bfcastello wrote:

Seriously... I think that every year the developers and programmers are being much more lazy than before.

Actually, Windows 10 was cut down considerably, because MS also wanted to use it on Smartphones and tables.
I use cheap Z85 and Wintel Pro machines, with an onboard 32GB disk, and you can easily run Windows 10 Home x64 on those, with enough room to spare for installing some applications, running updates etc.
I don't think I would be able to fit a working installation of Windows 7 x64 on there.

Yeah, back in 2015 there were comparisons like this one: https://arstechnica.com/gadgets/2015/07/faste … de-for-old-pcs/
Of course, cumulative upgrades since then probably make a Win10 installation larger today than it was back then, but the disk-space cut-down is still pretty impressive if accurate. (Haven't done any comparisons myself.)

As for boot times and general responsiveness, it's been my impression that Win10 does try to be more responsive (although it's not necessarily faster - certain things are simply postponed and performed after the log-on screen appears, or after a window is opened, etc). Though on my Win7 daily driver, the boot-screen flashes by in 6 seconds, so I'm not complaining.

I have even turned on CompactOS to try and shrink it a bit more...

I know some ppl say Win 10 install is supposed to be smaller, but I am not impressed by the comparisons with Win 7 and Win 8... I am impressed with the comparison to Win 2k, a 20 year old system has a MUCH MORE smaller footprint, and runs practically the same stuff Win 10 does, after a fresh install. Back in the day, Previous Windows used to let you choose what you really want to install. Now it just goes with all the sh%$t and bloatware.

Cortana? I don't f4#*k need it. Automatic Updates? No thanks. I don't even use the Siri on my macbook and neither on my iPhone; doesnt mean I hate it. Sometimes I use Siri, for things like write a note, game results or ask what's the weather like. But that's all I do.

Scali wrote:

gdjacobs wrote:

Nonetheless, availability of Setup mode would be best. It would allow all the Gentoo and Arch guys to boot directly into custom EFI applications with all the advantages of Secure Boot (once the key store is loaded).

Exactly what are you proposing with "Setup mode"?
Keys can already be loaded to the store from software, as explained in the Gentoo wiki I linked to earlier.

Only if they're signed. Setup mode as per the spec allows the PK and KEK(s) to be loaded without any signing process. It restricts I/O avenues to require an operator's physical presence when enabling setup mode. Many vendors provide this kind of access, but it's certainly not a mandatory requirement by Intel or Microsoft.

As I've already explained, I would also be in favour of UEFI implementations capable of 1) loading x509 certificate chains from the EFI executable to be run, 2) validating the chain with the firmware key store as a trust anchor masked by the DBX, and 3) validating the EFI payload with the certificate chain prior to execution. This would make signing authority more available, allow untrusted intermediate certificates to be revoked without compromising the root certificate, and should be technically straightforward as it would be an extension of functionality Secure Boot already has.

Instead of Secure Boot, shouldn’t we be discussing about the aggressive privacy issues on Windows 10? The OS even has a telemetry stuff behind the scenes giving them everything... the more I see, the less privacy and control we have on these operating systems. I thought it was a big part of the reason for this topic.

bfcastello wrote:

Instead of Secure Boot, shouldn’t we be discussing about the aggressive privacy issues on Windows 10?

That's been discussed since Win10 has come out and about 90% is bogus. The rest can be opted out of, most of it during the initial install.

bfcastello wrote:

The OS even has a telemetry stuff behind the scenes giving them everything...

Properly implemented telemetry does not collect personal data, so privacy is not an issue here. Telemetry is about improving the product not data mining. And again, most of it can be turned off.

bfcastello wrote:

the more I see, the less privacy and control we have on these operating systems.

Actually, Win10 gives you tons more control over these things. You can actually select what you agree to be collected, when and by whom; you can give/deny access to specific features for individual apps, etc. No other version of Windows gave you this much control. Granted they may not have been collecting much, but you can't really know that.

bfcastello wrote:

I thought it was a big part of the reason for this topic.

I bet it is, unfortunately what feeds people's misconceptions on this is some fearmongering trolls on the internet, not facts.

dr_st wrote:

Actually, Win10 gives you tons more control over these things. You can actually select what you agree to be collected, when and by whom; you can give/deny access to specific features for individual apps, etc. No other version of Windows gave you this much control. Granted they may not have been collecting much, but you can't really know that.

Not only that, you can now give access to various devices, such as microphones and webcams, on a per-application basis.
Things are blocked by default, so malware can't secretly enable your mic or webcam and eavesdrop.

I think Microsoft's collecting more data than is responsible, but I think you're stupid if you believe you're safe from that by using Windows 7.

dr_st wrote:

That's been discussed since Win10 has come out and about 90% is bogus. The rest can be opted out of, most of it during the initial install.

Properly implemented telemetry does not collect personal data, so privacy is not an issue here. Telemetry is about improving the product not data mining. And again, most of it can be turned off.

Actually, Win10 gives you tons more control over these things. You can actually select what you agree to be collected, when and by whom; you can give/deny access to specific features for individual apps, etc. No other version of Windows gave you this much control. Granted they may not have been collecting much, but you can't really know that.

I'm not a latest win version expert, I've not used it enough to have an opinion on it, but generally speaking these things feels like the "tendency" of a modern logic most softwares/services are following too in the last decade. Most may be happy to improve "their" product but does it begin to sound like becoming a recurrent unconvincing common motivation? Some may ask himself if this "logic" could be or not more about a hypothetical value those data may have, beside what for/who cares, not talking about privacy or whatever but about some "products" as "self-living services" that may or not produce not only the revenue from buying it but also using it, just like modern web pages. I may not care about it, when things becomes "free" people can't expect to have free o.s., free apps, free socials, free everything. But of the two type of market logic I'd prefer to spend more on a product and feel like it's my own and not a service.
For example lately I was looking for the latest official drivers for a (not latest) modern gpu to find and read user comments/articles talking about drivers background telemetry services (even in gpu ones..) that couldn't be disabled at all since a specific version. Why these things should happens/change at first? This doesn't sound like a "user free choice" or a "disabled by default" logic, does it? Still most of us may not care, but it's difficult not to feel these things like "squeezing the lemon" as much as possible.

dr_st wrote:

Actually, Win10 gives you tons more control over these things. You can actually select what you agree to be collected, when and by whom; you can give/deny access to specific features for individual apps, etc. No other version of Windows gave you this much control. Granted they may not have been collecting much, but you can't really know that.

I mean, it's kind of logical that you have more "control" if there is tons more data collection going on, having to opt out of more things is not "more control" imho, and they don't even tell you what they collect with things you can't control.

dr_st wrote:

Properly implemented telemetry does not collect personal data, so privacy is not an issue here. Telemetry is about improving the product not data mining. And again, most of it can be turned off.

you really believe anything corporations tell you? they only want to improve one thing, their profits. Windows 10 was mostly available for free, that means you are the product.

It's not about what I believe. The definition of telemetry is remote collection of measurements, for the purposes of diagnostics. It is widely used in many industries. In the realm of software, it is about collecting people's usage patterns, fault points, etc. of a large group of users to determine which bugs exist or which features would be more useful in the software for most users. It is not about collecting people's personal data to sell it to third parties for profit. That has a different name.

So when someone tells you that they are collecting telemetry, then, if telemetry is actually what they are collecting - there is no privacy issue here, at least not an intentional one. I just want people to know the meaning of words and not use wrong terminology.

Now, of course there are tons of question one can ask - Is telemetry really what they collecting? Do they collect anything else? Any personal data? How secure is the system? Can personal data be collected accidentally? Can it leak due to improper security? Does the software honor the opt-in/opt-out settings at all? Are there any other hidden stuff going under the radar that I'm not even told about? Of course the answer can be "yes" too all of these, and with closed-source software it is impossible to know without external observations, which people have been doing, and good for them.

