As Microsoft touts Windows Insider for biz, let's take a look at W10's broken 2FA logins For months now, the Windows 10 Anniversary Update has broken two-factor logins using certain smart cards – and Microsoft has refused to discuss it. According to Reg readers writing in, and W10 users on support forums, folks who have Yubikey two-factor authentication gadgets have been hitting frustrating error messages when …
Anyone who's business relies on this unfinished OS with its ever changing forced updates, is in for a world of pain. Pick an OS, make your applications work with it, don't change until something demonstrably better comes along.
I say this as somebody operating stacks of Linux boxes so don't think I'm being obtuse or aything but:
Welcome to Linux.. wait nope. Welcome to BSD.. wait nope.. Welcome to Apple OS-whatever-we're-calling-it-today.. wait nope.
Welcome to HP-UX? Not many options for your worldview. Actually I don't think there's any. OSes change because technology changes. If you want to get off the train you're going to lose support for new hardware and end up with broken crypto stacks like those nutties still on XP.
"those nutties still on XP"
Let's way you have a big piece of kit, something expensive and medical, something expensive and industrial - whatever. That kit is an integral part of whatever your employer does. It would cost hundreds of thousands or upwards of whatever currency units you work in to replace and there's no money in CAPEX for several years. It's controlled by a PC using proprietary S/W and protocols connecting PC and machine together. That proprietary S/W only runs on XP, or is only certified to run on XP and regulatory considerations mean you have to follow the certification.
Are you a nutty if you (a) continue to run on XP, (b) scrap a hugely expensive piece of kit and discontinue the service it provided or (c) consider users in this situation who continue running XP to be nutties?
I know how I'd answer that question.
That kit is an integral part of whatever your employer does. It would cost hundreds of thousands or upwards of whatever currency units you work in to replace and there's no money in CAPEX for several years. It's controlled by a PC using proprietary S/W and protocols connecting PC and machine together. That proprietary S/W only runs on XP, or is only certified to run on XP and regulatory considerations mean you have to follow the certification.
Are you a nutty if you (a) continue to run on XP, (b) scrap a hugely expensive piece of kit and discontinue the service it provided or (c) consider users in this situation who continue running XP to be nutties?
I know how I'd answer that question.
I would say you didn't do your due diligence when you bought and probably should be doing this technology thing. Next!
You've not heard of LTS builds for Linux?
Microsoft supports compatible stable platforms far longer than any Linux distro ever has which is circular to see above and also you're still screwed when that LTS support ends, hell Ubuntu is already killing off 14.04. Orignal point still stands you're either on the code changes train or you're running old broken things (gl with the whole new ciphers thing in OpenSSL). Next!
This way people do tech business isn't compatible with code realities, is I guess my main issue.
I say this as somebody operating stacks of Linux boxes so don't think I'm being obtuse or aything but:
Welcome to Linux.. wait nope. Welcome to BSD.. wait nope.. Welcome to Apple OS-whatever-we're-calling-it-today.. wait nope.
As I've said many time before, your choice depends on just how secure you want it to be (more accurately, how much risk you want o be exposed to and how much you can cover with insurance) and how much effort you have to put in to arrive at that point and then maintain it.
From a security perspective, Windows is never going to rank as a first choice (nor from a TCO angle), but that position then gets modified by business requirements and friendly chats on the golf course.
The problem with these big IT companies like in Microsofts case, is the brains that made Windows, Office, SQL Server etc have long since gone, you have newbies looking after the code. This is what you get when accountants run a company to maximse profits, it makes a quick buck then turns out nothing worth talking about in years to come and ends up just trading on its name, as IBM have so eloquently demonstrated.
From the linked MSTN article: "This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today."
Since when has Microsoft worried about randomly borking machines of "a small number of users" with Windows update, especially when Windows 10 users are forced to take Alpha level patches?
My translation, "We've been fire fighting this problem for several weeks now but we couldn't resolve it before this month's patch Tuesday. The techies and coders tried their best despite bosses screaming at them while pulling various all nighters and now really need some sleep. Since this bug will fuck up everyone's Windows machine beyond sane recovery, without exception. When that happens it'll make previous Windows Update SNAFUs look like a picnic."
The problem with these big IT companies like in Microsofts case, is the brains that made Windows, Office, SQL Server etc have long since gone, you have newbies looking after the code.
This is true.
This is what you get when accountants run a company to maximse profits...
Well, yes, probably ... but in the case of Windows it's because the system has been around for so long that most of the people who worked on it in the early days have retired or even died.
Dave Cutler (wikipedia link) is 74. He still has a position at Microsoft but I doubt it is full-time, and I doubt he does much maintenance work on the NT codebase any more!
