Hacker News new | past | comments | ask | show | jobs | submit login
German federal office publishes Windows 10 telemetry analysis (ghacks.net)
323 points by jakobdabo on Nov 25, 2018 | hide | past | favorite | 229 comments



I am surprised that they using server names like "alpha.telemetry.microsft.com". when I see something like "microsft" in an E-mail or link I immediately suspect that somebody is trying to fake being from Microsoft. Or are these spelling errors in the article?

Edit: these domain names are in the report too. Very strange. I would get very nervous if I saw "microsft" in a firewall log.


https://www.ip-tracker.org/locator/ip-lookup.php?ip=Microsft...

It does seem MS owns that domain, but to be actively using it --- especially for telemetry --- raises red flags for me too. Using misspellings of names is something malware often does.


They also dropped a seemingly random-named tool/service ("sedlauncher" and I think "sedsvc") in "C:\Program Files\rempl" (not the Windows directory as one would expect) that looks pretty malware-y to the point where even a community moderator on the MS forums called it malware [2] but is legit [1], and Win 10 has dozens of new services running (and likely having new ones added with every unavoidable feature update).

It also randomly creates a new service matching the name of an old service + a random changing hexadecimal suffix, and I apparently have Skype running on my gaming rig. As is, I don't consider Windows a defensible platform.

I have the feeling that everyone just keeps slapping features, services and more telemetry onto Win 10 left and right with little coordination. Would be funny if some government agency just told Microsoft "now give us a complete list of all telemetry" - I would be surprised if MS could do it (with any reasonable confidence that the list is actually complete).

[1] https://support.microsoft.com/en-us/help/4023057/update-to-w... [2] https://answers.microsoft.com/en-us/windows/forum/windows_10...


They also dropped a seemingly random-named tool/service ("sedlauncher" and I think "sedsvc") in "C:\Program Files\rempl"

...and they didn't even bother to check that there's an existing project of that name (which will only serve to scare those who come across it by searching --- the description begins "Platform for moderated remote access"...): https://github.com/rempl/rempl

It also randomly creates a new service matching the name of an old service + a random changing hexadecimal suffix

That is extremely disturbing. It's like MS is following in the lead of malware persistence techniques.

There's also this:

https://www.askvg.com/what-are-sedsvc-exe-sedlauncher-exe-fi...

"Hardens the servicing stack against admin tampering." Yes, they're fighting against you, the owner. As the exclamation goes, "fucking bastards!"

All this aggression is going to do is drive even more users who are forced into using Windows 10 to turn off updates completely. They were already wary, now they'll have lost their trust completely.


>Windows 10 to turn off updates completely

I did that 6 months ago best thing I ever did to win 10 so far.


Nothing bad has ever happened to an unpatched Windows system.


Malware is often more respectful of a compromised system than Microsoft.


No one forced you to use Windows 10. You could have used ReactOS.


So when one chooses a platform/OS (or even if one is looking from afar- as I don't seen any claim by OP that they are using Windows 10), they have no right to complain about it?

I don't understand this type of argument.


They can complain, however, this complaint is mostly pointless as he is already informed by software licence agreement, aka results matter more than intentions.


Are you forgetting how MS forced a lot of happy win 7/8 users to upgrade by abusing windows update?


I was pretty happy with Windows 7.


I am pretty happy with it (well, relative to the newer ones)


I didn't know ReactOS has achieved 100% compatibility. That's great news!


Currently 99.9%. You can help for the rest to get ReactOS over the Pareto's hump.


> Using misspellings of names is something malware often does

your spidey sense is telling you what you need to know, you just won’t say it


I don't get it.


Windows 10, spying on its user, is malware.


A domain like 'microsft.com' is used to trick users into thinking the communication is legitimate and to Microsoft. But why would the actual Microsoft need to engage in this?


To preserve their main domain from the filthiest blacklists? So they can move on to another shady domain for dirty tricks if this one goes under in reputation. Executive thinking..


but why wouldnt they use microsoft-telemetry.com instead?


Probably for the very few people that use regex on their DNS servers to block Microsoft


This is most definitely the case. I can't think of any other reason they'd do this.


Maybe it was a typo and fixing it would have required more bureaucracy than getting the domain.


Why would that be any less shady? I've gotten plenty of spam pointing to <legitservice-word>.com and similar.


Someone should def send up a pull to patch that on githup.com


Disclosure: Works for MS but not on anything related to the topic of discussion here. These are my personal opinions from experiences at multiple companies.

Any user-facing names obviously get reviewed by the whole departments that are dedicated to ensuring it fits with the brand, translates well into all languages, not offensive to anyone, etc.

For identifiers that are not expected to be user facing, they're likely to get code review, simple profanity filters, and certificate policy checks, plus whatever bikeshedding those particular dev+ops+networking teams want to have about it. For a service endpoint that's really only resolved in the guts of client code, I could easily imagine an individual dev just using an arbitrary name for the prototype, and then eventually finding that the service became useful and that it's just not worth updating all the existing clients for a cosmetic change mostly no one sees.

Also, you hear conversations like "so-and-so registered that name years ago for idea X, but that didn't really go anywhere, so we can just repurpose that since we know that it's both already working and unused".

So I wouldn't read any particular motivation into 'microsft.com'.


So, basically, laziness


So, basically, efficiency


I think the grandparent was being a bit tongue-in-cheek.


It could be an attempt to bypass DNS blacklists. I have Microsoft domains blacklisted on my pi-hole because I find their telemetry practices so difficult to constrain otherwise. Not sure if I caught any micrsoft domains, but there were definitely some that seemed intentionally semi-obfuscated, with msft or something like that instead of the full company name.


I'd actually lean towards it being the opposite - put the thing that people and organizations would be inclined to block on a separate domain so that the core business domain isn't blocked.

EDIT: Seems like there are a lot *.microsoft.com URLs, too, so disregard this theory.


I have seen internal groups use domains like this simply because the process for using the primary domain is too onerous, or corporate divisions make it otherwise problematic.


Is there a specific update url you whitelist?



Why would they use the short names in URLs? I thought they make sense only for file names.


I'm mostly joking.

However, I've been observing Microsoft since the Windows 2.0 era, and I can't completely discard the possibility that Microsoft actually would use 8.3 domain names. Using 8.3 names "for legacy compatibility" in unusual places is something they've done before.


That does sound like some kind of rational explanation.

p.s. Further proof that history's written by the victors, from that 8.3 wiki page:

"An 8.3 filename...is a filename convention used by old versions of DOS and versions of Microsoft Windows...Similar 8.3 file naming schemes have also existed on earlier CP/M, TRS-80, Atari, and some Data General and [DEC] minicomputer operating systems."

"Similar naming schemes also existed"! A strange way of saying "DOS copied CP/M's drive letter + colon + 8.3 filename exactly". ..and everything else.

(Disclosure: I grew up on CP/M)


DOS was built on CP/M standards and I heard there was a converter program to convert CP/M to DOS programs because the system API calls were almost the same.

Just like MacOS has UNIX API under it and so does Linux as they were based on Unix standards.


DOS was built on CP/M standards

hehe come on, DOS was a quick copy/imitation of CP/M. That seems a funny way of describing it, dignifying what was a knock-off job. As if accused forgers or plagiarists were to say "Huh? I'm building on the standards of the earlier work."

I mean, fair enough (initially), Gates did try first to give the IBM gig to Kildall.


It could be that at some point they mapped domain names to folder names or something like that. Still looks pretty hacky (or malicious) nowadays.


silly easter eggs?


It's probably because using microsoft.com would force every cookie from that domain to be put onto every REST call they make for sending telemetry, which would be pointless and would waste every user's outgoing bandwidth. An alternate domain that doesn't have any cookies is a better choice.


What cookies? Wouldn't Microsoft have to go out of their way to make their telemetry programs pick up and use the cookies from the user's browser?


My guess, it was a typo in client and they've registered misspelled domain as easiest fix for backwards compatibility with affected old releases.


>My guess, it was a typo in client and they've registered misspelled domain as easiest fix for backwards compatibility with affected old releases.

It was created in 1996, so likely not. Although that expiration date is interesting...

Domain Name: MICROSFT.COM Registrar: MARKMONITOR INC. Sponsoring Registrar IANA ID: 292 Whois Server: whois.markmonitor.com Referral URL: http://www.markmonitor.com Name Server: NS1.MSFT.NET Name Server: NS2.MSFT.NET Name Server: NS3.MSFT.NET Name Server: NS4.MSFT.NET Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited Updated Date: 31-jul-2015 Creation Date: 02-sep-1996 Expiration Date: 01-sep-2016


I don't know what WHOIS database are you using, but it's outdated. The real dates are:

Updated Date: 2018-07-31T09:30:41Z

Creation Date: 1996-09-02T04:00:00Z

Registry Expiry Date: 2019-09-01T04:00:00Z


Because some malwares block microsoft.com.


>alpha.telemetry.microsft.com

its right there with spynet2.microsoft.com and spynetalt.microsoft.com ;). Plus you have to remember W10 spy^^telemetry switches to hardcoded IPs if DNS fails.


> hardcoded IPs

Do we have a definitive list somewhere? I'd like to block them and add them to my script [0]

[0] https://gitlab.com/moviuro/moviuro.bin/blob/master/blackhole


That seems to be a typo, it should be microsoft.com for all these hosts.


alpha.telemetry.microsft.com resolves and has Microsoft name servers as SOA. I see no reason to conclude this is a typo. What evidence do you have?


No A or AAAA or CNAME record exists for that name or any of the other microsft.com domains mentioned in the document.

Although alpha.telemetry.microsoft.com doesn't currently exist either, others do, e.g. us.vortex-win.data.microsoft.com resolves to a Microsoft-owned IP address.

It's a mistake in the report.


dnschecker.org says it doesn't


https://www.whois.com/whois/microsft.com

It is owned by Microsoft, registered by MarkMonitor (MarkMonitor is a legit company)


Yes, but just like microsoft.telemetry.elegantcode.com it has no ip address associated with it.


That would be a serious problem in the PDF they published.


I don't know about serious, but it is a problem in the PDF they published.


I wish all governments did audits like this. Either the software would get less invasive, or we'd see Linux everywhere, wins all around.

