What will you do after January 14, 2020?

[lexluthermiester]

Nowadays the migration is very easy, and the reasons not to do so are fading fast.

Oh yeah, it's very easy.

If I may, what makes Win10 worth the effort?

I do alot of specialized tasks that are not easily achieved in Linux, or at all in a few cases. For professional confidentiality reasons I'm not at liberty to to detail them out.

 

[FinneousPJ]

Oh yeah, it's very easy.

I do alot of specialized tasks that are not easily achieved in Linux, or at all in a few cases. For professional confidentiality reasons I'm not at liberty to to detail them out.

Well, I was referring to personal use anyway. Professionally I am forced to use Win10 as well, nothing to do about it.

 

[lexluthermiester]

So, update on the Windows 10 install on my personal system. It's hit a snag. A critical security program that I use, just doesn't want to work right, so I'm going to go back to testing and try again next month. Til then, back to 7..

 

[Mr.Scott]

back to 7..

 

[trparky]

What security software? If it doesn't work right with Windows 10 I can't help but think that whatever software it is it's doing things that it shouldn't be doing, perhaps hooking into the kernel in ways that might be seen as insecure or could cause potential system instability. There are established APIs to hook into the system for a reason, use them and you'll generally have no issues. If you venture out on your own and hook into the kernel with undocumented APIs then expect problems to come up. We've seen that before with updates breaking antivirus software.

 

[lexluthermiester]

HAHAHA! Nice!

What security software?

It's encryption software. Not sure it's compatible with 1903 so I'm going to backtrack to 1809 and try it out.

 

[trparky]

It's encryption software.

What encryption software? VPN? File encryption? If it's a VPN I have to wonder why; OpenVPN works just fine with Windows 10.

 

[lexluthermiester]

File encryption?

This, I'm being deliberately vague.

 

[trparky]

Really. As a programmer myself (smalltime, that is), I know that if you follow and use standard file I/O operations and APIs you shouldn't be having any issues. And as for the encryption libraries itself, well... that kind of stuff should definitely be left up to people who know how to do encryption right. The first rule of writing your own encryption code is... DON'T!

There's a reason why AES exists. It's been beaten on for years and survived the trial by fire. 2048-bit AES encryption is known to be damn near bulletproof. It's said that it would take the age of the universe and then some to crack AES provided that it has a strong enough key.

 

[lexluthermiester]

Really. As a programmer myself (smalltime, that is), I know that if you follow and use standard file I/O operations and APIs you shouldn't be having any issues. And as for the encryption libraries itself, well... that kind of stuff should definitely be left up to people who know how to do encryption right. The first rule of writing your own encryption code is... DON'T!

There's a reason why AES exists. It's been beaten on for years and survived the trial by fire. 2048-bit AES encryption is known to be damn near bulletproof. It's said that it would take the age of the universe and then some to crack AES provided that it has a strong enough key.

You're making assumptions. Stop doing that.

 

[trparky]

You're making assumptions. Stop doing that.

I'm not assuming anything, I'm just stating facts here. There are established I/O APIs for a reason, use them and you shouldn't have any issues. Yes, there are file system shim drivers that do this kind of work as well but any time you start playing at that level of the OS you can run into issues.

There's an old programmer phrase that comes to mind... If you can't stand the heat, get out of the kernel. Kernel-level programming is not for the faint of heart, one screw up there and yeah... you'll be looking at a BSOD really quickly. Kernel programming might as well be black magic, cast your spell wrong and bad things happen.

There's a reason why Linus Torvalds can be such an asshole when it comes to the quality of code contributed to the Linux kernel source tree, he doesn't want bad shit to happen.

 

[R-T-B]

zomg telemetry nuts...

Hey! I thought we were friends!

If it's really bad then Microsoft will push out a patch.

Yes, for perhaps first year. That's all I'd count on, and honestly, I'd avoid "horrible exploit" being the criteria at which you draw the line on security bugs.

I'm not assuming anything, I'm just stating facts here.

Well, upcoming quantum computers don't care. But besides that, I prefer Whirlpool, AES backdoor rumors and their insistence on certain salts has always bugged me.

That being said, you are right. Never make your own encryption unless you really are sone kind of math phd. Horrible idea.

 

[trparky]

Unless someone shows some concrete evidence of a backdoor in AES I'm going to assume that it's just a conspiracy theory. Besides, the code for AES is out there for anyone to read and review. Considering how many years it's been available to be read and studied, you'd think that someone would have found something by now. You can't hide something when it's open source. If someone sneaks something in it's eventually going to be found.

 

[lexluthermiester]

I'm not assuming anything, I'm just stating facts here. There are established I/O APIs for a reason, use them and you shouldn't have any issues.

Yes, you are. That's not the problem I'm having.

There's an old programmer phrase that comes to mind... If you can't stand the heat, get out of the kernel. Kernel-level programming is not for the faint of heart, one screw up there and yeah... you'll be looking at a BSOD really quickly. Kernel programming might as well be black magic, cast your spell wrong and bad things happen.

Neither is this.

Unless someone shows some concrete evidence of a backdoor in AES I'm going to assume that it's just a conspiracy theory. Besides, the code for AES is out there for anyone to read and review. Considering how many years it's been available to be read and studied, you'd think that someone would have found something by now. You can't hide something when it's open source. If someone sneaks something in it's eventually going to be found.

This is true though. AES has no known backdoors and is very unlikely to.

 

[R-T-B]

Unless someone shows some concrete evidence of a backdoor in AES I'm going to assume that it's just a conspiracy theory.

It IS a conspiracy theory. But a better founded one than most considering insisting on using the same salts is weird and exactly the kind of way a mathamatical weakness could be hidden.

 

[lexluthermiester]

It IS a conspiracy theory. But a better founded one than most considering insisting on using the same salts is weird and exactly the kind of way a mathamatical weakness could be hidden.

That may sound like a weakness, or seem like one, but it isn't. The way the numbers crunch, the results are astronomically complex and no computer on Earth, even quantum models, can crack that encryption while the Sun still has hydrogen to fuse. In fact, it would literally take the sum total of all computing power currently on the planet over 1 trillion years to brute force such.

 

[R-T-B]

That's assuming of course, there is not a mathamatical shortcut hidden we are unaware of.

I'm not saying it's probable. I'm saying it's vaguely possible (if unlikely), and one less reason to trust AES over competing solutions. Not that any of them are bad. Personally, back when I cared with crypto wallets vaguely worth stealing, I used a cascade of AES-Twofish-serpent via Veracrypt for my wallet. But that was probably complete overkill ( had $2000 at my peak).

 

[lexluthermiester]

That's assuming of course, there is not a mathamatical shortcut hidden we are unaware of.

There isn't. This is real life, Sneakers was just a movie. There is no spiffy code breaker that will magically crack open the encryption.

 

[R-T-B]

There isn't. This is real life, Sneakers was just a movie. There is no spiffy code breaker that will magically crack open the encryption.

Snowden suggested there is. As such, I can't completely discount the idea that those prelaid salts have a mathmatically weakeness-inducing motivation.

Likewise, there is absolutely no way in hell anyone is going to prove it either. Which makes it rather academic anyways, as if the governments after you, you're toast anyhow.

Sneakers was just a movie

And a candy bar. Mars is also a planet. Your point?

PS: I actually did not know it was a movie... lol. And wait, it's snickers isn't it? Oh well... it sounded funny.

 

[lexluthermiester]

Snowden suggested there is.

The problem is, since he said that(and let's face facts, it's been a number of years) the code has been checked, rechecked, checked again and then checked a few more times just for good measure. The open source community would have cried foul by now if it were true. Additionally, it has evolved since then. AES is secure, currently.

As such, I can't completely discount the idea that those prelaid salts have a mathematically weakness-inducing motivation.

Again, because of the way the encryption works, the salt hashes could be made a fixed, known value & made public and it still wouldn't matter as the values generated will still be sufficiently complex as to render them unbreakable. As it is, all salt hashes are generated on a per-use basis. In the case of the encyption found in browser use, the salts are generated based on a session ID, which is a 128bit number. Even the US government can not crack it. Man-in-the-middle attacks no longer work in modern browsers, especially those that are PROPERLY configured.

And a candy bar. Mars is also a planet. Your point?

PS: I actually did not know it was a movie... lol. And wait, it's snickers isn't it? Oh well... it sounded funny.

Oh dear, we need to get you in the know;

Sneakers (1992) ⭐ 7.1 | Comedy, Crime, Drama

2h 6m | PG-13

www.imdb.com

It's an older but still oddly relevant movie. Trust me, we've interacted enough to confidently say you'll enjoy it! You've been missing out.

 

[Space Lynx]

edit nm I found the issue

also,

Is there any downside to just using WSUS Offline Updates for a clean install of Win 7 and leaving updates off in windows settings?

 

[lexluthermiester]

Is there any downside to just using WSUS Offline Updates for a clean install of Win 7 and leaving updates off in windows settings?

None that I can think of.

 

[R-T-B]

Additionally, it has evolved since then.

Not to my knowledge it hasn't... Officicial Implementation white papers are the same ones as ever.

Implementations have evolved, but, that's different really.

Other than that little pick, basically on the same page as you.

 

[lexluthermiester]

Implementations have evolved, but, that's different really.

That's what I meant.

 

[rtwjunkie]

Uh... any recommendations?

Bitdefender is my recommendation, or keep using Defender.