It's no secret that users dislike the direction Microsoft is taking Windows. The forced online account, the telemetry and invasion of privacy, and the advertisements are all objectionable, but it's the injection of AI everywhere, even/especially where it's not needed that has has caused the most pushback from users.

The criticism to all this has been deafening, but Microsoft has completely ignored it, dismissing user all concerns and forging on ahead. They have not only ignored user criticisms, they are doubling down and accelerating their push to make Windows an "AIgentic" OS.

Until now.

This is the first indicator that upper management in Microsoft is aware of how much user dissatisfaction there is. They can dismiss home users, because they are a captive market. Sure, some will switch to MacOS or Linux, but the majority of users are locked in, and will take what they're given. But the corporate world is a different matter. Microsoft actually cares when they start looking at alternatives.

A lot of EU governments are running pilot projects to test the viability of using non-Microsoft solutions. One of the arguments for that has been to get away from the forced AI that Microsoft has been pushing. By allowing corporations (but not end users) to disable it, Microsoft can now claim that argument is no longer relevant.

For them to have done that, the corporate feedback they've received must have been pretty scathing.

Whether this will trickle down to home users is another story. Personally, I'm doubtful it will.

I had a nontechnical friend call me for help a while back when her C: drive started dying. She bought an external USB to back it up, but Windows kept giving "Disk Full" popup errors on this new, empty 4TB disk, and wouldn't copy any files.

I looked up the error code of the "Disk Full" message and found it was a OneDrive error. My friend was using File Explorer to do her backup, using drag and drop to copy to the new disk. Apparently, Windows takes this as a signal to copy the files to OneDrive, as well. But since her OneDrive had only 5GB of space, and she was trying to back up 1.7TB of files, Windows failed the copy.

To be clear, it didn't just fail the copy to OneDrive. Windows refused to do local file copies because a network drive was out of space.

Her reaction to this was, not surprisingly, "OneDrive? What's that?"

She, of course, had no idea what was going on, and was frantic she'd lose files from her dying C: drive. I showed her that using a non-Microsoft file manager (I used Double Commander, but any would work) would copy the files without problem, as would disabling OneDrive, which I did. But since I wouldn't be surprised if OneDrive reasserted itself in the future, it was a good idea for her to know how to work around it in any event.

In the year since that happened, OneDrive has gone beyond just preventing users from backing up their hard drives on secondary disks to taking files from their PCs without permission and then deleting them. That's a dark pattern at best, criminal theft at worst.

People talking about "all you have to do" workarounds are missing the point. This is a consumer level product sold to nontechnical users. Making the most unintuitive, destructive and intrusive behaviour the default, not informing the user of it, not documenting the steps required to configure safe behaviour, and then putting the onus on end users to figure out how to configure safe and intuitive behaviour is a dark pattern than is not only grossly incompetent, it is arguably malicious, as well.

I bought something in the supermarket that was $6 with a "40% off" sticker on it. I put $3.60 on the counter.

The cashier couldn't ring it up. Her cell phone didn't have a "minus percentage" function; she had to go over to another cashier whose cell phone did.

Never mind doing it in her head, she couldn't do the manual steps of (1) 40% is 0.4, (2) one minus 0.4 is 0.6, (3), 0.6 times $6 is $3.60 with the calculator she had, because she couldn't break the steps down.

I felt like I was back in grade 2 when I added 39+23, got 62, and my teacher took a mark off because I didn't show the intermediate steps.

Not only did this interaction take five minutes to do a calculation that kids in second grade used to be able to do in their heads, she actually told me I was "lucky" that her friend with the natural language calculator was in that day, otherwise she wouldn't have been able to ring it up.

She was amazed at how "lucky" it was that I had put $3.60 exact change, and asked me how I "guessed" the right number.

And people wonder why so many grocery stores are putting scanners and self checkouts nowadays.

I've worked at a number of companies. They all had phishing training that was at best useless, and often completely counter productive.

One company sent an invite to a mandatory off-site (only a city block away, but still) security training seminar to everyone in the company. The invite was sent from the training vendor, with no advance notice, and demanded employees register for the event using their company ID and password. Employees received an unexpected email from an unknown third party, demanding their corporate login credentials, and naturally reported it to IT. IT instructed HR to reprimand users for refusing to sign up for the mandatory training.

