Today one of my regular computer ministry clients called to tell me his computer updated to Win10 without his permission. He called to ask how he could get Win7 back. Aside from going on there with a Win7 install DVD, there was nothing I could do because Win10 locked him out of the process for restoring the previous OS and won’t let him even go online. He’s calling the vendor for now to see if they’ll help him.
In any other business, this would be a criminal act. I assure you that nothing and no one is going to make Microsoft back off. They are going to ram this thing down people’s throats, and louder the complaints get, the more nasty MS acts.
Here’s what I can do for you: How to minimize the worst of MS spying on you. They have a page on how to reduce the new spying stuff recently foisted on Win7 and Win8 users, too.
I give up. If you are running Vista or earlier, I can help you. There is a group working to keep XP alive, but it will require you do some reading and make sure you understand how it works. It’s at RyanVM Forums. There is even some work on Win2K at RyanVM and here. I trust the sites; I can’t vouch for the information, but the sites are not dangerous in themselves.
For myself, I keep a WinXP virtual machine running on my Linux laptops, plus I run Wine so I can use Notepad++ and Word 2000 (grammar checking on Linux word processors is a sad joke). I’m still giving away my two free ebooks on installing and using Debian 8 (one and two). I am always willing to help you by answering questions and giving you advice on things until you become familiar and comfortable with Debian or any other type of Linux I know about.
Other than, I suspect my computer ministry is about to slow waaaaaay down.
God morning! Come on in and have a cup of your favorite liquid stimulant while we chat.
It’s hot outside these days, but we got a slight break in the temperatures. This allowed me to leave a little later in the morning for a ride around Draper Lake yesterday. It also allowed me to catch a few shots that were previously the wrong sun angle.
There are no natural lakes in Oklahoma. I got my story backwards about the relationship between the Atoka and Draper reservoirs. The surface water in southeastern Oklahoma is far more reliable than other parts of the state, and selling water rights there is a major source of income. Oklahoma City bought and built Atoka Reservoir down below McAlester in the 1950s. Draper came in the early 1960s, in large part as a place to hold Atoka water closer to the city. So back in that time frame a 60-inch pipe (1.5m) was laid cross-country about 100 miles between the two with a half-dozen pump stations to push the water uphill (Oklahoma elevation peaks in the Panhandle and runs down to the southeastern corner). The pipes and pumps were refurbished a few years ago which cut off the main filler to Draper. It’s back up now and I got this picture of the sections from that massive pipeline.
There was a brief period we lived in Salem, Oregon. It was a dreary existence and one of the temporary jobs I found was working to help bury the electric lines owned by the local utility. As a grunt who mostly wielded a shovel, jumping in and out of the trenches made by the full-time equipment operator, I never quite learned as much as I really would have liked about the business itself. The “line gods” wouldn’t tell me much because union policy forbade it. I know even less about the requirements for transmission and distribution of power, and I can’t explain why this massive substation stands out next to Draper. But you can hear the darn thing humming up on Draper Lake Drive a quarter-mile away.
I mentioned previously that my family moved to some rural property on Post Road. My last day there was some forty years ago. This camera was pointed NNE, so the road is on the west side of the ten-acre almost-square plot of land. What you can see of it today bears little resemblance to what we saw back then. That massive cottonwood tree in the lowest part next to the road and near the end of the driveway there was the shade for our mobile home late in the day, as the house was parallel to the road. Our sewage lateral lines ran between the road and the trailer, and the tank was just off the current driveway. I’m willing to bet all that stuff is still in the ground. Meanwhile, the fancy house sits up where we had our pigpen. O, the sun shines bright on my old Post Road home…
It’s even hotter in the virtual world. Win10 is making lots of noise. Of all the various criticism I’ve seen, this list is the best and briefest outline of the worst features. I found it on Bruce Schneier’s blog; the author actually read through the user’s terms and conditions.
- By default, Windows will upload to its servers the user’s web browser history, favorites, open websites, saved apps, mobile hotspot, and Wi-Fi network names & passwords.
- Windows will generate a unique advertising ID for each user on a device. This advertising ID can be passed on to third parties, such as app developers and advertising networks for profiling purposes.
