthcare client, and eventually gave up.
The LTSB edition looks promising but I haven't put it under the microscope yet.
I'm curious what was the biggest issue with whitelisting. Was it about making sure services work, or about standard users' daily work? Did you try to comply on everything, or just have a PCI compliant zone?
Also, do you remember what was the specific reason for failing the audit? This all sounds interesting since you've gone though that experience.
>MS Support consistently and repeatedly told me that enterprise allowed me to disable this stuff. If I can't control the egress then I can't verify PCI compliance.
Not that this is necessarily the best solution, but these sound like damages to me.
I don't think they do it on purpose. I think Windows is just a patchwork of cruft at this point.
I'm sure the Enterprise version shares all the code with the non Enterprise versions which have all the spying ... analytics... enabled, so bugs are bound to happen that let this escape into the Enterprise version.
It sounds like the problem is that you didn't set your client's system up properly for PCI compliance. Don't blame Microsoft for your technical incompetence!
Since the first release of W10 several registry keys and policies have changed in very confusing ways. I can't remember what exactly but I had to change my personal scripts several times based on the changelog of other tools. Privacy and settings like default apps were also reverted (reset to default) when you updated. They installed some apps like Candy Crush Saga on Enterprise. I don't see that much of a problem here, it's understandable since they are letting go of legacy stuff, bugs happens (even more after you cut your QA department). Now it's time to stop with all the excuses. Get your shit together.
> Security. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
I have all the possible settings configured, from registry to policies and I still see random connections everywhere. But it's ok because it's not telemetry, right?
> What is NOT telemetry?
> Telemetry can sometimes be confused with functional data.
Is anyone taking legal actions against Microsoft about all of this? Does anyone care? Not everybody can switch all their machines to Linux/VMs, this whole situation makes me angry.
I can't agree with this more.
A client straight up failed a PCI compliance audit, replete with daily fines, for using 10 Enterprise. They decided to pursue legal measures against MS for false claims.
I really hope this gets elevated because reverting to win 7 is a solution with a short life span. The other solution is to rebuild infrastructure on top of a different platform but that's prohibitively expensive.
The switch to Linux or other free operating systems is long overdue. If your excuse is hardware support, then (1) your hardware is probably supported these days and (2) you should not buy hardware that is incompatible with the operating system you plan to use. If your excuse is editing MS Office files, LibreOffice supports the formats and works great, and MS Office on Wine is an option. If your excuse is games, then know that with Steam and Wine combined your potential gaming library is HUGE. If your excuse is laziness or resistance to change, then I thank you for being honest, and urge you to overcome it.
Proprietary operating systems work against your interests. Stop using them.
You're making the same exact argument that people trying to push Linux on the desktop were making 10 years ago, and 15 years (and probably before that, it's just that's when I started dabbling in that stuff).
It boils down to "it works for me, and if it doesn't work for you because of X, Y and Z, then you should just stop doing that".
You can judge for yourself just how persuasive this argument really is by looking at desktop Linux market share over the past 20 years.
Steam works great, and LibreOffice has been good enough to get the job done. I run Google Earth Pro and Sketchup in Wine, even World of Warcraft runs quite well in Wine.
I had a ton of issues with Wine until I found PlayOnLinux. Things still don't quite 'just work' -- but I've been able to use way more than I could before I found it.
KSP and WoW are my two big games, and they both work fine.
Stop using the operating system where everything works: apps, games, hardware, good office package, etc.; rather use an operating system on which debugging to a layman translates to a plane of hell itself, where your hardware may or may not work, and half your game library certainly won't.
I would happily switch to Linux permanently the day the flagship office package UI doesn't resemble Office 97 (the ribbon UI is absolutely fantastic in MS Office), I can get all of my games to work, and I don't need to recompile a kernel to get something as basic as a graphics driver running.
Even if your excuse is needing MSO, I've heard that WPS Office (http://wps-community.org/download.html) works really really well for people migrating, even in cases where LO was insufficient.
