Separating a pocket of space-time from itself, then moving that. Which would also effect inertia.
I suspect that moving space-time around itself would introduce totally different shearing effects but maybe those could be mitigated using special non-physical(or physical) geometry, like aerodynamics but for space-time.
I can't agree with this more.
A client straight up failed a PCI compliance audit, replete with daily fines, for using 10 Enterprise. They decided to pursue legal measures against MS for false claims.
I really hope this gets elevated because reverting to win 7 is a solution with a short life span. The other solution is to rebuild infrastructure on top of a different platform but that's prohibitively expensive.
> The other solution is to rebuild infrastructure on top of a different platform but that's prohibitively expensive.
The more Microsoft degrades their viability for enterprise computing, the more market pressure will build (I think) for a different platform infrastructure.
If / when the market reaches that tipping point, the schadenfreude will be overwhelming.
To preface to avoid what might otherwise seem like a bias toward defending use of Windows: I'm a free software activist, a GNU maintainer, and do extensive volunteer work for GNU and the FSF.
It's not fair blame. Many companies simply go for what works and throw money at the problem. Windows historically has excellent support from a large number of third parties.
The other problem is third-party software. I work for an insurance company. The system that they use for managing everything---policies, accounting, brokers, etc---is tied to Windows. This is a specialized program---there are only a few of them that exist, and none as sophisticated as the one this company uses. This system has been responsible for not only tying the office to Windows, but holding us back from upgrading---for the longest time we couldn't even get off of IE6 because it didn't support anything higher.
I'm able to do 99% of my work within a GNU/Linux VM. But on rare occasion, I need to use that system, and it requires Windows. Everyone else in the office---the majority of the company---requires Windows. This is a system that the company has invested many millions of dollars into.
So while we can do our best to inform others, perhaps before they make these critical business decisions, it ultimately comes down to practicality for most businesses. Yes, they may pay for it. Yes, they're taken advantage of, have issues with vendor lockin, etc, but unless you travel upstream and liberate those systems or provide suitable replacements _that the business is confident will have support for years to come_, there's not much to do.
I'm not defending the situation; it's terrible. But sympathy _should_ be had, because there's much to lament, and much room to help.
> Many companies simply go for what works and throw money at the problem
So they went with the easiest option and now they are locked in due to lack of forward planning. Their own short term planning is to blame.
With the third party software you mentioned, how long have the relied on it and have they don't absolutely anything to mitigate this reliance? My guess is that they've done nothing or worse, written a bunch of integration points on top of the software that makes it even harder to replace.
One day the company providing that software will jack up the price and you'll be forced to pay it. Again I'll have no sympathy because the company has done nothing to unlock themselves.
Heaps of server side tools are truly cross platform, but I was talking about avoiding proprietary platforms in the first place, which means no windows, or at least no windows tech that doesn't conform to open standards.
Typically business will build there own software on top of MS (or oracle, or <insert cloud platform>) tech as well, locking them in further to several years of "investment".
Yes, Mozilla and FSF in particular. They don't try to gouge me with new versions or price discrimination either, unlike "oh you need the pro version for that" windows.
Wait, why was your client running a desktop OS in-scope?
Every PCI zone I've seen is just servers (Windows Server and Linux). Does the client store card data on desktop machines?
Generally, you'll have a locked-down portion of your infrastructure be PCI-compliant, and that's the only place card data is stored or entered. That reduces your scope and costs.
MS Support consistently and repeatedly told me that enterprise allowed me to disable this stuff.
If I can't control the egress then I can't verify PCI compliance. I've already had to revert a client to Win 7 because they failed a PCI compliance audit using Win 10 Enterprise. Which, by the way, is very expensive for small businesses.
Win 10 Enterprise isn't viable for business.
I have a bunch of small business clients and I've had to use a whitelist firewall to pass PCI compliance, someone said here that a whitelist firewall is borderline unusable.
I've sunk so much time into that solution and I can attest, it's not viable.
It's kind of interesting, is it common for you to have Win10 systems in scope for PCI compliance?
It seems unusual to me if any desktop systems are anywhere close to card data, IMHO usually you'd have in scope only a bunch of servers (so, Linux or Windows Server for normal businesses who don't have a reason to wrestle mainframes) in an isolated network, but most of company computers including all the user desktops shouldn't have a way to touch in-scope data or systems in any way whatsoever, so if they're properly isolated (as they should be anyway) they would be out of scope for most of PCI DSS requirements.
