LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 05-25-2024, 07:48 PM   #31
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 4,491
Blog Entries: 7

Rep: Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581Reputation: 2581

Quote:
Originally Posted by mjolnir View Post
Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds. The snapshots are encrypted and saved on your PC’s hard drive. You can use Recall to locate the content you have viewed on your PC using search or on a timeline bar that allows you to scroll through your snapshots. Once you find the snapshot that you were looking for in Recall, it will be analyzed and offer you options to interact with the content.
Let's put aside all of the privacy issues for a minute. There needs to be more discussion around the practical use for this feature.

My question is, what problem does this feature solve?

Speaking as someone who uses computers in a professional capacity, and has done so for several decades, this feature seems like the answer to a question nobody is asking.
Quote:
Originally Posted by mjolnir View Post
Recall also does not take snapshots of certain kinds of content, including InPrivate web browsing sessions in Microsoft Edge.
Don't worry dudes, your wife won't be able to find your porn history.
Quote:
Originally Posted by mjolnir View Post
It will not hide information such as passwords or financial account numbers.
Hmmm.
Quote:
Originally Posted by mjolnir View Post
"Recall snapshots are kept on Copilot+ PCs themselves, on the local hard disk, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker. Recall screenshots are only linked to a specific user profile and Recall does not share them with other users, make them available for Microsoft to view, or use them for targeting advertisements. Screenshots are only available to the person whose profile was used to sign in to the device. If two people share a device with different profiles they will not be able to access each other’s screenshots. If they use the same profile to sign-in to the device then they will share a screenshot history. Otherwise, Recall screenshots are not available to other users or accessed by other applications or services."
And what about PCs connected to a domain controller? Is it part of a roaming profile?

So, summing up, we have a solution to a problem that doesn't exist, which won't get you into trouble with your wife, but keeps your usernames & passwords on your computer... And it's all being gifted to you by Microsoft.

What could possibly go wrong?

Seriously, it'd take a special level of naivety to believe that this honeypot of rich information is not going to become a target.
 
Old 05-25-2024, 08:58 PM   #32
rclark
Member
 
Registered: Jul 2008
Location: Montana USA
Distribution: KUbuntu, Fedora (KDE), PI OS
Posts: 506

Rep: Reputation: 183Reputation: 183
Quote:
{Win OS installed} ... None of mine have, for ages and ages now.
Well, it was cheaper for me to go to Newegg and pick one up. In January, I picked up a laptop (HP 15.6" FHD Laptop, AMD Ryzen 5-5500U Processor, 32GB RAM, 2TB PCIe SSD, AMD Radeon Graphics) that was on sale for my dad. KUbuntu loaded over the top of Windows just fine (and also for the last 5 or 6 laptops previously I've owned or been given). My dad (who is 83) really likes it. But from your comments, it looks like I may have to be a bit more careful the next time when I have a need for a new laptop. Laptops are the only machines I have to 'buy' as a unit as I build my own Linux desktops and servers from the ground up.

Quote:
Seriously, it'd take a special level of naivety to believe that this honeypot of rich information is not going to become a target.
Bingo.

Quote:
we have a solution to a problem that doesn't exist
But remember this is 'marketing' spin to sell MORE hardware and software... Whether the consumer needs it or not. Just the like the AI marketing that is currently going on... You (and I) are the target to fall for all the marketing babble and spend $$$ doing so.

Last edited by rclark; 05-25-2024 at 09:16 PM.
 
Old 05-26-2024, 04:25 AM   #33
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,496

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Quote:
There is potential with Linux on the new Arm chips, which out of necessity have to have full Linux support. If enough people and businesses move away from Wintel then we can finally relegate the duopoly to its rightful place on the dust heap of history, albeit about three decades late.
The Arm situation is interesting. Early Arm sbcs had make-it-up-as-you-go-along type setups which loaded firmware & config profiles. The RazPis, for instance had the GPU hard coded to load the gpu firmware. From there, everything was controllable, but it loaded cpu firmware, and that took over.

I personally find it difficult to imagine m$ trying for the server market. They'd be laughed out of it. So normal Bios will surely survive

Now since 2020 there's the "Arm system ready" program, which basically means it will boot to a state where you can install your choice of OS, or boot that OS. So maybe linux heads will just have to ditch x86_64 in favour of Aarch64. Arm are getting good enough. The performance/power ratio is much better than X86_64. The Apple laptops and Ampere servers showed us that. It's only a matter of time before we have serious competition there, or something like Arm CPU + AMD GPU all with native Linux support.

Last edited by business_kid; 05-26-2024 at 05:53 AM.
 
Old 05-26-2024, 05:27 PM   #34
TheJooomes
Member
 
Registered: May 2019
Distribution: Debian 12
Posts: 199

Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
  • The new ones have UEFI / Restricted Boot and no BIOS, so any distro wishing to even boot must pay m$ for that privilege which was once taken for granted now that third party UEFI certificates have been disabled. The era of general purpose computing is drawing to a close if enough of us don't act.
Can you give some examples/sources of Windows machines locking out BIOS configurability?
 
Old 05-27-2024, 04:36 AM   #35
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,496

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
I'd relax for a bit. The M$ private key was leaked or otherwise broken by hackers last year, so viruses could get through even secure boot. M$ are in the process of replacing stuff, so I'd let that percolate through. It should finish in the July patch Tuesday (I think). It would be fairly easy for them to lock users out of their own systems
 
Old 05-27-2024, 07:11 AM   #36
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,382
Blog Entries: 3

Rep: Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773
Quote:
Originally Posted by TheJooomes View Post
Can you give some examples/sources of Windows machines locking out BIOS configurability?
What's the connection? BIOS configurability has not been mentioned. Though it, too, is now a problem and mention of it does turn up from time to time in other forums, in IRC, and twice IRL here. The locking out of Linux is a separate matter. Some work-arounds include turning off Restricted Boot, and that is an option which is already starting to go away.

There were also debates over UEFI itself, prior to its adoption, pointing out how unnecessary and complex it is. Support for very large partitions could have been added to an improved BIOS rather than infecting systems with a small, parallel operating system like what UEFI has become. Here's are some CVEs on UEFI from this year, but there are others:

https://www.itnews.com.au/news/ubiqu...ilities-604126

See also the early debates on the 'shim' and certificates. Non-M$ operating systems must otherwise pay jizyah to m$ for as long as m$ deigns to allow booting. Ubuntu caused quit a stir at the time when it folded on that.
 
Old 05-27-2024, 10:39 AM   #37
TheJooomes
Member
 
Registered: May 2019
Distribution: Debian 12
Posts: 199

Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
What's the connection? BIOS configurability has not been mentioned.
That's the meaning I extracted from "no BIOS", "third party UEFI certificates have been disabled", and "The era of general purpose computing is drawing to a close". I haven't heard of cases that extreme before so I want more than a claim in a forum thread.
 
Old 05-27-2024, 10:55 AM   #38
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,382
Blog Entries: 3

Rep: Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773
Quote:
Originally Posted by TheJooomes View Post
That's the meaning I extracted from "no BIOS", "third party UEFI certificates have been disabled", and "The era of general purpose computing is drawing to a close". I haven't heard of cases that extreme before so I want more than a claim in a forum thread.
No problem. Here are two links, the first one via an archive in case m$ changes it:

"Secure the Windows boot process":

https://archive.is/q69Mx/again?url=h...0-boot-process

and "Using your own keys"
https://wiki.archlinux.org/title/Uni..._your_own_keys

Though the first one has a lot of weasel-wording it still makes the point. Notice that you have to actually parse the document:

Quote:
Configure UEFI to trust your custom bootloader. All Certified For Windows PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
The word "default" is not used specifically, yet the default is exactly what is being described.

Also, the gotcha there is certified. Those which are not certified and those which are certified but not in compliance are not going to permit that. Talk with people who deal with resale of used systems and you will get plenty of first hand anecdotes, there are certainly such shops or individuals in your geographical area.

If you have not gone out of your way to follow trends in ICT lately then it would not be strange that you have not heard of third party certificates being disabled by default. Again, there was a lot of discussion and detailed analysis before UEFI was even rolled out. All that is buried somewhere in the search engines, assuming the pages are even still up.

Edit: See also:
Starting in 2022 for Secured-core PCs it is a Microsoft requirement for the 3rd Party
Certificate to be disabled by default. This means that for any of these Lenovo
platforms shipped with Windows preinstalled an extra step is needed to allow Linux to
boot with secure boot enabled.

Last edited by Turbocapitalist; 05-27-2024 at 11:20 AM.
 
Old 05-28-2024, 09:41 AM   #39
_blackhole_
Member
 
Registered: Mar 2023
Distribution: FreeBSD
Posts: 117

Rep: Reputation: 100Reputation: 100
UEFI + Secureboot was always just a lot of "security theatre" marketing for the gullible. For proprietary OS vendors, security is a feature which can be sold for profit. The aim was always to lock out alternative OS such as Linux. UEFI itself was dreamed up by a consortium of the x86 hardware/bios vendors, MS and Apple.

Those who still believe that Secureboot is really about security and preventing "evil maid" attacks need to pull their heads out of the sand. Business often invents the problem, then sells the solution and this was very similar, but not quite the same. It also came packaged with MS' anti-competitive, hostile agenda to destroy Linux - all dreamed up during the Steve "Linux is a cancer" Ballmer era.

It astounds me that users of FOSS operating systems who post on sites like this one, happily walked down that path, eagerly supporting sell outs like Canonical and Red Hat and are still parroting the marketing speak about Secureboot, many years later. Many of these people were running Linux on hardware which was not configured for dual booting Windows 8.0/8.1, yet still they took great pride in running a UEFI only system, disabling legacy boot, jumping through hoops to configure their OS to boot by this horrible convoluted broken and ironically, insecure MS design, which even uses the antiquated MS FAT file system.

MS wants to ensure that only a Microsoft OS can boot from the bare metal, it has been paving the way for this for years. For Linux it has invested in WSL/WSL2 and it has lured people across with the convenience of that.

The TPM/TPM2 is a further assault on your freedom to install what you want to install on the hardware you paid for. It is one of the latest advances in "Trusted Computing", which is anything but trustworthy...

https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Quote:
There are some gotchas too. For example, TC can support remote censorship. In its simplest form, applications may be designed to delete pirated music under remote control. For example, if a protected song is extracted from a hacked TC platform and made available on the web as an MP3 file, then TC-compliant media player software may detect it using a watermark, report it, and be instructed remotely to delete it (as well as all other material that came through that platform). This business model, called traitor tracing, has been researched extensively by Microsoft (and others). In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present). So someone who writes a paper that a court decides is defamatory can be compelled to censor it - and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticise political leaders.
Quote:
The gotcha for businesses is that your software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. Such blatant lock-in might be prohibited by the competition authorities, but there are subtler lock-in strategies that are much harder to regulate.
Quote:
12. Scary stuff. But can't you just turn it off?

Sure - unless your system administrator configures your machine in such a way that TC is mandatory, you can always turn it off. You can then run your PC as before, and use insecure applications.

There is one small problem, though. If you turn TC off, Fritz won't hand out the keys you need to decrypt your files and run your bank account. Your TC-enabled apps won't work as well, or maybe at all. It will be like switching from Windows to Linux nowadays; you may have more freedom, but end up having less choice. If the TC apps are more attractive to most people, or are more profitable to the app vendors, you may end up simply having to use them - just as many people have to use Microsoft Word because all their friends and colleagues send them documents in Microsoft Word. By 2008, you may find that the costs of turning TC off are simply intolerable.
In the world of "Big Tech", the words "trust", "security" and "privacy" don't mean what you think they mean.

Last edited by _blackhole_; 05-28-2024 at 09:43 AM.
 
Old 05-28-2024, 09:52 AM   #40
shortarcflyer
Member
 
Registered: May 2022
Location: Louisiana/USA
Distribution: Void, ArchBang, PCLinuxOS, Mabox, ArcoLinux, Archman, RebornOS, Garuda, EndeavourOS
Posts: 566

Rep: Reputation: 74
How about google as well?

CALLER: Is this Pizza Hut?

GOOGLE: No sir, it’s Google Pizza.

CALLER: I must have dialed a wrong number, sorry.

GOOGLE: No sir, Google bought Pizza Hut last month.

CALLER: OK. I would like to order a pizza.

GOOGLE: Do you want your usual, sir?

CALLER: My usual? You know me?

GOOGLE: According to our caller ID data sheet, the last 12 times you called you ordered an extra-large pizza with three cheeses, sausage, pepperoni, mushrooms and meatballs on a thick crust.

CALLER: Super! That’s what I’ll have.

GOOGLE: May I suggest that this time you order a pizza with ricotta, arugula, sun-dried tomatoes and olives on a whole wheat gluten-free thin crust?

CALLER: What? I don’t want a vegetarian pizza!

GOOGLE: Your cholesterol is not good, sir.

CALLER: How the hell do you know that?

GOOGLE: Well, we cross-referenced your home phone number with your medical records. We have the result of your blood tests for the last 7 years.

CALLER: Okay, but I do not want your rotten vegetarian pizza! I already take medication for my cholesterol.

GOOGLE: Excuse me sir, but you have not taken your medication regularly. According to our database, you purchased only a box of 30 cholesterol tablets once at Lloyds Pharmacy, 4 months ago.

CALLER: I bought more from another Pharmacy.

GOOGLE: That doesn’t show on your credit card statement.

CALLER: I paid in cash.

GOOGLE: But you did not withdraw enough cash according to your bank statement.

CALLER: I have other sources of cash.

GOOGLE: That doesn’t show on your latest tax returns, unless you bought them using an undeclared income source, which is against the law!

CALLER: WHAT THE HECK?

GOOGLE: I’m sorry sir, we use such information only with the sole intention of helping you.

CALLER: Enough already! I’m sick of Google, Facebook, Twitter, WhatsApp and all the others. I’m going to an island without the internet, TV, where there is no phone service and no one to watch me or spy on me.

GOOGLE: I understand sir, but you need to renew your passport first. It expired 6 weeks ago…
 
Old 05-31-2024, 06:59 PM   #41
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,382
Blog Entries: 3

Rep: Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773Reputation: 3773
Quote:
Originally Posted by _blackhole_ View Post
MS wants to ensure that only a Microsoft OS can boot from the bare metal, it has been paving the way for this for years. For Linux it has invested in WSL/WSL2 and it has lured people across with the convenience of that.
Or lured the managers with the illusion of convenience, a situation without actual convenience and thus one which serves m$ better. Either way, the managers pay m$ for the privilege of booting Linux.

Below are two more links. Neither are found easily (or perhaps at all) via the search engines any more. When you take both together and consider the time scale, the only option out is returning to a Windows free market. Interestingly if you look at data from Statcounter regarding OS market share, and if you count Android¹, then Windows is already back down to low double-digit or smaller in a large number of countries. Even globally, m$ is down to way under a third. How accurate those stats are is anyone's guess but it does indicate that the numbers are far below the approximately 85% desktop market share required to maintain the monopoly rents which where the source of their OS income.

1) Their ongoing, long term, fanatical hate for all systems other than Windows was already well established decades ago. However, it is more important to look at the context of their words from PXE 7068. Not that many years ago, Windows was fringe and did not have the illusion of being mainstream. Schools were Apple, and developers and other technical people were mostly all about UNIX or Linux then:

Quote:
Where are we on this Jihad?
-- Bill Gates (2002)
That is an excerpt of Plaintiff's Exhibit 7068 from the Comes v Microsoft case via the late, great Groklaw also mirrored at Techrights. There are about another 10k similar documents there.

2) Also, the boot loader process had to be mentioned in post 30 above. M$ has been interfering with that for ages:

That is an excerpt from He Who Controls the Bootloader by Scott Hacker.



¹ That's a whole other discussion.
 
Old 06-04-2024, 09:05 AM   #42
_blackhole_
Member
 
Registered: Mar 2023
Distribution: FreeBSD
Posts: 117

Rep: Reputation: 100Reputation: 100
That's a great article on BeOS and the x86 bootloader (MS' secret exclusivity deal with the OEMs). BeOS was frozen out and ultimately killed by MS' control over the OEMs and serves as a great example, which few know of or care about. UEFI and Secureboot was merely a doubling down of this strategy.

The secret OEM deal prevented anyone from getting a pre-installed alternative OS on any box supplied by the major vendors. Incredibly still the case today.

UEFI and Secureboot was designed by Microsoft, with collaboration from the x86 OEMs, along with the hardware and BIOS vendors, to stop the individual from installing an alternative OS on any box supplied by those major vendors.

MS laid the foundations for the time when they could amend their secret deal to make Secureboot mandatory - and in the meantime create obstacles for the average person. And that's often all that's needed. You don't have to utterly lock out the competition - that just invites bad press and attracts the wrong kind of attention - no, instead of doing that, you wrap the whole thing up in a lot of security theatricals and present it as a necessity. Then you make the end user jump through hoops to disable it, with plenty of scaremongering along the way.

I have just this moment seen a colleague disable secure boot on an HP desktop (which I've done a few times in the past) for booting a cloning software from a memory stick. You are presented with a few options a few menus deep, followed by a warning, then after reboot you have to enter a 4 or 5 digit number to confirm... this is the kind of nonsense they put in place to deter the uninitiated and coerce them into backing off and leaving things as they are.

Last edited by _blackhole_; 06-04-2024 at 09:08 AM.
 
Old 06-04-2024, 09:36 AM   #43
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,496

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
It's nearly enough to drive you to Apple next time. With their own GPU, Asahi Linux and the M1-M4 CPUs. They beat the pants off any x86_64 laptop in terms of cpu power & battery life.

I found a nice way out of their advertising crap when I registered my wife. I made her as old as I could. Apple's system threw an error when I set her birthday as 1/1/1885, but it took 1886. Then, because she's so Ancient of Days, nobody wants to sell her anything .
 
Old 06-04-2024, 09:59 AM   #44
_blackhole_
Member
 
Registered: Mar 2023
Distribution: FreeBSD
Posts: 117

Rep: Reputation: 100Reputation: 100
macOS runs on x86 hardware and Apple (along with ARM) are one of the members of the UEFI Forum: https://uefi.org/members

Personally, I don't see Apple Silicon, which is a locked down and undocumented platform, as the answer to the Microsoft problem.
 
Old 06-04-2024, 11:16 AM   #45
rclark
Member
 
Registered: Jul 2008
Location: Montana USA
Distribution: KUbuntu, Fedora (KDE), PI OS
Posts: 506

Rep: Reputation: 183Reputation: 183
Just an FYI, for Windoze users....

https://www.tomshardware.com/softwar...tup-workaround
 
  


Reply

Tags
copilot+, microsoft, recall, snapshots


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
You knew Microsoft was spying, but never dreamed how much ... sundialsvcs General 35 02-19-2016 01:22 AM
[SOLVED] virtualbox installs pcbsd again and again and again straffetoebak Linux - Virtualization and Cloud 4 11-21-2014 07:14 PM
LXer: Microsoft denies Windows 8 app spying via SmartScreen LXer Syndicated Linux News 2 08-26-2012 07:47 AM
Dualbooting again, again, again... Procrastinator Linux - General 4 10-28-2004 11:04 AM
Need help installing Mandrake (again, again, again...) DicedMalt Mandriva 6 08-26-2003 04:47 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 11:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration