* Posts by arobertson1

29 publicly visible posts • joined 11 Dec 2014

UK admits 'spy clause' can't be used for scanning encrypted chat – it's not 'feasible'

arobertson1

Smoke and Mirrors!

You do not need to crack the encryption or read it in transit - you merely need to know the phone number and use SS7 to gain access to the phone. Once you have access you can just read the messages in plain text as the phone has the keys to decrypt the messages.

All phones are back-doored - if the phone can do it, then they can do it. No amount of encryption, firewalls, permissions, domain blocking etc. will stop this. Your messaging apps, social media, SMS, contacts and photos etc. are all easily viewed remotely. Why exactly do you need to break the encryption in transit?

Sim Toolkit exists even with eSIM’s, and combined with S@T Browser has access to your phone. Compatibility Test Suite can download “updates” to your phone and modify the phone temporarily in order to gain access. The same is true with the Dynamic System Installation Service. Managed Provisioning can remote control the phone. Maybe Opportunistic Network Services could connect your phone with my phone for access, or perhaps a buffer overflow bug in MMS could trigger code execution. Perhaps you use a predictive text service that checks the spelling by sending everything you type to a remote server to be “spell checked”. Or maybe you just use plain old WAP from yester-year which still exists today to modify ring tones on your phone or more likely install apk’s or shell code. Or maybe just push an “update” specifically for your phone over the air. I mean nobody is going to take the digital signal processor, pipe it to netcat going to a server and listen in on the phone, are they? What, even when your not using it? While you’re at it you might use the Easter Egg apk to modify the system permissions and send the print spooler all those supposedly encrypted files to an online “print service”.

This is all smoke and mirrors much like you having to download an app that uses bluetooth to determine whether someone with covid was too close to you for an extended period of time. The phone companies already store all the data with triangulation - there was no need for a covid app, but that would bring too much attention to the data being collected on you every day. How do you think you can make uninterrupted phone calls while travelling - you’re connected to several towers at the same time and the strongest signal is selected. This allows accurate triangulation down to a square metre. See - no covid app was required, just like breaking end to end encryption isn’t required either. All your phones are open books in many, many ways.

Will Flatpak and Snap replace desktop Linux native apps?

arobertson1

Snaps and Flatpaks are a bloated security nightmare

Okay, first off, could somebody peel two different coloured stickers off a Rubik’s Cube, swap them, jumble it up, and give it to all the KDE users. That should keep them busy for a while. Next tell all the GNOME devs that Pop!_OS has themed the window title bars in a really cool way. That should keep them busy too. Right, now the silent majority can get a word in edgeways…

Snap and Flatpak are the worst ever idea that has come to Linux in a long time. The idea of wrapping an operating system around an app and distributing it as a binary blob is stupid. It might work for the server market, but on desktop it’s just slow and bloated.

Take OBS Studio, on Fedora (RPM Fusion) the download size is a mere 7.6Mb and the installation size is 25Mb. The Flatpak is a whopping 198Mb download and a 520Mb installation size. So that’s a staggering 26 RPM’s to just 1 Flatpak in download size, and an unbelievable 20 times in size on your hard disk! Really?

In a world that’s becoming more energy conscious, how can this be better for the environment if you are doing twenty times more disk reads just to load the application? What about all the e-waste as you throw out all the (now) junked computers. Wasn’t Linux meant to support older computers? What about your poor SSD now wearing out at twenty times faster?

As for security, what’s going to happen when the next Heartbleed comes along and that TLS library embedded inside that Flatpak is vulnerable. Are the devs who created the software going to update it? Maybe, maybe not. There are no guarantees on this. Will Flathub or Canonical’s Snaps remove the app due to the vulnerability? Will they leave it for a while until the dev updates the library that’s vulnerable? Will they just ignore the problem completely?

Then, there’s containment... If there’s anything I’ve learned in forty years of computing, it’s to accept the fact that nothing is 100% secure. Here is a quote from O’Reilly’s Java in a nutshell, “Another layer of security protection is commonly referred to as the “sandbox model”: untrusted code is placed in a “sandbox”,” where it can play safely, without doing any damage to the “real world,” or full Java environment.” Oh the optimism of 1997! Also, what a load of crap! How many Java sandbox escapes have there been? How many virtualised hosts have been popped? How many AppArmor failures? And... How many “immutable operating system” failures will there be?