It's inevitable that there will come a time when any mature codebase will have to be maintained by people other than the original design team, who may not be fully in-tune with the design methods and goals of that original team. There may or may not be documentation to help them, they may or may not read it if there is, and it may or may not actually help if they do (yes, I've worked on software projects in the real world).
Even without that problem, code gathers cruft. Bug fixes and added features change the structure of the original code, which may or may not have been clean to begin with. Maintenance gets harder, not easier, as time goes on, bugs slip in unnoticed, and quality falls further.
Meanwhile, advances occur in our understanding of the software process. New tools and languages are developed that make it easier to develop software that is robust, efficient and safe. There comes a time to throw out the bathwater and the bath (the baby has long-since grown up) and start again.
Conventional wisdom tells us that rewriting an existing product never pays, but this view overlooks the high interest rate on technical debt. If you can't let go of a dying codebase you'll lose market share to a competitor whose code is cheaper to maintain (for whatever reason).
Forgive the desultory rambling ... it must be Thursday ... I never could get the hang of Thursdays.
"Even without that problem, code gathers cruft. Bug fixes and added features change the structure of the original code, which may or may not have been clean to begin with. Maintenance gets harder, not easier, as time goes on, bugs slip in unnoticed, and quality falls further."
Which is a sign of very poor design - a lack of modularity to start with, a lack of will to follow through, and a refusal to FIX THE PROBLEM.
"Meanwhile, advances occur in our understanding of the software process."
as well as a complete 'about face' and 'forward march' over the cliff (read: [FR]Agile)
Upvote for the rest. just wanted to snark about the *kinds* of bureaucratic B.S. are likely to be stifling workflow within the Halls of Redmond.
Keep in mind that 32-bit Windows (and NT specifically) were most likely designed by the architect of VMS (you know, HAL is to IBM as VMS is to WNT) that went to work for Micro-shaft back in the 90's. And so THAT kind of experience came from a time where 'top down' design was THE way to do things, and NOT an overly-object-oriented bass-ackwards way of doing *EVERYTHING* (like ".Not" for example).
I can see the potential of excessive 'unit tests' of trivial functionality (while missing the big picture test of overall usability), the endless SCRUM meetings where "junior guy" gets equal time for whatever half-baked ideas he has (reflecting inexperience), and the other "usual suspects" that have NOTHING to do with getting high quality product shipped before a customer EVER sees it. "Analysis Paralysis" and the usual outcomes of running over the cliff at full speed while doing something that's incredibly DUMB, with smiling faces and positive attitudes and gung-ho advertising/marketing to go with it.
'Cultural Rot' in other words (only in THIS case, the culture of successful software development). Perhaps it's time for Micro-Shaft to "drain the swamp" ???
Did you look at the amount of issues fixed? See https://support.microsoft.com/en-us/help/4011347/windows-10-update-kb3216755
Ma favourite one is:
"Addressed issue that prevents the use of the Delete Browsing History feature in Internet Explore"
Evidently, someone at MS should have believed it would have been easier to telemetry it if you can't delete it <G>.
But it looks this "hofixes" are cumulative.
I am not about to "upgrade" to Windows 10 Professional 64bit & *lose* all of the functionality I expect from a *Professional* grade operating system.<br>
Can I restrict the telemetry to none at all? Can I get single issue single file individual updates for specific issues, or am I forced to download & apply a single massive blob that will fix/break things I don't need, may not even have installed, & can't test against to make sure the updates don't crash something important? Can I defer/reject updates that others have already reported break things until/unless MS fixes the fix that breaks functionality?<br>
Because if the answer is no then that's my answer to any "upgrade" to Windows 10.<br>
I've got too much shit to do to spend it getting migraines putting out fires caused by the Windows 10 one size fits all form of updates.<br>
Time Is Money, I'll not be wasting either of those resources to deal with Windows 10.
The only difference between windows 7 and windows 10 out of those complaints is the telemetry, the others have been migrated to windows 7 also, hence there are no updates for windows 7 this month just like 10. The only Microsoft OS still supported that you can do all that is vista. I am sure you don't want to move to that.
These well-known and aggravating issues coupled with Slurp's "Who me?" attitude should make any competent or semi-competent company avoid it forever. Companies and professionals depend on their computers to work reliably every day and for vendors to actually take care of their customers. Slurp does not seem to care about any customer's needs.
Too late. Oracle and HPE are fighting over that job. I guess there is nothing left but for MS to start selling Houses.
Too bad that their descriptions will make them all look like a TARDIS, bigger inside than out. And the EULA will give them a legal escape from any lawsuits.
Yep, sounds like a perfect fit for the MS of the future.
Because WTF should we spend money testing our code when you can do it for free (to us)?
Does it need to be said any outfit looking to buy into this should set aside separate machines to be contaminated with this and a full regression test list so the stuff staff really need (like this key for example) goes on working ?
It seems as if MS marketing needs to get right back to basics: find out what the market wants and needs from an OS and then tell the business to produce that. The alternative function of telling the market that what it wants and needs is the particular crock the business has actually produced is going to work less and less well.
Nevertheless the astroturfers will probably be along here any time now to tell us how wonderful it is and downvote anyone who says otherwise.
"The Windows Insider Program recognizes IT Professionals as a critical asset to any organization," purrs Microsoft in its pitch to the industry.
The question is: Are you now an asset to your company or to MS?
The way I see it is that Microsoft have a devised a cunning plan to use your company and its staff as alpha and beta testers at no cost to themselves.
Nice for MS if they can pull this off!
Interesting set of arguments here. It all gets a little philosophical at this point: what is an OS for? There are people who run small businesses who need something that works and doesn't need much maintenance. There are people who run enterprises who need something stable that can be maintained in a consistent way. There are people who've bought expensive medical equipment that can't just be replaced on a whim. There are home users who want the very latest systems and there are home users who just want something that works. All fairly different requirements, and yet we are all expected to use the same shitty OS that Microsoft provides. Why? True, it's changing now in that we have android tablets, iOS tablets and MACos laptops. And linux. But nobody seems to use the right OS for the job. An expensive MRI scanner might use Windows XP. Wrong! A small business uses Windows 7 and office 2003. Wrong! A home user uses an android tablet but she can't print her holiday booking form on her 10 year old printer. Wrong! A single mother looking after four children tries to juggle her life on an iPhone 4 that was absolutely fine and dandy five years ago but now won't receive texts from her daughter. Wrong!
There are so many use cases that just don't work any more. The one thing in common with all these things that don't work quite right is that nobody expects the level of maintenance they require.
@anthonyhegedus
I think there's something in common in all these. People need an OS to just work and just keep working. They want it to be secure - and that includes not being snooped on by the vendor
The claimed rationale behind W10 actually fits the first of these: rolling updates to accommodate new H/W, fix bugs and occasionally meet new requirements and standards in IT.
What's not good is the implementation The initial release should have been fit for purpose and updates should have maintained this status. There is plenty of evidence that that isn't so.
The idea of giving feedback from users about performance as an aid to this is reasonable. Again the implementation isn't; if I have a KDE application crash, for instance, I can choose to have it send a crash report, if I'm using Debian I can choose to let my installation participate in popcon. And then there's the appalling privacy policy of W10.
Most people look for the right *application* for the job - the OS may be just a forced choice
An MRI scanner may have used Windows because developing an UI in Linux back then could have been a real pain in the ass. A small business may have used Office because that was they were being using for years. It's always difficult to foresee the future - i.e. the driver model of Windows changed, PC didn't support ISA/PCI card any longer, someone at MS invented ribbons...
"An MRI scanner may have used Windows because developing an UI in Linux back then could have been a real pain in the ass"
Well it's years since I did any lab work (~2000) but at the time our robotic mass-spectrometer and superconducting NMR machines all ran on Solaris complete with pretty GUI.
A couple of years later we were taking delivery of Dell workstations (replacing SG) to do computational chemistry, protein modelling and 3D graphics( liquid xtal spectacles) and yes they all ran Red Hat/Gnome and even our in-house programmer was producing high quality GUI software. We tried porting some stuff to W2000 but it generally broke, usually in the night or over the weekend - some of the protein modelling software ran at ~100% CPU on the dual Xeons for days/weeks even.
my biggest complaint about most of the 2FA solutions out there is they are a pain... either I have to insert a USB device (find my keyring, plug it in, use it, try not to forget it!) or type in a secret code that expired 1 second before I hit enter!
when I say some of the yubikeys supported NFC I thought for one moment they'd solved both the clumsy USB plugging in problem and being able to support iOS/Android devices ... but nope. Most PCs don't seem to support NFC readers yet and while most smartphones can use NFC it's not integrated into the unlock process or developers aren't using it to support unlock
when you look at some of the crazy 2FA login schemes out there (First Direct I'm looking at you) there's a lot of frustration to be removed by whoever comes up with a good solution first...
"Meanwhile, Redmond has kicked February's Patch Tuesday into next month: any bug fixes due to be released and installed this week will be rolled into patches released on March 14."
Mine for Win10 home got auto-stuffed onto my machine along with the auto-lose-everything-you're-working-on-reboot early morning yesterday.
it's all Google's fault (in the event that blaming it on Gospodin Putin doesn't cover it)....
Henri
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
