Microsoft might want to be making Windows 12 a subscription OS

[Monkey Dust]

It seems an unlikely move for the home market. At the low end of the market, people would go Chromebook, at the high-end, Mac. Only a pretty small niche of the PC buying public need Windows. Our little Windows bound corner of the market would probably migrate to Linux. It would be rough for a couple of years, but it would get better pretty quickly IMO. Valve are itching for MS to fuck up and drive gamers onto Linux, and do what they can to keep us there. 

 

I assume the main source of revenue from home uses is from selling OneDrive subs and user data to advertisers. I imagine the like of HP, Lenovo etc... pay a fraction for OEM licences that we do. If they set the sub at £/€/$50 per year, the same sort of level as an individual 365 sub, would that compensate for the loss of the OneDrive and user data revenue? Would MS's corporate ego be bruised by Windows market share sliding?

 

Of course, what some senior Exec does while existing in a yes men bubble, is anyone's guess.

[Mark Kaine]

4 hours ago, StDragon said:

I've only seen BitLocker get screwed up with wonky partitioning of reused old drives (previously had Linux installed or whatnot) or because the OEM imaged the OS in a non-standard way. The latter is extremely rare however nowadays. 

The rest of what you said does not apply. There's no such thing as incompatible hardware, secureboot, or TPM issues. Either it can do it, or not.

Of all the BitLocker failures I've seen, they were all due to SED (eDrive). Using BitLocker in the standard way is more reliable. You can take the drive from one computer and place it in another. When it asks for the recovery key, you just type it in and the drive is unlocked and available to be used or booted from again.

You really should spin up a VM of Windows Pro and familiarize yourself with BitLocker as it's not as scary as you seem to think it is. 

look, i haven't seen it at all in person but there has been a bunch of threads in a similar vein as i described and often the conclusion was you're SOL... Thats all I'm saying, its not a bullet proof system at all.

 

Ie im not saying it doesn't work, im saying there are risks involved that many people don't account for.

 

in the grandscheme it doesn't matter much though,  was just an example how pro comes with, in my opinion,  undesirable features.

 

i know there are ways to remove it, but ive tinkered so much with my windows install,  im happy with how it is, not possibly mess it up by trying to disable the thing - one drive was already stubborn enough to even just be disabled lol (i think office is still there, but i never notice it so it doesn't bother me)

 

ps: if i think about it windows is already pretty barebones in terms of apps, there's still a whole bunch I'd like to remove completely 

 

 

namely, 3d viewer (what is this why is it there, im not using it) (afaik), alarms and clock (already have a phone, duh), calculator (this wasn't funny in windows 3.1 and still isnt), camera (dont have one), connect (who?), feedback hub (yeah, no), cortana stays, i love her, she's ok, gamebar, i never use it, but i use game mode, suppose those are connected... get help (i find this kind of offensive lol), groove isnt bad! mail (whats that, remove, remove, remove), maps (wtf seems like a privacy nightmare to have this...), skype (anyone still using that...?) messaging (just no), edge... (i wish i knew how to remove this permanently, honestly,  id rather use IE lmao), solitaire (it isnt what it used to be), store (can stay, useful on occasion), mixed reality portal (buzzword galore???), mobile plans (what?), office (well, its just kinda there, i guess?), one drive (disgusting), one note (no idea lol), settings (well i have control panel, not sure why this is there ), snip and sketch (stays, extremely useful!), sticky notes (who?), tips (nahhh), voice recorder (what thing? i don't have a mic, sorry), weather (no), your phone (why???)

 

 

ok, that's maybe a bit of bloat, but not all that bad , they just should give you easy options to remove all that fluff though.

[leadeater]

7 hours ago, captain_to_fire said:

Is this the one with Intune? https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#create-and-deploy-policy

Yea, although that's more around configuring and turning it on. The main difference with Bitlocker Enterprise is the usage of AD/AAD to store the encryption keys so admins can unlock the device if required.

https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison

 

7 hours ago, StDragon said:

It's not any different in risk than with MacOS (OSX) FileVault, which is now enabled by default for the OS drive.

It's different since Mac devices manage the keys better by default so getting locked out is far less likely. The biggest problem is someone trying to be smart, or a desktop support tech trying to be, and turning it on because "works in HR" etc and then nobody has the recovery key and the PIN has been forgotten.

 

Unmanaged Bitlocker is a right pain unless you are actually careful and know what you are doing.

 

I had the same thing with our Endpoint backup solution, desktop tech (Linux fan/bent) thought it was a good idea to turn on "Device Protection" or whatever it is called which sets a PIN preventing administrators from doing data recoveries without the PIN. Sure the feature has a use case but naivety gets you in to trouble real quick.

 

As to above, laptop died, nobody knew the PIN, all data was lost and we had good backups of it going back daily for 2 years.

[jagdtigger]

13 minutes ago, leadeater said:

The main difference with Bitlocker Enterprise is the usage of AD/AAD to store the encryption keys so admins can unlock the device if required.

Why not just treat machines/OS installs ephemeral like we do with containers? Encrypt that sucker and have the machine sync to a safe central server with locked down access rules. As long as the data is in-tact the device is irrelevant in most cases...... (this could even work if MS and programmers would just let go of the abomination called registry)

[Helpful Tech Witch]

18 hours ago, dalekphalm said:

They did. It didn't sell. Windows 10 S was literally a direct competitor to Chromebooks, and was marketed directly to schools and education. It failed.

 

windows 10 s was never the competition for chromebooks, though. it was marketed to that audience, but they had windows 10x to compete with chromeos. windows 10s is just a crappy version of windows 10, with very little actually cut out, just a lot of stupid software locks on things.

[leadeater]

15 minutes ago, jagdtigger said:

Why not just treat machines/OS installs ephemeral like we do with containers? Encrypt that sucker and have the machine sync to a safe central server with locked down access rules. As long as the data is in-tact the device is irrelevant in most cases...... (this could even work if MS and programmers would just let go of the abomination called registry)

Mostly that is the case, data isn't supposed to be stored on the device but people will always not do that for something at some point which is why we have Endpoint backups (not for every device). And the Endpoint backups allow exactly this, it's full system state and you can restore to anything and it'll be fully as it was, data and Windows/Application configuration.

 

And no registry is not at all a problem. There is absolutely zero difference between an ini/conf file on the filesystem and the registry database file sitting on the filesystem. In fact registry is objectively better as it has proper data definition and structure. Unless you are using yaml or some other structured configuration file then the classic Nix* way is worse, absolutely worse.

 

Just actually learn how to manage registry properly, there are full cmdlets/PowerShell and programming APIs to do everything and you can store all your settings in registry files and import/export them as well.

 

There is also no need to clean, remove, touch, mess/break registry as it has no impact at all on it's performance or function. The only time you need to do anything like that is if you need to actually change/remove a registry setting for an application or Windows parameter which is just a valid usage of registry in the first place anyway.

 

Most people's problem is that they don't know Microsoft has proper tools to backup and restore user profiles, since that is where user based registry is stored (only useful if not doing full device backup/restore or similar).

https://learn.microsoft.com/en-us/windows/deployment/usmt/usmt-overview

[jagdtigger]

16 minutes ago, leadeater said:

but people will always not do that for something

Then let it hurt, the more painful the better. They never learn it otherwise.....
 

 

16 minutes ago, leadeater said:

And no registry is not at all a problem.

Pretty much it is. I can do a partial sync (im quite a vivid distro and DE hopper so i cant do a full sync) on users home folders and it will work flawlessly. Try the same on windows and you will get a hit and miss (mostly miss) results because of it....
Registry is just a PITA and dont really help anything, havent seen a properly built linux distro (which according to you has a subpar implementation of config storage) loosing to windows in terms of boot-time for a very long time now.



Also, if MS tries to go sub based on home users their market share will plummet like a brick dummy.

[StDragon]

2 hours ago, leadeater said:

Unmanaged Bitlocker is a right pain unless you are actually careful and know what you are doing.

 

I had the same thing with our Endpoint backup solution, desktop tech (Linux fan/bent) thought it was a good idea to turn on "Device Protection" or whatever it is called which sets a PIN preventing administrators from doing data recoveries without the PIN. Sure the feature has a use case but naivety gets you in to trouble real quick.

 

As to above, laptop died, nobody knew the PIN, all data was lost and we had good backups of it going back daily for 2 years.

A proper IT department or MSP won't be managing BitLocker without proper administration of the keys in the first place.

 

As for stand-alone machines running Pro with BitLocker enabled, at least Windows 11 will backup the key to your online account that you've signed in with. Windows 10 should do the same, but there's a lot of legacy installations of 10 with local accounts still being used.

 

From a security standpoint, lost access to data on a laptop is preferred over a lost of stolen laptop with data not encrypted at rest. As for the lost data, well, that's the user's fault for not having backups stored in their OneDrive, Dropbox, or network share as provided by the IT dept. It's the year 2023 and I no longer shed a tear for lost data due to no backups. I have a  in that regard; no effs given.

[Mark Kaine]

27 minutes ago, StDragon said:

proper IT department or MSP won't be managing BitLocker without proper administration of the keys in the first place

yeah, but we talking about gamery gamers here, no such thing in place then... i even read some people saying "encryption improves performance" ... as if lol, and also a lot of games are already encrypted,  which is a right pain if you want to mod them...

 

on the other hand some mod managers actually work better with compressed files than uncompressed ones (which is also a kind of "encryption" i guess)

 

27 minutes ago, StDragon said:

backups stored in their OneDrive, Dropbox, or network share

the only cloud storage i trust is mega...

 

but then again i just backup my stuff on harddrives, it's the only thing i really trust, even though i know that isn't 100% safe either,  i rather stay in control of my stuff than trusting some mega corp, that doesn't actually care about me. 

 

 

[hishnash]

1 hour ago, StDragon said:

From a security standpoint, lost access to data on a laptop is preferred over a lost of stolen laptop with data not encrypted at rest. As for the lost data, well, that's the user's fault for not having backups stored in their OneDrive, Dropbox, or network share as provided by the IT dept. It's the year 2023 and I no longer shed a tear for lost data due to no backups. I have a  in that regard; no effs given.

Most companies these days go there best to ensure all critical data is persisted off device, one drive or using the companies data-portal like Confluence etc,  the last place I worked did not want us to do full disk backups (for sec reasons) they felt that any data that was on local disk that we did not put up on Confluence etc should be lost if we personally can no longer access the device.  

the reason they had this policing is sometimes we would have customer data on our devices (to help fix/debug and issue a customer was having) the company needed a solid paper trail of that data and needed to be able to be sure it was deleted, us taking backups was a massive laibialty that we might end up having (un deleted) copies of this data lying around after solving a customer case and promising to remove all the data they provided us.     

So full disk encryption (in our case FileVault on macOS) was required and no backers were permitted, and some staff members (not myself) worked on projects for clients that required full nuke and pave approach when they finished, full DFU reset and rebuild of the OS to ensure not a single byte of the customer data was left. 
 

[captain_to_fire]

11 hours ago, StDragon said:

It's not any different in risk than with MacOS (OSX) FileVault, which is now enabled by default for the OS drive.

FileVault full disk encryption is not turned on by default. What is turned on by default is encrypting file system

 

https://support.apple.com/en-ph/guide/security/secf6276da8a/1/web/1

[StDragon]

33 minutes ago, captain_to_fire said:

FileVault full disk encryption is not turned on by default. What is turned on by default is encrypting file system

 

https://support.apple.com/en-ph/guide/security/secf6276da8a/1/web/1

 

"On a Mac with Apple silicon, Data Protection defaults to Class C (see Data Protection classes) but utilizes a volume key rather than a per-extent or per-file key—effectively re-creating the security model of FileVault for user data. Users must still opt in to FileVault to receive the full protection of entangling the encryption key hierarchy with their password. Developers can also opt in to a higher protection class that uses a per-file or per-extent key."

Class C: Protected Until First User Authentication

Note: macOS uses a volume key to recreate FileVault protection characteristics.

"Protected Until First User Authentication

NSFileProtectionCompleteUntilFirstUserAuthentication: This class behaves in the same way as Complete Protection, except that the decrypted class key isn’t removed from memory when the device is locked or the user logged out. The protection in this class has similar properties to desktop full-volume encryption, and protects data from attacks that involve a reboot. This is the default class for all third-party app data not otherwise assigned to a Data Protection class.

In macOS, this class utilizes a volume key which is accessible as long as the volume is mounted, and acts just like FileVault."

In Windows, BitLocker by default will encrypt just data and not the empty space. However it's recommended to encrypt the drive including empty space if the drive has been in use prior; because empty space can still contain data even if the index is erased from the filesystem. THAT SAID HOWEVER, NVMe (SSDs in general) do perform garbage collection via TRIM, so one could argue it's rather pointless to encrypt the entire volume as the empty space would be scrubbed clean by the SSD controller during the garbage collection process. There's a lot of debate on that, but aforementioned recommendation is true if in regards to your HDDs.

[leadeater]

4 hours ago, StDragon said:

A proper IT department or MSP won't be managing BitLocker without proper administration of the keys in the first place.

We are talking about home users and those with local admin perms turning it on themselves. You can do it right but the conversation is pointing out when it's not done right and actually does create problems.

[leadeater]

6 hours ago, jagdtigger said:

Pretty much it is. I can do a partial sync (im quite a vivid distro and DE hopper so i cant do a full sync) on users home folders and it will work flawlessly. Try the same on windows and you will get a hit and miss (mostly miss) results because of it....

Then use USMT and it'll be 100% literally every time.

 

My job literally used to be desktop and user management, migrating and replacing computers across different hardware and OS versions of Windows. One thing I have never had a problem with is migrating exactly and only the required user state and application specific customizations and configuration data, even when it's half in registry and half in %Appdata%.

 

6 hours ago, jagdtigger said:

Registry is just a PITA and dont really help anything, havent seen a properly built linux distro (which according to you has a subpar implementation of config storage) loosing to windows in terms of boot-time for a very long time now.

Boot time and registry are 1000% unrelated.

 

6 hours ago, jagdtigger said:

which according to you has a subpar implementation of config storage

It is, liking something and knowing how to use it only makes it better for you, it's not an objective measure of which is a better strategy of managing operating system and application settings.

 

You're essentially saying an CSV is better than a Relational Database for storing and processing customer information and orders. Not everyone actually knows how to create and manage a proper relational database and for those people the superior option would indeed be a CSV. But here's the thing, Dell.com doesn't process orders using CSV's.

 

There's always give and take between what is technically better and what can actually be used. No matter how good something is it's entirely useless if you can't use it.

[kirashi]

On 10/5/2023 at 2:18 PM, Avus said:

Summary

While this has been a hunch for a while among the Windows enthusiast community, a new leak seems to be further providing somewhat solidifying evidence that it could indeed be the case, that Microsoft's next-gen OS, casually referred to as Windows 12, could be a subscription-based OS

 

Quotes

 

My thoughts

If Windows subscription is only meaning Windows activation, then i am ok using Windows WITHOUT activation. If I can't use Windows AT ALL without paying M$ for the rest of my life then I will leave Windows.

I am already grown out of MS Office (10+ years ago) for my personal use and for my own business. LibreOffice and Google Doc basically can cover all my documents need.

GAMING is the only reason why I still stay with Windows. But with Valve (Steam) keep supporting and developing in Linux, I have no problem to give up a few games to just gaming on Linux.

All my NAS and servers are Debian based.
All my computers older than 7 years old are using Linux (Ubuntu/Debian), they just run better and will always get OS updates.

 

Sources

https://www.neowin.net/news/microsoft-might-want-to-be-making-windows-12-a-subscription-os-suggests-leak/

 

Allegedly debunked already. See links below.

https://www.windowscentral.com/software-apps/windows-11/no-of-course-windows-12-wont-require-a-subscription-to-use

 

[BlueChinchillaEatingDorito]

Welp... while we're on the subject. If you upgraded to Windows 10 or 11 using your old Windows 8 or 7 license... DO NOT UPDATE THE BIOS, UPGRADE YOUR HARDWARE OR ANYTHING THAT WILL TRIGGER WINDOWS ACTIVATION AS YOU WILL NOT BE ABLE TO REACTIVATE AT THIS TIME. Not even having a Digital License linked to your Microsoft Account will help you. Currently have a ticket open with Microsoft about this. 

 

Love how this news is around the same time Microsoft stopped allowing you to activate/upgrade to 10 or 11 using older Windows keys. 

[jagdtigger]

12 hours ago, StDragon said:

From a security standpoint, lost access to data on a laptop is preferred over a lost of stolen laptop with data not encrypted at rest.

That, and no-one else having the key besides the user of the PC, if anyone else has it that encryption is as good as if it wasnt there......

[jagdtigger]

8 hours ago, leadeater said:

My job literally used to be desktop and user management, migrating and replacing computers across different hardware and OS versions of Windows.

So can you sync registry between machines on the fly as soon as something changes? AFAIK you cannot. the only thing you can do is periodically make snapshots.

 

 

8 hours ago, leadeater said:

Boot time and registry are 1000% unrelated.

Boot time, application launch time, whatever you want asd an example. Never seen one case where having files for config caused the program/OS to be slower than windows using that abomination.

 

8 hours ago, leadeater said:

It is, liking something and knowing how to use it only makes it better for you, it's not an objective measure of which is a better strategy of managing operating system and application settings.

Objectively storing program settings in an OS specific thingy that dies with the OS is way worse than something that can be just copied over to any OS and the application will open like nothing happened and you can pick up where you left off.....

[leadeater]

27 minutes ago, jagdtigger said:

So can you sync registry between machines on the fly as soon as something changes? AFAIK you cannot. the only thing you can do is periodically make snapshots.

First how are you doing it on Linux, then do the same on Windows 

 

As I said you have all the accessibility you need to do this, it's learning problem not a capability problem. There's at least 3 different ways with slightly different specifics about them I can think of but I could expand that out to more than 3 if I include not very realistic home options.

 

27 minutes ago, jagdtigger said:

Boot time, application launch time, whatever you want asd an example. Never seen one case where having files for config caused the program/OS to be slower than windows using that abomination.

What are you even talking about and what is your point. Registry doesn't make Windows or applications slower and it has nothing to do with the boot time of Windows like I said. Now registry is the cause of it to be raining? Don't blame things because you just don't like them, not liking something and it being the cause of whatever it is you want to talk about aren't the same thing.

 

Yes often Windows boot slower than Linux, that is due to the vast vast differences between Windows and Linux and none of that is to do with Registry. It's actual milliseconds or less to read the Registry database file in to memory and access settings within it is also milliseconds, it's only slow to search crawl it rather than referencing specific key value pairs in known locations which is how it's actually used by applications and the OS. Shock horror it's also slow to crawl file systems and even slower to crawl and read in files to find key word references of something you don't know where it is. You don't do either of these very often so it's hardly relevant and awful for both.

 

So I have actually no idea what your point is and it's more than likely just coming from not understand how Registry works and just blaming it when it's got nothing to do with whatever it is that is the problem.

 

27 minutes ago, jagdtigger said:

Objectively storing program settings in an OS specific thingy that dies with the OS is way worse than something that can be just copied over to any OS and the application will open like nothing happened and you can pick up where you left off.....

So you mean exactly like the root filesystem of the OS where configuration files are stored? Or do you mean the Registry settings that can be simply copied over to any system you like so long as you know how to do it. Are you done saying you have a knowledge deficiency but refuse to to upskill and learn?

 

Swapping out a computer with a brand new one with a brand new OS install and have everything exactly how it was with the person not noticing was my actual job, something I was very good at and did for thousands of computers and that is not an exaggeration.

 

As I said something is useless if you don't know how to use it, you clearly don't know how to use it so it's useless to you. That I do agree on.

[Needfuldoer]

9 hours ago, leadeater said:

My job literally used to be desktop and user management, migrating and replacing computers across different hardware and OS versions of Windows. One thing I have never had a problem with is migrating exactly and only the required user state and application specific customizations and configuration data, even when it's half in registry and half in %Appdata%.

No no no. Don't you understand? Big bad M-Dollar-Sign does it that way, therefore that way is bad! /s

[leadeater]

28 minutes ago, Needfuldoer said:

No no no. Don't you understand? Big bad M-Dollar-Sign does it that way, therefore that way is bad! /s

It's not like the situation in Windows land isn't bad though, with multiple different ways to manage application settings and no strict standard people have different ideas about what is "best" and then you end up having to manage and account for 10 different "best" ways 

 

But I also encounter that over in Linux world too, just less fragmented there so not as bad in that regard. But that's a different thing to whether or not a queryable databases is good or bad, also being a databse alone doesn't make it good (nor bad either).

 

If there are settings I really care about then I'll put them under configuration management, then can choose anywhere to apply those and you can do that for Windows and Linux with multiple different tools, methods or whatever.

 

Personal computers realistically close out a few good options on the Windows side like Roaming Profiles with Folder Redirection or FSLogix as both of these are corporate network focused and have requirements to make them work although you can actually do Roaming Profiles with Folder Redirection in a home setting without AD etc if you really want.

 

Anyway if you just want to capture Registry changes and then also do something enable Registry Auditing (auditpol /set /subcategory:”Registry” /success:enable) then setup a Task that is triggered by the Event Log entry that is created for every change that also has what has changed in it. PowerShell script that gets the changed settings and applies it to remote computers you want, done. Is this really a good idea, probably not really but if that's what someone really wants and can't use the proper Windows/Microsoft capabilities for such a thing because 'not running Active Directory' then here is a way that works for any unknown Registry values and changes from anything via any method.

 

Managing known Registry settings there are better methods than above.

 

The above specifically for syncing/managing multiple active systems not migrating between them.

[jagdtigger]

9 hours ago, Needfuldoer said:

No no no. Don't you understand? Big bad M-Dollar-Sign does it that way, therefore that way is bad! /s

Oh yeah, lets just ignore the obvious answer that its a needlessly complicated solution to a simple problem. That definitely cannot be the answer..... /s

[PocketNerd]

All I want is for Bitlocker not to automatically turn itself on. Ever.

[Kisai]

On 10/8/2023 at 10:56 AM, PocketNerd said:

All I want is for Bitlocker not to automatically turn itself on. Ever.

Bitlocker enabled should not be automatic for home users unless they have explicitly opted into the Microsoft Account to back up the keys.

 

More to the point, Microsoft needs to be regulated to not allow banning of Microsoft accounts. Current Microsoft accounts are basically the original MSN messenger accounts, Hotmail accounts, Skype accounts, Xbox 360/Live accounts. If someone's account does something that is deserving of a "ban", it should be locked out of the service until a human reviews it.

 

Right now the way things are, if your "microsoft" account was banned on xbox, you might also lock yourself out of all your desktop and laptop computers. Bitlocker only guarantees you never see your data again.

 

But you don't  even need bitlocker to lock yourself out. NTFS will lock you out of files on your own machine, and the only fix to that is to wrestle the "admin" credentials to the machine and do the equivalent of a "chown" on every single directory or file that was created under the previous account. Huge pain.

 

Even removing an old windows install, becomes immensely painful. You end up having to reformat those drives because there is no way to remove a Windows Install under Windows.

[jagdtigger]

5 hours ago, Kisai said:

Bitlocker enabled should not be automatic for home users unless they have explicitly opted into the Microsoft Account to back up the keys.

That would defeat the purpose of encryption, what you want to back up is your data locally. Not to share the encryption key with a company who did enough things to deserve user distrust....