- The BitLocker recovery key for the user’s encrypted device will also be automatically “backed up” online in the Microsoft OneDrive account.
- Windows will routinely collect information “from you and your devices,” including “app use data” and “data about the networks you connect to.”
- The Windows Siri-style personal assistant (Cortana) will routinely collect device location, calendar data, apps used, email and text message data, phone call history, contacts and how often you interact with them on your device, music preferences, alarm settings, whether the lock screen is on, products viewed and purchased, browser history, and more.
Perhaps most worryingly is that, even if you decide that this is unacceptable and steer clear from MS, Windows is still the default OS in >90% of desktop computers bought off the shelf. Chances are that everything listed above will happen whenever your lawyer drafts a letter about your divorce case, whenever your doctor types your blood test results into a MS Office spreadsheet, whenever your hospital processes your CAT scan images, whenever your colleagues type up the results of a multi-million dollar R&D project, whenever your accountant processes your payment details…
An additional comment on the thread refers to the MS fingerprint scheme for that unique advertising ID:
MS has come up with the one cookie nobody will be able to clear from their system (because it *is* the system). Disgusting.
I don’t love Linux, but it sucks less with each passing day simply because everything else is getting worse.
In response to an offline query — Folks in general are reluctant to learn about computer security. For all our reliance on computer technology, our society is amazingly ignorant of it. Indeed, you can sense a vast undercurrent of resistance to learning. This is intentional. That is, the folks in government and business don’t want you interested in that stuff.
This is all a part of the elitist attitude that dreads having to handle human freedom of choice. Uniformity is an utter necessity for them, and the best single tool is ignorance. Not just ordinary ignorance due to lack of exposure, but an enforced ignorance from actively hiding the information. The whole point of the Microsoft MVP program, for example, is to create a barrier to ordinary folks. It’s not just hiding stuff behind educational barriers, but intentionally finding ways to make it Byzantine (highly complex or intricate and devious, intended to torture the mind and discourage). The folks who design the system management look for ways to obfuscate, coming up with the most bizarre names and layouts possible to protect their control over user behavior.
Part of this is the fundamental weirdness of geek culture in the first place, but it has a huge amount of corporate psychopathy added in the mix. So while Linux might be a little confusing, it is not intentionally so, just confusing because it’s designed by people who understand the rest of us very poorly. Their “norms” are quirky, to say the least. Some of them are frankly hostile to our ordinariness — to wit, the guy who originally designed Kmail. I’m told by someone who knew him personally that he was spiteful and abusive to us ordinary folks and harbored a strange despite for anyone who wasn’t as much of a genius as himself. Those folks are part of the Open Source community, but they don’t have the social intelligence to dominate in any organized fashion. They understand computers, not people and definitely not organizational politics.
The folks who do manage the projects aren’t quite that obnoxious and they intend for the system to work and don’t want to actively deny access to the inner workings for the most part. So while a certain amount of Windows stuff is within reach, going beyond that requires a concerted effort most people don’t have time to invest in something that changes so frequently. In Linux Land, once you learn something, it isn’t arbitrarily thrown out next year simply to keep you chasing your tail.
Let me reiterate: The folks who design Windows and similar software want your money and your loyalty, but they have no intention of getting it honestly. They are desperately struggling to keep you in the dark and shape your mental habits and typical human weakness to exploit you to the max. It shows up all over the technology market.
Google advertising? They intentionally took over the market; it was an evil plot with the darkest of motives, guided and assisted by several government agencies. They created an atmosphere that is so overwhelming that you cannot escape. They give just a little to scratch an old itch, and take back from you everything not nailed down. So now, when Google Adsense orders you to change your content or lose their support, you can’t afford to argue or you’ll lose the one avenue you have to get your message out.
The system tolerates Linux because they can’t afford to alienate the geeks who make it possible for them to oppress us. Yes, it takes a little time and effort, but if you need the Internet and the means of global instant communications that it offers — I sure need it — then you can either be a mindless slave to the corporate interests and their herding methods, or you can take the initiative to invest a little time on something that will free up your other resources.
Debian Linux is free and runs very well on old computers. It runs pretty well on cheap computers made from junk commodity parts. It can be coaxed into providing just about all the same usages you get from Windows, but you will need to spend some time learning it. I’ve published two recent free books on getting started — Debian 8 for Beginners and More Debian 8 for Beginners. I’m here to help you and what I don’t know I can help you find out. Keep your money and your sanity, too. Go ahead and bug me; I dare you.
On the one hand, I despise most of what passes for Linux advocacy. Most Linux advocates are computer geeks. The computer geek culture is not at all mainstream, and cannot ever be mainstream. Geeks are geeks because they don’t even understand the mainstream. They turn to computers because it’s less confusing for them; computers and other geeks are their friends, and they are on the fringe of society — harmless and useful, but not full participants. I’m not a part of that, though I do understand it fairly well.
There are degrees of this; it’s not a matter of hard, compartmentalization of humanity. There is a much larger part of society for whom computers do matter, and they know far more than the average, but it’s all about how computers serve other needs. Geeks adore their computers as a need in itself. For the rest of us, we need our computers and we need them under our control.
Here’s the fundamental pitch: If you run Linux on your computer, you will retain ultimate control. At the same time, you will find yourself — at best — often on the fringes of mainstream consumer computer usage. That’s the intended result of predatory marketing by corporate fascists. They want control and will use both government force and popular cultural deception to make sure no one questions the utter necessity of giving them all our money.
There are problems enough with the hardware. While the theories have been bandied about for some decades, in recent years people have actually begun using software and techniques to bypass the operating system entirely and gain direct control over the hardware. They can do this because of something call “firmware” — little chunks of software built into the hardware itself, stored in tiny memory registers. It makes stuff run better when the OS doesn’t have to do all the work itself, but can rely on some of the hardware to intelligently interact with the system. Over the past decade there has been a vast increase in hardware that comes with firmware, and the firmware can be hacked. Most hardware manufacturers are egregiously careless, even hatefully stupid at times, in leaving this insecure to hacking.
That is, the same kind of thinking that goes into building operating systems with back doors has infested the whole industry. The manufacturers leave back doors for their own convenience, and sometimes because some other entity pays them to do it, or threatens them if they don’t. It’s hard to be sure, and sometimes it’s several reasons at once. If you use Windows, you already have a massive collection of back doors. The same folks who have poked around and discovered how to write viruses and other malware that bypass user controls have also figured out things like default passwords built into your home internet router, or other bits of commodity hardware. The difference between an independent criminal hacker and a government hacker is that the latter have more and better access to the secrets and are more likely to hurt you with it.
Running something like CentOS isn’t a total solution, but it does make things much more difficult for all kinds of hackers trying to take control of your system away from you. For one thing, the NSA itself is responsible for some of the security features in CentOS. That’s because CentOS is simply the free version of Red Hat, and NSA uses Red Hat a lot. And because of the way Linux works, the NSA gave back their extra security measures so that the non-government developers could look at those security measures as Open Source software and make it even better. What protects the NSA from hacking is what protects CentOS from hacking.
Furthermore, should our government get around making crazy demands about what you can and cannot run on your private computer, it would be very hard for them say you cannot run CentOS. It’s the free version of Red Hat and fully protected by the company, sponsored as an official extension of their own product. If the NSA wants to keep using Red Hat — they can’t afford not to — they have to allow us ordinary folks to run CentOS. And CentOS is just as secure as the NSA computers, once you take the time to learn a little about it.
One real advantage: CentOS has no hidden back doors, no secret levels of access and control that you don’t know about. The folks who produce CentOS are not secretive at all, and are watched by thousands of others — others all over the world, many of whom despise the US government — to insure it stays safe. In other words, we can take advantage of the geeky computer culture to gain some pretty serious computer security for ourselves. About as much as a human can trust anything at all in this world, we can trust the Linux community in general and CentOS in particular when it comes to security and keeping control in the user’s hands.
Did you know that Windows has two levels of permission above the owner of the computer? One level is for software companies that pay for a Microsoft developers’ license, and then there’s another level above that for Microsoft’s own controls. Not even the best third-party security software can prevent MS from wiping their OS from your system, or making any changes they like while it runs, to include giving the same access to anyone they like. With CentOS, there is no way that can happen. If you have the root password, nobody can interfere with your control of the system. There is no higher authority. There will always be a few ways around that, but those ways are considered security bugs to be fixed when anyone finds out (fixed and updated right away, not just once a month). In other words, hacking into a CentOS system that is running the default configuration out of the box will be very difficult, and most of the uber-hackers in crime and government won’t even try it.
