Microsoft secured my files!
Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you've got an unactivated copy, local account, or don't know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
1274
Comments237
They also do spyware. They just renamed it "AI."
and also Recall
Rectal is what it's called I believe?
Microsoft Rectal
It logs literally everything you do with screenshots, then sends it to M$ despite their assurances that it would be local only.
Super invasive!
Thanks, it was hard to recall
I'm not aware of them uploading the screenshotted data, not for now anyways.
The data is indexed and parsed somehow. The last report on it that I saw had a picture of a semi-famous person be properly indexed under the person's name, despite it being a picture that was taken by the person talking about recall, which means the image was not public. Whatever recall was doing, it analyzed the picture, and that's probably not a local process.
It takes a screenshot every five seconds and runs an LLM over it to extract text. Then there's a UI where you can query it for what you did in the past.
It came under fire when they wanted to introduce it last year, because it stored all that data on your disk in unencrypted form. Meaning if anyone manages to run malicious code on your system, they don't need to do the collecting themselves anymore, but can rather just send off any screenshotted passwords or whatever other secret things you might've been doing on your PC at any point in time. In particular, Microsoft had claimed that the data would be encrypted and it wasn't. Didn't even need special permissions to access it.
No idea, if they fixed the encryption now, or if this is just a case of the shitstorm having died down, so they roll it out now. But yeah, even with encryption, the implications aren't great. If your parents or boss or law enforcement want to know what you were doing on your PC, they now have an exact history. And Microsoft could still change their mind and decide to upload all your data at any point in the future.
Doesn’t that take a ton of CPU/Memory?
Yeah, good question. I imagine the screenshotting itself is largely negligible, although obviously not free either. I don't know when the LLM gets to do its job. Theoretically, it could be delayed until some point where there's not much going on on your PC.
At some point, Microsoft wanted to roll out these AI features only on PCs which have an NPU, which is basically an additional CPU with a different architecture optimized for pattern recognition and such. I don't know, if they still hold onto that requirement, but it would mean that it wouldn't hog your CPU at least.
They have been somewhat desperate to roll out Recall, because it was the only semi-useful out of a handful of features that they came up with to somehow integrate AI into Windows. So, that's why I'm never quite sure, what requirements they're still holding onto.
https://en.wikipedia.org/wiki/Microsoft_Recall
Basically takes screenshots and stores them, then scans them and makes the text searchable. There's been a bit of controversy over it lately and how it deals with PII/PHI.
https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled
Open your mind!
Recall Rec all Record all, their not even being subtle about it anymore
My god it's all true 🤯
Did they change it from "telemetry" to AI now?
https://en.wikipedia.org/wiki/Microsoft_Recall
Unless the "telemetry" has been removed, shouldnt there be "added extra" instead of "renamed"?
Telemetry is exclusively for internal data collection and the inevitable sale of it. Recall is also for data collection but provides a user interface to access a slice of that data under the guise of the whole thing being a "feature".
Telemetry isnt always collected to be sold. Open source projects often collect crash data to improve the software
Sure, but we're talking about Microsoft here. When was the last time they actually improved any of their software?
They added windows explorer tabs a couple years ago. Does that count?
I think they renamed everything to copilot
Office365 is now Copilot 365
Holy shit, they automatically activate it on computers without an account to back the key up to?
That's just malicious
IIRC, they only do this if you're logged in with a Microsoft account.
Bitlocker is disabled by default if you only use local accounts
I've occasionally seen it activate itself on computers with only a local account, though I've so far only seen it when upgrading in place to 11 with secure boot enabled in the BIOS, and not every time. Fortunately the one time it locked me out was on a freshly cloned drive, so it only cost me redoing the work.
Also, the number of people who I've seen lose all their data because they don't even know they created an MS account during OOBE, and later had a boot or BIOS hiccup, is too damn high!
I have (had ;'( ) a local account, and bitlocker was activated. I only found out when my motherboard bit the dust, and that triggered the no-TPM bitlocker thingamajig. Goodbye data.
Of course it hits right as I needed the data on that laptop. Fucking murphy and his fancy legal words.
If anyone is in a situation like mine, you might find luck with a little DIY hacking: https://www.techspot.com/news/106166-old-bitlocker-vulnerability-exploited-bypass-encryption-updated-windows.html
This only happens on OEM installs of Windows. Ridiculous but as far as I know if you disable it after first setup (OOBE) it never shows up again if you have only local accounts.
🤔 shit... you right
Could you elaborate?
luks-cryptsetup-backup
If you encrypted your disk/partition, the lock is stored in the luks header. But if that one is broken, you cant decrypt anything even if you remember your key and all data is lost.
Thanks!
As I understand it this shouldn't concern me if my backups are full disk images via Clonezilla, as those should already include the LUKS header, correct?
Correct.
Thanks!
They desperately wanted to eliminate personal computers and replace them with dumb terminals running over the net.
When the public rejected this idea
THIS is their response. They are still insisting on total control of our computers.
I don't know about that.
Dumb terminal concept was more what Chromebook was doing.
Microsoft is doing something even stupider.
I mean, for a lot of people they're fine especially if they're priced appropriately. Especially with a lot more software as a service out there. My problem is that all of them have a built in drop dead date on when they're going to stop getting updates and there's not really a great option for the devices post ChromeOS.
ChromeOS certainly can be a good system. I still have my old CR-48 from when I got selected to test the OS and even when it was in its infancy, it was solid. I used it for a lot of my college career because it was better than my Asus eeePC which had Ubuntu on it.
I had an Intel Chromebox that I ran galliumOS on. The problem is locked bootloaders which should be illegal
If my Chromebook could run Linux or even pure Android, I'd probably use it way more often. But it being a locked down distro with android bolted on is useless to me.
It feels like the worst of both worlds. It's fine for people who use a laptop/OS as a bootloader to a web browser, its not fine for weirdos like me.
Funny thing is that a cheap netbook has stats that would be fine for anything we did in the 90's maybe even some games too
The Chromebook I have, is overall fine. It runs ChromeOS pretty well, and most web pages don't make me beg for more RAM or CPU. ChromeOS does a fine job, to the point I wonder if I ran Arch or something on it, it's a crapshoot.
I think most laptops these days, even the cheap ones, are probably fine when you run a light OS on em. I've used computers that were 10 years old and ran most things decently well.
I've got an entry level desktop from 2009 I'm gonna throw arch on and run some stuff
You could always put Linux on it. I believe there is a way to do that for most ChromeBooks nowadays.
I tried, doesn't work. There's no documentation for my laptop or its board codename. I briefly got it to consider an Arch Linux ARM ISO but it just looped an error code on boot until you turned it off.
I have never bought a device I could not own completely and flash the rom with what I want. Except once I had iPhone 3 but it was easily jail broken, but I still feel dirty. How can someone think they own and control something I bought? There is something fundamentally wrong with that and I agree it should be illegal
Agreed. It's unacceptable that things have gotten this.had. we need to fight back
I think they want you to only use Windows and pay for cloud storage.
By enforcing BitLocker and Secure Boot, they are trying to eliminate dual-booting (you don't need to dual-boot Windows/Linux anyway, as you can just use WSL2 /s).
By enforcing disk encryption, in general, they try to force the use of cloud storage, by making data recovery nearly impossible. Most people are probably too lazy to buy external storage, and manually copy their files over.
This guarantees 2 money streams. One from Windows's tracking/advertising and the other from OneDrive subscriptions.
Exactly, as I can just wipe the disc and install OpenBSD.
Data recovery isn't impossible. You can easily back up the recovery key. This is just typical Microsoft shit design.
https://support.microsoft.com/en-us/windows/back-up-your-bitlocker-recovery-key-e63607b4-77fb-4ad3-8022-d6dc428fbd0d
My parents wouldn't even notice that their computer decided to encrypt their files. And they will blame the service guy for not being able to recover their photos, in case of hardware failure.
It does not guarantee any revenue stream. It is just incompetence
MS execs blathered about "the age of software running locally being over" long before Chromebooks.
Not to mention DRM. They want to own your computer and prevent any kind of modification so that movie producers give them money.
Movie producers?
Yeah, shit like HDCP is pushed by the film and TV industry.
Not really. Your problem in us is the lobbying lawyers. It's a political systematic problem. The demonic corp entities that crave endless growth will never not do anything that could potentially suck any data from or control a customer. The ones that get "money" for things like this are your law makers. The Republican authoritarian faschists are the winners, along with billionaires that can afford to buy laws. No movie producer. No one in any business except exploitation on the mass scale can profit from these moves. In some countries it is illegal. In the us it is business
No idea how you say all that but can't put together which industry specifically benefits from HDCP.
So not movie producers. You just mentioned them as another category being fucked? Because that's what they are
The film industry benefits from HDCP and all DRM, they aren't being fucked. I've looked back over the conversation, I think you have it flipped in your head.
Just wait until you learn about Intel's Management Engine...
Good thing PCs aren't locked into Windows.
yet
Good luck locking loose mainboards sold for the DIY market, which don't come with anything installed by default, to a given OS, the only way that could maybe work is forcing the OS in ROM.
Another way would be to discontinue the socketed desktop form factors and replace them all with mini PCs that are as locked down as the current Macs.
Thinking for two seconds:
MS pays Google to start enforcing some device verification thing so you can only view a good chunk of the Internet if you pass verification? (Assumes Google goes even harder making the web Chrome-focused)
Ooh Cloudflare could be invited to the party here too. Constant CAPTCHAs if you’re not on an MS AUTHENTI-PC! device. (Think Private Access Token)
…fill in the gaps friends 😉 you know MS has already debated all your “suggestions” anyway
Google already does precisely that with their "open source" mobile OS. People underestimate how easily these guys can ruin stuff
:( tell me more?
First off, Google has made agressive deals with phone manufacturers to ship spyware with their phones by default, and some of the stuff can only get taken out by rooting/jailbreaking the phone. By doing so, they acquired nearly 100% of the app store market share, and then used it to make "useful features" such as integrity checks that are tied to the Play Services app (which is an always on spyware background app).
The end result is, even if you manage to root your phone and install a custom ROM (which is not always available to every model), a bunch of apps will refuse to work properly because you fail the Google Play fingerprinting steps and are assumed to be a security vulnerability. If I'm not mistaken there's also some shady stuff with certificates, too
This is already part of the trusted computing spec its called "remote attestation" I would actually expect it more targeted at multimedia who are hot to keep you from copying their stuff and banks.
So you're suggesting MS will somehow block non-Windows OSes from installing, even on hardware like loose mainboards for building your own PC with, or even on barebones mini PC kits or certain laptop SKUs, which don't ship with an OS installed to begin with and expect the user to install it themselves? I mean, unless something extreme happens like changing the entire PC platform to be like the current Macs, that won't be feasible.
Also, doing that would kill the Steam Deck which I doubt Valve would take sitting down.
SecureBoot pretty much does this. There is nothing preventing motherboard manufacturers from blocking adding non-MS keys if they wanted to.
No just some laws
Except AFAIK loose mainboards aimed at the DIY market, as well as barebones kits, don't ship with SecureBoot turned on by default and an off switch for that is mandatory to the PC spec.
Ah no
/
Get Google & Cloudflare to make the internet suck if you didn’t pay Microsoft[‘s vendors] “enough” for hardware
Just sounds great doesn’t it?!
No. You know nobody can do that. It's illegal almost everywhere to even try. But in usa maybe happening soon. They can still import parts for years until they ban that too
Just checked my wife's laptop. Local account, secure boot off, windows 10. It had a message telling me to setup a microsoft account to 'finish encrypting the device'. I clicked turn off, and it's currently decrypting the hard drive. Blech.
I need to check my girl's laptop.
Good now we know that
Which version of Win 10 are you using? My girl's Win 10 Pro laptop is still unencrypted.
Windows 10 Home
It's not which version, it's where you are. They follow some laws here some there and now that the US is fascist they roll out features like this on these easy targets first
Oh, ok. I am in EU.
They cannot push this to eu, mine is also not encrypted
Shit they do this on windows 10 too? I should check my girl laptop too.
Meanwhile in Linux with luls, which I've had since a pre-pre-pre version somewhere back in the early 2000's, I can have multiple keys, all works like sunshine, never had problems.
On windows... So we work with highly sensitive data, and ever since I came in I thought it insane that people working remote don't have that highly sensitive data encrypted. We can't switch Linux yet, so okay, we go for BitLocker.
Boy oh boy oh boy was that a mistake.
50 remote users, 5 get encrypted devices with BitLocker as a trial and within a month, 3 of them already got locked up permanently because apparently it'll pwrma lock itself after x amounts of invalid passwords which is just incredibly stupid. But don't worry, there is a backup key! Yeah, that is lie 48 characters that we'd had to pass by phone and they have to type it flawlessly.
Suffice to say, the remote users will be running Linux soon, like it or not.
Wouldn't be so bad if everyone knew their Alpha Bravo Charlies
My one talent: alpha bravo charlie delta echo foxtrot golf hotel India Juliet kilo Lima mike November Oscar papa Quebec Romeo Sierra tango uniform Victor whiskey x-ray Yankee Zulu, typed using voice to text
You have a point. But Bitlocker recovery keys are all numeric. Really not all that hard to translate over the phone. Typically a secure email is what we use to deliver since 99% of employees also have email on their mobile devices.
The pinnacle of secure data is cryptographically sealed with a key in the inbox
Haha. You aren't wrong. But just rotate the key after. Also, there are plenty of secure delivery methods and encrypted delivery options.
It's best to generate a key with as many 420 69 in a row so you can memorise it
Alpha bravo charlie Delta echo foxtrot golf hotel Juliet Lima kilo Manhattan November Ovaltine Papa Quebec Romeo Sierra Tatooine uniform Victor wet ass pussy x-ray yokai Zelda
I'm a little fuzzy on some of them...
That's a ticket I would go and overnight mail a pre configured IP KVM
If you only used TPM for bitlocker with no pre-boot authentication or something similar, it's possible that you had the "MaxDevicePasswordFailedAttempts" policy configured. Apparently that is configured by default if you use the security baseline.
IMO it makes a lot of sense to lockdown and require bitlocker recovery if there has been a few failed attempts.
We use bitlocker on probably over 1000 devices I don't believe we had any substantial issues with it. Of course users occasionally get locked out, but that should be planned for and a process should be in place to help them.
I suggest deploying windows hello or smart cards to reduce the dependency on passwords. Window hello for business is especially great since it's free, secure and way easier and faster for users to use, especially if your devices have fingerprint readers or face recognition. I wish Linux and MacOS had anything as useful as Windows Hello.
Yeah I'm with you. I also manage about 800 devices at my current role and I've never had any major issues with BitLocker.
I'm tempted to think they're just lying but that's a little mean. Maybe they just didn't know? I don't know but BitLocker is not the problem here.
I suggest we move all our machines over to Linux, which is the actual plan. Fuck everything about windows
Also, permanently locking a device after x failed attempts is just plain silly, security wise. You know I can take that drive out and just try to brute force it a million times per second without that silly rule being in my way, right? It's an anti security pattern similar to requiring password changes every week, it's a bad idea.
It's not permanently locked though.
Apparently it's not configured like that by default and even if it is, just configure it differently if you want a different behaviour ¯\_(ツ)_/¯
Moving over to Linux is a great idea, if you have found a good way to manage them and your users are accepting.
Either way, I have never noticed this issue and we manage hundreds of Windows computers
Nah, not really. I get what you mean, but the feature is obviously intended to lock the drive after a few failed logins because the user's password is generally way less secure than the bitlocker recovery key/encryption key. Brute forcing a 48 digit key is practically impossible while brute forcing a user's password is child's play in comparison.
So in my opinion it sounds like a pretty good idea to include that feature in the security baseline. It's not really Microsoft's fault that you pushed out security baseline settings without checking what they do first. But since you actually did some testing with bitlocker, the impact wasn't that bad. So just adjust or disable the feature and move on.
Exactly. We'll switch to Linux, finally have security and dependable devices, and then we'll move on
Just curious, what management software are you gonna use?
P.S good luck configuring Linux if you can't even manage bitlocker.
hey, at least it tells you if you put in a typo every few chars.
Not that it helps now, but you can also dump your bitlocker recovery key through powershell and save it independently.
(Get-BitLockerVolume -MountPoint "C").KeyProtector
The control panel dialogue allows you to do this as well. Control Panel > system security > Bitlocker encryption. But it also has the superior option which is to turn it off.
I didn't loose any data BTW. I had my M$ account info, and a backup besides.
Why would you not want to encrypt your files? My Linux systems are encrypted too.
Not using Bitlocker is not the same as not encrypting your stuff.
I know, I just meant why would someone willingly disable Bitlocker?
I mean... the premise of the thread seems like a good enough reason, doesn't it?
And even if it doesn't, if one is already using a different encryption solution that doesn't rely on TPM and secureboot silliness, what possible reason could there be not to disable Bitlocker?
Some of the things mentioned in the OP don't actually happen in real life, though. Bitlocker is only automatically activated if you use a Microsoft account to log in, and why wouldn't you know the account credentials if it's what you use to log in?
TPM is optional (but recommended) for Bitlocker. Practically every computer released in the past 10 years has TPM support.
Secure boot is needed to ensure that the boot is secure and thus it's okay to load the encryption key. Without it, a rootkit could be injected that steals the encryption key.
You generally want to use TPM and secure boot on Linux too, not just on Windows. You need secure boot to prevent an "evil maid attack"
Maybe I'm misunderstanding something here, but does this whole thing not mean that the moment you use your Microsoft account for logging in, you immediately tie the permanent accessibility of your local files to you retaining access to a cloud account?
You have different opinions on TPM and the prevalence of evil maids than me, fair. But please don't disregard the central premise of my last comment: One is already using a different encryption solution. Say, Veracrypt is churning away in the background. Why would one leave Bitlocker activated?
Years ago I thought I was being smart encrypting my home dir on my Linux server. I found out the hard way this prevents remote login over ssh using public key encryption, as the .ssh dir is in the home dir, which is encrypted unless you are already logged in at the time! So every time I wanted to ssh in, I had to plug in a monitor and log in on the console first.
You can install Dropbear into your initramfs and configure it to allow entering the encryption key via SSH. Example guide I found: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
You do have to have an unencrypted
/boot, but the rest of the system can be encrypted. This uses a separateauthorized_keysfile embedded within the initramfs.Thanks!
Bitlocker is only as secure as Microsoft is. If someone hacks your account, they've got your keys. And Micosoft stores that key in plain text.
It sounds like you're complaining about both approaches.
If Microsoft doesn't have the key: You can't recover your files if you lose it.
If Microsoft does have the key: An attacker could get in and take it (unlikely if you have two factor auth though) and you need to trust Microsoft.
How do you know this, though? It could be encrypted using your account password as a key or seed.
Microsoft is very much encouraging passwordless accounts. Mine only has a passkey with MFA.
Disk encryption should absolutely be used, especially on laptops/portable systems.
Otherwise someone steals your laptop and swaps the disk into another system and they've got all your stuff. Including that folder that nobody knows about.
I've actually had this occur before to a machine I specifically disabled the tpm on so that it wouldn't happen (it was an account less frozen kiosk). I was fuming the entire time I spent rebuilding it.
Windows is the virus.
I just installed Manjaro on my daily driver over the weekend. My entire steam library just works. My dev tools all work(better) on Linux, and free office is nice and familiar. Fuck widows.
Give them time to mourn first, but then fuck widows :D
Bazitte ! Try Bazitte.
Thank you for the word of warning. Does this affect Windows 10 as well?
IDK. 10 has bitlocker, so I'd check.
I just checked and it is not on by default.
In your region and device
Might be, so better check like this user did:
It’s not ”leaving bitlocker off”, though. It’s ”be aware about it and turn bitlocker off manually” since it’s enabled by default in the latest updates.
They can't do that legally without notifying our asking in eu
That's false. My Windows partition didn't magically enable bitlocker and I'm on 24h2. LTSC build and local account tho.
I tried having it on my new laptop for a bit. It took like a week for Windows to kill the secure boot key for my Linux partition. Even after I disabled secure boot I couldn't get it to boot up so I had to reinstall. Just left it turned off afterwards.
Bit late to this thread but I know a few commands that might help if you're stuck:
manage-bde -off C:(or any other drive) This decrypts the volume and turns off bitlockermanage-bde -lock/unlockmanage-bde -protectors -get C:(or any other drive) This displays your 48-digit key. I suggest you store it somewhere, just to be safe.Get-BitlockerVolumereveals which of your partitions are encrypted with Bitlocker.Disclaimer: I am not a terminal nerd, I just had similar problems years ago and went down the rabbit hole, used these commands and turned off bitlocker permanently. I don't use windows anymore, but when I did, it didn't cause any problems with bitlocker after this. If you're concerned about your un-encrypted hard drives, consider using Veracrypt (carefully!) or similar open source encryption software.
Fuck Microsoft.
I remember back in highschool a buddy encrypted his harddrive, didn't backup his key. He Lost ALOT when I upgraded his comp
But how is that relevant to your 'Fuck Microsoft' if he knowingly encrypted his device, which is how you make it sound?
I've enabled FDE on one of my Linux devices, I've already had to mount the filesystem in a rescue environment once because a failed update caused the system to be unable to boot. I would also have been hosed if I had lost the encryption key. Ok not really, because that's what backups are for, but you hopefully get the point.
From what I gather though other memes, It looks like Windows 11 is enabling Bitlocker by default.
I know, and the 'fuck Microsoft' is completely warranted for that. But shouting that and then coming up with a story where somebody enabled it themselves and subsequently lost their key, that doesn't make a lot of sense. Unless it was to illustrate the dangers of FDE, but in that case the point could have been made a bit clearer.
That's not a Microsoft issue. Loose your key and the door will stay close whatever it is.
Why cant windows copy luks and let you choose your own password
because people will set hunter2 and be done with it.
How did you get my password?
All I see is *******. What do you see?
So?
You can use pins, passwords, TPM, a usb key, or multiple in combination. But generally TPM is the best option for most users
Oh I thought you can only pick tpm
I'm pretty sure you can get your recovery key and write that down elsewhere.
Ik that
This has been happening to people randomly for years. Ysed to get calls about it all the time, and that was pre-covid
Always have backups! Doesnt matter what OS you use, stuff will break eventually.
I prefer bootable full system images to my NAS for easy restores, and online file backups, both running daily.
3-2-1 rule : 3 backups 2 different types of storage 1 copy off-site
Yup, I treat the '3' as 3 copies of data, so the first copy is just my working system, and the other 2 are various backups.
And don't forget to actually test your backups once in a while. It doesn't count if you can't use it.
I can't even adjust bitlocker settings on my laptop's windows 11 home Installation...
Yeah, you need Windows 11 Pro, Enterprise, or Education edition.
Not anymore. Now home has it too
Is this person lying/incorrect? https://lemmy.world/comment/16865866
Unlikely. But, there's a possibility they are both telling the truth. Since, they could be on a different Software version on their story.
Always the AB testing. All versions are regional and they only try these things in faschist us first where it is safest to assault customers
I had a windows home installation too, local rules may vary, but mine (India), I could turn it off from the command prompt.
manage-bde -off C:(or any other drive) was what I used.Edit: nevermind, you meant that you wanted to change the key. That's not possible, unfortunately, you might have to use some other encryption software.
The what? I think i disabled bitlocker fromsettings on my laptop which is probably home version
Disabling it entirely is possible, but I want to keep the encryption and set a proper password for it instead of the stupidly long recovery key. That and similar features seem to be locked behind the pro version.
Do home versions even come with bitlocker? There might be nothing to adjust
They do and it auto activates when you add a Microsoft account. It cannot be turned off on the home edition as it doesn't have the full bitlocker settings. Came across this one on some machine i was working on a while ago and i ended up having to pull the SSD from the customers machine and plug it into something with pro to actually disable bitlocker.
Regarding your last sentence, something similar happened to me with OneDrive. I mocked people thinking surely they enabled something by mistake. Nope. The defaults and general behavior are just that wacky. Glad I'm off Microsoft now.
I still don't understand why there is no other mainstream os in competition alongside MS except IOs, I wouldn't call Linux mainstream of course, don't you think that's a bit weird?!
Microsoft is almost good as dead. These days, Linux takes just as much maintenance as XP used to. They've got maybe 5 years left until laptops start shipping with alternatives to Windows. My bet is it's going to be SteamOS.
I have way less maintenance to do than on my old XP machine.
And considering all the shenanigans Microsoft does starting with 10, I guess this still holds up.
Microsoft is thriving and will continue to do so, just probably on machines running Linux.
They get paid $$ per month per employee by most businesses in the developed world.
There is a mature alternative to desktop Windows now. But there isn't for AD, Azure, Exchange, Kerberos and M365.
My bad, I meant their consumer grade stuff.
I would generally agree with you on their cloud/server solutions. However, I do think AWS will get there some day.
There are already big brands offering laptops with linux in lieu of windows.
Maybe SteamOS Lite if the device doesn't have a proper GPU.
iGPUs are more than enough to play most indie games.
Even older dGPUs like the R9 270/270X or 280/280X, hell, even the R9 290/290X or 390/390X (R9 390/390X is just a faster 290/290X which ships with 8GB VRAM as standard issue), while admittedly pushing it a little, will also work fine for most indie titles and even truly ancient (as in DX9-era and earlier, think stuff like Silent Hill 2 which launched in 2002 for the PC) AAA stuff, you'll just need to manually enable a compatibility toggle for GCN1 or GCN2 cards to work with AMDGPU in DIY distros like Arch or Gentoo while last time I thought some prebuilt distros like Fedora enabled it by default.
These are the compatibility toggles you'll need to set in kernel parameters for GCN1 and GCN2 cards to work with AMDGPU if they're not set already. GCN3 and newer natively supports AMDGPU without needing said toggles.
I meant the Intel integrated ones.
MS abused its monopoly in the 90s. The Clinton administration was too lenient, then the Bush admin kowtowed completely. Now, there's largely no chance for another operating system to compete.
Why so! and what Clinton and Bush have to do with an operating system that is used globally!? I think you overestimate MS
Right wing politicians will always be in favour of big corporations, they pay good money
And big corportations will always pay good money, so long as it makes/saves them money in the future
I'm not sure how to explain the concept of walled gardens to people who grew up with four websites. In the 90s, most software was "shareware", you could try it out for as long as you wanted, but businesses were expected to buy licenses.
MS used it's dominant operating system to drive web browser competitors out of business. This is illegal. The whole concept of capitalism is built around competition, but MS used it's power to stifle ' innovation. The Clinton administration beat MS in court, then the Bush Administration dropped the case before the appeal was heard. If they hadn't done that, instead had broken up Google, Meta, Apple, and the lot of them, the world would be a lot different now.
If you don't just look at desktop computers, GNU/Linux and Android/Linux are the most used operating systems in the world (not sure which is in the lead).
If you look only at desktop computers, the most used OS is Minix, which is installed on most Intel CPUs and motherbords.
no, most users just dont want to put in any work in learning something new
Holy shit. This happened to me last week.
Turned off Safe Boot when going back over to Win on a dualboot after 6 months. Wanted to avoid updates nuking my dualboot option. (Edit: As was a Win issue 6 months ago)
...enter Bitlocker recovery for Every. Single. Logon.
Just need to do one thing that needs genuine Win11 fingerprint and then I'm doing a 22.1 fresh install.
Upvote for a acknowledging karma
"do not redeem!" - microsoft, probably
I've been preaching about this for a while. Many modern systems are getting bitlocker turned on by default.
If your system gets messed up, or simply won't start because of some security vendors bad update, goodbye data. You need the recovery key, and if you don't have it, you'll never see your bits the the correct order again.
I got into coding in the last few days. I have a project. Bumping into this while I'm trying to learn this shit? Fuck me. You know, we could just stop using money
I can't connect what you are saying into a coherent thread
No, we can't. Otherwise how would people like Elon and Bezos know that they're better than us?
/s
Their good looks, obviously
I'm not going to link shame.
You like what you like.
Hahahha
Windows is still around?????
yes, I have to use it at work - and it's awful.
I mean you can write your Bitlocker key down and store it safely or put it somewhere else safe.. Lol
The main problem here is Bitlocker is being turned on by default on fresh 24H2 installs, most people that don't know how to bypass the online account requirement are making burner Microsoft accounts (Boomers), therefore do not know the credentials in 3-4 years when their computer needs a repair.
When I switched to a new CPU I got a bit locker message and it was one of my biggest computer scares ever. I couldn't remember if the shop that assembled my pc would have enabled it or not. And wasn't available to contact.
I had to take a risk. If I continued there was a 50 50 chance my shit would have been bricked. Thankfully. That shop had the foresight to NOT randomly enable features the client didn't ask for
I ran into a similar problem after a bios update.
Turns out "this update may wipe out your bitlocker key" also means "if you don't have bitlocker turned on, it'll just wipe out your windows key."
*You’re
You’re boned
MY boned?
OUR boned
Windows 10 or 11?
Alright, lol, I'll be the guy
Hey OP, ever heard of Linux?
You know, this is actually one Windows decision I agree with. Encryption should be default, especially on portable devices like laptops. For an OS aimed at people who want to use their computers, rather than understand them, you have to choose an encryption that works by default for most of your non-tech-savvy users.
If they want their data truly in their own hands, or full control, use Linux.
If they want to use Windows, but not rely on a Microsoft account for recovery, get the bitlocker recovery key and write it down (which you can do).
But I think this looks like a sane default.
(Full disclosure, I don't use Windows for anything I care about!)
Would be fine. The problem is, Microsoft is encrypting drives and not telling anybody about it. Average users have no clue what any of this is and are completely unaware they need to create a passphrase for safe keeping.
Fair point.
Respectfully, hard disagree and terrible take. I work in IT, and your stance only makes sense if people have some tech knowledge. Which is never going to happen for the average person.
I can't tell you how many older people I've had to tell that I can't save their grandkids first pics because of bitlocker
That still happens without bitlocker. Computers are dropped. Facebook passwords are forgotten.
I acknowledge automatic encryption is going to make some more cases of lost data, but, with respect, I think the benefit of making fewer cases of stolen data is worth it. I agree with the other commenter that users should be made aware of it more clearly.
Also, as much as I hate the push to Microsoft accounts, I have to admit it helps mitigate this problem: if all ordinary users have an account looking after their master keys, then they can turn to that when they forget their login password etc. but the opportunistic thief on the train can't (as easily). Not every grandma has a Millennial relative at hand to boot Linux to rescue files off her HDD. And for those who don't like to trust their master keys to Microsoft/Apple/Google? There's Linux. And external backups. And saving your password somewhere safe.
Not nearly as much. If someone breaks their motherboard in half but the hard drive is okay, I can get their data unless they have bitlocker. Microsoft is encrypting drives and storing the keys in the TPM only, and it is insane. My grandma doesn't have state secrets on her laptop, she doesn't need encryption.
So, your grandma doesn't need encryption. She might not need a seatbelt either. But it's not only state secrets that are worth protecting. Does she have internet banking, with cookies stored in her browser? But many people do, and it's either encryption for everyone, or for (almost) no one.
Hah is there a rash of nursing home break ins that I'm unaware of? I'm in the field, the way that is happening is phishing with fake ads and emails
Very few people are breaking into a laptop for cookies, it's tremendous amounts of work, and is usually targeted. Motherboards die all the time, and take the TPM with them
I mean, not Windows user lives in a nursing home. I wish! But some lose laptops on the train, and some even throw their computers away!
Sure, most of the risk is remote through emails etc. Maybe you're right. Maybe the balance is better the other way round: let all Windows Home users' computers stay unencryptedv at rest, and keep encryption for Pro users. I grew up with a high focus on security; maybe I'm paranoid.
But phones are all encrypted these days. Obviously they're more mobile and at more risk, but that suggests to me that laptops are subject to similar, if smaller, risks.
I get it, but as someone who has had to tell little old ladies their data is fucked, I am beyond pissed at Microsoft's implementation. They should not be encrypting data without forcing lay people to have backup codes printed or on a flash drive or something.
They're doing this because they want to force people to her Microsoft accounts, probably just to collect more data.
And for the record, I am very pro encryption The half assed way of encrypting even if there isn't a Microsoft account connected and therefore no way to save keys somewhere is completely unacceptable
But wtf, all thiefs want is the device, why do they want photos of her grandson?
How many has it protected though? Maybe 2? It's not logical to ask the user if you want to take over their data
The push to Microsoft accounts? More people, I expect, than I'd care to admit.
Locked out recoveries, yes, but I am fairly certain that encrypting data you don't own without notifying is some kind of crime
This was the exact same situation I experienced with my old Surface 6. Started to look into Linux firmware on Surface devices and deactivated secure boot because it wouldn't boot Ventoy at all and do nothing, so I figured to try again with no secure boot. It still didn't work so I turned it on again, but was then greeted with this Bitlocker screen which I didn't even know it had activated up until this point. I set up a local account so I had no key to reset or something and was literally not able to do anything besides reinstalling the entire system.
Luckily I had nothing important on it lol
Weirdly the activation was saved on the MS servers so I didn't need to do that again at least (was a preinstalled system so I wouldn't have known the activation key anyways, I thought "When it doesn't work I'll switch to Linux fully because I'm not paying for that garbage system").
After I updated Ventoy I was able to boot again even with secure boot on, there seems to have been an issue with that specific version.
I had Windows on my device since I bought it (around 2018) only upgraded to W11. It never mentioned anything about Bitlocker before this incident so if I had important stuff on it it would have been so over. Well, never save important files on Windows without backup is what I got out of it
This caused me literally bigger problems than my switch to Arch Linux after having only used Windows the entire time xD
All in the name of national security *wink
I thought bitlocker had a maximum of 20 digits for the pin and only numbers were allowed.
Don't know the pin limit/requirements, but the recovery token is a 48 digit token
they've been doing this for a long time. the issue you are having is the reason I keep bitlocker disabled on my desktop. on devices that can be stolen I still use it.
This is gonna happen to a lot more people with their password change.
Why do you have to use there? Nothing a cater. You can't use Google or open source. I don't get it. They suck.
Like I need more spyware on my phone.
What about people with landlines? Older people.
So they're going to lose a huge market share when they force everybody to throw away their computer to run Windows 11.