Desperation, or Fast, Familiar and More Secure

“The large pop-up screen, which first appeared over the weekend, gives users the option of upgrading straight away or … that evening. Users can still opt out by clicking on the red ‘X’ in the top right corner of the window, but less savvy computer users (part of Redmond’s core market segments) might not figure that out.”
 
See Microsoft’s steps up Windows 10 nagging • The Register
Oh, the memories M$’s nagging dredges up. In the old days it was BSODs and missing this that or the other. Now, it’s “Home invasion! Ready or not, here we come!”. The last time I saw such a message, I installed Debian GNU/Linux on the thing that same day. I really love an OS that does its job and stays out of my way. I love Debian GNU/Linux.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in Linux in Education, technology and tagged , , , , , , . Bookmark the permalink.

20 Responses to Desperation, or Fast, Familiar and More Secure

  1. DrLoser says:

    No, wait, I admit, it has to be extraordinarily difficult to force a Gnu/Debian/Android/Chrome/FOSS/FLOSS/Linux … I forget the nom du jour on this one … desktop or tablet or even server into a boot via Grub.

    Gosh, Dog-Brain. I wonder how, in that tiny little interval between, say, 2009 and 2015, I might have done so?

    I’ll leave the research to you. You’re the one on “sabbatical.”

  2. DrLoser says:

    Yes, I suppose Windows 10 installations would go up, when it’s frickin giving away for free and then, shoved down everyones throat, even those that do not want it.

    Not quite what you said in the first place, Dog-Brain. May I remind you?

    With Windows 10 falling adoption rates, many have seen the company’s initial smugness evolve into incredulity and increasingly dirty tactics.

    It’s not too late to admit that you lied about “falling adoption rates,” you know. You could even adopt Fifi’s basic tactic here: “I lied, because I am a professional.” In your case, “on sabbatical,” of course.

    Which reminds me of Robert’s rather weird link to a 2010 blog conversation, wherein for some bizarre and clearly unfounded reason he believed that he was being insulted by Oldman. Unlike you, Dog-Brain, I like to analyse the cites provided. And what do you know, Robert’s cite provided the following hilariously bad prediction:

    The “7” stats may not be a lie, but the conclusion of acceptance is. Because 7 is really just Vista rebranded, the graph only proves that Vista has managed to get another 8% of the market, if the statistics are correct. Most of the 7 people come from Vista, the rest of the Microsoft crowd clings to XP because their software does not migrate to Vista or 7. That makes 7’s growth rate equal to or worse than Vista’s.

    It is possible that botnets have been used to pump up the apparent showing of 7 and Vista. Microsoft regularly engages in channel stuffing and is not above that kind of fraud. Microsoft will be lucky to get the combined market share of Vista and 7 out of single digits.

    Try counting again, Twitter.

    Jeez. It’s a wonder you people are allowed outside, in public, without a leash and a muzzle.

  3. DrLoser says:

    So, Deafboy, did you figure out how to “Press backspace 28 times” remotely upon booting a computer? We’re waiting.

    Did you figure out how to “Press backspace 28 times” on the Windows boot-loader, Dog-Brain? We’re waiting …

    Incidentally, nothing about this exploit, including Deaf Spy’s link, even once suggested that it was available over a network. Unlike, say, Heartbleed or Shellshock.

    Nice try, though. I’m sure you’ll be ready and willing to make a cogent response, once your “sabbatical” is over and you get the chance, once more, to engage your awesome intellectual powers on the question.

  4. dougman says:

    Please show us how you “Press backspace 28 times” remotely upon booting a computer.

    The link you provided is no different than one using Ophcrack, PCUnlocker, Kon-Boot or any of the other tools to bypass login passwords.

    Exploiting this vulnerability requires physical access to the computer during startup, and if you’ve got physical access, there are about a zillion ways you can bypass security.

    The bug is about bypassing Grub2’s internal password protection. Most users don’t password-protect Grub2.

    The bug is in the Grub2 bootloader. If you’re using direct boot from UEFI, LILO, classic Grub, or any of the non-x86 bootloaders, you’re not vulnerable to it.

    If you’re worried about this bug, install your distro’s patch for it, but keep in mind that, except in unusual circumstances, the vulnerability doesn’t actually reduce security.

    This will only affect people who use a GRUB password prompt, which is not the default on Ubuntu. So a default Ubuntu installation was never vulnerable.

    If you do use a GRUB password prompt (which is arguably not a very strong protection anyway, since a person who sees the grub screens has physical access to the machine) then you are protected if you’ve installed all recent security updates – in particular, if your grub2-common package is one of the following versions or later:

    Ubuntu 15.10:
    grub2-common 2.02~beta2-29ubuntu0.2

    Ubuntu 15.04:
    grub2-common 2.02~beta2-22ubuntu1.4

    Ubuntu 14.04 LTS:
    grub2-common 2.02~beta2-9ubuntu1.6

    Ubuntu 12.04 LTS:
    grub2-common 1.99-21ubuntu3.19

    Already been fixed: https://lists.ubuntu.com/archives/ubuntu-security-announce/2015-December/003218.html

    $ apt-cache policy grub2-common
    grub2-common:
    Installed: 2.02~beta2-9ubuntu1.4
    Candidate: 2.02~beta2-9ubuntu1.6
    Version table:
    2.02~beta2-9ubuntu1.6 0
    500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
    500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
    *** 2.02~beta2-9ubuntu1.4 0
    100 /var/lib/dpkg/status
    2.02~beta2-9 0
    500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

    So, Deafboy, did you figure out how to “Press backspace 28 times” remotely upon booting a computer? We’re waiting.

  5. dougman says:

    Yes, I suppose Windows 10 installations would go up, when it’s frickin giving away for free and then, shoved down everyones throat, even those that do not want it.

  6. DrLoser says:

    With Windows 10 falling adoption rates, many have …

    … been tired by Dog-Brain’s incessant misrepresentations.

    Here, Dougie, try this as evidence for falling adoption rates.

    You say down, I say up.

  7. dougman wrote, “by agreeing to the EULA they tossed the rights to a class-action suit out the window?”

    The EULA from Hell is a contract binding on both parties. For it to be valid, the court has to accept that both parties were competent to enter into an agreement and that a consideration was exchanged. A court could well be persuaded that the EULA is not valid and open the floodgates. In the case of OEM versions, a judge might rule that the consumer paid the retailer, not the OEM or M$ so that no consideration was given. Further a judge could rule that a 10 year old kid clicked “I agree” and was not competent. You could have a class of parents of kids who agreed or a class of all consumers who clicked “I agree” without a lawyer present. For a contract to be valid, both parties have to understand it. Clearly, with consumers demanding class action they at least did not understand it. Further, a judge may rule that surrendering rights to access the courts is not conscionable or illegal.

  8. dougman says:

    http://www.valuewalk.com/2015/11/windows-10-class-action-microsoft/

    LOL…don;t these ding-bats understand that by agreeing to the EULA they tossed the rights to a class-action suit out the window?

    LOL..

  9. luvr wrote, “Clearly, your first option, then, is to upgrade your hypothetical computer to a newer Linux release. Again, you’re out of luck: in order to work right, your hypothetical computer requires a hypothetical proprietary driver that is not available for newer Linux releases.”

    Unless the PC is very old and can’t run a virtual machine, that could be a good option. I know the new on-line LibreOffice is being shipped in beta as a VM. I tried it but it’s a struggle on Beast. The VM is VMware aware and I had to edit GRUB lines to get it to boot from KVM but I couldn’t get networking to work and gave up after a while. It’s pointless without networking. That’s a failure of Collabora to ship a more generic image I guess but at least they tried and with more effort I probably could get it to work. I don’t have any trouble installing GNU/Linux in KVM so I could dip into RedHat’s archives and make any old GNU/Linux application work that way.

  10. luvr says:

    kurkosdr said, “So, Desktop Linux presents a hard-choice: Even stick to an old version with which your old drivers (and apps) work, but at the same time stop receiving new apps, or go to a new version and risk breakages.”

    Let me get this right: You have a hypothetical computer that currently runs an old Linux release. Now, you want to install a hypothetical new application on it. Unfortunately, that doesn’t work, since this hypothetical application doesn’t run on that old Linux release. Fair enough.

    Clearly, your first option, then, is to upgrade your hypothetical computer to a newer Linux release. Again, you’re out of luck: in order to work right, your hypothetical computer requires a hypothetical proprietary driver that is not available for newer Linux releases.

    So, on the one hand, you want to dump the old Linux release, because it no longer works for you, and on the other hand, you cannot upgrade to a newer Linux release, because that doesn’t work for your hypothetical computer.

    As an alternative, you may, obviously, decide to downgrade to Windows, and see if that works any better.

