Enabling Secure Boot just got easier! Follow these updated 2024 steps to secure your device against unwanted access and enjoy peace of mind. 🖥️💡

(via How to enable Secure Boot on PC to install Windows 11)

i can do better than that previous poll. 1 point per recommendation followed, interpret conservatively.

automatic backups (and tested!!)

ransomware resilient

2nd factor on all important accounts

2nd factor, not sms, phishing resistant everywhere where feasible

unique passwords on all important accounts

unique passwords everywhere

bitlocker/full disk encryption and secureboot

bonus point for measures not listed (tags plssss)

Just got a new laptop which unfortunately comes with windows 11, so I’m kinda tempted to throw Linux on it out of spite

Would that be a good idea, seeing as I have never to my knowledge used linux?

Ok so this is in my honest opinion, if you want something good for beginners, then Linux Mint is your best option

If you already know how to flash an ISO to a USB drive and boot to it and all that, then you don't have to click the read more button, but if you don't there's some more instructions below the cut

There's a really easy way to get started

First, get a torrent client like qBittorrent, Deluge, Transmission, whatever, they're all pretty good open source torrent clients (although I'm biased towards qBittorrent because that's my personal client of choice)

Then you're gonna wanna go to https://linuxmint.com and you're gonna wanna click that download button

You're gonna come across three different editions of Linux Mint, I recommend going with the first option, Cinnamon edition as Cinnamon is pretty good at helping you feel at home when coming from Windows

Hit the download button and then click the button that says Torrent Download: 64-bit, and you'll get a torrent file that you can open up in your torrent client

Or you could just do a direct download if you're gonna wipe the damn laptop, no point in trying to seed the ISO when Windows 11 is gonna get wiped

Anyway, let that iso download and then you're gonna wanna grab a piece of software called rufus

Go to https://rufus.ie/en/ and download the correct version for your platform

Now get a USB drive you don't mind wiping the data off of, because you need to flash the ISO to it

Then you're gonna wanna plug the USB drive into your computer and open up rufus and select the USB drive you just plugged in, if it didn't already do that

Then you're gonna wanna select the ISO you downloaded in Rufus

Leave all the settings as is, it'll be fine, but given you have a new laptop, I'm gonna assume it's one of the newer models and not something like a Thinkpad, so you should set the partition scheme to GPT

Then you just hit start, click through a couple of prompts, and then you just wait

At this point, just reboot your computer and figure out which key gets you into the boot menu, could be escape, f11, f12, delete, beats me, it's always something different

You may need to disable secureboot because it may prevent you from booting the USB, so there's that

Anyway, boot into the USB, hit enter to start Linux Mint and you'll be dropped into the live desktop

You can poke around and see if you like what you see, or if you don't, then that's alright, you can shutdown and pull the USB and flash a different edition or use a completely different distro

Just poke around in it, see what looks good to you, see what doesn't, you won't affect any of your disks until you decide to install

But yeah, there should be a CD looking icon on the desktop, and you can click it to start the install process

Once you go through it all and wiped Windows 11, there you go, Linux Mint on your computer

And if a video guide works better for you, then maybe this tutorial might help, it's a little old, but the same broad strokes still apply

Have fun on linux and enjoy the wild west of computing

Well I'm still assessing the damage to my computer.

Got the surge plug replaced, fixed the ram with blowing and the eraser method, fixed the screen freezing by installing the software (drivers aren't enough). The new installation is on a partition that's the UEFI friendly format but the secondary harddrive isn’t compliant nor are the rest of the many partitions on the primary hard drive which is a right mess. So the problem could easily happen again. Need to convert it all. Ugh. It's all a monopoly scam anyway (stick secureboot into a search engine for why).

If errors continue, I'm going to get a new power supply as a last ditch solution.

............................

It's been at least six months and multiple treatments, and I've found why I have a swollen scalloped white tongue. It's messed with my appetite and been a source of minor but distracting pain (anything sore or sharp in the mouth drives you to constantly mess with it amirite?). Salivary gland stone. Right next to the impacted wisdom tooth so I didn't notice, just assumed it was the same old pain. Now that I've massaged it it's all sore and inflamed but I'm really relieved to have answers.

Busy day today with chores but maybe I can edit photos and show a couple of doll progress pics. 💚

Lily's current bad haircut

If you’re the type that is comfortable with repairing tech, I highly recommend Framework laptops. They’ll sell you the one screwdriver you need to replace anything in it: battery, screen, processor, RAM, speakers, whatever. The various components are marked with QR codes that take you to the relevant “how to fix this thing” page. Cory Doctorow (@mostlysignssomeportents) loves his.

The 16 inch looks nice, but it won’t ship until the semester’s over. Look at the 13 inch models in stock and reference all the advice above. If you don’t mind doing some assembly and installing the OS at the start, look at the DIY model, shop around for better prices on memory and storage, and install it yourself.

I’ve been running Ubuntu on mine and it’s been great. It installed right out of the box, and supports SecureBoot and SSD encryption.

So You Need To Buy A Computer But You Don't Know What Specs Are Good These Days

Hi.

This is literally my job.

Lots of people are buying computers for school right now or are replacing computers as their five-year-old college laptop craps out so here's the standard specs you should be looking for in a (windows) computer purchase in August 2023.

PROCESSOR

Intel i5 (no older than 10th Gen)

Ryzen 7

You can get away with a Ryzen 5 but an intel i3 should be an absolute last resort. You want at least an intel i5 or a Ryzen 7 processor. The current generation of intel processors is 13, but anything 10 or newer is perfectly fine. DO NOT get a higher performance line with an older generation; a 13th gen i5 is better than an 8th gen i7. (Unfortunately I don't know enough about ryzens to tell you which generation is the earliest you should get, but staying within 3 generations is a good rule of thumb)

RAM

8GB absolute minimum

If you don't have at least 8GB RAM on a modern computer it's going to be very, very slow. Ideally you want a computer with at least 16GB, and it's a good idea to get a computer that will let you add or swap RAM down the line (nearly all desktops will let you do this, for laptops you need to check the specs for Memory and see how many slots there are and how many slots are available; laptops with soldered RAM cannot have the memory upgraded - this is common in very slim laptops)

STORAGE

256GB SSD

Computers mostly come with SSDs these days; SSDs are faster than HDDs but typically have lower storage for the same price. That being said: SSDs are coming down in price and if you're installing your own drive you can easily upgrade the size for a low cost. Unfortunately that doesn't do anything for you for the initial purchase.

A lot of cheaper laptops will have a 128GB SSD and, because a lot of stuff is stored in the cloud these days, that can be functional. I still recommend getting a bit more storage than that because it's nice if you can store your music and documents and photos on your device instead of on the cloud. You want to be able to access your files even if you don't have internet access.

But don't get a computer with a big HDD instead of getting a computer with a small SSD. The difference in speed is noticeable.

SCREEN (laptop specific)

Personally I find that touchscreens have a negative impact on battery life and are easier to fuck up than standard screens. They are also harder to replace if they get broken. I do not recommend getting a touch screen unless you absolutely have to.

A lot of college students especially tend to look for the biggest laptop screen possible; don't do that. It's a pain in the ass to carry a 17" laptop around campus and with the way that everything is so thin these days it's easier to damage a 17" screen than a 14" screen.

On the other end of that: laptops with 13" screens tend to be very slim devices that are glued shut and impossible to work on or upgrade.

Your best bet (for both functionality and price) is either a 14" or a 15.6" screen. If you absolutely positively need to have a 10-key keyboard on your laptop, get the 15.6". If you need something portable more than you need 10-key, get a 14"

FORM FACTOR (desktop specific)

If you purchase an all-in-one desktop computer I will begin manifesting in your house physically. All-in-ones take away every advantage desktops have in terms of upgradeability and maintenance; they are expensive and difficult to repair and usually not worth the cost of disassembling to upgrade.

There are about four standard sizes of desktop PC: All-in-One (the size of a monitor with no other footprint), Tower (Big! probably at least two feet long in two directions), Small Form Factor Tower (Very moderate - about the size of a large shoebox), and Mini/Micro/Tiny (Small! about the size of a small hardcover book).

If you are concerned about space you are much better off getting a MicroPC and a bracket to put it on your monitor than you are getting an all-in-one. This will be about a million percent easier to work on than an all-in-one and this way if your monitor dies your computer is still functional.

Small form factor towers and towers are the easiest to work on and upgrade; if you need a burly graphics card you need to get a full size tower, but for everything else a small form factor tower will be fine. Most of our business sales are SFF towers and MicroPCs, the only time we get something larger is if we have to put a $700 graphics card in it. SFF towers will accept small graphics cards and can handle upgrades to the power supply; MicroPCs can only have the RAM and SSD upgraded and don't have room for any other components or their own internal power supply.

WARRANTY

Most desktops come with either a 1 or 3 year warranty; either of these is fine and if you want to upgrade a 1 year to a 3 year that is also fine. I've generally found that if something is going to do a warranty failure on desktop it's going to do it the first year, so you don't get a hell of a lot of added mileage out of an extended warranty but it doesn't hurt and sometimes pays off to do a 3-year.

Laptops are a different story. Laptops mostly come with a 1-year warranty and what I recommend everyone does for every laptop that will allow it is to upgrade that to the longest warranty you can get with added drop/damage protection. The most common question our customers have about laptops is if we can replace a screen and the answer is usually "yes, but it's going to be expensive." If you're purchasing a low-end laptop, the parts and labor for replacing a screen can easily cost more than half the price of a new laptop. HOWEVER, the way that most screens get broken is by getting dropped. So if you have a warranty with drop protection, you just send that sucker back to the factory and they fix it for you.

So, if it is at all possible, check if the manufacturer of a laptop you're looking at has a warranty option with drop protection. Then, within 30 days (though ideally on the first day you get it) of owning your laptop, go to the manufacturer site, register your serial number, and upgrade the warranty. If you can't afford a 3-year upgrade at once set a reminder for yourself to annually renew. But get that drop protection, especially if you are a college student or if you've got kids.

And never, ever put pens or pencils on your laptop keyboard. I've seen people ruin thousand dollar, brand-new laptops that they can't afford to fix because they closed the screen on a ten cent pencil. Keep liquids away from them too.

LIFESPAN

There's a reasonable chance that any computer you buy today will still be able to turn on and run a program or two in ten years. That does not mean that it is "functional."

At my office we estimate that the functional lifespan of desktops is 5-7 years and the functional lifespan of laptops is 3-5 years. Laptops get more wear and tear than desktops and desktops are easier to upgrade to keep them running. At 5 years for desktops and 3 years for laptops you should look at upgrading the RAM in the device and possibly consider replacing the SSD with a new (possibly larger) model, because SSDs and HDDs don't last forever.

COST

This means that you should think of your computers as an annual investment rather than as a one-time purchase. It is more worthwhile to pay $700 for a laptop that will work well for five years than it is to pay $300 for a laptop that will be outdated and slow in one year (which is what will happen if you get an 8th gen i3 with 8GB RAM). If you are going to get a $300 laptop try to get specs as close as possible to the minimums I've laid out here.

If you have to compromise on these specs, the one that is least fixable is the processor. If you get a laptop with an i3 processor you aren't going to be able to upgrade it even if you can add more RAM or a bigger SSD. If you have to get lower specs in order to afford the device put your money into the processor and make sure that the computer has available slots for upgrade and that neither the RAM nor the SSD is soldered to the motherboard. (one easy way to check this is to search "[computer model] RAM upgrade" on youtube and see if anyone has made a video showing what the inside of the laptop looks like and how much effort it takes to replace parts)

Computers are expensive right now. This is frustrating, because historically consumer computer prices have been on a downward trend but since 2020 that trend has been all over the place. Desktop computers are quite expensive at the moment (August 2023) and decent laptops are extremely variably priced.

If you are looking for a decent, upgradeable laptop that will last you a few years, here are a couple of options that you can purchase in August 2023 that have good prices for their specs:

14" Lenovo - $670 - 11th-gen i5, 16GB RAM, and 512GB SSD

15.6" HP - $540 - 11th-gen i5, 16GB RAM, and 256GB SSD

14" Dell - $710 - 12th-gen i5, 16GB RAM, and 256GB SSD

If you are looking for a decent, affordable desktop that will last you a few years, here are a couple of options that you can purchase in August 2023 that have good prices for their specs:

SFF HP - $620 - 10th-gen i5, 16GB RAM, 1TB SSD

SFF Lenovo - $560 - Ryzen 7 5000 series, 16GB RAM, 512GB SSD

Dell Tower - $800 - 10th-gen i7, 16GB RAM, 512GB SSD

If I were going to buy any of these I'd probably get the HP laptop or the Dell Tower. The HP Laptop is actually a really good price for what it is.

Anyway happy computering.

Object permanence

I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me in PITTSBURGH on May 15 at WHITE WHALE BOOKS, and in PDX on Jun 20 at BARNES AND NOBLE. More tour dates here.

#20yrsago Canadian music industry’s fake stats shredded https://web.archive.org/web/20050410142551/http://firstmonday.org/issues/issue10_4/geist/

#20yrsago American Airlines’ dossier on Cory’s friends: the latest installment https://memex.craphound.com/2005/04/09/american-airlines-dossier-on-corys-friends-the-latest-installment/

#20yrsago Bill Gates 0wns Einstein, Groucho , Freud, Asimov, Fuller, et al https://www.theguardian.com/world/2005/apr/09/arts.film

#20yrsago WIPO Development Agenda proposal scorecard: USA, Mexico, UK all blow it https://web.archive.org/web/20050410234518/http://lists.essential.org/pipermail/a2k/2005-April/000199.html

#15yrsago Canadian copyright consultation: 54 in favor of US/UK-style copyright expansion, 6138 against https://web.archive.org/web/20100412160154/https://www.michaelgeist.ca/content/view/4946/125/

#5yrsago Tails adds Secureboot support https://pluralistic.net/2020/04/09/all-hail-morlocks/#uefi

#5yrsago Kansas GOP nukes ban on large Easter gatherings https://pluralistic.net/2020/04/09/all-hail-morlocks/#gop-death-cult

#5yrsago Philips quadruples ventilator costs https://pluralistic.net/2020/04/09/all-hail-morlocks/#covidiens-revenge

#1yrago Steven Brust's "Lyorn" https://pluralistic.net/2024/04/09/so-meta/#delightful-doggerel

現在のGentoo Linux

-------------------------------------------------

さて、ある程度までは、Gentoo Linuxの問題は一緒ですが、一部大きな点、

必ずinstallkernelをやらないと、fedraのインストーラーとして、makeするという事w🤣

↑installkernelを無視し、gentoo-soucesを入れた。

そしてmake、make installしようとしたら、

「liloがインストールされてません！」

と、インストール出来ないw🤣

liloなんて最初から入れる気無いから、あるわけないw🤣

つまり、必ずinstallkernelをやらないと、gentooとしてインストール出来ない。

ま、あとは、言われた通りセキュリティを設定すれば、インストールは出来る。

Kernelインストール前、①unrar②linux-firmware③paholeを準備、インストール。

kernel configは、securebootは駄目。module signにとどめ、Configする。

installkernelにて、grubの設定で、インストール。

gentoo-soucesをインストールする。

もう一度、linux-firmwareをインストールし直す。（R）

初めて、make。

makeの後、module signの設定をする。そしてsbctlをインストールし、鍵を作り、enrollまでやる。

これらのセキュリティの準備が出来たら、「make install」

このプロセスにて、起動は可能だが、sbctlにて、再起動される。（つまり、必要な鍵のdbとdbxが無いため、secure bootの許可が出ない。）

sbctlの設定は、GitHubに詳しい説明があります。

sbctlの残りの設定をして、再起動。

この場合、既にGentooを稼働してる場合のケース。私の環境では、古い2020年のkernelで、grub 2での起動がある。

なので、grub-mkconfigをやり確認、usbメモリーを使い、新しいboot領域をgrub-íntallしてます。

全く新しくGentooをインストールする場合、Systemd-bootが、最もまともに動く可能性があります。

ただし、Secure Boot問題は、必ず関係してしまう。いくつかの方法がありますが、それは好みかとw🤣

私の場合は、既にGentooを使っている人のためのマニュアルになります。

さて、新しいkernelで再起動すると、sbctlしか使えない状態です。

sbctlの残りの設定をして、また再起動。

ukiってのを、作りますが、dracutが必要なようですから、

emerge --ask dracut

か、もしくは、gentoo-kernelをインストールすれば、ok。

grubを入れようとすると、だいたいdracutを引っ張りますがw

NSAがやりたいSecure bootの条件。

PK※パッケージkeyの略

KEK※key enforce key

db※データベース

dbx無意味なデータベースw🤣

この組み合わせが無いと、起動させてくれませんw🤣

さすが、軍隊w🤣🤣🤣

なので、それをやってくれるのが、sbctl。

そんなわけで、自由なはずのkernelが、NSAやGoogleの圧力にて、馬鹿みたいに無駄な時間を費やされますが、相変わらずkernelは自由なものには、変わりありませんw🤣

ま、そういう厨二病も、トランプ大統領により、排除に向かって欲しいですねw🙂✨

いわゆる、“通せんぼ”してるわけだから。

2024/06/18 GPD WIN Max2 2023 BIOSアップデートが複雑なのでまとめる

GPD WIN Max2 2023モデルのBIOSアップデート方法の公式の案内適当すぎない？？

特に解説されてるサイトが少ないので備忘録に記載。海外サイト見ないとよくわからないのはきつい…。

作業手順

BIOSデータをUSBにダウンロード

BitLockerの番号の確認

BitLockerの解除

セキュアブートの解除(先にBitLocker解除しないとできない)

BIOSの更新(先にセキュアブートを解除しないとできない)

となる。

BIOSデータをUSBにダウンロード

2022モデル(無印)と2023&2024モデルはデータ別物扱いなので要注意！ 下記GPD公式サイトからダウンロードできる。

サイト内のDRIVER&BIOSタブを選択、上記の部分からダウンロードできる。

Readmeが適当すぎてフォルダの階層にほんと迷った…。USBに上記の内容をコピーすればOK。

BitLockerの番号の確認

下記のサイトで確認できる。

私の場合は、謎にBitLockerの番号がアカウントに正しくアップロードされておらず、Microsoftアカウントを再度登録し直したら無事に確認ができた。

スマホで番号撮っておこう。

BitLockerの解除

BitLockerは[スタート]  > [設定] > [プライバシーとセキュリティ] > [デバイスの暗号化]でOFFにできる。時間がかかるので、寝る前にやると良さそう。

セキュアブートの解除

先にBitLockerを解除しないと操作できません。

PCを再起動、起動前にDELキーを長押し、BIOS画面を出す。 [security] > [SecureBoot] > [SecureBoot]の項��で、SecureBoot自体をDisabledにする。

BIOSの更新

先にセキュアブートを解除しないとUSBメモリを認識しません。

PC起動時にF7キーを長押し、USBメモリを選択して実行。 処理が始まるので、放置すると更新される。

下記サイトがかなり参考になった

Not only that, a lot of the windows 11 requirement has to do with secureboot and TPM bullshit, not actual computing power. My desktop is listed as unable to run Windows 11 because I won't flip a setting in my bios that I shouldn't be forced to flip.

I talked about the problem of Windows system requirements being too damn high before, and how the windows 10 to 11 jump is especially bad. Like the end of Windows 10 is coming october 2025, and it will be a massive problem. And this article gives us some concrete numbers for how many computers that can't update from win10 to 11.

And it's 240 million. damn. “If these were all folded laptops, stacked one on top of another, they would make a pile 600 km taller than the moon.” the tech analysis company quoted in the article explains.

So many functioning computers that will be wasted. And it's all because people don't wanna switch to a Linux distro with sane system requirements and instead buy a new computer.

Like if you own one of these 240 million windows 10 computers, Just be an environmentally responsible non-wasteful person and switch that computer to Linux instead of just scrapping it because Microsoft says it's not good enough.

Tải về Windows 11 Pro RTM build 22000.588 TPM x64 Mar-2022 Pre-activated

Tải về Windows 11 Pro RTM build 22000.588 TPM x64 Mar-2022 Pre-activated Tải về Windows 11 Pro RTM build 22000.588 TPM x64 Mar-2022 Pre-activated là bản dựng Windows 11 build 22000.588 được cập nhật mới nhất tháng 3/2022, bản dựng không tùy biến hoàn toàn xây dựng trên nền ảnh gốc chưa loại bỏ TPM 2.0 và SecureBoot ngoại trừ đã kích hoạt sẵn Windows 11 cho người dùng. Tải về Windows 11 Pro RTM…

View On WordPress

shim Bootloader mit Risiko "hoch"

Update inzwischen verfügbar

Der Open Source Linux Bootloader "shim" enthält eine Sicherheitslücke, mit der Angreifer eigenen Code einschleusen können. Die Warnung CVE-2023-40547 (CVSS 8.3, Risiko "hoch") beschreibt die Gefahr, dass bei einem solchen "Man in the Middle" Angriff in Speicherbereiche außerhalb des allokierten Bereichs geschrieben werden kann (Out-of-bound write primitive). Damit kann das ganze System kompromittiert werden.

Der einzige Zweck von shim als eine "triviale EFI-Applikation" ist der, dass damit auf handelsüblichen Windows-Computern auch andere vertrauenswürdige Betriebssysteme mit Secure Boot zu starten sind. Microsoft macht es mit SecureBoot und seinen EFI/UEFI Bootloadern anderen Systemen weiterhin schwer als System neben Windows installiert zu werden.

Ein Update auf shim 5.18 korrigiert die Sicherheitslücke und repariert auch weitere Schwachstellen. So war erst im Dezember 2023 eine Lücke im Secure-Boot auf BIOS-, bzw. UEFI-Ebene unter dem Namen "LogoFAIL" bekannt geworden.

Mehr dazu bei https://www.heise.de/news/Bootloader-Luecke-gefaehrdet-viele-Linux-Distributionen-9624201.html

Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3yU Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8678-20240210-shim-bootloader-mit-risiko-hoch.html

Proxmox 8.1 New Features and Download with Software-Defined Network and Secure Boot

Proxmox 8.1 New Features and Download with Software-Defined Network and Secure Boot #homelab #proxmox #proxmox81 #proxmoxnewversion #proxmoxupgrade #softwaredefinednetworking #opensourcehypervisor #secureboot #hypervisorsecurity #virtualizationhowto

The Proxmox 8.1 hypervisor has been released with great new features. The official information and documentation show it is a worthy upgrade for Proxmox 8 systems. Highlights include new software-defined network (SDN) features, secure boot, flexible notifications, and other new improvements. Let’s dive into this release.  Table of contentsSoftware-Defined Networking in Proxmox VE 8.1Enhancing…

View On WordPress

Linux Mint 每月新聞 - 四月 2023

心得： 差點又忘了… 重點項目： Linux Mint 21.2 UI 優化 如果出現無法安裝的情況，可以嘗試關閉 Secureboot 進行安裝 預定接下來的發行版本： Linux Mint 21.2 An EDGE ISO release with kernel 5.19 LMDE 6, based on the upcoming Debian 12 資料來源： Monthly News – April 2023

View On WordPress

i took an old laptop out from a couple years ago (late 2020-ish) and it was fussy as hell about putting a new OS on it (even though it was already running Ubuntu, so those hurdles should have been dealt with); and even after setting a BIOS password and disabling SecureBoot it had fucked up the boot USB i made to put Manjaro on it

i forgot what i even took it out to do lmao

i hate secure boot! i hate secure boot!