How bad is it that not even governments can use windows without the data vacuum being turned on? And they need to commission these investigations to even figure out what that means?


> Either the software would get less invasive, or we'd see Linux everywhere, wins all around.

The unfortunate part is that this is just one department in our government that sort of independently does these investigations. Whether anything politically is going to come out of this result, like a law or even just a directive for other departments, is questionable at best.

Other departments will readily ignore this report, if it's convenient for them to use Windows 10. Heck, there's been a warning before from a federal data protection department that even Windows 10 Enterprise sends encrypted, undisclosed packets off to Redmond, and shortly after that the self-proclaimed Microsoft fan and Lord Mayor of Munich signed off on migrating back to Windows from their perfectly working Linux solution.


Their Linux solution wasn't perfectly working, but the problems mostly weren't of the kind that would be solved by moving to Windows. I reviewed the report back when the decision was announced: https://news.ycombinator.com/item?id=13643182


That is a nice wish but the german government is not as concerned with it's peoples privacy as you may think when you read stuff like this.

The opposite is true. Germany sells it's people to everyone (including foreign spies who get offices directly at the backbone of the internet).

We don't have much time left to educate people what computers are and how to keep your thoughts for yourself.

All this fear and suspicion against other nations like china but when they are "1984" germany is just the "a brave new world" version of the same coin.

The laws are changing since years and after german spies and police got more slack, organizations want to connect their data und use video surveillance with face detection. That is just the beginning of something that started with the new generation of kids using "the internet" and smartphones without knowing what a computer is or why it could be bad some day if a regime knows about everything you think.

They will win because the mainstream doesn't care anymore about privacy if things are convenient enough. If tools / services just want your data as payment at least 2/3 of the people in germany are ready to sell everything so they just don't have to pay money or use open source software with crappy UIs.

Also poverty is rising and education has some blind spots (like everything that is related to computers).

If I knew that earlier I'd have become a hacker instead of doing the shit jobs I do/did. Probably then retirement with 63 like in the "good old days" would've been possible :-D


You wrote Germany but you're actually describing Australia.


Well there's other issues with Linux on the desktop that doesn't let anybody except developers use it productively.

You always have to weight your priorities, and getting stuff done is often number one priority.


The use in government would mean running it in centrally administered form. The end user would just as well just click on the icon on their desktop and the application opens where they do their work.

There may obviously be other problems, like the application not being available on Linux, or needing administrators with Linux knowledge, but that's nothing the end user has to deal with.


The Problem (atleast in my opinion) is that there will "never" be any change in this if people are not willing to sacrifice just a little bit of usability. Why should companys write software for an OS that does not get used?

Sure, getting stuff done is a high priority, but has it to be number one? Can't we put ethics (or call it whatever you want) above it? We definitely need a lot more competition


None of the parties that are involved in Linux actually care one iota about the desktop. At best it is a side project. It is phones, servers and embedded,

Only a very small percentage of what is a shrinking market uses it uses it on the desktop.

It will never happen. The only company that has really invested into anything close to Desktop Linux is Google and it is Chrome books which are pretty much a walled garden.

While it was better than it was 15 years ago, there are still dumb problems like "Why doesn't by usb headset work?" or "Oh X shat itself again with my GPU". Whereas with Windows I can reinstall the GPU drivers while playing a youtube video. The only thing I haven't had work is some cheapo chinese Serial PCI card from fleabay.


>Why doesn't by usb headset work?

>The only thing I haven't had work is some cheapo chinese Serial PCI card from fleabay.

You are contradicting yourself here. Besides, linux hardware support is incredible nowadays, and most of the time if you have problems with linux, you would have them with windows as well (aka, oem drivers for crappy nonstandard custom hardware).

Nowadays most of the soundcards, gamepads, headsets would just work, at least their standard functionality.

Also, RedHat cares about desktop, and canonical cared a lot. Nowadays RedHat is involved in a proper hybrid graphics support, gnome desktop etc. In some areas linux is lagging behind, for example accessability is still not the best, though gnome people are very concerned about it (that was one of the major reason for using a full gnome shell for login).


> You are contradicting yourself here.

No I am not. I was just saying that the only thing I've hadn't have work out of the box was some dodgy PCI card from China. It is literally the only thing in the last ten years that wasn't a video card that didn't work out of the box for me.

> Besides, linux hardware support is incredible nowadays, and most of the time if you have problems with linux, you would have them with windows as well (aka, oem drivers for crappy nonstandard custom hardware).

I've been using *nix now for about 20 years. I still have the same problems with plugging in things like headsets that I had 10 years ago. The headset I am using is a £30 headset that you can buy in almost any supermarket and that is just an example of the problems that you will face on a daily basis.

I have a bog standard Dell Latitude laptop (refurb business model). Everything is intel. Yet I still have problems with Power management on popular distros like Ubuntu and Fedora. Everything works fine in Windows Vista and Above. I get screen tearing on my desktop machine because X is utter crap. Also any application can completely kill X, I had it happen the other day.

I am sure I could fix some of these issues. But I just don't care enough anymore.

> Also, RedHat cares about desktop, and canonical cared a lot. Nowadays RedHat is involved in a proper hybrid graphics support, gnome desktop etc. In some areas linux is lagging behind, for example accessability is still not the best, though gnome people are very concerned about it (that was one of the major reason for using a full gnome shell for login).

Redhat used to sell the distro as a desktop Linux that you could buy in a store like PC world, so did Suse and quite a lot of other distros (Mandrake, Lindows, Corel). Very few people bought them, they didn't make any money and they vanished in about 2004/2005ish IIRC. The vast majority of income that Redhat makes is support contacts.

As for the gnome team, they threw away years of work when they moved to Gnome 3. That must be 10,000s of man hours. That is nuts. I don't trust a team that throws away years worth of code, user testing and bug reports. I know it been forked into Mate, but that is besides the point.


You confuse your subjective experience with the overall picture. The list of devices which kernel does support is not only incredible, but higher than that of any other OS safe Windows maybe. And even in windows you will have pretty the same hardware problems, just with the different set of hardware, which you were lucky to avoid. Shit like this [1] [2] is pretty common in windows world as well.

>The touchpad and touchscreen don't work during install, so you'll need to plug in a mouse or fuss with keyboard-only navigation. After installation you'll only have 2.4GHz wifi, so you'll need to install the Lenovo driver. There are probably other Lenovo drivers that will be required - but I haven't taken the experiment any farther yet.

>Intel GMA 910 and 915 series released in 2004 and 2005 respectively didn't get WDDM driver which means they only work with Windows XP, Vista and 7

Most of the time you just have an OEM preinstalled for you or even an OS preinstalled on a very particular hardware (macos).

[1] https://forums.lenovo.com/t5/Lenovo-Yoga-Series-Notebooks/Yo...

[2] https://communities.intel.com/thread/123273


> You confuse your subjective experience with the overall picture.

No it is a common complaint that has been happening for years (over a decade) with all manner of consumer laptops.

> The list of devices which kernel does support is not only incredible, but higher than that of any other OS safe Windows maybe.

Yes and I would wager quite a lot of these devices are for ancient hardware, embedded devices, servers, micro-controller etc and other stuff THAT IS NOT ANYTHING TO DO WITH BUSINESS LAPTOPS and a reasonably priced consumer usb headsets from well known manufacturers.

It is a fallacy that just because there is a large number of devices it also means:

1) They are supported well.

2) They are my devices.

3) That there are other parts of the distro (Pulse Audio, ALSA or whatever the nonsense they are using for an audio stack these days) will interfere with how the device works.

The situation will never change. It will never change because

1) Device manufacturers don't care about Linux. They will care about MacOS, Windows, Android and iOS.

2) None of the large corps that basically contribute to the kernel really care about Linux on the desktop. They don't make a lot of money if any from it. Redhat kinda bother, but they've been bought by IBM now so that won't last much longer.

3) As demonstrated in this very discussion on this topic. Most Linux users will trot out the same tired old excuses why shite doesn't work. They will blame it on Microsoft, the User, the hardware anything other than the accepting the fact that because everyone has their own idea what a distro looks like, the whole community is fragmented. Fragmentation causes problems, instability and compatibility issues.

I've heard it for 15 years now. If I have to use Linux (I do unfortunately), it is whatever the latest LTS of Ubuntu is because it mostly works (it is still shite though).

> And even in windows you will have pretty the same hardware problems, just with the different set of hardware, which you were lucky to avoid. Shit like this [1] [2] is pretty common in windows world as well.

Cherry picking nonsense. The only driver I've needed to install in the last 5 years is my video card driver (I am rocking a 1080Ti, which is rather nice) and a wireless driver in my laptop which took all of 5 minutes to install.

Windows will download the drivers from the internet if it can find them.

> Most of the time you just have an OEM preinstalled for you or even an OS preinstalled on a very particular hardware (macos).

No I installed Windows myself. I always wipe and do a clean install. I've done my own install of MacOS in the past as well (not much point though as they don't fill the OS full of shit).

I've heard all of these arguments before. They are all deflecting blame away from what is the Desktop Linux community. I'd heard these arguments back in 2003. Nothing has changed much in 15 years.

Maybe in 15 years time when Desktop Linux still doesn't work correctly you might get wise to the myriad of reasons why it will never work.

Hopefully I will have retired to somewhere like Cambodia by then.


> Maybe in 15 years time when Desktop Linux still doesn't work correctly you might get wise to the myriad of reasons why it will never work.

Yet, here I am, having used Linux on the desktop for over 15 years. Unlike all the years I used Windows, I've never had to reinstall Linux. No BSODs, booting into safe mode, restoring registry backups, manually installing cryptic INF files, anti-virus software, etc. Works For Me. Sorry that you didn't enjoy it. Hope you have fun back in Windows land.


Well I have a stalker.

Lies. BSODs are Kernel panics. These happen in every OS. They can be caused by failing hardware, iffy drivers etc. Are you going to claim that you never had hardware fail? never had a dodgy capacitor on a video card? I don't believe that. Also the last time I had a BSOD on Windows is because one of the SSDs in RAID 0 failed.

Dependant on Linux distro there maybe no safe upgrade path between version of the distro (Fedora recommends a full reinstall last time I checked).

