I have been lurking the forums for a while and watch basically all the TS vids, but I just had to make a rant about how blatantly untrustworthy Windows is.
We all know that Windows is very much in bed with the NSA, but today I was experimenting with the Windows CNG API, working on a project that would need to retrieve the private SSL keys then use them to decrypt network packets (don't ask). All was going well until I discovered I was missing a header file (SSLProvider.h). I thought it was odd that I could integrate with all other modules of the CNG API except anything regarding SSL. After some googling I found that I needed to get the CNG SDK, which sounded ridiculous to me, but whatever, I'll have to just get on with it... no. Microsoft then prompts me with a form, telling me they need my name, address and phone number to allow me to download the SDK, they say they will provide my details to the Bureau of Industry and Security (I'm not in the USA); this was a deal-breaker, no way I'm giving up my info for an SDK. So I googled "Microsoft + Bureau of Industry and Security" and found out about the whole _NSAKEY fiasco (old news for most), but it makes one seriously question if your data is ever truly indecipherable to all external parties on Windows with regards to SSL - I suspect not and will now switch over to some Linux distro.
They can't just have people building shit to break into things with their APIs. It doesn't matter if you're in the USA, you're working with a USA based company, there for, you are bound by the laws in with the company you are dealing with is based. This isn't a Windows issue, this is an issue of you expecting something that could allow you to break laws not being documented.
If you're that worried about your private info being shared with the Bureau of Industry and Security, then why in the world are you even writing this post....
We should absolutely be given the power to break whatever software we want in whatever way we want to break it, no matter how suspiciously black hat it may smell to you, me, MS, another tech company, or the NSA.
Refusing to sell someone a crowbar because he might maybe use it to break into a car window and steal his neighbour's mustang goes against all the principles of a free market, let alone a free society. You don't know, don't need to know, and shouldn't know, as that merchant, if he's going to use it to tear off and replace siding on his house, or steal that car.
OP is more than correct to be upset. Regardless of his intentions, as we should be regardless of them, the fact is that he cannot fully test the cryptographic tools in Windows because he happens to care about who gets his personal info and why. Having standards about one's own privacy shouldn't lock you out of anything.
yeah lets speak about crowbar a little more, If I'm the seller its ultimately my choice whom I want to sell it to.
He can use linux as it has same/similar tools, those tools are gpl 2 or 3.0; so no, he doesn't need to reg anywhere. + he doesn't need to supply correct info about himself...
(windows is not open, its paid system; its up to them how they allow/limit use of their system at the end of the day)
@anon5205053 I accept that my response was unnecessarily snarky, but @ipat8 isn't very intelligent, put delicately. I do intend to use Linux, you're quite correct that I will not have to provide information, no one here is refuting that, in fact I stated that I will use Linux. However, if you are a crowbar salesman then your agenda is to actually sell a crowbar, if people can choose between a free crowbar or your crowbar which anally fissures you for your data, you're not going to sell many crowbars.
@anon5205053 I think the analogy is wrong, you've already sold me the crowbar, now you're controlling how I use it. Which one could argue influences the way a crowbar is thought to be applicable, which stifles innovation.
if i sold it already you signed agreement and you agreed to it. Not my fault.
I think you guys misunderstood, its not that I like their license, T&C agreements and it wasn't my purpose to debate how it is. Since they sell it like that, you have no choice either you agree to it or you don't. If I have 95% monopoly over crowbar industry I can be picky.
That's incorrect. There are several orders of magnitude more *nix servers than there are Windows. In a small - medium business setting, it's mostly Windows, that's because they have very second-rate IT workers (with IT degrees, not comp. sci. but that's another rant all together) who only know AD(DS), SharePointm, IIS and other shithouse proprietary crap. Think of all the servers powering the largest companies; Google, Facebook, Amazon, etc do you think they're putting up with the massive Windows Server overhead and all the boilerplate when developing for Windows? Hell no.