Windows has always* done this and so do many others. I very much doubt that the EU would fine Microsoft for it. Since when was extended support against EU regulation?

For example companies like redhat do the same thing for end of life software: https://access.redhat.com/articles/rhel-eus

I’m not familiar with Suse but it looks like they pretty much do the same thing: https://www.suse.com/products/long-term-service-pack-support/.

Ubuntu too: https://ubuntu.com/security/esm

Of course IBM: https://www.ibm.com/support/pages/ibm-security-extended-support

*I’m unsure if they have allowed regular consumers to buy extended support before, since consumers mostly don’t give a shit about updates. This is at least the first time you could get extended support through any other means than paying for it.

And no ads I presume.

Understandable that they would block it.

Does grayjay rehost content from YouTube or are they using the YouTube backend for streaming video? I would be quite annoyed if anyone used my website as a host for content that’s being consumed on another website.

A few years ago (and to a lesser degree nowadays) you occasionally came across images which wouldn’t work if you “hotlinked” to them on another website. Images aren’t a huge deal anymore but video absolutely is.

That’s true but I wouldn’t really classify this as evil.

Serving videos isn’t easy or cheap. It’s hard and expensive.

I obviously use an adblocker everywhere and so should you.

But saying that Google or anyone else is doing anything wrong by blocking adblockers is ridiculous. When they finally succeed, I will just accept that I finally lost after many many years. My usage of YouTube will likely go down substantially as well. Crying about it after you have used their service for free for YEARS, really makes no sense.

Just curious, what management software are you gonna use?

P.S good luck configuring Linux if you can’t even manage bitlocker.

Nah, you just select domain join. I did that a few weeks ago on a Win 11 enterprise install.

But if you deal with new installs “all the time” you should really consider automating the setup and domain joining, instead of manually creating local accounts and then domain joining.

Yeah probably.

No need to worry similar stuff will get developed for other platforms as well.

Did it use 45 GB extra or were there just 45 GB worth of changes?

Microsoft does that too though. And afaik they have offered extended support for a long time for loads of windows versions (especially for the server versions)

That’s just incompetence. It’s not like they are laughing with the devil because people can’t place the taskbar at the top anymore.

They are not ending support for some evil plot to force people to use win11. They just don’t want to support win10 forever. The exact same thing has happened to every other windows version and most Linux distros and lots of other stuff like servers and networking hardware.

It’s not permanently locked though.

Apparently it’s not configured like that by default and even if it is, just configure it differently if you want a different behaviour ¯\_(ツ)_/¯

Moving over to Linux is a great idea, if you have found a good way to manage them and your users are accepting.

Either way, I have never noticed this issue and we manage hundreds of Windows computers

You know I can take that drive out and just try to brute force it a million times per second without that silly rule being in my way, right? It’s an anti security pattern similar to requiring password changes every week, it’s a bad idea.

Nah, not really. I get what you mean, but the feature is obviously intended to lock the drive after a few failed logins because the user’s password is generally way less secure than the bitlocker recovery key/encryption key. Brute forcing a 48 digit key is practically impossible while brute forcing a user’s password is child’s play in comparison.

So in my opinion it sounds like a pretty good idea to include that feature in the security baseline. It’s not really Microsoft’s fault that you pushed out security baseline settings without checking what they do first. But since you actually did some testing with bitlocker, the impact wasn’t that bad. So just adjust or disable the feature and move on.

And better and people got better at making 3d printed guns.

That depends on where you live. I could get 10 Gbit/s WAN if I wanted to pay the subscription for that but 500 Mbit/s is enough.

Also 10 Gbit/s is mainly useful for LAN. Like connecting to a NAS.

Read the article man

This feature will be available on Teams desktop applications (both Windows and Mac) and Teams mobile applications (both iOS and Android).

You can use pins, passwords, TPM, a usb key, or multiple in combination. But generally TPM is the best option for most users

apparently it’ll pwrma lock itself after x amounts of invalid passwords which is just incredibly stupid. But don’t worry, there is a backup key! Yeah, that is lie

If you only used TPM for bitlocker with no pre-boot authentication or something similar, it’s possible that you had the “MaxDevicePasswordFailedAttempts” policy configured. Apparently that is configured by default if you use the security baseline.

IMO it makes a lot of sense to lockdown and require bitlocker recovery if there has been a few failed attempts.

We use bitlocker on probably over 1000 devices I don’t believe we had any substantial issues with it. Of course users occasionally get locked out, but that should be planned for and a process should be in place to help them.

I suggest deploying windows hello or smart cards to reduce the dependency on passwords. Window hello for business is especially great since it’s free, secure and way easier and faster for users to use, especially if your devices have fingerprint readers or face recognition. I wish Linux and MacOS had anything as useful as Windows Hello.

While I very much dislike that too, it’s very easy to opt out. Just use Windows Pro, Enterprise, or education.

Don’t use passwords for ssh. Use keys and disable password authentication.