The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Monday, May 21, 2018

I want to like Windows Controlled Folder Access, but ...

'via Blog this'

I want to like Windows Controlled Folder Access.  Essentially, restriction of access not just by user or group, but also by app.

But, of course, Microsoft made it so simplistic that gets in the way of my usage model.

For example:

  • Lack of Exclusion
    • There are protected folders.  This is good.   
    • You can add more protected folders.  This is also good.
    • But you can't EXCLUDE subfolder trees from protection.
    • This is bad..
    • My usage model:
      • I do a lot of my work in subfolders of Desktop.
      • I do a lot of my work using ad-hoc tools, like Perl and Cygwin
      • I would LIKE most of Desktop to be protected.
      • But I would like to allow all or most, at least a large number, of cygwin apps to have access to subfolder trees such as Desktop/Work-In-Progress
  • Apps are given all or nothing access
    • You can add apps to the permitted list. This is good.
    • But when you do so, the app is allowed to access all Cntrolled Folders. This is bad.
    • E.g. I would like EMACS to be able to access my working areas, like Desktop/Work-In-Progress.  
    • But I would like to disallow EMACS from accessing, say, system folders, or Music, or ...
    • Instead it's all or nothing. :-( 
  • Apps are individual
    • You can add apps to the permitted list. This is good.
    • But you have to add them one by one. This is bad.
    • E.g. I use cygwin.   I would like to add C:/Cygwin/bin/* to the permitted list.
      • But that is too much of a pain, so I just disable Controlled folders
Basically, app permissions are just like user permissions.  They need the same flexibility.

Controlled Folders does not.


This feels very much like Microsoft's initial, >10 years long approach to evolve network share permissions.

I hope that app permissions do not take so long.

Thursday, May 17, 2018

WISH: windows 10 dynamic lock - non-phone, non-paired

windows 10 dynamic lock fitbit - Bing:

'via Blog this'

  1. Lock your Windows 10 PC automatically when you step away from it.
    • Sounds great! :-)
  2. If you forget to lock your PC or tablet when you step away, Windows Hello can use a phone that's paired with your device to automatically lock it shortly after you're out of Bluetooth range. 
    • This sucks! :-(
What fraction of the population pair their phone with their PC?

  • I used to do device-PC pairing, back when I backed up my phone by synching to my PC.  And/or synched podcasts from net through PC to phone.
  • But now I mostly go direct from phone to cloud.  I don't Bluetooth pair phone to PC, not unless I am tethering a personal hotspot via BT.
  • In general, I try to avoid phone-to-PC paring, because it is a security hole.
Heck, what fraction of people have their phone in their pocket whenever they are at their PC?
  • OK, probably most
  • But not me.  
That's what I have a SmartWatch for.  Actually just a FitBit Versa, but good enough.

Dynamic Lock would be more useful to me if it detected the presence or absence of my FitBit.

But, again, I don't want to pair my FitBit with my PC.  I pair my FitBit with my phone.  I wear my FitBit even when my phone is far away, but even then there's an identifiabke BT signal.

NOTE: I don't want this to log IN>

Just to lock.