|
How many times are they going to shoot themselves in the foot before an amputation is required?
New version: WinHeist Version 2.2.2 Beta I told my psychiatrist that I was hearing voices in my head. He said you don't have a psychiatrist!
|
|
|
|
|
Microsoft likely has 2 options:
Do stuff like this as mandated, and let it hurt their business
Shut down completely without violating gag order (TrueCrypt, Lavabit, etc)
|
|
|
|
|
To solve the problem you have to cut off the head, not the foot.
|
|
|
|
|
MS plotting their next income stream, give the tools and libs away free then charge based on usage - including use of your apps [which use their libs = their justification to do so]. Jus like they want to do with W10.
At the moment their major income stream is from releasing new versions, by charging for use they only need to create the product once and then just sit back and count the money that rolls in forever (even if they do nothing except release the occasional bug fix).
So come on people, chill... all they want is your money, is that really so bad?
|
|
|
|
|
Robert den Hartog wrote: So come on people, chill... all they want is your money,
Considering Bill Gates is the richest man in the world I think he's done a pretty good job of it!
New version: WinHeist Version 2.2.2 Beta I told my psychiatrist that I was hearing voices in my head. He said you don't have a psychiatrist!
|
|
|
|
|
Wake up Microsoft Shareholders - make that moron's head roll.
|
|
|
|
|
It's not unbelievable. Governments want data about their "subjects", and MS is obliging.
Come into the parlour of the all-new world-wide web.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
|
Thinking on it, this is probably their way of trying to get around the fact that so many people have disabled win 10's telemetry -- and therefore yet another "We don't care what you want! What We want is more important!"
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
It's remarkably inconsistent though. I would have expected a call to the GWX loader, no less!
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
spongo2 comments on Visual Studio adding telemetry function calls to binary?[^]
hi everyone. This is Steve Carroll, the dev manager for the Visual C++ team.
Tl;dr: thanks folks for the feedback. Our team will be removing this from our static libs in Update 3.
Our intent was benign – our desire was to build a framework that will help investigate performance problems and improve the quality of our optimizer should we get any reports of slowdowns or endemic perf problems in the field.
We apologize for raising the suspicion levels even further by not including the CRT source, this was just an oversight on our part. Despite that, some of you already investigated how this mechanism works in nice detail. As you have already called out, what the code does is trigger an ETW event which, when it’s turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. We haven’t actually gone through this full exercise with any customers to date though, and we are so far relying on our established approaches to investigate and address potential problems instead.
We plan to remove these events in Update 3. In the meantime, to remove this dependency in Update 2, you should add notelemetry.obj to your linker command line. If you’re generally concerned about phone-home scenarios, more information about how to configuring Windows 10 appropriately to your needs can be found here: https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft#bkmk-priv-feedback
Thanks.
|
|
|
|
|
His answer is full of holes. Simply logging start and stop times of binaries would be of no use for performance profiling. Secondly, why is it not documentented? Thirdly, why is it inserted into the C runtime? That would seem to be an inappropate place to insert telemetry monitoring software.
Forthly, we only found out about this feature by accident. If it hadn't been discovered would have been removed at all?
|
|
|
|
|
I'm trying to care, but I just can't. What's the big deal?
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
What's the big deal? From lesser to greater ...
1. Executables bloated with unnecessary code that does not help with the software's purpose. In addition to size (which most won't care about), this potentially reduces reliability, as you are not testing these undocumented "features".
2. Potential for adware and anything else to get inserted into or called from executables. If one unnecessary thing is slipped in, what is next?
3. Microsoft (or whoever) can record all types of things about each executable and its usage.
4. You become a vendor for spyware, not knowing what is being recorded about users of your software. Especially for commercial software vendors, this a death knell for your business when word gets out. And word WILL get out -- this thread proves that.
Could this issue be a totally benign thing? Sure, it certainly could. But given Microsoft's current policies and the crap it baked into Win10, I'm going with "distrust and verify".
This has got to be the dumbest thing that Microsoft has done under Nadella's watch. Microsoft is fighting for survival in a new world that it doesn't control, and this issue is going to push people away from their products.
|
|
|
|
|
BryanFazekas wrote: Executables bloated with unnecessary code that does not help with the software's purpose Bloated seems like an overstatement. But OK.
BryanFazekas wrote: Potential for adware and anything else to get inserted into or called from executables. If one unnecessary thing is slipped in, what is next? That just sounds like paranoia. I can brake into your house and murder you anytime I want to, but the reality is, it won't ever happen. No reason to worry about all possible bad things in life. You'll go nuts.
BryanFazekas wrote: Microsoft (or whoever) can record all types of things about each executable and its usage. Again, who cares?
BryanFazekas wrote: You become a vendor for spyware, not knowing what is being recorded about users of your software You already are. Read Microsoft's software agreements sometime.
BryanFazekas wrote: this issue is going to push people away from their products. And who would people go to instead of Microsoft?
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
RyanDev wrote: That just sounds like paranoia. I can brake into your house and murder you anytime I want to, but the reality is, it won't ever happen. No reason to worry about all possible bad things in life. You'll go nuts.
Do you lock your car when you park it? Do you lock your doors at night or when you're not at home?
Most people are (more or less) honest ... but we take precautions to protect us from the ones who are not. If that's paranoia ... stop locking your car and your doors.
|
|
|
|
|
BryanFazekas wrote: Do you lock your car when you park it? Do you lock your doors at night or when you're not at home? Of course. But I don't care if anyone is taking pictures of my car or if there is a security camera in the parking lot recording video for others to see.
And many of us have written code that sends us information about the performance of our software or sends us error reports, etc. So what?
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
RyanDev wrote: But I don't care if anyone is taking pictures of my car or if there is a security camera in the parking lot recording video for others to see.
That sounds reasonable, but in this case taking pictures of your care or a security camera would be something the OS or anti-virus/anti-malware would be doing. This is more like Ford or GM deciding to make your car honk and flash the lights every time you change the radio station.
|
|
|
|
|
Member 2652715 wrote: This is more like Ford or GM deciding to make your car honk and flash the lights every time you change the radio station. Actually, it isn't like that at all. My application will not behave any differently because of their code.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
RyanDev wrote: My application will not behave any differently because of their code.
Sorry to be pedantic, but do you mean that your application by design was already sending telemetry information to microsoft telemetry service or that you don't care that it does?
|
|
|
|
|
Member 2652715 wrote: but do you mean Just showing that your analogy did not work.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
RyanDev wrote: And who would people go to instead of Microsoft?
You do realize there are other compilers on the market?
|
|
|
|
|
So, do you have an answer?
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
MinGW-w64 (GCC) and Clang are two that are commonly used.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
RyanDev wrote: BryanFazekas wrote: Executables bloated with unnecessary code that does not help with the software's purpose Bloated seems like an overstatement. But OK.
The unstated thing is that, while MS claims they added this instrumentation to keep an eye on the performance of your applications, what is the performance and behavior of this telemetry logging functionality (and how will it change as they update their OS)? Can it cause app slowdowns? crashes? Fill your customer's disk? How does it change the attack surface of your app? If you don't know it's there, how will you be able to address any of this?
Worse, MS will feel free to change that code at any time, so you may wake up one day to find out that installed versions of your application are suddenly doing very bad things to your customers computers, and you didn't make any change at all to your code that could have caused it. You can deny all you want, but your customers are still going to blame you and your code.
And remember, Microsoft had no plans to tell you about this addition, they've been forced to remove it because their attempt to slip unwanted code into everybody's applications was discovered by a user and the community pushed back.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
|
|
|
|