However, the same bad things can happen to your personal data whether someone tells you that they are collecting it or not, whether someone has implemented telemetry or not, so I really can't understand people going crazy about what Win10 allegedly collects, when they have no idea what it actually is, and how it compares to what has been collected before. All because there is now a shining toggle switch saying "Do you agree to share such and such data with Microsoft?" The assumption that just because the switch wasn't there before, it was never collecting before is a rather naive one.

diagnostic data is personal data, anything I do on my machine is personal, you even just said "people's usage patterns" what is this if not personal.

what websites you visited at what time can be considered "diagnostic data"
what files you open can be considered "diagnostic data"
when and for what you use your computer at any time can be considered "diagnostic data"

and as long as they do not specifically and certifiably tell us what exactly is collected, you can, and should NOT TRUST them.

people are going crazy about windows 10 because it is not transparent what data is getting shared, so there can be no trust.

imi wrote:

diagnostic data is personal data, anything I do on my machine is personal, you even just said "people's usage patterns" what is […]
Show full quote

diagnostic data is personal data, anything I do on my machine is personal, you even just said "people's usage patterns" what is this if not personal.

what websites you visited at what time can be considered "diagnostic data"
what files you open can be considered "diagnostic data"
when and for what you use your computer at any time can be considered "diagnostic data"

and as long as they do not specifically and certifiably tell us what exactly is collected, you can, and should NOT TRUST them.

people are going crazy about windows 10 because it is not transparent what data is getting shared, so there can be no trust.

I have to agree with this one.

imi wrote:

diagnostic data is personal data, anything I do on my machine is personal, you even just said "people's usage patterns" what is this if not personal.

Properly implemented software telemetry is anonymous - no data should be collected/stored that can connect an observed event to a personal (e.g., user name, file name, IP address). That's in theory. What's in practice? I don't know.

imi wrote:

and as long as they do not specifically and certifiably tell us what exactly is collected, you can, and should NOT TRUST them.

And if they do tell you? Do you believe them? Of course not. So you should just not trust them. Or anyone, for that matter, unless the software is completely free and open source. Some people subscribe to that notion, and that's fair.

imi wrote:

people are going crazy about windows 10 because it is not transparent what data is getting shared, so there can be no trust.

No other version of Windows is. I don't think any closed-source software is, by definition. It makes no sense to me to go crazy about Windows 10 and be "OK" with everything else - Windows 7, Apple, Google Chrome, Google's Web Services (which notoriously collect everything), which is what many people seem to be.

For example:

imi wrote:

Windows 10 was mostly available for free, that means you are the product.

First of all, Windows has almost always been available "for free", because if you buy an OEM machine (any laptop, and almost any non-custom built desktop), the license is included in the cost. This has not changed for Windows 10. The only thing that did was a a whole bunch of free upgrades from Win7/8 which were widely available for a long time. Add to the fact that Microsoft never cared about end-users piracy of Windows, and Windows has basically been "free" forever (not for businesses, though, and Win10 is not free for them either).

But let's take your point further. So much software is available for free, including every single web browser, and a very large group of operating systems (any derivative of Linux). So if you use them - it means that "you are the product"? So, by your logic, we should not use any of these things?

dr_st wrote:

It's not about what I believe. The definition of telemetry is remote collection of measurements, for the purposes of diagnostics. It is widely used in many industries. In the realm of software, it is about collecting people's usage patterns, fault points, etc. of a large group of users to determine which bugs exist or which features would be more useful in the software for most users. It is not about collecting people's personal data to sell it to third parties for profit. That has a different name.

So when someone tells you that they are collecting telemetry, then, if telemetry is actually what they are collecting - there is no privacy issue here, at least not an intentional one. I just want people to know the meaning of words and not use wrong terminology.

Now, of course there are tons of question one can ask - Is telemetry really what they collecting? Do they collect anything else? Any personal data? How secure is the system? Can personal data be collected accidentally? Can it leak due to improper security? Does the software honor the opt-in/opt-out settings at all? Are there any other hidden stuff going under the radar that I'm not even told about? Of course the answer can be "yes" too all of these, and with closed-source software it is impossible to know without external observations, which people have been doing, and good for them.