Wouldn't call centers for online retailers need compliant desktops? How do they deal with customers who prefer to call an agent and read their card number over the phone?
I wouldn't assume these sort of desktops would even run windows at all.
A large BestBuy-like place here in Argentina has their sales terminals boot over PXE into some form of *nix straight to the sales systems with no real internet.
A bank nearby boots the account executive's systems right into KDE, on some pretty locked machines.
Windows 10 in any of those scenarios would be a laugh, I can't even being to think why someone would pick it for anything that requires security audits.
Its depressingly popular in the US for small & mid-size retailers and businesses. NCR, Loc, IT Retail, et all are built for Windows, and in the pharmacy arena you've got major companies like CVS using stuff from companies like Integra (not the telecom company, the pharmacy one) that thinks moving to SQL Server 2008 and C# with a full rewrite is the route to go for their major PCI compliant products.
It confounds me that locking yourself into a shrinking platform is what these players choose to do. Walmart doesn't use Windows in PCI related situations, nor do the big boys, all are on SLES running a POS atop that.
If your gonna do a rewrite, why lock yourself into one OS and into one database? Database connectors are a thing, and they aren't hard to use...
In all fairness, writing in C# and targeting SQL Server is not locking you into Windows unless you use WPF or other Windows specific parts of the framework.
Sure, you can technically run C# on a Linux box (eg: Debian), but the last few times I had to (to interface with some point of sale hardware) I literally ended up just rewriting the driver in python. No desire to maintain something so foreign to the rest of the codebase when python can handle serial devices just fine.
Wrt not using a database connector, just why? Your literally locking yourself to the SQL Server licensing model, which blows up when you allow BYOD on every android phone, and they're all connecting back to your SQL server. Postgres and MariaDB meanwhile have no issues. Let alone if you hit the 10GB DB size cap, or need more than 1 cpu core or 1GB of ram to cache your database.
Are you aware that .netcore natively runs on a variety of systems now?
If you make your systems such that you are dependent on SQL Server and cannot switch it to something else, then it's just a shame, but don't blame SQL Server for that. Besides, unless you have massive performance requirements, it should be behind an API anyway. It doesn't take much to code, and it increases modularity a lot.
Not sure why you're getting downvoted. We use .net core together with SQL Server on Linux boxes in production, no issues whatsoever and we can finally use a programming language which is actually pleasurable to code in.
Retailer customer service people generally do not need compliant desktops, because the systems they can access should not be storing protected data - maybe it would contain masked PAN i.e. the last four digits, but definitely nothing more.
For phone authorizations (if they are used - it may be a regional thing as most smaller online retailers here won't do it at all, banks really frown on merchants who do so because of risks and make it really expensive), generally the agent would use a similar interface as an online customer (encrypted channel, yadda yadda), and the card information would not be stored anywhere on that machine. Whether all kinds of PCI DSS security requirements would apply to these workstations is debatable, your mileage may vary, I've seen them considered out of scope - but in that case it wasn't really a call center for taking transactions but a support call center that might also handle a phone authorization in rare cases.
In any case, for a call center the biggest PCI compliance problem IMHO is handling the sensitive data in call recordings.
Use LTSB. Microsoft tries to scare you into not using it because it doesn't support the Windows store or Edge or have telemetry or any of that fun stuff.
But they keep coming out with respins of it to otherwise keep feature parity with CB Enterprise. A 2017 LTSB based on 1703 should be out soon.
I went through the same thing last year. I spent two months trying to plug all the holes in the enterprise version, for a medium sized healthcare client, and eventually gave up.
The LTSB edition looks promising but I haven't put it under the microscope yet.
I'm not sure if it's comedic or tragic that the version so very many users would want most, is not only the version with the worst name, but also the version Microsoft discourages people from adopting.
Critical patch support, infrequent updates, and excludes crufty bloatware. What's not to like?
but also the version Microsoft discourages people from adopting.
Not surprising, because MS wants to push all the features (and ads, telemetry, etc.) to users regardless of whether they actually want them.
Indeed I wish MS would just keep supporting XP as the "Windows LTSB" with nothing but critical security patches, and keep doing it until the OS becomes nearly invulnerable to remote attacks.
> Indeed I wish MS would just keep supporting XP as the "Windows LTSB" with nothing but critical security patches, and keep doing it until the OS becomes nearly invulnerable to remote attacks.
I lol'd. You'd probably be pretty safe with Windows 3.11, Trumpet Winsock, and Netscape Navigator.
edit:
so long as nobody got your public IP and used Winnuke on you.
I think this is what the ReactOS project will eventually become (which to me would be a great thing). They just released v0.45, if you haven't seen it yet.
Yes. Every software which runs on Windows 10 Home or Pro, will also run on Windows 10 LTSB, as long as they don't depend on Windows Store, Cortana, or Edge browser.
Microsoft offers 90-days evaluation ISOs of Windows 10 Enterprise and LTSB [1]. Just be sure to select "Windows 10 Enterprise LTSB" instead of "Windows 10 Enterprise" when downloading [2].
I am person who runs LTSB used for coding/rce/gaming. Everything runs without a glitch after initial setup. At start we indeed have to do some stupid things as restoring windows photo viewer because images open with paint, but its way better than what "full" version offers.
I'm curious what was the biggest issue with whitelisting. Was it about making sure services work, or about standard users' daily work? Did you try to comply on everything, or just have a PCI compliant zone?
Also, do you remember what was the specific reason for failing the audit? This all sounds interesting since you've gone though that experience.
All of the first-party connections seem to have proper DNS names, even on CDN (microsoft.com, microsoft.com.akadns.net). The ad networks are obvious third party that could be dropped. I mean, there could be more stuff I didn't see, but from the screenshots, dns blackholing seems viable.
DNS blackholing is playing whack-a-mole. I can blackhole scontent.xx.fbcdn.net today, and I have no assurance or confidence that they won't use scontent.xx.fbcdn2.net tomorrow.
DNS/FW whitelist is the only way to have even a little confidence that egress is controlled at this point.
>MS Support consistently and repeatedly told me that enterprise allowed me to disable this stuff. If I can't control the egress then I can't verify PCI compliance.
Not that this is necessarily the best solution, but these sound like damages to me.
Or better, if you're worried about PCI compliance - start with a minimal system and whitelist specific packages that do not call home. Does that computer actually need all that software that comes with a default install? (Most likely not)
I don't think they do it on purpose. I think Windows is just a patchwork of cruft at this point.
I'm sure the Enterprise version shares all the code with the non Enterprise versions which have all the spying ... analytics... enabled, so bugs are bound to happen that let this escape into the Enterprise version.
Whether it's incompetence or malice, it's wholly unprofessional.
My confidence was already shaken with MS through their entire Win 10 Campaign and it's now completely gone. Their paid support services are hit and miss and if I'm going to end up supporting things that my client is paying MS to support then they're out and my client gets a smaller TCO overall.
I'll have to work with some of them so their business remain viable during the transition but I'm willing to do that. Their growth is our growth. Payment plans, trade, whatever we can come up with to make this happen.
For every one thing MS has done, loudly, in the attempt to instill trust they've done 5 things, quietly, that harm it. There are too many viable platforms available and if money is the only obstacle then I'll mitigate that for our clients benefit.
Agreed. Their forced Windows 10 upgrade "mistake" and my experience last year trying to plug all the holes in enterprise just to watch them re-install Candy Crush Saga with the next update vaporized any confidence or trust I had.
I've always been an MS person but am running Ubuntu on all of my devices now. I feel it hurts my productivity as lots of things I did in Windows just don't work in Ubuntu, but it's better than the alternative. I have a Windows 10 VM that I use every once in a while for those things that are completely impossible on Ubuntu.
I switched about 10 years ago. Before that I was windows 100% on desktop. I had similar issues at first but gradually became pretty comfortable with Ubuntu and Linux in general. Some things are more of a pain and may always be in Linux but overall the experience for me has been that things have been getting easier with time. I think that for better or worse as more applications move to the web the change will be easier and easier. What are some examples of things that are hurting your productivity?
Canonical did some stuff that upset a lot of people with sending search results through Amazon but that could be opted out of much easier than all this windows 10 stuff. I have also read that they don't contribute to the kernel as much as some think they ought to. And they have a tendency to fiddle with their UIs endlessly (I use xubuntu which is based on XFCE and avoids a lot that bikeshed renovation). Are there other reasons not to trust canonical?
