> Microsoft-branded ARM microcontrollers running an embedded linux distribution. Microsoft rolls out security updates over Azure to reduce the risk of the device becoming part of a botnet.
It does. But, it's also pretty surreal for those of us that worked through the anti-linux Microsoft of the 90's. Windows subsystem for Linux, and initiatives like this are a real confirmation that MS finally "gets it". Right tool for the right job. Good for them.
It's also a big swing for me in that I trust MS more than Google now to do the right thing. I'd have thought that impossible a couple of decades ago.
Have you actually used Windows 10?? The spotlight is squarely on Facebook and it's privacy intrusions right now, but the data collection when you own the OS must be several orders of magnitude larger.
Don't be so eager to forgive them. They're not hugging Linux right now because they're a Good Company trying to Do No Evil.
Have you used Windows 10 Server Core, or Windows 10 Enterprise LTSB? There's no data collection in either of those, because they're for serious people.
The Home and Pro editions, meanwhile, are effectively "Xbox OS for PCs." They turn your computer into an entertainment appliance run and maintained by Microsoft itself. Of course they collect data, just like there are data-collection agents on all the nodes of your average production system cluster. When Microsoft is the sysadmin, Microsoft needs to collect ops data.
And, personally, I don't think that's a bad thing, per se. It's a choice you make. You can take control of your PC while still running Windows, if you like. (It's just a big hassle, because truly administering a modern Windows system is a big hassle.)
There's something fundamentally wrong with that to my mind, given how the Pro release of Windows has always been placed.
I should not need to get an Enterprise release to be able to manage my own machine, restrict the phoning home, and control other basic features of my machine used in a professional context. I've no need of 101 features for managing 1,000 desktops and neither have many smaller businesses who are also now landed with "Xbox OS for PCs".
According to blog posts and articles on tech sites there still is no way to disable all telemetry on windows 10. I don’t use windows for a long time now so I cannot tell myself.
Anyhow, it is /not/ ok for an OS to spy on their users by default - even if you can disable it manually.
Even though the "basic" telemetry data is quite the list [0], I agree that it's not nearly as intrusive as the "full" set.
> only when you have it set to Full level
"you" (probably any users) won't set the level to "full"; this is the default setting (source [1]). MS only offers "basic" as opt-out (which it really is not).
No, updates work fine. Some blocked domains : settings-win.data.microsoft.com, v10.vortex-win.data.microsoft.com, mobile.pipe.aria.microsoft.com, nexusrules.officeapps.live.com
You can't. It still phones home a lot, even at the lowest telemetry settings. The only edition where you can disable it is LTSB and even there it is hidden in Local Group Policy Editor.
Microsoft have marketed it to business and portrayed it as intended for professional business use ever since XP introduced the version split. Until large enough to be allowed near volume licensing SKUs, when you pass some point past a hundred seats, it's the most professional offering a business can get.
That covers nearly all small and medium businesses.
Do I, as a single person, have the option of buying a non-spyware version of windows 10? I paid $175 for windows 7... I'd pay $300 for a non-spyware version of windows but I don't think I can even buy solo windows 10 enterprise.
Same as with previous releases: an unknown, invisible, price because it generally comes with the machine. Choose Win x Pro if you want a more "corporate" laptop and get features to connect to the work network, Bitlocker and so on.
As far as I am aware the pitch has not changed - Pro is for for a business environment, Enterprise if you're in need of centralised management of an estate of machines. So no, Pro should not be taking liberties.
So now to be treated professionally I need to buy a laptop with Win 10 Pro and buy Win 10 again to reinstall it / upgrade it with Win 10 LTS? Can you even buy a single copy?
My windows 10 Pro cost me $270 when I got it on christmas sale.
I can't disable debug telemetry or cortona. If I set the options to via admin (or even safe mode) via registry edits. After a reboot I'll find them back on.
$270 USD? That can't be right. Full retail price is only $199. Amazon and Newegg both sell Windows 10 Pro retail download for $189, and Windows 10 Pro 64 bit System Builder OEM disc for $143. These aren't sale prices, just regular prices.
Maybe you know this already but here's some friendly advice: You're not going to get anywhere defending Windows or Microsoft against the HN crowd.
Most of them live in a bubble and it's just not cool to use Windows or Microsoft products...so even when you're right, which you are, the most you can hope for is that they'll ignore your comment instead of spouting off some ridiculous nonsense that they actually have no clue about. And then they turn around and pimp Apple, the most controlling, selfish enemy of personal freedom with the shittiest software that you can imagine.
I don't care if "Basic" setting sends harmless information. I don't want to send ANYTHING. It's my computer, I paid for it, I paid for this system and I want full control.
Full disclosure:
I don't use Windows, I don't use Apple products, I'm trying to avoid using any closed-source software.
I get it, I really do - if you can live on Linux alone that’s great.
Many other people here will complain about Microsoft ads on the start menu but turn around and forgive Apple who shows you ads every time you want to update your computer via the App Store. With Windows when I remove the ad (which is just a shortcut to a non-installed app) it’s gone forever or at least a long time.
