> Microsoft-branded ARM microcontrollers running an embedded linux distribution. Microsoft rolls out security updates over Azure to reduce the risk of the device becoming part of a botnet.
It sounds great.
It's also a big swing for me in that I trust MS more than Google now to do the right thing. I'd have thought that impossible a couple of decades ago.
Don't be so eager to forgive them. They're not hugging Linux right now because they're a Good Company trying to Do No Evil.
The Home and Pro editions, meanwhile, are effectively "Xbox OS for PCs." They turn your computer into an entertainment appliance run and maintained by Microsoft itself. Of course they collect data, just like there are data-collection agents on all the nodes of your average production system cluster. When Microsoft is the sysadmin, Microsoft needs to collect ops data.
And, personally, I don't think that's a bad thing, per se. It's a choice you make. You can take control of your PC while still running Windows, if you like. (It's just a big hassle, because truly administering a modern Windows system is a big hassle.)
There's something fundamentally wrong with that to my mind, given how the Pro release of Windows has always been placed.
I should not need to get an Enterprise release to be able to manage my own machine, restrict the phoning home, and control other basic features of my machine used in a professional context. I've no need of 101 features for managing 1,000 desktops and neither have many smaller businesses who are also now landed with "Xbox OS for PCs".
And Pro really refers to Prosumer not Professional.
Anyhow, it is /not/ ok for an OS to spy on their users by default - even if you can disable it manually.
I skimmed the list and these particular ones jumped out at me:
> URL for a specific two-second chunk of content if there is an error
> Music & TV
> Service URL for song being downloaded from the music service -- collected when an error occurs to facilitate restoration of service
> Photos App
> File source data -- local, SD card, network device, and OneDrive
> only when you have it set to Full level
"you" (probably any users) won't set the level to "full"; this is the default setting (source ). MS only offers "basic" as opt-out (which it really is not).
 - https://docs.microsoft.com/en-us/windows/configuration/basic...
 - https://www.ghacks.net/2018/03/12/configure-telemetry-window...
they're capturing more data about you than you probably realise exists to be captured.
Microsoft have marketed it to business and portrayed it as intended for professional business use ever since XP introduced the version split. Until large enough to be allowed near volume licensing SKUs, when you pass some point past a hundred seats, it's the most professional offering a business can get.
That covers nearly all small and medium businesses.
Nope.. I can buy pro but I can only try enterprise.
As far as I am aware the pitch has not changed - Pro is for for a business environment, Enterprise if you're in need of centralised management of an estate of machines. So no, Pro should not be taking liberties.
So now to be treated professionally I need to buy a laptop with Win 10 Pro and buy Win 10 again to reinstall it / upgrade it with Win 10 LTS? Can you even buy a single copy?
I can't disable debug telemetry or cortona. If I set the options to via admin (or even safe mode) via registry edits. After a reboot I'll find them back on.
Of course, these European prices already include sales tax, which the US prices don't, but even then it would still be ~250USD without BTW.
So 270USD on sale sounds like a decent savings!
I see $200USD
Telemetry can be set to basic in settings too, which is harmless, and it also asks you upon install.
Most of them live in a bubble and it's just not cool to use Windows or Microsoft products...so even when you're right, which you are, the most you can hope for is that they'll ignore your comment instead of spouting off some ridiculous nonsense that they actually have no clue about. And then they turn around and pimp Apple, the most controlling, selfish enemy of personal freedom with the shittiest software that you can imagine.
It's kinda hilarious to watch though.
I don't use Windows, I don't use Apple products, I'm trying to avoid using any closed-source software.
Many other people here will complain about Microsoft ads on the start menu but turn around and forgive Apple who shows you ads every time you want to update your computer via the App Store. With Windows when I remove the ad (which is just a shortcut to a non-installed app) it’s gone forever or at least a long time.
Or, they will fault Microsoft for some slight lock-in with their Mail app that nobody is forced to use and completely forgive Apple for the immense level of lock in on iOS because “Apple has always only offered that” and Microsoft is not allowed to change.
However, I have to put up with basic telemetry which is slightly annoying but not a showstopper for me. I can also install the enterprise version of Windows which I think I can get via my MSDN subscription. Either way, it is annoying but I can live with it.