You see, if you are going to run potentially vulnerable code in an “immutable operating system” then you better make sure that it really is immutable. Unlike say these Snapd CVE’s from only four months ago as I write: CVE-2021-44731, CVE-2021-44730, CVE-2021-4120, CVE-2021-3155. You have everything from privilege escalation to snap confinement escape. Are you sure that app can’t escape it’s confinement?

If you look at the current system with RPM or Deb, then the vulnerable library would get upgraded with the system updates. In a lot of cases the software that uses the library wouldn’t even know, and if it did break some software then the devs would have to update their own software otherwise it would be perpetually broken. Either way the vulnerability goes away.

To be perfectly honest, I would rather run ChromeOS than Linux using containerisation - far more choice with far better support. Not looking forward to the absence of GPL apps, mandatory anti-virus software, endless permissions maze, and paid calculator apps in the Store though... Oh wait, that’s Linux hubstore in the future too!

University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired

arobertson1

Time for an Audit?

So the assumption being that it's open source so everyone can read the code, so there's no point in checking it / hey what the heck, it's Friday syndrome, let's go / it's from a Uni, it's probably fine. This happened with Netgate and Wireguard which nearly ended up in BSD. It's also not the first time that something dubious has sneaked in - Canonical found that out with crypto miners being sneaked into snaps. Thank goodness they have an Ubuntu Security Team...

I think we have to face facts that this is going to become more of a problem with time and, yes, you're going to have to check the code prior to it being released. You could use automation to a certain degree but in reality it's an independent audit that's going to minimise this.

The bigger question should be how many commits have sneaked through without anyone noticing? Kind of like the sudo privilege escalation vulnerability that sat there for years. Accident / intentional, does it matter? I would imagine some of the best backdoors would come with a healthy dose of plausible deniability.

Privacy activist Max Schrems claims Google Advertising ID on Android is unlawful, files complaint in France

arobertson1

This is so Googlish...

I don’t think anyone cares about the share holders and to be honest I’m not sure that argument would stand up if you replaced Google with [tobacco company] share holders - nobody would care about those share holders if tobacco was made illegal overnight.

As for Android, let’s not forget that Google bought Android in 2005 - prior to that it was just an open source project. The fact that the name Android has become synonymous with Google is only because the Google apps come pre-installed with Android and people are used to it. You can actually use Lineage where there are no Google apps and it still runs on Android. In other words Google modified it to suit themselves. The same is true with ChromeOS - it’s Gentoo Linux with Google modifications on top. Then there’s DoubleClick, again acquired by Google in 2008. Are you starting to see a common theme?

Google has deliberately inserted itself between internet users and the content providers in a very manipulated attempt to try and extract (a lot) of money out of people using the internet and those supplying content, services and products, and yet it doesn’t have to be this way... There are alternatives if you care to think them through:

Have you ever tried to block ads using DNS with Youtube? Good luck - it won’t work. Why? Because they are supplying the ads on their own servers. In order to block the ads you would also end up blocking Youtube content which defeats the purpose (if you use DNS blocking). The reason why it works with other websites using DNS is because those other websites use content from external advertising servers, and if you block those ad servers then it does not also block the main content of their website. In other words if the people who host websites used their own ads from their own website then DNS blocking would fail to work. This also has the added advantage that you’re not being tracked from website to website which also addresses the privacy issues that the current model of advertising Google has. It’s not the ads that are wrong, it’s the tracking between sites that’s wrong. This would also cut Google out of the advertising model which is why they oppose it strongly, however it would make for a better, safer, and more private internet. Content providers would also have to become responsible for the ads they were showing - no more third party finger pointing.