Or, they will fault Microsoft for some slight lock-in with their Mail app that nobody is forced to use and completely forgive Apple for the immense level of lock in on iOS because “Apple has always only offered that” and Microsoft is not allowed to change.
However, I have to put up with basic telemetry which is slightly annoying but not a showstopper for me. I can also install the enterprise version of Windows which I think I can get via my MSDN subscription. Either way, it is annoying but I can live with it.
On my machine right now, Cortana is Disabled in settings and Group Policy settings (you can't disable all of Cortana from regular settings, only the "Hey Cortana" and various ad popups) but the UI is clearly still visible in my taskbar.
So tell me, where can I buy that for my personal computer?
>because they're for serious people
No, because those who can get Windows 10 LTSB actually have the power to push back. Imagine telling Dell or HP that everything they type may be sent to MS at any time.
>You can still take control
So how can I permanently end all telemetry, now and forever on my box. I'm even willing to sign a letter that I won't hold them responsible for any viruses that I get because I didn't update in time.
You used to be able to download a trial off the open web on MS' download portal.
I ran LTSB for a year and it was brilliant. But on day 366 (or whever my slmgr -rearm trick ran out) you get locked out with no real way to change to a different SKU or reset without a clean install :(
There's a program called BlackBird (http://getblackbird.net/) that claims to strip out all that telemetry. I have been running it for a while and while I haven't closely inspected traffic to validate the author's claims my bandwidth monitor widget doesn't have a lot to report, rarely rising above 1kb/sec unless I'm doing something.
I've had software of mine flagged by overeager antivirus just for being new and uncommon. It labels it as "WS.Reputation.1". If that's the only detection it's most likely nothing to worry about.
>So how can I permanently end all telemetry, now and forever on my box.
Simple: you use a different OS that doesn't spy on you. Microsoft is under no obligation to provide a product or service to you the way you want. They've decided they only want to offer products that spy on you, and that's their right. If you don't like that, you're free to not buy or use their products, and use something else instead. There are alternatives out there that don't spy on you.
Security and antivirus protection exist as much to protect others as oneself, much like vaccines. I wonder whether Microsoft considers updates to be protecting the users of a specific machine from a virus, or the community at large from many machines having that virus?
The problem is, security updates should stick to security, and should be clearly separated from feature updates - especially from the ones that remove features.
Interesting GDPR situation, MS will need to tell people how they're using all that data, who they're selling to, and AIUI enable deletion of it. Organisations using software that includes telemetry will have to tell the users, as the assumption must be that such telemetry will leak PII.
Would you trust each doctor to know enough about IT security to be capable of protecting patient data without hiring someone else to run their enterprise IT infrastructure?
No. But I would expect that the government (or a doctors professional organization on behalf) publishes a list of things he is allowed to use to work with patient data. Windows 10 shouldn't be on the list in my opinion.
Is there any reputable audit of this? Beyond what Microsoft claims?
This is a difficult problem. The software could be audited by an independent third party. However each update needs to be audited as well. Furthermore the binary of the initial state and each subsequent update binary would have to be signed by the auditor in a way allowing independent verification of the signature.
> Have you used Windows 10 Server Core, or Windows 10 Enterprise LTSB? There's no data collection in either of those, because they're for serious people.
How does one, as a non-enterprise, even get W10 Enterprise LTSB? I would, in a heartbeat, but MS wants to shove crapvertising down peoples' throats no matter the cost. And it's logical, given that when the users with money to spend and technical expertise fall out of the advertising eyeball pool, the eyeball pool loses its worth as it will be filled with poor noobs to whom all you can sell is the latest iteration of Candy Crush and snake-oil "antivirus".
Not if you're a developer. It has all other features stripped down. Even a photo viewer is absent. Linux subsystem is at beta level, no store (there are some good apps on the store), also no new windows features (fluent design, emoji?, gpu tracking in task manager, etc... you get the idea).
"if you're a developer" might need qualification with "on win32 native products". Even then, you're targeting old windows, which is probably fine. Besides the GPU tracking in task manager, I'd say I'm better off without those features.
If you buy something you shouldn't have to jump through hoops to own it. The fact those data collection features are there at all for a paid product is bad in my opinion.
Much of this comment seems like apologism to me. "Hey, it's bad, but I like Microsoft, so it's all good?"
Why would only people who pay $200 for a windows edition get (some) privacy?
Remember the days when the products you bought didn't spy on you? It seems like now companies are double-dipping or triple-dipping with this spying and selling of your data after you've already purchased the product/service.
And we're getting reconditioned to live with it and agree to it, especially from comments like yours.
Companies are double/triple-dipping with spying because consumers are happy to allow it.
Don't like it? Don't buy it. If you pay hard-earned cash for a product, and then complain that it spies on you even though you knew this before you bought it, you don't really have much cause to complain. If you really value your privacy, then put your money where your mouth is.
The corporate version of Windows 10 is different, which is where my experience lies. Good observation though.
At a higher level, Gates seems more credible than Larry or Sergey to me. Totally biased by my history, but I'm pretty strong on that point. Gates mellowed out and seems more broadly interested in "greater good".
Gates has done good work since leaving MS but I wouldn't say he mellowed out towards the end of his time at Microsoft. He was still very much proactively trying to control 3rd parties. Whether it was IRC via Microsoft Chat (which was actually a pretty cool idea but it didn't belong on public IRC servers), MSN, IE Vs Netscape wars, then IE Vs HTML wars (eg ActiveX, Silver light, etc). The whole Java wars (which did eventually give us .NET so some good eventually came of it, but it took years before .NET matured). MS Office Vs open standards (eventually we got a compromise with OOXML but it still feels like the battle was lost given every other office suite used the non-propriatory ODF).
And this is all without going into how he tried to destroy Linux, control UNIX, successfully destroyed competing DOS platforms (eg DR DOS), blocked OEMs / shops from selling PCs with competing OSs (or was it machines without Windows preinstalled? I forget now), ruined EeePCs and their form factors (by selling With dies at a loss), etc.
I think the only reason Gates didn't try his luck with data collection was because it simply wasn't a thing back then.
That said, I do still respect the guy even though I disliked his products and how he monopolised the market. Which is more than I can say about Balmer.
Yeah, personally, I think Windows for home users is a dying market. My wife and kids use either ChromeOS or OSX. Everything has moved to the web for younger people. Fat client apps are increasingly the exception. Very niche...like "I need Adobe tools, Photoshop, etc".
Office 365 is accelerating that. No need for local Word, PowerPoint, Excel, etc.
Windows Is For Games™. Despite the existence of things like SteamOS, I don't think your average e-Sports player is going to run anything besides Windows any time soon. Windows Home/Pro is essentially "the firmware for a custom-built Xbox."
Currently, Windows 10 is also the only non-bullshit OS for tablets - one that makes it a productive device, instead of purely consumer one. Alas, tablets ain't very popular anyway, so I doubt this impacts Windows numbers much.
I'd guess Microsoft gets most Windows sales from regular people buying regular laptops with Windows preinstalled. Most of them probably don't even know there is something else other than Windows.
Interesting. I am now curious about the demographics. How many Windows 10 users are there soley for either games or Photoshop, or Illustrator, for example?
I instinctively feel like ChromeOS and OSX (and mobile OS variants) are going to kill Windows desktop off. But I'm also aware I might be off base.
Around here ChromeOS is a kind of rare animal hardly seen on any consumer shop, and when it appears it is usually tied to some promotion to get rid of those in stock.
OS X is everywhere on northen Europe big cities, but go south or to the country side where many people dream to go over the 500€ barrier and it too becomes a rare animal.
Windows still has almost 90% market share, so it's not going to be killed anytime soon.
For gaming, it's pretty much only choice, Macs have no hardware to handle them, and for Linux, I've tried switch many times, and it always been a hassle.
I've ended up with Ubuntu for work and Windows for everything else.
The last I checked, Microsoft doesn't create shadow profiles of people who don't have accounts. Nor does Microsoft make it hard to turn off privacy, or sell the data to research firms in an attempt to create profiles that be used for advertising or manipulation. Also, the last I checked all this attention to Windows 10 data collection usually includes a comprehensive list of how to turn it off. Finally, when you set up Windows 10, one of the setup screens actually lists out these options and gives the user the chance to turn them off. You could argue that these should be left off by default, but I'd argue that allowing developers to collect telemetry data for debugging purposes, and forcing people to keep their computers updated is a good idea, since most normal users don't bother.
Company histories asside, someone had to develop a hardened kernel--and they had to be big enough that the client could sue in the event of a problem. Redhat comes to mind, but I honestly can't think of a better company than MSFT to own this (and the associated libility).
It makes terrific financial sense for them to take ownership, liability (and revenues) for a product class their native technology can't compete in.
It’s pretty trivial to disable the data collection on the home version, and the corporate version doesn’t have it. For work Linux is perfect, for games Windows is still the better choice. Luckily nothing stops people from having both on the same box.
Ubuntu is following MS lead and introducing data collection by default in 18.04. Google also have a couple of linux based options that are built with the sole purpose of collecting your data.
MS for all their faults are at least still in the business of selling operating systems and not selling you.
For Ubuntu is a checkbox at install, this is a big difference between that and 20 hidden switches in registry that each stop different spying code and also get reset by mistake at each update.
Sorry, but a zero tolerance policy of is the only way to stay sane. I don't have time to keep up with every policy change and update on what every app and tool I use has done lately.
I ditched windows for a reason (several, but privacy was one) and I've got no intention of checking every 3 months how far down the slippery slope ubuntu has gone. And they will go down that slippery slope because it's abundantly clear that they as an organisation they don't value privacy.
You are spreading FUD, for some reason a person that has no tiem to read the privacy settings checkboxes you are aware of the latest FUD campaigns, the latest one is about the program that collects hardware info at installation time, this is not tracking you, it is an option to send hardware info upsteeam so developers have real information, now everyone has to quote the Steam survey and this source is gaming focused.
Also, you can use distros based on Fedora/RedHat if you are a Canonical hater.
