this is not a guide about creating an extremely stripped-down, telemetry-free version of Windows; we stick to the things that Microsoft officially supports turning off and removing. There are plenty of experimental hacks that take it a few steps farther—NTDev's Tiny11 project is one—but removing built-in Windows components can cause unexpected compatibility and security problems, and Tiny11 has historically had issues with basic table-stakes stuff like "installing security updates." //

During Windows 11 Setup, after selecting a language and keyboard layout but before connecting to a network, hit Shift+F10 to open the command prompt (depending on your keyboard, you may also need to hit the Fn key before pressing F10). Type OOBE\BYPASSNRO, hit Enter, and wait for the PC to reboot.

When it comes back, click "I don't have Internet" on the network setup screen, and you'll have recovered the option to use "limited setup" (aka a local account) again, like older versions of Windows 10 and 11 offered. //

Rufus is a venerable open source app for creating bootable USB media for both Windows and Linux. If you find yourself doing a lot of Windows 11 installs and don't want to deal with Microsoft accounts, Rufus lets you tweak the install media itself so that the "limited setup" options always appear, no matter which edition of Windows you're using.

"The ESU program for consumers will be a one-year option available for $30," Yusuf Mehdi, EVP and Consumer CMO, said in a blog post. "Program enrollment will be available closer to the end of support in 2025."

Pour a cup of cocoa and settle down for another episode of Microsoft Storytime. Why do codenames sometimes linger on in the implementation of products?

"Chicago" was Microsoft's codename for Windows 95. During its development, Microsoft's new operating system went by several names externally – Windows 4.0 and Windows 93, to name but two – but internally, it was named for the windy city.

The successor to Windows 3.x debuted 29 years ago as Windows 95, but during its development, engineers needed a name – not least for drivers. And so, lurking in the Signature entry of .INF files was $Chicago$.

The entry indicates the operating systems for which the INF is valid, and could also be $Windows NT$. As far as Microsoft was concerned, both values meant "All Windows operating systems." But why $Chicago$?

Not even a week ago, Microsoft doubled down on its policy that requires PCs to have TPM 2.0-compatible hardware in order to install Windows 11. But now, in an unexpected and puzzling move, the company is issuing instructions for installing Windows 11 on incompatible PCs.

You can find those official instructions on this support page. However, Microsoft begins the instructions with a direct warning:
https://support.microsoft.com/en-us/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1. //

For anyone who updates to Windows 11 despite not meeting the requirements, Microsoft offers the opportunity to return to Windows 10. However, this is only possible for 10 days after upgrading.

The option to revert can be found in Settings under System > Recovery > Recovery options. The step-by-step process will then take you back to Windows 10. However, you should create a backup before upgrading to be on the safe side in case something goes wrong.

Google, Amazon, Microsoft dive into costly deals that aren't generating anything yet. //

Nuclear power contracts signed by hyperscalers show they're desperate for reliable "clean and green" energy sources to feed their ever-expanding datacenter footprints, however, investment bank Jefferies warns that these tech giants are likely to end up paying over the odds to get it.

A clear bias has been uncovered in the AI image creator Image Creator from Microsoft Bing, also known as Microsoft Designer. The online tool will allow the creation of images with Kamala Harris for President content, but will not allow the same for Donald Trump.

Basic Authentication is an outdated industry standard. Threats posed by it have only increased with time and we have already deprecated Basic Authentication across numerous products. For more information, go to Improving Security - Together. There are better and more effective user authentication alternatives.

The Settings app has taken over, but Control Panels aren't going anywhere yet. //

What's incredible about some of the Control Panels at this point is how far back some of their designs go. You're never more than a double-click away from some piece of UI that has been essentially exactly the same since 1996's Windows NT 4.0, when Microsoft's more-stable NT operating system was refreshed with the same user interface as Windows 95 (modern Windows versions descend from NT, and not 95 or 98). The Control Panel idea is even older, dating all the way back to Windows 1.0 in 1985.

When running in kernel mode rather than user mode, security software has full access to a system's hardware and software, which makes it more powerful and flexible; this also means that a bad update like CrowdStrike's can cause a lot more problems.

Recent versions of macOS have deprecated third-party kernel extensions for exactly this reason, one explanation for why Macs weren't taken down by the CrowdStrike update. But past efforts by Microsoft to lock third-party security companies out of the Windows kernel—most recently in the Windows Vista era—have been met with pushback from European Commission regulators. That level of skepticism is warranted, given Microsoft's past (and continuing) record of using Windows' market position to push its own products and services. Any present-day attempt to restrict third-party vendors' access to the Windows kernel would be likely to draw similar scrutiny. //

For context, analytics company Parametrix Insurance estimated the cost of the outage to Fortune 500 companies somewhere in the realm of $5.4 billion.

he top ten reasons Eternal Damnation is better than Windows Software Development

Microsoft has open-sourced another bit of computing history this week: The company teamed up with IBM to release the source code of 1988's MS-DOS 4.00, a version better known for its unpopularity, bugginess, and convoluted development history than its utility as a computer operating system.

The MS-DOS 4.00 code is available on Microsoft's MS-DOS GitHub page along with versions 1.25 and 2.0, which Microsoft open-sourced in cooperation with the Computer History Museum back in 2014. All open-source versions of DOS have been released under the MIT License. //

The publicly released version of MS-DOS 4.00 is known less for its new features than for its high memory usage; the 4.00 release could consume as much as 92KB of RAM, way up from the roughly 56KB used by MS-DOS 3.31, and the 4.01 release reduced this to about 86KB. The later MS-DOS 5.0 and 6.0 releases maxed out at 72 or 73KB, and even IBM's PC DOS 2000 only wanted around 64KB.

These RAM numbers would be rounding errors on any modern computer, but in the days when RAM was pricey, systems maxed out at 640KB, and virtual memory wasn't a thing, such a huge jump in system requirements was a big deal. //

Microsoft has open-sourced some other legacy code over the years, including those older MS-DOS versions, Word for Windows 1.1a, 1983-era GW-BASIC, and the original Windows File Manager. While most of these have been released in their original forms without any updates or changes, the Windows File Manager is actually actively maintained. It was initially just changed enough to run natively on modern 64-bit and Arm PCs running Windows 10 and 11, but it's been updated with new fixes and features as recently as March 2024.

cybershow • April 3, 2024 5:23 PM

@ Nick Alcock

Hey Nick, I do appreciate the compliment, but you are too kind, I am not sure it is possible to ever be too paranoid in this
business 🙂 In my tradition we call it radical scepticism.
...
Regardless then the perhaps ridiculous accusation of whether and how Microsoft caused this issue, the question of how could Microsoft benefit from it is a separate, good and worthy one I am pleased you ask.

The story of the backdoor so far is two-fold. It’s a technically great hack one has to admire, with undetectable RCE in the auth phase of the most used critical protocol. Hats-off!

But it’s also a story of sinister social engineering. A dark night. A lonely and isolated maintainer. Some well meaning visitors drop by “to help”…

What we’re left talking about is the very nature of open source development, of supply chains and trust models. Perhaps a long-overdue conversation, no?

But who have positioned themselves “to help”?

Who have replaced the entire pre-2010 ecosystem of individual and autonomous development with a single GitHub?

Who might we expect to soon come riding in on a white stallion with “solutions” to the vulnerability of FOSS supply chains? To protect the lonesome, unpaid, overworked and socially unskilled FOSS maintainer?

most respectfully. //

Winter • April 4, 2024 5:08 AM

@cybershow

Regardless then the perhaps ridiculous accusation of whether and how Microsoft caused this issue, the question of how could Microsoft benefit from it is a separate, good and worthy one I am pleased you ask.

Microsoft ships Linux as part of WSL. The targeted Linux distributions are the main deployments on Azure. Azure generated $45B of revenue (23%)[1]. That is more than Office or Windows. Azure is the biggest growth market for MS. AFAIK, MS have nothing to replace Linux available.

This means that anything that damages Linux will damage Azure and hence, MS’ bottom line. I find your “attribution” rather unrealistic.

[1] 2022 ‘https://www.kamilfranek.com/microsoft-revenue-breakdown/

Former Microsoft programmer Dave Plummer shared some history about one of those finely aged bits: the Format dialogue box, which is still used in fully updated Windows 11 installs to this day when you format a disk using Windows Explorer.

Plummer says he wrote the Format dialog in late 1994, when the team was busy porting the user interface from the consumer-focused Windows 95 (released in mid-1995) to the more-stable but more resource-intensive Windows NT (NT 4.0, released in mid-1996, was the first to use the 95-style UI).

Formatting disks "was just one of those areas where Windows NT was different enough from Windows 95 that we had to come up with some custom UI," wrote Plummer on X, formerly Twitter. Plummer didn't specify what those differences were, but even the early versions of Windows NT could already handle multiple filesystems like FAT and NTFS, whereas Windows 95 mostly used FAT16 for everything.

"I got out a piece of paper and wrote down all the options and choices you could make with respect to formatting a disk, like filesystem, label, cluster size, compression, encryption, and so on," Plummer continued. "Then I busted out [Visual] C++ 2.0 and used the Resource Editor to lay out a simple vertical stack of all the choices you had to make, in the approximate order you had to make. It wasn't elegant, but it would do until the elegant UI arrived. That was some 30 years ago, and the dialog is still my temporary one from that Thursday morning, so be careful about checking in 'temporary' solutions!"

The Windows NT version of the Format dialog is the one that survives today because the consumer and professional versions of Windows began using the NT codebase in the late '90s and early 2000s with the Windows 2000 and Windows XP releases. Plenty has changed since then, but system files like the kernel still have "Windows NT" labels in Windows 11.

Plummer also said the Format tool's 32GB limit for FAT volumes was an arbitrary decision he made that we're still living with among modern Windows versions—FAT32 drives formatted at the command line or using other tools max out between 2TB and 16TB, depending on sector size. It seems quaint, but PC ads from late 1994 advertise hard drives that are, at most, a few hundred megabytes in size, and 3.5-inch 1.44MB floppies and CD-ROM drives were about the best you could do for removable storage. From that vantage point, it would be hard to conceive of fingernail-sized disks that could give you 256GB of storage for $20. //

Red Zero Ars Praetorian
12y
510
"Nothing is more permanent than a temporary solution." - Attribution Unknown. Having encountered this in the work environment many, many times, I know the truth of this. //

https://xkcd.com/2730/

While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you find security holes and lock down permissions where necessary.

Musk's problem was that his laptop was automatically connecting to the local Wi-Fi, which doesn't have a password. If a user can install without connecting to the internet, it is still possible to get Windows 11 up and running without using a Microsoft account. //

On a sacrificial PC, we found that Windows 11 can indeed be installed without a Microsoft account. We used Shift + F10 to drop to a command line at the network connection page and entered OOBE\BYPASSNRO to force a reboot and make the "I don't have internet" option appear. To be fair to Musk, it is quite convoluted.

Running a personal Windows 11 device without a Microsoft account is not a great experience, however. Some elements of the operating system simply do not work, and Microsoft is clearly keen for customers to have an account. If that's not a path you wish to tread, there are plenty of alternatives to Windows 11 out there.

In the early days of microcomputers, everyone just invented their own user interfaces, until an Apple-influenced IBM standard brought about harmony. Then, sadly, the world forgot. In 1981, the IBM PC arrived and legitimized microcomputers as business tools, not just home playthings. The PC largely created the industry that the …

COMMENTS

1/11/24 update added below.

Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker.

Yesterday, as part of Microsoft's January 2024 Patch Tuesday, a security update (KB5034441) was released for CVE-2024-20666, a BitLocker encryption bypass that allows users to access encrypted data.

However, when attempting to install this update, Windows 10 users are reporting getting 0x80070643 errors and the installation failing. //

When installing the KB5034441 security update, Microsoft is installing a new version of the Windows Recovery Environment (WinRE) that fixes the BitLocker vulnerability.

Unfortunately, Windows 10 creates a recovery partition, usually around 500 MB, which is not large enough to support the new Windows RE image (winre.wim) file, causing the 0x80070643 error when attempting to install the update. //

Microsoft releases script to install fix

Microsoft has released PowerShell scripts that automate the installation of the BitLocker CVE-2024-20666 security patch to the Windows 10 Windows Recovery Environment (WinRE).

These scripts do not install the KB5034441 update but rather mount the WinRE partition, copy over the images from a dynamic update, and unmount the partition again.

The WinRE partition will now contain the latest files, including the BitLocker fix, effectively eliminating the need for the KB5034441 update on these machines.

Windows is live on Git

Over the past 3 months, we have largely completed the rollout of Git/GVFS to the Windows team at Microsoft.

As a refresher, the Windows code base is approximately 3.5M files and, when checked in to a Git repo, results in a repo of about 300GB. Further, the Windows team is about 4,000 engineers and the engineering system produces 1,760 daily “lab builds” across 440 branches in addition to thousands of pull request validation builds. All 3 of the dimensions (file count, repo size and activity), independently, provide daunting scaling challenges and taken together they make it unbelievably challenging to create a great experience. Before the move to Git, in Source Depot, it was spread across 40+ depots and we had a tool to manage operations that spanned them.