So how would Google make their money? Well, let’s look at the chain: Your laptop / phone -> your ISP / phone carrier -> Google -> content websites. Clearly welding extra money on phones for development of Android isn’t going to be favourable with users, and if websites are hosting their own ad’s then Google wouldn’t make money, so... Your ISP or phone carrier could pay a percentage of how much they charge the end user for Google services (and other companies) based on usage. What’s wrong with that? That way the phone manufacturer gets paid, the ISP / carrier gets paid, Google gets paid, content providers get paid and more importantly we get to keep our privacy. It would cost more but I consider this a price worth paying if I don’t end up with the metaphorical equivalent of the creepy dude down the road following me around everywhere or coming home to find them rummaging through my underwear drawer and cataloguing it!

Okay I realise this is a simplistic model and there are probably anomalies all over the place, but surely it has to be better than the tracking / spying / phishing / malware / badware / ransomware / malicious / spam / annoying / crypto mining / porn / privacy invading ads that we have today?

Radio gaga: Techies fear EU directive to stop RF device tinkering will do more harm than good

arobertson1

How about a law that forces manufacturers to support their products for a mandatory period of time and to fix vulnerabilities within a timely manner to a satisfactory standard?

How about a law that ensures there are no backdoors and their equipment is not vulnerable to Krack, or Broadpwn, or the BeEF Metasploit network, or mDNS / DNLA packet flooding?

What about a law that forces the manufacturers to have a minimum level of security like changing admin, admin login, disabling WPS, default WiFi passwords which aren't Numpty1 or Dummy1234?

How about a law which criminalises the crippling of routers so that you cannot use all the features?

Aren't these the reasons why people use third party firmware in the first place?

Maybe if they sorted out their shoddy kak then people wouldn't choose third party firmware. It's a bit like saying people are choosing to cook their own meals as the restaurant food is so revolting that nobody wants to eat it, so let's pass a law forcing everyone to eat it.

P.S. Anyone want a free "Super Router"? I could always find another door stop.

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

arobertson1

Re: BBC Micro's FRAK! did a better job of encryption back in 1984.

Clever, but not immune from tape to tape. Didn't Unlock2 also crack this? Obfuscation is one thing, but true encryption without any dodgy TPM's is the only way that might stop hackers. I wonder if phone encryption works the same way? Hmmm... Memory dump + virtual phone + modified virtual firmware...

Microsoft gives users options for Office data slurpage – Basic or Full

arobertson1

Re: @Herring`- "is there a chance of any document data being sent to MS?"

I'm using Fedora Cinnamon too. Rock solid - only added Gnome Terminal as Cinnamon expects this and also Gnome Software Center which makes it easier to find software.

Can't say I'm really surprised from Microsoft - so much for "Gmail Man" or "Scroogled". I stopped using Microsoft products years ago because of the data collection. LibreOffice works just as well - I have yet to find an incompatibility with Microsoft Office providing you install the MS core fonts in Linux.

Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

arobertson1

Ha, Ha, Ha. You made me laugh. I thought this was a wind up then I realised you're deadly serious! Oh well, you can't please everyone. Still, very funny though... lol. Stay off the disco biscuits!!

arobertson1

The details that I was curious about include the cipher used (hopefully not RC4), the key length and also (more importantly) what happens when the encrypted DNS request fails - does it just default to ordinary DNS? If so, then surely this could become a downgrade attack? How would the user be made aware of this in a meaningful way without inducing panic or for that matter not resolving any web page at all - that's a tricky one for Mozilla.

arobertson1

I’m a self proclaimed security and privacy nut job - I have never trusted DNS as it’s too easily manipulated and tampered with. Currently I use DNSCrypt and DNSSEC. DNSCrypt resolves with OpenDNS and is now owned by Cisco. Since Firefox 57 DNSSEC has stopped working as it was an addon and an extension was never developed for Quantum. However, DNSSEC is still working with Opera Developer.

I don’t have a problem with Cisco knowing all the websites that I visit as I’m not expecting DNSCrypt or DNSSEC to offer anonymity - use Tor if you require anonymity. There is *no difference* between using your ISP’s DNS resolver or Google or OpenDNS or Cloudflare - at the end of the day they can see which websites you have visited.

Where DNSCrypt and DNSSEC become useful is:

1) It’s encrypted! Ordinary DNS is not. This prevents simple network traffic sniffing. How many times do you think your local coffee shop has had someone sniff the traffic? And if your DNS requests are not encrypted... Well they at least know which websites your device is accessing - kind of makes it easier to use social engineering attacks if they know which bank you use wouldn’t you say?