> for some reason a person that has no tiem to read the privacy settings checkboxes you are aware of the latest FUD campaigns
Because it happened to be mentioned in a preview video I watched on youtube. What happens in 3 months when they change that policy and it get's past my radar? This is FUD canonical have created by not taking privacy seriously.
Watch sources that do not spread FUD, same video sources probably praise Valve and Steam but get triggered but that checkbox because is enabled by default, (also don't use Ubuntu if you doubt the direction it is going but don't spread FUD)
Generally agree with you, but those of us who knew Microsoft in the 90s are also cautious about the company getting too cozy with the Linux ecosystem, or any competing technology in general.
I assure you MS is still not to be trusted. I find this recent uptick in naivety about them dangerous. Fool me once, shame on you, fool me, can't get fooled again.
The difference between the '90s and now is that in the '90s Microsoft spread FUD against Linux, and now segments of the Linux community are spreading FUD against Microsoft. FUD is bad no matter who spreads it.
I would say they are just as likely. I'd like to take a moment and point out that I see this response type way too often around here. Someone criticizes something and is almost always asked about why they aren't criticizing this other thing too. It's intellectually lazy and logically fallacious, as if when leveling justified ire on a person or company, you must then start listing every violator of the same type.
They're being practical. They couldn't win - neither by spreading FUD, calling Linux "a cancer", funding the SCO lawsuit - so they choose to "embrace" Linux and open source whenever it suits them.
On the other hand their contempt for the (paying!) customer is sill blatantly evident, it's right there in Windows 10 telemetry settings being reset.
All I can read into it is that it's in their best interest to stop being deliberately hostile towards Linux and open-source. We can trust them doing The Right Thing only as long as The Right Thing benefits them.
A lot of the fear I see on here about Microsoft makes me laugh. Many on here haven't got over the Micro$oft mentality from a decade ago.
With that being said, there's a huge difference in acknowledging a company becoming more developer focused, and trusting a company. You shouldn't trust any company to do "the right thing", regardless of how noble their actions may seem on the outside. As Google have shown, your motto can literally be "do not evil" and in the space of a decade you are viewed as a monster.
Should be interesting to see if Fuschia gains some mindshare. Linux is "bloated" by LOC standards, but once you target a specific architecture, the LOC drops dramatically.
The whole LOC drama train is tied to code that doesn't get compiled when you specify the architecture.
Are people who call Linux bloated for IoT-like devices really talking about lines of code? I always thought the main focus was on Linux's architectural layout and how closely tied it is to the x86 memory model & the PC in general.
Realtime OSs are currently in vogue because they better match how some IoTs devices work, so there's less abstraction that doesn't apply to that circumstances (and therefore improved performance/reduced complexity).
...how closely tied it is to the x86 memory model & the PC in general.
Is it, though? Linux has had NOMMU (running without an MMU at all) support since the early 2000s, and the atomics / barriers are more based on Alpha's memory model than anything else - several of those primitives just compile out to a compiler barrier or nothing at all on x86.
Most heavyweight things you don't need in an IoT context can be compiled-out completely - I think probably the major bit of infrastructure you can't is support for multiple user IDs?
That's fair. What's the counterpart example though? Is it Fuschia, or QNX, or similar? If so, why are they so niche? If there is an obvious better answer I'd expect more noise.
To underline this, the LOC has actually dropped in the next version of the kernel (which has just hit -rc1), primarily because a set of no-longer-used architectures were removed.
It's been an interesting ride for sure to follow Microsoft the last few years. The work they do with Azure and dev tools and open source is pretty neat. Folks like Scott Guthrie and the new CEO certainly made Microsoft more appealing again. It's kind of funny even how times change and how I think of Microsoft as one of the top cloud and online companies now, even before Google but still behind Amazon. Certainly a personal opinion, but that's how times and my opinion changed.
me too, I've swung back to Bill, amazon, google, youtube, facebook, none of them are going to help us, Bill on the other hand, I trust you Bill, I love your surface book, I love your international approach, make the geeks proud again :)
It's nitpicking. They existed in 1998, so "a couple of decades" is debating months in the scope of decades. Google incorporated as a privately held company on September 4, 1998.
Microsoft now cares about subscriptions (office365, etc) and monthly recurring "rental" revenue. Anything that gets people to spin up more Azure VMs and pay for them monthly, forever, and possibly get locked into the hosting platform, they're totally OK with. Doesn't matter if it's a Linux VM or a Windows VM running on their hypervisors as long as people are paying the bills.
It does sound great. My main concern is what happens when devices go out of support. Will MS keep on pushing updates indefinitely? Will there be a mechanism to take over the updating process if they decide that a certain set of devices are no longer supported?
Am I missing something here? The custom linux kernel part isn't interesting at all - in fact, Microsoft has pretty much admitted they can't scale down Windows.
What's interesting to me here is Microsoft is building an IoT solution that allows manufacturers to delegate security to Microsoft instead of having to roll their own.
"Don't roll your own security" has been the marching drum of an entire sector of IoT companies working within the connectivity "slice of the pie."
The general mindset has been that iot has a couple slices: the "thing" (air conditioner vibration sensor), how that thing is connected (Ethernet plugged directly into a smart vibration sensor, or vibration sensor plugged into a connected data-recording device), the transmission/storage of that data (cloud solution? Servers on site? Internet y/n?), Analysis of that data (Microsoft IoT platform? Rolled solution? Now defunct Autodesk iot platform?), and finally the acting upon data collected (chief engineer scheduling repairs/maintenance, project manager ordering new motors, whatever).
So many companies have tried "rolling their own" because they got it working on a raspberry pi or Arduino in a week, then find out their connectivity is not secure at scale (let alone that the solution can't scale at all).
Let specialists specialize. No reason not to let big daddy Microsoft handle the messy bits.
Disclosure, I work at electric imp, thus considering myself firmly in the "secure connection and transmission" slice of the pie.
Disclosure 2, we're partnered with Microsoft for their new IoT push, lol.
Let specialists specialize. No reason not to let
big daddy Microsoft handle the messy bits.
If you're planning to make a product that will last 20 years - a residential thermostat, for example - using a third-party service as the foundation of your product seems naïve to me.
I mean, Microsoft or AWS is at least better than a startup, in that they're less likely to go bankrupt - but even Windows XP, one of most long-lived products out there, was only supported for 12 years even with 'extended support'.
Not to mention the fact whoever provides the cloud services will likely be looking to make recurring revenue over those 20 years.
If you go with partners, though, swapping them out may not be too painful. I mean, working on twenty year old cold is always painful, but at least for some of my demo devices, when Autodesk's iot platform was retired, I swapped it to Microsoft's pretty easily. It's just data.
...and even then, you're not secure forever. So many times the best security practices have been shown to be insufficient. In fact, I wonder what the scoreboard actually would read, 'roll your own' vs 'best practice'? Maybe not all that different.
I like your idea of a scoreboard. I'm gonna float this at the office. Then again, we're not keen to talk about the fact that nobody has found a flaw in our security model because it'll just invite a ddos, which, yea, I guess that counts as a flaw?
As for forever, hence why companies like Microsoft and EI have models for "continual update" on connected devices The idea being that the security upgrades never stop.
Yet that update channel is a door for other attacks. Either its perfectly secure, in which case you need to use that security for your whole app! Or its not, and its vulnerable too. And terribly dangerous, because when broken it may allow complete compromise of the entire device.
I agree with you that this creates a new attack vector. I understand Microsoft is doing some research in the area of IoT device security. This paper describes an interesting approach [1]. It seems there is an eye towards compromised devices (from the fourth page):
"Highly secure devices have renewable security. A device with renewable security can update to a more
secure state automatically even after the device has been compromised. Security threats evolve and
attackers discover new attack vectors. To counter emerging threats, device security must be renewed
regularly. In extreme cases, when compartments and layers of a device are compromised by zero-day
exploits, lower layers must rebuild and renew the security of higher levels of the system. Remote
attestation and rollback protections guarantee that once renewed, a device cannot be reverted to a
known vulnerable state. A device without renewable security is a crisis waiting to happen."
n.b.: MSFT employee, not associated with above work
e: hmm, I realized that the IoT linux offering is actually paired with the MediaTek chip announcement. I guess this is the product incarnation of the technology from the paper?
I do frontend so I don't have intimate knowledge with our device onboard security, but I do know at the very least any update must have the correct key, access to which is remarkably controlled.
The "ensure device updates are not malicious" question gets asked at least once a month here. It only gets stronger.
You are asking exactly the right questions, though. These are the sort of holes we find in customer home rolled solutions. Another one is factory enrollment vulnerabilities - how do you guarantee that factories don't walk out with your code, stick some malicious stuff on it, then install it on the device before shipping it?
Windows runs on IoT devices, Raspberry Pi's... essentially, there aren't many mainstream hardware platforms Windows can't run on. And .NET Core runs on all of them, too.
This is not about Windows technical capability - which is effectively every bit as good as Linux in this space. This is about, "OK, developers, you'd rather have Linux than Windows on your IoT device? Cool. Now get connected to Azure for that IoT data, we'll help you keep that device secure and up-to-date." It's about market share for Azure.
The article pretends to answer why they're using Linux instead of the NT kernel, but the answer is either incomplete or a non sequitur; it seems to imply that since the devices has very little power, their kernel isn't a good fit. I thought the NT kernel was pretty good at low power, and also has a highly respected internal design?
Low power is relative: NT is good at saving battery on laptops, but these are supercomputers compared to IoT hardware. The most minimal NT system that I have seen so far was still 50MB. Not sure if MS was able to shrink that further. But in a world where every byte of flash or RAm saved can lead to essential power savings, this is far too big. With a custom linux kernel with no extra drivers and modules and busybox in userspace, you can get much smaller than 50MB.
>The most minimal NT system that I have seen so far was still 50MB.
Well, it depends on what you want to do.
A really minimal XP with minlogon is around 10 Mb (actually around 20 MB that on NTFS compressed volumes are around 10), of which quite a bit is things that could be removed or greatly reduced in size recompiling the programs/dll's if the source was available, that won't do much, while with a decent amount of base tools it comes out at 30-40 MB or so.