I don't mean to pry with either question just generally curious.
I don't mind the questions at all. I hope you didn't want the TL;DR version.
Some of my pain points. Many probably have solutions, but I'm stuck between spending time dealing with it the way it is, and spending time finding a solution. These are not in any particular order:
1. Serial communication(terminal, for interfacing with console ports). I tried a few programs that didn't really work right away, and settled on Putty as that's what I used in windows. Except Putty under Ubuntu has no menu bar -- just an X to close it, and I can't copy or paste anything in or out of it. I also have to run it as root to access /dev/ttyUSB0 (I know I think there is a setting for this, just hasn't been important enough to spend the time looking). The copy/paste is the most annoying part.
2. Office(Outlook in particular) -- I tried a few options, even found a plugin for Thunderbird that would let me connect to an exchange server, but it just never quite worked right. I've adapted and am using OWA now, but I feel like it slows me down. I haven't yet been able to get Office >2007 running under Wine (not saying that I can't, just time vs benefit)
3. Google Earth Pro - I used this almost daily. I finally got it running under wine, but it's an older version, and many features don't work, such as searching by address. And any time it's running it leaves a shadow on the bottom of my screen, on top of all other applications.
4. Right-click shell interaction with 7-zip. Ubuntu's archive manager just doesn't seem to work right sometimes. I really miss right click > extract to ... or Extract all to (asterisk)\
5. PUTTING AN ISO ON A USB DRIVE. This is one of the more shocking ones and is something I can't even use the Windows 10 VM for because I'm not able to get USB passthrough working. Something as simple as firing up Unetbootin or Rufus and plopping an ISO on to a USB drive is nearly impossible on Ubuntu. I have Unetbootin, but have yet to get it to work. Haven't found Rufus yet for Linux/Ubuntu.
6. Network manager. It's always crashing and it never does what I want. Sometimes I just want to set a f*cking IP address on an interface and don't want to jump through 15 hoops. I might need to set addresses in 20 different networks in a single day. If I do it with ifconfig, the network manager "fixes" it for me. I have seriously resulted to using "sudo watch -n .2 ifconfig eno1 192.168.1.5 netmask 255.255.255.0" to set and keep an address on an interface.
Sometimes when it crashes and refuses to scan wifi networks(or 4g networks) I can just sudo service network manager restart, other times it takes a complete reboot.
7. I get random errors that pop up all the time "A system error has been detected, would you like to send a report to Ubuntu? With the default set to yes" -- never bothered to look for the error and it doesn't seem to coincide with any behavior I've seen.
8. RDP -- Remmina is pretty close to good enough, but sometimes I find copy/paste doesn't work, and the VNC function seems to have some compatibility issues.
9. CD/DVD Writing -- a problem solved long ago in Windows still gives me headaches in Ubuntu. System stutter will toast a disc, if I can even get it to burn at all.
10. Lock screen issues(not really productivity related...) Sometimes I will lock the desktop and close the screen(I don't often use standby) -- and open it back up and can use the desktop for 10-20 secs without entering a password. Then, as if it forgot, it will toss the locked screen up there and make me unlock it.
11. Task switcher grouping. I wish there was a way to turn this off without using the static application switcher. I alt-tab A LOT and don't like the delay I have to take in order to switch windows in a single application. To be fair, I hate the newer Windows behavior also that regroups windows in alphabetical order after the top few.
12. There's always some vendor rabbit hole that I get sucked into that would be easier to deal with on Windows. Maybe Dell packaged a bios update in a .exe file that can't be extracted without a Windows box(yes probably with Wine, but how much time am I going to spend getting that .exe to run?). Or some SAN management application, and don't even get me started on Java and Cisco's SDM, or some special VPN program I have to use to access a client's network that doesn't have a functional linux version, etc...
Those are the ones at the top of my head. I realize most can probably be solved with some time spent, but I'm still not yet nimble enough in linux to effectively compile/recompile things without following a step-by-step somewhere, and then when I do that, I'm left to my own devices to keep it updated, something I'd rather not spend cycles doing.
I'm running 16.04 LTS on a Latitude E7250 laptop. Chrome(not Chromium) is my main browser. There are tons of things that Ubuntu handles very well, and I paid nothing for it, so I can't complain much. One of the big complaint's I've heard about linux vs windows on laptops is battery life -- but I'm happy with what I get. Depending on what I'm doing, it will last anywhere from 2 to 12 hours. Standby and resume work well, though sometimes it seems that it shuts down instead of standby(though I haven't ruled out fat-finger in these cases), and all in all I think they've come a long way to making a usable OS for someone like me that's been using Windows since 3.0(though I'm quite comfortable on a command line).
As for the trust, it's mostly because I know TINSTAFL, and as it's free, I wonder where Canonical's interests are. The constant pestering to send error reports to Canonical are reminiscent of Windows trying to upload my crashdumps to MS. Whether or not these are memory dumps, I don't know, but to me Error report is often =Crashdump=memory dump= whatever info was in memory at that time is fired off to who knows where into an environment with unknown security.
Network manager pissed me off so much that I stopped using it. I recommend just shutting it off. All it seems to do is run the bash commands for you. Might as well just run them yourself.
Same with burning ISO's, it's easier to just use command line tools. The most dead reliable USB ISO burner I've used is the DD command. I've used it to burn all sorts of crazy stuff that windows refused to write.
I haven't found the command-line-fu yet(and haven't spent much time looking) to scan, save, and auto-connect to various wifi networks, and to handle my Verizon LTE 4g card. I did hunt down the scan command once but I didn't use it enough to remember what it was. something to do with ilwifi iirc.
Haven't tried DD as an ISO to CD burner...will give it a shot.
You can only DD a bootable ISO to USB if it's been created as a hybrid ISO image. The syslinux package includes an isohybrid[1] command to convert existing non-compliant ISOs to hybrid ISOs that can boot via USB.
1) sounds definitely like a permission problem. Is your user member of the dialout group? If not, add it there, re-login and try again. You should not be forced to use the root user.
2) Exchange is a problem. There are several solutions, none of them is all that great: a) use Evolution, b) use Thunderbird with the proprietary plugin, c) use a proxy like davmail (davmail.sf.net).
3) There is Earth Pro for Linux too, it just isn't advertised. After installing the regular Earth, it will install also a repo for updates. Check what else is there in the repo - in the .rpm repo, there is the pro version. It has some bugs though - every time I try to use GPS tracing, it crashes.
5) Most distribution have a utility to make a boot drive. There are also other ways. If you intend to boot via UEFI, there's no need for special utilities to make the USB key. Just copy the iso content to the USB stick, on FAT{16,32}-formatted partition. If the UEFI bootloader can find the EFI directory in the root and it's content, it will boot fine.
This will not work for some windows editions, thought. For example, Windows 2012R2 has install.wim larger than 4 GB, so it won't fit on a FAT filesystem.
6) Do not fight the NetworkManager with ifconfig. If you want to use NetworkManager (and you want, if you use wifi, wwan, etc), change the IPs with nmcli. It's command line interface to the NM, so it will take note of this change and it won't cause difference between what the config files say and what is the reality on the interfaces.
> 1) sounds definitely like a permission problem. Is your user member of the dialout group?
Probably not. Will check -- I haven't changed any group memberships, so if it isn't by default, then it isn't.
> 2) Exchange is a problem...b) use Thunderbird with the proprietary plugin
Thunderbird with Exquilla is what I tried, but it just didn't quite do it for me -- the friction to use was greater than adapting to OWA.
> 3) There is Earth Pro for Linux too, it just isn't advertised.
Really?! I have to figure this out then! 3D buildings and drawing 3D paths to check LOS is my primary usage, so a GPS trace bug won't bother me too much.
> 5) Most distribution have a utility to make a boot drive.
I found the Ubuntu utility to make an Ubuntu bootable disk, but it wouldn't work on anything but an Ubuntu ISO.
> 6) Do not fight the NetworkManager with ifconfig. If you want to use NetworkManager (and you want, if you use wifi, wwan, etc), change the IPs with nmcli.
Thanks for the tip -- I'll learn nmcli and give it a shot, sounds like exactly what I need.
I don't understand how people aren't screaming about point 10 - I haven't had a linux distro which didn't do that, Ubuntu, Mint, Fedora, Arch - they all had this exact issue.
