In other bad news, Microsoft developers on Twitter stated that 8th Gen Intel or 2nd Gen Ryzen CPUs will, actually, be required to install Windows 11 at all by RTM. If you are on 7th gen Intel or 1st gen Ryzen, there is no mercy. A 2013 MacBook gets more support than a 2017 Windows laptop.
A security director now says that a blog post "clarifying the floor" is coming. But frankly, if this turns out to be a miscommunication, if you read those tweets Microsoft would have to be unbelievably incompetent in their use of words.
Man, even checking their official website makes me want to pull my hair out. Nowhere do they concretely mention either TPM or after some research what should be called TPP for intel. I can only guess that maybe they hide it behind yet another name (maybe Intel® Trusted Execution Technology ?) but the information on this is basically impossible to find on the internet at this point.
On the other hand, 4 more years is a lot, and they'll probably continue to release security updates for a year or two past 10's EOL (like they have with Windows 7).
Yes. It's to ensure Microsoft always have full control over the code running on your device, so eventually Microsoft can require all Windows apps to come from its store, and you won't be able to do anything about it; because the hardware TPM module will reject any attempts to modify it.
you mean in the same vein as the huge epic apple trial? nah. sideloading and app installing will be allowed due to fear of government action. the tpm can ensure system files are not malware infected tho
Is there any justification for the cutoff? It might be possible to just patch out the cpuid check and have the OS run.
If it's boot attestation someone will do it. This is probably to force enterprise vendors to move to devices that better support enterprise management, but yes, it drags us kicking and screaming along with it, at nontrivial personal expense.
"Seems like you are assuming there is a specific security feature that defines 8th gen as the CPU floor. The floor is set for a range of quality, performance, support, and reliability reasons to ensure a great experience."
That sounds quite unreasonable. "You don't deserve to "experience" Windows 11, unless you can afford the newest computers. And if you can't, we won't let you have it. Because maybe it won't work perfectly. Even though you got your computer 4 years ago."
Not true. 7th gen gained Mode Based Execution Control which greatly decreases the overhead of VBS. 7th gen also gained SMM Security Mitigations 1.0 and some UEFI hardening.
The list of supported Windows 10 CPUs doesn't even list my current CPU (Xeon E5-1680v2). I'm excited for the release but they've really bungled their messaging and scared people.
I have an i7-3930k on some Asus MB and it has Secure Boot but no TPM. There's a header for it, but it's empty.
My understanding is that the SB keys are known and verified by the BIOS, not by the TPM.
The TPM is a mechanism to verify that the BIOS (among other things) hasn't changed from a known state. If it hasn't, the TPM will then release some key, for example to automatically decrypt the root partition at boot. I've also seen it used as a store for SSH keys.
This is how the default setup of BitLocker works. On my machine, I have to switch BitLocker to password mode, or type in the key at each boot.
Nvidia which people love to hate has both a console command to generate your x config or a handy gui which lets you set options and then write the resulting config to a file of your choosing. This worked fine in 2003.
Linux on laptops/desktops will only survive if Microsoft maintains their model of working on different types of hardware and not insisting on being the hardware controller. With so many people embracing Apple's approach of one company controlling every part of the stack, I don't think Microsoft will keep supporting their model for long unless forced to.
That isn't Apple approach, rather Apple is the surviving vendor of that approach, which was quite common until the PC came into the scene, thanks to IBM not being able to prevent Compaq from the attack of the clones. They even tried with PS/2, MCA architecture, but by then the pandora box was open.
MacOS diverged enough from *nix I think, to be third camp. Things they do like read-only system drive, app permissions, signed binaries, no package manager.
There are other perspectives other than yours. I've installed Linux for many people: in fact I have an entire family (three kids, a dad and a mom) using Linux as their daily drivers. Zero complaints.
But I was also smart about what distro I put on their systems. Endless OS or Solus, for example, are not prone to breakage on upgrade.
You've been using Linux for a long-time. You should know that Arch and Ubuntu are not the only two choices in this space.
You should also know that when manufacturers weren't threatened by Microsoft to do otherwise, there was a thriving ecosystem of SFF laptops, netbooks, that shipped delightful Linux distros that just worked. Moblin and Jolicloud were fantastic explorations of UI and OS design that might have been.
Same here, most family (except my brother, but he lives abroad) on Linux and no problems. Even better when I switched them from Debian to Manjaro. Debian is still my favorite for tinkering, but to get things done and general stability there are better options.
And here is our main Linux problem: its fragmentation, which is the natural byproduct of its freedom; everyone and his cat can develop or modify things, which translates in different distributions, which of course is a nightmare if you are a software producer with developers paid to port your software to Linux, and that's why a lot of commercial developers either choose one or max two distributions to support or ignore it at all.
One thing the Linux Foundation could do about that is mandating a minimum set of requirements that all Linux commercial software could count on, and all distributions should meet if they want a badge that guarantees the software will be 100% compatible out of the box, or that the host system can be adapted with extremely low effort.
I'm not sure how much having Microsoft as Platinum Member would help with this, though.
Windows support will continue to at least 2025, so it's hardly like users are being left behind - they have multiple years to upgrade, and Microsoft has typically extended its support window when the time comes.
What MS is doing here is forcing OEMs to package TPM 2.0, which will be a massive win for security.
The intel generation is seemingly a bit arbitrary, we'll see how that plays out. But again, it's not like people are being left behind - they have 4+ years of support left.
So now 3 year old hardware won't work on windows 11 which will be the only available option for a lot of people in 4 years.
That's 7 years only, a lot of perfectly usable computers will be get rid of for no reason other than mild security benefit. Seems like they want to go in mobile direction forcing people to buy new hardware every 4 years.
If people are going to downvote the other child comment for either FUD or whatever, could they at least provide reading material/counterpoints as to the benefits for those of us without the MSc in cryptographic systems?
A TPM holds a secret. It's useful for establishing identity, performing signing, etc. Think about the fact that an attacker on your system can take a session cookie, move to another computer, and connect as you. A TPM can prevent this by establishing a cryptographic, hardware backed identity.
This is a very significant win and critical to 'zero trust', which is now something the government is telling people to embrace.
The whole thing with security is silly. They said it about UEFI - and yet I run Linux on UEFI systems all the time. I also have systems with TPMs that run Linux. Works fine.
edit: People are downvoting you now, though I think your question is very reasonable and worth answering. Such is HN, though.
> They said it about UEFI - and yet I run Linux on UEFI systems all the time.
Not just any UEFI, UEFI with SecureBoot enabled specifically. On SecureBoot-enabled systems, you're booting a Microsoft-signed executable that chainloads Grub, which then loads Linux. This has given Microsoft a power they should not have: the power to refuse to sign future versions of that first executable.
As others have said, this is either FUD or limited to specific systems with broken UEFI implementations.
I think the whole "MS-signed Grub" is a way by Ubuntu (and possibly others) to facilitate Linux installation by "non pros". And it's not that bad, I think.
I, personally, use Arch Linux and the installer isn't signed with anything. They have a "do your own signing" policy. I had to disable SecureBoot to install it, because I couldn't be bothered to create a new ISO, but then I registered my own keys to the UEFI and boot directly my own signed kernel [0], without using GRUB at all.
I did all this on multiple generation HP "enterprise" laptops and desktops and it worked without any issue. And those systems don't come with any sort of Linux support from HP.
---
[0] For the curious, this is EFISTUB combined with sbsign, that bundles the kernel image, initrd and CPU microcode in a single EFI binary and signs it. This is then booted directly by the UEFI, and you can even register multiple binaries and have them show up in the UEFI boot selection menu.
Uhm, but on my Thinkpad I have to add keys to load Linux in trusted mode (installer asks to choose a password to lock these keys in order to establish their legitimacy when rebooting.)
Also Ventoy needs to install user-defined keys into UEFI to make it work with Secure Boot.
So my assumption is that - at least on Thinkpads - you can add your own user-defined keys; the only Caudine Fork where a Microsoft blessed loader might be involved is the one used by the distro installer.
When this was first discussed in the early 2000s the very legitimate worry was that it would be introduced as optional and gradually become mandatory terminating in machines where the user had as little control over the hardware/software as a game console.
There is no reason to believe that this wasn't implemented thus far because of the high ethical standards Microsoft folks have historically adhered to and while we are to believe Microsoft has turned over a new leaf much of the current leadership was involved at the executive level in old bad Microsoft.
...So my session cookie gets tied to a crypto key that (for all intents and purposes of what I've gleamed from the marketing speak, is burned into the TPM at the factory) is unique?
I thought we were trying to get away from identifiable fingerprints? This seems like the most unique one you could get.
I'm trying to learn about it, but all google wants to throw up these days is news articles on win11's requirement if it, marketing none-speak about "securing the platform" (which does to a layman, read similar to the other comments cry of lock-in), or dense whitepapers on threat models and cryptographic math.
So, first off, the entire point of a session cookie is to uniquely identify you. Like, if you log into a website, it should be you, right?
Second, you're close but just a bit off. While the TPM has a secret internally, it wouldn't expose that - it would be used to generate other secrets, or to sign things, basically it's sort of like putting a crypto library into your device so that you can perform cryptographic operations without knowing the secrets involved. But yes, there's a seed that gets soldered into the device itself.
I use TPMs to ensure that no one can access our AWS environments from devices other than those we own, for example. I'm not really an expert on this sort of thing, though I do work in security professionally - hopefully I'm not butchering this. There are quite a few experts on the matter who comment on HN though, maybe one of them can speak more authoritatively on this.
edit: Actually, I misread maybe - you aren't off. The session cookie is tied to the TPM - either existing within it, or requiring re-validation via the TPM.
I don't want most session cookies to know I'm the same person from a previous cookie. And even if they know I'm the same person, I'd prefer they still not know whether the device I just logged in on is the same as a previous device.
Separately from that, using the TPM to lock the session cookie to the device sounds useful.
I think we should differentiate a TPM backed cookie from, say, a tracking cookie. It isn't like an arbitrary website can track you with the TPM. TPMs aren't exposed to the web by any browser, at least to my knowledge - except through intermediary protocols provided by something like webauthn or an extension (Extended Verification, for example).
Again, maybe someone more knowledgeable can explain more - I'm a consumer of TPMs, and I understand the concept, but I'm no expert.
For a web exposed use case: TPMs are used as part of Windows's FIDO2 implementation, to make sure that the secret actually cannot be exfiltrated to other hardware.
That doesn't come with any particular privacy concerns however.
Right, I meant that there's no javascript API to communicate with a TPM directly as far as I know. You can still use a TPM as part of your auth to a website, it just has to go through a protocol where the browser handles the interaction. So a website can't leverage the TPM for tracking purposes afaik.
But web is really not so much my thing, so I'm now at the point where I'm probably going to start saying incorrect things.
Well you can't secure normal cookies against extraction with a TPM, because you have to extract them to use them.
So the question is how a particular protocol works, and whether a site can still identify you after you've deleted your session cookie. As far as I understand it, if you were wantonly using webauthn for all your session cookies, it would be relatively easy for a site to check if you're the same person as before.
You would have the TPM hold a secret that's used to repeatedly re-authenticate the session. Though today I don't know that this is often the supported workflow - for example, most of my TPM-based policies only enforce device-authentication on sign-in and not on every API call.
OK? So you log into a website with an email and password and you're OK with moving the cookie to another computer and using it there, rather than having to re-prove that it's you? I don't think you know what a TPM does honestly, there's a clear ignorance in this thread as to how this identity functions - it does not have privacy or tracking implications.
I don't necessarily care about moving a valid session to other hardware as much as I care about being able to create a valid session on any random hardware without having to trust any 3rd parties or rely on any 3rd parties permission.
TPM would be fine if 2 things were true:
1 Only the end user managed the secrets inside. Or at least they could, and without any penalty like "This device is insecure and so you can't use it for X". It's fine if there are default secrets and most people never change them. I'm not sure about this last bit but I think ideally also any factory default secrets should be erasable, no indellible unique serial number.
2 The interior implementation is fully open and disclosed. How the secrets are generated and managed. Not just a description and a promise, but an actual full set of public specs such that any manufacturer can produce a fuctioning device, or even I could out of other parts.
These things would allow the end user to be benefit from the mechanism, while leaving the end user in ultimate final control over their property and their identity and information. And it requires both. 1 is hot air without 2.
Any objections to this are automatically invalid, as they depend something they have no right to.
"I need to know that your computer is not doing something I don't want." is just fundamentally invalid.
I think their might have been some disconnect on how we view the term session cookie (A cookie for a singular browser session vs. one specifically for an authenticated user) but the rest of this is starting to make sense.
No. Every TPM has a factory-supplied unique key called the endorsement key, but every other key on the TPM is randomly generated on the TPM. The keys you actively use /can/ be tied back to the endorsement key, but there's no need for them to be - for most cases, any cryptographic material you generate on the TPM will be indistinguishable from material you generate on the CPU, other than to the local client.
It’s like having a Yubi key soldered into your machine.
Each identity you want to protect has its own key (so its’s not necessarily de-anonymizing) with physical access - pin, biometric verification - required for use.
It’s potentially very useful, although I 100% expect it to be backdoored by every geopolitical block.
The problem is that the TPM holds a secret that even the user cannot access despite being the owner.
This is a very significant win and critical to 'zero trust', which is now something the government is telling people to embrace.
If the government is really saying the equivalent of "trust us, but not the people you usually trust", that should a huge warning sign. The analogies to 1984 are disturbingly close.
Let's say you don't want users to view foobar.com so you convince Microsoft to configure it's browser not to resolve foobar.com.
No problem the users install their own browser.
Now we ask Microsoft to limit software that is signed by it effectively granted permission to run some software but not others. The alternatively browser is right out.
The user installs his own OS now we ask Dell to only allow it's computers to boot software that implements the same restrictions as Microsoft has agreed to.
So the user gets his own computer. Now we simply ask your bank or better yet your ISP not to connect to "insecure" devices that don't follow the standards described.
Now you need a substantial unlatched vulnerability to be able to resolve foobar.com
At it's root to make a users own device effectively restrict what they are allowed to do you need something difficult to defeat that you control and they do not.
At one point a us senator wanted this used to allow music labels to remotely destroy users computers if they believed that you were pirating music and every other restriction described has been implemented or discussed using on user devices belonging to users and most implemented.
You can access TPMs on Linux just fine so this entire "but then what if" chain kinda makes no sense. A TPM restricts nothing on its own, it's just a hardware crypto token.
I mean sure, if Microsoft decided that it wanted to do all of the things you said, and could convince all of the OEMs to help, and a bunch of services and ISPs or whatever, yes, that would suck. It's a totally fabricated hypothetical that would never play out, but sure.
Linux is "insecure", Society^TM supports Windows only, please install Windows to continue using Bank^TM, School^TM, and irs.gov. 'Legacy' tax paying is now unsupported, please use new and improved windows.irs.gov
When trusted computing was first discussed everything but the "trusted" browser blocking a particular website was discussed as a feature not a threat model and you can absolutely see how many consumer devices are currently locked down in just such a fashion.
Accessing the tpm doesn't mean what you think it means. You can't by design get the key out of the tpm nor necessarily control which keys are trusted by local software nor remote machines.
Control of what software is allowed to run is ultimately control over everything else because one kind of control gives you every other variety. The fact that you can disable secure boot or control which keys are trusted is a nicety that could be withdrawn next year along with your ability to run Linux.
Your vendor approved software can then implement any sort of restrictions it pleases and remotely attest to the efficacy of such restrictions.
Yes sir mr Amazon sir user id running trusted windows 11 and can't save or share this video as per your contract with Disney nor are they allowed to view any known pirate sites or sites that look like pirate sites according to our heuristics.
Alternatively. Please upgrade to a trusted windows 11 machine to view this content.
It's not silly hypothetical there have already been devices that used secure boot to lock out alternative OS and allowing third parties a say in what software is run is literally the entire point of remote attestation.
The last sentence is particularly disappointing. The article's analysis is correct and not particularly complicated it stands on its own regardless of whatever bias you possess.
Let's not throw words like 'bias' around when linking to Stallman.
> allowing third parties a say in what software is run is literally the entire point of remote attestation
No it isn't.
We're clearly of two very different minds, there's no way we're finding common ground on this, and I've already done the work of explaining to many people what TPM technology is, so I feel like I've done my part.
There are quite a few computers already where Linux only runs as long as Microsoft provides a signed shim for the boot loader. There was quite a bit of a controversy because of this when secure boot came out.
Really? Which computers? I don't know of any. To my knowledge the entire secure boot thing was blown way out of proportion - Linux users still can install Linux, they can even sign their own bootloaders.
At least HP sold some where it seemed to intentionally disable setup mode for consumer grade hardware[1]. Arm based Surface devices where locked down to WindowsRT using secure boot[2]. The WindowsRT case was basically the foundation of the outrage, not only did Microsoft claim to not abuse its position as only entity able to sign code that would run on nearly all secure boot enabled devices, it immediately released a secure boot enabled product that locked out Linux.
> And how is HP fucking their eufi up a Microsoft problem?
My claim was that there where computers where Linux only ran with Microsofts signature. I listed two systems (HP/Surface) where this is the case. Mainly because finding more is a pain, with support requests more likely to go off to nowhere instead of outright showing that no support for it exists.
One might make the case that Microsoft claimed it would require the ability to add alternative keys and conveniently failed to enforce that claim. If the goal was to blame Microsoft instead of just showing that Secure Boot can be easily used to lock users into one top down approved system.
Not to do the 2021 version of Godwining the discussion but this is like getting vaccinated and concluding covid was overblown.
There is absolutely at least some money to be made locking down machines and corporate America would sell our kidney's for a quarter if they could get away with it.
There would likely have been lawsuits against Microsoft if they had taken further steps on that road but that doesn't mean they won't be interested in boiling us all slowly now or in the future.
It's a token and the ability to attest to others that you are running software signed with a key you don't control making it the root of any effective set of controls.
Without it how do you keep someone from running whatever they please and lying to the machine on the other side of the connection?
You absolutely have to trust whoever manufactured the tpm module not to have back doors.
You have to trust every manufacturer of every other chip the same way also, and we have in fact found incredible breaches of that trust already many times over, and so it's too late to suggest it's a crazy thing to worry about.
The only saving grace with other chips is thst they are generic and at least you usually have your choice of some range of suppliers.
Will I be able to buy a laptop with an intentionally defective or fake tpm if I want, which will allow me to use modern software without trusting anyone?
Probably not. Probably plenty of Chinese manufacturers would be willing to produce them, like all the HDCP defeating hdmi switches, but probably software vendors will have some way to detect and invalidate them.
That would depend on future implementations. For example, should Microsoft one day decide to tie session authentication caching to TPM, then a backdoor in the TPM adds a universal chain for a state actor to log into the OS. Worried about state actors? No, but they hire contractors that I probably don't trust to keep this stuff secure. The OS could of course already have a back door, but reversing their code and finding it is higher risk than a closed access chip. I could envision a mandate to relocate the lawful intercept code from the OS to the hardware.
Another implementation could be used to tie DRM to hardware and then brick any hardware that is in license violation. Actually I can think of many scenarios that have a unique identifier on the hardware could be used/abused by corporations.
It should be noted that I lived through a time when corporations wanted this same setup on televisions. Each TV would have a unique chip that would give corporations control over what a person could watch, or even brick their TV. This was called the V-Chip. [0] And then of course, there was also the Clipper-Chip [1]. In terms of boiling frogs [2], TPM could be the base framework to slowly reintroduce the Clipper-Chip under a different name. i.e. used to boot-strap the pieces of code required to watch movies, buy things, browse the web, anything you can imagine.
The point is that the TPM is an essential element of a set of standards called trusted computing that includes secure boot and more.
It's not that secure boot nor the TPM in any fashion keeps Linux from inherently working. It's that it enables the OEM to decide what software is allowed to boot on the computer and enforce this.
Microsoft typically gives OEMs a substantial break and the OEMs in turn sell most SKUs to 99% windows users and make only a small margin on those devices. A small discount on the cost of windows could make devices disproportionately more profitable and MS might be apt to see a percentage in offering such a discount to help lock out the competition.
They have in fact over the years engaged in far more unethical behavior including investing tens of millions in a "partner's" fraudulent lawsuit/pump and dump scheme against various Linux vendors bankrolling an entire list of felonies.
This is a typical hacker news comment. Not everyone upgrades their PC every week. I know many people using computers much older than the newest unsupported hardware and they will still be using it after 2025. They just won't be getting security updates I guess.
Computers can be in sales channels a long while after they were last made, are kept an average of 6 years and in the case of many machines as much as 12.
Intel stopped taking orders for such chips in April 2020
I don't really get what you're saying, but Windows 10 was released 6 years ago, and they're committing to another 4, so that's a decade of support at minimum.
Windows 10 has a decade of support but devices that were sold relatively recently will have significantly less time supported.
You could have bought a new laptop just 3 or even 2 years ago that will now be effectively obsolete in 4 years.
It's basically the Chromebook model, if you think of it -- and kind of radical of Microsoft to go that route when historically they've never really had stringent hardware requirements beyond the ones for OEMs to put those Windows Ready stickers on.
> sold relatively recently will have significantly less time supported.
OK but the 2025 EOL wasn't a secret, it was announced alongside the Windows 10 release a decade ahead of time, as well as the extended support date of 2029.
So you had a decade of notice for EOL, and currently you have 4 years of notice that you'll need a TPM 2.0.
Maybe you think that's unreasonable, but I'm not so sure.
99% of buyers don't know what a TPM is or if they have one. They also weren't shown such a notice when they bought their PC at Walmart.
Virtually nobody buying a windows machine new today knows that their new machine has less than 4 years of life if it's 7th gen if they even know it's 7th gen.
There may still be machines in retail channels sold new next year since Intel merely stopped taking orders for said chips last year.
If it's EOL in 2025 you could have machines sold new that become unsupported in 3 years whereas the average lifespan of a PC is 6 years.
Why are you defending a metacorp planning on creating untold tons of toxic waste and destruction of millions of dollars of consumer value.
It ought to be illegal to sell a new cimp with less than 6 years of supported life from date of sale and buyers ought to be entitled to a partial refund if this promise isn't kept with the retail seller expecting to get their money back from the OEM who has a contract with suppliers like Microsoft not to do stupid shit like this to necessitate such refunds in the first place.
I'm not defending Microsoft, personally my belief is that:
a) The intel stuff they're pushing is silly and should be loosened, and made part of their Windows 10 label OEM thing
b) TPM 2.0 will be a massive step forward for security, possibly the most significant since XP Service Pack 2, and I understand why Microsoft is getting aggressive about this.
Frankly, I think most people discussing this don't seem to know what the hell they're talking about. I'm really just presenting facts.
If you're asking about TPM in general, the answer is, among other things, cryptographic identity tied to a device. So, assuming it's everywhere, no more phishing for user credentials, no more password re-use attacks, no session exfiltration, and those are just a few - there are many more. Personally, I would rank those threats as being the top threats for the vast majority of users and organizations, so that's not nothing.
If you're asking about 1.2 vs 2.0, 2.0 makes considerable progress on the original specification both in terms of hardening of the TPM and its capabilities, allowing for it to be used in a much more broad set of authorization and authentication schemes.
If tomorrow every user had a TPM, and major services supported it, it would massively change the security landscape - I really can't stress enough that it eliminates some of the most widely exploited attacker techniques.
> you have 4 years of notice that you'll need a TPM 2.0.
It's very uncharacteristic for Windows. Totally unprecedented, both for consumers with no tech knowledge and for the more technically inclined.
This is the first time in the history of Windows where a large portion of the install base will be (ostensibly) totally unable to upgrade.
When you buy a Mac or a Chromebook, you expect this sort of thing. On Windows, though, the expectation has been that windows would at least try to run on the oldest platform even remotely usable, e.g. Win10 (2015) would run on the old Core 2 processors (2006).
It's not the end of the world, it just feels a bit slimy. I'm not one to cry "planned obsolescence" but this restriction (if it's hard enforced and not "just" requirements for OEM licensing) is clearly an attempt to nudge people to buy new hardware. Which is fine. Just unexpected.
The average PC is kept for 6 years meaning people would be expecting to use this new computer they just received say tomorrow as late as 2027. A minority of machined will remain in service as long as 12 years
Historically for most of recent history Linux and Windows both continued to run on machines that were previously supported for much longer than 4 years subject to the machines capability to keep up with present software. For example not all hardware released in the XP era had vista drivers but not only did most XP machines work OK with vista if they had sufficient ram to run but whereas there weren't many machines sold with XP after 2006 MS provided updates to XP for another 8 years.
This means that machines sold in 2006 were either in the OK to update to vista camp or in the OK to stick with XP camp until they were rendered permanently insecure after no less than 8 years of service with machine capable of running vista mostly being capable of upgrading to 7 as well for another 6 years of service.
Even when an old machine has been necessarily retired by the shifting winds of software it normally has been due to being incapable hardware or oems not providing the means to keep moving forward.
It is unprecedented in Microsoft or Linux land for such a monkey wrench to put put in the works. It seems likely that they will end up having to move the date back to allow a greater portion of machines sold including as we speak with incompatible hardware to age out.
For today programs and most games it's perfectly fine. War Thunder, Arma 3 and many other AAA runs max quality without issue; recently COD Warzone required to cut back clutter a little and that was it.
Synthetic benchmarks are almost irrelevant, we've been in good enough territory for a decade now.
I call bullshit on that one, there's no way you are running a CPU expensive game like ARMA on a q6600 at any usable FPS much less max settings, maybe at < 720p with tiny render distance. That game struggled on modern PCs when it came out in 2013, you are claiming an ancient CPU that's 6 years older. Yeah no way.
You're correct, and the dangers of this redefinition of "security" were known even further back:
"Unfortunately, the attestation model in TCG's current design can equally effectively prevent the software on a computer from being changed deliberately by the computer owner with his or her full knowledge and consent. While the owner is always free to alter software, attestation adds a new risk: doing so may now eliminate the computer's ability to interoperate with other computers."
Which can already be seen in action on Android: Various apps refuse to work if you're rooted, and Google is now slowly moving over to hardware-based attestation that probably can no longer be easily fooled.
Remember what they said about Stallman 20 years ago...
Alex Jones is associated with fake news and there is plenty of evidence about that; the same can't be said of Techrights, or at least I didn't find any such claims.
> In other bad news, Microsoft developers on Twitter stated that 8th Gen Intel or 2nd Gen Ryzen CPUs will, actually, be required to install Windows 11 at all by RTM. If you are on 7th gen Intel or 1st gen Ryzen, there is no mercy. A 2013 MacBook gets more support than a 2017 Windows laptop.
By the time Windows 10 support is EOL (2025), those laptops and CPUs will be 8 years old. Right now, Monterey (successor of Big Sur (aka macOS 11) won't suppport MBP 2013. So when Catalina (aka macOS 10.15 / last macOS 10.x version) is EOL, which should happen next year, then MBP is only supported by Big Sur which is probably lasting one more year compared to Catalina. So in two years, the 8 year old MBP 2013 is no longer supported. While its already only receiving security and reliability fixes since that's what Big Sur and Catalina receive. All in all that's 10 years of support, quite massive (but then again there have been very little progress on the CPU performance between 2014 and 2020). You can still run some other OS on any of this hardware, such as Linux or ChomeOS.
Yes, except that Windows 10 installs and runs absolutely fine on a Core2Duo laptop from 2008(I know because I have one).
It might not be officially supported but it works just fine. And with an SSD and 8GB of ram it actually runs pretty well.
And actually, MacOS runs on much older hardware with some simple patches. I also have a late-2008 unibody MacBook Pro that runs Catalina and receives latest security updates. Installing it was a tiny bit complicated but again, it works.
If you meant an Early 2013 MacBook Pro, the current macOS Big Sur doesn't support that. If you meant a Late 2013 MacBook Pro, macOS Monterey releasing later this year drops support for it and all MacBook Air/Pro before 2015 as well as all MacBooks before 2016.
Old versions of MacOS get about 2-3 years of additional security updates. So if you bought a 2017 laptop with a 7th gen processor, you got 8 years of support from 2017 to 2025. Unless you bought Surface Studio 2, which is $3499 from Microsoft and comes with a 7th gen chip so it only gets 4 years of support. If you bought a 2013 MacBook which just got cut off at Big Sur, you'll probably get supported to 2024, or 11 years.
Yes, Apple sucks at legacy support in many respects. Luckily, Macs are only ~10% of the PC market, so they can't create as much of an e-waste disaster.
Two wrongs don't make a right and I expect better of Microsoft.
It's amazing how no amount of altering the deal to be worse for consumers seems to get people to mass-exodus from these proprietary platforms, despite the existence of numerous alternatives
They're captured. They want their games. They want their shiny new peripherals to work. And they want all this seamlessly, without messing with Proton/Wine or config options.
In fact why even go this far? Most people have no idea what an OS is. They just buy a "device" and use whatever software platform comes baked into the device and all of them are proprietary.
It's not consumers that matter much in this game. It's businesses, which will incur massive cost and down time to retool their entire fleet if they switch. Windows has clearly not become unappealing enough for that, sadly.
>It's businesses, which will incur massive cost and down time to retool their entire fleet if they switch.
That's a non issue since most businesses upgrade their fleet every 3 years or so and are also very slow and reluctant when upgrading to newer versions of Windows (my last job switched from Win 7 to 10 only 4 years ago) so by the time they finish waiting out for Microsoft to iron out Windows 11, years down the line, their fleet will have been already replaced at least once.
Have you ever trained a few hundred or more 'non-tech' people (and I mean people who don't know what a file is) on a switch from Windows to something non-proprietary? How did that go for you, if so?
As a Ryzen 1800x user that sees no need to upgrade my CPU at the moment (ie. performance per dollar improvement for current gen isn't really worth it to me), this is an outrage.
Maybe time to go back to Linux then. After pragmatically settling on Windows around 10 years ago, I've been happy enough. My 5 year old laptop is perfectly good, and have no need to upgrade it. I guess I could keep using Win 10 for a while, but the drive to move back to Linux just became a fair bit stronger.
What's the EOL for Windows 10? Apparently it's 13 Dec 2022 or 09 May 2023 (education/enterprise) for the currently released versions -- I guess that's it? https://endoflife.date/windows
LTSC versions are officially supported for 10 years, so some version of Windows 10 will be supported for at least a decade. Windows Server 2019/client v1809 LTSC is supported until 2029, for example.
https://linustechtips.com/topic/1351028-microsoft-makes-thin...
A security director now says that a blog post "clarifying the floor" is coming. But frankly, if this turns out to be a miscommunication, if you read those tweets Microsoft would have to be unbelievably incompetent in their use of words.