I haven't backed up a registry ever. I haven't installed 3rd party anti-virus software since the Windows XP days which was 15 years ago. Windows has improved quite a lot in some ways (and in other ways it has got worse).

> Works For Me.

Which is exactly the attitude problem with most Linux users when discussing the topic. It is whataboutery at its finest.

> Sorry that you didn't enjoy it. Hope you have fun back in Windows land.

Linux works absolutely fine on my Phone, VPS (Digital Ocean) and as a XBMC machine. It just doesn't work properly as a Desktop Operating system.

I am just not a zealot when it comes my Operating System Choice and I don't pretend things that are real problems aren't.


The only way to have good hardware support is to buy two computers, and send one to a developer.


LTS (Long Term Service) versions of Linux OS' are now breaking even, or even sometimes ahead, of Windows. Office is easily on par (actually better IMO). You can have the UI exactly as you want it to be. You have GIMP. The home of Apache/PHP, and many other improvements!.


Word is light-years ahead of any open source alternative. Gimp is not a photoshop replacement. These guys don't care about Apache on their desktops. :)


Most people do not use any advanced features, neither in Writer nor in Word. You can congratulate yourself, if your colleagues know what are styles, most just hard-code the formatting.


The problem is not whether YOU use the advanced features. It is whether someone else does.

I generally don't require any better than Markdown and for larger documents I just LaTeX.

However I am normally sent work documents with all sorts of macros from other companies (embedded forms) to fill out for things like payments, right to work etc. These require Microsoft Office. Originally when I started I thought I could get away with Libre Office. It worked at best 50% and these weren't complex macros (I inspected them myself).

None of these forms are outside the norm of what a HR department, University faculty office or most medium to large companies use.


It's mostly _ME_ who uses the advanced features, not people around me. In cca last 10 years, I've seen exactly one Excel with macros that someone wanted other people to use. (No, you can't use VBA with LibreOffice, just like you cannot use Python UNO scripts with MS Office).

The reason is mostly security: nobody wants to run random macros on their machines (where nobody means their IT departments, the users wouldn't care) and for the uses that you mention, for random forms, web-based forms are used and links to them are getting send.

At least in my corner of woods.


If this “normal users are stupid” thing is supposed to be in favour of Linux then it’s a stale argument.


Normal users are not stupid. They just don't care.


How can you tell when the end result is identical? /s


Unfortunately, Word is light-years behind any alternative, open source or not. Styling is a half-assed inconsistent mess. Bullet indentation jumps around like crazy. Changing your default printer might cause reformatting. There is no decent separation between content and formatting. The menu ^h^h^h^h^h^h ribbon is such a mess you need a search function. Word is the kind of product that should be taken out and shot. I speak as someone who used word competitors back in the days when there were some left.

Now if you say Excel, however, we might start to agree.

BTW, while Gimp is not a photoshop replacement (please fix the window behaviour, guys) but krita is getting really nice, and plenty good enough for your average corporate user.


> BTW, while Gimp is not a photoshop replacement (please fix the window behaviour, guys)

If you mean the multi-window behaviour, as of 2.10 the default is now set to single-window.

If you don't have 2.10 in your distro yet, you can toggle that on in the menubar: Windows -> Single-Window Mode


Lucky you can use Word in a browser these days, then.

I'm not sure which government departments are using Photoshop but the few that do could just as easily use Macs.


Don't tell the ChromeOS team (and tens of millions of Chromebook/box) users that... though I doubt they'll be on any corporate IT wishlists (then again, they require very little support...).


(More) direct link to the publication: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Si...

Page 31 of the report was of primary interest--hosts hard-coded in diagtrack.dll:

geo.settings-win.data.microsoft.com.akadns.net db5-eap.settings-win.data.microsoft.com.akadns.net settings-win.data.microsoft.com db5.settings-win.data.microsoft.com.akadns.net asimov-win.settings.data.microsoft.com.akadns.net db5.vortex.data.microsoft.com.akadns.net v10-win.vortex.data.microsft.com.akadns.net geo.vortex.data.microsoft.com.akadns.net v10.vortex-win.data.microsft.com us.vortex-win.data.microsft.com eu.vortex-win.data.microsft.com vortex-win-sandbox.data.microsoft.com alpha.telemetry.microsft.com oca.telemetry.microsft.com

At this point, I would recommend choosing to treat the {akadns.net, microsoft.com, microsft.com} TLDs with general distrust. Also in the report:

40.77.226.249 40.77.226.250 13.92.194.212 52.178.38.151 52.229.39.152 52.183.114.173 13.78.232.226

For convenience, I've enumerated the corresponding CIDRs:

13.104.0.0/14 13.64.0.0/11 13.96.0.0/13 40.112.0.0/13 40.120.0.0/14 40.124.0.0/16 40.125.0.0/17 40.74.0.0/15 40.76.0.0/14 40.80.0.0/12 40.96.0.0/12 52.145.0.0/16 52.146.0.0/15 52.148.0.0/14 52.152.0.0/13 52.160.0.0/11 52.224.0.0/11

I'm not sure how to react to the observation of the usage of "microsft.com". I'll admit my instinct is to perceive this as, at worst, a rather clandestine attempt at circumventing basic DNS black-holing techniques--in which case, well played MSFT.

Now if you'll excuse me, I have some firewall policies to update.


If you put in a block for *.akadns.net you will very likely experience quite a bit of collateral damage. A lot of large, popular companies use Akamai.

Likewise, Ii you drop all traffic from and to those CIDR ranges, well, I hope you don't use any services or sites that are hosted on Azure.


Excellent point, and I'm well aware. Vigilance (and a proactive security posture) are the price of privacy--and I suspect nothing of actual value will be lost.

It's preferable (to me) to blacklist /everything/ and deal with any future connectivity issues on a case-by-case basis.


Sorry for the nitpick, but things like .com and .uk are TLDs (top-level domains). Something like microsft.com is simply a domain.


It's more complicated than that. Is co.uk simply a domain?


Yes. Even .uk is a domain - that's why it can be called a top-level domain.


> akadns.net

That is Akamai CDN TLD. Blocking that at this level may break a lot of sites/services. https://security.stackexchange.com/questions/9663/what-is-th...


Has anything similar been done for Android phones with google services installed and Chrome browser?


I guess the document about Google is so big they have issues uploading it to the web server!


Install NetGuard and see by yourself, it's terrifying. For eg the stock camera of my essential phone is sending data to Facebook without my consent


For Chrome, there's the official whitepaper: https://www.google.com/chrome/privacy/whitepaper.html

I'd love to see independent verification that it is complete and truthful, of course.


German press release: https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2...

Fitting name for the project: SiSyPHuS Win10


Note that they analyzed only version 1607. Before Microsoft started publishing Telemetry documentation and before GDPR. Also akadns.net or microsft.com does not appear in a current (1809) diagtrack.dll.


I noted that yeah. It's a shame that it takes so much time and effort to get to the information that Microsoft should just be open about. I think, with the current short release cycle, audits on Windows will always lag behind the real world a year or two. So at best you know how Microsoft was spying on you two years ago.


Did they find something that contradicts stuff listed at https://docs.microsoft.com/en-us/windows/privacy/ ?


There is an API monitor included in the appendix of the report. From the looks of it, it seems to be designed to hook into the API for the ETW sources and log the data that they record. But I can't tell what script language it is written in, so I cannot be entirely sure. Can someone have a closer look and tell me what this does exactly and how to run it? Seems interesting for those who want to get the complete picture of what Windows is recording.



Does anyone know if there is a tool to safely remove telemetry executables from Win10? Is it possible to remove these?


I saw this tool being recommended in r/windows10. I have tried it, no issues so far, though haven't tested to see if it does disable telemetry.

https://www.oo-software.com/en/shutup10


The point of the report above is that you can NOT disable all telemetry, not even in the Enterprise version of Windows.


...through official means.

I don't for a second doubt you can turn it off completely. But unofficial solutions come with tons of potential issues.


Could just block all communication with Microsoft by the OS. Or, move to non-Windows OSes like the retail giants already have. Kroger and Walmart run Suse Enterprise Linux (relevant Uptime Funk reference) https://www.youtube.com/watch?v=SYRlTISvjww


Not in a government or business environment using Office 365. 365 requires all sorts of open connectivity to function.


If your using Office 365, telemetry in Windows is the least of your concern.


> Could just block all communication with Microsoft by the OS.

Easier said than done when there's a minefield of firewall-bypasses for it.


Care to elaborate? Afaik and tested w10 does NOT bypass its own firewall when set to 'drop all' traffic.


From what I've seen "drop all" works at the moment but directly blocking the telemetry programs keeps getting undone whenever the file changes and it intentionally doesn't use the hosts file.


Dont know what you mean by undone, but running firewall in drop all + whitelisting works fine and block all telemetry (one caveat : dnscache needs to be disabled to remove possibility of dns tunneling)


From what I remember, when you say "block all connections by this program" on the relevant files it doesn't just use the filename, it tracks the exact version of the file, and as soon as windows update touches it your firewall block stops working.

So a whitelist method works, good, but I think it's fair to said that specifically blocking telemetry is extremely difficult with the way blacklisting works.


This tool is great. Only problem is you have to regularly re-run it because Windows Update will revert changes.


Not saying that this is carrying anything malicious at all, but there's certainly a chance that a tool to clear out telemetry or something else critical in the bowels of the OS is sending info back to that group now or can be malicious. Just a friendly warning to be weary about these types of applications.


This would be easy to detect. It's a popular tool made by a German company. I think someone would've found out by now.


The BSI is a federal office dedicated to IT security, not a company. It's more or less the German NSA, just without the spying part. That's done by other offices.



Oh, that makes sense. Totally went past me when I commented. Thanks for pointing that out.


Yep, which is why you disable Windows Update too. The people who work on Windows these days should probably all be fired. Out of a cannon. Into the sun.


Telling users to disable updates it's not a good recommendation.


Sure it is. Microsoft software deployment on client is a dumpster fire.

Blindly installing Windows updates these days is very dangerous and should be avoided. Your best approach for avoiding malware is to use browsers like Firefox and Chrome. Critical task workflows should be in LTSB, iOS or ChromeOS.

Microsoft’s guidance is to have around four deployment rings each for Windows and Office, and only immediately patch 10-20% of your enterprise environment and defer to avoid impacts from the quality issues that are very common as Microsoft is supporting like a half dozen Windows 10s.

See: https://docs.microsoft.com/en-us/windows/deployment/update/w...


Yep. All of the Windows machines that I actually rely on for work—the ones that I need to be able to start up and immediately use, and need to be able to trust them to keep running without interruption or regression—are completely firewalled off from the public internet, so that they are secure both from malware, and unwanted updates. The rest of my work is done on other, more obedient operating systems.

Windows 95 was capable of 49.7 days of uptime. That's pretty difficult on client versions of Windows 10 unless you take extraordinary measures.


My beef is that Microsoft created an update always culture (a good thing), but they are now “extending” the practice in ways that don’t reflect a customers best interest.

The future, which is subscription models with limited time away from activation servers, breaks your needs fundamentally.


>The future, which is subscription models with limited time away from activation servers

My future is not an OS that spies on its users. I hope I'm not in the minority.


Very much disagree. If you pay attention at all to security you'll always hear stories of that one client who hasn't done security updates in 3 months (or 3 days) and gets taken out by the inevitable "exploit Wednesday" shenanigans. On top of that if you're in an enterprise environment when you update you've already had months of home users beta testing the stuff (if you've chosen the semi-annual channel), haven't you?

From my experience as someone who has had 0 problems since beta (that weren't caused by me doing something stupid like uninstalling Windows Store) people mess with windows, usually by running a script or 2 because "omg Microsoft is spying on me!111!" then the update comes and throws them an error or 2.

Choose any other OS. Any OS at all that is sufficiently complicated as to compete with Windows (maybe as a starting point anything a tiny bit more complicated than ChromeOS). Then name a problem that's happened with Windows 10. I'll show something similar if not worse happening on the other OS you've chosen.

The problem, IMO, isn't the OS. It's the freedom the OS allows and the billions of different configurations you'll find out there. Of course any 1 update isn't going to account for all of that. Hell Apple can't even do it on iphones/imacs and they have a very tiny number of SKUs to deal with.


I respect your position here and don't intend to be on the attack. Usually that one client also lacks other compensating controls, particularly around privilege managemetn and internet access, and the lack of patching is a convenient excuse. If "exploit Wednesday" is an issue for you, something is wrong.

In any non-trivial enterprise, Windows 10 has an operational model that's being rebuilt in flight. You need to exert a level of testing every six months that previous Windows versions required every 2 years, and you have to deal with the rubix cube of servicing editions of when a random feature that you care about is twiddled or taken away in Office or Windows.

Alot of the hard work and creative engineering that gives a near-legendary and seldom mentioned track record of backward compatibility in Windows is being squashed by poor release management. End of the day, we have computers to use as tools to do things, business comes first. The philosophy within Microsoft has changed in recent years, and now there seems to be an attitude that running Windows v.now is the primary mission of every Windows PC. That's truly an unfortunate thing in my eyes that makes me sad -- Windows is an amazing platform that could be so much better.


> Very much disagree. If you pay attention at all to security you'll always hear stories of that one client who hasn't done security updates in 3 months (or 3 days) and gets taken out by the inevitable "exploit Wednesday" shenanigans.

And if you read past the headline you find out that they had numerous other problems with their security practices that were actually responsible for them being compromised, because if "keep it up to date" is the extent of your security policy then you don't have a security policy. There are always exploitable issues in an OS, sometimes updates even introduce them (remember heartbleed? or that time Debian broke key gen?).

> From my experience as someone who has had 0 problems since beta

From your experience as someone with no experience dealing with issues caused by Windows Update, got it.

> Choose any other OS. Any OS at all that is sufficiently complicated as to compete with Windows (maybe as a starting point anything a tiny bit more complicated than ChromeOS). Then name a problem that's happened with Windows 10. I'll show something similar if not worse happening on the other OS you've chosen.

This doesn't mean that Windows 10 isn't bad, it just means that everything is bad.

> The problem, IMO, isn't the OS. It's the freedom the OS allows and the billions of different configurations you'll find out there.

The problem is the OS. If you have designed your OS in such a way as to make updating it a pain in the ass that's prone to breaking things, and turning updates off also a pain in the ass, then the problem is the OS.


I agree with the sentiment that "everything is bad". Computers are still in their birthing stage and full of problems. But Windows 10 feels like an improvement over any previous version of Windows at least. Which is really all we can ask for. A little too transitional/work in progress for some, I can see that (2 control panels? madness!), but otherwise pretty smooth.

But maybe it's also because I left computer support type roles and I haven't seen the nightmares like I did with XP/2000/Vista/7. But as an end user/casual security and IT watcher I can't complain too much (yet).

And as an anecdote the only problem I've had updating was the one large change to the audio stack they did (and needed to do-it's so much better). The huge issue that arose was I needed to unmute my headphones. Other than that I seriously have not noticed any update other than maybe seeing the % when I boot up in the morning. I keep track of when the big ones come so I can run O&O after those, but I really haven't even skipped a beat due to an update.


Lucky you. Meanwhile Microsoft has delayed the October update for the third time because of all the crap they keep breaking whenever they release it. Yesterday my boss and I had a conversation about just turning Windows Update off forever for our org because it's caused more trouble than pretty much anything we could think of as a consequence of not updating. This was brought up (again) because of several of our developers having their network cards randomly and inexplicably stop working and requiring a reboot to fix after 1809.

I will say that since Vista there has been a ton of improvement on the driver model, display system, network stack, audio stack (as you mentioned), and a few other relatively low-level pieces, but pretty much everything above that has been a continual shitshow of user-hostile bullshit and overly complex interlocking crapware.

Start Menu used to just be a menuized view of a folder structure, now it's some horrid amalgamation of junk that breaks whenever the Windows Apptore database gets corrupt, which is surprisingly often considering no one here even uses Windows Appstore apps.

Older Windows versions had their bugs, sure, but on the whole they cared a lot more about the user, about not breaking their shit and making sure their updates were actually worth applying. Microsoft has made it very clear since Windows 10 that they hate the user.


> someone who has had 0 problems since beta

Well, you really must be the only one then. Or perhaps the rebooting every other week for updates, sending around privacy sensitive telemetry information to the entire world and having Cortana use the most CPU cycles of all the apps installed is not a problem for you. Some people just accept whatever buggy stuff is thrown over the fence, and that's fine, but don't say there's nothing wrong with it.


I use O&O shutup 10 to shut down cortana, telemetry, and other minor annoyances (mostly because I like video games). Maybe that's why it's been so smooth?

And rebooting every other week? You mean on a very regular and predictable monthly schedule that was around for years prior to Windows 10's release? Not really a problem in my eyes. On my personal computer I shut it down nightly because it takes roughly 5 seconds to boot a computer these days. I can't even remember the last time I was aware an update happened.

The one problem I DID have that I was about to hate on Microsoft for was a flashing taskbar. Turns out it was entirely my fault for using a 3rd party junk program.


Neither was turning a security update service into a marketing channel. But Microsoft did it anyway.


How about, "don't use an OS that spies on you"?

Is that a good recommendation?


> Yep, which is why you disable Windows Update too.

Sounds like you haven't tried this because this solution doesn't work.


It does. I'm typing this on a Windows 10 system I leave on 24x7 and can't even remember the last time I ran an update. You have to use a third party tool like ShutUp10 or perform some undocumented config changes, but it can be done.

Of course, just like the telemetry, once you do update it'll get turned back on again and you have to do it all over again.


No.

Even if you succeed, the next update will likely bring back some of the stuff you removed, two additional independent monitoring tools using separate C2 domains/IPs hidden somewhere in your system (not necessarily the Windows folder either), plus three "repair" tools that try to find modifications to Windows files like the ones you made and revert them.


There is a tool to safely remove all Windows 10 telemetry. It's called Linux.


Great let me know when Linux can run the apps I need for work and I can reliably install it on any hardware and expect it to work without issue. I like Linux as anyone else around here, but to claim it can replace Win10 for the average user is a stretch.


>let me know when [...] I can reliably install it on any hardware and expect it to work without issue.

Consider yourself told, then. Linux works OOTB on pretty much all hardware, often better than Windows since it ships with all of the necessary drivers.

>to claim it can replace Win10 for the average user is a stretch

The average user can handle KDE Plasma just fine.


It’s definitely not full OOTB on any machine using Broadcom wifi/Bluetooth, and sometimes not even Ubuntu’s additional drivers tool is of no help — if you have no reasonable access to alternate network connections (hardwire, tethering, etc) you’re stuck ferrying around .deb files on thumb drives and such.

There are other less than ideal aspects of taking up Linux as well, but that one is on the top of my head because I’ve encountered it so frequently.


> you’re stuck ferrying around .deb files on thumb drives and such.

This has been the case on any Windows install not from an OEM install medium, which I never used because they're always modified with bloatware! Good luck getting Internet to work without a smartphone acting as cheap wifi bridge.


What was the last Windows you installed? Window XP?


Windows 7, for what it's worth. Laptop wifi and ethernet drivers.


From a usability perspective, sure. Ther are, however, tons of internally developed tools and applications running on client PC's in various businesses. Not all of those tools and applications work with Wine or Linux equivalents.

Source: Just had to install Windows for the first time in 8 years because we got bought by a competitor who use such software internally.


> Consider yourself told, then.

Oh, please enlighten me, Drew.

> Linux works OOTB on pretty much all hardware, often better than Windows

Are device manufacturers supporting Linux?

> since it ships with all of the necessary drivers.

No it doesn't, last time I checked to even get the recommended usb wifi module to work on Arch required downloading additional packages and compiling a kernel module.

> The average user can handle KDE Plasma just fine.

Cool let me know how you handle explaining why they can't run some exe they downloaded on your GNU/Linux setup, and when they complain that they're used to Microsoft Word not this LibreOffice stuff.


>Are device manufacturers supporting Linux?

Device manufacturers barely "support" Windows. If it works, then it doesn't need support, and it works.

>No it doesn't, last time I checked to even get the recommended usb wifi module to work on Arch

I don't want to hear an Arch user making any claims about the usability of Linux for the average person.

>Cool let me know how you handle explaining why they can't run some exe they downloaded

By explaining it. It's simple.


Cool let me know how you handle explaining why they can't run some exe they downloaded on your GNU/Linux setup, and when they complain that they're used to Microsoft Word not this LibreOffice stuff.

Mac users don't seem to have these problems.


>> since it ships with all of the necessary drivers.

> No it doesn't, last time I checked to even get the recommended usb wifi module to work on Arch required downloading additional packages and compiling a kernel module.

Compiling things yourself is the entire point of Arch. If you don't want to mess with things like these just use Ubuntu.


There's still no stable support for my thinkpads fingerprint sensor on a current fedora/ubuntu. Last time I checked, neither supported the built-in WWAN modem in my thinkpad, either. And I'm not even using any really exotic hardware and the T460s model isn't exactly brand new either.

Windows support works perfectly well for both pieces of hardware.


Okay. What about hardware that works better on Linux? Why do you assume that this issue strictly favors Windows?


There is very little standard (consumer) hardware that works better or exclusively on Linux (1). Due to market pressure, Windows drivers are widely available, but Linux is not necessarily (fully) supported. As another example: printers. Quite a few (even SO/HO) printers don't have proper Linux drivers. I can't reliably print double-sided on our office brother printer. Getting the networked scanner to work is a lesson in debugging. On MacOS and Windows: Trivial task. Just works.

(1) Keep in mind that the whole article is about consumer/end-user OS, not about server OS. I'd still bet that windows support is at least as widespread as Linux on servers.


> Due to market pressure, Windows drivers are widely available, but Linux is not necessarily (fully) supported

That sounds like something Microsoft would say back in the 90s.

> I can't reliably print double-sided on our office brother printer. Getting the networked scanner to work is a lesson in debugging. On MacOS and Windows: Trivial task. Just works.

I've seen many people over the years saying the same thing in the opposite direction: their stuff works better on Linux than on Windows. You're just assuming that Windows is always better based on your personal experience. In reality, vendors often push out poorly written Windows drivers in a hurry and move on. If you're lucky, you might be able to dig out an update from 7-pages-deep on a vendor's web site, and maybe it won't introduce a new bug that keeps you on the old one.

Neither side of that binary is useful. Instead, look at the hardware you need, see how well it's supported on the platform you use by looking at actual user reports, and don't make any assumptions.

However, one assumption you can generally make is that, if a driver is in the Linux kernel, and people are using it, it will continue working, because Linus doesn't tolerate regressions in code that's actually used.


> Cool let me know how you handle explaining why they can't run some exe they downloaded on your GNU/Linux setup

The same way you explain that they can't run a Windows exe on Mac?

> Are device manufacturers supporting Linux?

...Yes?

But even better, there are people other than device manufacturers supporting them--which means better drivers, because they aren't motivated by bare profit to ship a minimally functional driver ASAP and reassign all the programmers to model+1. This is why upstreaming is a good thing.

BTW, do you read LWN?


> Consider yourself told, then.

Nowadays I run mostly Ubuntu but before this attitude used to be a big turn off for me. When things manifestly don't work but the partisan chorus is acting like Linux is the most perfect thing ever then it is really easy to walk back out of spite. I run Linux because it's the least bad OS _for me_, it's still pretty bad in so many ways.

> often better than Windows

And often not. My experience with Linux drivers has always been only "tolerable".

> KDE Plasma

It's functional. But its design language (if it has any) is by far my least favorite one. I'd rather use Windows than use KDE.


It doesn't work well OOTB. This is just incorrect.

I've been using Linux/Unix for about 20 years now. There are still loads of things that just do not work and I really expect them to work.

I am not talking about specialist hardware. I am talking about things like a USB headset I have (works fine on Windows and MacOSX without having to install any additional drivers). Doesn't work on Linux.

I installed Slack using the deb package (on ubuntu). Won't start, no idea why. Just segfaults. So I have to use the browser version of slack.

X will still hang with certain applications. Sometimes I close the Lid and the laptop never wakes up.I still get screen tearing when moving windows around. This stuff was fixed years ago on Windows.

Now I could fix these things. However it hours of messing around when I could use a Linux VM on my Mac of WSL on Windows these days.

> The average user can handle KDE Plasma just fine.

No they can't. My friend (who can use Windows 7 just fine), when on my Linux PC and I have it setup pretty much like Windows and he couldn't work out how to open the web-browser. He isn't a dummy either. He has a masters in Aerospace Engineering and uses Matlab regularly. We are both 36 years of age.


>I installed Slack using the deb package (on ubuntu). Won't start, no idea why. Just segfaults. So I have to use the browser version of slack.

This is a problem with Slack, not with Linux.

>X will still hang with certain applications. Sometimes I close the Lid and the laptop never wakes up.I still get screen tearing when moving windows around. This stuff was fixed years ago on Windows.

Plasma, the desktop I recommended for end-users, has solved these problems. Years ago.

>My friend (who can use Windows 7 just fine), when on my Linux PC and I have it setup pretty much like Windows and he couldn't work out how to open the web-browser

I simply don't believe that you know someone who understands how to use Windows and yet couldn't open a web browser on KDE Plasma.


> This is a problem with Slack, not with Linux.

This the attitude I always get and it stinks. I have sitting on my desk at home an Amiga 1200 (released in 1994). I can download a lha archive with a program in it, extract it and run it. Amiga OS was cutting edge in 1987ish. I still can't do that with a popular flavour of Linux like ubuntu.

I don't think it is unreasonable to expect to be able to download a package from the internet that is marked as "Ubuntu 18.04", use the package manager to install it and for it to work properly.

There is also about 3 or 4 different methods (that are somewhat official) to install applications. Which is crazy.

This problem only exists on Linux.

> Plasma, the desktop I recommended for end-users, has solved these problems. Years ago.

Good for you. Not everyone is running the same setup.

The whole "Works For Me" attitude. Again this attitude stinks.

> I simply don't believe that you know someone who understands how to use Windows and yet couldn't open a web browser on KDE Plasma.

I still have some usage hangups on Windows since the Windows 2000 days and I have a lot of problems with newer versions of windows because I just get confused with the interface. It isn't that uncommon tbh. In the end I've learnt enough powershell now it not an issue for me.

For a developer such as myself it is easier to just install WSL, run a VM or use something like vagrant or Docker and just put up with the odd annoyances that Windows 10 presents you with.


> I don't think it is unreasonable to expect to be able to download a package from the internet that is marked as "Ubuntu 18.04", use the package manager to install it and for it to work properly.

That's preposterous. If you downloaded a random MSI marked "Windows [your version]", installed it on Windows [your version], and it crashed, you wouldn't blame Microsoft.

> There is also about 3 or 4 different methods (that are somewhat official) to install applications. Which is crazy.

And how many are there for Windows? Unzip a Zip file? Run an EXE installer? Run an MSI installer? Download and execute a launcher that downloads and runs the actual installer, and gives up completely and deletes the partial download at the slightest hiccup? Install a whole software management platform like Steam or Windows Store or...?

> This problem only exists on Linux.

That's absolutely absurd.

> The whole "Works For Me" attitude. Again this attitude stinks.

The whole "I found a problem in a vendor's app so I'm going to blame the entire OS and platform instead" attitude. This attitude stinks.

> I still have some usage hangups on Windows since the Windows 2000 days and I have a lot of problems with newer versions of windows because I just get confused with the interface. It isn't that uncommon tbh. In the end I've learnt enough powershell now it not an issue for me.

Your buddy couldn't (or wouldn't?) click through a few menus or type "browser" into the KDE equivalent of the Start Menu, and you cite that as a problem in Plasma, and then say that you prefer PowerShell?

Bizarre.


> That's preposterous. If you downloaded a random MSI marked "Windows [your version]", installed it on Windows [your version], and it crashed, you wouldn't blame Microsoft.

No. This is the fundamental misunderstanding of the point I was making. So I am going to make it crystal clear. The problems I've had with installing slack, I've had with Spotify, Steam, Dropbox and there are quite a few others I am sure I've forgotten.

If you create a program for MacOSX, Android, iOS etc. You can be sure that there are certain APIs available to you and you can be pretty confident that your program is going to work if built against those APIs. Your users can be confident if they download your application there is a pretty good change it is going to work.

Sure with Android there will be device specific issues, or if it is a Windows PC they may have faulty hardware or a bad installation. However the chances that the application is going to work is much higher than GNU/Linux because fragmentation in what the user base runs is much lower. That is just the reality of the situation.

Nothing remotely equivalent exists for Linux. Have the wrong distro ... there probably isn't a package. Have a slightly older distro ... There probably isn't a package for you.

Even with attempts such as Flatpack, SnapStore etc. The same situation is present. This is because of the nature of any GNU/Linux distro is that they are all fragmented in terms of underlying libraries, kernel versions, UI versions, package managers etc.

It is a mess. It will always be a mess as long as people don't recognise it as a real problem. I doubt it will get solved in our lifetimes.

If you want to make smart ass remarks about it while ignoring the real issue so be it.

> The whole "I found a problem in a vendor's app so I'm going to blame the entire OS and platform instead" attitude. This attitude stinks.

Thanks for taking me out of context. I was specifically talking about user environments which are supplied by those who control the distro. Please don't be disingenuous.

> Your buddy couldn't (or wouldn't?) click through a few menus or type "browser" into the KDE equivalent of the Start Menu, and you cite that as a problem in Plasma, and then say that you prefer PowerShell? Bizarre.

People become familiar with certain user interfaces. Saying that everyone should just understand how to use a new interface even if it mimicks (btw poorly) another OS which is ubiquitous really shows that their lack of touch with the majority of users.

Lots of users can have real problems moving between versions of one application. That why user interface guidelines, best practices, user testing and user interface design are its whole own field in this industry. Pretending because something looks superficially the same means that someone should be able to use it is ridiculous. Also KDE Plasma it doesn't really look like Windows or works like it, KDE plasma UI is what happens when a teenager that has just learnt how to use Photoshop effects tool has gone mad with gradients and bloom effects, the whole thing is a mess visually.

In response to powershell comment. It is normally easier to just learn a shell like bash on a *nix system and just use that then try using the absolutely awful UIs they normally provide you with. The same is true with Modern Windows. Each time there is a update to Windows 10 they have changed the location of some control panel option for the umpteeth time. So I already know how to use powershell and install the management tools, it is normally easier FOR ME to use that rather than try to navigate the labyrinth of control panel options.


