Bloody Windows!!!

[james_s]

Or use open source for all the fixed infrastructure and "cloud" (yuck) based services for everything else. That's beginning to be the norm with newer tech companies.

[Zero999]

That's my point: they're not the police. They have no legal power. If a company had agreed to audits, as part of a licence agreement, then they need to accept it, or risk being in breach of contract. In the absence of any agreement to periodic audits, there's nothing they can do. If they resort to intimidation or pretending to be the police then they're breaking law themselves and need to be punished.

Seems straightforward to me, just don't sign anything which agrees to audits and what support do you get anyway? Not much by all accounts.

The burden of proof is still on the copyright holder. If an organisation hasn't agreed to be audited, as part of the licence agreement and won't accept an audit, then it's very difficult for a software company to prove the said organisation is violating their licence agreement, unless they're doing something really obvious.

I don't feel you quite understand the situation. It's pretty much impossible to buy any sort of software as a business without committing to the BSA. Just check the list of participating companies. As soon as you buy software as a business, you'll sign an agreement that makes you part of this. While I'm not sure of all the specific terms and conditions and these change all the time anyway, even using something like Azure probably opens you up to it. You simply cannot buy the software businesses depend upon without agreeing to this. It's not something you can trivially opt out of, as everyone would do that. Even a fully compliant business has every reason to avoid audits like the plague. They cost a lot of time and money. If avoiding getting audited was easy, people would do that without doubt.

While you can play a game of hide and seek, you have to understand that these people making it their business to catch people who try this. They have years of experience doing this, can afford literal armies of high paid lawyers and have developed a portfolio of tricks. To think you can outfox them would be very naive.

The only way I can see any way to avoid this is buying consumer grade software and avoiding signing any sort of contract at all. I'm not quite sure that's possible, as even Adobe Photoshop comes on a contract nowadays. You would cripple your business considerably and there's probably a few legal backdoors you haven't thought about. Or they just show up at the front desk, make convincing legal threats and an employee shows them what they need. From that point on, you're on the hook, and there's nothing you can do about it. Of course, your employees might be the ones who reported you, as the BSA claims to award cash to those that do. In the cases there is any evidence to go on, like a tip, they apparently sometimes do get help from law enforcement.

Of course, if you depend on any sort of license server or even updates for any software of a BSA member, they could simply cut you off and be done with it. That shifts the burden of proof on you and if it sinks your ship, so be it. These people whoop the asses of very serious companies with very deep pockets and significant interests. There are companies that solely exist to help other companies to make sure they're compliant. That's not for shits and giggles.

The BSA is known as very aggressive and very well funded. It's one of those organisations that can litigate your business into the ground, whether you're right or not. Considering even a trial version installed by a random employee six years ago can mean non-compliance, you're most likely to not be right.

So what you're saying is, in order to buy most business software, you need to sign a contract agreeing that you have to comply with audits?

I wonder how that works with defence contractors, such as the one mentioned previously. Lots of the information they keep is top secret. I bet the likes of Lockheed Martin don't have to put up with this bullshit.

[bd139]

When you have 100,000 seats you have a bargaining chip. No one else does.

[tooki]

@hero999: It’s entirely possible that the BSA has auditors with top security clearances. But it is an interesting question you pose.

[bd139]

I can speak for the UK at least...

They can't get security clearance as they would require DV / enhanced DV in the UK. This is based on sponsorship so if you're a contractor the company which is doing the audit needs a contract with the MoD to start with. The MoD isn't going to have anything greater than a supplier contract with MSFT which doesn't satisfy the requirements of the DV clearance sponsorship. On top of that, they wouldn't get list X status which is the only other way in.

So someone would send a nastygram to the IT director, who would hand it over to the legal director and the CEO who would forward it to the home office, who would write a carefully worded version of "fuck off" at the highest level. They would appeal this in the high court who would be told it's a matter of national security and assign a verdict of a carefully worded version of "fuck off".

The best way to fight a legal battle is with bureaucrats!

Now I only worked for the yanks but they got the home office to declare some of the soil as entirely under US jurisdiction and said all the equipment was there.

[amspire]

http://www.reactos.org

No! It is a total waste of time. I cannot believe people have been working on Reactos for over 20 years with no usable result. They started off trying to be Win95 compatible and when they realised that was a waste of time, they tried to be compatible with NT4.

I followed them for a bit around the 2000 era thinking it would be fantastic to have a basic free Windows compatible O/S that can run a license server or similar. Reactos never got close.

Windows keeps moving a twice the speed of Reactos and they have never caught up. You could not run it for 1 day without many crashes.

[bd139]

Have you tried it recently. It’s a lot closer than it was. It’s actually almost usable now.

The point of ReactOS wasn’t to keep up with windows but to maintain a useable subset of windows API. They have done that.

Really the scary thing they have done is reimplement windows NT entirely (!)

[tooki]

The point of ReactOS wasn’t to keep up with windows but to maintain a useable subset of windows API. They have done that.

Really the scary thing they have done is reimplement windows NT entirely (!)

Whats almost crazier is that this is not the first time this has been done! The WINE project is almost the same thing, just running atop a *nix OS instead of on bare metal, and the long-forgotten SoftPC and SoftWindows virtual machine/emulator (to run DOS and Windows, emulated, on a classic Mac), which apparently trapped and executed natively a few Windows APIs, so that they didn’t have to be run in the emulated 486 CPU. Wiki describes it as “Unlike most emulators, the SoftWindows product used recompiled Windows components to improve performance in most business applications, providing almost native performance (but this meant that, unlike SoftPC, SoftWindows was not upgradable)”. The “almost native” claim is, uh, let’s call it a slight exaggeration. I’m not entirely sure whether Insignia, the developer, wrote those themselves or licensed them from Microsoft, which apparently is a thing.

Not to mention that the Win32 API itself was implemented by Microsoft itself three times: once atop DOS (in Win 3.1—Win ME), once atop NT (itself being a clone of VMS), and once atop Windows CE. The Win16 API was implemented at minimum on the first two.

And just for comparison, Apple reimplemented the original Mac APIs, slightly tweaked, as Carbon running on UNIX in Mac OS X, but also as a runtime library for Mac OS 8 and 9. Similarly, prior to being acquired by Apple, NeXT had its native APIs running not only on NeXTstep/OpenStep, but also as a runtime library on Windows.

[bd139]

Indeed. I used to cross compile stuff for Solaris we wrote in win32 using a mainsoft product. This was the bad old days of Visual c++ drunken shite compiler. The API was portable but compilers at both ends were buggy as fuck.

Then there’s the Unix subsystem for NT...

What’s an OS? Completely irrelevant if you target POSIX.

[bd139]

It’s not dead. They remarketed it as WSL.

[Specmaster]

http://www.reactos.org

Well I've downloaded the demo CD image, having trouble getting it run, all it wants to is try to open my Leawo BluRay Player and reports an error??? 

[Mr. Scram]

Well I've downloaded the demo CD image, having trouble getting it run, all it wants to is try to open my Leawo BluRay Player and reports an error??? 

Are you sure your system isn't asking for a CD to be inserted so the image can be burned on it?

[Specmaster]

Well I've downloaded the demo CD image, having trouble getting it run, all it wants to is try to open my Leawo BluRay Player and reports an error??? 

Are you sure your system isn't asking for a CD to be inserted so the image can be burned on it?

Absolutely it asks me to send an error report to Leawo so that they can let me know when they have a solution?

[Bassman59]

@hero999: It’s entirely possible that the BSA has auditors with top security clearances. But it is an interesting question you pose.

To access classified information, you need to have two things. One is a clearance of sufficient level. The other is the “need to know.” Those auditors may indeed have top-secret clearances but if the custodian of the information refuses to grant access, the auditors are out in the cold.

[Mr. Scram]

To access classified information, you need to have two things. One is a clearance of sufficient level. The other is the “need to know.” Those auditors may indeed have top-secret clearances but if the custodian of the information refuses to grant access, the auditors are out in the cold.

They can simply pull your licenses if you don't cooperate. A working and secure infrastructure seems non optional. What are you going to do? Migrate overnight?

[Zero999]

When you have 100,000 seats you have a bargaining chip. No one else does.

Not all defence contractors are that big. Marshall Aerospace certainly aren't.

To access classified information, you need to have two things. One is a clearance of sufficient level. The other is the “need to know.” Those auditors may indeed have top-secret clearances but if the custodian of the information refuses to grant access, the auditors are out in the cold.

They can simply pull your licenses if you don't cooperate. A working and secure infrastructure seems non optional. What are you going to do? Migrate overnight?

