It's a radio transmitter feeding a closed waveguide. One has to ask: why haven't we seen evidence of radio transmission providing thrust before, when it's been feeding an open waveguide?

Extreme claims require extreme evidence. People who have made extreme claims before without much evidence at all are rightly categorized with the boy who cried wolf.

The issue is bigger than that, and this story is just one early example of how forced updates could go wrong (read the summary, and for that matter numerous other discussions on this and other forums since the forced update mechanism became widely known a few days ago).

I'm happy for you that apparently the systems you use are all running Windows Enterprise, and the people who set them up and maintain them have no problem with spending time figuring out which settings to adjust to turn this stuff off. Obviously from the fact that we're having this discussion a lot of people didn't know to turn this off and got stung by it, and as I've noted repeatedly, there are analogous cases that could be just as damaging but which will not have the option to turn them off even in Pro. A lot of people are going to wind up getting hurt by this policy, even if you personally aren't one of them.

You're promoting perpetuating a long-standing, widespread and hugely-damaging user security error in order to avoid a relatively obscure problem which can actually be fixed through purely technical means. Not a win.

What you describe as a problem is actually part of the solution. The problem with classic OpenID was that it was virtually impossible to get, say 1st Bank of MyButt, to use it, because absolutely anyone could be an identity provider. I personally agree with you that classic OpenID was better in that respect, but 1st Bank of MyButt doesn't. They're hemming and hawing about letting Google manage their user's identities, but they will at least consider it.

Heh. Your snark falls rather flat, given how egregiously wrong the parent was.

Putting them in password managers is the right thing to do.

You're wrong. Hilariously so.

The entropy of "thatswhatshesaid" is far lower than 43,608,742,899,428,874,059,776. Randall Munroe calculated correctly in the XKCD comic, of course. He didn't assume that each letter was random, he assumed he was choosing four words at random from a dictionary of a specific size (about 2048 entries == ~11 bits of entropy per word). Your password is clearly not a selection of randomly-chosen words, and even if it were, it would likely have been from a much smaller dictionary.

This highlights the danger of asking users to pick passwords... even those who think they know what they're doing are likely to screw it up. Munroe's advice in 936 was good... but I think it has mislead more people than it has enlightened.

No, it's much better to use a password manager and let a computer pick large random passwords for you.

All true, but in general you can only defer updates for a few months even in Pro with Windows 10, or you lose the security updates as well. That change is actually worse than forcing everything on Home users immediately, IMHO, because it removes control from all the small businesses and power users who actually want/need it.

Spam and malicious e-mails don't cause a problem either, unless your time is valuable, or you value your security or privacy, or you actually click on something in them.

Many of these businesses already did buy the appropriate tool for the job: Windows 7 Pro, or maybe the equivalent in 8 or 8.1.

And now they're about to discover that its successor, Windows 10 Pro, is no longer the appropriate tool for the job.

Do you understand that what's being forced on everyone isn't just security updates?

Of course we can't predict what updates Microsoft will actually force people to install using this feature. However, as it is currently described in everything I've seen, things like the Windows 10 nag screen everyone hates that they pushed out a few weeks ago would be compulsory for everyone in the brave new world.

Ironically, it sounds like the only way to avoid unwanted non-security updates will be to give up on receiving security updates as well, thus having exactly the opposite effect of what you want here.

Parent was modded funny, but this is what your passwords should look like -- long and random, and typing them is a PITA. Any web site that disables pasting or prevents your browser or extensions from auto-filling passwords is broken. The sad thing is that most sites that do this (other than those that do it by accident because the devs are clueless) do it because they think they're increasing the security of their users' accounts. They're not.

Solutions like LastPass et al are the best, but honestly just using your browser's password database is better than reusing passwords everywhere. And Chrome and Firefox (at least, perhaps others) offer the option of keeping your passwords synced to all of the devices you use, optionally protected with a master password. Browsers need to offer password generation as well. I think some are working on it.

Of course, the real solution is to get rid of passwords. Web sites should switch to using OpenID authentication. Yes this means that most users will use their Facebook or Google logins, which means that, essentially, the site has outsourced its account security to those other entities. So what? If the developers of random web sites think they can do a better job of account security than Google or Facebook -- they're wrong . I work for Google and previously spent a decade as a security consultant in the financial industry and after seeing how they all work from the inside, I would feel much more secure about my bank account if I could use my Google account (with 2FA, plus all of the analytics and monitoring Google does) to log into it rather than trusting the bank to do a decent job with password-based security. I haven't seen Facebook's infrastructure, but I know people who work there, and they're good. Far better than you'll find at a typical bank, much less J. Random Web Developer.

What else did you mean by the following, exactly?

Do you know a lot of organisations that have an IT department and run Windows Enterprise but don't have dedicated IT staff?

Moving on...

And which part of this from my last post was unclear?

The point here isn't specifically that it was a driver update that screwed up, it's that an update was screwed up and that's a compelling argument for not having compulsory updates. Whether or not this particular one could have been avoided (though obviously for many people it wasn't) it is clear that there are other kinds of update that can also compromise a previously working system and that it will not be possible to turn them all off according to Microsoft's current stated policy. Apparently plenty of people are more concerned about that than you are.

Where do all the people replying to me keep finding all these IT staff? A small CAD studio or indie game development shop of the kind I mentioned doesn't have a dedicated IT staff. It doesn't run a corporate network on Windows Enterprise managed by full-time professional sysadmins. A small business like that has a few people doing the creative work, a few people doing sales, and a couple of admin/accounts people. Probably one or two of those people double as the "IT dept" when it comes to setting up the office network and maybe installing a standard set of software on a new starter's machine before they arrive, but they're taking time out from their real job to do it.

This is what happens in the real world for almost any small business up to, say, a few dozen staff. No company with 10 people has a full-time sysadmin, unless it works in some particularly tech-heavy niche and has exceptional requirements. No company that size is running Windows Enterprise either, with the same caveat. But those companies are still going to get screwed by this sort of driver update if they can't figure out how to block it. Even if they can, they're still going to be vulnerable to other forced system updates that could break stuff, and they're probably at relatively high risk given that a lot of their staff will have high-end workstations running very demanding software.

Do you understand that at many small businesses there aren't any dedicated IT staff at all? And that even with Windows 10 Pro you can only defer updates for a while by effectively tracking a different branch, not actually block them if they interfere with your work and you don't want them? This isn't just a concern with the Home edition.

In reality? No. However, it looks like we would have under the conditions we're talking about.

I've got glitching driver issues that have never been fixed on multiple machines I deal with, for example. Usually we just roll them back to whatever was installed initially, so it's not actually causing a critical problem today, but of course that's exactly the option we're concerned about losing.