Daily Archives: 2024-06-07

OpenSSH introduces options to penalize undesirable behavior

Source: Hacker News

Article note: Ooh! More ore less built in Fail2Ban with some sense of IP ranges. Not a magical security panacea, and with some attractive nuisance foot cannons, but given the fraction of automated attack traffic I see that comes from "specific providers and regions" you could get a _lot_ of mileage out of a pretty simple configuration, which is how all good tools work.
Posted in News | Leave a comment

Microsoft blocks Windows 11 workaround that enabled local accounts

Source: OSNews

Article note: The last couple times I've set up a Windows install that I didn't want coupled to an online account I've used a sophisticated process called "disconnecting it from the network until the install is complete." which will be really hard to disable without making air-gapped Windows machines impossible. (...and this is usually for verifying new hardware that ships with Windows before blowing it away to install something more useful.)

Before PC users can enjoy everything Windows 11 has on tap, they must first enter an e-mail address that’s linked to a Microsoft account. If you don’t have one, you’ll be asked to create one before you can start setting it up.

A frequently used trick to circumvent this block is a small but ingenious step. By entering a random e-mail address and password, which doesn’t exist and causes the link to fail, you end up directly with the creation of a local account and can thus avoid creating an official account with Microsoft.

↫ Laura Pippig at PCWorld

Microsoft has now “fixed” this trick, and it’s no longer possible to use it. The other popular method of circumventing the Microsoft account requirement, by opening the command prompt during installation and running OOBE\BYPASSNRO, still works, but one has to wonder how long it’s going to take before Microsoft plugs that method, too. It seems the company is hell-bent on getting every consumer onto the Microsoft Account train, come hell or high water, so I wouldn’t be surprised seeing local accounts eventually being positioned as a “pro” or even “enterprise” feature that will simply no longer be available on consumer PCs.

I don’t think there’s anything inherently wrong with offering an online account option, but the keyword here is option. You should always be able to set up any computer to run with a regular old local account, even if only because internet access isn’t always a given in many places around the world. Add the obvious privacy concerns to that – an issue amplified by Recall – and I doubt users’ desire to run a local account and jump through hoops to do so will fade any time soon.

Posted in News | Leave a comment