[IntelMiner]

I always roll my eyes when people sneer at the "forced" hardware upgrade Windows 11 requires. Even when I patiently explain to them what it's for

The entire point of the mandated minimum requirements was hardware that had silicon level mitigation support for Meltdown and Spectre type attacks. Something that impacted both AMD and Intel CPU's and still has new variants popping up (we're on what, Spectre v4 by now?)

The only way to truly mitigate these issues (other than undoing 30 years of CPU advancement) was an entire top-to-bottom set of mitigations. From the silicon up through the operating system and even applications such as browsers

[throwaway0x7E6]

and I always roll my eyes when knowledgeable people pretend that Meltdown/Spectre/etc are a grave concern for consumer machines.

I roll my eyes even further back when knowledgeable people pretend to not understand that the endgame for TPM/Pluton/etc is DRM, censorship and privacy violations.

[selfhoster11]

Do you know why people sneer at such forced hardware upgrades? Because, as others have pointed out, mitigating security vulnerabilities is seen as merely the narrative.

Forcing hardware obsoletion in favour of those "hardened" platforms has two benefits, as far as certain groups of interest are concerned:

- turning existing machines into ewaste, so people buy new machines, so the money making wheels keep turning for hardware manufacturers

- normalising stronger "trusted computing" (in the Plutonium/DRM sense) capabilities, which is of course a concern for a number of groups interested in controlling what will be running on your machine.

Make no mistake, it appears that Doctorow's article on the war on general purpose computers is becoming more and more compelling as the time goes on. Some of us see forced obsolescence of older machines with weaker "security" norms as a part of that fight - on the side of the enemy.

IMO, undoing/re-thinking the last 30 years of CPU progress might just be the thing we need. We need to re-examine our foundations and fix them.

[mavhc]

No it's not, no one not running a shared cloud service cares about such things.

Why doesn't Microsoft explain exactly why they require new CPUs, what in TPM 2.0 they're using that's not in 1.2, etc.

[selfhoster11]

Except that most machines have arbitrary remote code execution via JavaScript in browser. I don't know how easily that can be exploited, but I wouldn't be surprised if ignoring the potential of this happening would bite us in the backside at some point.

[mavhc]

If that was why, they should say that, they don't

[cowtools]

Windows users have been conditioned into thinking it's acceptable to install invasive, malicious closed-source software. Hardware vulnerabilities are the least of their issues. The windows security model has been completely broken from the start.

[9dev]

There is nothing inherently „broken“ about the security design.

Do you even realise how diluted this sounds? I’m all for watching corporations closely, but the tale you’re telling is simply wrong, and I hope you know that, even if it sure is tempting that you might know better than the rest of the world…

[EUROCARE]

Do you know better than Microsoft itself? Is it not true that Microsoft is tracking your movement across the OS? Is it not true that Microsoft tracks what apps you are running? Is it not true that Microsoft tracks every movement your MS account does? They admit they're doing it - what's your answer to that?

[9dev]

What you’re talking about isn’t the foundational security model of the operating system, but telemetry and tracking systems built into it.

I’m very much opposed to those too, but comparing them to the security model is apples vs. oranges. All I’ve seen so far, is that telemetry doesn’t open up any glaring holes in the security model of the operating system, but I’d be interested if you have any proof of that.

[EUROCARE]

The telemetry is built right into the security model of the OS - thus the security model is broken. OS that betrays me by telling someone what I'm running is insecure.