Yes, if you’ve allowed yourself to be pampered by the convenience of Windows with all the entertainment and ease of use, it will be a hard move. There are things you have to do in making that change that aren’t exactly simple, but once you do it, and you get used to how it all works, it makes you a very hard target for anyone who hasn’t got their hands on your computer.
I will even go so far as to tell you the Debian is far better, but also far more complicated for the user. It’s a lot more learning and probably not quite as secure as CentOS. Part of what makes CentOS so secure is that, beyond a certain level of common workstation operations, it is very hard to make changes in how things work. Debian is far more versatile, though again, it’s more complicated from the start. I prefer Debian because I have the time to mess with it and need the extra freedom of choice, but if that isn’t you, and you need heavy-duty security that is pretty simple, then I recommend CentOS.
The title is merely my dark sense of humor: I’m making some necessary adjustments in my computer ministry.
I’ll help you with Win7 and Vista. I’ll give you some limited help with Win8. I’ll help you a lot with running XP in a virtual machine (VM) or even earlier versions of Windows. Lots of really great software won’t run otherwise. However, I will not even investigate running Win10. If you upgrade to that, you are on your own.
After reading the commentary from professional security researchers and real computer technicians, along with published writings of those who keep track of government policy regarding such things, I cannot in good conscience go any farther with Windows. There was a time when Windows was designed to sell your eyeballs to advertisers. You as a Windows user was the product Microsoft sold to their business partners. But over the past few years, the snooping and monitoring have gone too far — way too far. Not just the loss of privacy, but that the snooping now takes priority over any usability. Microsoft is so dedicated to tracking you in every detail that they are willing to break your system in order to promote even more snooping. (Google’s Android is no better.)
I can’t emphasize this enough: I’ve spent a lot of time fixing stuff that MS broke for my clients. Updates are wiping out user profiles and people can’t logon. The typical fixes are simple enough for me, but convoluted processes most users can’t navigate. Further, MS and all her experts cannot even come up with a consistent explanation why it happens. Some machines never see it, but others do it consistently. Some users see it all the time even when they replace the machines with really good hardware. These are people who never run anything atypical, just read the MSM news and check their email — standard mainstream consumer stuff. No malware, no viruses, nothing like that, but their system breaks every freaking time Windows updates.
I’m not the only person convinced it’s due to undetected surveillance crap.
I could go on at length. For example, that damned little application that now runs in the SysTray advertising the free upgrade to Win10 itself keeps crashing and seems to break other stuff. The point is not that I’m unwilling to help you; I cannot.
If you need to know about migrating to Linux/BSD/Unix, I’ll be glad to help you. I don’t recommend Macs, but I know a little about them and you can get a lot of help with those from other sources. But my work with Windows is “terminal” — I can’t go any farther with it. This has nothing to do with being a fanboy, because all operating systems suck. I take no part in the religious fanaticism of the Linux fan clubs. It’s really about protecting you and your actual control of your own computer. I don’t even care about the privacy so much, but the increasing loss of choices, the demand that you lie down for virtual rape by just about any passing hacker, government or otherwise, is more than I can tolerate.
I’m running Debian 8 (amd64) and I’ve tried both SlimJet and SlimBoat in the past on Debian 7, CentOS 6 and 7, and variations of Ubuntu since around 12.04. SlimBoat is based on the older WebKit and Chrome code base, while SlimJet is based on the most recent versions of the same. Both of them, until recently, were plagued with all sorts of stability and installation issues. They used to crash all the time, in part because too much of it had hard-coded version dependencies on common Linux libraries. So while they claimed this or that package was for Debian, it depended on the wrong version and you had to use the generic package. The generic packages were also frequently unstable. I won’t bother to test their Debian-specific package until they figure out how that works, but the generic one works just fine.
