Discussion:
Edge-Chromium - maybe OT, but then not so much
(too old to reply)
ObiWan
2020-01-16 09:07:12 UTC
Permalink
Microsoft is starting to deliver the new version of the Edge browser
based on the Google "Chromium" engine

https://arstechnica.com/gadgets/2020/01/goodbye-microsoft-edge-welcome-microsoft-chromium-edge/

"As of Wednesday, January 15, Microsoft will begin pushing its new,
Chromium-based version of the Edge browser to Windows 10 Home and Pro
users."

now, maybe it won't have side effects, but I do really wonder if and
how much it may affect the code leveraging the IE libraries and APIs
(wininet and so on)
Mayayana
2020-01-16 13:15:40 UTC
Permalink
"ObiWan" <***@mvps.org> wrote
now, maybe it won't have side effects, but I do really wonder if and
how much it may affect the code leveraging the IE libraries and APIs
(wininet and so on)
It's hard to imagine they might break so many things.
That would also break web browser controls in VB
and .Net. And it would break HTAs.

And IE11 is still there, right? It's an interesting question,
though. Are they running "Edg" (the userAgent string I
heard they're using) as separate software? That would
make sense, to separate it from the system once and
for all. Would it even be legal to incorporate it into a
closed-source OS? I don't know.
ObiWan
2020-01-16 14:14:29 UTC
Permalink
:: On Thu, 16 Jan 2020 08:15:40 -0500
:: (microsoft.public.vb.general.discussion)
Post by ObiWan
now, maybe it won't have side effects, but I do really wonder if and
how much it may affect the code leveraging the IE libraries and APIs
(wininet and so on)
It's hard to imagine they might break so many things.
That would also break web browser controls in VB
and .Net. And it would break HTAs.
You're probably right, but then there's no confirmation :(
Post by ObiWan
And IE11 is still there, right? It's an interesting question,
though. Are they running "Edg" (the userAgent string I
heard they're using) as separate software? That would
make sense, to separate it from the system once and
for all. Would it even be legal to incorporate it into a
closed-source OS? I don't know.
I think they already solved it, see looking at the direct download page
for the Edge-Chromium https://www.microsoft.com/en-us/edge sounds like
they're offering (and will probably push through WU) it for Windows 10
and for Windows 7, 8 and 8.1, so I think they already solved that part

Then, given that we're talking about MS, everything is possible <grin>
Mayayana
2020-01-16 14:52:39 UTC
Permalink
"ObiWan" <***@mvps.org> wrote
I think they already solved it, see looking at the direct download page
for the Edge-Chromium https://www.microsoft.com/en-us/edge sounds like
they're offering (and will probably push through WU) it for Windows 10
and for Windows 7, 8 and 8.1, so I think they already solved that part
I didn't know all this. Support for 7+. IE-mode.
And a much more straightforward proclamation
of spyware:

"2.5 Communications with You. Microsoft may use your contact information
(i) to communicate with you about your use of the Software, and (ii) to
provide you with additional information, about the Software and other
Microsoft products or services.

[Does this mean you have to provide personal info just to
get the software? Or are they assuming that if you use
Windows and download the software, they already
"know where you live"?]

2.6 Feedback. If you provide Microsoft comments, suggestions or other
feedback about the Software to Microsoft ("Submission"), you grant Microsoft
and its partners rights to use the Submission in any way and for any
purpose.

2.7. Data Collection. The Software may collect information about you and
your use of the Software and send that to Microsoft."

Wow. I don't know whether it's reassuring or creepy
that they no longer feel a need to hide behind mounds
of legalese. They just come right out and
say it: "We're going to spam you, spy on you, and if
you say anything nice we can quote you in our ads."

I feel like if I were to use Edge then I'd be so close
with MS that I should really let them share my toothbrush.
ObiWan
2020-01-16 15:02:08 UTC
Permalink
:: On Thu, 16 Jan 2020 09:52:39 -0500
:: (microsoft.public.vb.general.discussion)
Post by Mayayana
I feel like if I were to use Edge then I'd be so close
with MS that I should really let them share my toothbrush.
LOL :D

Seriously, those clauses aren't new, they've been around for quite some
time now, although in a past they were buried under some tons of legal
stuff, all in all you don't own the OS, Microsoft owns it and "kindly
allows you to use it", this means that they can do whatever they want
with the OS and, in turn, with the hardware it runs on, even if that is
yours

oh well :P

Back to the topic, I doubt (or at least I hope so) that they'll break
the IE APIs, but I suspect that they'll probably replace some of the IE
libraries with some "shims" which, under the hood, will call the Edge
library functions
GS
2020-01-17 02:36:03 UTC
Permalink
I'm thinking I'll take my Win7Pro machine offline permanently so it's not
remotely accessible to anyone but me, same as I've done with my XP Pro machine!
--
Garry

Free usenet access at http://www.eternal-september.org
Classic VB Users Regroup!
comp.lang.basic.visual.misc
microsoft.public.vb.general.discussion
Mayayana
2020-01-17 03:56:05 UTC
Permalink
"GS" <***@v.invalid> wrote

| I'm thinking I'll take my Win7Pro machine offline permanently so it's not
| remotely accessible to anyone but me, same as I've done with my XP Pro
machine!
|

I guess we all see it differently. I use XP online
and feel secure because I can control it. I sometimes
use Win7 but don't trust that quite so much. I wouldn't
want to go online with Win10. It's spyware starting
out and it can't be entirely controlled. Even with the
parts that can be, there's really no way to be sure.
And of course it will be Win10 more than anything else
that malware is targetting.

People talk about how secure Linux is, but I'm not
very familiar with Linux, it doesn't have adequate
firewalls for privacy, and it typically defaults to calling
out without asking, for such things as software updates.
So I'd be very wary about using that online. It's just a
whole other set of people telling me I don't need privacy.

The critical bug this week, interestingly, only affects
Win10, server '16/'17. The bug is in crypt32.dll, which
dates back to NT4. But somehow they screwed up the
latest version. And who knows what else they're screwing
up with their constant fiddling.

I've been amazed to read what people are putting up
with on Win10. Recently someone was talking about
some of their software being packed up and marked for
deletion! The intrusiveness -- the presumption that your
commputer belongs to them -- has intensified so
dramatically, yet the vast majority of people don't
mind. I can see that with the general public. They never
knew they had control over older systems. But to see
Windows experts blandly accept Microsoft forcibly changing
their system is odd.
ObiWan
2020-01-17 08:13:23 UTC
Permalink
:: On Thu, 16 Jan 2020 22:56:05 -0500
:: (microsoft.public.vb.general.discussion)
Post by Mayayana
The critical bug this week, interestingly, only affects
Win10, server '16/'17. The bug is in crypt32.dll, which
dates back to NT4. But somehow they screwed up the
latest version. And who knows what else they're screwing
up with their constant fiddling.
Sure, crypt32 has been around since NT4 but since then, it has been
constantly updated to add the new ciphers, the latest issue is due to a
bug in the way MS implemented the elliptic curve (EC) crypto which, by
the way, was unsupported (didn't exist) at NT4 times, then there's to
say that with the progressive retirement of old ciphers due to the fact
that, as of today, they became insecure, older OS versions (XP is one)
which won't receive any update will be unable to establish protected
connections to other systems so will be, in effect, cut-off from the
internet and from whatever network using traffic encryption
Mayayana
2020-01-17 14:36:33 UTC
Permalink
"ObiWan" <***@mvps.org> wrote
that, as of today, they became insecure, older OS versions (XP is one)
which won't receive any update will be unable to establish protected
connections to other systems so will be, in effect, cut-off from the
internet and from whatever network using traffic encryption
When nothing less than TLS1.3 is used, and
software depends on Windows network functionality,
there will be a problem. (Actually, Vista/7 also don't
have native TLS1.2) I don't expect that's any time
soon.
That's why I was switching to Unbound last
week, because Acrylic is using wininet and I couldn't
get it to work. Though it's still not clear why it wasn't
working. And in any case, using wininet is very much
an unprofessional way to do Internet communications.