> No. This is the fundamental misunderstanding of the point I was making. So I am going to make it crystal clear. The problems I've had with installing slack, I've had with Spotify, Steam, Dropbox and there are quite a few others I am sure I've forgotten.

It's not a misunderstanding at all--you're explicitly blaming the platform, and your subsequent comment does just that:

> Even with attempts such as Flatpack, SnapStore etc. The same situation is present. This is because of the nature of any GNU/Linux distro is that they are all fragmented in terms of underlying libraries, kernel versions, UI versions, package managers etc.

Meanwhile, millions of Linux users have no problems with Steam or Dropbox. But you have unspecified problems, and therefore Linux is bad.

> Nothing remotely equivalent exists for Linux.

That's simply false. If you are being honest, then you don't know what you're talking about.

> Have the wrong distro ... there probably isn't a package.

So then use a popular, supported one. Packages for RHEL/CentOS, Fedora, Debian, Ubuntu, and even SuSe are nearly ubiquitous. If you freely choose to use obscure, forked-3-levels-deep Bob's Linux 2018, don't complain that there's no bespoke package for arbitrary software you want. That's silly.

> Have a slightly older distro ... There probably isn't a package for you.

Also false. Most vendor packages are for years-old LTS releases. If you've actually tried this, you should know this.

> Even with attempts such as Flatpack, SnapStore etc. The same situation is present. This is because of the nature of any GNU/Linux distro is that they are all fragmented in terms of underlying libraries, kernel versions, UI versions, package managers etc.

Bizarre. Flatpack and Snap are specifically designed to solve that problem, but you claim that they have that problem. Why are you saying these things that are patently untrue?

> It is a mess. It will always be a mess as long as people don't recognise it as a real problem.

It's just weird that you say "as long as people don't recognize it as a real problem" immediately after mentioning attempts to explicitly solve the problem. Are you writing these words seriously?

> I doubt it will get solved in our lifetimes.

Meanwhile, millions of people happily continue using their Linux desktops. And millions of people continue using Windows, suffering all of its problems, such as not actually being in control of their own machines anymore (it's amazing how far Microsoft has fallen just since Windows 7).

> If you want to make smart ass remarks about it while ignoring the real issue so be it.

Your words agree with neither my comments nor your own. Bizarre.

> Thanks for taking me out of context. I was specifically talking about user environments which are supplied by those who control the distro.

Not out of context at all. You're blaming the platform instead of the app vendor.

> Please don't be disingenuous.

Please don't project. You say A in one sentence and not-A in the next. You don't even seem to agree with yourself.

> People become familiar with certain user interfaces. Saying that everyone should just understand how to use a new interface even if it mimicks (btw poorly) another OS which is ubiquitous really shows that their lack of touch with the majority of users.

You're saying that an aerospace engineer can't, in a few seconds, click what appears to be a Start Menu-like menu in the Start Menu place, type "browser" into the box labeled "search", and find "Firefox Web Browser"? I don't believe you. If he can figure out how to make an aircraft fly, and use complicated fluid dynamics modeling software, he can figure out how to launch Firefox. Going from Windows to Plasma is no more complicated than going from Windows 7 to Windows 8 and 10--in fact, probably much simpler, considering the enormous UI changes Microsoft made. And it's claims like this that suggest it's you being disingenuous.

> Lots of users can have real problems moving between versions of one application. That why user interface guidelines, best practices, user testing and user interface design are its whole own field in this industry.

Then you ought to be heaping criticism on Microsoft for Windows 8 and 10. How many times have I seen someone move from Windows 7 to 8/10 and say, "I can't use this UI, it's awful!" Instead you act as if Linux UIs are uniquely problematic.

> Pretending because something looks superficially the same means that someone should be able to use it is ridiculous.

"A imitates B, but you can't expect people who are accustomed to B to be able to actually use A." Bizarre.

How many times I've heard someone say, "I installed Ubuntu on my 80-year-old grandma's computer and haven't heard her ask for help since. She barely even noticed a difference. She uses the Web and everything." But your hypothetical aerospace engineer can't launch Firefox. Ah, anecdotes.

> KDE plasma UI is what happens when a teenager that has just learnt how to use Photoshop effects tool has gone mad with gradients and bloom effects, the whole thing is a mess visually.

Now this is where I agree with you. I don't like the default Plasma themes. That's been a problem since KDE 4. But that's superficial. You can change all that. With Windows and Mac, you can't--you can take it or leave it. "But that's complicated, users won't want to do that"--beside the point: they can. Windows has an ugly mess of a UI, and you can't fix it. That's where you ought to be complaining.

> Each time there is a update to Windows 10 they have changed the location of some control panel option for the umpteeth time. So I already know how to use powershell and install the management tools, it is normally easier FOR ME to use that rather than try to navigate the labyrinth of control panel options.

Understandable. A few scripts can make life a lot easier on Windows.

> In response to powershell comment. It is normally easier to just learn a shell like bash on a *nix system and just use that then try using the absolutely awful UIs they normally provide you with.

I'm not a fan of the default UIs, but for an average user, they're certainly more usable and discoverable than looking up shell commands. This is another example of the inconsistency of your complaints. You seem to be complaining about 5 different problems at the same time, mixing them all together.


Oh great a comment pyramid. I am not going to answer this point by point because I will be here for the next few days.

> Meanwhile, millions of Linux users have no problems with Steam or Dropbox. But you have unspecified problems, and therefore Linux is bad.

I doubt it is Millions tbh. At my last contract I knew 3 other developers that could use Linux in a building of 100s of developers.

Even if it does work (most of the time) you get shitty problems like this:

https://askubuntu.com/questions/732967/how-to-fix-non-workin...

BTW that problem still exists (last time I checked was 18.04).

Yes Linux is bad because simple problems that have been solved even on obscure platforms such as Amiga OS have less compatibility problems than Linux based operating systems between versions of the OS. I have an Amiga 1200 running version 3.9 of the OS which was released over 20 years ago probably and I have no problems installing things like web browsers, games, network stacks (Amiga OS didn't have one at the time) and all sorts of other software.

> Please don't project. You say A in one sentence and not-A in the next. You don't even seem to agree with yourself.

It is called nuance. I am trying to convey an idea. You are trying to be right. The former is being an adult, the latter is childish.

> So then use a popular, supported one. Packages for RHEL/CentOS, Fedora, Debian, Ubuntu, and even SuSe are nearly ubiquitous. If you freely choose to use obscure, forked-3-levels-deep Bob's Linux 2018, don't complain that there's no bespoke package for arbitrary software you want. That's silly.

I almost exclusively use Debian based (Ubuntu normally) or Redhat based (CentOS / Fedora). So again you are mis-representing what I was saying.

> Not out of context at all. You're blaming the platform instead of the app vendor.

Yes it was as I was clearly responding to what I quoted which was about hardware support not software support. This is clearly disingenuous.

As we are on the subject now. I am blaming the platform because there is massive amounts of fragmentation caused by lack of standardisation. You will have better luck herding cats. Compare that to something like Windows, iOS, Amiga OS, Android etc. Which have well documented APIs that are supported for years, so applications just tend to work between versions.

Also Apple and Microsoft don't throw away a whole desktop environment's code every 5 or 6 years. I remember the Gnome 2 -> 3 mess. I also remember the KDE 3 to 4 mess and I just use XFCE when forced to use a Linux machine now as they don't seem to lose their collective minds every few years.

I've been using Linux now for 15 years. I've given up with it. They could fix every complaint I have tomorrow and I won't give a damn, I am done with it.

> You're saying that an aerospace engineer can't, in a few seconds, click what appears to be a Start Menu-like menu in the Start Menu place, type "browser" into the box labeled "search", and find "Firefox Web Browser"? I don't believe you. If he can figure out how to make an aircraft fly, and use complicated fluid dynamics modeling software, he can figure out how to launch Firefox. Going from Windows to Plasma is no more complicated than going from Windows 7 to Windows 8 and 10--in fact, probably much simpler, considering the enormous UI changes Microsoft made. And it's claims like this that suggest it's you being disingenuous.

I sure he could if given the time. However the vast majority of people wanna get on with their life and not have to relearn where to find things in a UI. I have problems using Visual Studio on someone else machine running the same version of Visual Studio because I have the 2005 key bindings enabled, I can struggle along using the newer keybindings, but I am using the interface at about 30-40% of the speed I can normally use it at.

Comments like this demonstrates how out of touch Linux users are with the regular computer user. It reminds me of the time when Richard Stallman said on a mailing list he emailed web pages to himself using some cron job or something equally as ridiculous, then on the FSF page he writes a long lecture about the evils JavaScript Minification when he doesn't even use a web browser.

> Then you ought to be heaping criticism on Microsoft for Windows 8 and 10. How many times have I seen someone move from Windows 7 to 8/10 and say, "I can't use this UI, it's awful!" Instead you act as if Linux UIs are uniquely problematic.

https://en.wiktionary.org/wiki/whataboutery. :rollseyes: PLEASE!!

"There are more murders over there so the murders over here don't matter".

This is the last time I will respond to you. You have mis-represented me several times now and the number of fallacies present here is hurting my brain. Bye.


> Even if it does work (most of the time) you get shitty problems like this:

> https://askubuntu.com/questions/732967/how-to-fix-non-workin....

> BTW that problem still exists (last time I checked was 18.04).

Another example of blaming the platform instead of the app vendor. I also suffer from this problem with Dropbox. It's entirely Dropbox's fault for being lazy, ripping out working code, and refusing to fix it despite users begging for years. Dropbox hasn't been a user-focused (at least, non-enterprise-user-focused) company for a long time now. I hope a good alternative becomes available soon.

> Also Apple and Microsoft don't throw away a whole desktop environment's code every 5 or 6 years. I remember the Gnome 2 -> 3 mess. I also remember the KDE 3 to 4 mess and I just use XFCE when forced to use a Linux machine now as they don't seem to lose their collective minds every few years.

I agree with you completely here. The KDE 3-to-4 transition was awful. GNOME is even worse. This is known as the CADT problem. This is why I advocate for software stewardship, doing what's best for the community and the users rather than reinventing the wheel over and over. The TDE project (forked from KDE 3.5) is very interesting and inspiring here.

> I sure he could if given the time. However the vast majority of people wanna get on with their life and not have to relearn where to find things in a UI. I have problems using Visual Studio on someone else machine running the same version of Visual Studio because I have the 2005 key bindings enabled, I can struggle along using the newer keybindings, but I am using the interface at about 30-40% of the speed I can normally use it at.

Of course, I don't like pointless churn either. But here again you're conflating problems: a new version of Visual Studio, made by the same company, and different desktop environments made by completely different groups. I don't think it's reasonable for you to expect KDE or GNOME or whoever to exactly reproduce Windows or any other UI. Even Microsoft isn't being consistent from one version to the next. So, again, you seem to be holding Linux (the wider Linux-based software world) to a different standard than proprietary software. That's not fair.

> Comments like this demonstrates how out of touch Linux users are with the regular computer user. It reminds me of the time when Richard Stallman said on a mailing list he emailed web pages to himself using some cron job or something equally as ridiculous, then on the FSF page he writes a long lecture about the evils JavaScript Minification when he doesn't even use a web browser.

RMS is quite eccentric, yes. I disagree with him on a lot of things. At the same time, I respect and appreciate what he has done for the FOSS world. I suspect that, without him, we wouldn't have as much "Free Software" as we do now.

I'm not so out-of-touch as you think. I'm well aware of how things work in the Windows-using world, and how non-techie users use computers and what they expect.

My point is that you can't have everything. You can't expect projects like GNOME or KDE to be like Windows just to satisfy potential former Windows users. No one's paying them (generally) to do so. And you seem to be holding FOSS projects to a certain standard, but allowing companies like Microsoft to violate it, just because they have more users. That's not reasonable.

> "There are more murders over there so the murders over here don't matter".

But don't you see: that's just what you're doing from the other direction. You complain about problem X on Linux, but ignore the same problem on Windows. You're being unreasonable.

> I've been using Linux now for 15 years. I've given up with it. They could fix every complaint I have tomorrow and I won't give a damn, I am done with it.

Since you seem very emotional about it, I guess it's not surprising that you're being unreasonable about it.

BTW, saw some of your comments about capitalism and Marxism. They were good. Keep speaking the truth (serious, not sarcastic).


So why isn't everyone using it then?


Do you really need this answered? Because their computer comes with Windows pre-installed.


Yes, I really do. Why don't more computers come with Linux pre-installed? If Linux is such a great replacement for Windows, why has it made very little gains in replacing Windows? Is it all somebody else's fault and has nothing to do with the usability of Linux?


Because money = influence. Linux has none and Microsoft has lots. It's really that simple.


There has got to be more money in Linux than Windows since the majority of servers are running it. The problem is Linux doesn't see user experience as anything that is necessary. When it does (ubuntu, et al) it thrives....but many of us have been waiting since the 90s for everything to "work" on Linux without having to screw around.

People love it when things just work and for many of them Apple and Windows do just that.


I'll have to disagree with that. Linux has significant usability problems, and pretending that it has none is not going to help anyone.


Enumerate some of them?


How about unstable apis to anything outside the kernel[1].

Or, more personal, on this laptop I get shorter battery life (I have it plugged in most of the time so it's tolerable), sometimes it doesn't wake up so I have to always shut it down (tolerable) and bluetooth headset doesn't work (I use wired ones, so tolerable again).

[1]https://www.youtube.com/watch?v=5PmHRSeA2c8&t=5m40s


> Or, more personal, on this laptop I get shorter battery life (I have it plugged in most of the time so it's tolerable), sometimes it doesn't wake up so I have to always shut it down (tolerable) and bluetooth headset doesn't work (I use wired ones, so tolerable again).

I hear the same problems about MacOS on brand new Macbooks.


>How about unstable apis to anything outside the kernel

Oh yes, the classic usability problem for the Average User, how could I forget /s

>on this laptop I get shorter battery life >bluetooth headset doesn't work

Better points. I also have had issues with bluetooth audio on Linux. Battery life less so.


> Oh yes, the classic usability problem for the Average User, how could I forget

It becomes usability problem for your users when it becomes too burdensome for ISVs to port their software on your fractured platform. It the whole raison d'etre of technologies like snappy, flatpak or docker that now try to patch this problem.


Is there any point? It seems like you're convinced enough that nothing can ever change your mind. So I'm fine with just disagreeing and leaving it at that.


> Why don't more computers come with Linux pre-installed? […] Is it all somebody else's fault

That coquetry of ignorance wasn't cool on Slashdot twenty years ago, what makes you think it's acceptable here?

Microsoft's actions, for which they have been convicted in courts of law all over the world, have set back desktop computing by two decades. A PC clone with e.g. BeOS on it could not be had for money or good words, and the reason was precisely because they killed off competitors with their anti-capitalist, anti-consumer stranglehold on the vendors and markets before the competitors even had a chance to show their quality or lack thereof.

Linux' boon was that it by-passed that system, thriving from the figurative grass roots. It makes little sense – merely in order to take it seriously – to demand to be able to buy a pre-installed Linux.


I'm sorry if I come across as obtuse, but I just need to understand this clearly. Is it your belief that the low usage of Linux has nothing to do with Linux itself?


Is it your belief that it has nothing to do with Microsoft's misdeeds?


Of course it has lots to do with Microsoft's fuckery. I don't think it's a binary choice. Can you answer my question now?

Edit: Sorry, misread the author. Thought you were the same as I asked the original question. Nevermind that.


Linux doesn't work on pretty much any new laptop with a hybrid graphics card without editing kernel options at boot and such... and even then the drivers are bad compared to Windows.


>Great let me know when Linux can run the apps I need for work and I can reliably install it on any hardware and expect it to work without issue.

About five years ago? More?

I've definitely had more issues installing Windows than Ubuntu on random hardware in the last five years.


> let me know when Linux can run the apps I need for work and I can reliably install it on any hardware and expect it to work without issue

Did you ask the respective vendors? It's you who is giving them money; it's on you to ask for what you want. If you don't ask, the sales teams do not know what to work with.


> Great let me know when Linux can run the apps I need for work and I can reliably install it on any hardware and expect it to work without issue.

WINE is pretty decent these days. For what its worth it's even usable for gaming on Macs! (Okay, there only if you stick to older games, but there's no Fallout better than New Vegas anyway)


No one is claiming that. They are claiming that if you want an OS that doesn’t spy on you, is secure, and open to inspection then learn to use Linux. Or, to move even further towards security, openBSD.


If users are not willing to face some discomfort then they're welcome to keep getting abused by MS like this, as there is no disincentive not to.


> It's called Linux.

It's called GNU/Linux. :-)



Pi-hole seems to block windows telemetry domains by default. I don't know how complete the blocking is but there are a lot of domains like the ones listed in this thread on my top blocked domains list.


My experience testing multiple tools on VMs (mostly recommendations from reddit), eventually deciding on one that seemed to work as advertised and installing it on my primary PC, says definitely not. Initially I saw a drastic reduction in outgoing traffic to MS/akadns, but after a couple months it ramped back up again... as someone else mentioned above, a lot of telemetry tools are reactivated/reinstalled via Windows Updates. I seemed to have completely nuked SMB in the process as well.

I never saw any outbound traffic to microsft.com, I wonder if it's because they are using the German version?


Not sure, I tried doing it myself once and it was a rabbit hole of scripts and changing obscure settings in the command line.

After somewhere between 12-18 hours of solid work there was still so much left open, and I came to realize it's simply impossible to have a copy of Windows 10 that doesn't spy on you in some way.

For example, hardware profiling. Attach a printer to Windows 10, Microsoft will receive the hardware ID. Sell the printer on craigslist. A political party uses it to print propaganda that is considered illegal. Don't be surprised when the police are at your door in two weeks.

With support for Windows 7 Professional ending in 2020, I'm not sure where to go from here. I can just hope that VR and similar recent tech is fully realized on Linux or Linux+Wine in that time.


With support for Windows 7 Professional ending in 2020, I'm not sure where to go from here.

Maybe you'll be able to do what some folks did with Windows XP and use a registry hack to trick Windows into receiving security patches for Windows Embedded POSready 7, which is the embedded Point-Of-Sale version of Win7. This is going to be supported until 10/12/2021. Of course, this is a very fragile and hacky solution that I would be unwilling to use on boxes running important stuff.

I'm in the same quandary and I think I'm going to just disconnect all my Windows 7 boxes from the Internet on the end date. Although a bit of a bother I will still be able to do my music production, games and graphics stuff without Internet access, and all the day-to-day Internet stuff I can migrate to Linux. Maybe use disposable Windows 7 VM's for random lightweight Windows-only stuff.


As it is, I run Windows in a VM with IOMMU, firewalled incoming connections, host-level VPN, etc., passing through a Geforce 1080 for direct access, and I only use it for specific purposes. Everything else is done in other VMs that run Linux. It's a similar setup to Qubes.

I also do music production and graphics and game programming in Windows, so I'm totally with you on how fucked this is going to be in a year. One of my biggest issues is that I know for a fact my fb2k visualizer doesn't work under Wine.

One possible solution I've thought about for using a non-networked W7:

* Set up a separate VM with allocated storage that gets broadcast as a set of read-only local network drives

* Add both W7 and this VM to a private network without net access

* Access the netdrive on W7 and copy any files with which you need write access to a W7-only storage partition.

Seeing as how we seem to have similar use cases, I'm happy to give you some pointers on setting up something similar to what I have.


Ableton is literally the only thing keeping me tied to Windows. Also I don't like Apple with all their user-hostility, so I'm not sure what I'll do later.

I don't want to dual-boot. I investigated running Ableton in a VM but I'm just not convinced it'd work well, Linux support for audio is so flaky, I can't believe it'd handle low-latency ASIO stuff.


I use Ableton in a VM and it works great, but I wouldn't use it for live performances just to be sure. I haven't 100% eliminated all crackling yet. If I had more cores and moved Windows to a separate SSD, then I think that would completely get rid of crackling. Crackling only happens because of DPC latency, cache misses, or heavy write operations outside of the VM.

I pass through a dedicated ASIO-compatible soundcard, dedicated GPU and dedicated USB controller which takes care of most of the DPC latency and latencies due to USB host translation.

I lock down my cores in such a way that Windows has access to three physical cores and my host machine has access to only one. They don't share. This heavily reduces CPU cache misses.

I use hugetables to prevent memory-related issues. Though that's more for gaming.

There are a bunch more tiny optimizations I've made that also contribute to its viability.

My latency is just about as good as it's going to get with Windows vs Mac.

Happy to help you achieve a similar setup.


> Happy to help you achieve a similar setup.

Thanks, I might take you up on that. A dedicated GPU might be a step too far though.

What VM host software are you using?


It really helps with DPC latency issues, though. You could get a pretty cheap one like an RX 550 or Geforce 1030.

I'm hosting on a libvirt/qemu/kvm stack with virt-manager as my interface.


I'd be fine with having another GPU, but the problem for me is that as I understand that would mean that only Ableton can be on that monitor. I'm just a music hobbyist and I like to switch between web browser/vlc/whatever and Ableton while I'm just screwing around. That was one of the reason I didn't really want to dual boot. I'm not just entirely focused on Ableton, I just muck around for fun while I'm doing other stuff.

Can you have a separate GPU doing the graphics processing for a VM in a window on a different GPU? Hope I explained that ok.

What I'd like ideally is to have my cake and eat it too - to be able to run Ubuntu, but have Ableton running just like a native window - so I can move it to any monitor, minimize it, etc. Of course if that's not possible then that's the way it is and I have to accept it.

Another problem I'm thinking about is that I won't be able to passthrough the soundcard to Windows and still have sound coming out of it from Ubuntu - so I'd need to use a second soundcard and then have a mixer to combine their outputs!


Oh, ok. I guess I shouldn't just assume everyone has a multi-monitor setup.

If you're only using one monitor, then yea the easiest thing will be not passing through a card and just trying to reduce the various related latencies as much as you can.

The latency would be prohibitive for things like some games or video processing work but you could probably have an good experience with Ableton. And of course it's an iterative process, down the line you could decide you do want that extra monitor.

What kind of processor do you have?

> What I'd like ideally is to have my cake and eat it too - to be able to run Ubuntu, but have Ableton running just like a native window - so I can move it to any monitor, minimize it, etc.

Spice unfortunately doesn't have Seamless/Rootless window mode implemented yet (it's a pretty big undertaking) though it is planned eventually.

Even with Xen, where you could have paravirtualized windows that do exactly what you're describing (it's fantastic), it's only available for Linux VMs.

That said, I've heard of people wrapping apps as Windows RemoteApps and achieving seamless windows that way. There's a detailed guide explaining the process but expect to get your hands slightly dirty [0]. I haven't tried it myself so I can't offer any assistance there. However, it seems easy enough and the result looks very satisfying.

> Another problem I'm thinking about is that I won't be able to passthrough the soundcard to Windows and still have sound coming out of it from Ubuntu - so I'd need to use a second soundcard and then have a mixer to combine their outputs!

libvirt has emulated audio devices that work quite well. It should for the most part be seamless, but there is definitely a noticeable latency. This latency can be reduced but for me it wasn't enough. Also, this can be a big source of DPC latency which causes audio crackling.

You're right about both points: You can't share one soundcard with Windows and Ubuntu at the same time (if you want minimal latency) and you will need a second soundcard. If you only have one set of speakers and don't own separate monitors for Ableton (definitely worth investing in), you could use a cheap Y-cable at the cost of reduced max volume, and a slightly higher noise floor. A mixer would be the best longterm investment for the best sound,but depending on your budget/requirements for a mixer, a pair of monitors might not be much more.

Again, this is an incremental process. You can start with what you have and improve the experience slightly each month with a new purchase.

[0]https://bmullan.wordpress.com/2012/09/17/howto-integrate-win...


Thanks a lot for the info.

I've got an i7-8700k with a lot of RAM so it should be up to the task.

I do have multiple monitors but I would rather not use Ableton exclusively on one monitor if I can avoid it. Hmm, actually, thinking about it now, I could just use multiple HDMI inputs on the main monitor and switch when I need to. Actually that could work.

Also I do have an old mixer that I could use. At that stage things are becoming messy and complicated, but I guess that's the cost of getting things to work exactly as you want.


> I could just use multiple HDMI inputs on the main monitor and switch when I need to

That's perfect if you have multiple inputs. If you don't, a simple KVM switch would do the trick too. Unfortunately they're a little pricy for HDMI due to low supply/demand.

I have a soundcard primarily for offloading as much audio processing from the CPU as I can. Music playback of high-bitrate files is far from perfect even when you're using a soundcard, with frequent crackling, but using WASAPI mode all but completely clears up crackling when I play music.

It's also worth noting that if your passed-through GPU is decent enough, you can just use the HDMI as an audio source.

I also have a USB audio interface for my mic and instruments, directly connected to a passed-through USB controller instead of using the soundcard inputs, which helps reduce the noise floor.

Having a dedicated USB controller is very important for reducing latency. A lot of computers nowadays come with at least two, but if you have one then you'll need to get a cheap but reliable USB PCI card. And you have to be careful selecting which chipset because not all of them support Function-Level Reset which means you can only pass through once before needing to restart your computer, and not all of them correctly implement Message Signaled Interrupts which means you could have problems passing through certain configurations of PCI devices.

From here, my next plan is to purchase one of these[0] which may mean I don't even need a soundcard for output at all. It might be the best solution for virtualization right now in terms of latency and offloading processing from your CPU.

However the soundcard might still be necessary if this DAC doesn't support processing at different bit-rates on the fly. Currently my setup allows for me to play songs with different bitrates at their natural bitrate when using WASAPI, preventing the need for downsampling or upsampling. Reaaaaally noticeable with things like raw video game MIDI formats where different bitrates sound completely different.

Your processor should be fine, my 6700k and 16GB of RAM are plenty. Though if we weren't still in a NAND shortage I would upgrade to 32GB.

https://www.amazon.com/gp/product/B00LP3AMC2/ref=ox_sc_saved...


You could set up the proxy for (not Microsoft) web browser on your router and disallow all the traffic forwarding other than going via that proxy.


See chapter 3 of the linked German paper

> https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Si...

for other suggestions. The variant with an HTTP proxy is described in section 3.2.1.


As far as I can tell, what they do with proxy is 'allow all, disallow telemetry' policy. That's not what seem to work reliably, because Microsoft is free to change everything at any second, and the 'telemetry' list is moving target. What I'm talking about is 'disallow all, allow the traffic from Firefox only' basically.


> That's not what seem to work reliably, because Microsoft is free to change everything at any second, and the 'telemetry' list is moving target.

Principally, you are right. But keep in mind that the paper refers to Windows 10 LTSB 1607. It would surprise me a lot if Microsoft changed the telemetry servers for a Long Term Servicing Branch release.


A couple of years ago, I would agree with you, considering the fact that enterprise customers with volume licenses and huge investments in Microsoft infrastructure are bread and butter for Microsoft, and the foundation of that is trust between those enterprise customers with platinum support contracts and Microsoft.

But nowadays I don't know. Microsoft is moving to Azure and 'freemium' data-collecting based business so fast, and breaking so many things.

Anyway, the 'disallow all, allow only Firefox' have additional benefits in that it's prevents any 3rd party software from phoning home or something worse. The obvious downside might be the inability of those 3rd party software to auto-update itself.


Yeah, it’s called “installer for another OS”


For Windows. That should be part of the title.


> Windows 10 telemetry

...


Perhaps someone changed the title...


They did, it was something else before


Windows Tenlemetry


Slightly off-topic, from one of the comments to the original article:

> as a foreigner living in Germany you definitely see a big difference when it comes to web privacy. One thing I found surprising is that many German people will use nicknames on social sites like Facebook as to not reveal their identity online.

It has more to do with common sense, doesn't it? Unless you want to promote yourself, you will probably want to use a nickname, and change these nicknames from site to site so that an individual or organization targeting you for whatever reason can't reveal your identity and do any real harm. A reasonable person doesn't shout it on the rooftops where they live, how wealthy they are, what they kids look like and so on. And yet, this is what people do when posting things online while using real names (as required by Facebook and a couple of other companies).


Is there any way for getting an alert every time any program wants to access any IP/domain and let me decide if I let it pass or block it.


You made me look. Apparently, there is a tool on Windows called NetLimiter (https://www.netlimiter.com) that can do this. Discussion: https://superuser.com/questions/261440/whats-the-closest-equ...


I am going to wait for Windows 11 before giving up Windows 8.1


Will MSFT act surprised when the inevitable GDPR fine comes?


Holy shit, there's not a single useful comment in this entire thread


How sure are we they found everything?

Did they have official source code to work from, or documentation only, or did they disassemble binaries?


I've never seen downvotes used as a tacit admission before.


to be fair every OS can and does do telemetry, say nothing about each software application calling back home in a similar way - such feedback helps speed up improvements however linux OS makes explicit notice of this and its simple to disable


There is 0 opt-out telemetry in most (all?) major flavors of Linux.

But there's an even more important issue here. Even if there were some form of telemetry in Linux you'd be able to see exactly what it's collecting and where it's sending it since the OS itself is open source. I do not think many people are mostly okayish with purely diagnostic telemetry, but it's not clear exactly what Microsoft is collecting and their transition to a sort of 'free to play' style of OS does not lead one to the most optimistic views for either the type data they're harvesting, or their intended use for such data.


> Even if there were some form of telemetry in Linux

At least for Debian, at install time it does ask you if you want to participate in the "popularity contest" apt telemetry. But, on the other hand, it's opt-in with the "no" option preselected.


Saying "Linux does telemetry" is wrong. I'm not usually one of those "Linux is just a kernel!" types, but, in this case, it's very important to distinguish between the kernel, which does no telemetry, and the whole enchilada, which might.

In short: If you can find me any on-by-default telemetry in Slackware, I'd be very interested.


> such feedback helps speed up improvements

Recent MS "improvements" indicate things should not have been sped up.


Which is why of all of those the only one that does it remotely right is Linux.

Developers and businesses in particular have grown complacent with flagrant and repeated usurpation of their user's expectations of privacy. It needs to stop.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: