FSF Urges Moving Off Microsoft's GitHub to Protest Windows 11's Requiring TPM 2.0 (fsf.org) 145
TPM is a dedicated chip or firmware enabling hardware-level security, housing encryption keys, certificates, passwords, and sensitive data, "and shielding them from unauthorized access," Microsoft senior product manager Steven Hosking wrote last month, declaring TPM 2.0 to be "a non-negotiable standard for the future of Windows."
Or, as BleepingComputer put it, Microsoft "made it abundantly clear... that Windows 10 users won't be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support." (This despite the fact that Statcounter Global data "shows that more than 61% of all Windows systems worldwide still run Windows 10.") They add that Microsoft "announced on October 31 that Windows 10 home users will be able to delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates."
But last week the Free Software Foundation's campaigns manager delivered a message on the FSF's official blog: "Keep putting pressure on Microsoft." Grassroots organization against a corporation as large as Microsoft is never easy. They have the advertising budget to claim that they "love Linux" (sic), not to mention the money and political willpower to corral free software developers from around the world on their nonfree platform Microsoft GitHub. This year's International Day Against DRM took aim at one specific injustice: their requiring a hardware TPM module for users being forced to "upgrade" to Windows 11. As Windows 10 will soon stop receiving security updates, this is a (Microsoft-manufactured) problem for users still on this operating system. Normally, offloading cryptography to a different hardware module could be seen as a good thing — but with nonfree software, it can only spell trouble for the user...
What's crucial now is to keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions.
Or, as BleepingComputer put it, Microsoft "made it abundantly clear... that Windows 10 users won't be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support." (This despite the fact that Statcounter Global data "shows that more than 61% of all Windows systems worldwide still run Windows 10.") They add that Microsoft "announced on October 31 that Windows 10 home users will be able to delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates."
But last week the Free Software Foundation's campaigns manager delivered a message on the FSF's official blog: "Keep putting pressure on Microsoft." Grassroots organization against a corporation as large as Microsoft is never easy. They have the advertising budget to claim that they "love Linux" (sic), not to mention the money and political willpower to corral free software developers from around the world on their nonfree platform Microsoft GitHub. This year's International Day Against DRM took aim at one specific injustice: their requiring a hardware TPM module for users being forced to "upgrade" to Windows 11. As Windows 10 will soon stop receiving security updates, this is a (Microsoft-manufactured) problem for users still on this operating system. Normally, offloading cryptography to a different hardware module could be seen as a good thing — but with nonfree software, it can only spell trouble for the user...
What's crucial now is to keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions.
I've moved off Github (Score:5, Interesting)
I don't use Github, because I don't want them to strip the copyright from my source code -- which I think is a bigger issue than requiring TPM for a piece of software.
That protest has accomplished absolutely fuck-all.
Re: (Score:2)
Github strips the copyright notice from your source code?
Re: (Score:3, Informative)
They "learn" your code and stick it into an AI memory, which then repeats it as verbatim snippets without proper attribution whenever someone asks copilot to write some similar code.
Re:I've moved off Github (Score:4, Informative)
GitHub does not use code from private repos for AI training.
https://docs.github.com/en/sit... [github.com]
Re: (Score:2)
What about non-private ones, aka publically readable?
Re: (Score:2)
If your repo is public, what is your concern? By making it public, you consciously give anyone the right to view and copy your code. https://docs.github.com/en/rep... [github.com] If you don't want your code to be used by others, including for AI training, make it private!
Re: (Score:2)
The link you posted confirms the opposite is true.
```
You're under no obligation to choose a license. However, without a license, the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work
```
Re: (Score:2)
Take a look at the very next paragraph highlighted as a "Note":
If you publish your source code in a public repository on GitHub, according to the Terms of Service, other users of GitHub.com have the right to view and fork your repository.
Re: (Score:2)
There's a big difference between "published" and "public domain".
You seem to be using the term "public" specifically to refer to the former and conflate it with the latter.
Re: (Score:2)
As the linked page states:
If you publish your source code in a public repository on GitHub, according to the Terms of Service, other users of GitHub.com have the right to view and fork your repository.
In other words, by publishing your code as "public" you are, based on the TOS, giving people to view and fork--make copies of--your code. To "fork" means that the person intends to use the source code for further development, in other words, basically whatever they want to do with it.
Re: I've moved off Github (Score:2)
Who are you going to believe, Microsoft or a random poster on /.? LOL
Re: (Score:2)
Well, considering that Microsoft can be sued if they publish information that is false, I'll go with Microsoft (i.e., the link I posted).
Re: (Score:2)
Should we have believed them when they said Siri was listening to them and placing relevant ads?
Re: (Score:2)
How is that any different from every other AI out there? You know, like how Anthropic settled with the RIAA and preventing their AI from doing song lyrics? Or other companies suing OpenAI and such for the same thing?
Everyone's training AI on anything they can get their hands on. Copilot is but one of the many programming LLMs ou
Point me to a better solution then... (Score:4, Informative)
Please, point to me a better solution for an enterprise system, especially one that works in the cloud, or on prem, with arguably one of the best ways to keep it maintained as an appliance... and it even works well on Proxmox.
GitLab is sort of there, but not really. BitBucket... Ten years ago, it was a decent solution. However, after Atlassian's redoing of licenses, IMHO, it just has fallen behind. Even Amazon knows this and has stopped offering CodeCommit to new accounts.
Gitea/GOGS are good for small project things, but definitely not enterprise solutions where the Git server is a bedrock of the business. GHE (GitHub Enterprise) offers a ton of functionality, be it runners, issue tracking, even wiki pages, and on the backend, is easily backed up, either via snapshots, or "ghe-backup" from another machine, to ensure a consistent backup of the contents.
Yes, one -could- get by with GitLab or even BitBucket, but why pay more for a solution that (IMHO) does less, and is less maintainable? Upgrading on-prem GitHub Enterprise is really easy, and you can choose how often to do patching. For example, one company, I did every 3-6 months and when a minor or major version was released. Another company had a monthly window, where I took the GHE instance completely down, snapshotted and backed it up as a manual full, did the update, ran tests, and let the users back in. Still another company had a weekly outage window to ensure GHE was always at the bleeding edge. In all cases, a VM snapshot before was good enough for peace of mind, but it didn't hurt to bring it down, and do a complete full backup so everything is consistent, as well as a "ghe-backup" for an app data level backup. For HA, you can easily have multiple GitHub Enterprise instances, and licenses are easy to move between on-prem and cloud installs.
I generally am cynical with anything from MS, but GitHub CS is actually surprisingly good as well.
I know this is an ethical thing, but it would be nice if there were something F/OSS that had the feature set of GitHub Enterprise. Gitea is okay for throwing some repositories in for IT people, but if a company is a dev house with $DEITY knows who, running $NURGLE in the way of applications and third party tools for CI/CD, one needs a top tier Git server that is what people assume one uses anyway.
Re:Point me to a better solution then... (Score:5, Insightful)
Why are people so allergic to running their own git server?
Re:Point me to a better solution then... (Score:5, Interesting)
In a lot of companies, they have a cloud first initiative. If a new service or app comes along, it has to be done in the cloud, as opposed to on-prem. The ironic thing is that GitHub Enterprise is insanely easy to get working. Proxmox, VMWare, Hyper-V, or AWS, one can stand up one of their appliances.
I wish that were not the case, because almost every company needs a Git server, and ideally, it should be on-prem for sanity's sake.
Re:Point me to a better solution then... (Score:5, Informative)
Which is utterly stupid. There are plenty of situations where demanding stuff happen "in the cloud" is a detriment. I'll throw this one out there: EPIC, one of the most common electronic health records out there, has a function where medical records are somehow stored "in the cloud." Well, if there was proper access control, maybe it would be okay. However, I was working at a clinic in Wisconsin not long ago, and looked up a new patient. Now, by all accounts, maybe I should get access to the medical records of the patient if it's actually linked to them, even by SSN. But no. I put in this common name, and was hit with medical records from literally all over the United States. I'm in Wisconsin, and here are someone's entries showing up from Fort Lauderdale. So even if I can't access the actual data, it's still a raging HIPAA violation. I didn't investigate further, but the insinuation was that I could pull up some random person's medical records.
Now, I'm sure there is some kind of legal bullshit in the EULAs (which I as a 1099 contractor don't deal with, the practice managers do), or more likely buried in the HIPAA form that the patients blanket-sign, which somehow allows this nonsense. Now what I did do, because it's about the only way I could legally check it, was look up myself. Thankfully, the only thing I found was a fucking dental record that I couldn't care less about. But it was truly terrifying.
Now, if practices would keep their data on their own machines, there would be absolutely no opportunity for this to happen. I can think of countless ways that some criminal could go get all sorts of information for blackmail or worse using this kind of garbage.
Incidentally, I applied to EPIC because I wanted to improve their disaster. I was rejected in 24 hours. Then I guessed I'd just go back to curing the sick and let this shit show implode. And yes, I've given up reporting this kind of computer security shit to the government about eight years ago, because they don't care, and your employer and the companies involved inevitably try to cover their ass by accusing you of "hacking."
Re: (Score:2, Insightful)
Where I work, they are so HIPAA allergic that you aren't supposed to look up even your own record without going through inane permission hoops. You'd have been fired for cause.
Re: (Score:2)
Thankfully I didn't have to deal with that one. But then again, we are talking about organizations that are so braindead that they leave their security cameras on the organization-wide LAN with the default passwords, use one password for everybody from the doctors to the nurses to the kitchen staff, throw everything open on a Windows share drive, and even do bullshit like throw their entire ER medical record database on another open Windows file share so anybody (again, the housekeeper, even) can access it,
Re: (Score:2)
Many people don't want to become a sysadmin for it, making it available on the wider internet (which some people need, others just want and don't need), backups, and securing it, etc.
Re: (Score:2)
Excuse my ignorance. I'm a noob with only experience from a small company. I would imagine installing some basic bare bones linux server, enable ssh server, allow logging only using keys. Perhaps restrict what commands can be started over ssh and set up some groups for controlling who can access which project. Use firewalling
Re: (Score:2)
Many people don't want to do this. You missed the first 5 words.
Re: (Score:2)
That sounds like a reasonable approach for ssh. If you want to add a little more defense in depth, you could also put that configuration behind a VPN (so ssh isn't exposed "to the world" at all).
Home ISP server bans and IPv4 address exhaustion (Score:2)
A lot of individuals are behind home Internet access providers whose acceptable use policy specifically forbids running an on-premises server accessible to the public. And even if they didn't, there just aren't enough IPv4 addresses to go around.
Re: Home ISP server bans and IPv4 address exhausti (Score:2)
FFS, really? Someone clever enough to need a github server can't figure out how to set up a private github server on a VPS 'server' on Azure, Amazon, or other virtual host provider?
Of course, that assumes the coder is actually concerned about their ISP enforcing this policy on an end-user account running a github server for a few buddies.
If a commercial developer is running a residential ISP account to host their business, they are crazy - business class service with static IPs and aggressive recovery commi
Re: (Score:2)
Of course, that assumes the coder is actually concerned about their ISP enforcing this policy on an end-user account running a github server for a few buddies.
Some ISPs are known to enforce this policy by putting IPv4 behind NAT and/or by blocking incoming TCP SYN packets even on IPv6. T-Mobile US Home Internet does both. There is no port forwarding or DMZ setting on the gateway that T-Mobile leases to its customers.
If a commercial developer is running a residential ISP account to host their business
The use case I had in mind was a hobbyist developer hosting their hobby projects.
business class service with static IPs and aggressive recovery commitments are only a few dollars more a month
I've read comments on Slashdot claiming that ISPs in some regions don't offer business-class service to individual customers, only to registered businesses. I've read oth
Re: (Score:2)
Re: (Score:2)
What VPS provider offers enough resources for Gitea for 1 USD/mo?
Re: (Score:2)
Probably because these cloud services make it frictionless to get going. Personally I think companies developing proprietary software should be running a dedicated server that is running under their control. Doesn't mean the server has to be on site, it could be running on an EC2 or VM somewhere, but the people who set it up, administer it and backs it up are working for the company.
Re: (Score:2)
It's not just git, it's the rest of the functionality that these thing (GitHub, GitLab, BitBucket, whatever) provide. Pull requests with in-context review comments, discussion on commits, fast full text search on commit log, etc.
Re:Point me to a better solution then... (Score:5, Insightful)
Because "run your own server" is exactly what majority of the people do NOT want to do...for anything. This is why the cloud services can make a business out of running a server for people.
It is clear that you can you replicate almost any cloud functionality (storage, document editing, git, website etc.) by running your own server. It's not what people want to do - they don't want to fiddle with DNS and Firewalls and so on. Those who know how to do this are already doing it. The vast majority just want to open their chrome and use the web-app.
The sooner the FSF/OSS/Linux people understand this, the sooner they will stop making things like Mastodon expecting it to replace X/Twitter.
Re: (Score:2)
GHE (GitHub Enterprise) offers a ton of functionality, be it runners, issue tracking, even wiki pages, and on the backend, is easily backed up, either via snapshots [too boring, stopped reading]
Build agents are everywhere, both integrated with code hub solutions, and separately. A separate one isn't hard to integrate in with your code hub of choice. Setting up one or a hundred wiki's is about ten minutes work. Github is, if anything, slightly more convenient, but adding the word "enterprise" doesn't make it that. If you're an enterprise outfit and can't manage to own your own solution then you're not an enterprise outfit. Jesus, it's basically snapping together a duplo tower from blocks.
Your j
Re:Point me to a better solution then... (Score:4, Informative)
Re: (Score:2)
GitLab is fine for commercial use IMO. We use it in our place and it suits our purpose, running on site rather than the cloud. Biggest issue with it is the free version is gimped in certain ways to encourage use of the professional version which costs $$$ to use. Also, GitLabs CICD pipeline files can quickly grow from manageable to incomprehensible.
Better solution.. Don't use Windows? (Score:4, Informative)
If you're being forced to use windows due to some kind of vendor lock-in, you've already lost. Unless you're using specific engineering software your app is probably already cross platform and/or usable under WINE/Proton. If you're using engineering software you can probably afford whatever the microsoft tax costs you.
Given a USB stick with Debian 12 or Ubuntu on it most 16 year old high school kids can probably upgrade/crossgrade all the computers in a computer lab/church/non profit in an afternoon, especially if they're vanilla dell/lenovo desktops, which there's a good chance they are. Chrome looks/feels the same on debian 12 as it does windows 10
Re: (Score:3)
What do you use as an alternative? How well does it work for you?
Re: (Score:2)
I use Debian 12 and Chrome except for Steam VR and Autodesk Fusion which run on an old shitty install of windows 10 on an SSD that's floated between countless desktop and laptops over the last ~12 years. I only need to boot in to windows maybe twice a month
Re: Better solution.. Don't use Windows? (Score:4, Insightful)
So you .... use Windows.
Re: (Score:2)
Should we be using Epiphany instead? (Score:2)
Firefox relies on Google Search ad money just as much as Chrome does. That's why in November, Mozilla protested the remedy [slashdot.org] in the recent US antitrust case against Google. The only major free web browser using a rendering engine that doesn't is GNOME Web (codename Epiphany). It uses Apple WebKit, which is maintained with iPhone money rather than Google Search ad money.
Re: Should we be using Epiphany instead? (Score:2)
Both Firefox and Safari can be configured to use a different search engine to Google. Accept Googleâ(TM)s money and run!
Re: (Score:2)
I'm not the OP you, asked, but I'm also a Debian 12 user. I started with Linux on desktop in 1998; bought a boxed copy of RedHat at a Windows 98 release party at a CompUSA.
And I don't have a reason to boot into Windows. First thing that happens when I get a new laptop is Debian goes on it. I don't really game, but Steam is nice for keeping some stuff on here I can play when traveling and feel like a game.
Admittedly I mostly code. With Microsoft tools. VSCode, deploy to Azure, cross-platform apps that run on
Re: Better solution.. Don't use Windows? (Score:2)
Or even worse, being dependent on a legacy Windows software using features that Wine never bothered to implement for decades?
I'm speaking about DOS-style file locking and sharing, a feature introduced in DOS 3.0 around 1985 or so. I'm aware of people who STILL run the aforementioned software in Windows NT 4.0 virtual machines under Linux, so it's definitely not a bleeding edge feature either. But WINE can't or won't implement it. Users of that software aren't willing to lose it, even if it means staying on
Re: (Score:2)
>"Chrome looks/feels the same on [Linux] as it does windows 10"
So does Firefox, and that is what we should be promoting, not Chom*. (And so does LibreOffice, Thunderbird, GIMP, Krita, Steam, Kdenlive, Audacity, VLC, Visual Studio, FreeCAD, Blender, FileZilla, HandBrake, VirtualBox, etc, etc).
TPM 2 (Score:5, Interesting)
I doubt this form of protest will do very much, but I agree with the sentiment about putting pressure on Microsoft on the TPM 2 requirements.
This is going to create so much hardware waste much sooner. Hardware that is in perfect working order.
Only two of my Intel PCs meet the requirements for Windows 11. Some of my other hardware has 16GB of RAM , i7 & SSD, but Microsoft doesn't want them to run Windows 11.
Gone are the days when hardware has a 2-3 year lifespan. My daily choice is a 13" Dell XPS 13 - which is nearly 8 years old. Beautiful screen (3200x1800), 16GB RAM, SSD, i7 processor. I run Visual Studio & SQL Server on it daily. I use ThrottleStop to slow it down and keep it a little cooler on my lap - but it was a fantastic purchase.
This TPM 2 requirement is just going to mean I will migrate more of my home environment to Linux.
I also use Defender Control to periodically disable Microsoft's antivirus - a problem of their own creation. All disk IO being run through that slows down disk access and increases CPU usage. And what about CompatTelRunner.exe using 100% of one of your CPU cores for extended periods to send telemetry to Microsoft? Maybe Microsoft should focus on fixing more important issues.
Re: (Score:2)
Maybe this will mean I can get a cheap
Re:TPM 2 (Score:5, Interesting)
I suspect the issue is a bit more about the technical politics of the industry. Remember that before the 8th gen from Intel, you had all those Meltdown/Spectre vulnerability issues, and how much performance was lost to mitigate those via operating system patches. So, make it so you need 8th gen or newer from Intel. But, Microsoft couldn't say that Intel security problems were the reason, because Intel might get upset at their problems being pointed out. So, "let's require TPM 2.0", which also hurt AMD support. First and second generation Ryzen weren't so popular back in 2018, so Microsoft could just point to TPM 2.0 being the requirement.
Even now, Microsoft says you can install Windows 11 on a non-compliant machine, but it won't be supported.
Why do people use GitHub anyway? (Score:3)
For open-source stuff, sure, use GitHub or GitLab. Personally, I prefer GitLab just because it's not Microsoft.
For anything commercial, why are you storing your repositories on someone else's computer? If it's proprietary, it should be running on your own, closed Git server. If you want to put that in the cloud, fine. The point is: if it's your own server, you can lock down access. If it's GitHub, you cannot - Microsoft can and will peek. Assume the same for all other public Git platforms.
Re: (Score:2)
The nice thing about GitLab and GitHub is that they can be used on prem. No worries about cloud stuff.
This is something I agree with, but I am surprised how many companies don't really care that the cloud is someone else's server that they don't have any physical control over. They use it because it is easy, and they can assume the cloud provider is 100% secure on their side with the shared responsibility models.
I do have a public GitHub repository, but that is for stuff I'm distributing. Anything privat
Re: (Score:2)
You seem to have a high opinion of the ability of most companies to "lock down access" to code on their own computers. Most companies do not have highly-trained security specialists that would be required to safeguard repositories on-prem. As a result, I'd say that on-prem repos are more vulnerable, not less, than private repos on GitHub.
Re:Why do people use anyway? (Score:2)
For anything commercial, why are you storing your repositories on someone else's computer?
For the same reason I pay someone else to generate and distribute electricity. And water. And I don't run my own cables for internet. It's a service and it works and I don't have to hassle with it.
Perhaps you're going to say "but it's easy to run your own server." To which I say: it's not nearly as easy as paying someone else to.
I've got my own software to write and my own systems to run. The ones that are proprietary to me. The ones that people pay me for. I'll spend my time working on those and wil
Why GitHub? (Score:2)
Wouldn't it be a better campaign to urge Windows users to keep using their existing hardware with linux instead...?
Re: (Score:2)
Not speaking in any way for the FSF here and I haven't checked what they say, but GitHub is very strategic to Microsoft's plans for the future. Microsoft spends a huge amount on their own developers and also on supporting outside developers. They very much want to replace most of those with non software people using AI to convert their ideas to software wherever reasonable. In order to do that they need access to the workings of competent programmers. GitHub, which has a huge repository of code, linked with
Re: (Score:2)
Re: (Score:2)
Switching to GNU/Linux is indeed part of this campaign. From the FSF blog post, with my emphasis:
Getting off GitHub is more for those develope
merry clickbait to y'all (Score:3)
how does the most humble "drop in a bucket that counts" suggestion, the last in a string of examples of possible actions to pressure microsoft ...
keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub.
... become the main rallying cry in an imaginary crusade? well, kudos to editor david for outdoing himself in the black magic of obnoxious and cringey clickbaiting.
that said, while microsoft's decision was clearly backhanded and does have implications on the ability to run free software on those machines, i don't really see how that's an interesting fight for the fsf. it is already proprietary and excluding software platform anyway (although not as excluding as apple today btw) so what would you expect? and they seem to have shot themselves in the foot with even less windows 11 adoption, which is a good thing and rises the oportunities for competition. instead of picking at silly decisions by corporations, why not promote and educate people on the good value that free software has?
because money? the tpm thing is just a red herring, a convenient enemy to point at. the blog entry actually is just another vague call to promote linux and, most importantly, financing with more contributing members for the fsf. arguably a desperate and clunky attempt, but the headline and post slashdot fabricated out of this is really some utter, retarded, braindead nonsense. it's sad to watch this once venerable site hit such lows.
github sucks (Score:5, Insightful)
And that's a much better reason to move off of it than the link to a TPM being required to install Windows 11.
What I thinks sucks the most about it is the bug / issue tracker. Way back in the late 1990s, bugzilla was already far more advanced than anything github has today. Frankly, I have never seen a bug tracking system as bad at github's, and I have seen many over the decades.
The worst thing about the github issue tracker are the rampant bots. They allow issues that are valid, with plenty of detail to reproduce the issues, to be closed without having ever been looked by any human being, simply because the developers are on vacation/overworked/otherwise occupied. I would argue that there is never a reason to automatically close a bug. Even if the bug reporter has moved off the project or even died, not getting a response from them doesn't mean the status of the bug changed. It should always be the job of a human being to make the decision to close a bug, whether it's fixed, won't fix, invalid, need more information, not reproducible, etc. No bot can choose between these statuses.
Was the FSF New Years Resolution to be stupid? (Score:3)
What is the alternative to requiring the use of the widely implemented and open standard known as TPM? A Microsoft developed, Microsoft controlled, Microsoft owned security module in every PC? HELL THE **** NO!
It's 2025 now. We've shown time and time again that hardware security is something that is starting to become necessary. If the FSF were consistent they'd also boycott everything to do with Apple Secure Enclave, ARM TrustZone (used by Android). And I think you'll find when the FSF goes against all forms of hardware security they will lose a lot of credibility.
Surely they can find something else to bitch about Microsoft. There's so many things they could protest against instead of implementing an open widely used standard.
Re:Was the FSF New Years Resolution to be stupid? (Score:4, Insightful)
And isn't a TPM just an essential component of a Trusted Computing Platform? If you can't trust the OS you run on, then it becomes hard to secure your server.
Is there some reason Linux can't use TPM?
Re: (Score:3)
And isn't a TPM just an essential component of a Trusted Computing Platform? If you can't trust the OS you run on, then it becomes hard to secure your server.
Is there some reason Linux can't use TPM?
Linux can absolutely use TPM.
Having TPM on all new systems is a good thing for security if you can put your own keys in.
Maybe the FSF should focus on *that*.
All those systems that can't upgrade to Win 11 will be great candidates to convert to free or open systems too.
The Microsoft Windows lock in for consumers has been considerably loosened since they killed netbooks. Many consumers do everything on a phone, tablet, chromebook or Macintosh. More software is developed for web or android/iphone than windows
Re: (Score:3)
Is there some reason Linux can't use TPM?
Have I got news for you. Not only does Linux support TPM just fine but there's even a systemd command to check which TPM version you're on.
"systemd-analyze has-tpm2"
I sort of wish I was joking while also being happy that Pottering gave me the opportunity to annoy so many people here by bringing it up.
Sadly for everyone systemd provides the most widely accessible support for doing something useful with TPM right now. By that I mean systemd-cryptenroll is available by default on many distros and you can absol
A bunch of utter BS (Score:5, Informative)
Matthew Garrett, a well known Linux developer, has debunked this utter BS from FSF: https://mjg59.dreamwidth.org/7... [dreamwidth.org]
TPM is not used/not needed for DRM but it's a great deal of extra security for Windows.
Re: (Score:3)
Matthew Garrett, a well known Linux developer, has debunked this utter BS from FSF: https://mjg59.dreamwidth.org/7... [dreamwidth.org]
TPM is not used/not needed for DRM but it's a great deal of extra security for Windows.
I don't think your link supports your point very well.
My job involves writing a lot of TPM code. ... pretty much all software DRM is at least somewhat broken ... This is why higher quality media tends to be restricted to clients that implement hardware-based DRM.
In any case, from what I remember from ages ago the concern wasn't just what is happening, but rather that once the hardware is widespread various things will start requiring "trusted" code signed by someone other than the user. Also I should note that the Free Software Foundation is not the Free Media Foundation and so their focus is more on the software.
Question (Score:2)
Windows 10 home users will be able to delay the switch to Windows 11 for one more year
Does this mean come October, Microsoft will unilaterally disable any Windows 10 Home user, or is this is awkward way of saying they won't get any more updates?
Re: (Score:3)
In October 2025, Microsoft will stop providing updates to Windows 10 licensees who have not paid extra for extended support. This means users will be vulnerable to whatever worm is going around the week after the final Patch Tuesday.
Force Microsoft to give LTSC to consumers (Score:2, Interesting)
If no TPM 2.0 stops WIn11, I'm fine! (Score:2)
I don't like Windows. I never did. But I sadly have one machine on which I need it. That one currently is on Win 10 and I most definitely do not want it to be upgraded to the even more privacy-invasive, ad-invasive, user-ignoring Win 11. Fortunately, it doesn't have TPM 2.0, so it currently can't, which suits me just fine.
What's more, that machine is aging and I've started to worry that it will physically break down within 1 year or so - judging by what happened to my earlier ones.So, recently, I went sh
My computers have TPM 2.0 but won't upgrade (Score:2)
My computers have TPM 2.0 but won't upgrade to Windows 11 because the CPU is allegedly no longer supported.
What's that got to do with FSF? (Score:2)
Would be On Linux By Now Except for Snap/Flatpack (Score:2)
The CPU requirement seems worse than the TPM one (Score:2)
Windows 11 has two main requirements that Windows 10 doesn't that will send a lot of computers to the landfill :
1. the TPM requirement
2. the "modern CPU requirement" -- Intel [microsoft.com], AMD [microsoft.com] -- if your CPU isn't on the list, it doesn't work. (Without the hacks, of course.)
All that said, of the many computers I've evaluated for "will they run Windows 11", while it's the TPM requirement that gets the most press, it's the CPU requirement that nixes most of the computers that I've looked at that get nixed -- a lot of old
Windows and GitHub?? (Score:2)
Fresh install has different requirements (Score:2)
No One Should be On Github Any Longer (Score:3)
Re:Move off Github to Protest TPM?? (Score:4, Insightful)
Isn't there a crack/hack/workaround/reacharound?
Re: (Score:2)
As I believe Bill Gates once said, Microsoft would much rather you were on a pirated (their misleading term for unlicensed copying) copy of Windows than on a legal copy of Linux. Better to install something else.
Re: (Score:2)
I guess that shows how confident M$ is then. They clearly believe they can force the masses to do their bidding and still count on being paid more and more for it ... Reminds me of Inkjet printers.
Re: (Score:2)
>"I guess that shows how confident M$ is then. They clearly believe they can force the masses to do their bidding and still count on being paid more and more for it ... "
And, yet, that is exactly what Microsoft has been doing for decades and there is no reason to believe they won't continue to get away with it.
Alternatives are better than ever- faster, cheaper, more secure, just as easy (or easier) to use, no tracking, no privacy, no forced cloud logins, no forcing specific applications, no activations,
Re: (Score:2)
As I believe Bill Gates once said, Microsoft would much rather you were on a pirated (their misleading term for unlicensed copying) copy of Windows than on a legal copy of Linux. Better to install something else.
He made that comment a very long time ago, before they started demanding serial-numbers before an install (or later, activation). I can't remember if Win95 required such a serial number but I believe Win 3.x did not so that would date it.
Re: (Score:2)
They stopped requiring serial numbers for Windoze installs years ago.
And MAS [github.com] is on Github, they haven't done anything about it.
Re: (Score:2)
With a quick mainboard model lookup, I was able to purchase a compatible TPM 2.0 module for about $30 CAD. Plugged it into applicable headers and flipped a BIOS setting.
I don't entirely understand the issue. Companies take stances on things all the time. I remember when hardware companies started to shed parallel ports, and I was kind of upset. Cell phones shed headphone jacks, which I still don't entirely understand. And when Microsoft pushed the Ribbon UI on us (and I'm still upset about it)
I don't k
Re: Move off Github to Protest TPM?? (Score:2)
It an excuse for MS-bashing Linux advocates to take swipes at Microsoft.
Apple 'retires' hardware after 7 years, dropping all support, yet no one talks about their greedy upgrade policy, or acts like running an unsupported version of the Mac OS is an impossibility.
They add that Microsoft "announced on October 31 that Windows 10 home users will be able to delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates."
Uh, pretty sure you can keep running Win 10 once MS drops support for it, you just won't get security updates unless you pay MS $30.
Lets not forget the MS Windows 11 installer accepts Win 7, 8/8.1, and 10 RETAIL product keys to install the OS on ne
Re: (Score:2)
I feel you. I think the shedding of parallel ports was probably due to a combination of reasons: The fact that with the various serial busses (like USB) you could chain things, and the form factor. There were obviously other ways to go about that, though. I, too, miss parallel ports but like everyone else I've had to adapt.
Similarly, I think the 3.5" jack elimination was because of form factor. But of course there was always the idea that eliminating it pushed people into using more expensive, proprietary
Re: (Score:2)
It's not well demonstrated by the summary or one of many linked articles but the problem is more the expectation that this device will be abused against users and be expected to be a new norm among "well-behaved" user machines.
CCP backed gaming companies are already using TPMs to identify user hardware to decide if their configuration is tame enough, or has been previously banned.
DRM trashed streaming services are using TPMs to confirm "secure operating system" requirements, the only true security concern i
Re: (Score:3)
TPMs are a double-edged sword. They can hardware enforce DRM as in consoles, or they can be what allows a business laptop to be in the field with less worry about the data on it being compromised.
Before a TPM, one had third party programs like PGP Desktop and SafeBoot. Both would store username/password tuples in their area of disk [1], and allowed for authentication to a domain before the OS even loaded. Downside is the concern of an evil maid attack, which is highly unlikely, but doable.
A TPM not just
Re: (Score:2)
There is. But Microsoft could easily push an update that does away with it and leave you with a broken OS.
Re: (Score:2)
there are work arounds for the tech savy/literate... not for the 99% of computer users out there. We're in a silo here with most of slashdot being somewhat tech wise (sometimes)... but we do not represent the majority.
the solution to the rest of the population are:
a- keep using windows 10 without updates (no one will pay $30 for a year of security updates)
b- buy a new computer
c- upgrade the mobo on their old computer to support TPM 2.0
d- create an installable version of windows 11 without requirement for T
Re: (Score:2)
When you're a star company you can grab customers by the TPM.
Yeah, well, to extend that analogy, that's pretty much what TPM is. Except that it seems have to developed some major venereal disease after Microsoft tapped it.
Re: (Score:2)
So, is there a work-around for the reach-around?
Re: (Score:2)
So, is there a work-around for the reach-around?
I don't really know. I figure douching with Listerine might be a good start if you've used any Macro$hit product in the last few years. Because, you know, it can always Recall you.
Re: (Score:2)
Re:Move off Github to Protest TPM?? (Score:5, Informative)
2. When you see the above message, press Shift+F10 (Or Shift+fn+F10) on your keyboard at the same time to launch a command prompt. At the command prompt, type regedit and press enter to launch the Windows Registry Editor.
3. When the Registry Editor opens, navigate to: HKEY_LOCAL_MACHINE\SYSTEM\Setup, Right-click on the Setup key and select New > Key. When prompted to name the key, Type LabConfig and press enter.
4. Now right-click on the LabConfig key and select New > DWORD (32-bit) value and create a value named BypassTPMCheck, and set its data to 1.
5. Once you configure the BypassTPMCheck key-value under the LabConfig key, close the Registry Editor, and then type exit in the Command Prompt followed by enter to close the window. You will now be back at the message stating that the PC can't run Windows 11. Click on the back button in the Windows Setup dialog.
6.You will now be back at the screen prompting you to select the version of Windows 11 you wish to install. You can now continue with the setup, and the hardware requirements will be bypassed, allowing you to install Windows 11.
Re:Move off Github to Protest TPM?? (Score:4)
Step 7: Consider instead installing Linux, rather than going though all that effort to (temporarily?) install an OS that is being actively hostile to you and your needs. Progress in emulators and VMs may already cover your Windows needs.
Re: (Score:3)
You can also just build a bootable flash drive with the free tool Rufus, and it will take care of all of this for you.
https://www.makeuseof.com/rufu... [makeuseof.com]
Re: (Score:2)
Luck has nothing to do with it. Ethical people avoid market corruption, meanwhile, the greedy will pay the price for their selfishness once again. The unintelligent learn slowly. This is just evolution in action.
Re: (Score:2)
I bought a nice Dell laptop eight or so years ago. It still runs fine -- but has a too-old CPU, so Windows 11 will not run on it. I didn't buy a shitty laptop, Microsoft just made a decision to force people to replace functioning hardware so they can apply Digital Restrictions Management. You were just lucky enough to buy recently enough to get a still-supported CPU.
I bought a Macbook much more recently because it looks like Apple will support that hardware for longer. Also because I wanted lots of RAM
Re: Move off Github to Protest TPM?? (Score:3)
Apple drops hardware support after about seven years, and has for years - your research into Apple's behavior regarding older systems must have some how missed that point.
Control is what matters. (Score:2)
If you the user have full control over what is running on your system (including what is going through the TPM) then yes a TPM is a good thing for keeping things more secure against hackers and malware.
But if there is code running on the system where you the user have no knowledge of what its doing and have no ability to control when and how it runs then that's bad (with or without a TPM)
Re: (Score:2)