WinXP user bought first desktop Win7 - Win10 Pro

On Tue, 9 May 2017 04:49:36 -0000 (UTC), John & Jane Doe
wrote:

Char Jackson wrote in :

How can the OS go around the hosts file?

The hosts file is a form of local DNS, so if an application attempts to
access a remote resource by using its IP address, there is no need for
DNS.

Wow. That is odd.

Let's say, for example, that "ping" was one of those programs.
Here is what happens normally:
1. ping microsoft.com
2. ping looks to the HOSTS file to see if microsoft.com is there
3. It's not, so ping sends a DNS query over a port (I think it's 53)
4. The IP address of 104.40.211.35 (or whatever) comes back.
5. The ping goes to that IP address.

Are you saying some apps can skip the step 2 lookup above?
If so, that's completely new to me.

Or are you just saying that some apps go directly to the IP address of the
microsoft.com server (which in this case is 104.40.211.35)?

Yes, the latter. It's as if, in your example, step 1 was "ping
104.40.211.35". Since we already know the IP address that we want to
ping, there's no need to look it up, so no need to look in the hosts
file, no need to check local DNS cache, no need to make an external DNS
request, etc.

Microsoft obviously knows its own IP addresses and has control over
whether they will change or remain static for years to come, so they can
embed some of those IP's in their core Windows software. When that
software needs to phone home, it can do so without involving any DNS
activities.

There's at least one other way they could have implemented all of this.
Rather than hardcoding IP addresses in Windows core files, they could
simply have a process that sends a query to MS, requesting the IP
address of the telemetry collection point. That query could itself use
DNS, since it would seem innocuous, but the payload contained in the
response could be the IP address to where the telemetry should be sent,
and then we're back at the beginning where your copy of Windows now
knows where to send the data it's collected and it didn't have to use
DNS to get it. This kind of obfuscation layer is not all that uncommon.
Add an encryption layer and more obfuscation, and it could be quite a
while before enterprising hackers unravel it.

So let's say you've determined what the telemetry IPs are and you want
to block them. You mentioned possibly using the Windows firewall to do
so. I think that could be problematic. If I were Microsoft, I probably
wouldn't let the Windows firewall be used to block that access, which is
why I think an external firewall, not under the control of Microsoft,
would be a better choice.

For some reason, I had a blockage in my brain that a
program would use a hard-coded IP address. It's simple for them to do, but
if that IP address ever changes, well, then, it's useless.

True, but it's their IP and they have control over whether it'll change
or not. They have a strong motivation not to change it/them, since that
would effectively kill off their telemetry, but if they used the second
method above, they could periodically change telemetry IPs without
skipping a beat.

Is there a way to block (or redirect) an IP address?
I guess a firewall will do that, right?

Firewalls typically only block or allow traffic, but would you trust a
Microsoft (Windows) firewall to block this traffic even after you
configured it to do so? It would be trivial for MS to hook into the
Windows firewall and add a rule, not necessarily allowing that rule to
be visible in the GUI, to allow specific traffic.

Thanks for the heads up that Microsoft phones home with hard coded IP
addresses. Later, when I'm done with the basics of Windows 10, I'll seek
them all out and block them, probably in the router firewall or better yet,
in the Windows firewall.

See above. I'm not convinced that the Windows firewall is the best place
to do this. Maybe all of this talk is premature, though. I haven't seen
any articles, though I haven't looked, that spell out how all of this
data collection works.

Char Jackson wrote in :

Or are you just saying that some apps go directly to the IP address of the
microsoft.com server (which in this case is 104.40.211.35)?

Yes, the latter. It's as if, in your example, step 1 was "ping
104.40.211.35". Since we already know the IP address that we want to
ping, there's no need to look it up, so no need to look in the hosts
file, no need to check local DNS cache, no need to make an external DNS
request, etc.

I get it.
You're saying MS put static IP addresses in their code.
So the main way to block that is to use a firewall (or other method).
Drat.

Microsoft obviously knows its own IP addresses and has control over
whether they will change or remain static for years to come, so they can
embed some of those IP's in their core Windows software. When that
software needs to phone home, it can do so without involving any DNS
activities.

Yup. Plus, since Microsoft UPDATES their OS, if they change a static IP
address, all they have to do is change the call in their software.

Once they own the update process, anything is possible (e.g., I'm sure the
NSA is already on it for example, where some of those IP addresses
geolocate to Fort Mead).

There's at least one other way they could have implemented all of this.
Rather than hardcoding IP addresses in Windows core files, they could
simply have a process that sends a query to MS, requesting the IP
address of the telemetry collection point. That query could itself use
DNS, since it would seem innocuous, but the payload contained in the
response could be the IP address to where the telemetry should be sent,
and then we're back at the beginning where your copy of Windows now
knows where to send the data it's collected and it didn't have to use
DNS to get it. This kind of obfuscation layer is not all that uncommon.
Add an encryption layer and more obfuscation, and it could be quite a
while before enterprising hackers unravel it.

Ooooh. Indeed. You're smart. Yup. That's another way, which is much harder
to block in some ways. The actual "call" would be what we'd have to block
since the domain would just be a common server at Microsoft (presumably).

So, as with all things, we'd have to know how they did it in order to
figure out how to block it (just as the NSA does to learn how to distort it
to their needs).

So let's say you've determined what the telemetry IPs are and you want
to block them. You mentioned possibly using the Windows firewall to do
so. I think that could be problematic. If I were Microsoft, I probably
wouldn't let the Windows firewall be used to block that access, which is
why I think an external firewall, not under the control of Microsoft,
would be a better choice.

Makes sense that a firewall outside the operating system is required.
I'm not a firewall expert though ... but it makes sense what you say.

For some reason, I had a blockage in my brain that a
program would use a hard-coded IP address. It's simple for them to do, but
if that IP address ever changes, well, then, it's useless.

True, but it's their IP and they have control over whether it'll change
or not. They have a strong motivation not to change it/them, since that
would effectively kill off their telemetry, but if they used the second
method above, they could periodically change telemetry IPs without
skipping a beat.

Yes. As we said. If they control the updates, they control everything.

Is there a way to block (or redirect) an IP address?
I guess a firewall will do that, right?

Firewalls typically only block or allow traffic, but would you trust a
Microsoft (Windows) firewall to block this traffic even after you
configured it to do so? It would be trivial for MS to hook into the
Windows firewall and add a rule, not necessarily allowing that rule to
be visible in the GUI, to allow specific traffic.

Yes. We agree. Outside of the operating system is the better firewall
concept, at least conceptually. (I'm not a firewall expert so that's as far
as I can say.)

Thanks for the heads up that Microsoft phones home with hard coded IP
addresses. Later, when I'm done with the basics of Windows 10, I'll seek
them all out and block them, probably in the router firewall or better yet,
in the Windows firewall.

See above. I'm not convinced that the Windows firewall is the best place
to do this. Maybe all of this talk is premature, though. I haven't seen
any articles, though I haven't looked, that spell out how all of this
data collection works.

I'll keep my eye open for such things.

Just think of the lengths Uber went to in order to obtain their goals, what
with their grayware against LE and their geofencing of Apple.

The onus is on us to know what Microsoft is doing; and then block it.

On 09.05.17 7:00, John & Jane Doe wrote:
Bill wrote in :

I assume the OP's My Computer is not the same as Microsoft's My
Computer, so disabling all icons this way is not what is being talked
about. He will just have to remove all unwanted icons individually as he
has done in XP.

Whether it's linux or windows xp or windows 10, we all do the same things,
so the user interface has no reason to be different in functionality.

You need access to:
1. programs
2. files
3. settings

I don't think I'm a genius but why am I the only one saying that there's
nothing different whatsoever between what any person does on these desktop
computers?
cut
Welll.... I have 8053 executables on my system disk, I hardly think
I do the same things as you do......

On Tue, 09 May 2017 20:29:23 +0200, Sjouke Burry
wrote:

On 09.05.17 7:00, John & Jane Doe wrote:
Bill wrote in :

I assume the OP's My Computer is not the same as Microsoft's My
Computer, so disabling all icons this way is not what is being talked
about. He will just have to remove all unwanted icons individually as he
has done in XP.

Whether it's linux or windows xp or windows 10, we all do the same things,
so the user interface has no reason to be different in functionality.

You need access to:
1. programs
2. files
3. settings

I don't think I'm a genius but why am I the only one saying that there's
nothing different whatsoever between what any person does on these desktop
computers?
cut
Welll.... I have 8053 executables on my system disk, I hardly think
I do the same things as you do......

If you zoom in, then yes, it's different for everyone. But if you slowly
zoom out, eventually it mostly comes into focus. Most of us use programs
to do stuff, and frequently those programs involve files, and so on.

On 2017-05-08 12:44, Bill wrote:
In message , Good Guy
writes
On 08/05/2017 03:26, John & Jane Doe wrote:


I keep the desktop clean, with only "My Computer" on it, since all the
directories I need are in the quick launch bar on WinXP. I'll want to
replicate that on Windows 10.




OK, "Good Guy" it's not smart to redirect replies just to a Linux ng.
I've corrected that.

Would you care to explain why us Linux users should care about this post
of yours? I only see in it things related to Windows.

--
Cheers, Carlos.

Char Jackson wrote in news
Welll.... I have 8053 executables on my system disk, I hardly think
I do the same things as you do......

If you zoom in, then yes, it's different for everyone. But if you slowly
zoom out, eventually it mostly comes into focus. Most of us use programs
to do stuff, and frequently those programs involve files, and so on.

Exactly.

Everyone things they're unique; but they can't be.

Home desktop computers only do so many things.

Sjouke Burry wrote in :

I don't think I'm a genius but why am I the only one saying that there's
nothing different whatsoever between what any person does on these desktop
computers?
cut
Welll.... I have 8053 executables on my system disk, I hardly think
I do the same things as you do......

I'm sure you do the same things.

There's only so much you *can* do.

Everyone *thinks* they're unique.

Ask any driver to rate himself, for example, 1 out of 10.
Guess what almost all automobile drivers rate themselves?

The chances of you being unique, are slim indeed.
The only difference between you and me, is that I know I'm not unique.

That's why, if I were to write a thesis on how a company like Microsoft
should set up it's user interface to fit all people, it would be relatively
easy to do (just a ton of research but the task would be easy).

Note: That's not an oxymoron. War is easy in the same way. It's a ton of
effort, but it's all easy to understand since everyone fights wars the same
way even if they *think* they're methods are unique.

John & Jane Doe wrote:


That's why, if I were to write a thesis on how a company like Microsoft
should set up it's user interface to fit all people, it would be relatively
easy to do (just a ton of research but the task would be easy).

We'd just ask you to justify your choices,
and show examples of things that you decided
didn't work.

The difference being, between "deck chairs" and
actual design.

As an example, in Win7, the most efficient way
to launch a program, was to type a name in the
search hole ("devmgmt.msc"), rather than traverse
a menu. Win10 added the right-click on Start
menu, with Device Manager right there for you.
Good design. I don't have to take my hands
off the mouse.

Now you know why it bothers me so much, when
Win10 Creator edition makes me type "Control"
into the Cortana search hole, to get the
Control Panel to show up. Such a step backwards.
Now, if you're a Microsoft employee, justify
that to me, and tell me "what a win that is" :-\

Paul

In message , John & Jane Doe
writes
I don't think I'm a genius but why am I the only one saying that
there's nothing different whatsoever between what any person does on
these desktop computers?

We all do the same thing.
a. We run the same kinds of programs
b. We save our data into the same kinds of files
c. And we have to set up the system from time to time

I'm totally on the same side in wanting a straightforward, sensible
interface, and use the "all data sensibly arranged on a second
partition" method here, but I'm not sure that everyone does do the same
thing on their desktop.

For example, one XP machine here links to and controls a hardware audio
mixer linked to a range of software mixers, a second machine runs Linux
and operates a software audio mixer, sometimes with, sometimes without,
the same hardware mixer. I have switching interfaces for input and
output, and have tinkered with remote surveillance using wifi cameras.
I've played with linking to the server running in the car dashcam and I
run W98 in a VM on a laptop so I can use my fairly unique see-through
scanner. These are just some of the things that relate to my interests -
others I support have their own specialities.

I realise none of this negates your argument. What it does do is make
Windows 10 almost useless as a day to day OS. Forcing updates of the
whole OS (eg to the creators edition) is just totally unacceptable.
Forcing updates of 3rd party drivers (eg Wacom HID) equally so.

Windows OS's up to 7 were fine - open-ish, stable and very much
configurable and I have been a Microsoft supporter since before Windows.
Before CP/M, I wrote my own simple OS.

W10 cannot, in my opinion, be called a stable OS. It may be fine for
the way I use it here as a typewriter, calculator and filing cabinet
replacement, but as a general purpose OS it is a non-starter.

I remain interested to hear how you get on in the longer term, but make
sure you keep your W7 COA's safe.




--
Bill

Bill wrote:


W10 cannot, in my opinion, be called a stable OS. It may be fine for
the way I use it here as a typewriter, calculator and filing cabinet
replacement, but as a general purpose OS it is a non-starter.

There's more than one incarnation.

There is the IoT version for Raspberry PI III. With no GUI
(HDMI might at best put out a static image). And the theory
goes, you can design some sort of gadget or toy car, using
that as the "engine".

I can't see that getting any traction, when there is already
a Linux engine and tool set for doing stuff. But Microsoft
"plays the long game" and they don't mind waiting a few
years, to win. That's why we're getting the "Win10 S with Walled Garden",
which some commentators think is... wonderful. Wonderful
for Microsoft financials perhaps (30% cut of App Store sales).
I'd rather see that money go 100% to developers who
actually wrote the software. Not to some Mafia Gatekeeper.
If Microsoft wanted a 3% to 5% cut of sales, that amount
would be more in line with the lightweight curation services.

Paul

On 08/05/2017 16:20, Char Jackson wrote:
On Sun, 7 May 2017 17:38:51 +0100, "David B."
wrote:

On 07/05/2017 17:27, Char Jackson wrote:
On Fri, 5 May 2017 23:37:23 +0100, "David B."
wrote:

On 05/05/2017 22:58, John & Jane Doe wrote:
David B. wrote in :

REDACT - who taught you that word?!!!

Origin and Etymology of redact
Middle English, from Latin redactus, past participle of redigere

First Known Use: 15th century
1350-1400; Middle English Latin redÃ*ctus (past participle of redigere to
lead back), equivalent to red- red- + Ã*ctus, past participle of agere to
lead;


I repeat: *Who taught YOU that word*?!!!

Hmm, obviously that word gives you a hinky. Can you explain why that is?

Yes, of course ...... once you have provide the link to your REAL
identity at LinkedIn.

Will you do that, Char?

I thought you had already picked one at random. Now, back to my
question. Why does redaction give you a hinky?

It's simply not a word in popular usage - in my experience anyway.

I don't mind at all that you are a black woman - as long as you are
truthful.

--
"Do something wonderful, people may imitate it." (Albert Schweitzer)

On 07/05/2017 21:39, Tomos Davies wrote:

99% of intelligence is (INHO) in the ability to pay attention to detail.

I tend to agree - In My Humble Opinion? (IMHO)

Perhaps I refer to group(s) which are NOT Windows related?

--
"The important thing is not to stop questioning."
- Albert Einstein

On Wed, 10 May 2017 22:31:24 +0100, "David B."
wrote:

On 07/05/2017 21:39, Tomos Davies wrote:

99% of intelligence is (INHO) in the ability to pay attention to detail.

Yeah, the other 1% is BD. I see you know him.


Perhaps I refer to group(s) which are NOT Windows related?

And yet you posted in:


"alt.windows7.general,alt.comp.os.windows-10,microsoft.public.windowsxp.general"

Maybe you should redact the newsgroup list you posted to ?
Or is this yet another deliberate STALKING attempt ?
EPIC FAIL !!!!
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Bill wrote in :

I'm totally on the same side in wanting a straightforward, sensible
interface, and use the "all data sensibly arranged on a second
partition" method here, but I'm not sure that everyone does do the same
thing on their desktop.

I think most people don't think about anything when they're organizing
their computers, so I tend to agree with you.

When they download something, it's like they're playing catch with a
football, where they throw the ball anywhere, and then they need a search
engine to find it.

Instead of throwing the ball to the person 100 feet away, they just chuck
the ball in some random direction - and then - they fiddle with the search
engine to find where it landed.

Same with installing their programs. They let the football throw itself,
where all they know is the general direction (program files) it went.

Likewise with their data. They throw the football up in the air and let the
wind take their data wherever it takes it.

Then they wonder why they can't find anything on their computer, where they
have to resort to surrendering by using a search engine to find their own
files.


For example, one XP machine here links to and controls a hardware audio
mixer linked to a range of software mixers, a second machine runs Linux
and operates a software audio mixer, sometimes with, sometimes without,
the same hardware mixer.

Those don't sound like personal (home) desktops.
They sound like servers.

I have switching interfaces for input and
output, and have tinkered with remote surveillance using wifi cameras.
I've played with linking to the server running in the car dashcam and I
run W98 in a VM on a laptop so I can use my fairly unique see-through
scanner. These are just some of the things that relate to my interests -
others I support have their own specialities.

It seems you do more stuff but if these are home desktops, when do you
browse the net, read email, play video, listen to audio, edit files, etc.?

That's the kind of stuff I was saying everyone (on a home desktop) does.

A server and a desktop/laptop are different things, and a desktop for home
is what I'm talking about. (A server doesn't even need any menus, for
example.)

I realise none of this negates your argument. What it does do is make
Windows 10 almost useless as a day to day OS. Forcing updates of the
whole OS (eg to the creators edition) is just totally unacceptable.
Forcing updates of 3rd party drivers (eg Wacom HID) equally so.

I'm new to Windows 10, and my machine is still off the net (on purpose)
until I can control it. So this is dismaying information.

Windows OS's up to 7 were fine - open-ish, stable and very much
configurable and I have been a Microsoft supporter since before Windows.
Before CP/M, I wrote my own simple OS.

I started with Fortan, before 77 existed.

W10 cannot, in my opinion, be called a stable OS. It may be fine for
the way I use it here as a typewriter, calculator and filing cabinet
replacement, but as a general purpose OS it is a non-starter.

If that's the case, that's too bad.
Maybe you need Redhat?

I remain interested to hear how you get on in the longer term, but make
sure you keep your W7 COA's safe.

Thanks for the advice. I've been reading EVERY post and taking it all in.

At first, I thought the Windows 10 default interface was an abomination.
But now that I've deleted everything that I thought was useless, there's
not much splashed in my face at this point.

Of course, I haven't been on the net (I'm saving that for after I get
control of the interface).

I'm using the classic menu but I don't like crutches, so, I'm going to try
to make the Windows 10 menu work like it's supposed to work.

Paul wrote in news
We'd just ask you to justify your choices,
and show examples of things that you decided
didn't work.

Remember the iPod or the first iPhone?
Why were they so easy to use compared to their competition?

I had a Panasonic MP3 player before iPods came out.
It was as bad as my first digital alarm clock.

You need to tape the instructions to the back just the use the things.

Apple boiled down the user interface to the bare essentials.

I think they went a little too far (mice need more than 1 button for
example), but they boiled it down to the essentials.

That's what a user interface for the masses needs (only not as boiled down
as Apple did).

The difference being, between "deck chairs" and
actual design.

As an example, in Win7, the most efficient way
to launch a program, was to type a name in the
search hole ("devmgmt.msc"), rather than traverse
a menu.

I'm with you on the oddities of making things easy.
Wanna know how I access the file system on Windows 10 at the moment?

Start Run \return

At the moment, that's the *easiest* way to do it.
(I'm sure I'll implement an easier way but that's what I'm doing now.)

Win10 added the right-click on Start
menu, with Device Manager right there for you.
Good design. I don't have to take my hands
off the mouse.

I like that. I didn't know about that, but I like that.
A right click on the menu should do the right thing.

Inside of my personal menu, it should allow me to go to that location on
disk, especially since Microsoft puts the start menu items in a horridly
long filespec path!

Now you know why it bothers me so much, when
Win10 Creator edition makes me type "Control"
into the Cortana search hole, to get the
Control Panel to show up. Such a step backwards.

Agreed.
Often-performed tasks should be easily accessed.

Now, if you're a Microsoft employee, justify
that to me, and tell me "what a win that is" :-\

Luckily, I'm not a MS employee.
But if they hire me, I'll try to improve their UI!