Microsoft had a good licensing model that sort of worked. Instead, they are going towards selling malware for free or at a very low cost to manufacturers. It is kind of sad. The UX on Windows 10 for me still feels better for an average Joe compared to Apple and Gnome or KDE. Windows 10 also had WSL2 which made it an okay development system. Then they made a UI that sort of drifted off into something unknown and put in a bunch of telemetry and spyware. Their browser is now riddled with ads. Microsoft and Google have such talent, then talent that is basically making large surveillance software at this point.
> Windows 10 also had WSL2 which made it an okay development system.
To be honest, I would have preferred WSL1 which implemented the syscalls directly under Windows for the best possible integration, but they eventually just threw that away and switched to using virtual machines!
To be fair it's quite impressive WSL1 got this far, but ultimately it was doomed from the start if one targets perfect compatibility.
Given there's no "Linux specification" the spec is the actual code, nooks and crannies and all, down to nitty gritty details and implicit behaviours that end up indirectly getting relied upon. The only solution is to basically implement these in excruciating details, which may or may not possible depending on the Windows things being wrapped. Then the question of intellectual property, copyright, and licensing come in, as MS would have to ensure that it's a clean room implementation or be subject to GPL terms (cue the Oracle Java vs Android shenanigans).
So at some point it makes sense to just throw a VM at the job, cleanly separating realms, sidestepping any legal landmines, and ensuring perfect compatibility, especially as the whole HyperV infrastructure is quite solid and used throughout the MS ecosystem as a general strategy, e.g the Xbox uses HyperV to isolate games and apps.
Tangent: I wish (the VM part of) WSL2 would be available on Xbox, allowing one to run Linux while keeping the whole regular OS and features!
WSL1 was a dead end, not because of compatibility but because of performance, especially when it comes to file system access and process operations. Windows is supremely complex in both, with things like filesystem filters, fused fork+exec+setuid+setcap+doWindowsStuffThatDoesntHaveUnixEquivalents syscalls, all of which you cannot avoid. If you layer a Linux syscall personality on top of that, things will get molasses-slow quickly.
To be fair, at least on the syscall side, WSL1 was built in kernel space on Pico Processes, not regular NT processes. They very much were able to avoid the windows cruft. It really seemed to be the long tail on compat and the impedance mismatch on the vfs layer that killed it.
Correct - the semantics are simply too different to directly emulate. The simple fact that starting processes takes much longer in Windows cripples naive implementations, for example.
Wine is an amazing piece of software,but it’s still easy to find issues in many apps. Microsoft wanted something it could sell as a general Linux replacement, so it needed close to 100% compatibility.
It doesn't mean they are implementable atop NT/Windows kernel facilities, semantics, and behaviours, in which case it's an alternative implementation to maintain that foregoes integration.
While Wine's effort and compatibility levels achieved are impressive, they actually prove my point: compatibility is a constant fight, there are a ton of tunables (some automated), and it's still not perfect (which is what a VM gives you for essentially free).
There's more than "basic" syscall interface to it though, there's the whole implementation of features (that are GPLv2 licensed) e.g btrfs? iptables? ebpf? ptrace? hold my beer; run kernel-backed wireguard in WSL2? no problem; alsa? you betcha; real time facilities? sure! custom kernel with a missing feature like usb passthrough? be my guest; contribute to the linux kernel code? entirely possible. It's all there, today, and not at the mercy of MS's will or ability to implement this or that.
yeah, windows already ran in hyper-v anyway for protection of high-level processes at the hypervisor level, so it probably wasn't even that much of a leap to introduce other VMs alongside windows (aka WSL2)
I'd never used WSL1, but I use WSL2 at work (where I'm forced to use Windows). It's OK. I don't understand all the fanfare about it, though, because it's only OK. I still need to have a real Linux system around. WSL2 isn't an adequate replacement.
Windows 10 isn’t much different in terms of data collection. For example, for each USB drive you connect, it sends the serial number, partitions etc to Microsoft, as well as when you connect and disconnect it. And they probably know what smart TV you have in your living room even if you haven’t used it from your PC.
Windows 10 is terrible at privacy. It is known to broadcast to 400 IP addresses. It’s not the OS to use to avoid privacy issues in Windows 11.
Windows 10 may have been your last benefits-outweigh-drawbacks release, but I'd argue the the blatant user hostility really started in Windows 8 (and tainted 10 as well).
For me the turning point was Fall Creators Update.
I bought a Samsung Galaxy Book 12 bundled w/ a Staedtler Noris Digital Stylus, and it was perfect --- then Fall Creators Update crippled the stylus making it impossible to select text --- rolled back to 1703 twice, but finally broke down and bought a Samsung Galaxy Book 3 Pro 360.
Currently trying out a Wacom One paired w/ a Linux box and wishing someone would make a nicer screen w/ touch which used standard pens (don't want to go to a Cintiq since it would lose on the synergy/compatibility of _all_ my devices using the same pen technology).
Huh I owned a Surface Book at the time and I don't recall the stylus breaking after that update. Did you confirm that the issue affected all Samsung models with a stylus?
I'm reading this comment as opposition to the rule of law
The law they broke is of the type where you can't be known if what you're doing is allowed or not in advance. Dictatorships love these sorts of laws, but unfortunately in the West companies are made to deal with a bunch of them
With all the privileges granted to these companies in the west, shouldn't they also bear some responsibilities to continue to serve the public fairly as well?
Exactly; these are highly successful companies. Sure, they're destroying the planet and leading us to doom, but they're giving the people what they want. Just look at the discussion here today about how awful cars and parking are, and how many people trash public transit and walkable cities because they like their cars and driving everywhere.
The problem isn't big corporations, the problem is regular, everyday people.
they are not wrong, though. from my time in the US, unless you're lucky and decide to stay in a city with half-decent public transport, you NEED a car to get around. No busses, no trains, no trams, only ever-expanding highways and stroads.
these companies spent a whole century destroying public transport to sell more cars. they spend that century spreading propaganda about cars, bribing politicians (or lobbying as you like to call it), and completely redoing the entire infrastructure of a major world power for... more money. you cannot blame the people being exploited for having to buy into a system they cannot do without, in a country where public transport is just a hollow imitation of itself from the past. again, they spent trillions to get things how they are now! government propaganda since the red scare hasn't been as effective as this.
The voters are the ones who don't want walkable cities. Just look at how enraged they get every time some city government (like Culvert City CA) tries to take away car lanes and make them into cycling lanes.
Stop blaming this on "the corporations". The people are the real problem here. They wanted to move away from the Black people and have redlined suburbs away from them, and this is what they got. Euclidean zoning is entirely a local issue, not something forced on everyone by lobbying.
In my view Windows has always been a great development system. Been doing both php and c# development on windows for years and it always been "start computer, install wamp/editor or visual studio" then you are set and can develop great software.
Here you go, works on default Windows 10/11 install:
- open terminal
- winget install -e --id ojdkbuild.openjdk.11.jdk
> The winget command line tool enables users to discover, install, upgrade, remove and configure applications on Windows 10 and Windows 11 computers. This tool is the client interface to the Windows Package Manager service.
Ah, winget. Another proof that Microsoft never stopped being abusive as fuck.
Inviting over open source developers under false pretenses, milking them for all the knowledge of their projects and then proceeding to ghost them for months before releasing a complete ripoff of the original open source project.
At least they wont suffer a culture clash from the Activision acquisition.
With php its very little difference except that you run Windows and get all the benefints from that regarding drivers and software support, i have yet found an equaly good database manager on linux as heidiSQL(it is unstable in wine) for ex. Also it "feels" easier to click on the wamp installer and just run it from there compared to sudo apt install xyz.
With C# the difference is huge since you just need to install visual studio and you have everything you will need, with the best tooling there is.
>i have yet found an equaly good database manager on linux as heidiSQL(it is unstable in wine) for ex.
How does it compare to the mysql one or MS sql server management studio for that matter?
> Also it "feels" easier to click on the wamp installer and just run it from there compared to sudo apt install xyz.
Wamp installer is windows specific but i'd assume you browse to find the download for it, etc or use winget or chocolately instead of sudo install xyz, etc so i fail to see the advantage there?
Similarly I'd just open pacmac and click to install xampp or so no?
Maybe an equivalent experience can be had using the windows store if WAMP is found on there but i think the windows store is a bit of a disaster still. (It can't seem to grasp that I do not speak French all that well for example)
>With C# the difference is huge since you just need to install visual studio and you have everything you will need, with the best tooling there is.
There's a reason people jokingly call it microsoft java. The second half might be mischaracterizing it on many fronts but the first half is true to form.
I'd argue it as an argument in this matter is similar to bringing up the best platform for developing with Swift.
>How does it compare to the mysql one or MS sql server management studio for that matter?
It dosent compare, but then when working with php and mariadb you dont often use the advanced/esoteric features you have in SQLserver
>Wamp installer is windows specific but i'd assume you browse to find the download for it, etc or use winget or chocolately instead of sudo install xyz, etc so i fail to see the advantage there?
Well there is less configuring with wamp and there are gui tools to manage things, installing the services in linux and setting them up is always a bit more work. I have never tried xampp in linux so it might be equal there.
>There's a reason people jokingly call it microsoft java. The second half might be mischaracterizing it on many fronts but the first half is true to form. I'd argue it as an argument in this matter is similar to bringing up the best platform for developing with Swift.
It being an complete integrated package from the OS to the IDE is the best feature about dotNet. You can look at it the same way as "the lisp machine" but with better third party software support. I guess swift has the same benefits, altho when i tried it the tools where not really up to the same standards as visual studio.
I have yet came across a language platform i cant develop with ease on windows. Also these days with tech such as docker etc there really are no boundaries.
>It being an complete integrated package from the OS to the IDE is the best feature about dotNet.
In a general purpose development context I consider it a downside. In the same way that I don't consider it a boon for XCode & the like that I can't run it on my machine and will need to go buy a mac.
When it comes to a more general purpose development context I find that a lot of things have this "if you are on windows" asterisk. From recent memory it can go from the rustup installation page just referring to a completely different page or rediscovering that text files having diverging line endings there or needing to do some workarounds when making commandline tools in such low level languages so that they'll also work on windows, needing to bundle some redistributable dll in your installer to make things work on windows even if you used visual studio on windows to make your binary. They'd work everywhere except windows because vcruntime isn't statically linked by default or something.
Given PHP being mentioned think this was also the reason it took so long for various PHP functions to become available on windows in the past (Not sure if they're all available now. I haven't kept up).
I remember discussions from back then with complaints about Windows being a second class citizen for php when that wasn't really the case rather it was just more often the odd one out.
Unless I'm blind, the article doesn't contain any actual evidence of telemetry being sent – just a list of domains contacted, and speculation on what their purpose might be.
I don't doubt that Windows collects and transmits telemetry data (hell, text editors do that nowadays), but if an analysis of that exists, it is not in this article.
> I don't doubt that Windows collects and transmits telemetry data (hell, text editors do that nowadays), but if an analysis of that exists, it is not in this article.
Such an analysis does not exist because that traffic is encrypted. Which is also the reason why using Windows 10/11 is not fully compliant with EU privacy laws in places like Germany, as there is no telling what Windows is actually phoning home.
Officially Windows 10/11 can be used but only after jumping through a lot of hoops that involve turning off the telemtry and phoning home, but even then only with an "acceptable residual risk" [0]
The only reason this isn't a bigger topic is because there is no realistic alternative; Everything is tailored to MS, and MS spends absurd amounts of money and effort to prevent anything from changing that.
So the majority just goes with the "easiest" and most convenient solution, even when it might actullay be an "illegal" solution that enables a ton of industrial espionage.
> Such an analysis does not exist because that traffic is encrypted.
... by software that resides on the same system, with keys that are in memory on the same system.
I'm not saying it's trivial to decrypt the traffic, but it's certainly possible, and much, much harder reverse engineering is routinely being performed.
Then go right ahead and do that, there will be a myriad of official government instutions, from all over the world, that would be very interested in your findings.
Or MS could simply share the keys with those government institutions there have been literally asking for it, to see wether Windows is actually sending home privacy relevant data.
But the matter of fact is it's a very real issue and still on-going problem.
Just because investing a lot of effort could shed some further light on it does not really change anything about that or the non-compliant behavior MS engages in.
Security only being as good as the effort lobbed at it to break it, is not really a novel or useful insight in this scenario.
The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
https://learn.microsoft.com/en-us/windows/privacy/diagnostic...
If they're using standard TLS, the actual data encryption is symmetric, so the encryption keys are the decryption keys and must be in memory during the encryption process.
If it is TLS you can get the keys used in the session from lsass’ memory. I’ve even written a tool to do so in PowerShell https://gist.github.com/jborean93/6c1f1b3130f2675f1618da5663.... This will generate a log file that contains the keys needed for Wireshark to decrypt TLS traffic.
My claim is it's not standard TLS or there's an additional layer (external encryption key) because an actual decryption of telemetry traffic has never been demonstrated.
Yeah, this comes up over and over again: people see that connections are being made, but because it's hard (not impossible! but considerable work) to trace where they're coming from and what they actually _contain_, we're left with ambiguity.
(you'd need the Windows kernel debugger and to reboot the thing in developer mode. This is a pretty niche skillset)
The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
https://learn.microsoft.com/en-us/windows/privacy/diagnostic...
You posted this twice but i'll reply to the first one.
If you trust Microsoft to not send data you don't want to be sent why worry about telemetry and other potential spyware from them in the first place? You already have trust in them anyway.
But if you do not trust Microsoft to do that, then why trust their claims? They could be collecting a bunch more and if ever found they can claim that it was a bug like a bunch of other companies already did (e.g. HP having keyloggers on their laptops).
Impressive! Now the $64,000 GDPR question: is that all of them? And which of the long list might be considered personally identifying, including "jigsaw identification"?
(this is also vindicating the "the best way to get correct information on the internet is to post incorrect information"; all the replies could have been top level replies to the OP but weren't)
Is it really? Seems you need to install ~2 packages, flip some switches, edit some files/run some terminal commands, reboot and connect the debugger and you're pretty much setup for it. Seems more like something you need to read an article about, rather than a skillset per se.
The author is a self-described "tech journalist" and it's not really news that most of them tend to be lazy and not really dive even surface-level deep into any topics. Author probably wrote the article with a deadline approaching fast, and editor said it was good enough, so published it became.
This video it's based on was from earlier in the year and lacks any proper analysis, yet got picked up by some tech sites and continues to get posted for topics which mostly just results in users bikeshedding about their Windows pet peeves.
Some examples: calls a service that helps companies comply with GDPR "1984" since the analysis is superficial and almost entirely gut reactions to random domains they observed. They have no issue with one CDN they observe but take issue with a Microsoft CDN literally only because they see 'geo' in the sub-domain, when if they'd taken a moment to check it's just used to locate the nearest data center like CDNs do generally.
If the video were instead, 'let's look at what comes pre-installed with Windows 11 [Home, Pro, Education?] that connects online' then it may have been a more informative video. Instead it has a lot of assumptions but little evidence about DNS queries, leaving only casual viewers thinking they've learned something.
You can easily transmit information hidden in web requests.
If I own a web server at somedomain.com I can run code that asks for somedomain.com/someencryptedinformation.html, and I'm sure that someencryptedinformation will appear in the server logs. Automate encoding something in that string and you can send data using simple web requests that won't trigger anything looking for connections on non standard ports. And what if connecting to domain A followed by B within 2 seconds is translated as a 0 and the other way around as a 1? You can, albeit slowly, send whatever you want just by alternating those two connections. Yes, just contacting the outside is sending information.
>Unless I'm blind, the article doesn't contain any actual evidence of telemetry being sent – just a list of domains contacted, and speculation on what their purpose might be.
>
>I don't doubt that Windows collects and transmits telemetry data (hell, text editors do that nowadays), but if an analysis of that exists, it is not in this article.
Yes and then if you read paragraphs 3, 4, 5, etc. there's no substance on what is actually sent. We all know what Wireshark is, and what it can do, but how it was utilized here is up in the air.
One of the many reasons I never run Windows natively any more. If for some reason I need it(rare), it's always in a VM, preferably with no internet access.
Turns out it was a good policy to have, because when I built a new desktop/home workstation system recently I happened to go with a gigabyte mobo, which has that firmware hole enabled by Windows essentially willy nilly downloading and installing whatever unsigned blobs you throw at it.
Had I ever installed windows directly on that machine, I would have had to assume every component with any form of non-volatile storage on it(i.e pretty much every component except maybe the CPU itself) was potentially compromised, making it useless as a workstation, at least in doing any kind of work for customers, which I prefer to do from home. Because once the firmware is compromised, all bets are off.
Just curious, how often do you audit the compilers that you use? Specifically, how often have you read the compiler source code line by line and when is the last time you compiled those compilers using known, clean compilers?
Its amazing how the old Windows OS's managed to improve with out telemetry and analytics.
Now we have that, the OS is in a downward spiral of how much one can harvest from the user and other dark patterns to prevent the user from having control over it. While the desktop experience has worsened.
Automatic? Absolutely. "Proper anonymization" is a joke, supposedly anonymized datasets are shown to reveal PII all the time. Informed user consent is paramount, and if informed consent isn't possible because the nature of the report is too technical for the users then the report shouldn't be sent.
Even if some rare few developers can properly anonymize data and for instance, scrub core dumps of any user data, them doing so normalizes the practice of opt-out telemetry and most other developers won't be so careful.
The crash reports are only looked at by automated systems and by Microsoft developers who can only temporarily keep them on their machines. Microsoft is interested in improving software and not violating people's privacy.
Microsoft developers might be interested in improving software, but Microsoft the business is interested in partnerships and making money off people using Windows.
It's very hard to anonymize a crash report if it's more than just a backtrace. If it contains any user data - which might be relevant and useful to debugging! - it's not anonymous.
Edit: wondering if the correct approach is actually a GDPR one ...
What is the pipeline from a random application crashing, 99% of the time because of misconfiguration or a bug in the application, to Microsoft doing anything that fixes that? How could they even?
The goal of spy satellites is to count hardware and look at infrastructure, etc. The goal of hiding a camera in a public restroom is prurient behavior. Two very different purposes and goals. But both are spying.
It really doesn't matter what motivates opt-out or mandatory telemetry; it's spying. It's wrong because it violates user privacy, regardless of the motive.
Of course Windows needs your location, cookies and data, otherwise it wouldn’t be able to show you a weather widget and ‘relevant’ Bing News about the latest celebrity make-up flub.
Weather is often presented as one legitimate case of location data necessarily being uploaded to an online service, but I think you could fit compressed county-resolution basic weather data for entire countries into a few kilobytes. Windows could easily download the current weather for the entire US and choose the user-local data out of that set.
> I think you could fit compressed county-resolution basic weather data for entire countries into a few kilobytes.
More than that, you could compress city-resolution detailed weather data into couple dozen kilobytes. The easiest way to see it is to observe that, if your app downloads some kind of weather map image generated on the server, then that image already encodes some of this data directly, through colors of the pixels. If you ignore human readability, you can pack much more information per pixel, at the resolution of... the image. And that is not even the most efficient encoding for it.
Hell, even dumb weather APIs that respond with weather predictions could pack several times as much data in the response if they ditched the horribly space-inefficient JSON response format. There's no technical excuse at all to not ship you the whole continent's worth of weather data with each update, removing the need for the server to know your location.
It could be pretty cool to pack all kinds of weather maps into a single TIFF, using different channels for temperature, humidity, cloud cover, etc. TIFF has support for arbitrary bit depth and number of channels, so it seems like a natural (if not most optimal) fit.
Then compress that tiff file with .7z, give it a cool new extension like .WAIF (Weather API Information Format) and standardize it, and baby, you got a stew going.
Your IP already leaks city-level location. So you don't gain much from not sending it anyway. Presuming that Windows doesn't send GPS level location. I have no idea what it sends, but the weather widget asks just for city name.
Those requests are still relatively OK. But Win11 has buildin keylogger, ads and all sort of nasty stuff. It can also be auto reinstalled to Windows 12 anytime.
At this point it is basically a malware, and should be kept in sandboxed environment!
But at least with the loads of available data on software usage and hard work they make their applications worse than before.
My latest 'favourite' is the snipping tool and how it became much more difficult to use. Also it is made for the default app for png at some point as well not having navigation (next/prev pic in a folder) showing itself in a thumbnail size by default, unsuitable for picture viewing and have to switch back manually to photos. From app settings it jumps back again to a thumbnail sized state, someone have a real fetish about this minimal size view out there in handling screenshots....
Win10Privacy can turn off the vast majority of these data spigots.
The downside is that it’s a pretty advanced tool that can seriously screw up your system if you don’t know what you are doing. For example, several settings require Office to be already installed, otherwise it will never successfully install with those settings enabled. Plus, you need to make note of them to back them out in case you ever want to upgrade to the next version.
But otherwise, it’s an awesome product that can effectively lock down both Windows 10 and 11.
Not necessarily, if using 3rd party tools to stop telemetry or to check settings. Though I do agree that Microsoft likes to re-enable whatever settings as they please after updates.
> I know the ShutUp10 tools, does it work for W11 too?
Yes. I've been using it for years now - first on 10, now on 11 (couple of years).
Just make sure to check for new versions from time to time, as they keep adding new features and things to block.
The telemetry is in integral part of Windows 11 and should not be disabled. Microsoft doesn't provide a way for users to disable it, therefore it's not a supported configuration and shouldn't be used.
If you don't like the telemetry that your OS vendor provides, and you don't trust your OS vendor, then why are you using their OS?
I am not using their OS. I use linux, Fedora up until recently.
But every time someone asks a question about how to improve windows, like a fly to shit some yokel pops their head up from the GMO corn trough long enough to yell out "USE LINUX!" like they're some Alabamian talking about their favorite college football team as if that actually helps someone with their problem and it irks me.
Microsoft is training the average office worker NN replacement? It would be incredibly ironic if the house of excel and word, created the machines to do away with them forever, for a price.
XP is a good baseline for comparison: it is the starting point of this lineage of Windows being what everyone had. 2000 was uncommon on the desktop for home or small/medium business use, NT even more so, those environments being sold 95/98 (and earlier 3.x) instead.
It is getting worse, and some of it is back-ported to Win10, so it isn't as simple as comparing Win11 now to Win10 now to note the differences.
Comparing from either base point in time is valid. There are probably win10/win11 comparisons out there if searched for (if not, maybe someone reading this wants to write one and get the attention from publishing it :) )
The title and its contents don't match. The article is about DNS queries that Windows makes and does not actually look at the data being collected. These requests are also not even from telemetry. For example sb.scorecardresearch.com is likely from some browser or web view with msn.com.
This article is full of speculation and is trying to just appeal to paranoid people by trying to make Windows out to be doing something bad.
As a developer that has has countless users spew bile at me for being unable to fix "it didn't save properly"...I'm quite split on the debate of telemetry.
No one actively goes in to enable telemetry. In the tech space, possibly. Dealing with people that don't know what a save icon is? They're not even capable of understanding telemetry let alone provide informed consent.
All the user knows is their button doesn't work, and they're angry.
But what's the difference? I don't see how me telling them to turn on telemetry, which they have no possible way to provide informed consent, is any different? Just feels like high-ideals to make devs feel better.
If people can't provide informed consent the dev must make the choice for them. Either do it or don't. Giving them the choice is almost more malicious.
Anyway. All this telemetry topic just feels poorly considered as a whole. Quite "hur dur telemetry bad". I've been on the other side is all.
> When Lenovo preinstalled Superfish adware on its laptops, it betrayed its customers and sold out their security. It did it for no good reason, and it may not even have known what it was doing. I’m not sure which is scarier. The various news reports of this catastrophe don’t quite convey the sheer horror and disbelief with which any technically minded person is now reacting to Lenovo’s screw-up. Security researcher Marc Rogers wrote that it’s “quite possibly the single worst thing I have seen a manufacturer do to its customer base. … I cannot overstate how evil this is.” He’s right. The Lenovo Superfish security hole is really, really bad.
'it did it for no good reason, and it may not have known what it was doing'