I close my laptop, it goes into sleep mode, I open the screen and my desktop is just there, I can happily use the browser, open apps, run commands, whatever, and then 10-20 seconds later the lock screen kicks in. It's insane that the architecture of the system even allows it to happen.
IIRC it's because the Ubuntu screen locking is tied to screensavers. I can't remember how I solved it for myself, but it involved invoking a much baser system to lock the screen.
Yeah, I'm pretty sure it's because the "lock screen" is just another process running on top of the desktop capturing all input and for whatever reason sometimes it takes longer than normal to start. But if that's the case, then the design is fundamentally wrong - it should be written in such a way that the desktop cannot display at all unless the state changes to "unlocked" somewhere deeper in the system.
Long Time Ubuntu user feels your pain - I've solved most of the pain by using KDE (kubuntu backports ppa on 16.04) or switching to Arch with KDE.
Subjective List - only a few good solutions:
1. screen can be used for serial stuff - also allows logging everything to file and copy&paste - you add yourself to a group that uses that device if you don't want to be root.
2. Yup. It's a pain point. There is stuff like Play on Linux that eases some WINE pain points.
6. Yes. NetworkManager is a pain point. Plasma NM (KDE) works fine for me. There is nmcli that you can use via command line. It's not totally straight forward but should be good enough for automation.
8. Yes. Remmina crashes for me a lot of times, I'm not using VNC that often but it's kind of pain in the ass. You could try using plain rdesktop and reading up on details - I've switchted NX where it is possible but it's also not perfect.
9. Only ever burned with k3b and never got problems.
10. Lightdm lockscreen sucks :( - sddm (again KDE) works far more reliable for me.
12. kwin/KDE gives you all the options. There might be some hidden GNOME or Ubuntu Tweak tool settings but I stopped bothering.
Battery life: powertop + tlp and it's now better than windows for me (on an Ivy Bridge i5 HP Notebook, should work similiar good on a Dell with Intel)
I think PuTTY for Linux will show a menu where you can access settings if you press Alt-Space (and that key isn't bound by your WM). You can change the copy/paste behavior in the PuTTY settings before you open the initial connection and save it as the default configuration (also scrollback settings).
Use K3B to burn CDs and turn on Burnfree/whatever it's called.
All I get is the window-menu with alt space -- the one where you get "Minimize/Maximize/Move/Resize/Always-on-top/Close" -- not the one in the Windows putty where you have the duplicate session, restart session, etc... option.
I didn't see any copy/paste options in the settings -- am I missing something?
I've tried that -- it's what I would think would work, but the few times I did, it didn't work. I don't recall what I was testing with, but it was likely either a Windows OS ISO, or a VMWare ESXi ISO. I haven't tried since then, I just go boot up the Windows 7 desktop I keep just for this purpose and use Rufus.
I think it only works that way with ISOs made in a way to support it?
The simplest way of getting a serial terminal under Linux is to run screen under your preferred graphical terminal program. First parameter is the port, second is the baud rate, Ctrl-A shift-K exits. To access the serial device without root you need to add your user to the appropriate group, probably dialout.
It sounds like the problem is that you didn't set your client's system up properly for PCI compliance. Don't blame Microsoft for your technical incompetence!
They haven't really pulled the rug out for anything on Google Cloud (there've been a few things replaced, e.g., the old Master/Slave datastore on App Engine.)
And while this doesn't have an deprecation policy applicable as a Beta feature, most GA Google Cloud features have a one-year deprecation policy, so even if they were retired, no one would have the rug pulled out.)
You seem to be confusing Google Cloud Platform with Google services. AFAIK there have been no GCP features removed after they have gone into General Availability.
Bet hey, keep the uninformed meme going if you like.
By this version of what a hacker is, it makes it sound like Apple is saying "This is a sub-par piece of equipment but you'll make the most of it because you're a hacker who's more productive with less!"
I agree with the definition on it's own merit.
I just want to blanket thank everyone who commented on such a low ranked question.
I sincerely appreciate everyone's time and I thank you all, the opinions and information was exactly what I needed and you guys replying to such a low ranked question really means a lot to me.
Haha, yeah. If you have enough money you can safely use it to make more. Here's hoping! I'm striving for small, but consistent returns over time.
Thanks!