Good point; but if I’m reading the article correctly, it sounds like it’s because the Linux kernel is open source:
> The Microsoft-secured Linux kernel used in the Azure Sphere IoT OS is shared under an OSS license so that silicon partners can rapidly enable new silicon innovations.” And those partners are also very comfortable with taking an open-source release and integrating that with their products.
I think it’d be cool if they released an open-source NT kernel for this, for diversity of kernels and because of NT’s reputation like you mentioned previously, but maybe they’re betting on there being many more engineers with Linux-based IoT development experience.
As an aside, really impressed with Microsoft recently. I’m still grossed out by the privacy policy of Windows 10, but it really seems like they’ve come up with an excellent strategy for the next decade.
For a while it was basically free (as in beer) up to an absurdly high volume (IIRC, million-ish devices?).
Maybe you are correct that there might not be a huge interest unless the solution is also free as in speech simply because of auditing needs of some of the IoT manufacturers.
I think MS looked at the market and thought, well linux already owns the IoT market and doesn't care to take it on.
MS would have to spend money and effort to get NT to be where linux is already, then spend more money and more effort to get people to adopt NT for IoT. In the end, there is no profit in being the OS for IoT.
Instead MS opts to have IoT pay cloud fees for Azure. It helps grow their cloud efforts and profits from existing investments. They don't have to fight linux, just work with it.
Drastically simplified source access for the silicon partners seems more important for the business case. I agree the power aspect, absent more specifics, sounds wrong.
The videos seem to show an MT3620 device, seems to be made by MediaTek [1]. Looks like they are targeting a Cortex-A7 + Cortex-M4 chip. First time I've seen an A series core in this type of chip.
It looks like a developer gets to program the A7 and 2xM4F cores whilst the WiFi radio and Microsoft's "secure" Pluton thing run on a Andes N9 and Cortex M4 core respectively. I assume it is those cores which will be auto-updated in an attempt to defend against attack.
Still cannot understand the IoT mentality. It is actually the CoT Communication of Things. Internet shouldn't be required to turn your lights on or off nor be the device communication backbone in an industrial enviornment. Internet should always be the last resort for communicating because of the distance.
Nice, although IMO they've got it wrong: They should keep the coins and lease the units at a lower price than traditional systems of a comparable wattage.
And I can't also get bullshit "feature" updates, and my device can't be remotely bricked, and it doesn't need the mothership servers to be up - so again, my device won't die when the company gets acquihired, stops pretending to provide value and pivots to writing blogposts about their incredible journey.
Totally with you. Maybe I'm a pessimist or a luddite or something, but I really don't think IoT devices should be connected directly to the Internet. Most are just too simple, underpowered or cheaply made to adequately defend themselves from attacks. IoT gadgets should always talk to a more powerful/secure hub of some sort, which then is exposed to the Internet. Seriously, my WiFi lightbulb switch just has no business doing anything outside my internal network...
And god help us when all these IoT devices start talking IPv6... With no NAT and anemic firewalls on most routers? Oof.
Just because a device supports IPv6 doesn't mean you have to route that prefix to the Internet.
Assign Unique Locals ( ULA ) to untrusted LAN devices and no Internet router will carry them.
Then your laptop or phone can additionally receive a routed prefix. Remember with IPv6 you can assign an arbitrary number of prefixes and addresses to each interface, or just one. It makes for very flexible routing.
Absolutely. I love small devices I can modify and the such, but when I do it, it's some assurance that i have a bit of security-by-obscurity, as well as an open-source background that usually comes with the random-modification scene. But when a commercial entity wants my lights to connect to the internet, chances are they are less-modifiable than a few hacked-together circuits.
I've had this conversation before. I want "IoT" stuff to connect to a bridge I control. Even that does not need to go outside of the network, I can VPN into my network if I need access.
But John Doe does not care, he wants convenience to the point where the IoT manufacturer knows everything about how they use the product.
There are use cases for which internet becomes the most effective solution. Mostly "extremely distributed products," like a sensor sold by a company offering analysis and preventative maintenance services alongside the product.
Do the security right and the classic internet of shit botnet type vulnerabilities aren't really an issue (knock on wood...)
Anyway, we've managed to survive pitching internet connectivity instead of local network, and several customers have found use cases for it that I don't think local would be feasible for.
In the end it's not just "technically a LAN would be the most secure option here," I mean that's always the case. It can be more "our partners and solution are offering a so-far-unbroken security model, and connecting via the Internet makes the whole manufacturing, distribution, on-site enrolling, and monitoring cheaper and working out of the box."
I agree, but I'm still finding it very useful for turning off a light I forgot or powering off/on my PC via a smart socket. Not everyone can set up a port-forwarded and secured service to access their stuff away from home.
Agreed. The term you are looking for is called pervasive computing. Moreover when the so called "connected devices" can be mobile, then we are speaking about ubiquitous computing. IoT is a way of utilising pervasive computing through the internet. Unfortunately the media and therefore the majority of the tech community has wrongly decided to use IoT for everything which results in a lot of misconceptions. Probably a marketing trick, who knows.
You are correct, particularly in an industrial environment with lots of sensors etc. These are typically on a closed network, which gives us the Network of Things, or NoT.
I'm confused: they're saying the devices have an ARM A7 chip (presumably they mean Cortex-A7) in them, which is a full 32-bit microprocessor, but they're calling them "microcontrollers"?
I would think Windows could run on a Cortex-A7, no? Perhaps the specific parts they're using have a ridiculously-low clock rate or other painful limitations?
You're right, but there is a lot of misunderstanding around this end of the market, mainly because advances have blurred the traditional segmentation. When talking about ARM, the 'M' in Cortex-M means 'microcontroller' whereas the 'A' in Cortex-A means 'application'. Cortex-A systems are often at the centre of 'System-on-Chips' and will run linux, and indeed the NT kernel as well, as they are bundled with enough RAM and fairly modern peripheral interfaces such as HDMI.
Cortex-Ms typically can't run linux (excepting uClinux) as they don't have the RAM and typically don't need to as they address a different need (dedicated function instead of general-purpose compute), and have far fewer peripheral interfaces. It used to be all about power profile, but the recent SoCs are getting pretty competitive there as well.
But as I said the traditional segmentation at this end of the spectrum is being re-cast seemingly every second week, and so terms such as 'microcontroller' are becoming less meaningful all the time. And who the hell can agree on just what 'embedded' means these days?
"And who the hell can agree on just what 'embedded' means these days?"
Or what it'll mean in 10 years, as power/radio/processor/sensor specs continue to improve. I'm speculating, but perhaps MS is banking on the low-end to grow, up into the Android/iOS space. So instead of our current 3-10 devices per family we'll have 30-100 devices. Hopefully, those devices will be secure. Maybe they'll be useful :-)
Interesting definition choice, as what constitutes an MMU has also fuzzily shifted over the years. From what I've seen, most of the SoC designs contain what in the microcontroller world of the 90s would be considered more than a minimal MMU, take for instance the classic M68451 [1], and the multi-stage bus pipelines and super-wide buses of these 'embedded' designs easily surpass such early MMUs.
Very doubtful they will abandon this project. This way they have full control over everything googleOS so they can spy more on what you do which is their endgame goal.
After seeing this I think the Amazon AWS/FreeRTOS combo is looking like the better architecture for a node solution. FreeRTOS can run on lowly M3s at 120Mhz, like the LPC2478.
A 500MHz A7 part is way too much silicon for an IoT node. How much external SDRAM and Flash are connected to that MediaTek core?
You call 120MHz lowly? I call that luxury! I am working on a product where we're running an M4 way below 1MHz. And our hardware guys have me counting bytes in software...
FreeRTOS is a pretty good fit for this situation. I am only disappointed that newlib is so ridiculously huge in comparison. Some functions in there are twice the size of FreeRTOS.
I typically wouldn't, since I grew up working on 1MHz 8-bit cores. But working with some of these tiny M0 and M3s, there's nothing slower than 60-120MHz now.
Well, these parts can almost always go much slower than that if you need to save power. Our hardware engineers want to because they reall, really, really do not want to provide the extra few uA for an extra half MHz or a few extra bytes of Flash. Which means I am stuck counting bytes and cycles like it is 1980 all over again.
Not saying this isn't fun, but don't tell my boss ;).
> After seeing this I think the Amazon AWS/FreeRTOS combo is looking like the better architecture for a node solution. FreeRTOS can run on lowly M3s at 120Mhz, like the LPC2478
Is that supposed to imply linux can't? Or that linux plus a GNU subsystem can't? I've personally run it on a lot lower end hardware than that seems to be.
The Cortex M series is prolific but lacks a proper memory management unit which makes running Linux an iffy business. FreeRTOS is by far the most dominant player in this space.
Different markets really, sounds like Microsoft is targeting items like internet connected cameras (think Mirai endpoints). Where as Amazon is targeting low power prolific devices, eg. IoT buttons.
Oh, it can. I've run ucLinux (MMU-less Linux) on an LPC1788 (Cortex-M3) and it works...okay. Making dynamic libraries work correctly on it is a pain in the ass. It just wasn't worth it at the end and the O/S hogged up most of the processor, RAM, and Flash.
Exactly. I think these end up as good PoCs - and it would be amazing to think of a future where we can run one of the Linux derivatives on a something that was designed with FreeRTOS or equivalent in mind - but it's just not going to happen on a commercial scale in my opinion.
FreeRTOS is interesting and useful, but also requires knowledge of the device you are running on as well as implementing drivers. Having done a project involving FreeRTOS, compilation flags need to be customized to the platform one is dealing with.
Someone has been predicting that Microsoft would in the future produce their own Linux Distro on Slashdot for the last 5 years. I remember thinking it sounded impossible for for the first few years. Seems prophetic now.
