@rysiek christ almighty, it never ends
@rysiek Microsoft is digging at rates not yet seen!
As early as Windows 7, when you opened up the Devices and Printers control panel, there was an option to "Obtain device information from the internet" (or some wording to that effect) which would retrieve graphics for printers and such, so they wouldn't show up with generic icons. I wonder if this is *that*, but perhaps without asking for permission, and of course being done insecurely as it may have been all along.
Windows 7+: Device Metadata Packages Show more
Overview of the Device Metadata System > Device Metadata Retrieval Client
"When the user opens the gallery view window of the Devices and Printers user interface, the DMRC [...] checks the local computer's device metadata cache and device metadata store. If the device is newly installed [or] scheduled for a periodic metadata update, DMRC queries the Windows Metadata and Internet Services (WMIS) website [...]"
Windows 7+: Device Metadata Packages / Security Show more
It should be done by HTTPS for sure, but this feature was designed for Windows 7, which was released in 2009, and concern over HTTPS wasn't quite as mainstream until after the Snowden revelations in 2013.
There may well be an exploitable vulnerability somewhere, for all I know. However, Device Metadata Package information retrieved via WMIS is verified to have been signed by Microsoft.
@mcscx yeah, but the biggest WTF for me is the clear text channel used.
@rysiek who do they think they are? Apple?
Simple fix, block the address your machine is connecting to on your router. Boom no more "Telemetry" to that address.
@taek sure. How does that affect updates? Are the IP addresses the same? Will it potentially fsck with automatic updates?..
This is not a solution.
Well, it shouldn't affect updates or IP addresses at all, since you're blocking the hostname not the IP address.
@taek ah, ok. Well, that requires DPI on the router, though.
pfSense and Untangle shouldn't have a problem doing it. If you have a SOHO (cheap wifi/router/switch combo), it probably wont do it. Some do though.
@taek yeah, question is how many other hostnames do I have to block to stop leaking this kind of info.
Ugh, or I could move people off of Windows. Fun fact, slowly this is happening.
That's a very good question, the answer is, I don't freakin know, could be thousands!
@dvn yeah, posted the same image today, in a different context. ;)
This is Microsoft you're talking about. There is no level of incompetence or amorality to which they will not sink.
@rysiek i hope someone made a mistake somewhere with this
@szbalint doubt it. The paste is mine, observed in our own infra.
@rysiek hahaha you can't make this shit up
Even a geek can't stop it entirely during install on a business pc. The only 100% cure is to cfg the router I suppose.
For a friend I'd... <screech!> ... well, I wouldn't let a friend use the thing or any ms code.
20 years ago I told everyone if they wouldn't use gnu/linux or bsd they could find another someone to help them. Lost exactly zero friends, but lost a lot of probs
20 years ago i hoped everyone would be using *nix. Today they are!
Everywhere but the desktop :-(
Websites are linux or bsd. Same for cell phones. Every top 100 super computer is linux. Alarms and control. Routers and other embedded systems...
At least the servers at work are linux.
@gemlog @scroom @rysiek There are already companies running Linux/BSD only on Desktop too. I have the advantage of owning the company and we run 3 busniess areas. All jobs are done Linux/BSD only. Mobile still some IOS stuff, but willing and more than happy to buy Librem 5 if they make it to the market. Actually there is only FOSS Software used on Desktop/Servers, changed VMWare to Promox too and it looks like its working out as expected.
@kmj @scroom @rysiek
I work only a few hours a day at just one place now, but I used to do IT for a bunch of places with 10-20 pc's. I mostly had everyone on linux eventually. 1) kill IE and give everyone FF 2) give everyone Ooffice (no libreoffice yet) 3) tbird for email 4) install linux and no one notices ;-)
1 mgr was a hold-out for msw. I took a screenshot, gave him the same wallpaper and put all his icons in the same place. He didn't notice ;-)
@gemlog @scroom @rysiek I do think, replacing Office with Open/LibreOffice and handling E-Mails with Thunderbird is the key to success. After that non-techie people don't care which OS they run on. Add DigiKam, Riot, Mastodon, and other stuff and they will be happy. Except brainwashed ones, angry they must learn something new. :-)
Also, in the workplace you don't have to contend with games not working, which ties many ppl to windows at home.
Long ago I realized no on actually *needed* java on their winpc. So I took it off everywhere. PITA to update all the time. 1 secretary complained: games wouldn't work ;-)
Phones are another matter. apple fan boiz and gurlz. Same for (back in the day) blackberry fans.
@gemlog @scroom @rysiek in regards of phones I have to state, that IOS is running here too. I tried one Samsung Tablet, running Android 6/7, but this is unusable for Business Phones/Tablet. I tried to set it up without Google, Fdroid only. Was partially possible, but in background things are still running, trying to call home. Firewall without root only tries to block outoing and don't start from time to time, so things can call home again. Librem5 hopefully clears this for us.
@kmj @scroom @rysiek My own government frustrates me.
Our large school district was managed with gpl s/w coded by a local. It was on e.g. freshmeat and used in a few other places in our province and in random places over the world. 1 day someone had lunch with someone and the govt mandated everyone buy microsoft!
Also, forced to use msw by pharmacare & bc med (govt) at my current employ. It's damn frustrating frankly.
@gemlog @scroom @rysiek time is on FOSS side, but for sure if marketing budget comes in, somebody wiill heavily try to let people run stuff they sale. Interesting side is that more and more Administrators knowing what they do are showing up. These educated guys will replace the clicki-clicki guys. If Amins know what they do, they love setting things up in Linux/BSD. The ones only know where they clicked, without idea why its working now, will be step by step replaces with OS Upgrades. :-)
@kmj @scroom @rysiek Seen it the other way tho. At one of the larger places i did with ~100 staff they interviewed several local IT firms to take over from me. I gave them network diagrams and docs. I explained how DRBD etc worked and they had a lot of custom scripts to automate projects and field work.
Within 3 months they nuked it all, and msw'd the place. Also, I gave them the db and public_html to host in my stead. Hacked and defaced in a week.
Even 25 yrs out I rejoice seeing linux on a pc.
@gemlog @scroom @rysiek i still think it will change. to much of these excel-sheet managers out there and they all have the companies leaned to the max. only thing the spare more money and hide their problem to run a company the serious way, is to reduce software costs with FOSS. i am sure this will happen soon.
@rysiek @gemlog @scroom i agree with your not fired and upfron costs statement mostly. For me there are leaders, taking responsibility for their actions and Lemmings trying to protect their job without looking for the best for the company. Lemmings in meetings defends themselfs with "I bought what all others bought too, so I am not the one responsible." . Additionally, they throw out companies money to fullyfy their idea to defend their job as much as possible.
It does happen that people who blindly buy into oracle, ibm, microsoft et al. are extremely unlikely to be reading this thread -- or any other about computers.
They are programmed by the advertising and the culture that arose from it. They don't seek information on a topic they are largely uninterested in other than a pay-cheque.
I don't dispute the things you say many folks do. But calling them lemmings, whether they'll ever read it or not, doesn't move the conversation forward. How do we change the behaviors? How do we make F(L)OSS more appealing to them, or visible at all?
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!