A lot of people who use a computer for work purposes have a number of software applications that they must be able to run reliably in order to do their job.
The problem is steadily getting better in some areas, but there are still thousands of specialist applications in service today that only run on Windows. If you are lucky, there may also be Mac versions.
The reality is that it's often not feasible to only run FOSS, and nothing but FOSS.
LibreOffice is fine for basic features. But in a corporate environment you often have lots of addins to interoperate with lots of systems which won't play well with LibreOffice
True. Support has gotten significantly better. It's not perfect, and the failure cases are much worse than Windows (and somewhat worse than OS X), but it's gotten better.
> you should not buy hardware that is incompatible with the operating system you plan to use
This is where you start going off the rails.
People did buy hardware that was compatible with the operating system they do use. It is super presumptuous and weird to try this sleight-of-hand in your argument.
> LibreOffice supports the formats and works great
You are now off the rails and airborne.
Nontrivial Excel spreadsheets break in LibreOffice Calc on the regular and it's significantly slower (!) than Excel besides; anything using VBA, which is still a pretty big chunk of serious Office users especially in enterprises, is a nonstarter for obvious reasons. The UI is also, IMO, a huge step backwards from Office and now that the Ribbon "but but it's different" is far enough in the past that pretty much everybody has switched, another UI switch is probably not worth it.
> with Steam and Wine combined your potential gaming library is HUGE
Sailing through the air with the mountain approaching.
Your potential gaming library is huge--and either indie (which is fine, but limited) or largely broken. Suggesting WINE to somebody who doesn't already know what they're in for is dirty; even gold-flagged games in WINE that aren't a decade old are often broken in ways your average mortal can't fix. If you enjoy being elbow-deep in a computer, this may be fine for you. Most people aren't. Your preaching ignores this. It shouldn't.
> Proprietary operating systems work against your interests. Stop using them.
You've hit the cliffside. There are no survivors.
People will stop using them when open-source ones are good at the things they want. Right now, they're still not, and exhorting people to use an inferior good (for the things they care about) is kinda just doing people dirty.
Don't get me wrong: I would like Linux and other open-source operating systems to be better desktop OSes for normal people (and some of my own projects are intended to help facilitate that) but still, in 2017, it is a raw effing deal for the majority of people to switch to it. This should change. I know you work on stuff to make that happen, and that's awesome. But it's still not something I think can be recommended in good conscience to most folks, even around here.
It barely works for me, and I've been using it on the desktop for fifteen years and have grown accustomed to the need to cultivate tragically low expectations around the whole stack.
Most of his configuration is invalid, due to his misconfiguration of group policy. For example, he disabled the Teredo policy. But here's the help text for that policy: "If you disable or do not configure this policy setting, the local host settings are used."
He made this error countless times, rendering the entire experiment a failure.
Actually I made this error twice, which is far from "countless times". The one Allow Telemetry setting would not have made a difference because I had also configured it manually and the Teredo setting doesn't actually disable Teredo anyway. This does not make the entire experiment a failure.
Enable the Group Policy: Computer Configuration > Administrative Templates > Network > TCPIP Settings > IPv6 Transition Technologies > Set Teredo State and set it to Disabled State.
Reading that, it seems as though you should disable the policy but in fact you should first Enable the policy, then go into the policy settings and Disable the setting there. And even with that mistake, I had it manually disabled in both HKCU and HKLM so if disabled means it uses the local host settings then it should use that.
Nevertheless, there are some serious concerns here:
1. Why is it even connecting to facebook, msn ad services, google analytics, etc when nothing is running?
2 Why is it doing this by default on an Enterprise operating system?
4. Why is this the default setting that requires dozens of group policy settings (and knowledge of group policy) to disable?
5. And why is there no option to opt out completely?
Most of his configuration is invalid, due to his misconfiguration of group policy.
Yeah, it's his fault that he didn't properly navigate the Kafkaesque nightmare that Microsoft has created in order to thwart people from disabling all this spyware.
It's a huge bummer that the (wildly implausible) results he got didn't discourage him from spreading them widely. He later said they were 'unexpected' and he was working on verifying them from scratch reproducibly, but that comes only after misinformation about telemetry is spreading around the web. :(
That's surprising. I would expect the Enterprise edition to perform as advertised. It's a major revenue source and this violates all kinds of security policies.
I find the author's point about people using third-party programs to stop Windows spying, and potentially impairing their security, very telling. He's absolutely correct.
I use programs called Shutup10 and WinAero Tweaker to stop the telemetry myself, and both of these programs have settings that would potentially impair your security, primarily by stopping Windows Updates entirely.
So the real question is this-- is this debacle the consumer's fault or Microsoft's? I know which side I'm on.
Frankly, “settings” in an OS don’t fill me with any more confidence than “settings” on Facebook: software has bugs, and other reasons for not working as advertised. A toggle switch coded with the best of intentions may still not be consulted everywhere that it should, and even software that is correct today can be wrong in 3 months when somebody important quits or a feature is added and nobody thought to check the setting for that new feature.
If this is important to you, demand more open and peer-reviewed source code, and demand that things run behind carefully-controlled walls like sandboxes and limited host files. Don’t just run your organization by trusting one software vendor.
every few weeks Microsoft validate my decision to move my (declining) use of Windows entirely into VMs
if gaming is the problem you can run Windows in a VM at 97% native speed with GFX passthrough, been doing this for almost 2 years now without any problems
Scary indeed, I've noticed that a Windows 10 'Pro' VM I have at times seems to reset or change privacy / security settings. A first I blamed myself for doing something silly without realising it affected these settings or installing some software that changed them (which is a little scary in itself) but then I realised it was after windows update had run, every few months privacy or security behaviour would change.
This is a little chilling. As a home user on Win7, I've avoided Win10, but thought I'd eventually upgrade, just to enjoy newer hardware. I'd thought I could just invest in Enterprise, about $100 these days, and be able to control the more intrusive aspects.
Guess not.
On a semi-related note, I'm using uMatrix, and it never ceases to amaze me how promiscuous every single web site is these days. It's not just in Soviet Russia. You don't use the internet. The internet uses you.
I always use Linux as my preferred OS and a "Just Works" OS like macOS or Windows.
I run Linux as a dual-boot and I run it in a VM from Windows/mac.
It's frustrating because Apple has fallen far behind on hardware I want. I need 3840x2160, a touchscreen, a card reader, both USB 3.0 and 3.1, 16GB of RAM, and full-size HDMI. They've jumped too far ahead into their 'revolutionary' view of the future. I can find better hardware for much cheaper. Dell XPS 13, HP Envy 2-in-1, Toshiba Radius 12... the build quality on the Toshiba is pretty bad, but it out-performs a would-be Macbook. I'm not spending 2 -fucking- thousand dollars for sub-standard hardware simply because I like the OS better than Windows. Apple spies on its users, but at least when you turn it off it's actually off.
I can't continue using Windows because it's clearly hostile to users, and I can't go with Apple because the hardware sucks.
Linux requires so much involvement to keep it running "well".
The "Year of the Linux Desktop" has been a running joke for a long time, but perhaps it's no longer a joke. Not wanting to lose control as far as updates and privacy is concerned, I switched to Linux when Windows 10 came out.
Running Debian Testing with Gnome has been a joy. In my opinion the user experience is easier and better than that of Windows 7 or 8. Office staff could quite easily be trained to click on the Start key or the drop-down Activities menu or move the mouse to the top-left corner to start a program. Office software is quite good. Program-switching keyboard combinations are excellent. The Evolution mail client is very good. Browser software is the same as on Windows or a Mac. Problems with bad fonts, poorly designed UI, lacking drivers etc. are things of the past (with the notable exception of very new hardware).
This may not be possible due to the necessity of using specific proprietary programs that run only on Windows, for example. On the other hand, the level of tech support required is perhaps not significantly greater than what is necessary for installing and maintaining Windows on a bunch of machines.
On the plus side, everything is very fast, tasks like backing up files or systems are simple with GUI or terminal interface, and if you want to learn iptables and set up that router/firewall you can do that too. Everything you learn is an investment instead of an annoyance. Nobody is going through your company or personal files to serve you ads.
There's no reason any more, besides defaults and inertia, why Linux should have 2% desktop market share instead of 10% of somewhat technical people or even 20 or 30% of the general population.
The connections in the first screenshot[0] aren't necessarily from Microsoft. This screenshot shows a DNS lookup for google-analytics.com followed by an attempt to use Teredo. If Chrome is installed then this could be from the Google Update service. It seems unlikely that Microsoft would send usage information to a Google site.
Has anyone done an analysis of MacOS and Chrome OS using similar methodologies? I would be curious as to the extent of the information being sent back to each of the "Mother Ships" in a side by side comparison, if that's even possible.
This might actually be a pretty huge opportunity for a company which can hand hold the transitioning from Windows to Linux in an enterprise. After all, if the new Windows OS is provably non-compliant, shouldn't the enterprise customers be very willing to investigate this option? Are there already companies which do this?
I read that Windows 10 uses peer-to-peer file sharing with any other Windows hosts it locates on the same network.
This way each Windows computer does not have to connect to Microsoft to download, e.g., the Windows 10 "upgrade". It seems like this could also be used to evade attempts by users to block such downloads by blocking Microsoft IP addresses.
Windows 10 could propagate itself through a network of Windows computers, like a ...
Seriously, how does this work in pratice?
Windows 10 does peer-to-peer file sharing automatically without requiring any user interaction?
Any reason why you believe it would respect those rules? Note the one example where a rule was dynamically added to the firewall in the tweets listed here.
Comes in several formats: hosts, firewall, openwrt, dnscrypt. You can choose telemetry, update and extra. Has ip rules aswell as DNS rules.
I am actually thinking of writing a modular openwrt luci plugin to make it easy to add to your router as it is only effective on router level as other have mentioned here.
It's updated regularly, tested and one of the best lists out there, a clean copy and paste works into firewall rules as and there is nothing to install.
Happy user. MS probably really dislikes this because they are adding new domains serving the same function almost every update.
I run Windows in a Parallels VM on my Mac. This VM needs to, on occasion, connect to the Internet. Any way I can--from the outside, without needing to trust Windows--be forced to whitelist what the VM is and isn't allowed connect to?
I can't speak for Parallels, but for VMware Fusion in NAT mode all connections are made via the vmware-natd process which can be filtered by tools such as Little Snitch.
Under KVM the guest has a bridge adapter that you can set rules for on the host OS. So, you can mark, log and all that other fun stuff. Like route all DNS queries from guest to logging-cache DNS running on Host, block ports and full control of egress
outside /etc/hosts redirect to 0.0.0.0 inside (c:\Windows\System32\Drivers\etc\hosts) assuming it is being respected, but how to find list? is very difficult I think, as can change by Redmond c&c server at no notice,
[+] [-] DonkeyChan|8 years ago|reply
[+] [-] PeterisP|8 years ago|reply
It seems unusual to me if any desktop systems are anywhere close to card data, IMHO usually you'd have in scope only a bunch of servers (so, Linux or Windows Server for normal businesses who don't have a reason to wrestle mainframes) in an isolated network, but most of company computers including all the user desktops shouldn't have a way to touch in-scope data or systems in any way whatsoever, so if they're properly isolated (as they should be anyway) they would be out of scope for most of PCI DSS requirements.
[+] [-] fl0wenol|8 years ago|reply
But they keep coming out with respins of it to otherwise keep feature parity with CB Enterprise. A 2017 LTSB based on 1703 should be out soon.
[+] [-] sathackr|8 years ago|reply
The LTSB edition looks promising but I haven't put it under the microscope yet.
[+] [-] wanderyng1|8 years ago|reply
[+] [-] viraptor|8 years ago|reply
Also, do you remember what was the specific reason for failing the audit? This all sounds interesting since you've gone though that experience.
[+] [-] omginternets|8 years ago|reply
Not that this is necessarily the best solution, but these sound like damages to me.
Perhaps a class-action suit may come of this?
[+] [-] Findeton|8 years ago|reply
[+] [-] yuhong|8 years ago|reply
[+] [-] JustSomeNobody|8 years ago|reply
I'm sure the Enterprise version shares all the code with the non Enterprise versions which have all the spying ... analytics... enabled, so bugs are bound to happen that let this escape into the Enterprise version.
[+] [-] soundslikebull|8 years ago|reply
[+] [-] oridecon|8 years ago|reply
From: https://technet.microsoft.com/en-us/itpro/windows/manage/con...
> Security. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
I have all the possible settings configured, from registry to policies and I still see random connections everywhere. But it's ok because it's not telemetry, right?
> What is NOT telemetry?
> Telemetry can sometimes be confused with functional data.
Is anyone taking legal actions against Microsoft about all of this? Does anyone care? Not everybody can switch all their machines to Linux/VMs, this whole situation makes me angry.
[+] [-] DonkeyChan|8 years ago|reply
[+] [-] ddevault|8 years ago|reply
Proprietary operating systems work against your interests. Stop using them.
[+] [-] int_19h|8 years ago|reply
It boils down to "it works for me, and if it doesn't work for you because of X, Y and Z, then you should just stop doing that".
You can judge for yourself just how persuasive this argument really is by looking at desktop Linux market share over the past 20 years.
[+] [-] sathackr|8 years ago|reply
Steam works great, and LibreOffice has been good enough to get the job done. I run Google Earth Pro and Sketchup in Wine, even World of Warcraft runs quite well in Wine.
I had a ton of issues with Wine until I found PlayOnLinux. Things still don't quite 'just work' -- but I've been able to use way more than I could before I found it.
KSP and WoW are my two big games, and they both work fine.
[+] [-] jvdl|8 years ago|reply
Stop using the operating system where everything works: apps, games, hardware, good office package, etc.; rather use an operating system on which debugging to a layman translates to a plane of hell itself, where your hardware may or may not work, and half your game library certainly won't.
I would happily switch to Linux permanently the day the flagship office package UI doesn't resemble Office 97 (the ribbon UI is absolutely fantastic in MS Office), I can get all of my games to work, and I don't need to recompile a kernel to get something as basic as a graphics driver running.
[+] [-] hobarrera|8 years ago|reply
[+] [-] sjellis|8 years ago|reply
The problem is steadily getting better in some areas, but there are still thousands of specialist applications in service today that only run on Windows. If you are lucky, there may also be Mac versions.
The reality is that it's often not feasible to only run FOSS, and nothing but FOSS.
[+] [-] cm2187|8 years ago|reply
[+] [-] eropple|8 years ago|reply
True. Support has gotten significantly better. It's not perfect, and the failure cases are much worse than Windows (and somewhat worse than OS X), but it's gotten better.
> you should not buy hardware that is incompatible with the operating system you plan to use
This is where you start going off the rails.
People did buy hardware that was compatible with the operating system they do use. It is super presumptuous and weird to try this sleight-of-hand in your argument.
> LibreOffice supports the formats and works great
You are now off the rails and airborne.
Nontrivial Excel spreadsheets break in LibreOffice Calc on the regular and it's significantly slower (!) than Excel besides; anything using VBA, which is still a pretty big chunk of serious Office users especially in enterprises, is a nonstarter for obvious reasons. The UI is also, IMO, a huge step backwards from Office and now that the Ribbon "but but it's different" is far enough in the past that pretty much everybody has switched, another UI switch is probably not worth it.
> with Steam and Wine combined your potential gaming library is HUGE
Sailing through the air with the mountain approaching.
Your potential gaming library is huge--and either indie (which is fine, but limited) or largely broken. Suggesting WINE to somebody who doesn't already know what they're in for is dirty; even gold-flagged games in WINE that aren't a decade old are often broken in ways your average mortal can't fix. If you enjoy being elbow-deep in a computer, this may be fine for you. Most people aren't. Your preaching ignores this. It shouldn't.
> Proprietary operating systems work against your interests. Stop using them.
You've hit the cliffside. There are no survivors.
People will stop using them when open-source ones are good at the things they want. Right now, they're still not, and exhorting people to use an inferior good (for the things they care about) is kinda just doing people dirty.
Don't get me wrong: I would like Linux and other open-source operating systems to be better desktop OSes for normal people (and some of my own projects are intended to help facilitate that) but still, in 2017, it is a raw effing deal for the majority of people to switch to it. This should change. I know you work on stuff to make that happen, and that's awesome. But it's still not something I think can be recommended in good conscience to most folks, even around here.
It barely works for me, and I've been using it on the desktop for fifteen years and have grown accustomed to the need to cultivate tragically low expectations around the whole stack.
[+] [-] dingo_bat|8 years ago|reply
For very small values of "works". I've found that even high school projects turn out to be a bit too much for libre office.
[+] [-] withinrafael|8 years ago|reply
He made this error countless times, rendering the entire experiment a failure.
Oops.
[+] [-] m8urn|8 years ago|reply
But to show how easy of a mistake this is to make, here is what Microsoft's documentation from https://docs.microsoft.com/en-us/windows/configuration/manag... says:
Enable the Group Policy: Computer Configuration > Administrative Templates > Network > TCPIP Settings > IPv6 Transition Technologies > Set Teredo State and set it to Disabled State.
Reading that, it seems as though you should disable the policy but in fact you should first Enable the policy, then go into the policy settings and Disable the setting there. And even with that mistake, I had it manually disabled in both HKCU and HKLM so if disabled means it uses the local host settings then it should use that.
Nevertheless, there are some serious concerns here:
1. Why is it even connecting to facebook, msn ad services, google analytics, etc when nothing is running?
2 Why is it doing this by default on an Enterprise operating system?
4. Why is this the default setting that requires dozens of group policy settings (and knowledge of group policy) to disable?
5. And why is there no option to opt out completely?
[+] [-] PhantomGremlin|8 years ago|reply
Yeah, it's his fault that he didn't properly navigate the Kafkaesque nightmare that Microsoft has created in order to thwart people from disabling all this spyware.
[+] [-] kevingadd|8 years ago|reply
[+] [-] hendersoon|8 years ago|reply
I find the author's point about people using third-party programs to stop Windows spying, and potentially impairing their security, very telling. He's absolutely correct.
I use programs called Shutup10 and WinAero Tweaker to stop the telemetry myself, and both of these programs have settings that would potentially impair your security, primarily by stopping Windows Updates entirely.
So the real question is this-- is this debacle the consumer's fault or Microsoft's? I know which side I'm on.
[+] [-] makecheck|8 years ago|reply
If this is important to you, demand more open and peer-reviewed source code, and demand that things run behind carefully-controlled walls like sandboxes and limited host files. Don’t just run your organization by trusting one software vendor.
[+] [-] blibble|8 years ago|reply
if gaming is the problem you can run Windows in a VM at 97% native speed with GFX passthrough, been doing this for almost 2 years now without any problems
the vfio subreddit has a lot of info: https://www.reddit.com/r/VFIO/
MS are then free to spy on me playing starcraft as much as they want
[+] [-] mrmondo|8 years ago|reply
[+] [-] allears|8 years ago|reply
[+] [-] blitmap|8 years ago|reply
I run Linux as a dual-boot and I run it in a VM from Windows/mac.
It's frustrating because Apple has fallen far behind on hardware I want. I need 3840x2160, a touchscreen, a card reader, both USB 3.0 and 3.1, 16GB of RAM, and full-size HDMI. They've jumped too far ahead into their 'revolutionary' view of the future. I can find better hardware for much cheaper. Dell XPS 13, HP Envy 2-in-1, Toshiba Radius 12... the build quality on the Toshiba is pretty bad, but it out-performs a would-be Macbook. I'm not spending 2 -fucking- thousand dollars for sub-standard hardware simply because I like the OS better than Windows. Apple spies on its users, but at least when you turn it off it's actually off.
I can't continue using Windows because it's clearly hostile to users, and I can't go with Apple because the hardware sucks.
Linux requires so much involvement to keep it running "well".
Just argh.
[+] [-] gub09|8 years ago|reply
Running Debian Testing with Gnome has been a joy. In my opinion the user experience is easier and better than that of Windows 7 or 8. Office staff could quite easily be trained to click on the Start key or the drop-down Activities menu or move the mouse to the top-left corner to start a program. Office software is quite good. Program-switching keyboard combinations are excellent. The Evolution mail client is very good. Browser software is the same as on Windows or a Mac. Problems with bad fonts, poorly designed UI, lacking drivers etc. are things of the past (with the notable exception of very new hardware).
This may not be possible due to the necessity of using specific proprietary programs that run only on Windows, for example. On the other hand, the level of tech support required is perhaps not significantly greater than what is necessary for installing and maintaining Windows on a bunch of machines.
On the plus side, everything is very fast, tasks like backing up files or systems are simple with GUI or terminal interface, and if you want to learn iptables and set up that router/firewall you can do that too. Everything you learn is an investment instead of an annoyance. Nobody is going through your company or personal files to serve you ads.
There's no reason any more, besides defaults and inertia, why Linux should have 2% desktop market share instead of 10% of somewhat technical people or even 20 or 30% of the general population.
[+] [-] tjalfi|8 years ago|reply
[0] https://twitter.com/m8urnett/status/866353982217699328
Edited to omit needless words
[+] [-] STRML|8 years ago|reply
[+] [-] danielcberman|8 years ago|reply
[+] [-] thr0waway1239|8 years ago|reply
[+] [-] quickben|8 years ago|reply
[+] [-] 10165|8 years ago|reply
This way each Windows computer does not have to connect to Microsoft to download, e.g., the Windows 10 "upgrade". It seems like this could also be used to evade attempts by users to block such downloads by blocking Microsoft IP addresses.
Windows 10 could propagate itself through a network of Windows computers, like a ...
Seriously, how does this work in pratice?
Windows 10 does peer-to-peer file sharing automatically without requiring any user interaction?
[+] [-] davidgerard|8 years ago|reply
[+] [-] jmacpore|8 years ago|reply
[+] [-] jacquesm|8 years ago|reply
[+] [-] CommanderData|8 years ago|reply
Comes in several formats: hosts, firewall, openwrt, dnscrypt. You can choose telemetry, update and extra. Has ip rules aswell as DNS rules.
I am actually thinking of writing a modular openwrt luci plugin to make it easy to add to your router as it is only effective on router level as other have mentioned here.
It's updated regularly, tested and one of the best lists out there, a clean copy and paste works into firewall rules as and there is nothing to install.
Happy user. MS probably really dislikes this because they are adding new domains serving the same function almost every update.
[+] [-] mschuster91|8 years ago|reply
And embedded stuff aside, a system with a firewall whitelist on a separate box is unusable for daily use...
[+] [-] JumpCrisscross|8 years ago|reply
[+] [-] mcbridematt|8 years ago|reply
[+] [-] arm|8 years ago|reply
EDIT: Just realized it was already mentioned by mcbridematt, and with more detail too! I’ll just leave this comment here for the Little Snitch link.
――――――
¹ — https://www.obdev.at/products/littlesnitch/index.html
[+] [-] edoceo|8 years ago|reply
[+] [-] johncolanduoni|8 years ago|reply
[+] [-] nthcolumn|8 years ago|reply