Rather than their Linux distro I think they will do what Google did with Android, that is, making their ecosystem run under the Linux kernel (plus MS services) so that they will save a huge load of money by not having to maintain their own kernel. Think about not having to write drivers for every piece of hardware that gets produced; they would probably just audit and test the code to certify the driver as fully compatible.
This may seem good, but my paranoid half (make it 9/10) thinks they could "hijack" the Linux user base by releasing software certified as Linux compatible that runs only under their Linux, and by being platinum members of the Linux Foundation they could be entitled to say that their Linux is the only true one.
Microsoft has a lot of great engineers that have no religious bias against Linux. This was strictly a Bill Gates/Steve Ballmer thing. The smartest thing Nadella did was get rid of the Windows religion aspect to their work and let their engineers do the best thing, and not be afraid of Linux.
I doubt that has much to do with "religion"; they simply don't think a Linux version of Office will bring in enough revenue to be worth the development and support costs... and I probably wouldn't disagree with that assessment.
Linux has large (majority?) market share in the server and IoT markets, but a very tiny market share when it comes to desktop.
I think that's a pure business decision, they have Office for Android and iOS. Office for Linux might not make that much sense given the low market share on client - but Office 365 has most as WebApps anyway also.
You can run the web app in your browser. It's no different than what Google does with ChromeOS. A fully capable web app. I haven't used it in a while, but on the feature front the only place it seemed to lag was collaboration, but I think even that is now on par with Google.
But I was under the impression that Linux isn't suitable as a real-time operating system (RTOS)[1] (which Microsoft may very well not require for their IoT systems). So the Linux Foundation providing an alternative free kernel meeting RTOS requirements makes perfect sense.
I'm not as clear on the history, but was Linux ever pitched as capable of being real-time OS? I don't think so. The hard requirements for real-time generally lead to very different systems than general-purpose operating systems.
Who would ever have thought that Microsoft, the great enemy of Linux, would release a product based around a Microsoft branded Linux kernel? Not I for one. Though having said that they have been increasingly opening up and making non-threatening noises towards open source of late. So, it's not _that_ much of a shock but it's still a shock! Microsoft is using Linux for IOT embedded devices, wow.
And then you point out that simultaneously the Linux Foundation, the Linux Foundation, is supporting a non-Linux kernel real-time OS for IOT embedded devices.
I think its a marketing thing. Engineers wouldn't have let this one slide.
My professors at college taught a simple rule of thumb - if it can't run regular Linux it's probably a MCU. Finer print talked about the presence of a MMU being the key differentiator.
I've stuck to that definition so far. Might have to rewire if this gimmick catches on
I think they've moved on from shaking down companies and customers that use Linux to shaking down companies that use Android.
SEP 20, 2011 Casio agrees to pay Microsoft an undisclosed sum for a deal that includes Microsoft's vow not to sue Casio's customers for using its Linux devices
Microsoft General Counsel Brad Smith and licensing chief Horacio Gutierrez sat down with Fortune recently to map out their strategy for getting FOSS users to pay royalties. Revealing the precise figure for the first time, they state that FOSS infringes on no fewer than 235 Microsoft patents.
It's a breathtaking number. (By comparison, for instance, Verizon's (Charts, Fortune 500) patent suit against Vonage (Charts), which now threatens to bankrupt the latter, was based on just seven patents, of which only three were found to be infringing.) "This is not a case of some accidental, unknowing infringement," Gutierrez asserts. "There is an overwhelming number of patents being infringed."
If you didn't know Microsoft used to have its own version of Unix a long time ago: Xenix. Never seen it personally though, my first experience with PC was MSDOS.
As anecdote, given the UNIX prices even for PCs, the teacher would carry a PC with Xenix into our lab and then each group would have about 20 minute turns to test what was already prepared typing on MS-DOS.
This is why getting a C compiler for MS-DOS mattered to many of us, we wanted to maximize our slot as much as possible, it wasn't about its qualities.
In my understanding, MCUs are more like ARM M, with 40MHz and 128KB RAM. But this thing is closer to rpi, with 500MHz, so I wonder what is the power consumption.
It would have been much better if they had thrown their weight behind Android Things ( https://developer.android.com/things/index.html)
Maybe build an open foundation around it like Kubernetes CNCF.
Google is surprisingly open to build democratic orgs around its tech.
This was my first thought based on the history and culture of the company. I'll be watching this development closely. The optimistic side of me hopes embracing Linux marks a real change in Microsoft, but we'll have to wait and see.
The move does seem rather troubling, considering the history of Microsoft. Linux seems like it's a little too big for "extinguish," and th GPLv2 should provide some defense against nefarious "extend"ing...
But then again, I wonder how many now-defunct open standards and projects thought the same thing.
Not only that but any company shipping Linux in IoT (or really any kind of hardware) usually compiles its own Linux kernel with needed custom modules. Not sure how this is news besides the IoT thing.
Microsoft is becoming the cool company once again by embracing open-source technologies and contributing to various other OS projects. They are refocusing their business all around Azure subscriptions.
> Microsoft-branded ARM microcontrollers running an embedded linux distribution. Microsoft rolls out security updates over Azure to reduce the risk of the device becoming part of a botnet.
It sounds great.