Use a firewall to block MS licensing server from accessing your computers.

Which any good defence contractor will do, for security reasons. It will also stop Windows and other software from automatically updating and phoning home.

[bd139]

Doesn't work that well even on airgapped networks. Read this then weep: https://technet.microsoft.com/en-gb/library/dd981010.aspx

Your options are basically phoning in every activation or using a KMS which requires regular internet connection.

[Naguissa]

I remember a friend once asked me to come over to help with his PC but he had win10 so i needed his help to navigate through the windows to help him with his PC
And just recently he installed the new windows meltdown/spectre patch on his athlon PC and he's getting non stop driver power state errors, blue screens and failures to even power on. And when he did finally manage to get the PC running starting any task would max out his cpu and keep it at 80-100% usage.

The problem is not Windows nor the bug patch. The problem is why on earth there's still anyone running Win10 on an Athlon.
An H110 mobo with cracked BIOS running an i3-8100 is a very decent quad core setup with a lot of horse power with a $300 whole system cost.
Yes, 8th gen CPUs can run on 6th/7th gen mobo, the VRMs are not good enough so don't run an i5/i7, it will end up with flame. i3 is physically supported with software BIOS crippling which can be cracked.

My son is happily using a Turion64x2 RM77, Why I have to pay 300$ for a new and (also) buggy laptop. Even more, his HP tx2 is a poorly thermal designed laptop, but still very cute, touch, pen and appealing little and complete laptop (12", includes dvd, fingerprint, rotatory scteen and even an IR remote) compared to a 300$ one.

Enviado desde mi Jolla mediante Tapatalk

[Mr. Scram]

My son is happily using a Turion64x2 RM77, Why I have to pay 300$ for a new and (also) buggy laptop. Even more, his HP tx2 is a poorly thermal designed laptop, but still very cute, touch, pen and appealing little and complete laptop (12", includes dvd, fingerprint, rotatory scteen and even an IR remote) compared to a 300$ one.

Enviado desde mi Jolla mediante Tapatalk

Paying $300 for a new laptop is just asking for trouble. You can't not end up with a steaming pile of compromises and shortcuts.

[bd139]

Yes. There's almost nothing I like about a $300 laptop. Doesn't matter the vendor.

You can get a second hand Thinkpad T440 for $100 less than that which isn't made of poop.

[james_s]

That Activate Windows on the big outdoor screen is funny. Reminds me of about 2 years ago when I was driving on the freeway past some of the big Indian reservation casinos, the huge color LED billboard out in front of one was displaying the Windows 2000 desktop complete with a shortcut for an old version of Firefox.

Some time back I also read a news article about an incident in China where someone decided to browse some porn on a PC, not realizing it was controlling one of those big outdoor LED screens that wrapped around the corner of a building in a city square. I'd hate to be that guy.

[SeanB]

There was a sign near me that was running Win98, easy to recognise even though the LED sign was only showing a QVGA signal from the top left quadrant of the display. The blue background, the icon shapes along with the mouse cursor still sitting in there for weeks on end were easy to recognise. Guess the power supply on the beige box they were using got a little flaky, after the AC units that kept it cool were stolen for scrap metal.

[ivan747]

You need an SSD to run Windows 10. Windows installer has a ton of small file IO, and Windows Defender checks every of them.
Solution: disable Windows Defender and take the risk.
Not only WD screws up with Windows installer, it also screws up GCC when compiling large programs, even with NVMe SSDs.

It does the same on SSD. My X220 laptop turns into a toaster oven every few days.
And WTF, Microsoft checks files -coming from Microsoft- for virus

That’s a good thing, you should be grateful that they don’t even trust themselves.

Also, what if a malware disguises a Windows file...

[ivan747]

I think the new UI could work absolutely fine. Only problem is all the GUI elements are so large. It’s like a telly tubby play set.

This ^

[technix]

Not related to Microsoft, but I remember how one of my previous employers get caught from using pirated PADS software: the PCB house. It appeared to me that PCB houses can get licenses to most board design software at a very reduced price (likely without the "new project" button and forced phoning back as a limitation in this license.) The version pd PADS embed its licensing information in project files it generated, and the board house associated the files to the company. Now the board houses' copy of PADS performed a post-mortem piracy scan and caught us. That means although only one guy is using the software the company had to pay for 5 years of previous use for every single employee as compensation.