The engine may end up being an "Enterprise Mode" like IE I think?

Edge as a browser works well but with a few show stoppers that killed any further usage for us:
1: Downloads mysteriously won't start or just plain stop for no reason.
2: Edge ate my favourites way too many times.

The containerized Edge, Application Guard I think(?), is a great idea. If Edge was as good as they had hoped it would provide a fantastic sandbox experience to protect users from drive-by attacks and bad GET commands from e-mail clients.

At least we are not getting stuck with the legacy ActiveX that keeps rearing its head every once in a while because of IE. 😛

https://www.itnews.com.au/news/qld-it-minister-cautions-feds-over-interference-516628
Queensland’s IT minister Mick de Brenni has urged the federal government not to use its newly created Australian Digital Council as a way to dilute state regulation.
 
He has also accused the Canberra of not consulting with state and territory governments prior to releasing its inaugural digital transformation strategy last month

So it seems that only Canberra is keen on it.

iimjphm2ni221.jpg

@Dashrender said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@JaredBusch said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@Dashrender said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@scottalanmiller said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@Dashrender said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@JaredBusch said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@scottalanmiller said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@JaredBusch said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@scottalanmiller said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@Obsolesce said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

This only occurs, that I've seen, during OOBE when you set up the PC as a local, non-domain, non-Microsoft-Account, user.

Correct, as a standard local account. The "normal" way. Most people don't use AD, even in business this is dropping off quickly. And lots of people don't want to deal with those ridiculous MS accounts that they try to ram down everyone's throats. And who knows how secure those are, anyway.

That is not the normal way to set up windows anymore and has not been for quite a while. The normal way to set up windows is with a Microsoft account. In fact you have to click no to setting up a Microsoft account multiple times in order to set up a PC without a Microsoft account

That's what they promote, but I wonder how many people are actually doing that.

Probably most that don’t use AD. Of course some will not, but not many.

I tend to agree - most home users will use a MS account simply because it's what's presented. IT folks and some programmers might not, but I'm willing to bet it's way over half that do.

Have you seen a lot of home users doing this? I have not, of course my cross section is tiny. But of the ones I see that have zero tech skills, they all skip it because it is scary and confusing.

The option to skip it's obvious enough for most people I run into - they just do it, even if that means setting up a new account.

It is obvious? not really. And even if they see it and click on it, you have to refuse once or twice more.

Whoops - I meant - NOT super obvious... normal users will be guilted into using an MS account in most cases.

yeah the first two times it took me a moment to notice you could skip.

@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem

Even when it's important to them, the end user refuses to educate themselves.

While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?

Because part of the chip is RFID capabilities. Stupid humans still.

I guess when I read his comment I thought the hole punch people were only trying to disable the chip, and not TAP, but their overzealous punching also caused damage to the TAP chip..

The RFID is not a separate chip. It still uses the same chip. The antenna may be on the other side, but the brains are all in the one chip.

OK I'd like to think this is right - as it would totally make sense.

the problem I have with it is that tapping takes a fraction of the time to authenticate a transaction compared to plugging the card into a reader - is the wireless read just that much faster? or is TAP really not doing an challenge response situation like chip is?

Do they even have a website at this point?

I'm curious as to how they'll deal with depletion of their 256 bit UUIDs and/or spoofing or anything else. We can know is that Google (and others) will have a way that works across IP addresses that will provide a fairly unique way of identifying you no matter what. Presumably some browsers will let you change it or have it different in privacy mode or whatever, but like with Don't Track we'll can almost guarentee that even if there is a standard some other company like Microsoft will implement it just differently enough to make a lot of it pointless... other than the connection speed I guess.

People are already gungho about this, some thinking that it's a total replacement for the TCP stack which is utterly stupid. I first read about this in mid 2017 and noticed it seemed to be sort of a spin on MinimaLT which was specified to deal with mobile IP (as in protocol, not address) issues.

@scottalanmiller said in Another Major BGP Mishaps Redirects US Traffic to China:

I noticed that YouTube was down yesterday for a little bit. Very short, though.

Even Facebook got taken out for a bit too... Don't know if it's related or not, but still...