My recent testing of SlimJet on Debian 8 (64-bit) seems to be working quite well. It does one thing you won’t get with Chromium or Google Chrome: A simple switch to turn off animations. That feature used to come with Opera and has been standard on Firefox and Seamonkey for quite some time (if often hidden). But now you can get a very quick loading and rendering full-service browser and still shut down those damned animations without having to monkey with fancy scripting or secret incantations.
I could wish for things like a better default adblocker — they still default to AdBlock Plus, which is one of the worst, most compromised and corrupt projects of its type. The new uBlock is available as uBlock Origin and it works much better. It’s pretty simple to use the extension installer that looks and works just like it does on Chrome/Chromium from the Google Chrome Extension Store. Oh, and SlimJet comes with an optional toolbar button for cleaning your browser cache and cookies. Even better, you have the option to block JScript canvas fingerprinting.
So it’s fast, more stable, and has better security options. I think we can take it seriously now. It’s available for Windows, of course.
(This is a draft for one of the chapters.)
Networking with Windows
It’s rather common for computers to share Internet access from within the same living quarters or an office network. If your Debian box is connected to such a network, chances are you share that connection through a machine or device that is, in part at least, what we call a network switch. For example, a typical home router is also a switch, allowing several computers to connect. The computers connected to this switch or router constitute a Local Area Network (LAN). This generally includes any computers connected via wifi to the same switch/router. The point is that you have one device providing all the others with an internal network system, handing out internal IP addresses and so forth.
One of those services typically running on Windows that most people never use and don’t know about is Server Messenger Bus (SMB). Linux knows how to use this protocol, but we call it Samba. In fact, Linux machines can run this service, too, but for now, we’ll focus on using the Samba server already running on Windows machines. That is, you can use your Debian computer to connect to the Windows SMB service with just a little effort, and log into a Windows machine to access the files and maybe even the printer.
This won’t work from Debian by default. We need to add a couple of packages, which will pull in a few dependencies:
Once you have this, you can open up Thunar using the “Home” icon on your desktop. If you have the left pane displaying links, you’ll see an icon labeled “Browse Network.” Click on that and after a second or two you should see a list with at least one item: “Windows Network.” However, if Debian can identify any of the systems on that network, it will list them separately. In Linux Land, we refer to that as the “host name;” whatever it was the person installing decided to name their Windows box. If you click on that, you will probably be asked to log in, so you’ll need an account there with a user name and password.
Once you get past that, you’ll be presented with a list of places you are allowed to browse. You can figure it out from there, but files you are likely to want are under the “User” folder, then in either Public or some account folders. Keep poking around to find what you need. You should have permission to copy or move files between the two systems, and delete or edit files right on the Windows “server” itself.
If you intend using any printers connected to the Windows computer, you’ll need to do the research and find out how to configure Windows to assign share names to the printers. Essentially you dig into the printer properties and select to share it, when you’ll be given a chance to assign a share name. Keep it simple but unique to that printer.
Do the research and find out if that printer is supported by the printer system that runs on Debian (CUPS). Debian 8 comes with a fairly recent list already installed (unless you de-selected the print server during installation). The official list for CUPS itself is here. If Debian doesn’t have the particular driver installed, you can download the latest version from the Open Printer website; look for “directly download PPD” from the page that displays when you select a specific printer model. Then, at the point where you select your driver in the printer setup on Debian, simply opt to load the PPD from wherever you downloaded it.
Next, install two more packages in Debian:
These two will bring in a load of dependencies that mostly allow you to synchronize Windows type permissions on your Debian system. Now, in your main menu, go to System > Print Settings. Select to add a printer, where you’ll need to give your root password. This will open a dialog that includes a left pane showing an option for network printing. Click on this to open a list and at the bottom should appear something about Windows and Samba. Click this to open a new configuration window where you need to fill in the host name of the Windows computer and a user account login details. It should detect one or more printers, whatever is configured for sharing. The rest should be pretty obvious, but the tricky part is selecting the proper driver, as previously noted.
If you simply cannot make this work, there’s no shame in copying files for printing to the Windows computer and printing them from there. We’ve already set up file sharing access. Frankly, Windows drivers tend to work better than CUPS drivers do because the manufacturers make their money on the Windows version.