Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Anon tries running live USB Linux on his dad's computer

⁨434⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨nzmaa@lemy.lol⁩ to ⁨greentext@sh.itjust.works⁩

https://lemy.lol/pictrs/image/d805f756-c5c1-4d76-ac5e-9f95c2d923a5.webp

source

Comments

Sort:hotnewtop
  • rekabis@lemmy.ca ⁨8⁩ ⁨hours⁩ ago
    • The average user has no need to use Bitlocker
    • The average user should be using a local account instead of a Microsoft Account.
    • Using a Microsoft Account causes Bitlocker to auto-enable.
    • Loss of access to your Microsoft Account when Bitlocker is enabled can cause loss of all your data.
    • Microsoft can and will roundly ignore you if you lose access to your Microsoft Account.

    Microsoft has painted users into a very dangerous corner. Security is vitally important, but not when it’s almost maliciously implemented.

    Even as a security professional I understand that most people will be ill served by having their computer locked down like Fort Knox. There are ways of ensuring security without having all personal content go permanently poof with the slightest wrong move.

    source
    • RichardTickler@lemmy.world ⁨7⁩ ⁨hours⁩ ago

      100% agree with the sentiment. Working in IT makes you realize how incapable some people can be with even the simplest computer tasks at times. What would you recommend as an alternative for secure data in the case of the average person? File level encryption instead of disk level? Wondering what would be the best way to go about getting my family to secure their private info.

      source
      • rekabis@lemmy.ca ⁨7⁩ ⁨hours⁩ ago

        For safety, backups are much better than encryption.

        The only thing encryption does is prevent others from reading your data if the machine gets physically lost or stolen. And ironically, that might prevent a stolen machine from ever making it back into your hands.

        For desktops, encryption of a machine that doesn’t have critically private/sensitive content is even dumber. I mean, if you have terabytes of CP or are a terrorist, then sure, lock that down to make the police earn their wages. Or do it even if you don’t, but you just want to give authorities the middle finger. But not much on the average computer needs encryption so long as you keep good physical and network security.

        What you want is a good backup system - something that just works, is dummy proof, can be administered remotely, and which can restore content easily and reliably.

        On a Mac, nothing beats iCloud. It’s encrypted before it even gets uploaded, and Apple has repeatedly shown it cannot retrieve the content… it needs to be forcibly cracked.

        On the PC (both Windows and Linux) I prefer Duplicati backing up to BackBlaze B2.

        source
  • spaghettiwestern@sh.itjust.works ⁨8⁩ ⁨hours⁩ ago

    This happened to me when I booted a friend’s computer from a live USB Mint stick. It took well an hour to find the correct password for her account and get Windows running again.

    Not too long ago Microsoft deleted my Linux ext2 directory when I booted to Windows and ran Windows Update.

    At this point I’m convinced Microsoft primary business is selling malware.

    source
  • Gullible@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

    Real and fuck Microsoft

    source
    • Gradually_Adjusting@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Image

      source
  • some_guy@lemmy.sdf.org ⁨21⁩ ⁨hours⁩ ago

    I work in IT and understand that the tradeoff for good security is a reduction in convenience. But this really reads like deliberate punishment. I get the same sense on Apple’s platforms. Wanna change your cloud password? Prove you know the unlock code to a device that you no longer own and haven’t had in a year. This is especially awesome when your employer makes you change passcodes on a regular basis and you have no idea what you used back then.

    source
    • Psythik@lemmy.world ⁨10⁩ ⁨hours⁩ ago

      Ran into this issue literally yesterday. The wife went back to iOS after giving Android a try for four years (I don’t get why, but I try not to judge).

      Anyway, she couldn’t remember her Apple ID and had to pull out the phone she hasn’t used in years to recover her account. Thankfully she was smart enough to charge the battery to 50% every few months. Otherwise it would have gone bad and she would have been fucked; literally would have had to pay a tech hundreds to replace a battery for a phone she no longer uses, just to reset a simple password.

      I understand and appreciate the need for good security, but this is beyond ridiculous.

      source
    • lemming741@lemmy.world ⁨19⁩ ⁨hours⁩ ago

      My password manager keeps a history, and it has saved my bacon twice now.

      source
      • some_guy@lemmy.sdf.org ⁨19⁩ ⁨hours⁩ ago

        Yeah, they VIP that I was helping when I encountered the above issue was not using a pw manager and the device in question had been replaced (by the org) a bit more than a year ago. We also had an insane pw policy at the time that made users change them every three months, so good luck remembering. So grateful that madness is over.

        source
        • -> View More Comments
      • techt@lemmy.world ⁨16⁩ ⁨hours⁩ ago

        Which one are you using?

        source
        • -> View More Comments
  • nuko147@lemmy.world ⁨1⁩ ⁨day⁩ ago

    …and grounds for committing sudoku. 🤣

    source
    • SkyezOpen@lemmy.world ⁨23⁩ ⁨hours⁩ ago

      Image

      source
    • wieson@feddit.org ⁨20⁩ ⁨hours⁩ ago

      Ahh you mentioned the number puzzle sudoku. What you were looking for, was the word for japanese honour suicide: sirtaki.

      source
      • Peruvian_Skies@sh.itjust.works ⁨16⁩ ⁨hours⁩ ago

        You mean Sriracha.

        source
        • -> View More Comments
  • muusemuuse@sh.itjust.works ⁨13⁩ ⁨hours⁩ ago

    Weaponized security. These fuckers booby-trapped usb boot.

    I really don’t miss windows. I’m happy with almost everything else but windows. Fischer price macOS is perfectly acceptable to me at this point.

    Fuck Liquid Glass though.

    source
  • Sir_Premiumhengst@lemmy.world ⁨20⁩ ⁨hours⁩ ago

    Hm… Eclains why all the Linux install tutorials start with: disable secure boot, disable bit locker,…

    source
  • 9point6@lemmy.world ⁨1⁩ ⁨day⁩ ago

    This is partly Microsoft’s fault, for sure, but it’s also more of a function of how secureboot works. A Linux system using TPM backed FDE with secureboot enabled would have the same problem going the other way.

    Secureboot prevents a lot of ways the TPM could be compromised, so as part of “securely” turning it off, it wipes the keys (otherwise those protections would be pointless, the first thing an attacker would do would be to turn off secureboot).

    source
    • PlzGivHugs@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

      The main problem is it turning itself on with no input from or feedback to the user, and not giving the user access to the key without using a Microsoft account. I’ve heard of people getting screwed by this because they set up with a local account and thus never got their secureboot key (or did, but it was hidden somewhere and they were never told to save it).

      source
      • 9point6@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Oh yeah sorry I should have elaborated when I said it’s partly Microsoft’s fault. This mostly happened because neither of them expected the FDE to be enabled which is on Microsoft for silently enabling it

        source
  • Evotech@lemmy.world ⁨13⁩ ⁨hours⁩ ago

    Bitlocker works as intended and is actually a good tool

    source
    • Doomsider@lemmy.world ⁨13⁩ ⁨hours⁩ ago

      Ah yes, after the attacker has gotten everything they need upon next boot up the owner is locked out. Perfect!

      source
      • Evotech@lemmy.world ⁨5⁩ ⁨hours⁩ ago

        You can’t actually get the files… it’s encrypted…

        source
    • leftzero@lemmy.dbzer0.com ⁨12⁩ ⁨hours⁩ ago

      It installs and activates itself stealthily, slows down the computer, and eventually makes it unusable.

      If it looks like a duck and walks like a duck…

      Bitlocker works as intended

      Oh, definitely. If it was intended to be malware.

      source
    • lightnsfw@reddthat.com ⁨9⁩ ⁨hours⁩ ago

      Explain how breaking their ability to boot into the OS because they booted from a USB is a good thing.

      source
  • ikidd@lemmy.world ⁨9⁩ ⁨hours⁩ ago

    Microsoft’s SSO is an absolute train wreck. I’d rather pound my pecker flat with a mallet than deal with another Microsoft account.

    source
    • rekabis@lemmy.ca ⁨8⁩ ⁨hours⁩ ago

      I actually like the Microsoft Authenticator, as it dramatically improves security for Microsoft Accounts. Not only does it plump up 2FA TOTP from 6 digits to 8, but it can also implement challenge-response codes as a second layer of protection.

      What I do not agree with is putting your computing eggs all in one basket. I have never used a Microsoft Account to secure Windows, and I never will. Complete data loss via loss of control of the Microsoft Account is just too high of a persistent threat. And that risk rises by an order of magnitude the less technically inclined a user is. For someone who has almost no computing experience, it is an unconscionably risky system to use.

      source
  • unexposedhazard@discuss.tchncs.de ⁨1⁩ ⁨day⁩ ago

    Literally happened to me two days ago. Everything was fine until i installed gpu drivers and then it said “plz give secure boot password” and i had to abort mid install. Also was infront of a fresh linux recruit.

    source
    • elvith@feddit.org ⁨1⁩ ⁨day⁩ ago

      That secure boot password was probably from akmods preparing its key so that it can sign the kernel module of the driver. This key needs to be loaded into the UEFI to use the driver with secure boot enabled. It shouldn’t affect the bit locker key in theory, but you never know…

      source
      • unexposedhazard@discuss.tchncs.de ⁨1⁩ ⁨day⁩ ago

        No bitlocker on that one but it still complained.

        source
        • -> View More Comments
  • Honytawk@lemmy.zip ⁨18⁩ ⁨hours⁩ ago

    How can something “enable itself” while requiring a password?

    source
    • floquant@lemmy.dbzer0.com ⁨13⁩ ⁨hours⁩ ago

      It’s not strictly a password, it’s a recovery key for the encryption. The drive is unlocked automatically at boot by the key residing in the TPM, if the system “hasn’t been compromised”

      Bitlocker is enabled by default on new Windows installations, and you can run into this situation by resizing partitions or messing around with your EFI partition. Disabling secure boot without disabling bitlocker first will result in this.

      Make sure you have your recovery key, or completely disable bitlocker until you’re done provisioning your system (or uninstall windows altogether)

      source
    • tgxn@lemmy.tgxn.net ⁨18⁩ ⁨hours⁩ ago

      it was already enabled, he just tripped secureboot.

      source
  • Sarothazrom@lemmy.world ⁨21⁩ ⁨hours⁩ ago

    This is probably my fault, big brother Microsoft saw me replace Win11 last month with Linux and don’t wan’t real OS’s taking up their precious market share.

    source
  • asqapro@reddthat.com ⁨8⁩ ⁨hours⁩ ago

    Someone correct me if I’m wrong, but that greentext doesn’t accurately reflect how BitLocker works (unless there’s some missing context). Assuming you override the boot order using the one-time boot option and live boot that way, rebooting afterwards won’t affect the TPM or BitLocker because nothing has actually changed. If you change the boot order in the BIOS / UEFI settings and move USB boot above the normal boot drive in order to live boot, then the TPM will see a change and BitLocker will lock. But you can just change the boot order back to the way it was and the TPM will be happy again and BitLocker will automatically unlock. Unless you do something really stupid like clearing the TPM altogether.

    I guess it’s also possible the person didn’t just live boot and tried to install Zorin while live booted, which would cause issues, but I doubt that’s the case here.

    source
  • underscores@lemmy.zip ⁨19⁩ ⁨hours⁩ ago

    dual boot with windows ? good fucking luck

    source
  • proti@lemmy.world ⁨1⁩ ⁨day⁩ ago

    As nice as most distros are, I wouldn’t recommend installing it on Gpa’s/Parent’s PC, simply because if a problem arrives most people won’t be able to give them a fix easily, unless they also know how to use Linux.

    source
    • lime@feddit.nu ⁨1⁩ ⁨day⁩ ago

      i installed mint for my extremely non-technical parent and the only time they have issues is when trying to use windows stuff. so a non-issue.

      source
      • DudeDudenson@lemmings.world ⁨23⁩ ⁨hours⁩ ago

        Installed mint for an elderly relative that only uses it for YouTube and email, the only calls I get are when mozzila stops working because the version is too old

        source
        • -> View More Comments
      • proti@lemmy.world ⁨23⁩ ⁨hours⁩ ago

        Well, mine was one of the curious ones - once they disconnected from the WiFi and no neighbor could fix it, they had to wait a few days till I came over to help.
        Hopefully Linux market share will improve and you can get lucky, but issues will inevitably happen - if you’re committed and close by, maybe you could try, but it sucks when you’re away

        source
    • lemming741@lemmy.world ⁨19⁩ ⁨hours⁩ ago

      My grandpa fixes all of his Windows problems himself

      source
      • proti@lemmy.world ⁨18⁩ ⁨hours⁩ ago

        absolute gigachad

        source
    • x00z@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Seems like Linux skills for IT people can become a gold mine.

      source
  • bathing_in_bismuth@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

    Switching from windows 7 to Linux really was a good call from me, as in, the timing. I’m glad I have never and will never experience horrors like this

    source
    • Trainguyrom@reddthat.com ⁨19⁩ ⁨hours⁩ ago

      Since about Windows 7 each major windows release has been a bunch of new annoying things you have to learn how to work around, and a couple of fixes for older annoying things that now work better. For example, Windows update on 10 and 11 is actually pretty decent at actually updating everything and finding drivers for fairly common hardware. Windows 11 has some nice window management features built in, etc.

      Its easy, just make sure you select the right options during OS setup, hit an unmarked key combination to open a terminal and enter an undocumented command that Microsoft might remove at any moment to bypass certain online/account requirements, uninstall Candy Crush every 6 months or so, enter these registry values to fix the right-click menu, windows search, etc.

      Y’know what, thinking about it, its been about 7 years since I last gave Linux a shot on my primary PC, might be about time to try it again…

      source
      • JigglySackles@lemmy.world ⁨9⁩ ⁨hours⁩ ago

        Zorin is a really nice and easy transition so far. I just started my exodus and have Zorin on a couple laptops and I like it. The phone companion app is nice too.

        source
  • peetabix@sh.itjust.works ⁨18⁩ ⁨hours⁩ ago

    I had a similar problem when I made my win11 mini PC into an Ubuntu server. It took forever for win11 to remove the bitlocker encryption, and that was before spending ages trying to find 0ut how to remove it.

    source
  • danzabia@infosec.pub ⁨1⁩ ⁨day⁩ ago

    Yep, happened with my wife’s laptop. Fortunately you just follow the instructions and we had a second laptop but I was still sweating bullets.

    source
  • 11111one11111@lemmy.world ⁨1⁩ ⁨day⁩ ago

    I want to frame this and hang it on the back of my bathroom door like every framed spiritually motivating quote overlaying a stock photo that every fuckin boomer aged leather ballsack skinned from hitchiking the US cuz their parents asked them to get a job but all the got were the same stds and athletes foot from showering amd fucking in public shitters, kind of hippie. You know the one, cuz their bathroom smells so bad of potpourri your eyes water and you just know everything you eat for the rest of the day is going to taste like that dirty fuckin hippie’s potpour-fuckin-eeee.

    Someone should sell on Etsy, framed motivational stock photo quotes of all of ocean’s greatest moments in green text history. Lol

    source
  • lessthanluigi@lemmy.sdf.org ⁨1⁩ ⁨day⁩ ago

    That explains why I was just trying to update my friend’s motherboard’s firmware and it locked him out. He had to reinstall his os.

    source
  • dditty@lemmy.dbzer0.com ⁨21⁩ ⁨hours⁩ ago

    I’m trying to get secure boot working on cachyOS using sbctl but my Razer Blade laptop’s bios seems locked and won’t let get it in setup mode. Anyone know if it’s possible to clear vendor keys on razer’s American mega trends UEFI?

    source
    • Gullible@sh.itjust.works ⁨16⁩ ⁨hours⁩ ago

      You might get an answer on !linux@lemmy.world. I had a similar issue and eventually returned a minipc because of it.

      source
    • green_copper@kbin.earth ⁨15⁩ ⁨hours⁩ ago

      I don't know how to solve the locked UEFI, but there is Shim, a efi-stub which is signed and can be configured to validate your own keys.
      Here is the first documentation I found: https://wiki.gentoo.org/wiki/Shim.

      source
    • black_flag@sh.itjust.works ⁨11⁩ ⁨hours⁩ ago

      Why the fuck is this the place where you ask that?

      source
  • Sylvartas@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

    Fuck, I’m gonna have to enable secure boot (and use windows) to play the BF6 open beta, am I gonna get the same buillshit ?

    If it doesn’t affect my Linux drives I don’t care much tbh, I’ll probably just nuke windows and reinstall it

    source
    • bizarroland@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Even if you enable Secure Boot, you can disable BitLocker, and that will prevent this from happening.

      The only thing BitLocker really does is make it so that if somebody steals your computer and doesn’t have your password, all of your files will be encrypted, so they don’t get your files too.

      Depending on your risk preference, it is okay to disable it.

      source
    • JigglySackles@lemmy.world ⁨9⁩ ⁨hours⁩ ago

      I was going to try the BF6 open beta. It uses javelin anti cheat which is kernel level and requires secureboot on and active.

      Complain about that in the steam forums though and ignorant troglodytes come out of the muck and filth to screech “cheater! Stupid boomer can’t figure it out!” and other drivel.

      source
      • mr2meows@pawb.social ⁨6⁩ ⁨hours⁩ ago

        steam is so insufferable

        source
    • derpgon@programming.dev ⁨1⁩ ⁨day⁩ ago

      If you use Rufus to burn the IDO into the USB, there is an option to patch the ISO to not require secure boot.

      source
      • Sylvartas@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

        It’s not a windows issue, BF6 has a some requirements for their anti cheat including secure boot and TPM

        source
        • -> View More Comments