2) It stops your ISP from auto logging your web usage and selling it to advertisers. Regardless of whether you pay for the service or not they are selling your usage details to 3rd parties with or without your knowledge. If on the other hand all that appears is DNS resolver blah, blah, blah Cloudflare then it’s not much use to them. Bear in mind your ISP also knows your phone number, email address, physical address, your bank / card details, you date of birth etc. An alternative DNS provider only knows your IP address.

3) It prevents man in the middle attacks and cross site forgeries. If you cannot break the encryption then you cannot inject code - currently there is nothing to stop this with ordinary DNS.

4) It stops ISP’s from injecting code - such as advertising and tracking (particularly mobile). It was not that long ago that “Super Cookies” were used which tracked all users. Encrypted DNS stops this.

5) Cisco / OpenDNS actively block bad web sites at source and will not resolve them preventing malware attacks. Isn’t it far more useful to prevent malware at the source rather than having antivirus software try to deal with it after it has downloaded?

6) DNSSEC helps to prevent cache poisoning and because it relies on digital signatures it can tell whether a DNS entry has been spoofed. It is an excellent way to detect whether you are actually at the genuine website or not - you will be surprised just how many websites are using cached versions rather than the real website. This prevents login credentials from being stolen.

Although they will not protect your privacy, the above reasons are so useful that I have often wished that DNSCrypt and DNSSEC were baked into the browser.

Am I bothered about Cloudflare gathering this data from Mozilla Firefox - not really as *DNS has never been anonymous nor will it ever be*. Use Tor if you want that.

As ever the devil is in the detail, but if Mozilla would care to outline how they are implementing this and if this looks like a combination of DNSCrypt / DNSSEC all rolled into one then I personally will be using it, as the security benefits are massive - this technology could be used to prevent DDoS attacks, stop malware, prevent man in the middle attacks, verify genuine websites, prevent phishing, stop credential theft, prevent cross site scripting… Why wouldn’t you want that? It’s been a long time coming and DNS definitely needs improving - kudos to Mozilla for leading the way and I would expect Google will follow shortly and do the same with Chrome too.

Google ships WannaCrypt for Android, disguised as Samba app

arobertson1

I don't know what all the fuss is all about

Go into settings, about phone, tap the build number until developer options are enabled

Go into developer options and under "PwnMyPhone"

Untick "Enable Googlebot Private Network Traversal"

It's right next to "Mask Telnet" and "Index My Pics"

Microsoft Germany says Windows 7 already unfit for business users

arobertson1

@Lotus Primus Secundus Tertius

You're right, I don't have MS Access. However, I also don't have Altos Adventure, Asphalt 8 Airborne, Candy Crush Soda Saga, Farmville Country Escape, Minecraft, Royal Revolt 2, Snapfish, TuneIn Radio.... or any other crap installed without my consent either. I think I prefer the Linux "child's effort" over the Windows "child's effort". If I want a games machine, I'll buy an Xbox.

arobertson1

I seriously couldn't care less about Windows now - I've been using Linux pretty much all the time for over a year. It's got to the stage where I have forgotten what's it's like to have the OS crap out on me / piss about with something until it works. Heck, I even have free time at the weekends! Windows 10 is the death of Microsoft - never going back now. Why did I ever put up with all their shoddy software in the first place?

Raspberry Pi Foundation releases operating system for PCs, Macs

arobertson1

Re: Acer Revo Nettop

Force audio over HDMI:

sudo nano /boot/config.txt

hdmi_drive=2

123-Reg drowns in ongoing DDoS tsunami

arobertson1

"Our protection systems kicked in immediately and the attack was contained by 10:40am"

That will be why my website is still down at 15.10 - some containment!

123 Reg Support Tickets are useless - they always wait until the problem is fixed several hours later and then proceed to tell you (cut and paste style) that they just checked your website and it is fine, just like there was nothing wrong in the first place.

I get that this is an unusually large DDoS, but at least be honest to everyone when they claim everything is fixed - it's not and it's still ongoing. Tumbleweed....

Dolphin fans freak, blast browser's bumbling bundles of bloatware

arobertson1

Re: Least bad?

