Discord 2025 Windows 7

[Agony_Aunt]

the city central computer told you.........
R2 you know better than to trust a strange conputer

I've upgraded from Windows 10... to Linux.

Really enjoy being in control of the computer once again.

Also love how the hard drive doesn't thrash every time Windows decides to use the swap file when the comp has 10Gb of RAM free or just because i've loaded an app/browser/whatever. Its just so much more responsive.

And updates... just update. No massive system updates, no waiting 5 minutes for the computer to reboot while updates are applied. I had a kernel update appear yesterday. Ran the updater this morning, it was done in a couple of mins, suggested a reboot, but no rush, but did, and a minute later back at desktop with new kernel.

Yeah, there's some online games i can't play because of kernel level anti-cheat, but i can live with that for a much better experience overall.

 

[CMDR Lefty Jackson]

never stored a password on a pc i dont have alzimers yet

Ignorance is not bliss! It can lead to many bad things.

I have been amazed at how so many people have no clue what "security" is. My time in the military began at 17 years old, and so my understanding of how to secure things started at a young age. Most have no concept of one of the basic tenets of security, which is to limit access by separation.

People compromise security for the sake of convenience.

Basically, NEVER EVER use a password manager. Period.

The best security ever is one simple method...Don't go there. For your PC, never go online, and never allow anyone to physically access your pc.

 

[Morbad]

Also, for what it's worth, Microsoft publishes variants of Windows 11 (e.g. IoT Enterprise) which don't require TPM by default.

The only thing, other than the license, that distinguishes these versions from any other version of Windows 11 24H2 is what packages they have installed, and what services are enabled, by default. Kernel is exactly the same and they use the same patches. Software support is exactly the same. There is clearly no technical reason why TPM would be required.

The most optimistic interpretation I can think of for making the feature Mandatory is that they want to provide a baseline level of security to users that are completely technically inept. Unfortunately, many of these same users are likely to run into issues because of it...e.g. a firmware update changes/clears their TPM or secure boot keys and their computer no longer works, some bug causes TPM to have performance issues, or the discount hardware TPM they bought on Ali Express was either compromised or just defective. Sooner or later Mcrosoft will stumble upon the idea that shipping OSes with everything and the kitchen sink enabled out of the box is fundamentally bad for security, especially if one isn't willing to maintain decent standards of QA.

In the meantime, I'm sure they're content in taking kickbacks from hardware manufacturers while they poison us all by generating gigatons of e-waste.

As to the third bit? That's meant to be a downside?!!

They aren't going to prevent updates as that would be more problematic than disabling TPM, from almost any angle MS might have in mind.

If one somehow runs into issues with automatic updates, one can usually still get the updates manually by going to the update history page and following the relevant links to the downloads in the Windows Update Catalog.

Windows 11, version 24H2 update history - Microsoft Support

support.microsoft.com

Microsoft Update Catalog

That right there tells me you get it. Bravo!

I'm also from the States, where courts have repeatedly ruled that Fifth Amendment protections do not cover biometrics. So, even if the implementation was technically sound (and Microsoft's aren't) I'd still recommend the use of passwords.

 

[CMDR Lefty Jackson]

I'm also from the States, where courts have repeatedly ruled that Fifth Amendment protections do not cover biometrics. So, even if the implementation was technically sound (and Microsoft's aren't) I'd still recommend the use of passwords.

Indeed.

There are two main points to the pc issue...one company, MS, manipulating the computer market in such a way that is anticompetitive, just like Google is doing with the network side of things...

The other point is personal information. Or rather, the theft of personal data in the name of analytics, which is really theft for the sake of selling your information for profit and not compensating those they steal from.

There is a reason why they want people to use "WIFI" and "Biometrics", and it is not because they want your pc to be secure!

 

[Helmut Grokenberger]

Basically, NEVER EVER use a password manager. Period.

I think you don't know what a modern, well designed password manager can do for your personal security. If by "password manager" you mean letting your browser or cloud service store your passwords for you, then I agree. But a well designed encrypted password manager is a great tool. Personally I use KeePassXC or forks of that on all platforms I use.

Not only does it allow you to use different passwords for every service you use, it also allows you to use very strong passwords that are beyond what you can easily remember, and integration into your device is very easy these days, if you wish to do so for convenience. Ideally paired with using a dfifferent login / email for each service (I use a catch all for one of my personal domains for that) helps a lot to reduce the risk of getting compromised by credential leaks.

Of course you have to use it responsibly. If you lose your master passphrase, key file or other means of authentication, you're screwed. So are you if you lose the container, so ideally store it in multiple physical locations. There are also easy ways to sync those copies across your devices without relying on commercial cloud services, if you need to.

The best security ever is one simple method...Don't go there. For your PC, never go online

I can't tell if this is sarcasm or not...

 

[CMDR Lefty Jackson]

I think you don't know what a modern, well designed password manager can do for your personal security. If by "password manager" you mean letting your browser or cloud service store your passwords for you, then I agree. But a well designed encrypted password manager is a great tool. Personally I use KeePassXC or forks of that on all platforms I use.

Not only does it allow you to use different passwords for every service you use, it also allows you to use very strong passwords that are beyond what you can easily remember, and integration into your device is very easy these days, if you wish to do so for convenience. Ideally paired with using a dfifferent login / email for each service (I use a catch all for one of my personal domains for that) helps a lot to reduce the risk of getting compromised by credential leaks.

Of course you have to use it responsibly. If you lose your master passphrase, key file or other means of authentication, you're screwed. So are you if you lose the container, so ideally store it in multiple physical locations. There are also easy ways to sync those copies across your devices without relying on commercial cloud services, if you need to.



I can't tell if this is sarcasm or not...

Yes, I do know, that is why I oppose them.

First and foremost, it is bad security policy to store such information on your PC, I don't care how good the encryption is. Humans wrote that software, and humans can break it. And if they don't have the skills to break, they likely will just trash the place out of spite.

Do you have the skills to read the code to ensure it's written acceptably? Odds are, no. Only a relatively small group of people know how to program such things.

Do you trust a company when they say their software is secure?

Proper security doesn't care about convenience. Doing the correct thing is not always easy or convenient.

You miss the whole point. If you don't use it, it can't burn you!

And no, it is not sarcasm. If you don't want your pc infected or your information stolen, don't go online. That is the base starting point of security. Normal people understand not going online is problematic in this digital age, so they do go online. Not going online is more and more difficult, so we do go online, which takes us past that basic security step. That means you must use other security measures, seeing not going online is not realistically an option.

I can all but guarantee that if you don't go in the ocean, you won't get bitten by a shark!

 

[CMDR Lefty Jackson]

LOL, moved to "Off Topic".

Why am I not surprised. It's as topical as it can be. We are literally talking about pc's and how to use them.

 

[STRONTIUM DOG]

forgetting a password use to have grave consequences
who goes there?
it's moose
bang
for security i think ill fit an M1 Garand problem sorted lol
and now the weather report for today courtesy of enigma heil hitler

 

[Helmut Grokenberger]

Sounds dreadful.

First and foremost, it is bad security policy to store such information on your PC, I don't care how good the encryption is. Humans wrote that software, and humans can break it. And if they don't have the skills to break, they likely will just trash the place out of spite.

A lot of the modern encryption methods used are, at this time, literally impossible to brute-force in our lifetime. This may change, but so will the encryption algorithms. If encryption fails, it's almost always either because a weak or broken encryption was used, or it was broken on the user level.

Do you have the skills to read the code to ensure it's written acceptably? Odds are, no. Only a relatively small group of people know how to program such things.

That's a weak argument. I don't know how to fix the brakes on my car, but I trust my mechanic that he does. If you don't trust anyone, all you can do is dig a hole in the ground and never leave it.

The open source community is huge, and it's not a "relatively small group of people" who know how to program those things. That's hyperbole. I would never use a closed source password manager though. By and large, yes, I trust the open source community. And I trust in my ability to make an educated decision and to know how to handle my sensitive information responsibly.

Do you trust a company when they say their software is secure?

No.

Proper security doesn't care about convenience. Doing the correct thing is not always easy or convenient.

You're missing the point. Proper use of an encrypted password manager isn't convenience. It is to heighten security by enabling the user to use individual stronger passwords for each and every service instead of relying on memory, systems or post-its.

You miss the whole point. If you don't use it, it can't burn you!

And no, it is not sarcasm. If you don't want your pc infected or your information stolen, don't go online. That is the base starting point of security. Normal people understand not going online is problematic in this digital age, so they do go online. Not going online is more and more difficult, so we do go online, which takes us past that basic security step. That means you must use other security measures, seeing not going online is not realistically an option.

I can all but guarantee that if you don't go in the ocean, you won't get bitten by a shark!

Never leaving the house isn't the kind of advice I'd give to anyone, but if it works for you... more power to you.

Out of curiosity - how do you manage your passwords?

 

[Morbad]

it also allows you to use very strong passwords that are beyond what you can easily remember

There are passwords that are very easy to remember that are also very strong. Strings of proper names, for example, are easily obscure enough that they'll never be on any rainbow table, and long enough to make brute forcing them impractical. I can remember all kinds of permutations of proper names, plus an extra character or two.

 

[Helmut Grokenberger]

There are passwords that are very easy to remember that are also very strong. Strings of proper names, for example, are easily obscure enough that they'll never be on any rainbow table, and long enough to make brute forcing them impractical. I can remember all kinds of permutations of proper names, plus an extra character or two.

You're right. Mandatory xkcd reference* here . Some password systems are also based on very easy to remember phrases where you then pick certain letters from, and salt them accordingly. I still use a system like that for very strong passwords. I use "throwaway" strong generated passwords for random service registrations and the like.

I am not saying a password manager is the be-all-end-all of things. But they help, and essentially comparing a good, modern encrypted password manager with post it's on your monitor is just... wrong.

* for the uninitiated:

https://imgs.xkcd.com/comics/password_strength_2x.png

 

[Morbad]

You're right. Mandatory xkcd reference* here . Some password systems are also based on very easy to remember phrases where you then pick certain letters from, and salt them accordingly. I still use a system like that for very strong passwords. I use "throwaway" strong generated passwords for random service registrations and the like.

I am not saying a password manager is the be-all-end-all of things. But they help, and essentially comparing a good, modern encrypted password manager with post it's on your monitor is just... wrong.

* for the uninitiated:

https://imgs.xkcd.com/comics/password_strength_2x.png

The main issue I see with password managers is that they are a single point of failure. If someone does get that master password or otherwise compromises the manager, it's not one site/app/whatever that's been compromised, it's everything the manager was managing.

 

[Helmut Grokenberger]

The main issue I see with password managers is that they are a single point of failure. If someone does get that master password or otherwise compromises the manager, it's not one site/app/whatever that's been compromised, it's everything the manager was managing.

That's true. Handling it responsibly is still important. Having your master password stored in a plain text file next to your password container or using a master phrase like President Skroob is probably not the best idea. And of course if your system is compromised and you unlock your container, all hell breaks loose.

I'm not saying a password manager makes navigating the hell hole that is modern password management a breeze. But they can help mitigate some of the laziness that is inherent to people, and for the average person with a comparably low threat vector they'll do fine. I wouldn't store my nuclear launch codes in one though .

And yes, I still know people who use one or two passwords on the level of "12345" for everything.

 

[metatheurgist]

You're right. Mandatory xkcd reference* here . Some password systems are also based on very easy to remember phrases where you then pick certain letters from, and salt them accordingly. I still use a system like that for very strong passwords. I use "throwaway" strong generated passwords for random service registrations and the like.

I am not saying a password manager is the be-all-end-all of things. But they help, and essentially comparing a good, modern encrypted password manager with post it's on your monitor is just... wrong.

* for the uninitiated:

https://imgs.xkcd.com/comics/password_strength_2x.png

I think the problem with that one is that of all the places I have passwords only twitch lets me put in that many words. Everything else has a fairly short limit.

 

[Helmut Grokenberger]

I think the problem with that one is that of all the places I have passwords only twitch lets me put in that many words. Everything else has a fairly short limit.

hmmm... yeah. It is mildly infuriating that there are services existing today that still limit password length to 16 characters or even less.

 

[CMDR Lefty Jackson]

Never leaving the house isn't the kind of advice I'd give to anyone, but if it works for you... more power to you.

Out of curiosity - how do you manage your passwords?

That's a little bit of an assumption. Who said anything about such levels of paranoia? We are talking better security practices, not mental defects!

For security reasons, I won't tell you or anyone how I handle my passwords. Need to know kind of thing! I don't use password managers, as I'm sure you have already deduced.

Look, my point, good or bad, is that it's not about how good that software may be; it's about not having a door for somebody to get in. Nothing more to it. No door, no entry. That simple. We aren't talking about how strong that door is. My point is that it is best that you not have that door in the first place.

As Morbad said, "single point of failure" is not a good thing. Most will get away with it, BUT, when it fails, it fails BIG TIME. No need for that kind of exposure to that kind of risk. Personally, I think it's not worth the risk.

Open source? I'm a big fan of Open Source. I think there should be one OS for all computers, Open Source, I call it "BaseOS". I believe we have gone beyond that period of "We created it and deserve to make money off it" phase. MS and others have made TONS of cash from it. Now we are at the point where it's a societal requirement, a utility of the public.

If you want fancy things on your PC, fine, add them, on top of a basic open-source OS that is fully visible and can't be messed with under the hood. And that OS is widely agreed that it's for basic stuff only. Keeps clutter down and processing power up, while allowing for a quick check that it's all correct and not tampered with. And it is the ONLY recognized base OS available. Anybody could make add-ons. Go for it.

The point is not to have some private corporation dominating the market and dictating to developers how a pc should run. That power must be taken away from MS.

 

[Helmut Grokenberger]

That power must be taken away from MS.

Oh no argument from me there!