Real and fuck Microsoft
I work in IT and understand that the tradeoff for good security is a reduction in convenience. But this really reads like deliberate punishment. I get the same sense on Apple’s platforms. Wanna change your cloud password? Prove you know the unlock code to a device that you no longer own and haven’t had in a year. This is especially awesome when your employer makes you change passcodes on a regular basis and you have no idea what you used back then.
…and grounds for committing sudoku. 🤣
Microsoft’s SSO is an absolute train wreck. I’d rather pound my pecker flat with a mallet than deal with another Microsoft account.
Hm… Eclains why all the Linux install tutorials start with: disable secure boot, disable bit locker,…
- The average user has no need to use Bitlocker
- The average user should be using a local account instead of a Microsoft Account.
- Using a Microsoft Account causes Bitlocker to auto-enable.
- Loss of access to your Microsoft Account when Bitlocker is enabled can cause loss of all your data.
- Microsoft can and will roundly ignore you if you lose access to your Microsoft Account.
Microsoft has painted users into a very dangerous corner. Security is vitally important, but not when it’s almost maliciously implemented.
Even as a security professional I understand that most people will be ill served by having their computer locked down like Fort Knox. There are ways of ensuring security without having all personal content go permanently poof with the slightest wrong move.
100% agree with the sentiment. Working in IT makes you realize how incapable some people can be with even the simplest computer tasks at times. What would you recommend as an alternative for secure data in the case of the average person? File level encryption instead of disk level? Wondering what would be the best way to go about getting my family to secure their private info.
For safety, backups are much better than encryption.
The only thing encryption does is prevent others from reading your data if the machine gets physically lost or stolen. And ironically, that might prevent a stolen machine from ever making it back into your hands.
For desktops, encryption of a machine that doesn’t have critically private/sensitive content is even dumber. I mean, if you have terabytes of CP or are a terrorist, then sure, lock that down to make the police earn their wages. Or do it even if you don’t, but you just want to give authorities the middle finger.
But not much on the average computer needs encryption so long as you keep good physical and network security. And the problem with that is much of it is behavioural - they will need to learn how to not do dangerous things online and off.
In order to protect data is a good backup system - something that just works, is dummy proof, can be administered remotely, and which can restore content easily and reliably.
On a Mac, nothing beats iCloud. It’s encrypted before it even gets uploaded, and Apple has repeatedly shown it cannot retrieve the content… it needs to be forcibly cracked.
On the PC (both Windows and Linux) I prefer Duplicati backing up to BackBlaze B2.
I’m using hardware encryption, i.e. my data is too heavy to be stolen. The manual actually recommends two people lift it.
Oh hey, another T7500 owner! You have the second-CPU caddy installed in that thing?
Actually, it’s a Precision 690! Same case, though I’m pretty sure. And yes, I do have the second CPU installed. Dual Xeon 5355’s! And 32GB of DDR2. And a GTX 980TI.
What do you use yours for?
One is light hosting using VMs. It boots normally.
The other is for experimenting on various OS’ in VMs. It does not boot normally. Even before the 2nd CPU caddy, it always POSTed 10 times - no more, no less - with a memory error code before booting into the hypervisor. And yet, no issues with memory, no issues with RAM slots themselves. Or, at least, it’s affecting all 4 of the on-mobo slots equally.
That’s wild. Mine posts just fine, though it was very particular about the ram. I had to re-seat most of the 8 sticks several times. And one time it posted with memory errors when I had a dirty cpu pad on cpu 0. But now, it boots perfect every time.
Do you leave yourself running for extended periods? This thing seems like a power hog. Ive got dual Xeon 5355’s, 120W each. The GTX 980TI is 250W, and I’ve heard those sticks of ram are 10W each. I have been turning it off when im not actively doing something on it.
Yep, happened with my wife’s laptop. Fortunately you just follow the instructions and we had a second laptop but I was still sweating bullets.
Literally happened to me two days ago. Everything was fine until i installed gpu drivers and then it said “plz give secure boot password” and i had to abort mid install. Also was infront of a fresh linux recruit.
I’m trying to get secure boot working on cachyOS using sbctl but my Razer Blade laptop’s bios seems locked and won’t let get it in setup mode. Anyone know if it’s possible to clear vendor keys on razer’s American mega trends UEFI?
You might get an answer on !linux@lemmy.world. I had a similar issue and eventually returned a minipc because of it.
Fuck, I’m gonna have to enable secure boot (and use windows) to play the BF6 open beta, am I gonna get the same buillshit ?
If it doesn’t affect my Linux drives I don’t care much tbh, I’ll probably just nuke windows and reinstall it
Even if you enable Secure Boot, you can disable BitLocker, and that will prevent this from happening.
The only thing BitLocker really does is make it so that if somebody steals your computer and doesn’t have your password, all of your files will be encrypted, so they don’t get your files too.
Depending on your risk preference, it is okay to disable it.
Of course, if your computer does not have a password, or if the password is something really easy, then there’s no point in bitlocker in the first place.
This is partly Microsoft’s fault, for sure, but it’s also more of a function of how secureboot works. A Linux system using TPM backed FDE with secureboot enabled would have the same problem going the other way.
Secureboot prevents a lot of ways the TPM could be compromised, so as part of “securely” turning it off, it wipes the keys (otherwise those protections would be pointless, the first thing an attacker would do would be to turn off secureboot).
The main problem is it turning itself on with no input from or feedback to the user, and not giving the user access to the key without using a Microsoft account. I’ve heard of people getting screwed by this because they set up with a local account and thus never got their secureboot key (or did, but it was hidden somewhere and they were never told to save it).
How can something “enable itself” while requiring a password?
it was already enabled, he just tripped secureboot.
As nice as most distros are, I wouldn’t recommend installing it on Gpa’s/Parent’s PC, simply because if a problem arrives most people won’t be able to give them a fix easily, unless they also know how to use Linux.
i installed mint for my extremely non-technical parent and the only time they have issues is when trying to use windows stuff. so a non-issue.
Installed mint for an elderly relative that only uses it for YouTube and email, the only calls I get are when mozzila stops working because the version is too old