When users asked how they were supposed to know that this email was legit, IT said it was obviously legitimate because "it has the corporate logo on the letterhead". Boy, it's a good thing that scammers can't fake letterheads, that's all I can say.

Another company's IT sent out a test phishing scam to see who clicked on the link. Of course, they sent it internally using valid Exchange credentials, and the link was to an internal company server's 10.0.x.y IP address. Tech savvy users were confused why a scammer would link to an internal server, and many reported it to the corporate security head office as a breach of the internal network.

At a third company, management's emails to staff violated the phishing rules so routinely that when one employee left, at his new company, he almost fell for their phishing test, because "$COMPANY1 trained me to think that suspicious looking emails are probably legit ".

I saw one security head report to management that there was no point in doing phishing education amongst employees, because so many emails from management, IT, and HR violated the rules for proper communication that employees were continually guessing what was and what wasn't legitimate.

When users get emails with all the signs of a scam - bad grammar, mis-spelled words (including the name of the company), links to external sites, demands for corporate login credentials, threatened punishment for refusing to provide credentials - that later turn out to be legitimate IT/HR communication. When the company doesn't reprimand IT/HR for breaking email rules, but instead reprimands employees for ignoring these suspicious emails, of course they're going to not going to find phishing training effective.

If corporate communications don't follow phishing rules, why should the employees?

Years ago, I worked at a company that had won a major contract, and need to staff up rapidly. They had over 150 open positions, and at the annual town hall meeting, all the CxO types talked about the referral bonuses that were being offered, etc., and they really wanted people to spread the word.

They were not only looking for generalists, they had some specific skill sets, some of which were rare. As it turned out, I had a friend with one of those skill sets. He wasn't actively looking, but his current contract was due to expire soon and he wasn't terribly keen on renewing, so I told him about the place.

Despite the company brass practically begging staff to get people to apply, HR wouldn't actually talk to anyone who called. They were referred to the online HR portal. The portal was almost impenetrably difficult to navigate, and despite the CxOs saying they needed more than 150 people, the portal only had about 25 positions listed. Worse, none of them actually even mentioned the skill set that we were supposedly desperate for.

HR's response was "We really don't have any openings at the moment. Tell him to make sure to use project management keywords in his resume in microsoft word format, otherwise the automated system will filter out his resume". Yes, while senior management was begging for applicants, HR was turning them away, refusing to talk with them, and the only advice they would give was how to trick their own automated systems.

Guess what? HR like this is going to find that AI can get past their automated systems, while keeping applications of actual human beings from ever being seen. And I'm sure that it will be seen as a failure on the part of the applicants, not HR.

A few years ago, I had a customer freaking out because her hard disk was dying, and she couldn't do a backup. She had a Windows 10 PC with a 2TB disk, and had bought a 4TB external WD disk to back up her dying internal machine. But every time she tried to copy files, she got a Windows error saying the disk was full. The 4TB disk was properly formatted, had only 200MB of files on it, and showed 3.98TB free space, but Windows refused to copy files to it because it was "full".

As you can imagine, she was frantic, as irreplaceable data was at risk. I was called in to debug the issue, and sure enough, copies to the 4TB disk didn't work. I hooked it up to my laptop, and it was fine. Why could my PC copy files to it, but hers couldn't?

Because of OneDrive.

The error message was a OneDrive error. But she wasn't copying to OneDrive in the first place. Or was she?

It appears that when you copy files using Windows Explorer using drag and drop to another Windows Explorer, OneDrive quietly intercepts the copy, and also copies the files to OneDrive, for backup.

She was doing drag and drop between two Explorer windows. And her OneDrive was completely full, and out of space, so it couldn't take any more files. So Windows aborted the copy with any error.

Yes, because OneDrive was full, Windows prevented copying to a local hard drive.

The customer didn't even know what OneDrive was. Exiting it, and stopping it from starting up again, she was able to back up her system, but she was totally freaked out about the OneDrive "virus" that almost caused her catastrophic data loss.

And when she found out what OneDrive was, and realized that confidential, proprietary data from her customers was now on Microsoft servers, she freaked out yet again.

My only question is, why isn't there a "because it causes data loss" option in the list of reasons people want to exit it?

No, actually, I'm talking about cases where the patient had failed to respond to other treatments and then tried it as a last chance, and then recovered. A couple of the cases were quite dramatic.

That's why there are lots of doctors that are enthusiastic about it. But their experiences aren't universal, or (so far) reproducible. As I said, there have been just as many, if not more cases where it's not helped at all.

The NYT did a writeup about a doctor who initially claimed to have treated 699 patients with it with a 100% success rate. Sounds to good to be true? It is. The follow-up investigation showed that it was closer to 350 documented cases that could be traced, and 4 of them had died. Which is close to the 1% mortality rate that is normally associated with Covid-19.

Of course, that 1% is for the population as a whole; this was for 350 hospitalized patients. Which is to say, they were from the 15% that get a severe case, where the 1% is 1 out of 15, or about 6.67%. For a sample size of 350, that would normally lead to 23 deaths, so 4 deaths is a significant improvement.

Yay, wonder drug, right?

Well, not so fast. Some of the cases weren't so serious; the doctor was prescribing it in the early stages of the symptoms. So perhaps some of the 350 patients were part of the wider 80% that would recover naturally. But within that group were several that did have extreme respiratory issues that cleared up and didn't require ventilation.

Now, the doctor says that he's had great success and his patients have all recovered, which is the important thing. And, he's been treating huge numbers of patients. Obviously he's enthused about this drug and attributes his patient's recovery to it.

His methodology doesn't prove that this drug is a cure-all, but his sample size of success is significantly large to indicate that there is something. So fans of the drug point to his success and critics point to his methodology. There's something for everyone.

Of course, properly randomized, double-blind tests trials need to be run. By the time they are complete, the pandemic will be over, so the information won't be useful for the current onslaught of patients. And that's why people are looking at unscientific anecdotes as an alternative.

From what I've read about this, and I've read a lot, there are numerous documented cases where it (paired with zinc or other treatments) has absolutely been a successful treatment.

And there are just as many if not more cases where it has done absolutely nothing.

So it is neither the miracle drug that Trump has proclaimed it is nor is it just quackery. It's a YMMV drug.

It may be that it only works when the Covid-19 disease is at a certain stage. Or it may be that people that have (or do not have) certain genetic markers that make them respond to it. It might be affected by certain pre-existing comorbidities.

There have simply been too many documented cases where it has had a mitigating effect to say that there's no benefit to it. We don't know how, or under what conditions it helps, but sometimes it has.

We simply don't understand it yet. It's like the Corona virus itself in that way. Why are some people (the majority) who get it minimally affected, while others become gravely ill, and die from it?

We shouldn't dismiss it or embrace it wholeheartedly, either. We should study it, as we are, but I can understand why people in the middle of a pandemic want to rush to embrace something that's worked at least some of the time.

The CDC really made a mistake in saying that masks don't work, while concurrently complaining about a shortage of them.

Absolutely they work, or medical staff wouldn't use them.

But the CDC didn't want the general public hoarding N95 masks, which is understandable. So they said masks don't work, which of course just added to the confusion.

The thing is, it's not a question of N95 or nothing. Different masks provide different levels of protection, both from droplet and aerosol spread.

It's like social distancing. If you can't maintain a 6 foot distance, that doesn't mean it's not worth having a 5 foot distance. And a 5 foot distance is better than a 2 foot distance, etc. The same is true with masks.

Even if a non-N95 mask only cut the spread by 10%, that's 10% better than nothing, so why not add it to the list of precautions?

I don't know about RSE, but a cloned 2FA doesn't give anything away. The app is keyed to the hardware of the phone, not (just) the phone number. If you cloned my cell phone and ran my 2FA app, it wouldn't work.

This is something that users of Google Authenticator have complained about, actually. They get a new phone, have the same phone number and Google account, but the Google Authenticator won't give 2FA tokens out. Other OTP systems, like Authy, have mechanisms so that you can port it to another device, but you can only do it from a working system, ie. it won't help you if someone's done a SIM hack job on you. On the down side, you can't get into your accounts any more, but on the up side, neither can whoever stole your phone number. It's inconvenient, but it gives you time to lock down your accounts and/or inform your financial institutions that you've been hacked.

Yes, that is a very valid complaint.

Every SIM hacking story I've seen falls into one of three categories.

Either (a) the victim called the bank/eBay/Visa and got their account frozen, usually after $5K-$10K was taken or charged, and got re-imbursed, (b) they got an email from the bank/eBay/Visa telling them there had been suspicious activity on their account, that's why it was frozen, and by the way, you're not answering your phone, or (c) they had lots, possibly everything, in Bitcoin, lost it all in seconds or minutes, and are suing their phone company for the losses.

Bitcoin exchanges are not banks, and also, telephone numbers are not secure tokens. Use RSA. Get a Yubikey. Use 2FA at the very least. Relying on your phone number, which is something that is not under your control, and which is provided by vendors who don't even claim it's secure, is fraught with peril.

I've talked with my banks about SIM attacks. They all have procedures in place to minimize losses from something like this, and one of those procedures is that don't allow you to empty out your life's savings electronically. Well, if your life savings are only $2K or in that range you can, but if you have $300K in RRSPs, TFSAs (yes, I'm Canadian), or investment funds, you can't just convert that to cash and sent it to the Cayman Islands in 30 seconds from your computer. Even if you had that $300K lying around in cash for some reason, you can only send a daily limit of something like $10K or whatever.

Banks know that they have to cover the cost of fraud, so they limit the amount at risk. Bitcoin exchanges were practically designed to be untraceable. People who keep their life savings in a liquid, untraceable financial instrument like that are the prime target for SIM hackers, specifically because the victims have already done most of the work for them.

If a SIM hack swipes $10K from my bank, or changes $10K to my Visa, I take the issue up with my bank and Visa. If a SIM hack takes $10K from my Bitcoin exchange (if I had one), I can't take it up with the exchange, so I sue the middleman, the phone company. The thing is, the phone company never made me any guarantees that my phone number was secure, and suitable as a security token.

Whoops, wrong tab. I meant to post this in a thread on the issue of the problems it's having with photo radar, not the night visibility. There are numerous complaints about the new plate in addition to the night visibility issue.

I just came back from lunch, and there was a car in the lot with the new plate. I've seen the pictures of the completely unreadable plates, but the one I saw was completely legible, for whatever it's worth. Possibly there's a bad batch, or the issue occurs in different lighting conditions. But the problem may not be universal. Which, of course, only makes the problem worse, in terms of diagnosing the problem.

Here's another one. Did a number of rail-related projects in OS/2 back in 1996/1997. Although most have been replaced with newer, Windows-based systems, many are still running. The biggest problem is getting replacement hardware that OS/2 will run on.

For those who do need to do that, we've had some success with Arca, which is the latest name for the old Workspace On Demand product, ie. the post-IBM version OS/2. There's nothing really new in it; it's just that unlike Merlin, it will work on CPUs more recent than Pentium Pros, can see hard drives greater than 8GB, runs on machines with more than 64MB (yes, MB) of memory, etc.

That's not to say it will use those resources overly well, or even at all. USB devices are often still a hassle, other than keyboard/mice. But you can at least get the OS running. And it's a hell of a lot easier than trying to find a working hard drive that's smaller than 8GB to install on.

For the typical slashdotter, who already knows about 2FA, PGP, an IPSec, and has a password wallet, it won't be.

For a more typical mundane user, whose current password for the phone, the PC, the bank, and every web site is her dog's name/his favourite sports bar and maybe his/her birth year after ("to make it secure"), having a piece of hardware and using a biometric or PIN is a lot more secure. It's not better because the hardware key and a 4-digit pin are more secure than a 64 character password. It's better because because it's more secure than the painfully poor security practices that most mundanes use in real life.

There are more secure options out there for security. But the key for most end users is getting them to actually use the damned thing. Most people simply don't follow good security practices. This allows them to, without requiring them to make much effort, and they don't have to memorize anything.