@DustinB3403 said in Some New Macs Risk Bricking from Third Party Repairs:

@dafyre said in Some New Macs Risk Bricking from Third Party Repairs:

@Dashrender said in Some New Macs Risk Bricking from Third Party Repairs:

@DustinB3403 said in Some New Macs Risk Bricking from Third Party Repairs:

Yeah I kind of have an issue with this. . .

It's my device, if I want Joe from the mall kiosk to replace whatever in my device, that is my right to do, and I'd be the responsible person who risk the device being broken further or compromised with non-oem parts.

On the other side of the conversation I understand Apple's reasoning for this and it's sounds like they simply want users to use OEM only parts, but they use this guise of "for security".

Which also kind of irks me. . .

Why do you call it a guise? If Apple doesn't make the interconnect APIs available, who knows what those knockoff people are making.

I'm back to the point where the device should likely just hit you with a warning every 24 hours that you might have compromised shit installed - but I'm guessing that Scott and others will be against that level of frequency.

I'm against a one time notice of there being a perceived security issue in the device.

I'm not against a notification -- but every 24 hours seems excessive. Maybe a 30 second notification every reboot -- something that doesn't require any action other than waiting the 30 seconds.

But this is just an "you may have been" there is no proof that something has been compromised. Just the possibility because a non approved person or company has worked on property you own.

I think any notification that would force you to wait, period would be overly intrusive.

Right, you MAY have been compromised with Apple's own stuff, too. But they would "conveniently" not show a warning. Therefore the warning would have nothing to do with risk, and everything to do with FUD.

@JaredBusch said in Blockchain-based elections would be a disaster for democracy:

@pmoncho said in Blockchain-based elections would be a disaster for democracy:

@scottalanmiller said in Blockchain-based elections would be a disaster for democracy:

@pmoncho said in Blockchain-based elections would be a disaster for democracy:

@scottalanmiller said in Blockchain-based elections would be a disaster for democracy:

@pmoncho said in Blockchain-based elections would be a disaster for democracy:

@IRJ said in Blockchain-based elections would be a disaster for democracy:

@JaredBusch said in Blockchain-based elections would be a disaster for democracy:

@IRJ said in Blockchain-based elections would be a disaster for democracy:

@JaredBusch said in Blockchain-based elections would be a disaster for democracy:

@scottalanmiller said in Blockchain-based elections would be a disaster for democracy:

@JaredBusch said in Blockchain-based elections would be a disaster for democracy:

The technology itself makes for a great tamper proof system. but that is not the problem with a blockchain based election system.

As the article states, the hard part about this technology is the loss of anonymity.

And perception problems.

I don't care about perception of people too stupid to even spell blockchain, let alone understand what it is.

Blockchain election systems would be great technically.

100% agree. Blockchain isnt quite ready for this yet, but will be very soon. I have done quit a bit of tinkering with my own Ethereum token with transactions, testing, etc.

It isn't quite ready for the Broadway yet, but it's getting there and the concept is very solid. Some issues need to be addressed such as speed.

The issues will not be technical. If you cannot have a 100% anonymous electorate, then you have people that can sell their votes (and prove it).

The entire point of blockchain is accountability. You cannot have accountability and anonymity with the current design of blockchain.

Retaliation based on political views could be a potential issue as well.

I believe It may already be an issue and would get much worse.

Right now it is based on perceived views. Which is bad. But you can imagine how mad people would be if they learned for certain how people voted.

For the people who want that info kept private, it is a huge issue. Many people have no issue stating who they did not vote for or what party they belong to. Just like many have no issue posting their life on social media.

Claiming and proving are very different things, though.

Good point.

Actually, the point. If people would be able to prove that they voted a certain way, the amount of money that flow into vote buying is nearly unimaginable.

Yeah, someone paying for a vote might pay $.25 for someone's word on who they voted for. But might pay $100 for a proven vote.

@Dashrender said in Strange snafu misroutes domestic US Internet traffic through China Telecom:

@scottalanmiller said in Strange snafu misroutes domestic US Internet traffic through China Telecom:

@Dashrender said in Strange snafu misroutes domestic US Internet traffic through China Telecom:

Man - BGP needs an overhaul!

Replaced!

Is there something that can replace it now?

Dont' think so. Not on that scale.

So chrome is finally starting to catch up with the level of ad blocking I've had for years.