    Unfortunately, however, that option, too, is unlikely to work. After all, since your hypothetical computer requires a hypothetical proprietary driver that is no longer maintained—i.e., an old driver—that hypothetical computer must be relatively old. As a consequence, it will be unable to run any of the currently supported Windows releases (a.k.a. “Windows 10”) with any acceptable level of performance. Surely, you won’t want to run any of those earlier Windows releases (which are no longer supported, and consequently cannot be kept “secure”), will you?

    I think it’s time for you to get a new hypothetical computer.

  11. luvr says:

    kurkosdr said, “At least with Windows 7 and 8, you have the option to stick to them”

    Yeah, right… As if Microsoft will let you. Bwahahaha!

    kurkosdr also said, “AND receive new apps”

    If that is true, then Microsoft must have changed its policy. New Microsoft Office versions used to require the latest Microsoft Windows version. (Same goes for Microsoft Internet Explorer, but I consider that irrelevant.)

  12. kurkosdr says:

    Oh and BTW I would gladly download third-party blockers in order to avoid the Desktop Linux dilemma I described in my previous post thank you.

    And the fact no meaningful numbers of Windows 7 and 8 users migrate to Desktop Linux means most users are like me, sorry.

  13. kurkosdr says:

    Not to mention that I don’t even understand why you would stick with an old Linux distro if it makes you unhappy.

    Because some proprietary driver depends on it and the idea all companies should open their drivers has no application in the real world?

    Aka the same reason even Nexuses stop receiving upgrades to new Android versions (Nexus 4 anyone?) and the reason unofficial ROMs suck (because old proprietary drivers have to work with new Android and linux kernel versions).

    So, Desktop Linux presents a hard-choice: Even stick to an old version with which your old drivers (and apps) work, but at the same time stop receiving new apps, or go to a new version and risk breakages.

    At least with Windows 7 and 8, you have the option to stick to them AND receive new apps.

    Now, go ahead and chant how all your drivers and apps are open-source and you don’t care, as if the 99% would commit to 100% FOSS apps and drivers.

  14. luvr says:

    kurkosdr said, “That’s bad, but still better than Desktop Linux, were anyone not running at least the latest LTS of his distro is forgotten by everyone, app vendors and community.”

    Really? Microsoft doesn’t show much respect for you if you attempt to decline the Windows 10 degrade, does it?

    From the article that dougman linked to: “As such the outlook for those who wish to remain on Windows 7 or Windows 8 is looking grim. Yes you will be able to dodge Microsoft’s increasingly aggressive and sneaky upgrade tactics, but it won’t make for much of a fun existence if it requires endlessly dismissing notification prompts, tweaking Windows settings and upgrading third party blocking tools.”

    If I had no other option than either this Microsoft crap or an old Linux distro, then I would happily go for the Linux distro. Not to mention that I don’t even understand why you would stick with an old Linux distro if it makes you unhappy.

  15. dougman says:

    With Windows 10 falling adoption rates, many have seen the company’s initial smugness evolve into incredulity and increasingly dirty tactics. M$ appears to have forgotten about respecting user choice entirely because life for Windows 7 and Windows 8 users is about to get a lot worse.

    Pretty low for them to do this wouldn’t you say?

    http://www.forbes.com/sites/gordonkelly/2015/12/16/microsoft-windows-10-free-upgrades-worse/

  16. dougman says:

    Windows update popup mimics malware, talk about failure.

    Oh lets see…

    1. Users gets a popup, pretending to be from Microsoft, about the Windows 10 update.

    2. Once downloaded, this malicious update, takes over their computer and blocks the user from accessing all their important files, photos, videos, etc.

    3. The attacker demand the users to pay a ransom 1-2 Bitcoins worth of hundreds of dollars to regain control of their personal computer.

    4. Profit!

    https://www.youtube.com/watch?v=qxP5_Qx9EqI

  17. kurkosdr wrote, “That’s bad, but still better than Desktop Linux, were anyone not running at least the latest LTS of his distro is forgotten by everyone, app vendors and community.”

    Still, one can usually preserve an application’s favourite environment in a virtual machine or chroot and carry on. GPL and other FLOSS licences don’t restrict that although some vendor might. I still think you are better off sticking with FLOSS than using any non-Free software.

  18. kurkosdr says:

    That’s bad, but still better than Desktop Linux, were anyone not running at least the latest LTS of his distro is forgotten by everyone, app vendors and community.

    BTW, gotta live the slime-y pitch in the pop-up. They toss the “all your files will be there” to create an impression of risk-free-ness, but they make zero mention about what happens to apps and drivers.

Leave a Reply