Follow

has been trying this for the past three decades. UEFI didn't manage to lock alternative operating systems out of the hardware originally designed for Windows like they intended, so they need to come up with something new. That's the whole purpose of Microsoft .

All the talk about increased security is just marketing bullshit intended to gaslight users. It's quite uncommon for malware nowadays to overwrite the MBR, and hypervisor-like isolation of user-space code can also be achieved in the OS layer without locking up the hardware. The simple truth is that Microsoft wants its monopoly back and it wants to do it by kicking any potential competitors out of hardware designed for Windows, whatever it takes.

Microsoft deserves to burn in a ball of fire and leave no traces behind. I'm sick of their continuous arrogant attempts of establishing an absolute monopoly out of market share weight, not out of merit. Weren't they supposed to focus on that stinky pile of crap that is Azure, and finally leave non-cloud users in peace?

This is yet one more argument in support of open hardware, and in support of hardware manufacturers that don't ship solutions with Windows pre-installed.

gabrielsieben.tech/2022/07/25/

@blacklight #UEFI (which exists to give users #security) has itself been exploited to a purpose-defeating extent: arstechnica.com/information-te That’s right- the “security” theatre cover-for-action by #Microsoft to further entrench MS’s anti-competitive bottom line has weakened our security.

@blacklight@social.platypush.teven before UEFI they tried to with ACPI power management firmware.

@blacklight @ruffni There were people who told me that I was sick because of my "hate" to Microsoft, just because they released open source software. They've always been the same shit and they will never change. There are people who say we are the extremist while at the same time many big techs cut our freedom off in our faces.

@blacklight I bought a "naked" computer once, in that there was no OS on the drive. The guy was apologized profusely about no OS. I told him it was okay because I would have wiped WinDoze off the drive anyway.
@blacklight
>What is to prevent school WiFi from one day requiring a Pluton assertion that your Windows PC hasn’t been tampered with before you can join the network?
the boomer in management seething about using their macbook for work, mostly
there is no valid reason to have anything but devices owned & managed by the organization and fully complaint with security policy connected to the organization's network

>The system is tamper-resistant and constantly updated, meaning that should a strict MDM policy be in place, extracting documents from a system without authorization could be potentially extraordinarily difficult to impossible.
good, DLP is useful. there are countless cases of PII leaks a year cause businesses are sloppy with security.

@skylar sure, if you're within an organization with certain constraints (and you don't trust the technical skills and common sense of your employees) then you can go and set up all the constraints you want.

But the answer to the question "how do I prevent PII leakage in my organization?" shouldn't be "with Microsoft locking down hardware and software and ensuring that no other code can run". Just like the answer to the question "how do I prevent rodents from entering my property?" is not "just set the whole house on fire".

The ignorance or technical inability of people working in this or that company isn't an excuse for Microsoft to lock alternative operating systems out of everybody's computers.

Especially when all it takes for a hacker to harvest sensitive data is for the user to install a stupid browser extension.

@blacklight flipping a switch in the UEFI is not an insurmountable hurdle for anyone capable of installing an operating system....unless they stole the computer out of somebody's car and can't reset the administration password even by pulling the CMOS battery, so now they're stuck with only signed versions of windows new enough to get auto enrolled in AAD and have the organization's policies applied.

you can't burn the house down to stop rodents, but you also can't stick a single mouse trap in the garage and decide rodent security is solved forever

and users should not have the ability to install arbitrary browser extensions either! you get to use X browser, managed by the organization's policies, with Y list of force installed extensions, Z list of optional ones. and then you can only browse to W list of whitelisted web sites.

can you stop all attacks? no. but you can avoid being the low hanging fruit, and hopefully make most of them noisy enough that your EDR solution picks up on them and raises an alarm.
@skylar @blacklight my roommates girlfriend got an iMac for the work from home job she took and I’ve never seen a more corporate locked down computer in my life. They disabled wifi on it!
@sapphire @blacklight GOOD
they probably did that so retards would quit bitching "my VPN keeps disconnecting" because their computer is all the way across the house from the shitty wifi router they paid $19 for back in 2004 and then wrapped in aluminum foil
@sapphire @blacklight @skylar my job refuses to give me a laptop, they give me a desktop instead so that I can WFH but I have to be at home, the same home, always.
@antichrist_hater @blacklight @skylar my old boss pushed for a $4000 MacBook for me so I could approve Jenkins jobs at the maximum possible efficiency
@blacklight so true sister im ordering a macbook air m2 512gb model right fucking now

@blacklight I’ve almost reached the point where I want to just say good, let them have the raging dumpster fire that is x86. If they keep introducing these slave management technologies, there is going to eventually be a bifurcation of hardware into closed MS-defined junk and open auditable solutions like RISC-V or POWER which do not discriminate.

@wrongthink unfortunately I can't see a solution to the chicken-and-egg problem for RISC-V and POWER.

RISC-V is amazing, but so far it's only available on boards mainly addressed to tinkerers. Even with all the funding, we're years away from having RISC-V chipsets produced at volumes (let alone performance) that can compete with Intel and ARM. And the funding has been low because it's hard for investors to fund an instruction set that doesn't have enough software that can run on it and it's been tested on it. And developers won't invest much time building and supporting stuff on it because the volumes out there just don't justify the investment.

I see more promise, at least on the short-medium term, from ARM. It already runs on basically all the devices smaller than a computer, and now Apple has even proved that you can have high-performance ARM chips even on laptops. If ARM starts taking over the computer market, Microsoft won't be able to push much of their crap. Lobbying a company with countless stakeholders like ARM is not as easy as lobbying Intel.

@blacklight Provided an adequate lithography process and adequate engineering resources, any microarchitecture can made be performant enough for the average user. The significant problem is exclusivity rights, allowing ISAs to become monopolies or duopolies. And Microsoft is well on their way to effectively capturing the design of x86. I guess what I’m trying to say is that the landscape is at risk of each major system silo’ing into their own respective ISA, kind of the same way we saw 3D rendering APIs fracture off into Metal, DX12 and Vulkan. Like sure Apple and Microsoft are welcomed to use RISC or POWER… but we can be reasonably certain they’re never going to when they can just charge forward with their enslaved ARM and x86 designs respectively.

@blacklight supporting, advocating, teaching Open and Free hardware and software is critical to our collective future

Sign in to participate in the conversation
Mastodon

A platform about automation, open-source, software development, data science, science and tech.