Replies

So tell me what kind of end user needs even the WiFi-6 speeds and bandwidth?

-- rc primak

Businesses often need local copies. Sometimes this is a legal requirement, sometimes it’s in case the Internet is not available or the Cloud Service is unreachable. Rule Number One of Backup — you can never have too much.

-- rc primak

I make copies of my Windows data to a separate partition or a separate drive inside the PC. This won’t survive a real hardware disaster, but a separate temporary data backup drive will survive a single drive failure. With SSD and HDD per-gigabyte prices coming down lately, it is becoming more convenient to do something like this.

-- rc primak

That would not have worked in this case. The “click of death” is often non-recoverable.

I had this type of hard drive failure happen inside a Comcast DVR a few months ago. Fortunately, even they back up the hard drive to their Cloud DVR these days. But only if you remember periodicallly to “sync” your recordings from the menus in their services.  My DVR gave two interesting beeps before the clicking sounds each time it was trying to reboot. Sometimes computer drives do this too.

-- rc primak

For Linux, a separate Home Partition, as well as a separate Boot Partition are often used by experienced users.

For Windows, I don’t have a lot of data in any user or Admin. account, so I just take all the data (folders) which can be copied in a standard copy-paste, and make copies directly to external media on a regular basis. Hard drive and even SSD real estate is getting cheaper by the day, so there’s no reason in the modern world, not to have curent copies of important data on hand on external drives or other locations (including the Cloud, as OneDrive does). Data transfers over cables and networks, and even to and from the Cloud, are so fast for most people today that this also should not be a reason to be without current data backups.

In Windows, system backups are also getting easier to make and save, and they are pretty easy to restore. On a modern PC or laptop, restoration is pretty quick, but even if it isn’t, I’d rather let a restore operation run overnight than to habve to reinstall and rebuils a Widnows installatioon and all its drivers, software and data.

For Linux, especially with the separate Home and Boot partitions, it’s often easier and quicker just to reinstall the OS and the software. With centralized software repos, all you need to back up regularly, with other data, are the markings for the installed packages.

Backups also should include downloaded email messages. People often forget to do this, and they sometimes pay the price.

-- rc primak

1 user thanked author for this post.

Cybertooth

I’ve used several utility programs in Windows and in Linux which display in various graphical and list formats, various aspects of what’s taking up space on my computers. Invariably, if it isn’t downloads which accumulate over time, it’s documents which take up the most space. Email and even most of my pictures are not large space-hogs. Some people collect music, videos and high-res pictures, and these will be huge space-hogs.

What I do with the information displayed is to decide what and how to off-load to archival hard drive storage, and how to organize my off-loaded archives. That is the real challenge for me. Once I’ve put some files into archival storage, how will I find them again if I ever want to reference or use them in the future?

Also useful is to see how much space each backup set and each period of time’s backups are taking up, and how much space remains on the backup drive(s). That can be critical information for keep[ing backed up data readily available. This is an issue different from, but related to, the problem of figuring out what to off-load from the system or data drive inside the computer.

The ability to use whichever tool shows the specific aspects of your file system which interest you the most is the strength of any good file size analyzer or disk space analyzer utility. This one looks very versatile, but the visual displays of programs like WizTree or WinDirStat can show things this program will not necessarily highlight.

The weak points of each program are the aspects or properties which are not shown, or which are not presented in an easy to see format. No one program I’ve seen does it all equally well.

So, which program I use at any time to show which aspects of my disk space usage will vary. I have yet to find one tool which shows it all equally well. This one included.

-- rc primak

1 user thanked author for this post.

SueW

Did a reply get lost from this thread? I thought someone had posted regarding having trouble using Powershell to update the HEVC Video Codecs from the Microsoft Store (It’s a Store App) using Powershell. An error happened during the Winget process.

That post is no longer showing when I view this thread.

-- rc primak

Ubuntu Security Alert: GameOver(lay) Vulnerabilities in the Kernel
https://www.cyberkendra.com/2023/07/ubuntu-security-alert-gameoverlay.html

A few more details…

Notice the date was in late-July, and the kernel updates have rolled out from July 27, 2023 until this week. (I just got new kernels for some of my Ubuntu installs today.) Note also that this is one of many security issues Canonical has created for themselves by messing wround with the Linux kernel and making proprietary changes for their own distro (and by extension for most of its derivatives or forks).

Some words about CLI vs. GUI updating in Ubuntu…

Note: The GUI update manager in the illustration is from Mint, not from Ubuntu. Much of what follows is equally true in Mint and Ubuntu’s various flavors.

BTW, the CLI apt updating commands often show updates not available (yet) through the Ubuntu Updater. The Gnome Software Center shows that there are unspecified “OS Updates” available, but does not tell you that these are held packages, and must be manually upgraded through the CLI. I would be careful about upgrading held packages, as they can break stuff. Eventually, most package updates make it into normal update channels. There is no reason to upgrade to the subscription service for Ubuntu, called Ubuntu Pro or Ubuntu Advantage. You will get no additional overall security improvements. Just a lot more update nags.

Kernel updates can be delayed and will show up for some users before they show up for others. But by this time, everyone should have seen the relevant kernel updates. I have not seen a patch for Ubuntu kernel version 6.x.

Getting back to our story…

The vulnerabilities have since been patched by Ubuntu following responsible disclosure, with fixes issued on July 24, 2023.

The discovery of these vulnerabilities underscores the unpredictable effects of subtle changes to the Linux kernel made by Ubuntu. Wiz CTO and co-founder Ami Luttwak commented, “Both vulnerabilities are unique to Ubuntu kernels since they stemmed from Ubuntu’s individual changes to the OverlayFS module.”

Old news. Now, regarding the Mint upgrade…

Linux Mint Cinnamon “Victoria” was released July 24.

This does not mean this upgrade is ready for Prime Time. I’d give it awhile longer to settle down, given the history of Mint upgrades.

My own system will be upgraded sometime in September, when I’m not patching Windows or Ubuntu Unity.

In Linux Mint, the built-in backup software is called TimeShift, and it allows you to take a system snapshot before the upgrade.

Advanced Linux users may also prefer to use Clonezilla Live from a bootable USB Flash Drive. (My bootable media for Linux are now inside of Ventoy Flash Drives. This is to conserve Windows 11 TPM-2 Secure Boot Security Keys. This issue only applies to dual- and multiboot systems.) If using cloning in Linux, it’s wise to also make an uncompressed, unencrypted copy of the USer’s /Home Directory and archive that as Linux User Data.

Timeshift is nice, but it uses a compressed format which depends on getting Timeshift (hence, the OS base image) up and running to perform any restore operations. Also, Synaptic can back up a lot of the Linux software markings, making reinstalling, upgrading and rebuilding much quicker. This backup is a series of small files which can be exported, archived and later imported back into Synaptic.

-- rc primak

I didn’t think the existence of the information was a secret, only the details. Sorry.

-- rc primak

Once again, I have yet to see an explanation, maybe with screen shots to document the process, of how a computer can boot from an external device with Secure Boot enabled.

https://www.ventoy.net/en/doc_secure.html 

The process is different in Vista through Windows 10, but it involves having a boot image (ISO) which has a valid, fairly recent Microsoft signed security certificate. That’s got to be burned into the ISO, unless you’re using Ventoy, YUMI or some other multi-ISO system which supplies its own, global Certificate and/or TPM Key.

I don’t use these other multi-boot methods, so I don’t have at my fingertips their tutorials and screenshots about exactly what the process is.

Like Ben, before Windows 11 came out I only used the option in the device BIOS to simply turn off Secure Boot if I wanted to boot anything from a USB device. But the way Windows 11 handles TPM2 security, saving and then re-entering the TPM Key List has become so laborious and so hard on the BIOS that I now only boot from devices with signed certificates or some way to register TPM keys. And due to the finite nature of the TPM Key List, I am limiting the number of USB Boot Keys I try to register per machine. For these and other reasons, I have converted most of my USB Boot media to Ventoy.

Again, Secure Boot has never tripped me up when using Full Retail Windows Install Media, Windows install media created by Windows (Repair Sticks), Media created using the Microsoft Media Creation Tool, or ISOs of major Linux distros and certain recent USB Boot utilities on Flash Drives, as long as each ISO or installer has a currently valid Microsoft signed security certificate baked in or available to register during the USB boot process. This does not cover the vast majority of pre-Windows 10 USB Boot devices and ISOs. And before Windows 11, this did not cover most multi-boot USB drive creation software and utilities.

BTW, enclosures connected by USB, and external hard drives, have never exhibited boot issues when running Linux installed on them. Microsoft and others never intended Secure Boot to prevent booting other OSes from external USB media. Provided that the proper security certificates or keys are kept current.

I have run Linux from USB enclosures for a couple of years now and never had an issue with doing so. Nor with installing Linux to external USB devices. Secure Boot and now TPM2 security were never turned off. Windows Fast Startup on the other hand, has to be turned off to allow Linux to access shared partitions, but that is due to a different issue.

-- rc primak

2 users thanked author for this post.

Fred, b

Re. https://projectlibertyaction.com/

I get a popover ad on that site which won’t go away and prevents me from seeing their site without giving away personal information. They clearly have nothing to do with freedom or privacy.

https://www.prnewswire.com/news-releases/project-liberty-action-network-to-spotlight-harm-of-social-media-on-childrens-mental-health-301878137.html

At least here I get a summary of what this project purports to be about, without having to give away personal information to read about them.

-- rc primak

Oh, yes, Secure Boot must to be disabled for a system to boot from USB.

That is not true. I have booted successfully from USB flash drives with full Secure Boot enabled and TPM-2 Windows 11 security in place. Not once have I had an issue, provided:

• That the ISO or boot information on the Flash Drive is fairly recent.
• And that the boot information provides a Microsoft approved security certificate and/or a valid TPM Key. Ventoy, for example, has a module in their Boot Partition which inserts an MOK TPM key as a one-off process per computer. All Windows Install ISOs contain a valid Microsoft Security Certificate. IT is the BIOS which determines whether USB Boot is enabled by default. This can be changed, but Secure Boot has little to do with it.

The purpose of Secure Boot enabled is to prohibit booting from an external device!

No, it isn’t. The purpose of Secure Boot is to prevent an unregistered operating system or boot device from booting without a Microsoft approved security certificate or TPM Key. There never was any intention of totally locking out Linux or USB boot devices.

I’ll repeat that Secure Boot needs to be disabled in order to boot from an external USB device, whether Microsoft or anyone else says so or not. I suggest that you can see this with your own eyes, wiping the SSD first (I used Linux Mint 21 to do so quickly and easily), then enabling Secure Boot, and, finally, attempting to boot from a USB device.

You can repeat this all you want. I have installed Windows for over a decade since Secure Boot weas introduced, on clean, bare-metal installs, as upgrades and alongside previously installed OSes. Never had to disable Secure Boot to boot from a Windows install USB flash drive. Other USB boot drives did have issues, but never Windows Linux Mint or Ubuntu Linux. Or Ventoy, provided the once-only step of registering the TPM MOK key was done properly.

rchaz posted:
I guess the assumption is pretty good that most Home edition users will have logged into their MS account OOB rather than skipping to a Local account.

Let’s make sure we are comparing apples with apples. Bitlocker is really available in two flavors. The full implementation is only available in the Windows Pro or higher editions, and you have to set this Bitlocker up yourself. It is not tied to a Microsoft Account, and you hold your own Bitlocker keys. For the Home Edition, Bitlocker is implemented through the Microsoft Cloud account, and Microsoft holds your Bitlocker keys. That’s the version which can be installed and activated without the end user ever knowing what the keys are. Starting with Windows 10, the Home Edition is very difficult to install without going through the Microsoft Account process. This usually results in Bitlocker being activated, especially in OEM versions of Windows. The Pro and higher versions do not need to handle Bitlocker in this way.

I have only had one device I have ever owned where the installation of Windows (10) was the OEM Home Edition. It did have Bitlocker automatically enabled as soon as I had the device set up. I laboriously and manually disabled Bitlocker, as I wanted to use a Local Account as my primary Admin Account.

-- rc primak

2 users thanked author for this post.

Fred, b

Expected, and it’s not anything to be worried about. Not yet.

-- rc primak

I think you mean Apple mobile devices. End to end encrypted messaging is available for PCs and Enterprise networks. And it’s available for Linux on many platforms. Android is admittedly behind the curve.

-- rc primak

3 users thanked author for this post.

WSGeo, J9438, Alex5723

I had a bit of insider information, so I was kind of expecting something along the lines of the configuration changes Will writes about this week.

All of this hardware (re-)assembly is way beyond my technical skills, but I can respect what Will has done, and I think many others will find this series of interest and useful.

I’m also looking forward to Deanna’s write-up of HiBit System Information next week. Currently I use the output of KC Softwares SUMo for the purpose of listing the software and its install locations from a PC.  The end result is in an Excel-compatible spreadsheet format. This makes a good punch-list template for a new or reconstructed Windows environment. I’ll be curious to see what HiBit puts together and outputs.

 

-- rc primak

1 user thanked author for this post.

Will Fastie