Tuesday, November 8, 2016

Why Security will always fail


I just made a new video.  It's about rethinking how we approach security so I won't rehash it here.  Suffice it to say that the reason security measures fail is not due to a device or a piece of software.  It fails because we don't value the most critical element of any security policy; the people.

Couple that with the careless and needless collection of private information for purposes that have no justification for having it and you have a recipe for disaster.

Watch below...



Friday, October 14, 2016

Microsoft's flawed update strategy


Let's talk about updates.  Specifically, lets talk about updates in the context of Windows 10.

When Microsoft launched Windows 10 it was supposed to be the cure-all to the Woes of Windows.  It was to be everything to everybody regardless of your chosen device.  It would be the gateway to what you wanted to do instead of the sandbox (or litter box) for the things you HAD to do.

When it works it can be all that.  Unfortunately, it really isn't.

I've listened to the pundits and Microsoft apologists for over a year now.  How they go on touting its merits while in the same breath decrying their frustrations.

Simply put, Microsoft can't be trusted with the power Windows 10 gives them.

I've had my own frustrations with it having seen my production machine blue screen for no apparent reason over a dozen times in the past year.  In the 3 years prior the same machine running Windows 7  may have done it twice.



I'm tired of constant updates churning in the background while I'm trying to do actual work.  Sick of waiting 15 minutes for a system shutdown because Windows decided it was time to do some housekeeping.

My eyes bleed at the sight of full event logs warning of failed telemetry connections.  All because I refuse to turn my daily workflow into an episode of The Truman Show.  Spybot Anti-Beacon takes care of that but the price is endless bitching.

My PC is not a lifestyle device, my data under my and nobody else's purview. I expect to control my own environment.  I have no use for Cortana.  Quite simply, I don't have the buying or search habits to make it or anything like it benefit me.  Meaning I have no reason to be so forthcoming.

Am I a troglodyte?  Hardly, I just prefer to not have Microsoft curating my search results or my computing habits for that matter.  Even if they do consider it a "Feature."

But Microsoft doesn't see it that way.

The best example is the update process.  It's common knowledge that Windows 10 has essentially taken away your ability to exercise any disposition of updates.  Even if they brick your device.

Take the recent update that disabled millions of webcams.  We've come to find out that it was all due to one lone Microsoft Engineer who took the unilateral action to remove a codec without bothering to pass it through Q&A.  ( Thurrott said that on Windows Weekly 487 BTW)

I appreciate employee empowerment and all.  It works great for the auto industry in fact most auto workers have the power to stop an entire assembly line if they see a problem.  What comes next is a structured process to address it.  

But nobody makes the ultimate call by themselves.  Unless they work for Microsoft that is.  Where one poorly executed update can be unleashed on millions of devices worldwide without as much as a peer review.

If you're using Windows 10 there's no doubt you've spent at least a few minutes observing the update process.  It's all very clandestine: even the event logs won't provide you any illumination as to what's going on.  You just sit and watch that screen, cross your fingers, and hope the update goes well as it reboots 2, 3, 5 times...



The latest atrocity?  The endless loop of death from KB3194496 that for many users will never install correctly without first manually applying an out of cycle patch ( <--that links to it BTW) 

We reap what we sow and the crop is a load of manure.  In the old days we could just simply uncheck the update once we found out it was problematic.  Today we have to beg the good graces of Microsoft to acknowledge the problem in the first place.  Meanwhile our workflows and production goes to hell while Microsoft whitewashes it's official response.

I could care less what Microsoft's "telemetry" is telling them about the severity of the issue.  If they can't get a patch right why should I trust their telemetry as an indicator of anything?

Laissez-faire may be great for Free Market policy wonks but it's got no place in a platform that 20% of the planet relies on to actually accomplish something.

The user base should demand that the next patch they release give us back control of the update process.  At this point it's obvious Microsoft can't be relied upon to do it themselves.  

Here's a proposition...

I'll meet you half way Microsoft.  Let the users curate their own patches but turn off Cortana or the Store while it's disabled.  

I think that's a fair compromise and for those invested in the Microsoft way of doing things, it would be a reminder to turn the updates back on when the inevitable storm has passed.