"Crashy" is an understatement - try insecure. Test the browser at SSLlabs / Fortify and Panopticlick. Then use Firefox with appropriate addons - Adblock Plus, Blender, Canvas Fingerprint Blocker, Ghostery, H264ify, HTTPS Everywhere, No Resource URI Leak & No Script. Miraculously the internet speeds up a lot!

CIA says it 'accidentally' nuked torture report hard drive

arobertson1

Just Baidu it - I'm sure they'll have a copy.

Blocking ads? Smaller digital publishers are smacked the hardest

arobertson1

Genie, bottle, get back in - no chance!

The advantages of adblocking:

1) Prevent malware attacks.

2) Stop tracking / spying.

3) Internet speeds up.

4) Save money on bandwith charges.

5) Less irritation.

The disadvantages:

1) Your favourite websites lose out on revenue.

2) Ermm...

Solutions:

1) Paywall - bye, bye users.

2) Time sensitive - paid users view first, non-payers later.

3) Product placement / paid endorsement - works to a degree depending on relevance.

4) Host the adverts on the same site (won't get blocked) - will never work as the advertisers won't trust the site owner.

5) Charge the ISP's as a revenue source - would have to be voluntary but could work if planned properly.

Adobe scrambles to untangle itself from QuickTime after Apple throws it over a cliff

arobertson1
Linux

Linus Torvalds one finger salute

Hey Tim Cook, let me congratulate you with a Linus Torvalds one finger salute. I'm sick of Windows and Nadella's spyware ridden Fisher Price operating systems. You too can flippy tile off.

I really liked Windows 7, but every week some corporate knob end breaks it for their own political gain. I work with video and for the last three months patch Tuesday = Microsoft shafts my machine and the video software stops working. DON'T YOU TEST YOUR PATCHES????

Now, Apple is at it. I can be secure and have a doorstop or I can work and get hacked to bits - thanks a bunch Apple! I'll just rush out and buy your over priced, under powered i-thingy (hey I'm different and look, shiny!). Maybe you want a shot of my wife while you're at it?

Thanks to all this BS I'm now running Linux Mint Rosa Cinnamon edition. I have more control of my workflow than most so I can be flexible when changing software packages. To be perfectly honest I was expecting a lot worse than what I found and trying them out in real life workflows has meant trial and error, but on the whole I have managed to find successful solutions. I can't say that they live up to the Adobe suite (Pantone would be nice) but they're getting pretty close. Personally I would say try them and see how you get on:

First, enable your firewall first in terminal:

sudo ufw enable && sudo ufw default deny

GUFW - Nice front end GUI for UFW

GNU Image Manipulation Program - similar to Photoshop

Inkscape - similar to Illustrator

Scribus - similar to Indesign

Darktable / Lightzone / Picasa - photo workflow

Imagination - slideshows from photos

Hugin - panoramic stitcher

Batch Purifier from Colour Confidence - works in WINE

PosteRazor - print one image over many

Pixelize - make one picture from lots of small pictures

Photo Print - tile up lots of photos on one page

Kdenlive / Lightworks / Cinelerra - video editing similar to Premier

Bombono - similar to Nero video burning

K3B - similar to Nero DVD burning

Acetone - Burn ISO's

Media Info - Similar to GSpot identify codecs in video

GSpot - works with WINE

Good transcoders : Handbrake, WinFF, Transmageddon

Video Redo - works in WINE

K-Lite codec pack - works in WINE

ImgBurn - works in WINE

Blender - 3D production

If you prefer to see exif info and are missing pixel sizes, media lengths etc. then this will add them in:

sudo apt-get install nemo-media-columns

You can also customise Nemo in edit, preferences (add buttons / renaming files etc.)

