undefined | Better HN

0 pointstgragnato8y ago0 comments

Critical systems should not have installed an operating system that collects metadata on virtually anything the user does: telemetry. https://arstechnica.com/information-technology/2017/04/micro... (Privacy)

Especially if the company that develops the os in question shows a track like this one: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=microsoft+w.... (Security)

I also wonder how long it will take before the shiny new anti-piracy instruments will be abused by a member of the intelligence community, a low-level politician or perhaps embedded into desktop OSes. http://pimg-fpiw.uspto.gov/fdd/50/148/096/0.pdf (You are not the owner of your files)

It's always easy to accuse the user rather than who exploited the vulnerability in the first place or who does not backport security patches when users obviously do not like the new versions of a software. - https://www.netmarketshare.com/operating-system-market-share... - https://www.extremetech.com/computing/227693-windows-drops-b...

Frankly speaking, Microsoft has gone too far into abuse, lock-ins and presumptions.

As a personal comment, I have an old Windows 7 laptop I use with some win32 software, I do not have the slightest intention of upgrading to Windows 10 (not for laziness or hubris, but because IMO the product is not worth the price). And if it was a critical system, than Microsoft Windows would not really be considered among the options.

0 comments

pwthornton8y ago

I'm not advocating for using Windows for critical systems that store tons of user data, but I am advocating that if you do use it, you should use versions that are still supported and make sure you patch it ASAP.

But should Microsoft be expected to back port patches to old OSes in perpetuity?

tgragnatoOP8y ago

Oh that's fair, if a product is unsupported, use it air-gapped or at least in a reasonably controlled environment...

Again, pretending and forcing upgrades is not the solution. The practise perpetrated by Microsoft has been described again and again as an "aggressive effort to push upgrades". https://www.theguardian.com/technology/2016/mar/15/windows-1...

The issue is not the upgrade per se, but the "imperfection" of the upgrade process (wanted euphemism) and the fact that many consider W10 a worse os if compared to W7.

Otherwise nobody would complain.

pwthornton8y ago

I would personally use an enterprise Linux distro for something like health records and other critical data, but you can Windows 10 similar to how you use Windows 7, and it's a faster OS. You just need to spend some time to get your settings in place.

I was in the same camp of you as Windows 10 vs 7 until I saw how much Windows 10 sped up an old machine of mine.

yuhong8y ago

Critical systems that require long term support is what Win10 Enterprise LTSB was designed for, which you get with Software Assurance.

tgragnatoOP8y ago

Microsoft Software Assurance is something very distant from real SwA.

> https://www.microsoft.com/en-us/licensing/licensing-programs...

> https://en.wikipedia.org/wiki/Software_assurance

Users don't want to upgrade, many I know would rather use linux or macs. Microsoft should acknowledge the thing and fix what's wrong. IT departments these days are trying to convince the people they work with.

OS editions

- 10: Home [wipb + cb], Pro [wipb + cb + cbb], Education [wipb + cb + cbb], Enterprise [wipb + cb + cbb], Enterprise LTSB [ltsb], S

- 8: Core, Pro, Enterprise, RT

- 7: Starter, Home Basic, Home Premium, Professional, Ultimate, Enterprise

- Debian: unstable, testing, stable, old-stable

- macOS: developers beta, public beta, released

- BSDs: current, stable, release, old-release

I am unsure if the Windows mess can be considered a "naming scheme", the single thing I have very clear is that there's something terribly broken (maybe the whole marketing fuss thing).

yuhong8y ago

Win10 also has an insider program too.

1 more reply

mst8y ago

> Critical systems should not have installed an operating system that collects metadata on virtually anything the user does

Thing is, the more of that data they have, the more likely they are to prioritise testing those use cases.

So it's a trade-off - do you want telemetry, or do you want a higher risk of bugs - you have to pick one.

tgragnatoOP8y ago

Just to mention two alternative ways to get data: bug reports, product feedbacks. You can ask for logs, system diagnostics, backtraces... One may have less data, but probably of a superior quality.

Outsmarting sysadmins, developers and users is not the first need.

If one is not gathering enough data because many are not able to find the tools and/or the website for the reports, that's a usability issue and that is what should be solved.

I seriously think telemetry is the wrong solution for the matter.

j / k navigate · click thread line to collapse

0 pointstgragnato8y ago0 comments

Especially if the company that develops the os in question shows a track like this one: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=microsoft+w.... (Security)

Frankly speaking, Microsoft has gone too far into abuse, lock-ins and presumptions.

0 comments

pwthornton8y ago

But should Microsoft be expected to back port patches to old OSes in perpetuity?

tgragnatoOP8y ago

Oh that's fair, if a product is unsupported, use it air-gapped or at least in a reasonably controlled environment...

The issue is not the upgrade per se, but the "imperfection" of the upgrade process (wanted euphemism) and the fact that many consider W10 a worse os if compared to W7.

Otherwise nobody would complain.

pwthornton8y ago

I was in the same camp of you as Windows 10 vs 7 until I saw how much Windows 10 sped up an old machine of mine.

yuhong8y ago

Critical systems that require long term support is what Win10 Enterprise LTSB was designed for, which you get with Software Assurance.

tgragnatoOP8y ago

Microsoft Software Assurance is something very distant from real SwA.

> https://www.microsoft.com/en-us/licensing/licensing-programs...

> https://en.wikipedia.org/wiki/Software_assurance

OS editions

- 10: Home [wipb + cb], Pro [wipb + cb + cbb], Education [wipb + cb + cbb], Enterprise [wipb + cb + cbb], Enterprise LTSB [ltsb], S

- 8: Core, Pro, Enterprise, RT

- 7: Starter, Home Basic, Home Premium, Professional, Ultimate, Enterprise

- Debian: unstable, testing, stable, old-stable

- macOS: developers beta, public beta, released

- BSDs: current, stable, release, old-release

I am unsure if the Windows mess can be considered a "naming scheme", the single thing I have very clear is that there's something terribly broken (maybe the whole marketing fuss thing).

yuhong8y ago

Win10 also has an insider program too.

1 more reply

mst8y ago

> Critical systems should not have installed an operating system that collects metadata on virtually anything the user does

Thing is, the more of that data they have, the more likely they are to prioritise testing those use cases.

So it's a trade-off - do you want telemetry, or do you want a higher risk of bugs - you have to pick one.

tgragnatoOP8y ago

Just to mention two alternative ways to get data: bug reports, product feedbacks. You can ask for logs, system diagnostics, backtraces... One may have less data, but probably of a superior quality.

Outsmarting sysadmins, developers and users is not the first need.

If one is not gathering enough data because many are not able to find the tools and/or the website for the reports, that's a usability issue and that is what should be solved.

I seriously think telemetry is the wrong solution for the matter.

j / k navigate · click thread line to collapse