The fact that there is a Search UI on your taskbar (which you can remove with right click), doesn't imply that Cortana's data collection is enabled.
So tell me, where can I buy that for my personal computer?
>because they're for serious people
No, because those who can get Windows 10 LTSB actually have the power to push back. Imagine telling Dell or HP that everything they type may be sent to MS at any time.
>You can still take control
So how can I permanently end all telemetry, now and forever on my box. I'm even willing to sign a letter that I won't hold them responsible for any viruses that I get because I didn't update in time.
I ran LTSB for a year and it was brilliant. But on day 366 (or whever my slmgr -rearm trick ran out) you get locked out with no real way to change to a different SKU or reset without a clean install :(
There's a program called BlackBird (http://getblackbird.net/) that claims to strip out all that telemetry. I have been running it for a while and while I haven't closely inspected traffic to validate the author's claims my bandwidth monitor widget doesn't have a lot to report, rarely rising above 1kb/sec unless I'm doing something.
1. “Note: Some anti-virus products may detect Blackbird as malware.”
2. “Last updated: Nov. 10, 2016”
...now, not so much.
And I really wanted to believe.
So, probably safe.
Simple: you use a different OS that doesn't spy on you. Microsoft is under no obligation to provide a product or service to you the way you want. They've decided they only want to offer products that spy on you, and that's their right. If you don't like that, you're free to not buy or use their products, and use something else instead. There are alternatives out there that don't spy on you.
I use a license key from work for my home PCs and it's lovely.
I’m not defending Microsoft, and I’m not a fan. I am merely speculating on their perspective.
Here in Germany, it is still controversial whether Windows 10 machines can be used in public services at all.
This is a difficult problem. The software could be audited by an independent third party. However each update needs to be audited as well. Furthermore the binary of the initial state and each subsequent update binary would have to be signed by the auditor in a way allowing independent verification of the signature.
How does one, as a non-enterprise, even get W10 Enterprise LTSB? I would, in a heartbeat, but MS wants to shove crapvertising down peoples' throats no matter the cost. And it's logical, given that when the users with money to spend and technical expertise fall out of the advertising eyeball pool, the eyeball pool loses its worth as it will be filled with poor noobs to whom all you can sell is the latest iteration of Candy Crush and snake-oil "antivirus".
I wouldn't recommend to a developer or an average user.
Sounds fine to me.
Granted not everyone needs this.
Why would only people who pay $200 for a windows edition get (some) privacy?
Remember the days when the products you bought didn't spy on you? It seems like now companies are double-dipping or triple-dipping with this spying and selling of your data after you've already purchased the product/service.
And we're getting reconditioned to live with it and agree to it, especially from comments like yours.
Don't like it? Don't buy it. If you pay hard-earned cash for a product, and then complain that it spies on you even though you knew this before you bought it, you don't really have much cause to complain. If you really value your privacy, then put your money where your mouth is.
At a higher level, Gates seems more credible than Larry or Sergey to me. Totally biased by my history, but I'm pretty strong on that point. Gates mellowed out and seems more broadly interested in "greater good".
And this is all without going into how he tried to destroy Linux, control UNIX, successfully destroyed competing DOS platforms (eg DR DOS), blocked OEMs / shops from selling PCs with competing OSs (or was it machines without Windows preinstalled? I forget now), ruined EeePCs and their form factors (by selling With dies at a loss), etc.
I think the only reason Gates didn't try his luck with data collection was because it simply wasn't a thing back then.
That said, I do still respect the guy even though I disliked his products and how he monopolised the market. Which is more than I can say about Balmer.
Office 365 is accelerating that. No need for local Word, PowerPoint, Excel, etc.
I'd guess Microsoft gets most Windows sales from regular people buying regular laptops with Windows preinstalled. Most of them probably don't even know there is something else other than Windows.
I instinctively feel like ChromeOS and OSX (and mobile OS variants) are going to kill Windows desktop off. But I'm also aware I might be off base.
Around here ChromeOS is a kind of rare animal hardly seen on any consumer shop, and when it appears it is usually tied to some promotion to get rid of those in stock.
OS X is everywhere on northen Europe big cities, but go south or to the country side where many people dream to go over the 500€ barrier and it too becomes a rare animal.
Maybe it's because a computer is a significant expense, so people value price/performance more,
or maybe because schools have Windows PCs and nobody is used to OSX from young age.
For gaming, it's pretty much only choice, Macs have no hardware to handle them, and for Linux, I've tried switch many times, and it always been a hassle.
I've ended up with Ubuntu for work and Windows for everything else.
2. Gates left Microsoft.
3. Gates is good now.
5. Microsoft is good now.
Unless there is some weird "conscious uncoupling" thing that made them both better, what could step #4 be?
It makes terrific financial sense for them to take ownership, liability (and revenues) for a product class their native technology can't compete in.
MS for all their faults are at least still in the business of selling operating systems and not selling you.
I ditched windows for a reason (several, but privacy was one) and I've got no intention of checking every 3 months how far down the slippery slope ubuntu has gone. And they will go down that slippery slope because it's abundantly clear that they as an organisation they don't value privacy.
Also, you can use distros based on Fedora/RedHat if you are a Canonical hater.
Because it happened to be mentioned in a preview video I watched on youtube. What happens in 3 months when they change that policy and it get's past my radar? This is FUD canonical have created by not taking privacy seriously.
The difference between the '90s and now is that in the '90s Microsoft spread FUD against Linux, and now segments of the Linux community are spreading FUD against Microsoft. FUD is bad no matter who spreads it.
On the other hand their contempt for the (paying!) customer is sill blatantly evident, it's right there in Windows 10 telemetry settings being reset.
All I can read into it is that it's in their best interest to stop being deliberately hostile towards Linux and open-source. We can trust them doing The Right Thing only as long as The Right Thing benefits them.
With that being said, there's a huge difference in acknowledging a company becoming more developer focused, and trusting a company. You shouldn't trust any company to do "the right thing", regardless of how noble their actions may seem on the outside. As Google have shown, your motto can literally be "do not evil" and in the space of a decade you are viewed as a monster.
The whole LOC drama train is tied to code that doesn't get compiled when you specify the architecture.
Realtime OSs are currently in vogue because they better match how some IoTs devices work, so there's less abstraction that doesn't apply to that circumstances (and therefore improved performance/reduced complexity).
Is it, though? Linux has had NOMMU (running without an MMU at all) support since the early 2000s, and the atomics / barriers are more based on Alpha's memory model than anything else - several of those primitives just compile out to a compiler barrier or nothing at all on x86.
Most heavyweight things you don't need in an IoT context can be compiled-out completely - I think probably the major bit of infrastructure you can't is support for multiple user IDs?
Me too. Good thing Google exists now :)
Microsoft now cares about subscriptions (office365, etc) and monthly recurring "rental" revenue. Anything that gets people to spin up more Azure VMs and pay for them monthly, forever, and possibly get locked into the hosting platform, they're totally OK with. Doesn't matter if it's a Linux VM or a Windows VM running on their hypervisors as long as people are paying the bills.
What's interesting to me here is Microsoft is building an IoT solution that allows manufacturers to delegate security to Microsoft instead of having to roll their own.
The general mindset has been that iot has a couple slices: the "thing" (air conditioner vibration sensor), how that thing is connected (Ethernet plugged directly into a smart vibration sensor, or vibration sensor plugged into a connected data-recording device), the transmission/storage of that data (cloud solution? Servers on site? Internet y/n?), Analysis of that data (Microsoft IoT platform? Rolled solution? Now defunct Autodesk iot platform?), and finally the acting upon data collected (chief engineer scheduling repairs/maintenance, project manager ordering new motors, whatever).
So many companies have tried "rolling their own" because they got it working on a raspberry pi or Arduino in a week, then find out their connectivity is not secure at scale (let alone that the solution can't scale at all).
Let specialists specialize. No reason not to let big daddy Microsoft handle the messy bits.
Disclosure, I work at electric imp, thus considering myself firmly in the "secure connection and transmission" slice of the pie.
