-->

Thursday, July 1, 2021

Throwaway 3 (it's piling up here)

Windows 11

 Notes:

The built-in command prompt has makeup and a new hairstyle...I don't know much more than that.

"Windows Terminal" isn't actually for-real a terminal, it's uh, *missing* until you download the app, which allows you to run Powershell.

But let's see, um, "CMD" is still there.

Some of my apps appear to have migrated from my D: drive to my "C:" drive, as if all the wagons were circling around my "C" drive and the strays are being rounded up.

It's tough to explain, "Office" is now on "C:" not "D:".

My equalizer kept telling me to install on a directory of "C", and I swear it was on "D" before.

I haven't tried any executables in my d: benchmark directory yet, will they even run?

Or is microsoft playing favorites with a few apps.

I only know my favorite tiled shortcuts are gone and in their place are the plastic-fake apps "Photos", "Skype" and so on.

So it'll be a year (being optimistic) before I line everything up to the way it was before.

This is more than painting your house, it's like smashing down rooms and replacing them, for no good reason.

O, and my hardware-security no longer measures up.

Did, doesn't.

This *could* mean I wouldn't be eligible for the next upgrade (Give me a month to find out)

And, um, that's it for now, I'm sure I'm forgetting something but I'll think of it tomorrow.


Stuff that was there wasn't, and then it was...Alzheimer's people might have trouble, I know I do.

stuff is there...but it's like, you're on a boat and hit a biggie rock.

To-Do: run a backup, soon. Do they still insist the only backup available is from win-7 ?

Ryzen Master, CPU-z run fine.

Oh, and the taskbar is aligned to the left (why is everything political?) because I made it that way
(It defaults to center)


I've got a gripe but this might look ranty:






I'm getting mixed messages from this diva called windows 11.
Good enough smart enough just not pretty enough





Virtual enabled.

TPM enabled (so the semi-slow can be shocked and awed that I did that already)


Core isolation cannot be looked at, I am unworthy
(I could look at it in win10, just not now)


That little yellow flag in "virus and threat protection" is (I set it tons of times, tons of times it set itself back again) maybe because I haven't bought any virus programs.



The unreadables:

TLDR: If I enable the right exact features, the alphabet soup of virtual hypervisorism,

uh, it might make "device security" happier????

and along those lines, whatever the ___ this next glob of features are, I enabled some of them to please them, with the creepy feeling that NOW nothing of any worth will run.

("Sehop"???)

Overriding question:
Whatever these are, whatever they do, *why* aren't they enabled by default, being so good?
Or maybe they're not so good.
Or maybe the people complaining about performance hits could disable them if they want.

But noooo. I'll totally guess that freebie reviewers at tomsHardware would review windows as being slower than (maybe) a mac or an android?





They obfuscate, confuse.

*the above* tpmtool thingy shows quite clearly that my TPM is worthy, but the GUI in windows is less than helpful.
A very vague dismissal of anything I have, a statement or two that the TPM is either missing or unusable.
Wrong!!
OK I don't have keys, Bitlocker says I can't use it, but it's there!

Gathering dust bunnies, but still.

And yet, digging really deep, 
https://www.cnet.com/news/whats-modern-standby-and-why-you-want-it-on-your-next-laptop/

Wouldn't you want a computer s0 attentive, it could listen to what you say and report it back to Microsoft? A computer that pretended to be asleep but wasn't.

(well anyway, read the article).

And "DMA,"
 hasn't that been around forever?

Well now they're kicking it out of polite society, saying it's unclean.

I gotta research this more but yeah, My hardware virtualization is calling me on not being S0, and for having DMA (ew)

"Device Encryption Support Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected"

BTW this (unworthy to be encrypted) flaw or whatever is well documented;
It boggles the mind.
But in case Todd the hacker is your next door neighbor, maybe they forbade certain devices (like my boot drive) from, uh, where were we??
So buy a phone, an apple, or a 2021-model surface-pro-caligula,
or
sssuffer
Intel Skylake And Intel Project Athena are worthy, IOW most extremely recent Laptops.
I am not a laptop, and this thing is hoary at three-years old.



I had zombie apocalypse nightmares, thank-you-very-much, and because it was a morphing dream, the next day I explained the dreams to a dream-spouse.
But the theme was obvious, 
no matter what you do,
no matter how hard you try,
you're doomed.
Welcome to Windows 11. 
Years ago, You could allow PC's to "sleep" or standby in hot rooms, because the fans would still run, even though the PC and RAM were idle.
ecoterrorist comments redacted,



This is not a laptop

Microsoft seems to be favoring Laptops right now.
ooo, look at the pretty little thing obediently springing to life once a 18-24 year-old says "OK Cortana," (Siri, Alexa, any feminine name for your Servile listening PC will do.)
OK remember "Knight Rider?"
It's like that, the engineers watched the show as kids.
But times have changed, and companies (and bored employees in them) want to listen in too.
(This will be edited, it sounded tons better in my head before)
Siri (alexa, Cortana)


A mind-blowing statement (in case you were still here and relatively unperturbed) 

IOW if u use encryption, other memory encryptions aren't allowed.
WTF?! Good bad or "Same Difference"?


The first quote was an ex-cathedra from AMD. *This* quote is from some freebie reviewer.


Not for nothing, but... WHY does everyone talk like they're the official voice of God??

Anyway,



No dead-horse-beater here, but they *continually* *bury* menus under other menus with every new version.



It took me forever to find that little box letting you change what your adapter is hooked-up to, 

They'd rather show you prettier and much more useless menus first.

It's as if they're burying menus underneath the buried menus...hard to explain, especially to people who already know where the menus are buried.

It's like having a pissed-off receptionist telling you stuff...

Control Panel\Network and Internet\Network Connections (it says) but I'm...um...ok nevermind. 

"Pin to start menu" is being all snobby, it won't let me paste my shortcut. It's out there on the desktop 

shivering, hoping I don't delete it with all the other flotsam out there.

There MUST be an exact way to edit the start-menu-square-picture-thingies, without using fancy mouse-dragging (which it is forbidding anyway)

(I'll come back to this)


I failed miserably to find the place they keep all the shortcuts they allow "pinned" to start menu.
Wait, I can try again! One...task...left...to...perform.

"which was being excluded..." whut?? OK I'll look (I feel like a janitor working the graveyard shift in the game "Control")


OK...
Let me explain this to the truly slow, the ones who come up with all sorts of reasons why this should work but doesn't.
Ladies and gentlemen, I direct your attention to the center ring, in which two (countem, two) shortcuts exist, and one can be pinned to the start-menu, and one cannot.
Pictures extra.






PS doing "dir -s" in Powershell 7 takes Eons, but "dir /s" in Command-prompt takes a couple seconds.
Progress? Bah humbug. Get-ChildItem -Path C:\ -force -recurse
Get-ChildItem -Path C:\ -force -recurse | out-file files.txt
or 
"set dircmd=/a /o"
"dir c:\*.* /s >files.txt" (which technically would throw an "access denied" error)
uh, six, half dozen, but it's like new math, reading german at 80.
(whut?)



(They must be so proud of themselves)
Repeat everything I wrote about the shortcut and you'll find a wordy explanation typed slow for my benefit (damn near everywhere) but it's a PITA the way they suck the fucking life out of you, thinking of new ways to obfuscate and confuse...I CANNOT pin a damned shortcut, it won't LET me, not to the taskbar, not to the biggie cute start thingy...
$#@! and the horse too

generic-crap
            Generic-crap's submenu
                                Generic specific thing from submenu
                                                     Actual-thing you wanted in the first place (but it's buried)
shortcut (taskbar item, "Pin to taskbar") points to "generic-crap", not your hidden little gem.
Conclusion: They love mouse clicks, it's like sex for them.
Or they want you to buy a touch-something.

Happy ending: 

I pasted the damn accursed shortcut into every directory I could think of, and eventually 
it showed up in the "All apps" button on the top of the start-box (fancy-dancy-whatever).
Then I right clicked and "pin to start menu" worked.
So now I've got a weedy-patch of useless shortcuts, and ONE good shortcut which actually works.
So I did it!
Just don't ask me how.

TPM PCR7 Binding State:
TPM (a chip or part of one)
PCR7(what?)
Binding state (says-which?)
2 (Is 2 more advanced, is 2 second to 1, is "two" very low on the scale of PCR7-bindings??)
How's about, no one knows?

so...the uhm, (fight the hunger, the sleepiness, you can do this!!)
The shit they throw around is incredible..."Hashing algorithm" is, um, it's a algorithm that hashes (encrypts?) and "concatates" (which isn't really a word) appends the result into a very large register (160 bits). Yeah ok, yada whatever, but what is a PCR 7?
Can we totally Guess (hang on)
the seventh register, of a group of registers, is well-known and has the friendly name of "PCR7" and has a well known function?
Seriously, you don't need to teach me the entire history of registers and programming, just say with authority that "pcr7" knows a thing, and *this* is what it means, is that too much to ask?
Yes, apparently.
so why is tpmtool saying it's "2"?
The registry says *nothing* about pcr7 and bindings, WTF??
This reeks.
Nearly english
a checksum (a fucking number) either matches an allowed value or it doesn't.
There.

Yada blah, four-score and seven years ago BLAH
Herbert!!
https://docs.microsoft.com/en-us/windows-hardware/test/hlk/testref/8c7a62bb-7f02-4a16-b37d-711cc9026e17 (In the beginning was the word, and the word was with Microsoft...)
AOAC="always on, always connected" =a desk-fucking-top-PC.
So NON aoac=Laptop, but they couldn't just SAY that, it's too low-brow.
As of this exact second I have not found out the meaning of PCR[7] but it appears to be a seal of approval.
Good enough, smart enough, people should accept you, if your PCR-7 is filled with a worthy value.
(What that value is, I have no idea)
 Secure Boot for integrity check (PCR[7])                
Is it safe??
IS IT SAFE??!!!

Much, MUCH smarter-than-me-people have pondered this black-hole, and are stonewalled by
[redacted]


The physical (FTPM) is not being called into question, only my ability, or necessity, to set anything up!
for example, a variable called "Public key" is set to System.Security.Cryptography.AsnEncodedData
but "PublicKeyHash" is blank,
as are "manufacturerCertificates."
Now let's assume hackers already know some of the defaults getting shipped with a typical FTPM.
How (or is it necessary) to change the hash, or any keys?


Only the model and brand are filled in.
Yeah that's like saying I have a ford f150 and accompanying locks, but I'd think I would need a unique key to start using the truck.
O well, I'm stuck.
People with years of college know nothing about this, or do not discuss it online, nor help anyone who asks.

Personally, I'd love to *try* bitlocker by making a junk-partition I'd never use, filling it with (I don't know what) and encrypting it.
If it turned out to be unusable after a month or so, who would care?
I'm still too scared to turn it on, But the point would be, *Could* I successfully use it, not if I trust it, which I do not.
There you are, sitting there with ALL your little secret information on a BOOT drive, unavailable because you forgot to store some password, no-no-no, but windows 11 insists on it.
Why?
Well (as an example) self-assured assholes cannot explain why my BIOS-Updates stop at 50%, saying snarky crap like "Why don't you just let it finish?"
And the people who ask about this go away sheepishly, feeling that their PC is inadequate.
If you encrypted a drive and it broke for whatever reason, would you put up with these same buttholes, would you *pay* to recover your drive?
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)