But I get your point. Crypt32 isn't the same crypt32
that it was in XP. Still, there's an irony in having bugs
in the security of their latest systems, given that
they're out yapping right now about how people need
to drop Win7 before they catch a malware infection,
which is sure to happen by next month, since updates
are no longer available.
ObiWan
2020-01-17 15:04:05 UTC
Permalink
:: On Fri, 17 Jan 2020 09:36:33 -0500
:: (microsoft.public.vb.general.discussion)
Post by ObiWan
that, as of today, they became insecure, older OS versions (XP is one)
which won't receive any update will be unable to establish protected
connections to other systems so will be, in effect, cut-off from the
internet and from whatever network using traffic encryption
When nothing less than TLS1.3 is used, and
software depends on Windows network functionality,
there will be a problem. (Actually, Vista/7 also don't
have native TLS1.2) I don't expect that's any time
soon.
It isn't just the protocol suite (e.g. TLS 1.2 or the newest TLS 1.3)
it's the ciphers, XP crypto libs don't support the EC (Elliptic Curve)
algorithms, and they're quickly replacing the older one, this means
that, once the older ones will be totally retired, XP won't be able to
establish TLS connections anymore
Post by ObiWan
That's why I was switching to Unbound last
week, because Acrylic is using wininet and I couldn't
get it to work. Though it's still not clear why it wasn't
working. And in any case, using wininet is very much
an unprofessional way to do Internet communications.
Unbound is a totally different thing, it's a full blown DNS resolver,
if you fits your needs, fine, but you're using it at "0.001%" of its
real capabilities, believe me :) !
Post by ObiWan
But I get your point. Crypt32 isn't the same crypt32
that it was in XP. Still, there's an irony in having bugs
in the security of their latest systems, given that
they're out yapping right now about how people need
to drop Win7 before they catch a malware infection,
which is sure to happen by next month, since updates
are no longer available.
Sure, "crypt32" (and all the underlying/linked code upon which the
library relies) is the "upper" interface to the windows crypto system
so, if the crypto suites/algos are updated, it needs to be updated as
well to support the new algos, this means "patching" the code, and as
you know, patching sometimes means introducing bugs; then I'm not, by
any mean trying to defend/justify MS, just sayin' :D
GS
2020-01-17 23:48:16 UTC
Permalink
Post by Mayayana
Post by GS
I'm thinking I'll take my Win7Pro machine offline permanently so it's not
remotely accessible to anyone but me, same as I've done with my XP Pro machine!
I guess we all see it differently. I use XP online
and feel secure because I can control it. I sometimes
use Win7 but don't trust that quite so much. I wouldn't
want to go online with Win10. It's spyware starting
out and it can't be entirely controlled. Even with the
parts that can be, there's really no way to be sure.
And of course it will be Win10 more than anything else
that malware is targetting.
This is true! However, knowing that I've installed 3rd party software to:

1st and foremost, turn off Windows Update so it happens when/if I decide it
will happen;

2nd and also as foremost, block all known spyware services/processes/apps;

3rd and also as foremost, install a good anti-virus program;

4th and also as foremost is to NOT use any of the MS built-in features like:
Cortana, Edge, One Drive, anything Cloud-based, and the system camera;
Post by Mayayana
People talk about how secure Linux is, but I'm not
very familiar with Linux, it doesn't have adequate
firewalls for privacy, and it typically defaults to calling
out without asking, for such things as software updates.
So I'd be very wary about using that online. It's just a
whole other set of people telling me I don't need privacy.
I'm not familiar enough with Linux (YET) to speak to this!
Post by Mayayana
The critical bug this week, interestingly, only affects
Win10, server '16/'17. The bug is in crypt32.dll, which
dates back to NT4. But somehow they screwed up the
latest version. And who knows what else they're screwing
up with their constant fiddling.
I've been amazed to read what people are putting up
with on Win10. Recently someone was talking about
some of their software being packed up and marked for
deletion! The intrusiveness -- the presumption that your
commputer belongs to them -- has intensified so
dramatically, yet the vast majority of people don't
mind. I can see that with the general public. They never
knew they had control over older systems. But to see
Windows experts blandly accept Microsoft forcibly changing
their system is odd.
I've seen where an update actually removed software!! I haven't heard where M$
has reimbursed the user for the cost of that deleted software.

IMO:
There's a point where the fine print of agreements becomes nothing more than an
attempt to legalize criminal/unethical/wrongful activity by the EULA authors!
--
Garry

Free usenet access at http://www.eternal-september.org
Classic VB Users Regroup!
comp.lang.basic.visual.misc
microsoft.public.vb.general.discussion
Loading...