I agree with that theorical definition of telemetry and we may expect that is what most apps does. Also I'd agree that these things should not be discussed necessary for the privacy aspect that's complex and depends on many other philosophic related discussions and I don't think this is the main point here.
Maybe the main point of the subject may be the number of all these "features" that are sort of designing a strange "tendency" shared by many softwares and even drivers. Users may do not care about telemetry itself but still they would find in many apps all kind of "statistics", "ads related", "reports", "crash reports", "studies", "improvement related collecting", "remote connections services clients->server or server->clients" etc. etc.. all these may be just for "a better world", we all can believe this but still I'd compare this situation to the 80's or 90's. Would all these be considered good and acceptable logics?
I understand and agree old softwares that didn't asked you these permission may have done the same things, that's a valid logic. But I may ask myself if a 1995 operating system or application "may have not needed" all these things to exist at all? Don't you feel like -maybe- old software programs just needed to "be bought" and didn't need more after that beside buying the next version?
I think once existed a sort of "ethic" where these things didn't exist mostly cause I'd imagine it was considered "enough" to have a client buying just the company product and just receive updates on it.
Nowdays even the fruit store will ask you to make a special premiun social card where you'll receive bonus or ads or whatever to have discounts prices or whatever. Are those practices always good?

dr_st wrote:

Properly implemented software telemetry is anonymous - no data should be collected/stored that can connect an observed event to […]
Show full quote

Properly implemented software telemetry is anonymous - no data should be collected/stored that can connect an observed event to a personal (e.g., user name, file name, IP address). That's in theory. What's in practice? I don't know.

And if they do tell you? Do you believe them? Of course not. So you should just not trust them. Or anyone, for that matter, unless the software is completely free and open source. Some people subscribe to that notion, and that's fair.

No other version of Windows is. I don't think any closed-source software is, by definition. It makes no sense to me to go crazy about Windows 10 and be "OK" with everything else - Windows 7, Apple, Google Chrome, Google's Web Services (which notoriously collect everything), which is what many people seem to be.

But let's take your point further. So much software is available for free, including every single web browser, and a very large group of operating systems (any derivative of Linux). So if you use them - it means that "you are the product"? So, by your logic, we should not use any of these things?

like I said, it is very much not transparent, so you don't even know what basic telemetry even means.
and no you should not trust them even if they tell you, hence why I said certifiably, this would need independent audits obviously.

and yes people should go crazy about chrome and google and the like too (and they often do).

not all free software makes you the product, a lot of open source software comes from a completely different ethical standpoint and motivation (contribution and sharing, non-monetary etc.) than commercial products that are "free" (i.e. most of google).

it's not about not using these, you can use them all you like, it's about being told what using them entails, if I use google, I know that they collect everything they can get their hands on about me, I do not agree with what they are doing, but I am aware of it.

using windows10 you basically entrust microsoft your whole computer and all data on it without even having the slightest of ideas what they collect or know about you.

386SX wrote:

we all can believe this but still I'd compare this situation to the 80's or 90's. Would all these be considered good and acceptable logics?

Well, the world isn't what it used to be in the nineties. Change is rarely strictly for better or for worse.

One example that frequently comes to my mind is about security - in the nineties there was far less awareness of the need of security in software, or even hardware. People simply didn't imagine the kind of threats they may be dealing with. Think of the recently discovered (like the past 2 years) bugs in Intel CPUs, which were root-caused to performance-oriented architectural choices made in the original Pentium timeline, back when security wasn't on anyone's mind.

In some ways I would prefer the situation of the nineties, and in others I'd prefer what we have now. I think for most of us, the benefits of the modern world of computing outweigh the pitfalls.

386SX wrote:

Don't you feel like -maybe- old software programs just needed to "be bought" and didn't need more after that beside buying the next version?

The software business is hard to survive in. People don't want to pay a lot. Software is easy to duplicate, crack and use without paying. People's motivation of buying "the next version" lessens as time goes by. To survive and thrive, software companies have to constantly come up with new solutions, new business models. The "software-as-a-service" which everyone loves to hate is one such model, created out of necessity.

imi wrote:

using windows10 you basically entrust microsoft your whole computer and all data on it without even having the slightest of ideas what they collect or know about you.

As much as you insist on singling out Windows 10, I will insist on pointing out that the above is true for EVERY version of Windows, EVERY version of MacOS and every time you trust the management of your computer to a closed-source piece of software that you didn't write. In a much broader scale it's true about every time you use a product or service that someone else built or supplied to you, which happens, well, every day, all day. You have to have some level of trust. If, for whatever reason, you choose not to trust a specific vendor, that's your choice, of course.

dr_st wrote:

Well, the world isn't what it used to be in the nineties. Change is rarely strictly for better or for worse. […]
Show full quote

386SX wrote:

we all can believe this but still I'd compare this situation to the 80's or 90's. Would all these be considered good and acceptable logics?

Well, the world isn't what it used to be in the nineties. Change is rarely strictly for better or for worse.

One example that frequently comes to my mind is about security - in the nineties there was far less awareness of the need of security in software, or even hardware. People simply didn't imagine the kind of threats they may be dealing with. Think of the recently discovered (like the past 2 years) bugs in Intel CPUs, which were root-caused to performance-oriented architectural choices made in the original Pentium timeline, back when security wasn't on anyone's mind.

In some ways I would prefer the situation of the nineties, and in others I'd prefer what we have now. I think for most of us, the benefits of the modern world of computing outweigh the pitfalls.

386SX wrote:

Don't you feel like -maybe- old software programs just needed to "be bought" and didn't need more after that beside buying the next version?

The software business is hard to survive in. People don't want to pay a lot. Software is easy to duplicate, crack and use without paying. People's motivation of buying "the next version" lessens as time goes by. To survive and thrive, software companies have to constantly come up with new solutions, new business models. The "software-as-a-service" which everyone loves to hate is one such model, created out of necessity.
.

I'd agree maybe in the 90's security weren't a big discussion over users and maybe there were more bugs for bad things theorically happening but the few realistic discussions would have been about the rare "hacker" guy from its computer and not some, as you said "business models", that seems somehow to remind those similar security concerns of that past, just ok because agreed under a contract and safe cause comes from companies and not a person.
If the software business is hard to survive in and I agree most would like everythings for free, that'd make ask ourself if then again some of these features may gravitate to compensate the lack of that old simpler business model raising some questions about how much this practice may accelerate, until where and what, once this will not be enough again "to survive and thrive" in the business (with newer motivations like "to improve the product experience..").
Still I'm not sure there were that "necessity" when some companies were quite healthy right before introducing such service model. But I imagine it only takes one player to invent and use a new business model so every others would follow behind trying going faster.

dr_st wrote:

As much as you insist on singling out Windows 10, I will insist on pointing out that the above is true for EVERY version of Windows, EVERY version of MacOS and every time you trust the management of your computer to a closed-source piece of software that you didn't write. In a much broader scale it's true about every time you use a product or service that someone else built or supplied to you, which happens, well, every day, all day. You have to have some level of trust. If, for whatever reason, you choose not to trust a specific vendor, that's your choice, of course.

well yeah, this is true basically, I'm singling out windows 10 because it brings it to a whole new level imho, and the implications are a lot more far reaching than with any other product or service, as it is literally the operating system that anything else runs on, and by that I don't just mean software, sooner or later government institutions, doctors etc. will switch over to windows 10 basically granting microsoft "access" to everything, as pretty much everything is digital nowadays all the while we still don't know to what extent microsoft collects data, the chinese government wasn't stupid when they demanded a telemetry-free version of windows 10 or they simply wouldn't use it.

the big difference to the 90s is also that the digital realm has a lot more impact on our lives, so security has to be on a whole new level too.

imi wrote:

the big difference to the 90s is also that the digital realm has a lot more impact on our lives, so security has to be on a whole new level too.

It's not only about the digital world. It's a tendency on a philosophic common level, considering all the other aspect of the "advanced" modern human in its usual day in a world already filled up with these logics. From the "fruit store" asking for the premium customer card or the big store commercial most complex customers oriented logics or all the possible virtual/visual/audio/personal/companies/devices we may think "everyone" may already collect something for their own commercial purposes/whatever reasons since decades.
I care only about the few choices that can be made like buying only what and when and if I really need it, not cause friends or anyone told me new devices or things are cool without any reasons.
"Comfort" was the key to this situation and as said above people wanted almost "free" devices/sw/everythings and they got it that way.