Trusting Open Source for Production...
-
Another great example... at NTG we were one of the first ten Microsoft Small Business Accounting customers, and the very first to work with SBA and ADP for payroll integration. We used every SBA version from the first to... the last. Microsoft killed it off. It only ever had about three releases. It was a good product, far better than QB which was the only competitor at the time. We invested heavily in it and were "all in" in the Microsoft ecosystem using the products that they recommend and we were left dead in the water with no accounting package.
Not only was this a mainline MS product, it was a core part of the MS Office family. Microsoft most certain kills off products and few could be as high profile and critical from a non-server perspective as killing off the accounting and financial member of their MS Office family! If they were willing to discontinue SBA suddenly, nothing is safe.
-
@BRRABill said:
@scottalanmiller said:
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
Hey that looks just like TC.
Mostly, it is. Some newer encryption options is about the only difference.
-
@travisdh1 said:
@BRRABill said:
@scottalanmiller said:
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
Hey that looks just like TC.
Mostly, it is. Some newer encryption options is about the only difference.
Does it support booting in UEFI based OSes yet?
-
@Dashrender said:
@travisdh1 said:
@BRRABill said:
@scottalanmiller said:
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
Hey that looks just like TC.
Mostly, it is. Some newer encryption options is about the only difference.
Does it support booting in UEFI based OSes yet?
I don't think so, at least not yet. I'm not sure that they are trying to get a UEFI key from Microsoft or not.
-
I think that pretty typically people are using it on data partitions and not on boot ones. Keep all data secured in one place but not worrying about the OS itself.
-
I searched their site but found no reference to UEFI supported or otherwise.
-
I always thought TrueCrypt was for File Level encryption rather than FDE.
-
See in my craziness I like FDE because I'm always worried about what products leave behind.
-
@Jason said:
I always thought TrueCrypt was for File Level encryption rather than FDE.
TC supported FDE Through at least XP if not through 7. But I know it never supported Windows 8/8.1 etc.
-
What timing... Microsoft "pulls a TrueCrypt" with Windows 7. You thought it couldn't happen with Microsoft? It just did.
Remember, it is closed source that allows this to happen. Open Source is protected from this kind of thing.
http://www.forbes.com/sites/gordonkelly/2016/01/02/microsoft-windows-7-problems/
-
@scottalanmiller said:
What timing... Microsoft "pulls a TrueCrypt" with Windows 7. You thought it couldn't happen with Microsoft? It just did.
Remember, it is closed source that allows this to happen. Open Source is protected from this kind of thing.
http://www.forbes.com/sites/gordonkelly/2016/01/02/microsoft-windows-7-problems/
WHAT? I have to call BS @scottalanmiller. They did not pull a TrueCrypt. It's not like this morning we woke up to find a sign on MS.com that said - Windows 7 is not secure/trustable/whatever TC's site said the day the developers decided to get out of that game.
Is MS pushing people - users - to Windows 10, heck yeah they are, and they are shoving hard. But considering Windows XP, and how long it took the majority to move to Windows 7/8/8.1, can you blame them?
And in this situation, you have one similar to Linux - a free path to a new version. There isn't even any cost involved.
Of course that last part - we know that's BS, there's cost involved. Your time, internet bandwidth, your failout plan, etc... these things aren't free, even if they don't cost you dollars from your wallet, they cost you in other ways.
I'm guessing that OS X users in very high numbers upgrade to the latest version of OS X shortly after it comes out, otherwise I'm guessing Apple would find some way to force them to move or remain unsupported to minimize their support requirements.
Look at the number of Android 2.x devices that are still out in the world that will NEVER be updated, yet are vulnerable to attack. It's basically another platform akin to Windows XP non SP, or SP1 that just became virus spewing monsters
Yes we as a society are being shoved forward, but frankly I don't have an issue with this.
-
@Dashrender said:
WHAT? I have to call BS @scottalanmiller. They did not pull a TrueCrypt. It's not like this morning we woke up to find a sign on MS.com that said - Windows 7 is not secure/trustable/whatever TC's site said the day the developers decided to get out of that game.
What TC did was make crazy claims that their software was insecure in the hopes that people would move to a different product (we don't know who encouraged them to do this or what their agenda was but it was totally obvious what happened) based on a lack of adequate ongoing code updates for things that had not yet been discovered.
That's exactly what MS did here, right? Exactly. Except that in the MS case we know which product they are doing this to promote rather than having to guess.
TC was not insecure. Nor is Windows 7. In both cases, the vendors claimed that they were vulnerable due to a lack of future patches or updates or technologies for issues not yet arisen.
I see them as completely the same. In what way to they differ other than the trivial fact that MS has to provide "support" but that is very limited and does not cover most security concerns and that TC fell to public domain and was able to be supported and the entire concern bypassed? That makes TC the lesser of the two problems here, in reality.
-
@Dashrender said:
Is MS pushing people - users - to Windows 10, heck yeah they are, and they are shoving hard. But considering Windows XP, and how long it took the majority to move to Windows 7/8/8.1, can you blame them?
Is that any different than TC? We don't know what product they were pushing people to, but clearly they were hoping that their customers would go somewhere.
-
A major difference is that MS is giving you a place to go, and that place is free. TC didn't even make a suggestion, instead they just said that the code might be unsafe, and they up and slip in a second!
MS put the word out (though frankly not good enough in my mind) that the end of security updates was coming for Windows XP, yet people didn't move away - at least not quickly.
The move to Windows 10 looks to be more like a move to iOS - assuming your hardware will support it, you'll get updates forever.
Which brings to mind - how does Apple handle iPhone Gen 1 products? Can you update to iOS 9? I recently read that there is or might be a lawsuit against Apple claiming that Apple intensionally puts in code to make iOS 9 run slower on older hardware to hopefully force people to buy new hardware - is this true?
I'm not sure about you, or the other readers here, but I'm a bit afraid of old hardware staying online, being yet another device that can be powned and used as an attacker on the web.
Short of moving to a subscription based solution, I'm not sure how we solve this problem. I can't imagine that people want to be forced into a hardware refresh requirement though subscription fees and of course new hardware will come with the latest and greatest software - but hell, it's happening with O365, and streaming music, etc. As a society we are moving away from owning things and moving toward a rental type setup. Sure there are many things that you still buy (Scott's million and one games, and movies on Vudu, etc) but renting seems to be the wave of the future.
Though with rentals - if the musicians and their publishers are to be believed, the creators barely make anything on these deals. So who knows.
-
@Dashrender said:
A major difference is that MS is giving you a place to go, and that place is free. TC didn't even make a suggestion, instead they just said that the code might be unsafe, and they up and slip in a second!
But there were places to go, including free ones and including their own code which was then maintained by others. It seems a pretty trivial difference to use "they told us the alternative" as the difference in the behaviour.
-
@Dashrender said:
MS put the word out (though frankly not good enough in my mind) that the end of security updates was coming for Windows XP, yet people didn't move away - at least not quickly.
And that's all that TC did, too. Just a bit more dramatically acting like the end of official updates was a big deal when, in fact, it was not, because updated ended up still coming and an audit showed no update was needed.
I don't see how the history behind XP is relevant. That their warnings went unheeded is a different issue. This is about calling something currently well maintained "insecure" based on a theoretical, future loss of support.
-
@Dashrender said:
Which brings to mind - how does Apple handle iPhone Gen 1 products? Can you update to iOS 9? I recently read that there is or might be a lawsuit against Apple claiming that Apple intensionally puts in code to make iOS 9 run slower on older hardware to hopefully force people to buy new hardware - is this true?
Gen 1 stops around iOS 5 or 6. I know you can't install 7. It's not slow, it just doesn't even install. Can't remember if it was 5 or 6 which was the last version, but pretty sure it was actually 5. They stopped updating a long time ago.
OS vendors have made OSes bloated in the closed source space for a very long time as an incentive to sell new hardware. That's been a standard tactic. It doesn't require anything special, just no effort to clean up and be really efficient. It's a dangerous tactic that left closed source OSes dangerously exposed to leaner open source options.
This is why people feel like each version of Windows must be slower than the one before even though every OS since Windows 7 has been faster than the one before. Microsoft had to chance tack and work like Linux getting more efficient with each release rather than less. But from Windows 1 through Windows ME and Windows NT 3.1 through Windows Vista, each version had always gotten slower.
-
@scottalanmiller said:
@Dashrender said:
Which brings to mind - how does Apple handle iPhone Gen 1 products? Can you update to iOS 9? I recently read that there is or might be a lawsuit against Apple claiming that Apple intensionally puts in code to make iOS 9 run slower on older hardware to hopefully force people to buy new hardware - is this true?
Gen 1 stops around iOS 5 or 6. I know you can't install 7. It's not slow, it just doesn't even install. Can't remember if it was 5 or 6 which was the last version, but pretty sure it was actually 5. They stopped updating a long time ago.
OS vendors have made OSes bloated in the closed source space for a very long time as an incentive to sell new hardware. That's been a standard tactic. It doesn't require anything special, just no effort to clean up and be really efficient. It's a dangerous tactic that left closed source OSes dangerously exposed to leaner open source options.
This is why people feel like each version of Windows must be slower than the one before even though every OS since Windows 7 has been faster than the one before. Microsoft had to chance tack and work like Linux getting more efficient with each release rather than less. But from Windows 1 through Windows ME and Windows NT 3.1 through Windows Vista, each version had always gotten slower.
OK didn't know Gen 1 iPhones lost support so long ago.
Well, maybe the people looking to sue Apple were talking about iPhone 5 (any variant that supports iOS 9)
Yeah - I know that every version of Windows since Win7 has been faster than the one before - though I don't know if MS has really had people freaking out about new hardware just because of a new OS (though these ads/BS campaigns make you think they do).
Of course with Windows 10, some of the newer features require new hardware - Windows Hello. I want to use Windows Hello, but only with a finger print reader, not that stupid iris scanner!
-
@Dashrender you'd be shocked how many IT Professionals use the term "new OS version" as a synonym for "slower". You can say the words "each new release is faster" and they will say "yes, but it is a new release, so it needs more hardware."
Um, no. It needs less. "But, but... the OS is newer!"
It's become completely common for IT people to confuse "newer" with "slower". But, as always, only Windows folks.
-
@scottalanmiller said:
@Dashrender you'd be shocked how many IT Professionals use the term "new OS version" as a synonym for "slower". You can say the words "each new release is faster" and they will say "yes, but it is a new release, so it needs more hardware."
Um, no. It needs less. "But, but... the OS is newer!"
It's become completely common for IT people to confuse "newer" with "slower". But, as always, only Windows folks.
yeah, sadly that stereotype is still haunting MS from uniformed techies.
