Hacker News new | threads | past | comments | ask | show | jobs | submit DanielBMarkham (43797) | logout
Microsoft no longer signs Windows drivers for Process Hacker (borncity.com)
646 points by XzetaU8 2 days ago | flag | hide | past | favorite | 517 comments

The article mentions Process Explorer. Since Sysinternals were bought by Microsoft many years ago and the tools are distributed directly via Microsoft, such tools are unlikely to have an issue being signed.

A brief history of the process for those not following it. Originally for kernel-mode drivers, you needed a code signing certificate cross signed by Microsoft's root. This means that the certificate follows a chain up to a standard CA _and also_ one Microsoft use to approve that CA to issue kernel-mode certificates. It was not sufficient to have a certificate capable of signing code, even with MS' OIDs for that.

Then, around Windows 10 I think, Microsoft announced that one would need to acquire an EV certificate. You would then be required to submit the driver package via sysdev.microsoft.com and after spending time in Ballmer's Brewery, it would come out signed by Microsoft.

It was technically possible to use the old mechanism at this stage too, provided the end user did not have UEFI secure boot enabled. IF secure boot were enabled, the kernel would: a) if the driver was signed pre-Win10, accept it, b) if it was signed post win-10 RTM date and by Microsoft, accept otherwise reject.

Thus the only mechanism to realistically get your driver working on all Windows out of the box is to submit via sysdev. You can't realistically ask users to disable secure boot, even if this is entirely possible on all x86 motherboards.

Finally, the cross signed roots expire soon and I think some already have. Microsoft have decided that this mechanism will now be retired, and all drivers must be signed via sysdev from now on. You still require an EV certificate as well, to sign the package.

This is a bit of a mixed bag. On the one hand, Microsoft have repeatedly signed the shim maintained by redhat in order to allow Linux distributions to boot directly on secure boot-enabled hardware (UEFI binaries also go through this process and always have). Microsoft have their keys in the default keychain because they bothered to be involved in the process, unlike linux companies like Redhat. So on the one hand, they're being quite friendly to open source.

On the other hand, the push to EV certs rules out individual developers like myself[1]. I could register a company but... that entails effort and expense for a hobby project. And now hobbyist projects like this run the risk of being rejected by MS.

I mostly believe this is an attempt to reduce the number of code signing cert leaks that result in people writing malware, and lock down the Windows kernel a bit more, but still. It is a shame.

[1] This is because most CAs won't issue EV certificates to individuals, even if those individuals happen to have detailed knowledge of cryptography and all the pkcs.

> Microsoft have their keys in the default keychain because they bothered to be involved in the process, unlike linux companies like Redhat.

The status quo was that systems could boot any operating system the user wanted. Microsoft tried to force OEMs to lock operating systems other than those on a very short list (they tried to force Secure Boot to be enabled with no way for users to turn it off, and you can confirm this by checking out earlier versions of the UEFI spec), knowing very well that that list would always include Windows for pretty much every computer out there, but you try to spin this as it somehow being every other vendor's fault for not getting in on that list with each and every manufacturer?

There are two sides to this coin. Firstly there's the hardware vendors who make firmware, who decided to incorporate UEFI presumably because intel pushed it hard (original efi booted itanium and is also found in older Macs).

But it was certainly possible for a Linux vendor to have got a key into the kek and dB lists: https://mjg59.dreamwidth.org/12368.html

That's from Matthew Garrett, who along with Peter Jones, were responsible for the first shim.

A central authority like the Linux foundation could have stepped up here and could have since, actually. I understand why fedora/redhat preferred not to be in a privileged position but I can't help but feel someone ought to have stepped up.

The other side of the coin is the windows logo program, that requires secure boot be turned on by default. For x86 I'm fairly sure it also requires that the user can take control of the platform key and therefore evict Microsoft keys from the firmware. It also requires that secure boot should be disabled. I'm fairly sure Microsoft did this because they realised there would be objections otherwise

Microsoft's ARM hardware _is_ locked down with no such options and I object to that wholeheartedly. But then I also don't buy Apple kit for daily driver use for the same reason. Also luckily Microsoft are currently irrelevant in the arm space, although that might change with the serverready profiles.

I am sure the process was onerous, but someone could have done it. Linux is big business in the server hardware space and intel for example contributed the thunderbolt code to the kernel. I am fairly sure they could between them organise a foundation and throw a few 100ks per year at maintaining a signing key for other distros independently to Microsoft.

I don't believe any entirely locked down firmware ever made it into any x86 board.

> Microsoft's ARM hardware _is_ locked down with no such options

That was for 32-bit Windows on Arm hardware. 64-bit Windows on Arm laptops/tablets have unlockable Secure Boot, with a regular SETUP interface and all.

That's really good news and I'm glad they decided to do that.

All this does make Microsoft sound very reasonable, actually. People have been painting dystopian pictures of an ultra-locked down hardware future, complete with evil corporate overlordship etc for many years. Really as long as I've been using computers. Yet, here we are in 2021 and not only old hardware is still open but newly designed hardware too, and Microsoft has even been ensuring that platforms which didn't get the memo (mobile, ARM) open up.

The problem with a completely unlocked bootloader is that the distinction between "a Linux distribution" and "malware" is not one that can be decided technologically. Otherwise malware could just install a heavily customized Linux kernel that directly boots into Windows, hot-patching it along the way, and who is to say it's not really Linux? Someone has to make that call for the ordinary userbase that doesn't care about operating systems and it sounds like out of an ideological fit of pique - what a surprise - Linux vendors just noped out and refused to do their part. Because, you know, malware is other people's problem. So now Microsoft finds themselves carrying water for their own competitor.

Given Microsoft's losses with eg Windows mobile, their late entry into the cloud space, giving up on making their own web browser (engine), Microsoft's forced to play nice in order to compete.

I don't understand your second part though. What is the "step up" available to Linux vendors that they didn't do?

I feel maybe I should elaborate on this more because a lot of people in this thread don't seem to quite understand the UEFI thing. Yet I cannot see an error or oversight in the chain of logic, so Linux vendors really deliberately screwed themselves over here and it's quite impressive actually that Microsoft bailed them out.

1. Computer makers want to sell computers to the masses. This is reasonable.

2. The masses don't want un-removable malware that renders their virus scanners useless. Also reasonable.

3. Malware writers want to beat virus scanners by taking over the OS before it even boots, which is an unassailable position for them. This is "reasonable" from their POV. Likewise, computer makers - not just Microsoft - want to stop this from happening because it's a kinda game over move and there's nothing that really prevents it (pre UEFI) other than the fact that the programming is kind of tricky.

4. To fix this the computer maker must have some opinion about what the computer is willing to boot. Boot-loading code is henceforth separated into "good" code that makes users happy by letting them surf the web, print etc and "bad" code that makes users unhappy by screwing with their machine and data and possibly bank accounts. This appears to be unavoidable and can be implemented with cryptography.

5. But computer makers don't really want to have such an opinion because it's a live wire for geeks who run obscure operating systems. They just want to get rid of malware. So they need a default, reasonable whitelist that will make users happy, and then a way to edit that whitelist that is too difficult for users to get phished or scammed into doing by accident. Whitelisting public keys in the UEFI/BIOS screen seems like a reasonable approach to this.

6. To have a signing key that's shipped out of the box you must agree to some simple rules, like, you must actually not be malware, and you must not accidentally sign malware, and you must protect your key, and you must not sign a piece of software so open that it can be trivially wrapped around malware. The first three are easy but the sorts of guarantees best made by an institution, not an individual. Microsoft is an institution. "Linux hackers" are not. But, there is a Linux Foundation that could play the role and helpfully already own the Linux trademark (I think), so they already kinda get to decide what is and isn't really Linux.

7. The final condition is the harder one because it implies a chain of trust. Otherwise the malware writer can just create a bespoke Linux that boots into a minimalist Linux environment and then immediately unloads Linux and chains onwards to a patched Windows. So each whitelisted Linux distro needs to have a default opinion about what can run in kernel mode that is (again) overridable, but only by people who know what they're doing. Which Linux can do, via module signing. So no technical problem here.

8. At this point Linux vendors appear to have flounced out of the room and collectively decided they can tell the PC industry what to do by refusing to take part in the process. They were wrong, nobody gives a shit about desktop Linux because it has hardly any users. However they only realized this way too late, by which time PCs were already shipping without any Linux Foundation keys in the whitelist. What to do?

9. Answer: go crying to your primary competitor and pressure them/ask them nicely to fix your fuckup by using their own cert to sign your operating systems.

This is kind of pathetic and it appears the Linux community has still never got its act together and set up a key whitelisting process.

Take part in the UEFI secure boot process to get a key whitelisted that'd be shipped in hardware out of the box (e.g. one managed by the Linux Foundation).

> I don't believe any entirely locked down firmware ever made it into any x86 board.

There are some Android x86 devices that won't boot unsigned firmware and won't let you change the signing keys. But I've only seen that in non-BIOS, non-UEFI devices.

>But it was certainly possible for a Linux vendor to have got a key into the kek and dB lists: https://mjg59.dreamwidth.org/12368.html

Your text is written in past tense. But if there is a maintained list why is nobody working to get linux vendor keys in now? Yeah, it'll take a while for the hardware cycle to refresh, but it's better than nothing.

"Since Sysinternals were bought by Microsoft many years ago and the tools are distributed directly via Microsoft, such tools are unlikely to have an issue being signed."

It's a damn shame that Russinovich sold out to Microsoft as that broke Sysinternals' independence. It seems clear to me that Sysinternals was getting a bit too clever for Microsoft's liking and by buying Russinovich out then meant that it could control the process. Likewise, Process Explorer is being silenced for similar reasons, and denying certificates is obviously cheaper.

qBittorrent developers just said fuck it three years ago, and let the world burn with unsigned installer. I suggest everyone to join the civil disobedience. If you don't, you'll soon find out you can't run your programs.

User mode code is a different scenario. There are three possibilities:

- unsigned code pops up with a big warning 'your pc will explode' or something like that when you try to run it. - signed code does not need a cross signed certificate. Any CA can include the code signing oids and voila. This displays as yellow but the CN is extracted as the publisher name. - Finally EV certificates give you 'instant reputation' i.e. no orange warning. The difference is entirely audit related and the OIDs you may include. The crypto is identical to normal certs.

This I'm fine with. I understand Microsoft wanting to protect their kernel and the user experience and I'm on board with that but I like the fact that windows has traditionally been a very open system. It is a real shame it is heading the other way.

I haven't developed windows drivers for years though, or used windows as my daily machine for years either (it was Linux at home, windows at work, now Linux for both).

"...(it was Linux at home, windows at work, now Linux for both)."

That's my ideal plan but for many reasons it's been a long road for me and others I know.

In controlled environments where the outcomes are either narrow or clearly defined then money can be thrown at the problem to ensure that Linux penetration is 100%. Unfortunately, I'd hate to count the number of times I've seen this objective come unstuck for many reasons, thus an annoying residual of Windows installations remain.

Generally, it's not the lack of Linux applications that's the problem but more a mixture of compatibility issues brought about by a diverse range of hardware types and vintages thereof combined with either a lack of Linux drivers or the poor performance thereof - for instance the nVidia driver and Linux's native NTFS driver that's now old and leaves much to be desired (yes, I'm aware of Paragon's NTFS diver and I'm hoping that it will, in part, improve matters).

Also, ordinary users still have significant difficulties in installing Windows apps in WINE not to mention getting printer drivers to work. I don't know how many times I've heard "I tried to install the CD that came with the printer and it didn't work".

It would be nice to see the Linux community spend more time on these compatibility issues for if we could solve many of them then we'd see an upsurge in Linux usage on the desktop.

Even I haven't eliminated Windows completely. As far as I'm concerned this is now a high imperative given that Windows has morphed from being an independent operating system into a fully-fledged functional appendage of the Microsoft Corporation.

I was wondering about that. Every update when it says it's unsigned I get really nervous and triple-check the source and monitor traffic during the install.

They mentioned ProcessExplorer, but actually linked to TaskExplorer. I think it was a referencing mistake. TaskExplorer is what they meant, another independent program.

> So on the one hand, they're being quite friendly to open source.

This is surely not how I would interpret this behavior, even if regarding malware to a disproportionate degree.

This is one of those areas where the government should step in and require MS and others an opt-in back door where you can turn off secure boot but still use windows uninhibited for hobby and experimental purposes. Similar to the way we need more laws for right-to-repair.

Very informative.

And presumably on OSX none of this applies because it's all BSD underneath? Or is OSX different again to just running BSD out of the box?

On macOS, you have those options:

- SIP off (totally, or just driver signature enforcement)

- kernel driver (deprecated, Apple doesn’t issue new certs anymore it seems)

- system extension (user-mode driver, explicitly intended for device compatibility)

Also, if there is non-profit org work, recall that one can supposedly setup an organization and request a developer fee waiver: https://developer.apple.com/support/membership-fee-waiver/

(no idea how this actually works in practice, wonder if one could wrap open source work under a non-profit organization)

So whilst three is different aren’t the analogues on Windows for 1) and 2)

1) Test signing - do what you want

2) Kernel driver - still possible, needs EV cert?

1) on Windows entails a significant security downgrade, as you cannot just pick custom kernel extension only, with validation by the user. That might however not be important, depending on your threat model.

For 2), it’s borderline impossible to get a driver signing cert for macOS nowadays for individuals, it’s easier on Windows.

Ah yes, that is true, SIP is more granular than testsigning on Windows...

> Apple doesn’t issue new certs anymore it seems

This is not true. kexts are still signed by apple after being submitted and vetted.

Apple deprecated KEXTs[1], but still signs some .kexts they've chosen to grandfather in like macFUSE.

[1] https://developer.apple.com/support/kernel-extensions/

Kexts are not deprecated in general-- only kexts that use deprecated KPIs are deprecated. (The page you link is the list of deprecated KPIs.)

The net effect of this: if something can be done using a System Extension rather than a kernel extension, you'll get deprecation warnings if you try to do it with a kernel extension. Kernel extension points that have not been replaced yet are still valid, will still be signed if used, and will still run on current versions of macOS.

And as far as I understand, disabling AMFI disables code signing support and enforcement completely.

Disabling AMFI is a whole other level of a hammer, that I do not recommend at all on a system that you might actively use.

On Mac it's significantly more locked down and judging from recent comments by Tim Cook they still aren't happy with it. Presumably they see iOS as the gold standard internally and would love to make OS X work the same way, but can't without breaking too many apps. The recent stance taken by the judge on Epic v Apple re: Gatekeeper will certainly push them further in the lockdown direction :(

On OS X Intel the operating system will basically refuse to run unsigned code unless you know an ever-shifting series of magic undocumented cheat codes. You have to do weird things like hold down certain keys then use the right click context menu to open unsigned apps, you need magic CLI commands to disable notarization checking, you have to go into the system preferences window to enable drivers to be approved and then reboot etc. The UX is atrocious and gets worse all the time - it's barely acceptable even for developers. That's for usermode. Kernel mode drivers are dead now, more or less.

On OS X ARM unsigned code will not run. Period, end of story. The magic cheat codes are gone. All code must be notarized, which is a server-side approval process of the type Microsoft only use for kernel drivers.

There are a few silver linings to all this. One is that getting a cert isn't actually that hard. You need a credit card, basically. It's not like getting an EV cert where you need a company and for a CA to verify the corporate identity. Likewise their "notarization" process is not a manual app store like review, it's fully automated and is mostly just checking that the app is well structured and properly signed. It probably does other things like checking you aren't using internal APIs, and they presumably archive all the binaries they notarize so they can go back in time to investigate malware and so on. But it's not being used for political or commercial purposes, at this time.

Thanks for the background and info!

> This is because most CAs won't issue EV certificates to individuals, even if those individuals happen to have detailed knowledge of cryptography and all the pkcs .

Honestly the majority of Orgs don't have these chops. There's really no go way to proof anyone.

I think the rationale for Orgs is just that they have more to lose.

An immensly powerful and useful tool. Can't live without it. Hopefully the situation resolves soon.

What is it with MS these past few months? It's like they're trying to throw away the little community goodwill they managed to build up over the years.

Quite a lot of community goodwill, unfairly granted. I've lost count of how many times I've read on this very forum, "calling it Micro$oft is childish, they're a changed company, Nadella is better than Ballmer, etc".

They are as hostile to free software as they ever were. Why wouldn't they be? It's antithetical to their business model. The only thing that's changed is how sneaky they are about their time-honored tactic - embrace, extend, extinguish.

Microsoft took the same approach as Bill Gates. Gate's ruthlessness made the public hate him(remember the milkshaking?). He took public relations serious and put on the nice guy public facing image while still being as devious and wretched as he was back then. The Microsoft leaders saw how well this worked him and used the same tactic.

EEE isn't obsolete, very far from obsolete in fact, they are just playing it (very) long.

I lived through the dark days, they are definitely not as hostile as they used to be. However, that could change at any point with a change in leadership or a bad quarter.

> What is it with MS these past few months?

I was thinking the same. It's not been a good few weeks for them. They're quickly losing trust which was hard to acquire in the first place given their history. Maybe a timely reminder to mention Halloween [1] ?

[1] https://en.wikipedia.org/wiki/Halloween_documents

Are they losing trust though? Many young developers don't remember the height of the EEE days in the 90s and 00s when MS was trying very hard to extinguish free software. These are just stories to them.

Now, MS runs the world's largest source code sharing service and many of these young developers launch proprietary MS code editing tools daily.

We old timers always knew what the end game was, but young people lack the context and so many are already hooked on MS now. It's not obvious to me that they will ever care enough to switch no matter how hostile MS behaves.

> young people lack the context and so many are already hooked on MS now. It's not obvious to me that they will ever care enough to switch no matter how hostile MS behaves.

Not all of us. I had just barely started being willing to trust Microsoft again, and they've repeatedly shown themselves to be hostile since the initial "Github is cool! And WSL! And VSCode!", enough is enough.

I've read the Halloween documents, I know where this goes.

Young free software advocates exist - I'm one. I know about EEE and agree we're in a sorry state.

I have a feeling MS will continue to dominate due to network effects and vscode/wsl being a nice enough experience. It'll take them resting on their laurels or some great act of user hostility to change this status quo.

I remember. It’s also hard to turn down WSL and VSC. They are wonderful products and I’m fairly certain I’m sadly contributing to all this nonsense but I also need to get my day job done and pay the bills. One day large corporations I hope will allow Linux. But at least mine it’s windows or macOS and apple is far behind the wsl/vsc curve right now and apparently doesn’t have any motivation to catch up. They rely on “you have to use Xcode” right now which is unfortunate.

They've always been acting as a strong monopolistic corporation with a "fuck you" attitude. Here's a summary of Microsoft attitude these part 5 years:

- rebrand as open-source friendly, only open-source whatever narrow side-projects they barely care about but could be run on other systems (VSCode, Powershell); distribute official packages with spyware

- monopolize the education system by offering bribes including gratis hardware devices to whoever in State education will work with them to pretend Microsoft loves kids and kids need computers (with Microsoft software, obviously) to learn anything in the 21st century

- force manufacturers to deploy "TPM v2.0" on their new machines so they can run Windows 11, continuing the push so that people have 0 understanding and control over the machines they own (instead are controlled by the machines), and don't have a choice of system because "SecureBoot" [0]

- love Linux! let them integrate all your POSIX/Linux APIs in a VM on their system, so that you never have to use anything else than Windows ever again (embrace...) ; it's just like reverse-Wine (execute Windows program on free systems) except they have an army of developers with $$$$ and don't have to waste time reverse-engineering anything because they have the source code to both systems... how convenient!

- viruses are such a huge problem, if only we had some sort of digital signatures for software, and trustworthy places to get it from?! sure let's have a Microsoft market where you can buy adware/spyware signed by Microsoft, with two key advantages: 1) it's super faster because signed software is not inspected real-time by Windows defender 2) noone else can make their own "appstore" repository with their own signature keys (like we do with Flatpak/APT/nix/guix) ; very soon they can start to hide how to run programs unapproved by Microsoft like Android or MacOS [1] have been doing... and it's all for security, right? because app-store monopoly has definitely stopped malware (oooh that's a nice flashlight app you got there Google Play) without harming FLOSS/hobbyist devs (yeah sure)

It's just *washing (openwashing here) straight out of marketing textbooks. If you know/learn anything about capitalism and public relations, you won't be tricked next time!

[0] Briefly touched upon in this bigger article about how Microsoft is still evil, why Secure Boot has nothing to do with security, and why hardware manufacturers happily play along: https://www.haiku-os.org/blog/mmu_man/2021-10-04_ok_lenovo_w...

[1] There was even this worrying story at some point that MacOS would refuse to open applications (whether signed or not) because their centralized server could not be reached: https://news.ycombinator.com/item?id=25074959 <-- Soon coming to your Windows setup

Ah, I don't really care about telemetry, but their amazing outlook.com SMTP service rejects mail from small senders, and there's no way to successfully appeal.

Yeey, brave new megacorp world!

Ah, yes:


   My name is [Kumar/Numan/Punith/Suresh/Sachin] and I work with the 
   Outlook.com Sender Support Team.
   I do not see anything offhand for the IP (xx.xx.xx.xx) that would 
   be preventing your mail from reaching our customers. 

   Good bye and fuck off.
In response to complaining that their servers say -

    550 5.7.1 Unfortunately, messages from [xx.xx.xx.xx] weren't sent.
    Please contact your Internet service provider since part of their
    network is on our block list (S3150).
Completely and utterly ridiculous.

At least you got a response! Most people don't. According to some previous blogposts and threads on this topic, apparently if you just contact them often enough, they will after a few months escalate the problem to the competent team and get you unblocked.

Yes, I've done this successfully several times. It usually takes several tries though.

What’s the difference between a small sender and a spam host?

The difference is decided by decent spam filters:

- is the exact same message being sent to many users?

- does it look like previous spam?

- are messages from this host being reported as spam by users?

We have plenty of techniques to filter out spam (those above and technical ones like DKIM to enable host reputation systems) and they mostly work great. What Google/Microsoft are doing is just monopolistic attitude and has nothing to do with spam filtering. Spam from big email servers is still common, but legit emails from smaller servers will not reach intended recipients, and will not produce any indication of that on either side of the communication. It's just silently going in the trash.

If there was at least a decent way to get allowlisted on their side, we could give them the benefit of the doubt and accept that email ecosystem has turned to an opt-in federation model. But the way they do it and prevent recourse is a clear abuse of dominant position to crush the competition.

What's similar between them? A spam host will likely be high volume of similar-looking email sent to users who will never reply and most probably trash/spam-categorize the email. A small, single-user sender will likely be *very* low volume of fairly different-looking email sent to users who will likely answer and otherwise interact with the mail. They have literally nothing in common.

Before I moved to fastmail, my email was consistently getting nullrouted by microsoft. Everything was setup correctly (SPF, DKIM, DMARC, ARC, etc...), and every other mail host I tried would receive my mail correctly. I send out a very low amount of email (3-4 per month?).

My old university mailbox got migrated to Microsoft, and now people who don't use a professional mail provider (gmail, yahoo, etc..) basically can't send to that address.

We (small devshop + some hosting + self-hosted email) hosted a few things for a foundation for years, and about two years ago they migrated the mail stuff to MS. (We continue to host a few sites, domains, DNS.) Now when they need something and send us an email we can't reply, because our IP is "listed".

Okay, I know spam can be bad, and fine-tuning spam filters is a PITA, so let's go through the delisting process, surely with enough perseverance eventually MS will tolerate us into their graces.

Well, it has been more than a year now, and still no luck.


We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.

Not qualified for mitigation x.x.x.x Our investigation has determined that the above IP(s) do not qualify for mitigation.



do you mean you never received spam from @gmail.com? Lucky you!

With a proper rspamd setup, gmail is the only source of delivered spam for me.

Note that secureboot does have a minor advantage for encryption at rest. Making much weaker passwords acceptable. I am happy my work laptop has secureboot. And I get why they lock down their device for me to use.

For devices I own, I gotta control the secure boot, or I simply don't own it.

In theory, yes. In practice, what control do you have over the hardware? Can't basically anyone with a few million dollars to throw at the problem compromise any form of Secure Boot? If you're NSA, no need to go so far... they've probably got access to the Microsoft root signing key.

If the schematics and code to the TPM were free and there were "tamper evidence" mechanisms in place, we could argue secure boot had some benefits for security. But in its current forms, it's just preventing users from owning their devices with little evidence for security for determined attackers.

Machines should be simpler and auditable: that's how reliable security works. Adding piles of shit on top the other piles of shit is just producing more overall shit.

> Can't basically anyone with a few million dollars to throw at the problem compromise any form of Secure Boot?

Probably. But if my laptop gets stolen I would rather have the thief needing to spend a few million dollars in order to defeat Secure Boot.

Now if I were to worry about state level espionage I would combine the secure boot with a strong password for device theft, and not bring the device anywhere a long-term evil maid attack might occur. But in that case I am still happy if my stolen laptop requires a few million dollars, and that an evil maid also needs to somehow defeat secure boot before being able to do anything to some of my device.

Secure boot isn't perfect. But no practical security measure is. Secure boot is effective at making attacks more difficult, and that means it has value.

It just so happens that such value is most relevant for company-based security. And sadly it seems to be pushed on private devices for other reasons. But the move towards abuse of secure boot does not mean we should ignore the security benefits it gives to company-issued laptops.

LOL @ "narrow side-projects" such as VSCode and Powershell ?

Yup, we're still far from having open source Windows, Active Directory, SQL Server, Teams, Github, Office... or any "central" product essential to their business offers.

I can live without Teams, Github, Office, Sql Server, Active Directory - all have alternatives and in most cases better. Teams, really ?

Re: app store. That's not quite fully correct. It's obscure and not well known but actually, Microsoft isn't doing what you claim.

1. Any signed app with good reputation will be ignored by Windows Defender and other AV tools. That's how Windows security works: the anti-virus programs focus their attention on activity by code that they don't recognize. Signatures are how to handle "good" polymorphic code like app updates whilst stopping "bad" polymorphic code like viruses that constantly rewrite themselves. This isn't connected to the app store.

2. You can in fact make your own app store. Windows 10 comes with something called App Installer. You put an MSIX file and a .appinstaller file on your web server, and open the XML file with a special protocol handler. The app is downloaded, installed, lightly sandboxed (but not aggressively so: win32 apps will work fine), and Windows keeps it up to date for you. This is basically the same experience as the App Store itself, but decentralized.

Where did they actually do nice things?

VSCode is still not entirely open source and the official builds have spyware included.

It's honestly weird to see "Telemetry" labeled as "Spyware" by a technical people that, quite frankly, should know better.

Spyware is NOT the same as gathering Telemetry data.

You can also just turn off Telemetry in VSCode in the settings.

I think a vast majority of people on HN gather data on customer usage of the products that they build. Because it ultimately makes us able to tailor the products better for our customers. It's just ignorant to put this in the same category as applications that slurp up as much data as they can for e.g. ad-profiles or to sell that data off to the highest bidder.

> It's honestly weird to see "Telemetry" labeled as "Spyware" by a technical people that, quite frankly, should know better.

It's precisely because it's technical people who know better that you see "telemetry" labeled as "spyware", which it is, and it's how we called it back in the 1990s/2000s.

The only reason people these days call spyware "telemetry", is because it got normalized by large companies, and is now defended by devs who figure it's better to ship spyware to people than to give a damn and talk with users.

> Spyware is NOT the same as gathering Telemetry data.

Telemetry and spyware differ only in the way collected data is used.

I would say the intent very much dictates the what and how of Telemetry as well. There's a huge difference between gathering data on feature usage of VSC vs e.g. slurping up the code from its users.

A lot of software lets you opt-out from Telemetry gathering when you install it. I would not think Spyware would do this.

And I feel like saying it's "only in the way collected data is used" really makes a small thing out of something that is very important. There's a very big difference in doing something maliciously and doing it to genuinely try to make your software better!

Actually there are of course different levels of bad like in any other area of human endeavor. Many criminals who would happily break your car window to steal your laptop wouldn't kill you to sell your Kidneys.

Lots of spyware that wants to remain on one side of a less dramatic divide simply provides "options" for example in the installer that are opt in and vaguely defined that no sane individual fully understanding his options would opt for.

Such software isn't usually cryptolocking your family pictures instead its frequently grossly violating your privacy and selling your time and attention to third parties who in turn may opt to use this bought and paid for back door into your computer to waste your time or cryptolock your family pictures.

Here's a clue. If you have to make a feature opt out because nobody on earth would opt in given time and expertise sufficient to understand your offer then you are victimizing your user. I cannot think of a case where any data collection being anything other than opt in would be acceptable.

> Telemetry and spyware differ only in the way collected data is used.

No, they first and foremost differ in the kind of data is collected. Spying is not spying if you anonymously collect information about how frequently a feature/future/option is used only.

What if you repeatedly fail to anonymize the information and also collect user-entered data like command line arguments?


Well, you make my point. What you linked to is definitely not telemetry.

So is your point that what Microsoft is doing is in fact spyware and not technically "telemetry", since what I linked to is what they are actually doing? In that case, to avoid confusion, we should stop referring to it as telemetry.

> What you linked to is definitely not telemetry.

So, the OP was correct in calling it just spyware?

Why do people jump into defending corporations that repeatedly abuse their customers when they do unknowable hidden actions?

I disagree - they are correct because once collected, the data is fed into a blackbox, and a user has no way of knowing if the data collected is - by your definition - spyware or telemetry. The beat way to treat this Schrodinger's telemetry, is to assume it's spyware.

Would it be OK if the NSA required it? No? Well, it's not OK for your OS vendor to require it, either.

And the illusion that it will always be possible to disable telemetry is just that, an illusion.

What did you expect? Microsoft labeling their data collection actions as "spyware" themselves? "Spyware" is a term used by people who oppose data collection, they didn't ask for. "Telemetry" is an euphemism by the ones that build this data collection into their apps.

I expect professionals to be able to distinguish between the two instead of being suckered into some sort of hive-mind thinking of "all data gathering bad hurr durr".

I'm absolutely all for privacy and limiting unnecessary gathering of data. But there's nuances to this discussion and labeling everything that has any amount of telemetry as "Spyware" does not do anyone any good.

> some sort of hive-mind thinking of "all data gathering bad hurr durr"

Maybe it's not "hurr durr" and people have a legitimate reason to hold that opinion. To those people, any distinction between spyware and "good" telemetry is merely academic and effectively irrelevant.

It isn't professional to find fitting euphemisms. Either the user has control over the data collection or he doesn't.

"hurr durr" strawmen on the other hand...

Collecting data to "improve" programs and then not doing any improvement really look like spyware.


My favorite part is when someone figures out "telemetry" includes the MAC address, and the dev team just goes completely silent.

The MAC address is very important for developers. It tells them which GUI elements are accesed, what error messages are common and what features of the program are accessed.

For some reason developers think they're magically exempt from judgement of their data harvesting. I don't want you monitoring my activity on my goddamn devices, however much you yammer on about having good intentions. The act itself is hostile, and that's why developers are so goddamn sneaky about it. You're invading privacy and creating metadata records that are trivially deanonymized.

There's an honest, non sneaky way of gathering usage information: pay for rigorous testing and price the cost into the product. Telemetry is lazy, invasive, and user hostile by default. Every bit of information acquired from users should be given with informed consent or not collected at all.

From what I've seen the invasive data harvesting often does not come from developers themselves, but is rather requested by product and BI wanting to get more insights into the customers.

It's hard to really stand up to that kind of situation.

True, and how else should any developer know what food the user had yesterday?

You forgot a pretty relevant part:

Hashed MAC address: a cryptographically (SHA256) anonymous and unique ID for a machine.

Although I disagree that they should have this to begin with, it being anonymized is still a pretty important detail.

From my POV (user), how do I know if my data is being aggregated correctly and not being sold?

As a developer, how do you know the data you're collecting now won't be used maliciously in the future by your org?

My issue with telemetry is it increases the chances of data leakage. I don't care if Microsoft gets data on what commands I'm selecting from the menus. What I do care about is that they record any free-form entries. Let's say they want to know everything I type in the command palette so they can figure out if they should add aliases for certain actions. That doesn't sound too bad until you consider the case where you tried to paste in what you were looking for, but forgot that you had something very personal in the clipboard. Once that happens, you just have to hope that the first person to see it is a good enough person to wipe all traces of that info out.

If it is unwanted, it is spyware in any case. Have an option to disable it and you would have a case. Otherwise you do spy on the behavior of people.

We don't collect customer data, we ask for feedback directly.

> You can also just turn off Telemetry in VSCode in the settings.

Such a feature should be disabled by default.

By the same standard, Apple telemetry should also be labelled as "spyware" yet nobody would bat an eyelid at Apple mentioning data of their telemetry reports.

Thank you for saying this. For those who don't know about the open-source release of VSCode, check out https://vscodium.com/

I use VSCodium every day, and recommend it over VSCode to everyone, however, due to microsoft's locked down plugins, particulary the ones related to remote development and debug, there are certain things which can be done with VSCode and not VSCodium.

It's worth bearing in mind for those considering switching.

SSH FS, a third-party extension seems to work well with VSCodium: https://github.com/SchoofsKelvin/vscode-sshfs

They mean Microsoft's plugins -- they just work with VSCode on purpose.

This one is an alternative to the remote development tooling which doesn't work on VSCodium. It is certainly not a full replacement, but you get to poke around the files on the remote system and run commands over SSH.

Yes, but unfortunately if you want to use something like Okteto[0] it requires the microsoft plugin. There are other third party plugins and tools tightly bound to the Microsoft ones making them unfortunately unusable.


Sadly, MS has locked-out the extremely useful and popular PlatformIO from being available in vscodium.

Trusting a company with the history of Microsoft (and its size) is at least naive. Not one of the mistakes I did in my life.

The motivation seems pretty obvious to me: They want to obscure as much as possible what's going on inside OS.

Shareholders are getting anxious.

Some nth derivative growth metric is slowing down, so the company is actually doomed unless it does some shady shit.

What goodwill?

Keep in mind this has happened because people agreed that they can't (normally) run code not singed by someone else (Microsoft) on their own system for “security” reasons. Well, it was not security, it actually was a way to keep keys to themselves, and hold the user system as a hostage. And it has been explained many times by many people.

If you care about software freedoms, even just a tiny bit, you wouldn't touch “Microsoft open source”, and you wouldn't be happy about your friends using any of it, like you wouldn't be happy about seeing them with a heroin syringe. That is going to explode spectacularly one day.

The user wants convenience, and then, under the premise of convenience, corporations create systems that give them the convenience they want in exchange for their privacy and freedom.

Being spied on, having forced updates, a remote kill switch on your computer, "telemetry", advertisement, and the best of all: your government being bullied and lobbied on with the money you paid... it is all worth it because you can run a stupid DirectX game at 60 fps instead of 58 fps. Until the forced update interrupts your game, that is.

Usability triumphs everything. Even privacy. Either pass pro-consumer laws or compete with them using free alternatives. Why do you expect a corporation to care about your privacy or well being? They would be using small children, paying them a loaf of bread a week making it illegal to not do business with them if they could. People have rights and equality before the law , corporations not so much.

You can run the game at 60fps instead of 600spf though.

That is blatant false-dichotomy. You don't need to undermine the immense level of security improvement introduced by driver signing. Kernel mode rootkits are very hard to detect and eradicate. Right now, windows kernel mode rootkits rely on exploiting vulnerable drivers (very easy to detect when vulnerable drivers are loaded). It's not just signing but MS requiring valudation. If only Linux distros required this by default (with a boot option to turn off validation).

If you wouldn't touch Microsoft open source but you would touch Google open source (say Chrome or their contributions to the Linux kernel), I would love to hear how that is different. Personally, the software I use is not a matter of ideology but a matter if the best tool for the task at hand. But your observation on how MS is using adversarial compatibility against Linux (flipping the table) is correct. I just don't see how post-systemd gnu/linux is all that different, perhaps because it is many megacorps contributing and controlling Linux? It's not exactly driven by software freedom anymore.

From: https://github.com/processhacker/processhacker/discussions/7...

>The existing drivers are compatible with Win11 and haven't been blocked by Microsoft yet... The large majority of changes by Microsoft are limited to restricting the Windows API with signature checks that block competitors software (e.g. CreateWindowInBand, NtQuerySystemInformation, NtQueryInformationProcess to name a few) rather than directly targeting the drivers themselves.

>The signature checks added to those functions and classes only block third-parties and this includes signed binaries. We won't be able to implement the same functionality as Task Manager and Process Explorer because of those Microsoft-only signature checks even after we sort out the submission issue.

>Always-on-top, Auto-elevation, DPS statistics, Default taskmgr application preferences (Microsoft hardcoded taskmgr.exe blocking competitors), GPU statistics (deliberately broken on Win10 and Win11 recently) and the DirectUI framework are some examples of features that I want to implement and are currently implemented by Task Manager but are Microsoft-only signature restricted while newer more advanced security like PPL that we desperately need are also Microsoft-only signature restricted.

>The only certificate allowed to use these and other functionality is now limited to Microsoft Windows certificates - the same certificates used with Task Manager and Process Explorer - while SAC has even more powerful functionality than anything else (including Process Hacker) with absolutely no security whatsoever.

So, basically, for some reason, Microsoft wants to make it very hard for you to see whats running on your computer...

weren't MS slapped around during the DOJ case for undocumented APIs?

and there's a mile of difference between undocumented and "can't be called by non-MS products at all"

It was disallowed for other Microsoft products to call undocumented APIs. Anything called by Office/Azure/whatever needs to be a publicly documented API, and there are automatic checks in all Microsoft codebases to confirm that no undocumented APIs are called.

Windows components, of course, aren't subject to any such rules. There have always been and always will be interfaces necessary for Windows to call itself that the company has no interest in supporting in a backwards-compatible way and publicly documenting. An example is pinning applications to the taskbar: Windows needs to be able to do it, but if it was a public API every app would do it and the experience would be ruined.

Of course, Chrome eventually figured out a way to bypass and do it (I believe using accessibility hooks to simulate user input? I forget the details), at which point the arms race escalated from there - the Windows team added new protections in that area - but I haven't worked in that area in a long time and don't follow it in detail.

I was on a Microsoft page a few days ago reading about some of the Microsoft Store APIs and they were all marked with big warnings that claimed they could only be accessed by apps with special entitlements (so, basically signed versions of winget). Seemed really icky to me.

> So, basically, for some reason, Microsoft wants to make it very hard for you to see whats running on your computer...

That's my take on it, too. I doubt they care about a "competing" task-manager tool.

>So, basically, for some reason, Microsoft wants to make it very hard for you to see whats running on your computer...

That sounds a little conspiracy theory-ish. It seems like there are other tools to access this info, is that not the case?

Not at all. The American tech mafia is mapping all user data they can get a hold of. This is very far from a conspiracy theory in 2021.

I don't think "Process Hacker" is a tool that has zero other alternatives. As a former systems dev, I find that very hard to believe. Sorry, I didn't understand what point you were making though.

The reason might be DRM?

(Also, isn't this straight up illegal according to their previous settlements?)

That settlement expired in 2009.

> So, basically, for some reason, Microsoft wants to make it very hard for you to see whats running on your computer...

So they can run spyware. Nearly every user hostile policy or behavior can be explained by the insatiable lust for data.

They wanted feature parity with MacOS' ability to hide processes from the user.

So basically running rootkits. So MS from spyware company has evolved to malware. Keep up the good work.

If you are worried about MS running rootkits on Windows, then I got some worrisome news for you.....

Excuse me, what? Hadn't heard about this. Got a link?

Microsoft is locking certain API's:

Always-on-top, Auto-elevation, DPS statistics, Default taskmgr application preferences (Microsoft hardcoded taskmgr.exe blocking competitors), GPU statistics (deliberately broken on Win10 and Win11 recently) and the DirectUI framework are some examples of features that I want to implement and are currently implemented by Task Manager but are Microsoft-only signature restricted while newer more advanced security like PPL that we desperately need are also Microsoft-only signature restricted.

I'm not familiar with the rest but how is Always-on-top locked away? Its such a basic thing and a lot of programs are using it.

SetWindowPos with HWND_TOPMOST fails with Access Denied.

CreateWindowInBand also fails with Access Denied.

That's so weird. No idea why they restricted that but not the other ways of setting a window to always stay on top. Like whatever Firefox's picture-in-picutre uses.

EDIT: I guess they want to prevent you from doing interesting things like staying on top of the lockscreen. This article sheds some light on the Z ordering changes since win8 https://blog.adeltax.com/window-z-order-in-windows-10/

16 new Window bands (layers) is excessive. "Activate Windows" and Cortana each get their very own.

Locking other vendors out of that functionality (eg. can't create a Notifications panel alternative) is anti-competitive and degrades one of the best features of Windows (the ability for others to improve it as they see fit).

I've had to authorize lots of Steam games this month in 'Windows Security' protected folders just so be able to save replays, or basic controls configuration.

I think MS is going for the kill against Steam this time.

And this is with Windows 10. Windows 11 will require MS permission, and some Steam games will simply never work there.

But you will be able to purchase them again in the MS Store.

Arguably this is Valve's fault because they insist on putting a ton of stuff in secure folders (under Program Files) instead of where they belong (in the user's home/data directories)

They've had a LONG time to fix this.

That's just game fault that it saves data in game files instead of user directory.

No, Steam puts stuff like steam cloud in the programfiles dir as well. It's totally under their control where it goes.

Steam Cloud files location is also specified by game developer: https://partner.steamgames.com/doc/features/cloud

Isn't that just because the default library is in the steam install folder? (On windows)

Yeah, and Valve can’t be arsed to change it.

Because that won't make them any money like their loot boxes.

As for the matter, some teams here are just as incompetent so someone's probably going to have a fire lit under their arse to either fix the signing issue or publicly document why these APIs are now "protected"

They don't just put the games there, they put the steam cloud data there too, and I think screenshots etc.

I hope the folks who claimed up and down that Microsoft was different and better these days, and ridiculed people who didn't believe it, are paying close attention to this.

Reminder that they own Github as well as what is likely the single most widely used code editor.

> Microsoft Process Explorer has the same functionality so they don't have standing to block competitors then go and include the exact same features in their own software.

> Microsoft has been secretly adding more powerful features than Process Hacker via their SAC product – SAC has no security whatsoever by design – they're clearly targeting the project not because of any actual technical issues but rather because we're more popular than their products, so they're using the same (illegal and anti-competitive) tactics they used against Netscape Navigator to eliminate competition but also labeling the project malicious in an attempt to mislead the competition regulators.

Yet another example of a trillion dollar tech company stifling competition and innovation with anti-competitive tactics.

Both Microsoft and Apple require developers to sign software in order for their apps to run on Windows or macOS. Developers must pay to buy and renew their certificates regularly and must remain in good standing with either company if they want their apps to run on either OS. At any time, and for any reason, Microsoft or Apple can revoke your certificates and prevent Windows or macOS from running your apps at all.

The control over what apps can run on Windows or macOS is all about securing profits for either company, first and foremost. Actual security is just an afterthought.

Both companies take it one step further and are locking developers out of kernel space. Apple stills signs a few third-party .kexts, like macFUSE, but everyone else is out of luck. Microsoft needs to sign kernel-mode drivers or situations like the one in the OP will occur.

This is certainly different than, but reminiscent of, the situation with AppGet and Microsoft's clone, Winget[1].

[1] https://keivan.io/the-day-appget-died/

Welcome to AAA game development on consoles, since 1980's.

Console manufacturers have often lost their case whenever game studios took them to caught over this though. Hence EA and Codemasters not using standard Megadrive / Genesis carts. So there is at least some hope that there is precedence in favour of independent publishers.

Microsoft owns github, it could be said that they no longer depend / compete with the open source community, since they operate it from the shadows. It is reasonable to think that game development is too complex to be privatised (for now, at least)


do you mean Special administration console? or Semi-annual channel?

Yes, it's Special Administration Console.

Not sure, I'm quoting directly from the article.

The same question has been answered in the linked GitHub issue, though the comment was marked as off topic.

It's special administrative console, more in depth info what that actually is in the comment.


The highlighted comment has been marked as off-topic and requires logging in to view, which I'm disinclined to do from mobile. Is there a summary elsewhere?

Here you go:

  on 16 Aug
  Interesting driver,
  is the process termination feature of PH the only thing MSFT has a problem with?
  I mean if its the only thing they don't like, may be its worth moving that feature into a separate tool or a plugin with an own unsigned driver?
  Also changing the name would be an option, if than all the problems can be avoided.
  on 16 Aug
      the only thing MSFT has a problem with
  MS refused to discuss anything and have ignored every email so who knows what their problem is.
      if its the only thing they don't like
  It's not the only thing.... There are recent changes to APIs that block and limit features when the caller isn't taskmgr.exe.
  Either way this discussion is offtopic from the KPH updates.

I thought signing was only required to avoid a the OS showing warning on installation, or has this changed in win11?

For unsigned drivers users have to enable test mode and I can't imagine secure boot works unless the drivers are signed. In the case of unsigned applications it's correct that it's just a warning.

Are there TPMs where the user has more control and can configure w/ a root password to control keys? I like the idea of a secure tamper resistant security device but I don't like that the owner of the PC does not retain absolute control over this device.

Even if your TPM lets you control the keys, how do you know it doesn't have a set of secret keys known to the manufacturer and/or government?

If you're using these keys as part of a disk encryption scheme, you may find that your government deems this to be an illegal attempt to prevent yourself from complying with search warrants (even if you're not suspected of any other crime).

Yes - the TPM isn’t a Windows-only thing. For example: https://wiki.archlinux.org/title/Trusted_Platform_Module

At least historically TPMs weren't even usable at all before you perform a procedure called "taking ownership" in which you set a password. This is one of the reasons nothing much uses the TPM. The privacy/control features it had killed its usability.

> the owner of the PC does not retain absolute control over this device.

This is a bit FUD-y. TPMs are key stores, the same as what Apple calls a "secure enclave." When you activate a device with a service like Netflix or a software like Windows, they stick their key in the TPM. As a user you can clear of disconnect the TPM any time you like - you're in control of your device. What you're not in control of is Netflix and Windows - Netflix and Windows are only going to authorize 5 TPMs. If you reset your TPM, you're going to need to re-enter your license information.

The fact that, by design, you (the owner) can't make the TPM give you all of its secret keys, means that you don't have control over your device.

Does it? I can't make my microwave work with the door open either. The whole "point" of a TPM is that the user can create, use, and delete keys inside of it, with the promise that the keys won't come out. TPMs are just smart cards. Would you say that you don't have control over a smart card because you can't get the keys out of it? I'd say I DO have control over the smartcard, because I authorize and de-authorize the keys held within, and the whole point of a smartcard is to permit authorization of a physical entity, which requires the physical entity to resist leaking its keys.

To me, operating with a well designed model, when and if I choose, with the ability for me to shut it down at any time - that's control.

In an ideal world, all smart cards/TPMs/HSMs would have these two properties:

1. Under no circumstances would they ever be sold with any private keys already on them

2. There would be no way to prove or determine after the fact whether a given key was generated internally or imported from an external source

If those two things were true, then you'd still be able to get 100% of the legitimate security benefit of them, but they'd be completely unusable for DRM and other evil things.

But they sign malware? Strange.

I don't know about malwares but online gaming cheat developers have been using a signed driver from Intel that has a vulnerability allowing to load any unsigned driver. Despite the exploit being discovered back in 2016, the driver certificate is still valid as of today and works with Windows 11.



+1 Funny

I honestly googled what the "SAC" stands for, but couldn't find anything. Please, please people, don't assume everybody knows your acronyms.

Special Administration Console

Monopoly abuse by any other name is still just that.

Microsoft never did change, nor will it, no mater how many they manage to fool, manipulate or bribe. It remains a criminal enterprise that should be cut down. But that will never happen, as long as the government(s) controlling this company are made of the same DNA.

Good luck to those who have the luxury of a choice to avoid this company (and similar ones). Even more if they still choose not to. Most of all, good luck for those who don't even have a choice, for they most likely will need luck more than anyone else.

Microsoft shouldn't rely on this too much honestly. They still have mass, money and maybe an edge but the rest of the world changed, and is potentially ready to pick up the pieces if need be.

I thought recent efforts of MS were a sign of wisdom somehow.

...and maybe an Edge?

No, they sold out to Google on that already.

unintended pun, gods spoke through me

Yeah funny times we life in, from Oracle you get a free enterprise linux, from Microsoft a opensoured MSDOS 1.0 ;)

Edit: Correction, MSDOS 1.25 and 2.0 was released too

Oracle basically rebuilds RHEL. It's not a tiny feat, but it was done by small teams for CentOS, Scientific Linux and other RHEL rebuilds. Real distribution work is done by RHEL/IBM.

Microsoft released their own Linux: https://www.tomshardware.com/news/microsoft-released-cbl-mar...

As far as opensource DOS, nothing beats FreeDOS: https://www.freedos.org/

>>CBL-Mariner is an internal Linux distribution for Microsoft’s cloud infrastructure and edge products and services.

Oh yes please...i want that universal Linux Distribution ;)

>nothing beats FreeDOS

Dosbox and dosbox-x beat FreeDOS anyday.

Call me when you can run real drivers in DOSBox-X.

And, still, XDOSemu+FreeDOS runs circles over DOSBox and DOSBox-x.

> Call me when you can run real drivers in DOSBox-X.

That's exactly what i don't want.

>And, still, XDOSemu+FreeDOS runs circles over DOSBox and DOSBox-x.

No, not really have you even installed FreeDOS once? BTW the FreeDOS developers will perfectly tell you that they have no interest in being dos game focused...and you can feel that 50% of all games just refuse to run...that's not the case with MSDOS 5.22.

I can feel that your comment is utterly bullshit.

FreeDOS runs the 99% of software and drivers available for DOS.

It’s not quite as bad as presented here; yes Microsoft is in the process of deprecating kernel mode drivers as part of its current security push, however it’s following Linux and implementing eBPF as a more secure alternative that runs mostly in user land and in a sandbox in kernel space. For the type of thing that this app does, it’s a logical change of direction that does not require the same level of EV code signing.

Microsoft's eBPF is a very different beast from Linux's eBPF. It is contained to very few subsystems (Currently network, filesystem to come) and doesn't have the same facilities Linux has with dynamic probes to hook arbitrary kernel functions.

Windows also has DTrace, which does support arbitrary kernel hooks, but it requires booting in a special mode with bcdedit /set dtrace ON, which makes it unusable for machines not under your direct control.

None of those give enough visibility in the kernel structures to fully subsume kernel mode drivers. And further, they don't allow some of the advanced capabilities that are provided by things like ProcessHacker, such as killing PPL, forcefully closing remote handles, and a bunch of other stuff that is only possible via a kernel driver.

One of the comments from the comment thread below the linked post, it's a rant and I don't like the tone but it sums up well some of the reasons why me and a few colleagues recently decided to switch to Linux:

> Dave-o says:

> 2021-10-24 at 23:45

> Notice how it's now virtually impossible to disable Windows Defender nowadays? Libvirt is also having trouble getting Microsoft to cert their drivers. Etc, etc etc. Who gave them the right to limit our freedom to run what we want on our computers?

> Reviews about Windows 11 at formerly-credible websites like http://www.arstechnica.com & http://www.thevirge.com, etc are so pathetic, "oh the new toolbar! But mah techichial anayasis is that there are some old dialogs still in control panel! I wants mah new eye-candys!". And their sycophantic commenters are vastly worse.

> Truth is, Microsoft's strategy may have been FUD in the past but now it's evolved to 'slowly tighten the noose'. The reason I liked Windows was my ability to audit it. At least someone should be able to. Now with hardware-enabled DRM secure envelopes & encrypted memory regions, that is becoming impossible. Which is exactly their plan.

> Because, you see, Microsoft wants to become like Apple: "We respect your privacy; your secrets are between just you and us." Do you trust there's no and will be no future Microsoft-only back-doors in the Windows Firewall? Really?

> Who actually owns your machine? Can you actually stop your iPhone from updating? Nope. In the past I tried and their upgrade permanently broke some CAD apps I heavily relied on. And there's no way back, baby. The content I created? poof

> It used to be more a Facebook / Google thing. Post on social, they have a permanent free license to use your content and treat it however they like. All corporations are liable to their shareholders if they don't maximize profits. Why are these guys so insanely profitable? What do they actually create? They're all just leaches on our data.

> SO, either get used to the 'brave' new world: mega-corporation$ & the government own your most intimate personal information and control the devices you rely on. Or switch to linux and at least have a prayer of someone keeping the software you rely on honest by auditing it. Just someone having the ability to see what's going on inside that secure-enclave hiding in your computer is enough of a threat to keep them honest.

> These days, most folks live in their browser. Maybe play some games. Install Kubuntu and run firefox and most Windows users will barely be able to tell the difference. Getting Windows running inside a QEMU virtual machine isn't really that difficult. At least that way you have a way of firewalling Windows that's outside of Microsoft's control. It's a bit more tricky for mom but is becoming more turn-key & productized all the time.

> Linux Wine is coming along nicely. The day is fast approaching when Windows games will run great directly on Linux. Steam Deck will push this over the curve and it's all down-hill from there. Why prioritize targeting Windows when Linux becomes a large market? Multi-platform is kinda ugly but it's a thing. All other things being equal (usability, compatibility, etc) consumers will always opt for more privacy and control. And this is the way out of this privacy & control mess.

> With IPFS and distributed platform tech so close, the new future will be the public ridding themselves of these menaces both for social and their personal devices. At least I hope so.

> /rant

Is there no way to run unsigned software on windows?

For drivers, I don’t think so. You can enable some boot settings that allow you to run unsigned drivers, for development purposes, but it will revert upon reboot, without anyway to enable it permanently.

It's one command and you're forever in test mode[1], i.e.: don't enforce driver signatures:

    bcdedit /set testsigning on
You just have to disable Secure Boot in UEFI first. (And I can confirm Windows 11 doesn't actually require Secure Boot to boot, I've had it off for months as part of win11 certification testing.)

I'm not sure but DRM might revert to lower levels (e.g.: 720p), but that also happens on macOS when you disable SIP IIRC.

1: https://docs.microsoft.com/en-us/windows-hardware/drivers/in...

One thing to note is that game anti cheats will just lock you out if you are in this mode.

It’s the reason that game cheat makers look for exploits in random drivers to load their cheat in kernel space.

True, I forgot about that detail. Basically anything that relies on driver signing enforcement for security/privacy -- DRM, anti-cheats, specific proprietary algorithms -- will deactivate when test mode is enabled, whether one-time via the bootloader or set via bcdedit.

The last I checked there's a patch that will make it permanent, but of course the patcher itself is labeled as "malware" by plenty of AVs, possibly even Windows Defender itself.

Also, updates will probably revert the changes too.

Actually you can turn off enforcement if you want to. Requires a reboot and going into safe mode if I remember correctly. I have done it before when loading hacked drivers for old hardware, etc.

Oh wow, the refusal is devastating then...

There is: test signing. Painful for non-savvy users, but not impossible.

you would have to automate that somehow if it becomes an issue

All Microsoft has to do to stop that from being a problem is to tell Defender to block that automation from running on Windows, for example, by refusing to run anything signed with the automation developer's certificates.

yeah thats true, you can get around some stuff with modified keyboards, accessiblity access, automated mouse but then you are just hacking things together at that point

What's SAC?

The "Special Administration Console". Oddly, I can't find normal docs for it on microsoft.com, so here's the Azure docs for it:


ReactOS is looking better and better.

Didn't Process Explorer start as a third party tool which Microsoft acquired?

If you follow the ProcessExplorer link it becomes clear that there's a typo, they are talking about TaskExplorer, an open-source clone of ProcessExplorer.

Seriously, I don't understand Firefox, Microsoft, Google... always alienating community to reimplement something that already exists, works well, and they rarely do better....

It's simple. Money.

I had a highschool history teacher who said that money/power is the answer to everything. If you don't know the answer, just say money; it's usually right.

What a great teacher. Surprised they let them teach history (national indoctrination) of all things.

I know people who pretend that Nadella has made the company so different. Microsoft will never change.

It looked kind of promising for a while. With the pivot to cloud services, there was reason to hope they just would not care any more about pulling that kind of move for desktop Windows.

I guess after a decade of watching Apple and Google getting away with stuff that Microsoft would have been drawn and quartered for twenty years ago, they decided it was safe for them get back to their old ways.

sigh Would have been nice, though.

> Windows owns the market for the simple reason it's not some locked down garbage controlled system

How did you come to THAT conclusion?

That used to be true. But clearly Windows is going in the same direction as Android and macOS.

Smells like a lawsuit.

Yes, and seems they are based in Germany, so I would think with the EU laws, they have a very good chance of winning.

If based in the US, they would be SOL.

Time to add the right to use a computer as you see fit in the human rights, before it's too late...

Use a computer, versus use specific commercial software (Windows)?

In related news - ever wondered why Windows 11 can't be installed on "older computers"?

You know, the ones that don't have a TPM chip?

Now you know. Windows 11 completes the lock-up of the OS.

That's why Windows 11 exists in the first place. All other changes are secondary. Microsoft knows they would've not been able to pull shit like this as a Windows 10 update, so they were effectively forced to do a version increase. Against older promises of W10 being the last Windows version ever.

Welcome to the future that Microsoft always wanted, but couldn't have - a platform with airtight control. Just like what Apple has with its AppStore and its wonderful, wonderful 30% commission. Almost there and the lemmings didn't even notice it, distracted by the new and friendly Microsoft front, free upgrades to Windows 10 and centered Start menu in Windows 11.

Mark my words - Windows 12 will severely impede direct installation even of an user-space software, funnelling everyone to go through the store. That's the end goal and we will all be there in a couple of years, whether we want it or not.

"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."

--Richard Stallman, "The Right To Read"

In a future where laws mandate signed software, the only way out is to somehow make our own hardware. We'll never be truly free unless we can manufacture free computers at home just like we can write free software at home. There is no software freedom if the processor refuses to run our code.

Right now the chip fabs require billions of dollars in investments in order to make our processors. They are single points of failure. There's nothing we can do if the government starts targeting them for regulation in order to curb effective cryptography, copyright infringement or any other subversive technology.

But even if you can somehow make your own hardware, how long until governments start requiring interaction with certain services (health, banking, taxes, etc) be signed by an _approved_ OS/processor combo?

Imagine tax software (comercial or gov provided) refusing to work unless you use an OS with TPM support for "security reasons".

Or even worse, what would happen if gov regulations started requiring ISPs to stop working with non-compliant hardware? I.e. something like requiring network devices to attest they are "oficially" approved before allowing to connect?

I don't think this will happen any time soon (hopefully) but I can see how even making your own hardware might no be enough.

> Imagine tax software (comercial or gov provided) refusing to work unless you use an OS with TPM support for "security reasons".

> I don't think this will happen any time soon (hopefully) but I can see how even making your own hardware might no be enough.

This already happened in Android, at least where I lives (Indonesia). Most of Banks, Government Services, and freaking McDonald's apps will refuse to run if your phone are rooted "for security reason".

Honest question: how do those apps know your phone is rooted, and can you still use their websites for equivalent functionality?

Google provides attestation and it's a constant cat-and-mouse game that the rooters are usually losing.

Websites can't tell, but lots of companies don't provide equivalent functionality via website. I know I can't upload check images for remote deposit unless I use the native banking app.

It's called SafetyNet [1]

What irked me is sometime app developers are abusing it without asking themself "Does this app really need to check for rooted phones at all?"

I'm okay if banks apps are using that. But why does fast foods apps need to use that? Most people that I know are paying with cash when they order foods online (and you can't hack paper money with rooted android phones).

[1] https://developer.android.com/training/safetynet/attestation

Here's a question I'd love for Google to answer: why do you need their special blessing to be able to make a file manager app, but not an app that uses SafetyNet?

> I'm okay if banks apps are using that.

I'm not okay with it, to be honest. It's my money, and I trust a rooted LineageOS with it much more than I trust the default firmware of most phones. Besides, my bank lets you do the same operations from their website that you can do with the app, so in my case it's pure inconvenience, not security.

probably becomes a tick on an auditor's checklist

like having to rotate your password every 3 weeks and requiring 4 special characters/...

Platforms like deliveroo have lost tens of millions to fraud, I don’t blame them for enforcing safetynet.

Perhaps “food delivery” means pizza to you, but there are many places where it also includes thousand dollar bottles of wine.

Could you explain how the locked-down phone is protection against fraud here?

Statistically people who do payment fraud crap use rooted phones more, probably to help with things like location spoofing to get around other fraud detection methods when apps use third party payment libraries, so you reduce your fraud cost with something that is a few lines of code. The cost/benefit ratio is too good which is why you see it everywhere that has a payment fraud risk of some sort.

This way they can permanently ban your device. Fraud detection stuff works better too, but it’s mostly about the first.

Fraud becomes significantly less profitable and more of a pain in the ass if you need to set up a new phone for each account.

Presumably a website could support WebAuthn and require you log in using a "Platform Authenticator" like Windows Hello.[0] One way or another, websites will end up requiring that only "secure" devices access them (preferably disclosing a unique serial number registered to them).

[0] https://www.hypr.com/platform-authenticator/

The most popular root solutions have a "hide" feature so apps you specify can't tell you are rooted. It is slightly more complicated with custom roms.

I have Google Pay and several banking apps on my rooted phone without issue.

Does your phone pass hardware attestation?

Google can make it mandatory at any moment and then you won't be able to "hide" anything.

That would be oppressive but at least the unfree activities are restricted to the parts of our life where we must deal with authorities. We are still free to do whatever we want with our free computers in all other cases.

> Or even worse, what would happen if gov regulations started requiring ISPs to stop working with non-compliant hardware? I.e. something like requiring network devices to attest they are "oficially" approved before allowing to connect?

Looks like we're going to need a concept of networking freedom as well. Ideally, this will be solved by ubiquitous mesh networks that the government can't possibly hope to ever regulate or outlaw. Practically... We'll probably end up living in some dystopian cyberpunk hell since the vast majority of the population is too apathetic to join this cause and help run this decentralized infrastructure.

Ad-hoc radio mesh networks are constrained by physics and math as far as throughput goes, they are not competitive with normal networks. Governments have also shown the ability to regulate radio usage very well the world over.

> they are not competitive with normal networks

It doesn't have to be. The main goal is a free uncensorable network, if we must pay a price in performance for that, so be it. People use extremely old ThinkPads with libreboot because they're the last processors without Intel Management Engine.

> Governments have also shown the ability to regulate radio usage very well the world over.

Yes, because usually it's only a few people at a time who are interfering in radio communications. Easy to respond to a few isolated incidents. What if it was everyone at the same time?

What if every smartphone in the world could create and maintain its own mesh network? In some places there wouldn't even be a need for ISPs. They'd be needed for long distance connections only.

AT&T fiber basically alreadydoes this. You cannot connect without their crappy routerbox that authenticates to the network every so often. Some people have created work arounds but they all requie the att box be plugged in somewhereand forward its certificates

"AT&T fiber basically alreadydoes this. You cannot connect without their crappy routerbox that authenticates to the network every so often."

If you look at the IT/computing/internet position from a global perspective you'll note that there are many outrageous situations that warrant political action. These issues include copyright overreach, gross privacy breaches by the likes of Google, Facebook, et al, to internet protocols done at the bequest of corporations for their own benefit, to the ever-increasing proprietary nature of both software and hardware including CPUs not to mention hidden proprietary firmware code in vehicles that drivers do not have access to, etc. - much of it done under excuse or the false premise of security.

If one matter stands above all else then it is that there's no cohesive political opposition of any notable size that's capable of disrupting the political system/establishment to the extent where politicians must take notice.

This is a serious problem and it's a fundamental one. For instane, Cory Doctorow noted that the problems with copyright including copyright reform can't be sorted out as the big players have too much money, power and influence and those of us in opposition are just too few in number to make any difference no matter how just and legitiate our cause may be. In essence, in the grand schema of social and political life, copyright essentially amounts to nought - so it's little wonder copyright reform is left to wither and languish (note, this is my interpretation/summary of what he's been saying on various occasions).

Even organizations such as the EFF and influential people such as Tim Berners-Lee and Bruce Schneier have very little influence on their own in the face of huge corporate opposition, MS, Google, Facebook, etc not to mention governments, the NSA, GCHQ, etc.

In essence, it's all a lost cause unless we can all coalesce together to form one overarching body of international standing that's politically able to fight the forces of darkness. Unfortunately, I'm pessimistic that this will ever come to pass simply because pretty much all of those involved have demonstrated that they're very independent and headstrong and thus they're unlikely to be sufficiently united to be fully effective in a common political cause (one only has to look at the hundreds of disparate Linux distributions to see that). Nevertheless, it'd be wonderful if I were to be proved wrong.

In the same vein, I'd suggest that there's a more fundamental problem at stake here. That's the general apathy and unease about democracy currently held by huge swathes of the citizenry. Modern democracy formed hundreds of years ago when life and times were simpler thus the democratic systems that were set up to deal with them were structured accordingly and there's been precious little change since.

This brings us back to issues such as the copyright one I've mentioned. Modern democracy has no simple way of dealing with the many thousands of genuine legitimate causes that have arisen out of the complexities of modern-day life.

Modern democracies with their mainly (effectively) two-party systems can't effectively accommodate all the nuances of these complexities and like the parable of The Man, the Boy and the Donkey, they try to please all with botched compromises and end up pleasing none (for example, just witness the many political shemozzles over COVID).

In my opinion, the only way to overcome such problems is to review and then agree on new - or even which covenants should bind citizens and The State then take it from there (on some issues where there's no common agreement society may have to divide into groups and individuals be bound by the laws of that group, etc.) Whatever the outcome it's highly unlikely to be resoled in the foreseeable future.

I think to do your taxes online in Japan you need an NFC card reader and software b that only works in Windows.

In Brazil, we have a Java application that works on any system with a JVM. It's pretty nice. Why exclude citizens based on their choice of operating systems?

Note also that this was not always the case. Originally, it was a DOS-only application, then a Windows-only application, then for a while we had both the Windows-only application and the Java application, and then finally the Windows-only application was retired.

I believe that the creation of the Java version of that application was due to complaints from Linux users, so this is AFAIK a case where citizens used to be excluded based on their choice of operating systems, and convinced the government to allow more choice.

Another example is online banking in Brazil; for a while, most banks required the use of an horribly invasive "security plugin" for the browser which ran only on Windows. Nowadays, there's also a Linux version of that invasive software, so users of Linux are no longer excluded from online banking on their computers (it's not perfect because it still requires that invasive software, but it's better than before).

> the creation of the Java version of that application was due to complaints from Linux users

Is this a fact? I too remember something along these lines but I wasn't sure. If that's the case, it's amazing. Those Linux users are still citizens and they pay taxes too, they absolutely deserve to be supported even if they are 0.1% of the population. The government has nor should have any profitability excuse.

> for a while, most banks required the use of an horribly invasive "security plugin" for the browser

Yes, the Warsaw plugin. It's even on the AUR.


I HATE that thing. I tried to reverse engineer it once to see what it does and why it slows everything down so much. I caught it intercepting every single network connection. I actually switched banks to get away from this stupid software. Literally malware.

Well people have already made decently fast homebrew computers with FPGAs. The problems are threefold:

- To what extent do you interop with existing (closed?) hardware, vs trying to recreate the world from scratch. Do you implement usb, pcie, etc, or do you make your own philosophically free equivalent that isn't compatible with existing devices?

- In any case you will have to cope with the fact that homebrew CPUs will always be a decade or two behind the cutting edge intel/amd cpus in terms of performance

- Your system has to be useful in order to get people to use it, but it has to have people working on it consistently in order for it to get to a state where it's useful. A chicken and egg problem.

There is, however, at least one off-the-shelf free computer system - I'm thinking of the Raptor Talos platform. But even then, you're paying significantly more for a computer that performs worse, unless you're running supercomputer-esque workloads on your desktop PC

Personally I think the practical solution is companies like frame.work & valve making open hardware and creating software shims like proton because it's part of their value prop and business model to make open hardware.

If valve doesn't make Linux a viable gaming platform, they are going to be chess maneuvered into a checkmate by MSFT and Apple. Epic recognizes a similar issue too which is why even if they are competitors, they recognize the greater threat and are working together somewhat with Epic porting EAC to Linux & proton.

> I think the practical solution is companies like frame.work & valve making open hardware and creating software shims like proton

Right. I admire them certainly, and I'm thinking about getting a framework laptop myself, but we shouldn't really call their products free/open hardware because they use backdoored CPUs from Intel/AMD

They are not currently, because they are forced by current reality to use things like that. But they create the market demand to make open CPUs in the first place. If you become a big enough customer, Intel and AMD start becoming interested in making open versions of their firmware or CPUs, like they do with game consoles today, making custom models just for them. Framework is already interested in making an ARM laptop for example too, and I could foresee them getting AMD to make an open firmware version their CPUs just for the high assurance / open hardware segment that is starting to get created by valve and framework.

Create market demand, and companies start providing market solutions.

In a future where laws mandate signed software

"If you outlaw freedom, only outlaws will have freedom."

Correct. That's why we need the ability to manufacture hardware at home. So we can be the outlaws with the illegal computers that run software not signed by the government.

Stallman was ALMOST right.

The fight is not about which programs the user can run, but who controls the user data

No, Stallman was right about pretty much everything. It's impressive how far into the future he saw, much earlier than many of us, including myself. There is no computing freedom without software freedom, and there is no software freedom without hardware freedom.

Control of data is a related problem. It's absolutely relevant but it's not in any way opposed to computing freedom. In fact, they are aligned. Computing freedom helps us retain control of our data even when faced with hostile corporations.

Exactly right.

The move to ARM will highlight the hardware freedom in a big way.

People are used to ARM being different and are that much more likely to forget open, general purpose computing right along with that "old" x86...

Heh, I always disliked x86. But now? I look at it fondly.

Strange times.

Edit: It is the IBM PC lineage I speak of here, not just the ISA.

No, I don't think it will. I hate this trend of pretending that our relative freedom on PCs has anything to do with the platform. Our freedom on UEFI Secure Boot PCs was hard fought and could be taken away at Microsoft's whim*. They literally hold the keys.

Remember the drama about whether Linux would be allowed to run under Secure Boot at all? That was last decade's reminder about hardware freedom and it had nothing to do with a new ISA. Thankfully Microsoft graciously decided that all Windows 8 logo hardware should allow users to load their own keys, but there's nothing intrinsic about the PC platform that forced them to make that decision, and nothing forcing them to keep it.

* This Ars article seems to say it's already been taken away. I'm trying to confirm Microsoft's current UEFI requirements in their docs, but I can't find them. https://arstechnica.com/information-technology/2015/03/windo...

Yes, I do.

There is something intrinsic to the PC: expectations.

The PC comes from a time where we got schematics, could build our own I/O cards...

None of that happened on mobile, and most ARM devices. Maybe the Acorn Archimedes...

And what I meant is ARM will highlight the LACK of hardware freedom. Maybe we agree here and got snagged on words?

Also, I am curious about your findings Re: ARS Article, which I need to read.

Frankly, I am learning how to build more things. Probably will need to.

To be honest I don't know if it came to pass or not. I'm still trying to find more info on what the current Windows logo requirements for Secure Boot on x86 actually are.

I will look too. Ask around. I am a ways away from this stuff right at a time I wish I were much closer.

The core point you made is what counts.

They do hold the keys. That is the unacceptable part.

> They do hold the keys. That is the unacceptable part.

Exactly. The issue isn't the TPM itself, such a device could even empower us. The issue is who holds the keys. Those with the keys own the machine.

I started discussion about that in this thread:


It's not the instruction set - it's the IBM PC-compatible standard that gave us our golden era of desktop computing. Standard bootloaders, standard ports, standard keyboard layouts. We owe it so much.

Yes, I agree and just made the reference off hand.

We do!

[Looks over at Apple //e and IBM XT]

We need another open effort. Soon.

Are you aware of the enormous amounts of blood, sweat, and tears expended by people on XDA Developers just to unlock bootloader to use functions as simple as custom gesture controls?

Are you aware of how often they fail?

Exactly. It's very much a war about what programs users can run, and the users don't always win.

Tell that to every iPhone app developer.

It's worse than not having the right to execute. You can't even build the program you want. You have to use Apple pay, Apple subscriptions, Apple login. And you don't even get a relationship with your customer.

Truly draconian.

They also prevent installing 3rd party web browsers, while keeping Safari way behind all others in order to ensure that you cannot escape their control.

Their behavior is inexcusable but not surprising; what baffles me is that it's allowed.

And they tell me that automake is bad!

And we don't that to happen to Windows too.

He was early, but he wasn't wrong.

We are still headed directly to the place he described.

How is early not wrong?

There is a fight for both.

And the fight to stay in control of your data is far easier when you use Free Software.

>The fight is not about which programs the user can run, but who controls the user data

But the user data is mostly in the cloud, owned by Apple, MS, Google, Amazon, Facebook.

In the future we will be lucky to have apps that work offline with local data.

"In the future we will be lucky to have apps that work offline with local data. "

Are you from the past? This here is 2021. And right here, the expensive, professional apps still lets you grudgingly do it, but small/casual apps that work really offline? That became rare. Usually it is mainly server and some local cache, you better take care of, if you are in an area with bad connection.

But more and more of my peers realize, how much spotify sucks, when there is suddenly no more internet.

Well, I still have my own music collection(and my own player for it) and use spotify just for discovery. Each to his own and thank you, for the existence of open source and foss.

Office, creative suite, and your flavor of pdf viewer still all work primarily off local files since cloud storage vendors all compete and don’t interconnect except at integration for the endpoint.

Office has OneDrive (IIRC some are cloud-only, OneNote I think) and many of Adobe's apps save to Adobe's cloud.

>"but small/casual apps that work really offline?"

I do not have single small/casual app I paid for or free ones that does not work with offline data.

Spotify works fine offline, you just have to download the tracks ahead of time.

Yeah, but there is a tight limit.

And they get removed after some time.

> The fight is not about which programs the user can run, but who controls the user data

Some things were so horrible, not even Stallman could imagine them happening in his worst nightmares.

Weird take, given this is a thread about Microsoft effectively banning a program.

It's both.

I saw the writing on the wall the moment they could sloppily justify the TPM requirement.

Then I got into arguments with people proclaiming that it's just Microsoft enforcing it for the casual user's safety, and that I'm a Microsoft hater. Who? Me, whose first programming language was C#, who worked as an Windows server administrator for years, and my operating systems have been nothing than Windows for 2 decades. And I'm suddenly a hater for daring to raise an eyebrow and question their design motivation?

I'm very convinced that the desktop world is at its worse. You have the commonly owned yet absurdly powerful tool known as a desktop computer have its market dominated by a single company, with no competitors whatsoever. Even worse, Microsoft's deal with hardware vendors ensure that even if a competitor were to rise they'll have to earn their favor as well. The game is lost for any competitor before it even starts.

And with the PC dominance under their thumb they test the waters to see with how much they can get away with, an approach they cannot even afford to consider when it comes to their other products like Azure or even the C# programming language. They also did their best to make Visual Studio Code great, until you realize that this also follows the same pattern.

I genuinely miss the days of playing with DOS, Windows 9x and then all the excitement of Windows XP. All on my own hardware, which was whatever I could scrape from parents, savings, neighbours. I could do what I wanted with these old PCs.

There was an openness that existed in the world of computing. Despite all that was said of Microsoft back then, and much of the complaints about proprietary software were true then also, it wasn't anywhere near as bad as this. Back then, new releases actually did improve my experience of computing.

Every time I use Windows 10 I feel like I'm constantly in battle with the PC. Every new piece of news I read, every new feature in software and now hardware I read and shudder, thinking, how much more of my privacy will it cost? What other aspect of my life is being invaded?

And because of the network effect, I'm trapped in their clutches. I have to use these services or I can't work, can't talk to friends. All well and good saying 'use Matrix' but a chat program with no friends is just a note taker.

Such a seismic shift and it was only two decades. I just want this hostility to end. A computer is a machine, which is an elaborate tool, for Pete's sake. I don't feel the same way towards my garden hose or washing machine.

(And I increasingly wonder, were we freer back then because there was still some empathy towards customer needs at Microsoft, or because they were simply stifled from their real intentions by technological limitations?)

I have a theory that this seismic shift is the result a demographic shift of PC users. It gradually went from engineers, businessmen and hackers to a much wider audience including younger people who have trouble grasping concepts such as folders[0]

This by itself is not bad, problems arise when companies use this to justify deny control even from those who can be responsible with it.

[0]: https://www.pcgamer.com/students-dont-know-what-files-and-fo...

The problem arises when there is no way to differentiate between the user classes. And while I enjoy computing freedom, I’m not exactly proclaiming its value when I have to deal with a DDoS or hear about people getting ransomwared. I know things like Mirai also exist, and that user error isn’t the only ransomware vector, but poor computing habits absolutely fuel such problems and they cause pain for society as a whole.

I have no idea what the answer is, other than having Linux et al be the place for free computing (protected by its various barriers to entry) while the consumer OS space eventually becomes increasingly locked down. The only other ideas I have are dumb ones like requiring regular examination/certification/licensure to be able to use the “developer” version of Windows or something.

Let's pretend there is no financial interest in restricting computer access. I think the best and safest option would be to manufacture all PCs with a similar mechanism to chromebooks write protect screw that you have to remove to unlock the bootloader. But instead of just unlocking the bootloader it also gives you TrustedInstaller privilege in windows.

And while I enjoy computing freedom, I’m not exactly proclaiming its value when I have to deal with a DDoS or hear about people getting ransomwared.

"We are not truly free if we don't have the freedom to make mistakes."

It's nice to hear about cyberattacks and such continuing, because it means freedom still exists.

And I increasingly wonder, were we freer back then because there was still some empathy towards customer needs at Microsoft, or because they were simply stifled from their real intentions by technological limitations?

They've been slowly cooking the frog in the background for a while now with the "trusted computing" stuff. It's over a decade old at this point. Back then the userbase was more technical and likely to smell BS, and DRM was definitely not liked even by the general public.



...but then they eventually found out that people could be scared into doing anything by justifications of "security" (regardless of what's being secured, who it's being secured by, and who it's being secured from), and here we are today.

> ..but then they eventually found out that people could be scared into doing anything by justifications of "security" (regardless of what's being secured, who it's being secured by, and who it's being secured from), and here we are today.

Ah, so they took a page from the politicians' handbook. The same drivel that drives the public to concede privacy and freedom to their hands in the state also applies in private industry (I am thinking of the ominous UK Online Safety Bill). Like it is all the same zeitgeist.

I completely agree with your points.

> I don't feel the same way towards my garden hose or washing machine.

We just built and furnished a remote vacation home from the ground up and the shiny new appliances and even some fixtures (mostly ordered or approved by my wife) default to stubbornly demanding cloud access, often before they will even perform their most basic functions. At the moment, internet is only via 4G hotspot as we await Starlink's rollout next year.

This of course includes the Samsung TV but extends to the Denon amplifier, all the major appliances from washing machine, refrigerator etc all the way down to the light switches, thermostats and 'smart' toilets (which I view as 'input-only' devices). Fortunately, I intercepted the light switches before installation and hacked open source firmware on them but that required opening each one and temporarily soldering to reflash the firmware (I had to draw the line somewhere).

Most of the devices can be coaxed into functioning without permanent cloud access but it's a time-consuming escape-room adventure through dark UX patterns. The rest will require blocking at the router firewall level.

Well, when the story began I though this sounds like a pleasant getaway, and I was happy to read you've acquired such a place.

Then the rest of it was just a dour decline. Man, oh man. The worst of it is that all these devices could integrate genuine 'smart' functionality, but a user-respecting way would be locally run from a central box with open and interoperable protocols across devices. Exactly how a router and server works on a LAN. It isn't impossible to design this in a consumer-friendly way either. But the will and the demand just isn't there.

I wonder how these devices will be when the remote servers are inevitably switched off. I learnt this lesson very early on with online games (think GameSpy), the servers are not forever.

What has come over the population? It wasn't that long ago that they burnt identity cards in the UK (at the end of the second world war), the public were glad to see the back of them despite the touted 'benefits' by some politicians. My grandmother shuddered at the thought of giving any financial details online. In the early days, I never used my real name anywhere on the Internet. There is just so much passivity now.

It's still going to be a pleasant getaway, just one requiring much more effort during set up to configure it in a long-term sustainable way.

> There is just so much passivity now.

For anyone interested there is a large, active online community around the open-source Home Assistant platform. I'm using it and the community has been a terrific resource for finding those still too-rare devices which both work well and are willing to work sans-cloud. There are thousands of contributors and hundreds of thousands of HA users now and together we comprise a market large enough for even low-cost Asian manufacturers to notice and start targeting products toward.

That early era also included some controversy over Windows XP requiring online activation. It was a watershed moment, soon followed by their authenticity check to install certain updates.

We are firmly in a new era of increasing DRM within the OS. As a producer I can see the desire but am saddened as a consumer with fond memories of a freer time.

>I saw the writing on the wall the moment they could sloppily justify the TPM requirement.

Microsoft doxed itself on the TPM limitation being purely arbitrary when Windows 11 compatibility checks passed on a Pentium 4 CPU and installed just fine due to a mistake from Microsoft where they forgot to blacklist that CPU family lol.


>Microsoft doxed itself

Does "dox" mean "anything vaguely secret" now? I still remember the days when it meant "personal information".

>purely arbitrary

As if years of experience hasn't taught us that opt-in security is stupid. This would be arbitrary if the TPM was useless, but it isn't.

We have to disagree here. The threat models where the security that TPM offers are mostly applicable to the enterprise and business sectors where all devices on the network/AD/VPN have to be trusted and their storage encrypted. There TPM makes perfect sense.

You average consumer/home user does not benefit at all from the features of TPM since they're not subject to the same threat model. Here TPM, and also stuff of the UEFI security chain like Management Engine and Secure Boot in the past, act more like hostile wall-gardening that limit what a user can install on his system (remember how enabling secure boot originally meant you couldn't install any linux distro?) rather than add any meaningful security (will TPM and Secure Boot prevent grandma from getting her PC infected by malware off some shady phishing site? No? Then don't force those requirements for private users)

To give an example harm caused by the TPM / disk encryption feature in the consumer space: A recently-deceased friend's wife contacted me about getting personal data off from her late husband's computers. I ended up being able to get nothing for her.

My friend, no doubt influenced by dementia and paranoia he was feeling, changed the passwords, made no note of them, and subsequently died. The computers in question run Windows 10 using Bitlocker and key storage in the TPM.

The data is effectively gone. I believe he was using encrypted backups to a "cloud" storage provider, too, but I'm also fairly certain the key is only on these computers. (The Windows accounts on these machines are local accounts so the Bitlocker recovery keys weren't saved on Microsoft's servers either.)

Matters were arguably handled poorly on my friend's part prior to his becoming of unsound mind. He wasn't terribly technically savvy and I'm not sure he considered the "losing my own mind" threat model. Nonetheless, it adds insult to injury that Bitlocker, which added no security for his day-to-day use, effectively caused the loss of his data.

I'm sorry for your loss, but did your friend not have a right to privacy just because he had dementia? Should we be building dementia backdoors into all our platforms' encryption systems? What about cases where people are estranged from their spouses?

As I said, it wasn't handled well. I don't think we should be building backdoors into secruity systems. I also don't think my friend explicitly requested the functionality or would have understood the ramifications even if he did.

Bitlocker is, apparently, enabled-by-default on consumer machines that, I'd argue, don't suffer from a threat model that necessitate its use.

There is a huge problem with technical and legal constructs associated with the rights to accounts and data after death. I don't have the answers for everybody. I've done what I can for myself and my immediate family.

The "I've lost my mind and undermine efforts I made, while still in my right mind, for successors-in-right to access my data" is one that I'm not sure how to defend against, and one that scares the willies out of me. I can document my last wishes but if I, in a fit or paranoia, change keys / passwords / remove recovery mechanisms, then those last wishes might be irrelevant.

This is similar to why enabling 2FA actually scared the heck out of me! I use a password manager to generate strong unique passwords, so I think the chances of someone getting in that way are incredibly low. But I can absolutely see myself loosing all of my 2FA keys some day in a freak accident.

Nowadays the password managers can store the 2fa secrets and generate the codes as needed.

It kind of defeats the purpose of the second factor -- the password manager becomes it -- but at least it makes the services that insist on it happy.

Nowadays 2FA are always about something you know and somebody that vouches for you (SMS, email, whatever). Nobody seems to do any version of it that relies on you alone. So a password manager won't improve its reliability.

You are supposed to store the recovery key(s) in a secure location. Then if you lose your 2FA device, you can reset your 2FA from those recovery keys.

What secure location? My sock drawer? Or am I expected to go buy a safety deposit box? I'm really not that organized and I loose slips of paper all the time, it's a major reason I was drawn to computers growing up.

I keep mine in a file in a drawer. My threat model doesn't cover people breaking in and finding them as well as knowing my password managers master password.

Sock drawer, wallet, locally on your computer, wherever. If the recovery keys are compromised, that really just downgrades your 2FA back to 1FA.

I’m not concerned about the keys being compromised, I’m concerned about loosing them, since the idea is they’re unneeded for many years and then suddenly become essential.

This seems like a plus not a problem.

If you can log into his microsoft account on the internet, you can recover the bitlocker key from there if his account on his machine was a microsoft one

> (The Windows accounts on these machines are local accounts so the Bitlocker recovery keys weren't saved on Microsoft's servers either.)

Reading the comments, before posting, helps.

That has nothing to do with TPM. It's the opposite, in fact. That's software that obeyed user commmands.

Did he enable a boot pin or are the drives just encrypted?

The drives are encrypted without a boot PIN. If I could exploit a vulnerability in the OS I could get the data. There will probably be a vulnerability discovered, at some point, that will allow access. I'd advised my friend's widow to hold onto the computers for the time being.

Please also advise her to power it on every 2 or 3 months or so (and leave it running for a bit), so that SSDs continue keeping the data, and HDDs don't get "stuck".

Just as long as she can keep it from connecting to the internet.

What about the scenario where your laptop is stolen and the attacker reads your data off the disk? All modern mobile devices protect against this scenario by default, but Windows devices required additional configuration to be protected.

And in fact Secure Boot does protect against Grandma being infected by boot-time malware. And when has it ever been the case that it prevented you from installing Linux?

> And when has it ever been the case that it prevented you from installing Linux?

There was a window, when shim.efi was not signed.

> And in fact Secure Boot does protect against Grandma being infected by boot-time malware.

When it was the case that grandma was infected by boot-time malware? One-half-like malware happened decades ago, and under windows they need administrator rights anyway.

>And in fact Secure Boot does protect against Grandma being infected by boot-time malware.

And how can grandma get boot time malware at Home? IIRC those were common back in the days when people were plugging in infected floppy disks or thumb drives everywhere and you'd try to boot off them. Can't remember last time I saw this type of malware in the wild as phishing and ransomware is a lot more profitable for malicious actors than boot time malware.

>And when has it ever been the case that it prevented you from installing Linux?

This was always the case ever since secure boot launched and any OS that didn't have it's first stage bootloader signed by Microsoft could not boot. Even To this day, to install arch or puppy on my XPS i had to disable secure boot. Ubuntu and other major distros are fine here though but this gate keeping doesn't make it ok in my book.

> This was always the case ever since secure boot launched and any OS that didn't have it's first stage bootloader signed by Microsoft could not boot. Even To this day, to install arch or puppy on my XPS i had to disable secure boot. Ubuntu and other major distros are fine here though but this gate keeping doesn't make it ok in my book.

But this is kind of a circular problem, isn't it?

If everyone's bootloader is signed and recognized by every Secure Boot implementation, then signing is useless since it doesn't afford discrimination between "known good" and "dubious" bootloaders.

I'm not familiar with XPS computers, but to me what's important, as another sibling says, is that the user be able to load their custom keys with which they sign their own bootloader. This is how I run Arch on my HP computers.

This way, I can be reasonably sure that when I boot my arch linux, it's actually mine, and not some random live medium based of arch's (or whoever's) install disk that will sniff my passwords or whatever.

To me, this is what SecureBoot is supposed to offer, and I don't see how you would implement this if you could easily get anything signed and accepted by most PCs.

>to me what's important, as another sibling says, is that the user be able to load their custom keys with which they sign their own bootloader. This is how I run Arch on my HP computers.

Like I said above, this and stuff like management engine and TPM makes perfect sense in the enterprise environment where the owner of the device (the employer) is different than the user (the employee), so IT needs to strictly control what's running on the devices they trust on their infrastructure, but why should we expect home users to have to sign bootloders to use whatever software they want as they're both the users and the owners of the devices and the network infrastructure in their homes?

I agree that the process could be more straight-forward, especially as, from what I read, some computers may need some coaxing into changing the keys.

But the thing is that, like it or not, most people simply don't care enough, so they'll just use Windows. I remember a while ago, when there were many live CD-based distros and there was no such thing as SecureBoot, people wouldn't even be curious to give Linux a spin. All it would have taken was to pop a CD in the drive and boot up. To paraphrase another commenter, I think many people feel the same way about their PC as their washing machine: just another appliance. Of course, lock-down platforms don't help instill curiosity in people...

So you get, roughly-speaking, two populations: those who care and those who don't. And usually, those who do care are curious enough to follow a few simple steps to disable SecureBoot for the installation and then set up their own signing process.

But I stand by what I said earlier: the process cannot be fully automatic, or it defeats the purpose. But I do think that willingly making it a pain is wrong.

> Can't remember last time I saw this type of malware in the wild.

That's exactly because widespread secure boot has made it impractical!

As for niche Linux distros, it's been mandated since the beginning that you can install your own Secure Boot keys on Microsoft certified desktop platforms.

That branch of malware was already rare when uefi secure boot was introduced.

> it's been mandated since the beginning that you can install your own Secure Boot keys on Microsoft certified desktop platforms.

...on x86; on ARM they mandated that the user couldn't install their own keys, which shows that they will lock users out as much as they think they can get away with.

It hasn't been mandated at all. A number of years ago, Microsoft made headlines by changing their policy to get rid of that mandate. See https://arstechnica.com/information-technology/2015/03/windo... . Microsoft's page at https://docs.microsoft.com/en-us/windows-hardware/manufactur... says that you can "usually" disable it, so I don't think they've changed their policy since then.

> And how can grandma get boot time malware at Home?

Depending on the demographic, they can: get caught up in during some (possibly unrelated, likely automated) attack, click the wrong ad, or load the wrong common page with JS.

Can you please provide some sources for JS ad-based boot time malware you mentioned that one can get off the web?

Usually JS part it's just exploit that is just a first step. After there is compiled and native "loader" malware that required to setup actual trojan / rootkit.

This assumes that home users don't have any data worth protecting. I think that's a ridiculous thing to assume.

IME does not affect your average user at all, so I'm not sure why you'd bring that up.

>remember how enabling secure boot originally meant you couldn't install any linux distro?

A lot of people were spreading this FUD back when secure boot was being introduced. It was a lie back then, it is a lie now.

> rather than add any meaningful security (will TPM and Secure Boot prevent grandma from getting her PC infected by malware off some shady phishing site? No? Then don't force those requirements for private users)

Secure Boot essentially killed off bootkits, that's a significant achievement. Perhaps you should learn what these technologies are actually used for before attacking them?

The issue isn't the TPM, it's who owns the keys to the machine. If the user configures their own keys, it becomes an empowering technology that allows them to verify their boot process hasn't been tampered with. If Microsoft owns the keys, they own the computer and the technology becomes their means of control over the user. They will use this technology to oppressively deny the user their software freedom while simultaneously extracting rent out of any developer who wants to reach that person.

Those who own the keys own the machine. We must ensure we are the ones holding the keys at all times or suffer the consequences.

Insightful analysis, though "oppressively deny" sounds harsh to me. There is not a blatant malice in TCG per se, mainly a neutral desire for control and by proxy profit. The treacherous versus trusted computing debate really does boil down to control. Do we trust vendors to be stewards of control on our platforms? Do we even have a choice?

I do not recall giving the keys to anyone, and yet it feels like the person building your house is telling you that they can pop in for dinner and lock you out should the need arise (deny you the ability to run your choice of software and your control is forfeit).

There is something flagrant when the question is brought home to the personal computer. No user complains too much about not being able to replace the firmware for some faraway BGP router, yet that router is also part of the infrastructure like the PC and the OS installed on it. If a consumer thinks about the PC less as providing a personal computing service and more as an Internet terminal, then the problem goes away a little. Naturally, the PC does both, but since the two are at odds with one another, the PC has conflicting interests, serving two masters.

A similar issue exists with cell phone debug, where the carriers log into your phone to troubleshoot. Granted, debug is control for the sake of helping the user and does not deny the user the ability to run software (the OS and app store do that).

This just leaves the problem of where can a user actually go to do secure compute. An abacus works nicely, but is impractical. Free open source hardware (FOSH) is really the only option.

There is not a blatant malice in TCG per se, mainly a neutral desire for control and by proxy profit.

The originators of the idea were thinking of DRM and came from the content industry. I don't think it's a neutral technology at all.

> A similar issue exists with cell phone debug, where the carriers log into your phone to troubleshoot.

You cannot be serious. How do I know if this can happen to me?

> Free open source hardware (FOSH) is really the only option.


> No user complains too much about not being able to replace the firmware for some faraway BGP router

The network is a very clear line to me. The BGP router is not my computer. It's the ISP who should be demanding free software from their hardware manufacturers, so that they too could enjoy complete control and trust.

> If a consumer thinks about the PC less as providing a personal computing service and more as an Internet terminal, then the problem goes away a little.

In these cases, the user is not using a computer. They're using appliances that just happen to have computers inside. Modern consumer products make every effort to hide the computer. There is no computing freedom if there are no computers we can use.

We must oppose all "consumer" products, all "fully integrated and converged" solutions. Computing is about simple parts in the form of hardware and software; from these parts, powerful systems emerge. Consumer appliances are these whole things that have swallowed up the entire system. They are indivisible, non-interoperable, uncontrollable, they only do what was foreseen by the corporation that made them despite the perfectly capable computer inside. I can't interface directly with the computer controlling my air conditioner, I need an infrared controller for that.

This article is linked from Stallman's website, it covers this matter with a lot of depth:


> We are giving up our last rights and freedoms for “experiences,” for the questionable comfort of “natural interaction.”

> But there is no natural interaction, and there are no invisible computers, there only hidden ones. Until the moment when, like in the episode with The Guardian, the guts of the personal computer are exposed.

> Every victory of experience design: a new product “telling the story,” or an interface meeting the “exact needs of the customer, without fuss or bother” widens the gap in between a person and a personal computer.

> The morning after “experience design:” interface-less, desposible hardware, personal hard disc shredders, primitive customization via mechanical means, rewiring, reassembling, making holes into hard disks, in order to to delete, to logout, to “view offline.”

The logistical problem of key exchange hasn't been solved. Boot viruses are very real, but the most severe threats is information extraction which works fine in user space.

I doubt I will activate TPM on my home PC as it doesn't offer much security to me. You can already say that some services will use remote attestations and I think these services can do without me.

And they will get away with it. The generation that grew up with smartphones primarily, getting a computer only later on (if at all) will find this totally normal. Even Android is getting locked up more and more over the couple last releases too, even most Chinese vendors stopped letting you unlock the bootloader, and nobody complained.

> ever wondered why Windows 11 can't be installed on "older computers"? You know, the ones that don't have a TPM chip?

> Now you know. Windows 11 completes the lock-up of the OS.

Stallman[1] and others[2] talked about exactly this 15+ years ago.

[1] https://www.gnu.org/philosophy/can-you-trust.en.html

[2] https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

35 years ago.

Microsoft is doing its absolute best to move everyone to the Windows store by packaging the new apps everyone should be making into weird formats such as appx and msix which can't or previously couldn't be easily installed without command line funkiness. Luckily, Microsofts own incompetence is preventing this plan from working.

There's another part to the exclusion of old hardware, which is that modern chips are a lot more reselient against crashes according to the telemetry Microsoft collects. The same is true for secure boot and other security lockdowns every Linux user disables. You could make the argument that this means that Microsoft is failing to provide stability for this older hardware, but it doesn't necessarily mean that it makes business sense for MS to put money and resources towards resolving the issue. Not making Windows 11 available on old chips doesn't hurt sales, helps them boast with great stability and security statistics and barely makes a dent in their reputation. Most people with a negative opinion of the company here were hating on Microsoft long before Windows 11 was even announced.

The TPM story makes sense from a Windows Hello standpoint. I don't think there's any doubt that the hardware trust system is more secure than the previous system. However, that trust is completely useless because Microsoft STILL doesn't enable Bitlocker unless you pay extra. It's current_year and Microsoft still hasn't brought data security to the masses. This is an area where proper use of the TPM can be benefit users massively.

Linux is having the exact opposite problem, I want to use my TPM and secure boot to leverage the hardware security built into my devices but it's as if every part of the Linux boot chain has implemented some kind of limitation to make the process difficult. Bitlocker works great, and I want it on Linux too, but nobody writing code for the Linux ecosystem seems to share my preferences here.

TPM, at least older version <1.2 were still subject to physical key exfil attacks [1] because the chips communications with other parts of the board were done in the clear.

So it was/is recommended to use a pin/key and/or recovery key to ensure the security of the data. Unless your only threat model was to protect against common thievery and assume the attack had no technical prowess (and that’s perfectly fine, I do this for my company). Not to mention they were kinda used as a warranty canary for Truecrypt [2]. There were suspicions that nation states may have hardware bypasses worked out.

Later there were implementations of hardware encryption found to be vulnerable. So even now bitlicker does everything in software by default. [3]

So I understand why FOSS devs would rely more on standard practice (shared keys) with LUKS and not embrace hardware enclave options like TPM. They haven’t been the most reliable over the long term and are harder to patch/fix.

[1] https://pulsesecurity.co.nz/articles/TPM-sniffing

[2] https://threatpost.com/of-truecrypt-and-warrant-canaries/106...

[3] https://www.technadu.com/bitlocker-to-use-software-encryptio...

Plus, many Linux users just outright distrust the NIST encryption employed by security subsystems. Why encrypt your drive with SHA-2 keys that might be backdoored when you could just as easily encrypt with Ed25519?

Bitlocker still uses the TPM on modern installs. Hardware encryption on SSDs and similar aren't used anymore, but those aren't directly related.

Bitlocker is still vulnerable to key exfiltration attacks because it's not using any encrypted communication protocols that exist in the TPM standard, but that can be (and should be!) fixed.

In the end, I use encryption to make sure nobody can just plug in a flash drive and copy all my personal files and passwords off my laptop. If they have the time and tools to exfiltrate the security key through the SPI bus, they probably have the means to install a hardware key logger in my keyboard as well. The attacks against TPMs are out of scope for my threat model and honestly they probably should be for anyone but businesses carrying secrets as well.

If the United States or China wanted my passwords that badly, they'd probably just drug me or hit me until I hand them over. Defending against such adversaries requires more than just encryption, you'd need to use something like Qubes and alter your entire lifestyle to be secure.

What I want is to have a Linux system where I can turn it on without a password and have a good reason to believe that my files weren't compromises by the maid and that the OS didn't get keylogged. That requires several parts working together.

Getting secure boot to work is easy enough these days, but once you get through secure boot you're in for a challenge. I don't know of any stable bootloaders that don't allow you to edit the init binary to /bin/bash to give you a root shell from the menu, which is a requirement for the ease of use Windows provides. I also don't know if it's even possible to get a chain of trust from initramfs back to the hardware like Windows allows for. The *BSDs seem to be doing some kind of checksumming, but I don't know how far Linux is along with this.

In my ideal world, you get prompted on how to encrypt your Linux system upon install. "Disabled", "Automatic" or "Secure", with a note that "secure" is probably what you want if you can't pick but you have to provide a password at boot. I'd also like for popular distros to switch to full disk encryption because the unencrypted boot partition defeats half the point without secure boot and custom keys (which nobody actually uses).

Microsoft proves that this can be done, although their default allows for booting without a password a bit too easy. If you buy Windows with a Pro key, they'll encrypt your system in place with the click of a button. Everyone can set it up, and in many cases it's even the default. This is a basic usability security feature that Linux just can't compete with, and in my opinion that's a shame.

  > modern chips are a lot more reselient against crashes 
sorry for a basic question, but im not sure how a chip itself is more resistant to a crash (in os? user space?)...

I don't know the cause, this is based on the numbers they reported to defend their decision to exclude older chips.

I think it has something to do with the modern instruction sets being kinder to the kernel and the fact that on computers with recent processors certain processor features are enabled in the UEFI config by default more often, but I couldn't tell you which features that would be. My hunch is that I has to to with stuff like virtualisation based security and the like?

This is a grade A bullshit, with a strong smell of marketing spin to it.

If a program crashes on an older CPU, it damn sure will crash on a modern CPU just as well.

> If a program crashes on an older CPU, it damn sure will crash on a modern CPU just as well.

Not necessarily; if the crash is caused by an instruction that's absent on older CPUs (for instance, trying to use an AVX2 instruction when the most the CPU has is SSE2), it will work on a modern CPU but crash on an older CPU.

> I don't know the cause, this is based on the numbers they reported to defend their decision to exclude older chips.

Why would you present Microsoft PR as fact?

> modern chips are a lot more reselient against crashes according to the telemetry Microsoft collects

Sort of a side point, but this got me wondering...Is there something inherently less stable about these older chips, or maybe is their stability somehow a function of their lifetime that would really matter here? My own anecdata (which is from a far smaller dataset than what I imagine Microsoft would have access to) would suggest that this isn't really the case, at least for anything otherwise capable of running something like Windows 10 or Windows 11, but I'd be interested in reading more about it.

Is it that old systems tend to not be physically maintained as well thus resulting in cooling issues and more overheating?

Is it that these "crashes" are application crashes due to the attempted execution of instructions in (newer) x86 extensions not implemented by these (older) chips?

Those are all valid questions and I think they do make Microsoft's defence a lot less credible. I believe there are some improvements, like speeding up certain commonly used instructions, the hardware SPECTRE etc. defences and better security features, but I don't think those will impact stability that much.

Whether it's because only newer chips without wear and tear come out on top in these statistics or because there's something in the hardware itself, the perception that Windows 11 is more stable is something Microsoft can market. Dropping chips that lack certain instructions also make their support and testing workload lighter. In the end, the quality and range of support Microsoft provide for their operating system depends on how much money they can make off their sales. If their losses from the move are lower than the cost of supporting older hardware, it's a decent business decision to do the unpopular thing and drop support. It's a private company, after all, focused on making their shareholders money.

Correct. It's one thing that the general population doesn't know what a TPM is but I just can't fathom how do governments deal with the fact that their entire nation's computing is about to be run under lock and key controlled by an american company. You could make the argument that up until this point it was possible to coexist with window's BS because despite it's closed nature, it was extensively documented and had workarounds to all to all treachorous functionality. But it's about to get a LOT worse with 11.

>Correct. It's one thing that the general population doesn't know what a TPM is but I just can't fathom how do governments deal with the fact that their entire nation's computing is about to be run under lock and key controlled by an american company.

And the said company would oblige to help NSA getting access to some users data.

Both China and Russia demand users with sensitive information to use their own operating systems and they also build their own hardware because they don't trust the hardware.

In my experience most people at government orgs simply follow the recommendations of 'someone' else. Said someone is in the pocket of some vendor, and 'champions' their cause. The relatively few folk that actually understand the details, are usually not the type to be able to wine n dine their management (because no vendor supported expense budget). Or worse, are single handedly tasked with the responsibility, and no reward (outside of securing your 'country', which effort will be diluted in front of your eyes anyway).

Everyone just buys the ABC company's TPM to put it into their heads and out of their minds.

I find it interesting that, one one hand they are implementing features "in the name of security" that limit the owner of a computer what he/she can do with it and on the other hand they are adding backdoors so that government agencies (or anyone with right information) can spy on citizen that use this "secure" OS.

I will personally pay you twenty thousand US dollars (in the cryptocurrency of your choice, bank transfer, western union, whatever) if you can prove beyond reasonable doubt that Microsoft has ever secretly shipped a backdoor in their OS so government agencies could spy on their users.

Perhaps you will be the first person to actually prove the existence of the NSAKEY backdoor? (I doubt it.)

Why would this even be necessary to prove? At least for me that's not required, NSA_KEY plus Snowden leaks are enough. Microsoft is known to have no problems cooperating with governments requests, or how do you think they can operate all their services in China?

Any hard evidence for such a backdoor wouldn't really change anything towards Microsoft for me.

ryanlol 2 days ago [flagged] [dead] [–]

If you believe the public information regarding _NSAKEY to be evidence of a backdoor, I’m sorry, but you are an idiot.

They don't need a backdoor anymore. Microsoft now routinely collects your data and pushes mandatory updates through the front door.

You might be right and there is no backdoor that was intentionally implemented. Although, numerous leaks do show that neither are always law-abiding saints, so a backdoor might not be too far fetched. From what I've heard (I may be wrong since I'm not from US), US company is not allowed to publicly disclose requests from NSA, so proving it would be very difficult.

I strongly believe that there’s just no point in backdooring Windows, this is complicated software with extremely large attack surface.

We’ve seen NSAs incredibly cool 0day exploits leak, we’ve seen some of their backdoors exposed, but so far there hasn’t been anything indicating a desire to backdoor Windows itself.

What about this old NSA backdoor? https://en.wikipedia.org/wiki/Dual_EC_DRBG

If MS or Apple or Google or some hardware makers or some communication equipment makers have some backdoors for NSA, why would you think they would do such a poor job that anyone can pay $20k to prove it?

I feel like convincing the world to use your backdoored encryption algorithms is a bit more interesting than planting yet another RCE bug in Windows.

Who needs a backdoor when you can just exploit the print spooler from 1999???


Is that $20,000 just for proof or also showing the method?

For example: I’d be very curious to learn about the actual mechanism by which the supposed “_NSAKEY backdoor” would work. I’m not interested in the private key if that’s what you mean by method :)

AFAICT it doesn’t, you can’t hit those code paths unless you already have access to the machine.

(This is a pretty unfair example though, _NSAKEY is the “Bush did 9/11” of backdoors.)

We notice the Microsoft front. Microsoft has marched through the "open" source institutions and employs a sufficient number of OSS people.

In Python, Microsoft employees (who don't develop much ...) have two seats in the Steering Council and GvR, who still seems to pull strings.

Opposition on the mailing lists is shut down ruthlessly and is censored. The new "JIT" project has all the hallmarks of NIH and will end in minor insignificant speedups. The C# guys will be amused.

Can you elaborate on the problems with JIT implementation in Python? I'm far from Python development, but it seems intresting

B-but they supposed to have changed for good! :’( Haven’t you heard? They love™ open source! They write JavaScript! Surely it’s just some misunderstanding…

>Mark my words - Windows 12 will severely impede direct installation even of an user-space software, funnelling everyone to go through the store. That's the end goal and we will all be there in a couple of years, whether we want it or not.

This would be stupid. People use Windows because it's usable and because they can use software they want. But forcing the users and developers going through an app store won't be taken lightly neither by users, nor by developers.

If Adobe and Autodesk would sense something like this is planned, they would start porting their software to Linux. Microsoft doesn't have a chance to lock their system down. What would be the next step? Use Windows only on MS hardware? They can't pull an Apple and I think they've realized it.

> People use Windows because it's usable and because they can use software they want

Most people already use computers that, by default, only allow them to install signed software through app stores. For perhaps a majority of them, that's their primary or only computer.

Or maybe this is related to the security, and Windows is the only widely used platform that didn't enforce TPM until recently?

macOS is even more locked down, but they don't impede or force users to use Mac App Store.

Ofcourse they don’t force anything because of the competing windows platform which is more open up to now. Apple assumed market dominance and locked everything down on mobile.

What I infer from your observation is that closing down Windows could also adversely affect Mac users, since Apple would not miss this opportunity.

So if one OS company moves in a certain direction, the other one can do so safely. Implicit collusion.

Apps need to run/execute in an open source runtime environment that operating systems can choose to integrate...and would need to if they wanted to run any of the applications on the market. The browser is not the answer.

Once these guys get settled in they are going to push for regulation that will somehow preclude people from using Linux desktops.

Apple could have done it with the Apple Silicon transition and yet didn’t. More inclined to believe actions over words at this point.

Not without massive loss of users. Both Microsoft and Apple would love to lock down their platforms, but they have to do it in tandem or users will flock to the other. So we will see a slow lock-in creep until they look like current day smartphones.

Only way to stop this is to react strongly, so if most users are apathetic like you then it is inevitable. Of course I believe that you are right and most are this apathetic, so from my perspective this is inevitable. When they roll out the enforced appstore you will say something along the lines of "but this appstore is secure and I can get all the programs I wanted from it anyway, and even if I couldn't would I really want an insecure program?".

Apathetic — no. I’m aware of the control creep in the industry, but I do think that it seems unnecessarily alarmist to think that Apple just can’t wait to lock down macOS. There is nothing to gain by them doing so and I would be incredibly surprised if they didn’t already know that.

iOS is and has always been a closed platform. We knew that the day they announced the first iPhone and they have been consistent in their messaging about that ever since. iPads and iPhones are globally successful though, far more so than the Mac, and with a far wider target audience that encompasses most people. It would be great for power users to be able to side-load without jailbreaking, but there are plenty of less technical people out there for whom side-loading actually presents much more of a risk than a benefit. That’s what makes it a complicated issue.

The Mac, on the other hand, doesn’t stand to benefit from that same closed model in the slightest. The real target audiences for the Mac (i.e. software developers, professional photography/cinematography, music production, publishing) all live and depend on software that requires flexibility, plugins etc and they stand a much greater chance of knowing what they’re doing. They would walk away from Macs in an instant if the platform stops being useful to them.

Apple Silicon was the perfect opportunity for Apple to close the platform if they really felt strongly enough to do so, but here’s the thing: Microsoft tried to do it with WinRT, it was an absolute disaster and the market spoke accordingly. It doesn’t seem worth the risk.

> iOS is and has always been a closed platform. We knew that the day they announced the first iPhone

Didn't the phone launch without an app store an web/html based apps?



> They would walk away from Macs in an instant if the platform stops being useful to them.

Only if there was a better alternative. That is the point, both Microsoft and Apple works towards there not being any better alternatives out there. It wont happen in 5 years, but almost surely in 20, as they have to do it slowly enough for all major programs to get into the appstores.

Just have to slowly make it more and more difficult shipping software that isn't in their appstores. Then you start paying for exclusives, imagine if Apple paid photoshop to only ship in their appstore and not distribute indipendent binaries for macOs for example, people would quickly learn to use the store. Ship cheaper variants of the OS with only access to the appstore etc. There are so many ways for them to reach that destination, and 20 years is an eternity in this space.

>Just have to slowly make it more and more difficult shipping software that isn't in their appstores.

Valve established their Linux presence because they thought MS might force developers ship only through appstore. What is stping others to make the same move if they sense the same danger? Big software companies won't be dilighted to be forced to use the app store. Nor would smaller companies.

Is it really alarmist to believe that Apple would like to make their less popular OS more like their significantly more popular OS?

>So we will see a slow lock-in creep until they look like current day smartphones.

So we will see the rise on Linux on the desktop.

...and on smartphones.

> Apple assumed market dominance and locked everything down on mobile.

Apple has about 26% market share on mobile globally, that's not exactly market dominance.

Them locking down the platform limits piracy, which is one reason why developing for iOS is much more profitable for many kinds of apps, which causes better apps that drive consumers to the iPhone. That's the reason they put so much energy into locking down the platform

I have to assume that them taking 75 percent of the profit in the smartphone industry, gives them a blank check to do as they wish, and the rest of the industry must follow.


Locking things down and snooping are always presented as an advantage. Stoping piracy, stoping CP, stoping drug dealers and so on.

Maybe we should have some company lock us in our houses for safety? You know, if you wander outside you might get robbed.

Explaining the economic reasons why things are done is always seen as an endorsement of them. I don't think that's justified.

I don't like how Apple locks down their phones, that's why I prefer Android. That doesn't mean I can't appreciate why they do it and why some people might prefer it.

The gulf between OSX apps and Windows/Linux apps in quality was far greater than any sort of edge iOS apps have over competing platform apps. So it’s hard to see how the argument that locking down the platform leads to better apps works.

> they don't impede or force users to use Mac App Store

.. yet. The notarization and signing requirements are steps towards that; there's an escape hatch, but they could close it when it suits them.

> but they don't impede or force users to use Mac App Store.

They briefly pulled Epic's desktop signing keys, which they promised were for security only, over an unrelated iOS business dispute.

This is a terribly dishonest take.

There was no “unrelated iOS business dispute”, Epic was simply using their keys to sign software that they had agreed not to sign. Epic made it clear that they can not be trusted with signing keys, you can’t claim that this is unrelated.

Epic could have sued Apple and proceeded with their business dispute without abusing their signing keys, but instead they made a calculated decision to abuse their trusted position for a PR stunt.

Even if you fully agree with the position Epic is pushing in their lawsuit, these facts remain the same.

> Epic was simply using their keys to sign software that they had agreed not to sign.

Epic never abused their desktop signing keys, which are stated to be for security only, what are you talking about?

Apple did more than that too, they also briefly pulled their Apple logins, which they had surprise mandated on everyone who allowed third party logins. They went full mask off.

It is downright pathetic of you to attempt to differentiate between desktop and mobile signing keys.

Epic made it clear that they can’t be trusted with any kind of signing keys.

Apple made a distinction for desktop that the keys there were to be for security only. The iOS stuff was a payment/business dispute, not security related.

This is completely ridiculous. Epic agreed to not sign certain software, but they did.

Epic promised not to do certain things, but they decided to break that promise. You can call that a “business dispute”, but that doesn’t portray Epic as any less untrustworthy. Epic obviously can’t be trusted to not abuse their signing keys.

Why should Apple allow a known untrustworthy party to sign OS X apps? Honestly, the idea that you should somehow separate these things is probably the stupidest thing I’ve heard during all of my years on HN.

You are talking about unrelated mobile business dispute stuff. Desktop key signing was for security only. Mobile payment things challenging a monopoly force are totally unrelated.

Apple even promised: security only for keys on desktop, none of their iOS control games.

> they don't impede or force users to use Mac App Store.

They do for iOS, though? I'm not convinced we won't see something similar for desktop (possibly with an "opt-out" for power users, where you can manually sign and accept binaries - much like you can build a dev build of an ios app, but not distribute it).

>macOS is even more locked down, but they don't impede or force users to use Mac App Store.

Until now. And because it faced competition from Windows. If they gain some market share, they will.

Wouldn't it always face competition from desktop Linux?

macOS still runs on Intel Macs without a T2 chip, if that’s the TPM-equivalent you’re thinking of.

The first Mac with a T2 chip was the iMac Pro 2017, and that product line was discontinued as of March 5, 2021. Does Apple still sell machines without an equivalent level of TPM?

For what it's worth, it looks like macOS tends to support hardware that's up to 7 years old[0] and macOS versions tend to stay supported for about 3 years[1].

My guess is that by 2027, all Windows and macOS releases for non-enterprise users will either require a TPM or be out of security support, and governments will start banning the latter versions from accessing the internet.

[0] https://www.macworld.co.uk/feature/what-version-macos-compat...

[1] https://en.wikipedia.org/wiki/MacOS_Mojave

Does a TPM chip actually bring any relevant security advantages for end users, or is it just for DRM?

It brings enormous security benefits to end users. TPMs drastically reduce entropy/complexity requirements for things like passwords/pins since the TPM can rate limit guess attempts. Doing that without a TPM is impossible since an attacker can always read the encrypted password off of the drive/directly from memory and then brute force it.

an who of an average user does need that? I'm not an average user but I never need that. I also know no one who can't wait to get it or even think about wanting it. I only read in blogs or HN that one would need it. I think "you need that because of security" is PR/propaganda from certain companies.

As someone with executive function and memory issues, being able to use short pins/passwords to access my secured hardware is incredibly useful.

I think that’s a wonderful use case for a TPM, but I don’t think it means all users should be forced to buy a TPM in order to get security patches past 2025.

(I realize this is a slightly different goalpost, but I’m not GP.)

What threat model do you have that has people breaking I using a short password?

HDD content can be encripted without storing the password anywhere, without a TPM. If the ecryption algorithm is decent, good luck waiting billions of years to bruteforce, even with the next gen hardware.

What secret do you use to encrypt the hard drive? That itself ends up being a password/key file that needs to get stored somewhere whether it is someone's brain or a more secure storage location. I guarantee you that whatever password average users pick will not take billions of years to brute force, more like an hour tops.

I don't think it should have been required for Windows 11, but TPMs are a useful tool for mitigating brute force attacks.

A dictionary/cracklib check, password length requirements and good password hashing go a long way to protecting users as well.

Measured boot and secure storage of keys. It's not all bad.

That's good to hear then! So will most computers having a TPM chip lead to easier integration of secure boot with i.e. linux distros as well?

As long as most computers ship in a manner where the owner can adjust the keys in TPM/SecureBoot - you could argue its a good thing.

Eg,like: https://ubuntu.com/blog/how-to-sign-things-for-secure-boot

I had to disable secure boot to get Nvidia's drivers to work. So I guess the end result might be more hardware trouble for distros, with a subsystem that tries to prevent usage of the computer when it is not happy.

You can also enroll your MOK (Machine-Owner-Key) to UEFI and then sign the nvidia driver with it.

That way, you can leave Secure Boot enabled. However, leaving the secret part of MOK on the machine and let the dkms or whatever updater of kernel modules to use it unattended kind of defeats the purpose.

Is the NVIDIA driver already signed? If it is, couldn't you create a certificate signed with the root key that says that the NVIDIA key is trusted?

No, last time I used it, it was object file and source for a shim. You had to build the shim for your specific kernel and link together with the supplied object file. The result is kernel module, that is unsigned because it is you who built it.

> security advantages for end users

I'd say about as much as Intel's Management Engine. /s

There's a practical benefit that it leads to seamless Bitlocker deployment without making users manage keys or do things that would lead them to prefer to not have Bitlocker.

That definitely counts for a lot. It's just a shame that they can't let that stand on its own with their current marketing.

Huge benefits.

> In related news - ever wondered why Windows 11 can't be installed on "older computers"?

Except of course some older Surface line hardware, because why even be subtle?

But it will be built on top of WSL3 and all hackers will jump of joy with Windows/Linux.

Relevant tweets from self:



WINE and the very popular/well maintained Linux distros have gotten so good in recent years that the scenario is nearly identical to Windows + WSL2, except with the DE reversed.

And WINE is never going to run entirely as smooth/easy as regular Windows, though it's pretty damn close.

I prefer Linux DE, both for aesthetic and resource (but mostly resource) purposes.

I think Win11 looks great despite internet's opinion, but wow-ee I cannot justify/cope with the amount of resources (modern) Windows takes just to idle and run explorer.exe

Now -- OLD Windows? Windows 98, Windows 2000? That was (is) some good stuff.

ReactOS recently released an x64 compatible build and I've booted into QEMU with it and toyed with the idea of trying to use it as a daily driver/work, even for a week as an experiment.


Feels nearly identical to Windows 2000 or so.

Can check news announcement here and get the x64 MSVC build from the nightly page + boot into it using QEMU or whatnot (I used LiveCD to test):


FWIW, I recently tried WINE/Codeweavers again after hearing everyone rave that it ran practically everything, and it was an absolute disaster. Literally 5/6 of the applications I tried didn’t run (and the sixth was Telegram, which actually already has a Linux client IIRC).

I doubt it’s really an option for 99% of people who need Windows for serious work.

Damn that sounds like bad luck to be honest. Or maybe the opposite -- I got very lucky and the apps I used were almost all compatible.

Off the top of my head, I've gotten:

- Ableton Live 10

- FL Studio 20

- A lot of popular Windows games

To work without any bugs (Borderlands 3 had a bug loading an asset once)

The one program I couldn't get working with WINE was Studio One 5.

Ableton and FL Studio are multi-GB programs with dozens of .dll's, really complex -- and all I had to do was:

  wine <installer-name>.exe
Then click through them

So yeah it could just be a crapshoot as far as what works. Maybe it winds up that a lot of the apps you personally use/need don't run at all, which would really suck =/

But WINE sees constant improvement, including contribution from Valve who have a vested interest in Proton for running games. Not to be cliche, but it's always improving.

(I've never used the paid Codeweavers product which is supposedly better, so can't comment on that one. Maybe someone else can chime in with recent experience if they have?)

If a full Windows/Linux ever happens, expect it to be as free beer as ChromeOS and Android are when not installed via official OEM distributions.

It will be the same driver dance and boot loader stories since Linux exists.

I am fine with this tbh, I am a pragmatic person.

In spirit, I love FOSS, though I won't cripple myself by sticking to if something that works better for me comes along/use it to my own detriment.

In fact, I would be willing to pay a good amount of money for Windows 98/Windows 2000 with a modern kernel, x64 support, and icing on the cake would be a Linux shell.

If there was "Ubuntu: Windows 2000 UI Edition" they could take my money.

ReactOS runs on old PCs that couldn't run Windows 2000 and up. It only requires 48M of RAM to install. They are getting closer to a beta build. I use the alpha builds in Virtual Box, along with HaikuOS, AROS, and Linux.

Have you ever tried to do work in it or use it as a general purpose desktop?

It wasn't really feasible (IMO) until they put out that initial x64 build in August, but in my ignorant understanding with x64 compatibility there's nothing stopping someone from running VS Code or whatnot on there right?

What're your opinions on ReactOS?

The 30 minutes I played around with it on QEMU were amazing.

We've truly regressed so much in functional UI design. I genuinely felt able to focus better because there was less "going on" on the screen. Felt like my brain wasn't overstimulated with visual information.

difference is WSL2 is more of a virtual machine than a translation layer like wine or WSL1

Many people only use Windows because the software they have don't have a Linux build. Maybe people should start pressuring vendors to make Linux builds and that could end Windows.


Switched from 10 years of Debian-based linux (mostly Ubuntu, recently Pop_OS) to Windows because of some MIDI driver thing I could not get to install in WINE.

I have had a significantly less pleasant time on both Win10 and Win11, and it's slow as hell. Ubuntu/Ubuntu-derivatives with Regolith as a DE + Tiling WM is the best computing experience I've ever had

(Disclaimer: Have never used a Mac. Have been told OSx is better than Linux by people who have used both for long time.)


The ironic thing is that, I later had a passing convo with a developer of a DAW, who told me that MIDI driver stuff is usually for running specific software from the vendor and that MIDI is universal over USB.

So I never even needed to switch in the first place! I was just too hardware-stupid to know this!

Oh man it hurts my soul.

I could switch back but it takes a whole weekend to properly backup + wipe and setup a machine. I think I am going to go back to Pop_OS or Ubuntu though.

> (Disclaimer: Have never used a Mac. Have been told OSx is better than Linux by people who have used both for long time.)

As someone who used both for a long time, I would agree 2-3 years ago, now though I'd say I prefer Linux. I do really love the new m1 macs in term of temperature control and performance though.

The advantage of Linux is that when it doesn't work it's much easier to diagnose and fix by yourself, that didn't use to be a problem on macs because Apple's QA was much better and they were pretty stable (if you skipped the first 3-4 months of a new OS release) but nowadays, it's a lot less stable, my mac cannot even go to deep sleep properly (which ironically used to be a major pain on linux) and it's just a black box that's hard to diagnose but doesn't work well enough to justify it being a black box. And for the mac, I used to use things like SIMBL to modify the system exactly how I liked it but all of that has been slowly removed by Apple. Now I just want the flexibility of Linux.

  > "I would agree 2-3 years ago, now though I'd say I prefer Linux"
This is an interesting anecdote. Do you have anything in particular that makes you think this, or is it an overall shift in feel? Also curious to hear which distro you use

Call me a heretic, but I am jealous of the M1 performance-for-price being outside the Apple ecosystem and have thought to buy an M1 laptop and wipe it + put Asahi Linux on it hahaha

I mostly use Arch Linux. Used to use Gentoo for years before that. Mostly it's the continuous QA problem I've been getting (my mba not going to deep sleep is a big one), the dumbing down of the OS X interface and the fact that I can no longer easily use tools like SIMBL to extend applications.

It's a bit the straw that broke the camel back. As time went on, little things became more and more aggravating.

I'm eagerly watching Asahi Linux's progress :)

I'm due for an upgrade of laptop at work and have an option of Mac Pro and XPS running Linux. Despite all the goodness of the M1, I still think I prefer working in a Linux environment to Mac (probably going to choose pop os for its tiling)

I have a core i5 mini computer which I spin up every couple of months and it always amazes me that for the first 20 minutes or so the CPU runs at 100% while windows checks for updates (obviously this wouldn't happen if I ran it daily, but still Linux never does this)

>slow as hell It's surprising how poorly Windows performs. Many people who don't use it may have not noticed how bad it's gotten in the last 5 years.

There are several reasons for Windows popularity today:

Active Directory - The centralised control it gives corporates.

Games and DirectX - Although this seems to be getting to be less of a reason.

Backwards compatibility - Windows 16 bit apps are now dead, but you can take the VB6 code I wrote pre-Y2K and run it today.

Linux fragmentation - It's difficult to support all the Linux variations with a single binary (or at least it feels that way to me) I suspect it has a very high support cost. Related to this is the GPL and it's potential to force release of source code.

There is also one reason many here don't see:

you don't have to bother with the console. Everything can be installed and run with a mouse.

Don't take me wrong. I understand the good sides of console programs. You can do a lot there but your average user doesn't care.

I've definitely had to use a windows console on occasion, and regedit which is at a similar level or worse.

What popular end-user software cannot be installed and run with a mouse in e.g. Ubuntu?

Not long ago I upgraded an Ubuntu system to 21.04. It took me more than half an hour of looking around to realise that the "Ubuntu Software" screen everyone was referring to was a separate application that wasn't installed by default. Then I could look up the CLI command to install it via apt.

That sort of thing would be a small (though very irritating) waste of time for many of us on HN but it could have been a showstopper for other potential Ubuntu users who aren't technically inclined and just want a system that works.

Unfortunately in my experience that still sums up desktop Linux in a nutshell. You probably can fix just about anything if you know what you're doing. If you do, you get the benefits that come with running Linux, including avoiding the kind of controlling behaviours we see from Microsoft and Apple in their desktop platforms these days. But the reality is that most normal people won't know what they're doing to that degree and so can't fix the problems.

So continues the cycle where "normal people" don't use Linux and so there is no big market for commercial applications and so most commercial applications don't run on Linux and so "normal people" don't use Linux.

The "Ubuntu Software" screen should be installed by default.

  > Ubuntu Software Center is a one-stop shop for installing and removing software on your computer.
  > It is included in Ubuntu 9.10 and later. 
  > - https://help.ubuntu.com/community/UbuntuSoftwareCenter

The "Ubuntu Software" screen should be installed by default.

"Should" being the operative word unfortunately. It clearly wasn't installed by default for this machine that had been upgraded through earlier versions (starting around 16 I think so well after 9.10), nor was there any obvious indication to the user that it was missing and available to be added.

There were some other oddities after that upgrade, for example Firefox no longer appearing for one-click launching from the default UI layout when it had before, so the lack of Ubuntu Software (and, apparently, its underlying apt package) wasn't the only anomaly. It just wasn't a polished experience that a non-technical user should have to deal with.

Ah, the "should-have-but-didn't" class of frustrations! Often undocumented, often not even believed when asking for help online.

I understand your frustration!

Is synaptic not a thing anymore? I haven't used linux in a number of years.

Synaptic still works fine but it also needs explicitly installing and it is aimed at more technical "power users" and so solves a slightly different problem.

The fact that you had to narrow it down to some arbitrary "popular" category to not touch the topic speaks for itself.

Alright then, what unpopular end-user software cannot be installed and run with a mouse in e.g. Ubuntu?

I’m also struggling to understand why it would be difficult to create a mouse driven GUI for any CLI based app.

In fact, there are apps that can do that automatically. Admittedly these apps tend to create not very good UIs, but the point is that it’s not hard at all.

Honestly, the only examples I can think of which support your claim are development related tools/libraries.

Ironically I have been using Linux via VMWare for about 10 years now, because I got fed up with Year of Linux Desktop, which to this day still doesn't provide a proper experience to anyone that cares about graphics programming and usable UI/UX tooling.

When my Asus Netbook dies (1215B with XUbuntu), the next UNIX travel laptop will be an Air.

So you can spare the talk about how much GNU/Linux has progressed, since I see it every time I take that netbook into use.

Have you ever considered that there's a huge amount of users that don't care about "graphics programming and usable UI/UX tooling"? Maybe Linux on the desktop doesn't suit your individual needs, but you seem awfully combative about it on the basis of your specific niche.

  > "Maybe Linux on the desktop doesn't suit your individual needs, but you seem awfully combative about it on the basis of your specific niche."
I see your point. Devils advocate: we're each the center of our own universe, so whatever it is we find important is the marker for usability for us.

Ideally an OS should have tools for everything. Though I'm not certain if "Graphics Programming" means like GUI in C++ (pjmlp often talks about C++ Builder and C++/CX, so I believe he means that kind) or programming GPU's via CUDA. I don't think it's the second one -- Linux is much easier for GPU stuff (IE most ML projects/tutorials are only set up for Ubuntu) than Win.

I imagine the argument stems from a lack of Visual Studio equivalent on Linux. It looks like the only version that runs properly on Linux is VS 2005 -- LOL!


If you work with some of the Visual Studio specific tooling around things like XAML or C++/CLI etc, yeah there's absolutely no substitute.

It's like Sketch on Mac (god I hate that company for being Mac-only) or Xcode. You're SOL, better buy a Mac.

Lettuce pray for the day WINE is good enough to run Visual Studio.

VS on Linux would indeed be great. I had to make a Win10 VM the other day to compile a C# WinForms project that I could run fine in Wine but couldn't modify. Similar deal with reverse engineering, Cheat Engine runs surprisingly well in Wine but none of the Mono stuff works.

I do think it's a little reductive to discuss Linux struggling with things like Visual Studio that are only relevant because Windows is relevant, but that is our unfortunate reality.

Yep, pretty much it.

> Have you ever considered that there's a huge amount of users that don't care about "graphics programming and usable UI/UX tooling"?

Have you ever considered that this "huge amount of users" might not care about graphics programming or usable UI/UX tooling, but that >99% of them sure care about either graphics (games, photos, video, digital painting, ...) or usable UIs and UX?

I'm using Linux all the time, and it's quite amazing how terrible anything Desktop related is. Who is going to fix that if the state of graphics and UI/UX tooling is so poor that it either drives away or stymies all the people with relevant skills to drive some improvements?

I'm not saying those things aren't important, but they don't warrant the outright dismissal that I was replying to.

Linux has an obvious lack of contribution from designers, designers are employed for products, noone is making money selling desktop Linux as a product. Also, most designers aren't tinkering with open source software alternatives in their free time like developers do.

I also feel like I'm missing something because my experience on desktop Linux is way better than anything I've ever had on Windows or Mac, meanwhile everyone's saying it's unusable. Can't be easy for the handful of people working on desktop environments and the like.

Honestly, I think the entire situation where we have multiple DEs/toolkits/video drivers/window managers/input methods is unmaintanable. It would be likely unmaintanable even for a well-funded corporation.

If there was a well-funded corporation, they would naturally focus on their stack of choice. I think that's what Red Hat does, focusing most of their desktop stuff on GNOME.

Some Linux Desktop are loudly combative about how great Linux Desktop is and seem to consider it some kind of failing if someone else doesn't agree. It's always "you chose the wrong distro!"[0] or "you have to be more picky with hardware!"[1], or even "it works for me, so you must be lying!". I imagine decades of experience with that person on internet forums is what has shaped parent's combativeness.

[0] for literally any distro choice

[1] even when it isn't a hardware problem

> It's always "you chose the wrong distro!"

I know what you mean, but in this instance the complaint is poor UI/graphics while the distro in question is using a very cut-down desktop environment (running in a VM).

  > "which to this day still doesn't provide a proper experience to anyone that cares about graphics programming and usable UI/UX tooling."
Genuinely curious what doesn't work in IE Ubuntu 21.04 for you?

Not one of those raving Linux zealots (don't really care that much about privacy), I've just had positive experiences on Linux -- not using it masochistically for ethical reasons, but because it worked very well for me.

So I would be interested in hearing the other side of the coin, since you've been around the block a time or two.

I'm not the person you were replying to, but here's the straw that broke this multilingual camel's back: unless Gnome is running under Wayland, switching the keyboard layout steals the input focus away from the foreground window briefly, causing focus-loss event handlers to fire. This might seem an easily fixable minor issue but it's actually a decade-old hairball which significantly harms the experience and can't be fixed cleanly under X.

I don't recall this ever happening to me in KDE under X, at least not in a way I've noticed.

It's a Gnome-specific thing

Isn't Wayland standard in 21.04? So it's already fixed?


> it's actually a decade-old hairball which significantly harms the experience and can't be fixed cleanly under X.

This is literally the whole argument for Wayland - things that can't be fixed under x11?

I didn't notice Wayland becoming the default, tbh. Thanks for mentioning this. As for the specific bug, it was introduced by the implementation of a non-essential feature (the languague switch HUD) which was then left in place, likely because the Wayland transition was juuust around the corner. While Wayland does address many architectural issues, I don't think X users should deal with regressions caused by Wayland-optimized features just yet (and definitely not 8 or so years ago).

> a proper experience to anyone that cares about graphics programming and usable UI/UX tooling.

I suppose the only answers here are qt or game engines like godot/heaps.io etc - and they probably aren't as good as windows. But it's a little tricky to know exactly what you mean.

> When my Asus Netbook dies (1215B with XUbuntu), the next UNIX travel laptop will be an Air.

> So you can spare the talk about how much GNU/Linux has progressed, since I see it every time I take that netbook into use.

If you're looking for a "windows desktop replacement", you should probably compare it to one of the "big" desktop projects - ie: Ubuntu standard desktop (not a spin, like xubuntu), Red Hat or SuSe.

It's also not clear which version of xubuntu you're running - 20.04 lts?

Personally I think 20.04 with Wayland and pipewire has made great strides as a "just works" Desktop - and I'm looking forward to the next lts (pipewire baked in, hopefully).

That said, I doubt much will beat an m1 Mac in the near future, if you're happy with apple/macos.

Qt isn't a OS framework like Cocoa, or WPF/Win32.

It is the best cross-platform C++ GUI framework, but nothing specific to Linux per se.

Thanks for educating me on Linux distributions, pity that I have been using them since 1995, and yes it is the LTS version, it tends to break less.

VMWare vs Native Linux running last Gnome is a very, very different experience in my laptop.

VMWare is crippled performance wise, doesn't detect autorotate, and using it in full-screen requires me to resize the VMWare window every time I reboot the VM.

VMWare also doesn't detect all the buttons in my mouse.

My first Linux distribution was Slackware 2.0 bought in 1995's Summer, and have used VMware since 2010, so all anecdotes.

The thing is, vendors will only invest resources required to make Linux builds if there's a market that justifies the investment. The only pressure companies can feel is the pressure that comes from the promise of making more money.

You mean, just like Apple did?

It obviously won't end Windows. Not will actually make any sizeable dent in Windows marketshare. That's a pipe dream.

Vast majority of people use Windows because it comes preinstalled. And it comes preinstalled for business reasons that are very hard to counter or reverse.

The only way to weaken Windows is through legislative measures and that ain't likely to happen.

Call me paranoid, but I am completely certain that TPM has a backdoor disguised as a very sophisticated bug for plausible deniability.

I'll never trust BitLocker or anything that relies on TPM to encrypt any data I actually care about not being compromised (read: my very personal data, not work data).

You're in luck then! Everyone seems to be ditching TPMs in favor of their own security chip technology. Google has titan, Apple has T1/T2, and Microsoft now has Pluton. While the TPM is a well defined spec, I have no idea how fair.

I doubt it. A much more likely suspect is the Intel Management Engine, which unlike a TPM module, runs an entire operating system alongside your computer and hides it's outgoing traffic as encrypted TLS data. Yikes.

A much more likely explanation for TPM is that it can enforce weak and vulnerable cryptography at a hardware level. It's an open secret by this point that the NSA weakens elliptic keypairs to make them vulnerable to differential cryptanalysis. With TPM, software can now be forced to use hardware crypto, which is almost always weaker than the programmable software crypto we had before.

People always say this sort of stuff, but I feel like never really ask, is there any reason why Microsoft would do this?

Desktop revenue from apps is small and will get smaller. MS gets that the web will continue to grow larger.

I just don’t believe the App Store angle. I don’t think Satya does either. The cloud runs the company now. They did this for a different reason. I just feel like people aren’t even trying to reason through what it is.

My 2 cents, if MS control the app and store, it means no pirated office / sql server running on both servers and development machines.

Open source solutions may also meet a hindrance when they somehow collides with MS's line of business (postgres).

Theoretically Microsoft can get a cut from adobe subscription (no longer puchase, screw them too). They can also potentially force valve or epic for a fee or shared revenue, which is why steamOs are there. Netflix and spotify are also potential targets.

Then no telemetry can be published if MS said so, forcing third parties to deal somehow with MS.

But for Office they are already trying to move all the revenue to O365. That's the future and there you don't have to deal with piracy. I've never heard pirated copies of SQL Server being an issue.

And then, sure there's Adobe, but 99% of apps are pure web apps. No desktop client needed. Netflix Windows dekstop usage is small compared to their webpage and if MS pushed hard on this, they could just pull the app altogether.

The app store angle just isn't going to be this revenue monster for them long term. When I look at my desktop the only apps I have open are Microsoft and Adobe apps. That's it -- and the occassional game.

IMO, I think the thing they should care about the most is preventing ransomware/malware on their devices. Apps will be in the cloud, but the entry point is the device. Enterprises will want to have the most secure and easy to use entrypoint.

Microsoft fanboys will finally get the maximum security digital prison they asked for, built with their own money.

We tried to tell you, but you were too busy playing your dumb DirectX games. It's not that those same games could not have developed for Linux, though.

Let's see how long you tolerate having to kiss Satya Nadella's ring every day now that you have forced choices.

People weren't distracted by the friendly Microsoft front. People were distracted by all the other companies being even worse.

Yes they were and they are. You can see it regularly on HN, saying that today's Microsoft has nothing to do with the ugly beast from the 90s, the times have changed, they are now a completely different company, they contribute to Open Source and even Linux, and they can now be trusted because they built the best code editor in the world. I don't know if people actually are that naive or if it's a part of Microsoft's intensive efforts to game HN.

It's a little of column "a" and a little of column "b" and also because there's a whole generation which has come and gone since the Halloween Papers and the general MS fuckery of the 90's.

>Mark my words - Windows 12 will severely impede direct installation even of an user-space software, funnelling everyone to go through the store. That's the end goal and we will all be there in a couple of years, whether we want it or not.

People have been saying that forever. At our company we rely on windows backwards compat to run older commercial software which has saved tens of thousands of dollars for us. It seems to me like people are not exposed to a large swath of the computing landscape that uses industry specific commercial software that isn't going anywhere.

Also who are the "lemmings" in your analogy? Hopefully you're not referring to normal people who make rational decisions based on their needs.

It can be installed without a TPM chip. My computer does not have a TPM and they say it will soon be eligible for Windows 11. If you can't wait, you can do a full install using an ISO image.

You can't install W11, not even from ISO, if your computer doesn't meet all the requirements (yes, I tried).

There are some remastered ISOs floating around.

>Just like what Apple has with its AppStore and its wonderful, wonderful 30% commission.

At least Google is planning to lower their 30% commission for a bit.

SecureBoot and UEFI were foisted to dampen continued viability of Windows XP and Windows 7, plus functioning as roadblocks to Linux booting and adoption as has been seen.

It's been years but Linux remains much more badly sidelined compared to working under BIOS, rather than UEFI.

TPM is to hasten the demise of Windows 8 & 10 and the hardware that dragged them in.

Back to the Mac for me. Yeah, they have the walled garden problem too, but *nix environment for my development hobby is better there than I have on Windows 10. I’m not willing to go all the way to Linux for my main system since my wife has to be able to use it.

Numerically developer desktops aren’t significant, but mindshare is.

Apple are doing exactly the same thing. I'd even say they're slightly ahead of Microsoft on the storification of their desktop OS.

> I’m not willing to go all the way to Linux for my main system since my wife has to be able to use it.

What is the problem with using it? My non-technical relatives are quite happy with their Debian which I installed for them.

We all won't be, only those still choosing to run windows. For those not doing so, we are not affected.

Someone recently got Windows 11 installed and working on a Pentium 4, so it doesn't seem that the restrictions are hard to bypass.

I can't bring myself to be sad when the outcome is a more secure os. If anything I want /less/ user power. Imagine a world where you can start a "private" chat and not even need to worry about screenshots. I'd love that personally. And what's the downside? I lose features that only matter to the cyber politicos?

This reads exactly like the crazy conspiracy theory nonsense that FOSS-clowns were pushing out regarding Secure Boot.

How did that end up? Well, turns out that they can now safely be called clowns.

The water is getting so hot the frog is having problems breathing from all the steam.

"Crazy conspiracy!" He yells between two heavy gasps for air.

FDSGSG 2 days ago [flagged] [dead] [–]

Oh piss off, nonsense like this is why we still don't have any Linux distros shipping reasonable FDE implementations.

I sure hate to be able to kind of trust my computer http://0pointer.net/blog/authenticated-boot-and-disk-encrypt...

I like how the author acknowledges that some people claim that TPMs are evil but doesn't actually refute it.

As long as I can't extract the Endorsement Keys from a TPM I legally own you are not convincing me otherwise.

It started with Vista. Due to DRM you can't play your own videos. Only DRM protected ones.

How so? I could play all my pirated DVD rips just fine back then (DivX .avi), same how I can play pirated Bluray, Netflix, Amazon, etc. rips on Windows 10 and 11 (.mkv).

I'm guessing GP is referring to the introduction of Protected Media Path stuff in Vista, which broke some existing video players. It didn't break non-DRM videos though.


Yes that didn't happen. It was FUD spread around back then. Like with TPM now.

It's absolutely fascinating that an open OS like windows (not open as opensource, but open to run every program) takes that route.

Microsoft really thinks they can compete with platforms like android or iOS, i have to say: Thank you Microsoft!! You accelerate the downfall of Windows! No one will need you in the future, Adobe on M1(Apple), Development on Linux, Gaming on Linux, Workstations Linux maybe some Apple.

Huh? Android, iOS, and macOS have their own versions of TPM, Microsoft is just late to the game, and it's slowly catching up.

Out of the bunch, Microsoft is the only one that even allows custom kernel drivers, since Apple deprecated them with macOS Big Sur, and iOS/Android never really allowed them.

I don't say Android or iOS is more open...quite the opposite.

>Microsoft is just late to the game, and it's slowly catching up.

Why do you think people want yet another platform but in the Microsoft-verse, you choose Windows because it's open and you can run ~every application on it. There is no catching up by closing down your hard-ware framework (aka OS)

I assume majority of people want a secure platform where they can run apps/games, without worrying about ransomware and malware.

For those few that want to test things or run custom drivers, they can still disable driver signature enforcement, but some features/apps might be unavailable in this mode.

Yeah my thoughts!

But on the other hand people also use Windows because its the default that comes with their new computer. (Not talking about HN community, talking about regular Joe) As long as Microsoft keeps lobbying OEMs to include Windows and there's no good alternative (looking at you, non-tech-savvy user-friendly Linux distros and major software vendors like Adobe, Autodesk etc, they will only keep locked to using Windows.

I'd love to see an alternative world where everything has an equivalent open-source software that people can switch to, but let's get facts right, many open-source software is inferior to their counterparts (especially on the design/photography world against Adobe).

> I'd love to see an alternative world where everything has an equivalent open-source software that people can switch to

Keep in mind that software doesn't need to be open source to run on Linux. Developers can still support the Linux ecosystem by creating/porting proprietary software for Linux, and users will consider it when they choose an OS.

Examples of proprietary Linux software that is used professionally:

- DaVinci Resolve (video editing suite): https://www.blackmagicdesign.com/products/davinciresolve/

- Bitwig Studio (digital audio workstation): https://www.bitwig.com/overview/

- JetBrains Rider (IDE for .NET): https://www.jetbrains.com/rider/

>But on the other hand people also use Windows because its the default that comes with their new computer.

True, but if Windows cannot run the application regular Joe wants, people will just switch to Chrome OS or Apple or Linux (wine?). Sometimes regular Joe's uses more exotic Software we can imagine, and they choose windows because it runs on it since 25 years. Just some examples i have seen:

-VisualBasic 6 (for model train automation)

-A 20yo siemens software for relay automation

-A ~25yo CNC maschine (Windows software to convert CAM to N-language (self-written postprocessor again in VB6))

And much much more

It's kind of a chicken-egg problem there too: Windows is the most ubiquitous OS when it comes to "computers" as the society knows, and more software gets written for it, and because of it, OEMs would prefer it even if MS doesn't push them anymore.

Not sure about the solution.

I've ran a lot of these weird 90s-looking "The OEM did a thing" applications on wine, most work pretty flawlessly. Even a few that talked to hardware (over serial, though).

However I don't think you can expect to run e.g. a machine controller on another OS.

Wine is pretty bad for any serious creative software. Tablet pressure support has been broken for an eternity. Alt+mouse combos don't work correctly. There's patches, but they keep getting ignored and broken by whatever else is supposedly more important. I went back to Windows, because Wine's broken contribution process was a waste of time.

Well it's not a controller, it's a post-processor that converts and sends the specific N-Code to the CNC (heidenhein "OS") (serial or ir)...CNC then executes the stored code.
FDSGSG 2 days ago [flagged] [dead] [–]

Weird nerds like you that care about "open platforms" at the cost of security are a tiny minority. This will do nothing to accelerate the downfall of Windows.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact