Windows 11 - Microsoft's Walled Garden. (Dire Warning)

Maybe an issue, but I wouldn’t call it a big one at all. Maybe with niche and weird devices, you need to go look for reviews to see if anyone has tried it with Linux (or just check of the manufacturer says it’s compatible). I think Macs have essentially the same issue, and even Windows does when new stuff isn’t compatible with older Windows OSes (or a brand new one when it first appears).

Certainly a much smaller issue than the problem of Microsoft completely destroying your digital privacy by design. Avoid using and never buy products that are defective by design. (See also: )

Interesting thought, this sort of scheme is already halfway accomplished with ZFS and probably other COW filesystems with snapshot functionality like BTRFS, since blocks are already checksummed and are checked on reads as fundamental operation anyways. A system could be set up where a “gold” snapshot of a dataset containing the watched files has a DIFF done with the current one at runtime (see GitHub - kimono-koans/httm: Interactive, file-level Time Machine-like tool for ZFS/btrfs/nilfs2 which makes playing with files and snapshots much easier).

Or perhaps just run the executable directly from the “gold” snapshot, as snapshots can be mounted and their files accessed (read only).

There’d be details to work out about organization, how many datasets you want to employ, and dynamically redirecting things to call from those new locations (the Nix package manager already does this one), but it’s entirely doable to have an EXE pretty well protected from writing and verifiably the version that’s expected.

To bypass that you’d need an exploit on the system capable of messing with both the Kernel and/or ZFS. At that point you’ve basically lost the game anyways. And of course this won’t help if the file as originally obtained is poisoned to begin with.

Call me crazy, but my Macbook works FLAWLESSLY. If Microsoft can find a way to make Windows 11 work as well as MacOS, go for it! I’m already under no illusion its “free”. If I want free, I’ll switch to some flavor of linux

or, and this is what apple (or other secure boot implementations) mostly mitigate, that this will not - have the file system modified by a malicious boot media such as in an evil maid attack (or accidentally leaving a malicious USB installed during reboot, etc.)

but yes most of the plumbing is there already, at least for within OS compliance checks. although the threat surface for software to exploit is much larger than if your root of trust and security setup is configured pre boot.

Crazy!

For people looking to escape “walled gardens” (a euphemism for digital prison) as the OP here is warning about, I don’t think Apple is the direction they want to go. Has to be a penguin OS.

I watched this guy’s rant some time ago, and for the most part it’s a, well, rant. This guy is really concerned about who control’s his computer. A legitimate concern, but something he blows out of proportion - for the most part.

What I consider a greater concern is data privacy. There has been a slow, seemingly inevitable, creep over the years of Big Tech companies snarfing up every last bit of user data they can for resale. In some cases, I can see the rationale. “If the product is free, YOU are the product” etc. Even so, that supposedly anonymized data can be reconstituted into individual identities pretty easily if you consult multiple sources. And even more frighteningly, that data can be used to manipulate, mislead and outrage people. The poster child for that kind of data farming and mining is Facebook and Cambridge Analytica, but all the big players do this, including Microsoft via Windows and Edge. Despite Apple’s walled garden, they seem to be little less guilty on this count, perhaps because their users DO pay for their product, and exorbitantly too.

The best answer if one is concerned is to install Coreboot, and an open-source operating system, and call it a day. Unfortunately I occasionally need Windows for work and gaming, so I dual boot.

Is it just me, or do younger generations seem a lot more blase about their personal data being loose on the Intertubes? There seems to be a certain fatalism to their attitude, as if it’s inevitable anyway and the convenience is worth everyone knowing everything about them…

In my case it’s about as cut and dry as it can be - I do not agree with it, but there is basically no way to avoid it these days, either. Even in countries with strong data protection laws, like the EU, companies can just circumvent this.

The solution is to develop an economic model and/or legal system where selling your data is not allowed, where the sharing of your private data is tracked, and where this can be effectively enforced.

Do remember, anything you can do with any data can be done with any other data; if you can copy it you can put it on a USB drive, or on a NIC, or on a separate hard drive. The creative industries has found no way to limit data copying with current technology and legal framework. So why would it work for privacy data? Privacy implies strong copy protections and there will be nothing stopping those strong copy protections for copyrighted files.

So, since nothing can be done about copying, in my case I have just resigned and given up. One potential solution could be to rewrite copyright to protect rights of publication rather than copying, that is, make it illegal for anyone but the copyright holder to publish a work, but not to copy the published work. Or, rather, the act of making someone elses private information public should be punishable by default, unless the information can be justified as being of big interest to the public. That does have it’s own problems though.

Have a look at server signing and encryption params on smb.conf. In the past I’ve noticed enforcing both would cap the max transfer speeds for wathever reason. Use smbstatus on the server to get a list of how clients are connected.

I think you’ve answered your own question. After the basic steps are taken, people still want to connect to the internet, either on their phones, or via a device. That’s it, really. You are GOING TO HAVE your data mined if you want to use the internet. The only people who even have the know-how to do more advanced steps are IT facing in their lives, so being surprised that teens who just want to do the silly dances on the silly dance app aren’t rushing to soak up long docs on “browser hardening” et all, is a bit odd imo.

That doesn’t seem very fair assessment-- he gave a list of valid reasons to criticise Apple’s behavior. That’s the opposite of “Apple bad” isn’t it?

I can agree that Apple has had quite a few high profile security incidents just going off casual memory. I remember seeing a few just recently, and then there were some major “icloud” hacks a while back too.

The open vs closed security debate continues on. The closed source strategy of “security by obscurity” is not exactly winning any security best practice awards, and Apple heavily relies on that strategy.

Thanks for the time.

My short response was not nice, encouraging, or appreciative of his time, nor appropriate for a discussion.

Edits: As he added in the list, I have now edited my unfair response.

I have no love for Apple, but still don’t see the justification in scope or depth of perceived “worst” ness.

In my judgment, I rate apple lower and toxic for unlisted reasons- active hostilities towards repair, toxic store practices, abusive ecosystem locking, horrendous human rights abuses while profiteering massively, and needlessly not including basic chargers.

I don’t see any of the new list as being worse than some other systems/companies, but it does not excuse my hasty summary.

In response to your comments, Apple have had some high profile incidents. It appears to that the quantity are higher than other systems, but I pur it to you that the ones that happen, gain the newsworthiness because of relative uncommonness. As in, there are so many Windows incidents, one comes to expect it.

Icloud hacks: were these hacks of the system, or the people? From what I remember, this was a social engineering attack, on the users. Now whether anyone should have their sensitive data on any companies system, I would debate, but I would say Apples creepy gathering of all your data from across your devices is as creepy to me, as it t is convenient to others.

I don’t presume that closed systems are more secure than open systems- we can’t tell. But on the other hand, there are Linux bugs from decades ago that we know will never be fixed, despite being known about.

For security, those isralies would not be able to make so much money on their tools, if the system was easy to breach.

As for obscurity, you could say the same for any closed OS, and as much as I dislike it, having the source out there, means less chance for people to find bugs, for I’ll and for good. I don’t think it is a net benefit, but it is not unique to them

My issue with the TPM is that it can be accessed from Windows 11 through tpm.msc.

This allows the OS to pull that key, which is unique and identifies your PC, and use it as a universal reference for categorizing any and all meta data of computer functions done on that PC. Web browsing, app use, what you type or say, who you communicate with, what you do on your PC, and anything else you can imagine. Combine that with your work PC, and any other Windows PC’s you ever use and they have a clear picture of who you are, how you vote, and what you spend your time and money on.

No one should have that depth of information on you without a court order. No government and certainly no corporation. I object to that and will not be updating my Windows OS. I am transitioning off Windows as fast as I can. With 350+ games on my Steam account that process is not fast, but gaming on Linux is getting easier daily.

When telemetry showed up on Windows 10, the world should have shouted NO as one voice and left that OS on the shelf. Of course, few did, because they gave it away for free, and here we are. Sheep, watching the barbed wire being erected around us.

image850×400 62.2 KB

You forgot Team Nix. There are dozens of us!

Just stumbled across this. It explains a LOT.

I guess it’s finally time to see if the rest of the world will agree to no longer be in control of their software or not. The cynic in me is putting all money + 3 loansharks money on not.

makes sens.

when win10 was announced as “the final windows” I knew the final form would be a rolling subscription service, and was surprised it was not…
Always expected it to be more like 365 / google office / creative suite…

Perhaps also with hardware systems like phone contracts

It’s coming. MS Accountants are rubbing their hands with glee imagining that day.

My hunch is that there will be two versions:

1. A free version with shadily documented but well known surveillance built-in
2. A subscription service that promises to forego the surveillance, but does so anyways

I am sympathetic to anyone that voiced an opinion on this topic - there are many reasonable opinions to have given that there can be multiple reasonable definitions for a secure OS and how to measure it.

I would expand slightly further for the purpose of finding a measure of “security” that can be compared.

Any software should be expected to have bugs or design flaws that contain vulnerabilities. Some of these have exploits without publicly known mitigations, which make them zero-day exploits.

IMHO a measure of security also contains the manner and processes used by software authors to react to known vulnerabilities (it’s hard to act on unknown vulnerabilities).

Given, that it is not possible to know the total number of vulnerabilities (by definition) as a user I am interested in

1. the number of zero-day exploits
2. the total number of known vulnerabilities (including known vulnerabilties without known exploits)
3. the average time to fix vulnerabilities
4. the rate of discovery of vulnerabilities
5. the trend of the above metrics over time

This allows me to assess how bad the current situation is and if I can reasonably expect the situation to improve over time.

I have tracked data on the above anecdotally, but I am not aware of anyone ranking software along these lines systematically.
https://www.cve.org/ obviously systematically tracks vulnerabilities.

Obviously, there are additional issues to be considered:

Vendors all have been very skillful in taking advantage of the fear/interest in security of their products with unrelated business interests and business models. E.g. Apple and MSFT (not exclusive list) both abuse security mechanisms built into their products to limit competitors.

Software authors that prefer secrecy over transparency (APPLE???) are generally more suspect, but that doesn’t automatically make their products more insecure per the above definition.

Following up on my last post with some opinions and observations.

Microsoft has a reputation for miserable stats on the first two metrics above, but arguable are pretty reasonable (especially in comparison to other vendors) on the latter 3.

Android, otoh has a reputation for not being to bad in metrics 1 and 2, but failing miserably on the latter 3 (especially for older Android versions).

Apple is infrequently releasing security updates, but I have a hard time assessing what this means in terms of the above metrics.

Linux, probably the most transparent piece of software, tends to have unfavorable metrics as everything is “known” and therefore counted. Also, publicly deciding against fixing known vulnerabilities (despite - I assume - good arguments for such decisions) would screw up time related metrics.

So - any opinion is valid. I’m off getting some more popcorn for the ensuing discussion to follow…

What Apple does do, and nobody on this forum ever gives them credit for, is make products with a great deal of longevity. Android owners generally replace their phones at least every two years, often even more frequently, both because of things like physical damage to the screen and battery, and because that’s generally when they stop getting updates. iPhone owners on the other hand can expect their phone to last the full five or six years its hardware remains capable of smoothly running the newer operating systems, because they’re effectively all flagship models with high quality glass and a very effective powersaving mode, and Apple have a really good track record about continuing to release updates for “obsolete” hardware. Even the android vendors who do support their phones for more than a year or two generally delay updates for months, which in the case of a device many people use for banking and government ID, is appalling.

Only last year I stopped being able to update my 2013 Macbook Air, and the 1.4GHz dual core processor is such that even if I could install the newer OSX versions, I wouldn’t want to (it is in fact possible to force an update, the hardware is just literally not good enough to handle it). Microsoft on the other hand quite deliberately broke compatibility with hardware more than capable of running the newest operating system.