Hacker News new | past | comments | ask | show | jobs | submit login

We don't know if this is a security update or not.

This is an article, about an article, about a blog post, about a random comment. Someone grabbed the update's file change list, spotted files used by the Customer Experience Improvement Program (CEIP) and then said that because those files were updated that this security update "added telemetry."

Problem is that those files previously exist on Windows 7 as part of CEIP and may require legitimate updates (inc. security). You still need to opt into the CEIP so that telemetrics are sent to Microsoft, and there's no proof that this update has changed that.

I guess what I am saying is: There could be a story here, hypothetically, but this article lacks enough information to say that there is. This could be a legitimately security update to an unpopular part of the Windows 7 OS.




You're spreading baseless FUD about the article.

They are telemetry files that previously non-security patches have attempted to add on multiple occasions[1].

$ cat 4507456.csv | grep -i telem Appraiser_telemetryrunlist.xml,Not applicable,"71,958",17-May-19,16:16,Not applicable,None,Not applicable Appraiser_telemetryrunlist.xml,Not applicable,"71,958",17-May-19,16:17,Not applicable,None,Not applicable File name,X86_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.24490_none_89e278f970fa1943.manifest,,,,,, File name,X86_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.24490_none_0a5a1cf1c1a22732.manifest,,,,,, File name,Amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.24490_none_e601147d29578a79.manifest,,,,,, File name,Amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.24490_none_6678b87579ff9868.manifest,,,,,,

[1]: https://www.computerworld.com/article/3065380/mystery-solved...


They’ve pulled these tricks so many times before they are not getting the benefit of the doubt from me.


> benefit of the doubt

OP's point was that ZDNet is stooping a bit low here by journalistic standards. In this case, it appears there's not enough evidence to publish a "question headline" -- much less question whether they deserve some benefit of a doubt.

We all know MS and others have engaged in questionable behavior - but at least wait until there's something substantive before publishing.


No, publish now, and let Microsoft's PR machine reveal itself. We could learn so much.


So you'd rather push fake news, rather than see if the report substantiates.


Are you referring to Microsoft or ZDnet?


Just stop defending this company please, they tried this a lot and look at how much telemetry they managed to get into windows and other products nowadays.

I can't listen to this naive way of dealing with these companies anymore. Use it if you want and also use it for your business but don't complain afterwards that someone stole something important etc.


> Just stop defending this company please...

As an interested but unaffected observer, I'd just like to understand accurately the state of things. It's quite right[1] to call out biased reporting that misrepresents the facts, fails to cite evidence of claimed facts, or that misrepresents speculation as fact, since otherwise all we get is "fake news" and lynch mobs, which just polarises the population and helps nobody.

If you have a problem with a rebuttal, then argue against it on the basis of what it said, please, rather than on the assumption that it is automatically wrong based on previous history.

It's fine (and perhaps even appropriate) to speculate in a biased way on unknowns based on previous history, but that doesn't in any way invalidate proper journalism based on seeking the facts, and the two should not be conflated.

[1] In principle. You seem to be arguing against the principle. My comment isn't intended to pass judgement on the accuracy of this reporting or the accuracy of the rebuttal.


>since otherwise all we get is "fake news" and lynch mobs, which just polarises the population and helps nobody.

Perhaps, but one difference I see is that lynch mobs target disempowered individuals who can't defend themselves against the mob, usually people who were already very low on society's totem pole.

What's anyone going to do to Microsoft? They've been rightfully criticized for all kinds of bad behavior for decades now, and they're still hugely profitable. People have known about the spyware issues in Windows 10 for ages now, but it isn't stopping them from using it.


Microsoft isn't the only one negatively affected by false news. The consumer of the information is also negatively affected. Security workers need accurate information, not Outrage of the Day junk. It might turn out that the concerns raised in the article are valid but they don't have enough evidence at this time to raise those concerns. It just adds noise for the consumer of the information has to deal with. I don't really care about Microsoft somehow getting harmed. I do care about the IT worker whose job it is to protect their company's systems from security exploits. Dumping low quality possibly false information on them makes securing their systems more difficult. That's the real harm.


It's not about "defending a company". That's the wrong way of looking at it. It's about HN not reporting on "..an article, about a blog post, about a random comment..." as if it's facts. Until otherwise demonstrated, this is a non-story. If it turns out to be true, I'll be the first person to say "yeah, same old same old" but no-one's put the work in yet.

blub 42 days ago [flagged]

The article author tried to contact MS and checked themselves that the files are part of the update.

Furthermore, the user Someone1234 has been defending telemetry on HN for years, often ignoring two important facts:

* telemetry was invasive and non-transparent, but got toned down because of the backlash. They always refer to the current state and pretend that people are paranoid and exaggerate.

* MS used many dark patterns when rolling this out, essentially getting into an arms race with the customers that wanted to disable telemetry.


Please don't cross into personal attack in comments here. I'm sure you can make your substantive points without that.

https://news.ycombinator.com/newsguidelines.html


Pointing something out about somebody's comment history is not an "attack".

There are many HN users which repeatedly defend dark patterns and the nasty practices of companies and then don't reply or ignore counter-arguments.

It would seem to me that HN should be more concerned with those situations, than those that point the above out in a rather benign way.


> Pointing something out about somebody's comment history is not an "attack".

That's certainly true in general. For example, if I post "Hey, I noticed that you've posted a lot about APL. Did you ever work with it professionally?", that's not a personal attack. But the pattern here was more specific than that. If you single someone out by name and insinuate bad faith in their comment history, that pattern-matches closely to the online calling-out and shaming culture. We want to avoid that culture here: its spirit is aggressive, we want HN's spirit to be collegial, and one can't have both. When we post moderation comments like I did above, we're always looking at the effect something has on the site as a whole. The calling-out culture is contagious because people are so used to it elsewhere.

It's perfectly natural for someone who disagrees with your view to have various comments in their history expressing that. The way to answer this is with better arguments, not by naming and shaming.

If you say that your intent wasn't to shame or insinuate, I believe you, but that's only a necessary condition for posting here, not a sufficient one. If your post pattern-matches to a standard way people do that on the internet, then readers will interpret you that way (like I did above) even if you intended otherwise, and the effect on the community will be just as bad. In such cases, the burden is on the commenter to make their benign intent explicit and disambiguate from the default pattern.


Thank you very much, now I don't have to answer anymore. Have a good day :)


>>We don't know if this is a security update or not.

What are you implying, go to the link in the article and find how it is described: https://support.microsoft.com/en-us/help/4507456/windows-7-u...


Because how something is described is always exactly what it is, that's why we are always told to judge books by their covers...

That page doesn't state what security matters the update address, nor does the page it links to (directly, maybe the information is there with more digging, but if I'm given a link on the pretext that it shows something I expect it to show that thing without needing to dig).

> What are you implying,

I'm not the OP, but I think what is being implied is fairly obvious: that the patch exists purely as a way to get the telemetry stuff installed and had no real security addressing content.

I very much doubt that is the case though, it is something that would not surprise me from the MS of old but they are at very least more clever these days and would not risk the resulting furory.


Problem is that those files previously exist on Windows 7 as part of CEIP

Were they there from the beginning? If not, which update(s) first added them? I doubt they were, because I clearly remember all the telemetry being in the news starting with Win10 and plenty of people refusing to upgrade to 10 because of it.

Even if it's a security update to CEIP, I don't think it should be offered to those who didn't install the original version of it.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: