Pinging the group here about a theory.

I am convinced at this point that requiring a TPM and all the Windows 11
"security enhancements" are really just a way to scare the common user
into locking themselves out of Linux.

I just turned off Core Isolation memory integrity and you know what
happened? Big yellow warning triangle. "Your system may be insecure."
Scary.

You know what else Memory Integrity does though? It makes it impossible
to run VirtualBox or VMWare, because it uses Hyper-V. Only one hypervisor
at a time. VirtualBox still can't figure out how to leverage Hyper-V in
that situation, and I'm guessing it's not a coincidence. I'm guessing the
guidance for using Hyper-V is opaque af.

So there we have it. Want to preview a Linux distro in a virtual machine?
Can't be done if your machine is "secure."

Then the security center tells you that "Standard hardware security is
not supported" if secure boot is turned off. No big yellow warning
triangle, but also a "gee maybe my computer is inferior" sort of message.
Custom builders are seriously encouraged to turn all this stuff on or
look like they're building less secure machines. OMG, this machine
doesn't even support standard hardware security!

Funny thing is *enhanced* security is supported in that situation (if you
have no blocking drivers). You can still turn on Memory Integrity without
secure boot and will then be running the only requirement of enhanced
security. You just have secure boot turned off, and Windows 11 could
easily read a motherboard list to see that secure boot is possible and it
is supported. In fact, it almost certainly is if the machine can run
Windows 11 without a requirements hack. Fact is, the message will only
tell you that the two security levels are "supported" if these things are
turned on. It will tell you that standard is not supported if you have
secure boot turned off, but memory integrity turned on. It's very
misleading.

So they strongly encourage everyone to turn on both Secure Boot and
Memory Integrity. The messages mislead a common user to believe the
machine is less secure, unsupported in fact, if they are not turned on.
If Memory Integrity is turned on, then it says enhanced security is
supported. So if you turn off secure boot (the easiest way to get at
Linux is to boot off a live cd), then security is unsupported, even if
you turn on Memory Integrity. If Memory Integrity is turned off
(necessary for the other option of installing to a virtual machine), then
your machine only "supports" standard security, and doesn't "support"
enhanced security.

Try explaining that to a customer!

And here's the kicker. The end result of that is it leaves you no way to
run a Linux live disc or install Linux in a virtual machine. You can't
run Linux independently without really knowing what you're doing.

And then WSL comes to the rescue, encouraging you to pick your distro
from the Microsoft store and promising "performance enhancements" beyond
a normal install of Linux?

https://learn.microsoft.com/en-us/windows/wsl/about

Yeah, that article is aimed at developers, and they know better, but
that's eventually going to be the party line for the common user. You
want Linux? You can't get Linux from a distro iso? Aw, shucks. That shit
is broken. Come to the Microsoft Store, we've got your Linux right here.

I think I can see where this is going. It's everything I've come to
expect from MS. It's a long game to get there, but it's just EEE.

--
Zag

West of House
There is a small mailbox here.

>read leaflet
"WELCOME TO USENET!

USENET is a game of adventure, danger,
and low cunning. In it you will
explore some of the most amazing
territory ever seen by mortals. No
computer should be without it!"

Hey, guess what happens when I type these queries into the Windows Store?

"Red hat"

Some dumb entertainment result, followed by "Pengwin Enterprise" whatever
that is. It has "win" in it, so my spidey sense is tingling. Futher
research warranted.

"Red hat Linux"

Pengwin Enterprise. Period. I wonder how much the marketing guy that came
up with "Pengwin" was paid?

"Redhat"

Well, I mistyped the name, but I get Fedora. Fedora probably should have
come up in the first place, as its code base is actually somewhat related
to Red Hat.

So folks, welcome to MS vs. IBM round two.

Here comes the research part:

https://apps.microsoft.com/store/detail/pengwin/9NV1GV1PXZ6P

Based on Debian, developed by a Microsoft partner: Whitewater Foundry. It
"looks like Ubuntu, but it is different..."

https://www.whitewaterfoundry.com/

Wonder how much start up money they got from Microsoft? But, hey, it's
not *really* Microsoft in disguise, right antitrust regulators?

Microsoft seems to be hedging their bets with an embrace of Ubuntu, or
planning to use it as a mature attempt to get people familiar with
Debian. Other than Pengwin, it has the widest coverage in the Windows
Store.

I presume the end game is to kill the entire NT line of software as a bad
idea gone worse and base everything on Debian as soon as Codeweavers, or
some MS version of Wine, is up-to-snuff. Gotta have that backward
compatibility.

So, in synopsis, Microsoft is moving to bring Linux distro "choice" to
Windows, discourages using real ISOs as much as possible in boot disc and
VM, and then turn into Pengwin, the Linux distro to rule them all, which
will probably be called Windows NNT: NEW new technology.

Was this Whitewater Foundry "Pengwin" stuff on anyone's radar at all
here?

MCPs, start looking into Debian. It is your future. This NT stuff is just
running on inertia, I think.

--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten

On Fri, 08 Sep 2023 10:43:27 -0500, Zaghadka <zaghadka@hotmail.com>
wrote:

>Pinging the group here about a theory.
>
>I am convinced at this point that requiring a TPM and all the Windows 11
>"security enhancements" are really just a way to scare the common user
>into locking themselves out of Linux.
>
>I just turned off Core Isolation memory integrity and you know what
>happened? Big yellow warning triangle. "Your system may be insecure."
>Scary.
>
>You know what else Memory Integrity does though? It makes it impossible
>to run VirtualBox or VMWare, because it uses Hyper-V. Only one hypervisor
>at a time. VirtualBox still can't figure out how to leverage Hyper-V in
>that situation, and I'm guessing it's not a coincidence. I'm guessing the
>guidance for using Hyper-V is opaque af.
>
>So there we have it. Want to preview a Linux distro in a virtual machine?
>Can't be done if your machine is "secure."
>
>Then the security center tells you that "Standard hardware security is
>not supported" if secure boot is turned off. No big yellow warning
>triangle, but also a "gee maybe my computer is inferior" sort of message.
>Custom builders are seriously encouraged to turn all this stuff on or
>look like they're building less secure machines. OMG, this machine
>doesn't even support standard hardware security!
>
>Funny thing is *enhanced* security is supported in that situation (if you
>have no blocking drivers). You can still turn on Memory Integrity without
>secure boot and will then be running the only requirement of enhanced
>security. You just have secure boot turned off, and Windows 11 could
>easily read a motherboard list to see that secure boot is possible and it
>is supported. In fact, it almost certainly is if the machine can run
>Windows 11 without a requirements hack. Fact is, the message will only
>tell you that the two security levels are "supported" if these things are
>turned on. It will tell you that standard is not supported if you have
>secure boot turned off, but memory integrity turned on. It's very
>misleading.
>
>So they strongly encourage everyone to turn on both Secure Boot and
>Memory Integrity. The messages mislead a common user to believe the
>machine is less secure, unsupported in fact, if they are not turned on.
>If Memory Integrity is turned on, then it says enhanced security is
>supported. So if you turn off secure boot (the easiest way to get at
>Linux is to boot off a live cd), then security is unsupported, even if
>you turn on Memory Integrity. If Memory Integrity is turned off
>(necessary for the other option of installing to a virtual machine), then
>your machine only "supports" standard security, and doesn't "support"
>enhanced security.
>
>Try explaining that to a customer!
>
>And here's the kicker. The end result of that is it leaves you no way to
>run a Linux live disc or install Linux in a virtual machine. You can't
>run Linux independently without really knowing what you're doing.
>
>And then WSL comes to the rescue, encouraging you to pick your distro
>from the Microsoft store and promising "performance enhancements" beyond
>a normal install of Linux?
>
>https://learn.microsoft.com/en-us/windows/wsl/about
>
>Yeah, that article is aimed at developers, and they know better, but
>that's eventually going to be the party line for the common user. You
>want Linux? You can't get Linux from a distro iso? Aw, shucks. That shit
>is broken. Come to the Microsoft Store, we've got your Linux right here.
>
>I think I can see where this is going. It's everything I've come to
>expect from MS. It's a long game to get there, but it's just EEE.

Gee, and people criticize me for sticking with backward but simple XP?

Zaghadka <zaghadka@hotmail.com> wrote:

>I presume the end game is to kill the entire NT line of software as a bad
>idea gone worse and base everything on Debian as soon as Codeweavers, or
>some MS version of Wine, is up-to-snuff. Gotta have that backward
>compatibility.
>
>So, in synopsis, Microsoft is moving to bring Linux distro "choice" to
>Windows, discourages using real ISOs as much as possible in boot disc and
>VM, and then turn into Pengwin, the Linux distro to rule them all, which
>will probably be called Windows NNT: NEW new technology.
>
>Was this Whitewater Foundry "Pengwin" stuff on anyone's radar at all
>here?
>
>MCPs, start looking into Debian. It is your future. This NT stuff is just
>running on inertia, I think.

The core of Windows is on par with the Linux kernel, it's just that
it's easy to see Windows' commercial drawbacks, which are there, but
it's because of the nature of the platform, changing the core OS code
isn't going to change that. I don't foresee any move away from the
basic structure of the NT series.

--
Joel Crump