this post was submitted on 22 Jun 2023
48 points (100.0% liked)
Technology
37747 readers
295 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I upgraded 10 to 11 and really liked it. Problem with linux is all the commandline if you want to do advanced stuff.
Then i got a gpt-4 subscription and installed arch linux with hyperland. I aint looking back, everytime i use a windows system now it feels slow and prehistoric… sometimes though you get some weird problem you just don’t wanna deal with at the time and then its briefly booting into windows again.
Windows 11 is extremely spyware, even more so than previous windows versions.
I used to use Windows all the time, but now I only use it for gaming. It's kind of weird to me how many Microsoft apps there are for Linux now.
Linux gaming has become much more viable of late with proton
Indeed, quite a suprise when i realized you can use lutrius to straight up start and play games installed on my windows drive.
😲 Thank you for bringing this to my attention.
@lemon @webghost0101 You can even achieve that with just #Wine. I carefully set up my Wine on my two devices with #DXVK on one and #GalliumNine on the other. Took a while, to be honest.
But now, together with wine-binfmt and icoutils, I can just double-click any #Windows game. 🍷
Lutris does pretty much all the main game stores. GOG, Steam, Uplay, EAOrigin, Epic. IIRC they also have custom wine scripts to install with recommended settings so you almost always have the best config out of the box.
There’s also Heroic, which only does GOG and Epic, but is a bit cleaner and easier to use.
Thats why you enable the telemetry thing in the motherboard for the installation only and prolly disable it afterwards :p no warning errors, no fuss. Works. Shows how shit it is that they require it.
Uhhhh what telemetry thing in the motherboard?
If you mean the TPM, that's not for telemetry, it's for security. It does still have some implications you might not enjoy though - IF you use bitlocker on Windows AND have TPM enabled, I believe you can't move your drive to another device because it requires the original device's TPM for decryption (and no, you can't just swap out a TPM module either - it won't be the considered the same device). That's about all you need to fear from the TPM.
All the windows telemetry stuff is in Windows settings. And of course there's some you can't disable in windows settings either, but there's scripts for stuff and you can run pihole and block every non-essential microsoft domain.
TPM isn't for your security, it's for Microsoft and Disney and other megacorps' security against you
That's a side effect of your device being more secure, yes. After all, the most secure device is a simple rock. Nobody can hack it and it can't rip Marvel movies off Disney+.
To be clear, Microsoft doesn't give a single fuck about you doing piracy, they actually need your device to be secure because otherwise you might switch to another OS for security. Disney and the like, however, will likely in the future require you to use a TPM2 device for advanced DRM.
Of course, if this is something you're rightly worried about, the right course of action isn't to install Windows and disable TPM (which also, as I said, does nothing for disabling Telemetry). It's to install a Linux distro that's hopefully not Ubuntu, because that's way too commercial and not free enough.
Also, at the moment, the Linux desktop install base is small enough that any streaming service can just disable their services for Linux users altogether, TPM or not. So we do actually need to be voting with our OS installs and sooner rather than later.
What does it mean to be secure? Allowing a megacorp to mandate what you can and can't do on your own hardware means that hardware is less secure, not more.
It disallows certain attacks other people could perform on your devices. I've already explained this in 2 other comments in this thread.
Firstly, even with physical access to your device, it'll be harder to fuck with the firmware or software on your computer. Windows literally can't unlock your data if something's fucky, because TPM won't give it the required keys. Secondly, TPM can be used as a more secure way to store encryption keys in general. And thirdly, you get hardware random number generation, which can be very useful if your system's entropy is too low.
Yes, unfortunately it also means DRMs can force you to consume content on only the exact same hardware you purchased it for. But there ARE legitimate use cases for TPM too. TPM has been used in enterprise settings for over a decade.
Luckily for now at least, there's a solution for the whole DRM issue too. It's called piracy. Plenty of DRM free content out there. It's possible that some streaming content literally won't reach your favourite torrent site because hardware DRM, but I'm not TOO worried about it personally, because HDCP can be bypassed, so there's still a way to capture the signal, it's just between the computer and the screen.
But overall, definitely use Linux instead of Windows with TPM off if you're worried about ANY of this. And I mean, sure, keep TPM off, it's highly unlikely that you'll actually need the niche extra security it provides on a personal device.
The only one with physical access to my hardware trying to fuck with the software is me. Evil maid attacks are purely hypothetical for almost everyone, and suggesting that TPM is necessary to protect against them is dishonest. TPM is a much greater threat than any it purports to protect against.
Almost everyone just means home users and those don't matter much to Microsoft anyway, corporate is where the big money is.
The way it was explained to me was that TPM allows windows to get a unique identifier for your motherboard which is supposedly similary to how nvidia identifies users for telemetry with gpus. But i digress i am not an expert on these particular kinds of tech.
Why would windows make it mandatory if its only required for an optional feature?
Your motherboard already has a unique identifier, as does your CPU, your GPU, and I believe your RAM too. It's how their licensing system can tell when your existing Windows install has been transferred to another set of hardware You can overwrite data on your motherboard, but it's like 0.0001% of users who'd do that, so Microsoft doesn't care.
Now, it's possible there are errors in what I'm saying, I'm not an expert. But.
TPM allows Windows to make sure it's still on the exact same machine it was on before, for sure. No trickery. So if you lock your drive with Bitlocker using TPM, it's not possible to just clone your drive and try to unlock in another machine. Any data theft requires the user to have possession of the exact machine you configured it on, in addition to your Windows/Microsoft password. And if someone does something funky with your motherboard firmware, you can't unlock the drive either, because it's no longer the same trusted one. At the same time, a legitimate firmware update from the manufacturer can screw things up too if they're negligent about it. I believe Bitlocker has recovery keys for occasions such as this.
It's also a sort of a secure key storage I believe, so things like Windows Hello facial recognition use it (Apple similarly uses T2 for touch ID on modern macs, but since touch ID came before T2, I'm not sure what they used before).
TL;DR: It has security features, some of them allow for comfort features, some for stuff you don't need too much as a regular joe, but Microsoft is enforcing better security defaults like this because there are ridiculously obscure threats out there and they don't want to be known as "the operating system that gets the most viruses" anymore.
Oh I absolutely understand there are proper usecases for TPM like all our work laptops have bit locker enabled. But my personal device is a Diy desktop of Theseus that doesnt leave my house and it doesn’t really have all that much sensitive data anyway. My main issue with tracking/identifiers/telemetry is they use it to serve ads tailored to my behaviors they learned from the data they verified from me using those same identifiers. I am something of an anti-advertisement extremist for psychological reasons. There designed to get in my head and physically hurt.
You think the treacherous computing module actually obeys your command to stop betraying you?
If i cant trust my bios to actually disable certain features when i disable them there then i might aswell worry that they installed a secret kernel acces mini os that spys on any os i might use.
They did. Intel calls it the Secure Element, AMD calls it the Platform Security Processor.
Doing a quick google to find info about Platform Security Processor states that if you cant find the security processor section on the device security screen it means tpm is disabled. This does lead me to believe that disabling TPM at least disables windows acces to the security processor, windows cant directly use features i have directly disabled in the bios at least not without that acces.
Or how far does this rabbit hole go exactly? I cant trow every windows device out il have to change job and my wife be pissed.
Lol, you installed Arch Linux, with Hyperland, and the complained about how it requires CLI for advanced stuff?
Try Linux Mint or something simpler. At least pick a fair comparison for change.
No no, you read my comment wrong. I used to complain about the cli and lack of gui while trying ubuntu.. with a gui.
I am loving my arch setup. And i aint changing soon. Even if really its gpt-4 being a massive mvp to tell me how to do stuff.
Its wasnt as much the cli stuff or any of the advanced stuff i wanted that was the problem but just that my autistic ass needed some easy/good accessible help to learn it in a way schools,google and youtube never could. Commandline is fun now and i look forward to seeing the random pokemon i get every time.
Ah I see! I missed the 'then' part and assumed you're describing the setup you're complaining about.
What version of Ubuntu were you using? While I have felt like this in the past, it's been improving more and more to a point I could configure all I need without CLI (selection of toolset does come a long way).
Not sure but it was a desktop version with a gui. This was on my dedicated server so not my main machine that i switched to arch. I've actually went to completely remove that ubuntu which was a mess from my own misdoings and experiments and started from scratch with the last LTS version of linux-server, fully in commandline. In less then a weekend i restored all the initial functionality, fixed the previously broken functionality and added some extra features to it. But again the moment i dont know how to do something i am skipping google straight for the AI genie.
Hyprland - so a window manager? Sorry, don't use Linux so not sure what you're gaining.
How does GPT-4 help with Arch? Can it run commands in the console?
I'm heavily reliant on Photoshop and related Adobe software for work, so I'll have to stick with MacOS for now, but Linux sounds very tempting.
Incidentally, I use Magnet for window management, and it is the bee's knees, especially since I mapped out shortcuts for my preferred placements 😍
Also, Raycast is my homeboy ❤️
Hyperland is a windows manager yes because i have cognitive challenges that require visual sorting of information.
What i gain? Super sayan levels of fast. Productivity goes brrr. Completely customizable (really into that) and it looks and feels sweet AF. This is with the hyperdot configuration found here, check out the vid. https://github.com/prasanthrangan/hyprdots
GPT-4: it knows linux much much better then i do. I have no api so i cant just give the command box but stuff like: “provide easy to follow instructions and commands to set up x, y, z” wielded me way better result then trying the same stuff alone in linux before. I completely redid a server project i worked for more then a year on in less then a weekend. I also use it as a command cheatsheet because i suck at remembering commands and the answers on google are burried Between ads.
Photoshop: This was a worry of myself aswell, a friend send me this “https://github.com/Gictorbit/photoshopCClinux“ Havent tried yet but its not the only option either. As i said elsewhere you can often straight up run windows installed exes from a different drive using lutrius and proton.
I am gonna need to checkout Magnet and Raycast. They seem very promising for my job where i can only use Windows.
Good luck if you try it! (Maybe in a vm at first)
All too familiar. I've been using Linux for years now but still keep a drive with Windows 10 just to use Photoshop from time to time. I really tried to migrate over to GIMP and Krita and they are amaizing tools for 80% of what I need them, but they are still not on the same level as Photoshop sadly.
For the problem thing, I use timeshift.
Hit a snag? Boot into a system state from a few weeks back and deal eith it later.
The problem was the specialized software from samsung to sideload jellyfin on my tv not working properly but i second that timeshift is not a luxery on these kind of systems. If i only need windows now and then for sm specialized then thats ok, hope to move windows into just a vm soon.
I have to admit, I still have a windows partition, but I honestly haven't booted into it for a full year now. The only thing I can think of needing it for, is firmware updates to my logitech peripherals, but that's something I can live without.
There will always be something that will only work on windows, but that list is getting short enough now that the number of people it's a problem for has begun to shrink, too.