Microsoft is fucking butthurt no one wants Windows 11 so they're stopping the sale of Windows 10 licenses this month

[The Ugly One]

I didn't initially, so I looked it up.

And still couldn't figure out a charitable reason why they made it a requirement other than malicious or viciously anti-consumer reasons.

The main reason for a TPM is so that encrypted data that gets stolen from your computer can't be decrypted. For example, if you use Bitlocker with TPM, if you lose the drive, or the image gets stolen somehow, you're safe. Hardly "maliciously or viciously anti-consumer."

Well, I mean, unless TPM 2.0 has a critical buffer-overflow bug because it was written in C. But I wouldn't be switching to Linux if my goal is to avoid security flaws due to autistic overuse of C.

TPM 2.0 security flaw could leave billions vulnerable to hackers — is your laptop affected?

Wasn't TPM 2.0 supposed to protect your laptop?

www.laptopmag.com

Missing the point of concern.

When your default response to a technical requirement is to get mad about it before understanding what it is, your concerns aren't important. Nearly all of the hardware requirements of Windows 11 revolve around reducing crashes and vulnerabilities, which is something way more users care about than being able to install brand-new operating systems on ancient toasters. They've added a few 7th-gen intel chips to the compatibility list after regression testing on older hardware.

 

[byuu]

The reason for a TPM is so that encrypted data that gets stolen from your computer can't be decrypted. Explain how this is "maliciously or viciously anti-consumer."

Nope, that's retarded. If someone gets access to your computer and its data they also have access to what they need to decrypt it.
Just encrypting it with a decent key will ensure that it can't be decrypted just as well and that's much more versatile and less invasive.
It's only really useful for DRM and Trusted Computing.

TPM is to lock your hardware down Apple iPhone style. So the chain of trust starts right at the boot process.
Now this might be useful to protect a retard from himself but there's a reason people root phones to escape this stuff.
And it also means that all the user software has to be signed or the chain of trust is broken. No more random third-party software for you - it's all App Stores.

 

[Aidan]

When your default response to a technical requirement is to get mad about it before understanding what it is, your concerns aren't important. Nearly all of the hardware requirements of Windows 11 revolve around reducing crashes and vulnerabilities, which is something way more users care about than being able to install brand-new operating systems on ancient toasters. They've added a few 7th-gen intel chips to the compatibility list after regression testing on older hardware.

Nah you're missing the point still and just handwaving away people's dislike of Microsoft's strong-arming of industry. TPM requirements are not a net positive or negative and there are valid concerns and criticisms for Windows and non-Windows systems.

I don't see why you care, get your next Windows computer and do you.

 

[ZMOT]

Well, it's at least me and >98% of desktop users.

Duh.

considering the majority of desktop users are fucking imbeciles that's a weird brag.

 

[Pissmaster]

Linux is installed on many computers including Android and ChromeOS devices.

"Linux is installed on many computers including these specific devices built from the ground up to run these particular distros of Linux."

Linux has the majority of the server market share with even Microsoft abandoning Windows on their Azure servers.

"Linux has the majority of a market share that is not home computer use, which is what this entire discussion is all about"

Maybe it's just you and not the rest of the world?

"This post wasn't snarky enough, gotta throw this little jab in at the end to remind @Matt Damon that Linux users sure are a smug bunch"

 

[Matt Damon]

considering the majority of desktop users are fucking imbeciles that's a weird brag.

Okay, so to recap: Windows users are fucking imbeciles therefore their massive marketshare is irrelevant, but Android and ChromeOS users are physically attractive geniuses, therefore their marketshare is very relevant to the utility of desktop Linux.

Whew, it's getting hard to keep track of all this cope. Can somebody write me up some kind of LibreOffice spreadsheet of which users count and which ones don't?

 

[The Ugly One]

Nah you're missing the point still and just handwaving away people's dislike of Microsoft's strong-arming of industry.

Nobody in this entire thread has named a single industry whose lifeblood depends on disabling TPM support in the BIOS of their laptops. It's all been whining about how TPM is another way for Microsoft to spy on you. This is unsurprising, since corporate computer buyers are the ones who've been driving the evolution of TPM at Microsoft (and intel, and AMD), not the other way around.

TPM requirements are not a net positive or negative and there are valid concerns and criticisms for Windows and non-Windows systems.

The funny thing is that, in all the hand-wringing in this thread, nobody's actually come up with a realistic use case affected by this.

I don't see why you care, get your next Windows computer and do you.

Already have it, thanks.

 

[HarblMcDavid]

It's not the consumers fault that the people in charge of industry best practices apparently need to corral utter butt-retards on a daily basis which seems to be what you are implying is the reason for this requirement. I get that.

But if Microsoft wants to have their cake (industry) and eat it too (gaming and consumers) it seems the logical solution is just to make it easy to enable TPM support at install or make the enterprise deployment versions have that required whereas home and consumer versions do not, but can enable it at install. If the only reason is a chain of trust for industry deployment purposes there's literally no reason to require it for consumers.

Unless.

It's not like they aren't already getting hardware manufacturers to aggressively stop supporting older hardware via lack of driver packages, so how lazy can they fucking be?

 

[byuu]

Nobody in this entire thread has named a single industry whose lifeblood depends on disabling TPM support in the BIOS of their laptops. It's all been whining about how TPM is another way for Microsoft to spy on you. This is unsurprising, since corporate computer buyers are the ones who've been driving the evolution of TPM at Microsoft (and intel, and AMD), not the other way around.

Of course it's unsurprising.
Who wants their desktop to be as locked down as a corporate workstation administered by a paranoid admin?

 

[Pissmaster]

Who wants their desktop to be as locked down as a corporate workstation administered by a paranoid admin?

Mac users

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

The main reason for a TPM is so that encrypted data that gets stolen from your computer can't be decrypted. For example, if you use Bitlocker with TPM, if you lose the drive, or the image gets stolen somehow, you're safe. Hardly "maliciously or viciously anti-consumer."

This is retarded. If you lose a drive and it's encrypted, you're safe anyway. If someone has physical access to your computer to image the thing, you're fucked anyway.

 

[The Ugly One]

This is retarded. If you lose a drive and it's encrypted, you're safe anyway. If someone has physical access to your computer to image the thing, you're fucked anyway.

Very few data breaches involve physical access to the machine. And lots of them involve targets with weak passwords.

Of course it's unsurprising.
Who wants their desktop to be as locked down as a corporate workstation administered by a paranoid admin?

TPM doesn't "lock down" your computer. You can download all the furry hentai you want and install cracked copies of Doom 3 from all-of-warez.ru.

It's not the consumers fault that the people in charge of industry best practices apparently need to corral utter butt-retards on a daily basis which seems to be what you are implying is the reason for this requirement. I get that.

But if Microsoft wants to have their cake (industry) and eat it too (gaming and consumers) it seems the logical solution is just to make it easy to enable TPM support at install or make the enterprise deployment versions have that required whereas home and consumer versions do not, but can enable it at install. If the only reason is a chain of trust for industry deployment purposes there's literally no reason to require it for consumers.

No, there's really no reason to give the user the ability to disable anti-malware boot logs, expose their machine to brute-force attacks, store hardware encryption keys on the hard drive, etc. Nobody's even come up with one in this thread. Hell, most of the people who are mad about the Win 11 TPM requirement had any idea what it does. So far, nobody has come up with a single thing they currently do with their PC that they're unable to do if TPM is enabled.

The people who are just now learning about TPM aren't listing use cases; they're just coming up with theories about Microsoft collaborating with intel to increase chip sales by 1.5% or so. It's absurd, pretty sure Microsoft's billion-dollar investment in security research has nothing to do with making elderly people buy new computers every 8 years instead of every 10 and a lot more to do with how the internet has made the entirety of the world an attack surface.

If you want a bespoke nigger-rigged machine with all the classic vulnerabilities of a mid-2000s PC, cracked copies of Windows XP are easy to come by. You're probably using Slackware anyway.

 

[ryuichi]

No one wanted bussy ass Windows since after XP

 

[Kosher Dill]

TPM doesn't "lock down" your computer.

I think the argument is that the "Trusted Computing" features make it easier for malicious software vendors to enforceably demand that only certain binaries be used, even for things like web browsing. Imagine a web server that would refuse to talk to you unless you produce a signature from your TPM attesting that you're using only approved software.

But what I'm not entirely convinced of is that this is much worse than what malicious software vendors can already do even without TPM. Like, there's no reason Microsoft couldn't say tomorrow "Windows will only run binaries whose hashes are on our approved whitelist". (See also: Windows S.) You might be able to get around that in various ways, but in practice most people won't.

If your software is trustworthy then it's trustworthy whether you have a TPM or not. And if it's not trustworthy, the only question is just how hard they're screwing you.

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

Very few data breaches involve physical access to the machine. And lots of them involve targets with weak passwords.

Are you fucking retarded? TPM doesn't protect shit if the machine is running and the data is unencrypted.

Any 'protection' involving checking hashes on executables etc can be done entirely without TPM, with no advantages to having a TPM.

 

[The Ugly One]

I think the argument is that the "Trusted Computing" features make it easier for malicious software vendors to enforceably demand that only certain binaries be used, even for things like web browsing. Imagine a web server that would refuse to talk to you unless you produce a signature from your TPM attesting that you're using only approved software.

If I have a server and only want it to talk to approved clients, ways to do that are as old as networked computing. The oldest mainstream example is phone-home DRM, which is about as old as the internet itself. And, of course, everyone knows about the game console online services.

But what I'm not entirely convinced of is that this is much worse than what malicious software vendors can already do even without TPM. Like, there's no reason Microsoft couldn't say tomorrow "Windows will only run binaries whose hashes are on our approved whitelist". (See also: Windows S.) You might be able to get around that in various ways, but in practice most people won't.

If your software is trustworthy then it's trustworthy whether you have a TPM or not. And if it's not trustworthy, the only question is just how hard they're screwing you.

The first consumer-grade computer that I know of that had hardware protection against running unapproved binaries was the NES. So yes, this has been around for a long time, and you absolutely could use TPM 2.0 to build and sell such a machine. This is obviously not the Windows 11 business model, as I'm writing this post in a Brave window.

Are you fucking retarded? TPM doesn't protect shit if the machine is running and the data is unencrypted.

Bitlocker's used to encrypt cloud storage, like Microsoft's Personal Vault, which absolutely have the potential to be downloaded in encrypted form by an attacker. It also protects against firmware level attacks on encrypted drives. It is really not hard to find out what TPM is actually used for or how the security landscape has changed in the last 10 years.

 

[Aidan]

This is obviously not the Windows 11 business model, as I'm writing this post in a Brave window.

He mentioned Windows S where Microsoft tried this already and they will be doing it again once they work out the kinks.

"Encryption doesn't work if the data's already unencrypted" is an interesting, but irrelevant argument. Bitlocker's been around for a while, there's a reason TPM makes it more secure.

The reply was about your remark on data breaches where TPM won't have any impact based on current industry practice. Breaches don't come from stolen encrypted drives.

 

[Matt Damon]

He mentioned Windows S where Microsoft tried this already and they will be doing it again once they work out the kinks.

I've been hearing this old canard for 20 years now. We're perpetually one version of Windows away from locking down everything in a centralized, authoritarian hellscape.

Yet here I am in 2023 and I can still run any damn executable I find attached to some highly-suspect email with impunity.

 

[Aidan]

I've been hearing this old canard for 20 years now. We're perpetually one version of Windows away from locking down everything in a centralized, authoritarian hellscape.

Yet here I am in 2023 and I can still run any damn executable I find attached to some highly-suspect email with impunity.

I didn't say anything like that. I don't think Microsoft knows when they'll try it again but they will and if you had the displeasure of playing with Windows S you'd know it is a centralized, authoritarian hellscape where you can't run any damn executable and need a Microsoft account to install new software and change a bulk of system settings.

I expect Microsoft will always have more expensive licenses on offer for people who want to use their computer normally.

 

[Matt Damon]

I expect Microsoft will always have more expensive licenses on offer for people who want to use their computer normally.

If that's the case, then I guess I struggle to care that much.

The mere existence of a product I wouldn't like just doesn't have any relevance to me. And the fact that it's (as well as UWP and various related things) making so few inroads with consumers that I've never seen it in the wild makes it even less threatening.