Disclosure 2, we're partnered with Microsoft for their new IoT push, lol.
And now it gradually translates into "don't own your devices, cause you can't handle security", both for users and small and medium size vendors.
And the meaning of "device" is gradually translating to "any stuff we wear or use". Welcome to the shiny IoT future.
We shifted from consumer IoT devices because there's just no money there. Toy Mail is one of our only customers that made it work.
In my mind, the places to look for Iot solutions are generally the same places you need a hardhat and steel toe boots to enter.
Let specialists specialize. No reason not to let
big daddy Microsoft handle the messy bits.
I mean, Microsoft or AWS is at least better than a startup, in that they're less likely to go bankrupt - but even Windows XP, one of most long-lived products out there, was only supported for 12 years even with 'extended support'.
Not to mention the fact whoever provides the cloud services will likely be looking to make recurring revenue over those 20 years.
As for forever, hence why companies like Microsoft and EI have models for "continual update" on connected devices The idea being that the security upgrades never stop.
"Highly secure devices have renewable security. A device with renewable security can update to a more
secure state automatically even after the device has been compromised. Security threats evolve and
attackers discover new attack vectors. To counter emerging threats, device security must be renewed
regularly. In extreme cases, when compartments and layers of a device are compromised by zero-day
exploits, lower layers must rebuild and renew the security of higher levels of the system. Remote
attestation and rollback protections guarantee that once renewed, a device cannot be reverted to a
known vulnerable state. A device without renewable security is a crisis waiting to happen."
n.b.: MSFT employee, not associated with above work
e: hmm, I realized that the IoT linux offering is actually paired with the MediaTek chip announcement. I guess this is the product incarnation of the technology from the paper?
The "ensure device updates are not malicious" question gets asked at least once a month here. It only gets stronger.
You are asking exactly the right questions, though. These are the sort of holes we find in customer home rolled solutions. Another one is factory enrollment vulnerabilities - how do you guarantee that factories don't walk out with your code, stick some malicious stuff on it, then install it on the device before shipping it?
This is not about Windows technical capability - which is effectively every bit as good as Linux in this space. This is about, "OK, developers, you'd rather have Linux than Windows on your IoT device? Cool. Now get connected to Azure for that IoT data, we'll help you keep that device secure and up-to-date." It's about market share for Azure.
Really? Did you check out Windows Nano Server - https://docs.microsoft.com/en-us/windows-server/get-started/...
Well, it depends on what you want to do.
A really minimal XP with minlogon is around 10 Mb (actually around 20 MB that on NTFS compressed volumes are around 10), of which quite a bit is things that could be removed or greatly reduced in size recompiling the programs/dll's if the source was available, that won't do much, while with a decent amount of base tools it comes out at 30-40 MB or so.
Some references to a dedicated project:
> The Microsoft-secured Linux kernel used in the Azure Sphere IoT OS is shared under an OSS license so that silicon partners can rapidly enable new silicon innovations.” And those partners are also very comfortable with taking an open-source release and integrating that with their products.
I think it’d be cool if they released an open-source NT kernel for this, for diversity of kernels and because of NT’s reputation like you mentioned previously, but maybe they’re betting on there being many more engineers with Linux-based IoT development experience.
For a while it was basically free (as in beer) up to an absurdly high volume (IIRC, million-ish devices?).
Maybe you are correct that there might not be a huge interest unless the solution is also free as in speech simply because of auditing needs of some of the IoT manufacturers.
MS would have to spend money and effort to get NT to be where linux is already, then spend more money and more effort to get people to adopt NT for IoT. In the end, there is no profit in being the OS for IoT.
Instead MS opts to have IoT pay cloud fees for Azure. It helps grow their cloud efforts and profits from existing investments. They don't have to fight linux, just work with it.
It looks like a developer gets to program the A7 and 2xM4F cores whilst the WiFi radio and Microsoft's "secure" Pluton thing run on a Andes N9 and Cortex M4 core respectively. I assume it is those cores which will be auto-updated in an attempt to defend against attack.
Indeed. The article agrees with you and even goes as far as linking to the same URL that you did. :-)
You lose functionality though, like being able to check doors etc. remotely.
I trust Apple and I trust Homekit so I'm not too concerned with that.
You don't. That's what VPNs are for.
If it's an end-to-end VPN, it's doubtful most of these devices have the power to run a client.
And god help us when all these IoT devices start talking IPv6... With no NAT and anemic firewalls on most routers? Oof.
Assign Unique Locals ( ULA ) to untrusted LAN devices and no Internet router will carry them.
Then your laptop or phone can additionally receive a routed prefix. Remember with IPv6 you can assign an arbitrary number of prefixes and addresses to each interface, or just one. It makes for very flexible routing.
But John Doe does not care, he wants convenience to the point where the IoT manufacturer knows everything about how they use the product.
Do the security right and the classic internet of shit botnet type vulnerabilities aren't really an issue (knock on wood...)
Anyway, we've managed to survive pitching internet connectivity instead of local network, and several customers have found use cases for it that I don't think local would be feasible for.
In the end it's not just "technically a LAN would be the most secure option here," I mean that's always the case. It can be more "our partners and solution are offering a so-far-unbroken security model, and connecting via the Internet makes the whole manufacturing, distribution, on-site enrolling, and monitoring cheaper and working out of the box."
I would think Windows could run on a Cortex-A7, no? Perhaps the specific parts they're using have a ridiculously-low clock rate or other painful limitations?
Cortex-Ms typically can't run linux (excepting uClinux) as they don't have the RAM and typically don't need to as they address a different need (dedicated function instead of general-purpose compute), and have far fewer peripheral interfaces. It used to be all about power profile, but the recent SoCs are getting pretty competitive there as well.
But as I said the traditional segmentation at this end of the spectrum is being re-cast seemingly every second week, and so terms such as 'microcontroller' are becoming less meaningful all the time. And who the hell can agree on just what 'embedded' means these days?
Or what it'll mean in 10 years, as power/radio/processor/sensor specs continue to improve. I'm speculating, but perhaps MS is banking on the low-end to grow, up into the Android/iOS space. So instead of our current 3-10 devices per family we'll have 30-100 devices. Hopefully, those devices will be secure. Maybe they'll be useful :-)
FWIW, my personal definition is "doesn't have an MMU"
I think is a undisputed win.
A 500MHz A7 part is way too much silicon for an IoT node. How much external SDRAM and Flash are connected to that MediaTek core?
FreeRTOS is a pretty good fit for this situation. I am only disappointed that newlib is so ridiculously huge in comparison. Some functions in there are twice the size of FreeRTOS.
Not saying this isn't fun, but don't tell my boss ;).
Is that supposed to imply linux can't? Or that linux plus a GNU subsystem can't? I've personally run it on a lot lower end hardware than that seems to be.
Different markets really, sounds like Microsoft is targeting items like internet connected cameras (think Mirai endpoints). Where as Amazon is targeting low power prolific devices, eg. IoT buttons.
You're starting to see devices like the Renesas RZ/A1H that has 10MiB of SDRAM on the die and can boot Linux out of a single cheap QSPI memory part.
Regular Linux can't. uCLinux might.
You can run regular Linux on these, you just probably don't want to.
This may seem good, but my paranoid half (make it 9/10) thinks they could "hijack" the Linux user base by releasing software certified as Linux compatible that runs only under their Linux, and by being platinum members of the Linux Foundation they could be entitled to say that their Linux is the only true one.
Linux has large (majority?) market share in the server and IoT markets, but a very tiny market share when it comes to desktop.
I'm not as clear on the history, but was Linux ever pitched as capable of being real-time OS? I don't think so. The hard requirements for real-time generally lead to very different systems than general-purpose operating systems.
Who would ever have thought that Microsoft, the great enemy of Linux, would release a product based around a Microsoft branded Linux kernel? Not I for one. Though having said that they have been increasingly opening up and making non-threatening noises towards open source of late. So, it's not _that_ much of a shock but it's still a shock! Microsoft is using Linux for IOT embedded devices, wow.
And then you point out that simultaneously the Linux Foundation, the Linux Foundation, is supporting a non-Linux kernel real-time OS for IOT embedded devices.
You could not make this stuff up.