This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.
Be warned:
If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.
I work in IT and understand that the tradeoff for good security is a reduction in convenience. But this really reads like deliberate punishment. I get the same sense on Apple's platforms. Wanna change your cloud password? Prove you know the unlock code to a device that you no longer own and haven't had in a year. This is especially awesome when your employer makes you change passcodes on a regular basis and you have no idea what you used back then.
My password manager keeps a history, and it has saved my bacon twice now.
Yeah, they VIP that I was helping when I encountered the above issue was not using a pw manager and the device in question had been replaced (by the org) a bit more than a year ago. We also had an insane pw policy at the time that made users change them every three months, so good luck remembering. So grateful that madness is over.
Cold spare production floor machines. I'm sure there's a better way, but you build the machine and put it on a shelf maybe 2 years before you need it.
That doesn't help them recover their cloud account for which they forgot their password. They still need the unlock code of the device that was replaced >1y ago.
Which one are you using?
Ran into this issue literally yesterday. The wife went back to iOS after giving Android a try for four years (I don't get why, but I try not to judge).
Anyway, she couldn't remember her Apple ID and had to pull out the phone she hasn't used in years to recover her account. Thankfully she was smart enough to charge the battery to 50% every few months. Otherwise it would have gone bad and she would have been fucked; literally would have had to pay a tech hundreds to replace a battery for a phone she no longer uses, just to reset a simple password.
I understand and appreciate the need for good security, but this is beyond ridiculous.
Microsoft has painted users into a very dangerous corner. Security is vitally important, but not when it’s almost maliciously implemented.
Even as a security professional I understand that most people will be ill served by having their computer locked down like Fort Knox. There are ways of ensuring security without having all personal content go permanently poof with the slightest wrong move.
100% agree with the sentiment. Working in IT makes you realize how incapable some people can be with even the simplest computer tasks at times. What would you recommend as an alternative for secure data in the case of the average person? File level encryption instead of disk level? Wondering what would be the best way to go about getting my family to secure their private info.
For safety, backups are much better than encryption.
The only thing encryption does is prevent others from reading your data if the machine gets physically lost or stolen. And ironically, that might prevent a stolen machine from ever making it back into your hands.
For desktops, encryption of a machine that doesn’t have critically private/sensitive content is even dumber. I mean, if you have terabytes of CP or are a terrorist, then sure, lock that down to make the police earn their wages. Or do it even if you don’t, but you just want to give authorities the middle finger.
But not much on the average computer needs encryption so long as you keep good physical and network security. And the problem with that is much of it is behavioural - they will need to learn how to not do dangerous things online and off.
In order to protect data is a good backup system - something that just works, is dummy proof, can be administered remotely, and which can restore content easily and reliably.
On a Mac, nothing beats iCloud. It’s encrypted before it even gets uploaded, and Apple has repeatedly shown it cannot retrieve the content… it needs to be forcibly cracked.
On the PC (both Windows and Linux) I prefer Duplicati backing up to BackBlaze B2.
I'm using hardware encryption, i.e. my data is too heavy to be stolen. The manual actually recommends two people lift it.
Oh hey, another T7500 owner! You have the second-CPU caddy installed in that thing?
What do you use yours for?
One is light hosting using VMs. It boots normally.
The other is for experimenting on various OS’ in VMs. It does not boot normally. Even before the 2nd CPU caddy, it always POSTed 10 times - no more, no less - with a memory error code before booting into the hypervisor. And yet, no issues with memory, no issues with RAM slots themselves. Or, at least, it’s affecting all 4 of the on-mobo slots equally.
That's wild. Mine posts just fine, though it was very particular about the ram. I had to re-seat most of the 8 sticks several times. And one time it posted with memory errors when I had a dirty cpu pad on cpu 0. But now, it boots perfect every time.
Do you leave yourself running for extended periods? This thing seems like a power hog. Ive got dual Xeon 5355's, 120W each. The GTX 980TI is 250W, and I've heard those sticks of ram are 10W each. I have been turning it off when im not actively doing something on it.
Actually, it's a Precision 690! Same case, though I'm pretty sure. And yes, I do have the second CPU installed. Dual Xeon 5355's! And 32GB of DDR2. And a GTX 980TI.
I absolutely agree with you, disk encryption is mostly against someone physically taking your device. Phones and laptops? Absolutely, yeah. Desktops? I have some faith in my door lock, and if the cops show up, have fun with my steam library. Most of the data that is interesting for law enforcement is on people's phones nowadays, like regular contacts, media, or message histories. If you encrypt your desktop, sure, by all means do it, but it should be opt-in, not opt-out (or don't-opt-at-all, microsoft).
Weaponized security. These fuckers booby-trapped usb boot.
I really don’t miss windows. I’m happy with almost everything else but windows. Fischer price macOS is perfectly acceptable to me at this point.
Fuck Liquid Glass though.
This happened when I booted a friend's computer from a live USB Mint stick. It took hours to find the correct password for her account and get Windows running again.
A few years ago Microsoft deleted my Linux ext2 directory when I dual booted to Windows and ran Windows Update.
At this point I'm convinced one of Microsoft's primary business functions is selling malware.
Hm... Eclains why all the Linux install tutorials start with: disable secure boot, disable bit locker,...
How can something "enable itself" while requiring a password?
it was already enabled, he just tripped secureboot.
It's not strictly a password, it's a recovery key for the encryption. The drive is unlocked automatically at boot by the key residing in the TPM, if the system "hasn't been compromised"
Bitlocker is enabled by default on new Windows installations, and you can run into this situation by resizing partitions or messing around with your EFI partition. Disabling secure boot without disabling bitlocker first will result in this.
Make sure you have your recovery key, or completely disable bitlocker until you're done provisioning your system (or uninstall windows altogether)
dual boot with windows ? good fucking luck
Someone correct me if I'm wrong, but that greentext doesn't accurately reflect how BitLocker works (unless there's some missing context). Assuming you override the boot order using the one-time boot option and live boot that way, rebooting afterwards won't affect the TPM or BitLocker because nothing has actually changed. If you change the boot order in the BIOS / UEFI settings and move USB boot above the normal boot drive in order to live boot, then the TPM will see a change and BitLocker will lock. But you can just change the boot order back to the way it was and the TPM will be happy again and BitLocker will automatically unlock. Unless you do something really stupid like clearing the TPM altogether.
I guess it's also possible the person didn't just live boot and tried to install Zorin while live booted, which would cause issues, but I doubt that's the case here.
Microsoft's SSO is an absolute train wreck. I'd rather pound my pecker flat with a mallet than deal with another Microsoft account.
I had a similar problem when I made my win11 mini PC into an Ubuntu server. It took forever for win11 to remove the bitlocker encryption, and that was before spending ages trying to find 0ut how to remove it.