Codecs (Software Manager):

libavcodec-extra-54

libk3b6-extracodecs

h264enc

ubuntu-restricted-extras

libmpeg3-1

ffmpeg - you can compile the latest version. You'll need Yasm from the software manager:

sudo ./configure

sudo make

sudo make install

VLC

Spotify

Banshee media player

Audacity - edit audio

LMMS - digital music

Ardour - midi projects

All the Libre Office suite is compatible with Microsoft Office - you can open, change and save in either and it will be fine providing you have the correct fonts installed:

Writer - similar to Microsoft Word

Calc - similar to Excel

Impress - similar to Powerpoint

Draw - the part that's missing in Microsoft's Office

Foxit Reader - similar to Adobe Reader

Calibre - eBooks

Notepad++ - works in WINE

Firefox, Thunderbird and Filezilla all work fine. (You can copy the profile folder for Mozilla Firefox and Thunderbird to Linux and it just works - fully configured. Much awesomeness!!!)

BeeBeep - Chat over LAN (configure firewall). Really useful for collaboration.

Veracrypt - encrypt your stuff

VMware Player - use VM's in Linux (Windows etc.)

Htop - shows processes (is that video editor really using all the cores for rendering?)

Catfish - file search

Bleachbit - similar to CCleaner

Lucky Backup - syncs folders

Spideroak - offline backup

Cairo Dock - epic dock similar to OS X

Applets - for your taskbar

Desklets - add clock to desktop etc.

XPad - similar to Sticky Notes

Grub customizer - just cause!

Archey - yeah I'm sad but I think it's cool

ClamTK - Anti Virus (useful for finding Windows viruses)

Avast - Anti virus

Sophos - Anti virus

If you are dual booting and your clock gets screwed up then:

sudo nemo

/etc/default

edit rcS

UTC=no

See you Tim and Satya,

…………………./´¯/)

………………..,/¯../

………………./…./

…………./´¯/’…’/´¯¯`·¸

………./’/…/…./……./¨¯\

……..(‘(…´…´…. ¯~/’…’)

………\……………..’…../

……….”…\………. _.·´

…………\…………..(

…………..\………….\…

The future of Firefox is … Chrome

arobertson1

Just give me something that has good javascript control, ad blocking, tracker blocking, super cookie blocking, secure ciphers with forward secrecy, geo-tracking removed, dom-storage disabled, network referrer off and click to play flash. Oh, wait, doesn't Firefox allow all this already?

The dummies that use Chrome do so because it came free with the packet of Corn Flakes software they installed the other day and they were too lazy / ignorant to understand that said software was also going to install Chrome. Maybe Mozilla should adopt the same tactics? "Free Kardashians wallpaper - now with Mozilla Firefox".

Microsoft did Nazi that coming: Teen girl chatbot turns into Hitler-loving sex troll in hours

arobertson1

I laughed at this at first and then I realised that Microsoft was probably quite pleased at the result - people interacted with a machine and tried (successfully) to corrupt it. They're probably in the process of putting a few guarded keywords in long blacklist to keep the P.C. brigade happy, but to be honest they would have been better off leaving it alone and appealing to a wider user base to make counter arguments against such extremist view points. Would the extremism have naturally died out with a larger consensus of opinion? That would have been more interesting to find out. Fascinating developments.

iOS flaw exploited to decrypt iMessages, access iThing photos

arobertson1

Key = 4 digit passcode + serial + salt. Salt = phone number? I hope not!

Computer says: Stop using MacWrite II, human!

arobertson1

Macwrite, Macdraw and Macpaint - them were the days. Games of Risk and Apache Strike. Fun times. Gently having to pat the Mac II's on the side to get them to boot because of bad graphic cards and the rewarding "bong" as they started up. Shortly followed by "I'll be back" shutdown or "That's all folks". To be honest the SPARC II's were abused more - in those days the whole campus was wired up with little or no security. Port 135 buffer overflows, dictionary password attacks (no salts then), call the same process in an endless loop.... crash. etc. etc.

Microsoft herds biz users to Windows 10 by denying support for Win 7 and 8 on new CPUs

arobertson1

Linux Mint

I run a small business. Here is the current set up:

1 PC using Windows 7, 3 PC’s using Linux Mint (not virtual) & 1 PC stuck on XP (short version - driver issues / don’t ask).

Most of you talk the talk about switching to Linux Mint / (Ubuntu if you must) etc. but I doubt many of you will. In most cases management will decide and you’ll just scurry along with upgrading to Windows 10, while you complain vigorously about privacy all the way (but not actually doing anything about it). That way your backs covered when the customer accounts all turn up on Pastebin - right? “Must have been Microsoft”. Wrong! P45 for you….

By far, the Windows 7 and XP PC are the most problematic in terms of keeping patched and up to date - I can spend a whole day on each fannying around with both of them getting them to work and be secure. Windows update, Adobe Flash, Baseline Security Analyzer, various software update checkers, Adobe Flash emergency out of band extra patch, Internet browsers (including IE windae licker edition), undoing Microsoft’s upgrade to Windows 10 and retro Windows 10 spyware on Windows 7 cagar, Adobe Flash extra, extra out of band update fix the second part b (honest gov - it’s the last one this month), uninstalling the obligatory Microsoft “Bork my PC now” booby trapped BSOD recommended update, Surprise!!… Pain in the arse.

Conversely, Linux Mint just works. Updates (at most) take around ten minutes. No fannying around, no double checking here there, wing and a prayer - just works.

Every once in a while I scan the network for any issues with security. Surprise, surprise it’s always the Windows PC’s that end up with the problems. In most cases Mint is so quiet on the network that nMap can’t even identify it let alone find a weakness. Windows 7 on the other hand - shut the f*** up! Yet another piece of software required…. Antivirus, Antispyware, Firewall, USB autorun prevention, ASLR, OS configurations, Application rights, Group Policy this, that, this and this, oh wait a minute that one needs a registry edit…… The list is endless. Oh s*** here’s yet another javascript OS vulnerability that bypasses the UAC. Hmmm, yes that sounds like a really sensible idea to allow .js to run natively in the OS. I luv my ransomeware Microsoft!

Look guys, the only way you will secure your data and prevent Microsoft from grabbing it all (keyloggers, wifi passwords, big jugs online or whatever) is to dump Windows 10 and use Linux. Go on, you know you want to - try it and get your social life back (No, Facebook doesn’t count).

Microsoft's dodgy new Exchange 2010 update breaks Outlook clients

arobertson1

Re: Linux v Windows updates

Well at least the bridge wouldn't fall down on me the first time someone tries to use it! Come on Alister, lighten up - it's an opinion, just like yours.

You must admit that Microsoft has made some real blunders with their updates over the last few months. This is just but one of many. They need to start testing the updates properly before releasing them. Surely you can agree with that?

arobertson1

Re: who in their right mind does this

So is that because of a bad experience with updating too quickly with Microsoft updates then? It sounds to me like you expect them not to work in the first place and then you just wait and see if anyone else has any problems before updating. Kind of like sitting on the fence between security and functionality.

arobertson1

Re: Linux v Windows updates

Aww, come on. Seriously? You're honestly saying that in the last three months Windows updates have run smoothly for you? Really? Hand on heart really? I didn't think so.

I have yet to come across a single Windows machine that hasn't had a problem with some update from Microsoft. In some cases they haven't been able to start up at all after the updates... I don't get that with Linux!

Whether you like it or not Linux updates are by far a lot easier and quicker. Microsoft are releasing these updates without testing them properly!

arobertson1

Re: Linux v Windows updates

Thus speaketh the last Vista user... Never heard of Open Xchange then? Sorry boys but Linux is better at updating than Windoze.

arobertson1

Linux v Windows updates

Linux:

sudo apt-get install update && sudo apt-get upgrade

Job Done. Estimated time taken: below 5 minutes.

Windows:

Run Windows update

Upgrade ActiveX

Re-run Windows update

Attempt to install

Repeat failed installation

Visit Microsoft's download website, search for KB and manually download it

Run manual installer

Reboot

Try windows update again

Repeat above until no more updates

Lack of faith prompts running MBSA

MBSA fails to update or runs without updating after long wait

Suspect MBSA not working properly and manually download update

Select option to run manual update

True enough - more patches required

Download patches manually

Re-run / re-boot / re-check several times

Software stops running properly

Attempt to diagnose problem

Assume latest updates are problem and isolate the problem

Roll back update causing problem

Re-check other updates not affected

Re-run MBSA and ignore problem update

Pull hair out and wonder how the world hasn't ground to a halt

Time taken: 1 Day

Hmmm, will my next operating system be Windows 10 or Mint 17?