Computer talk OS Windows Linux MAC

has anyone in this thread used macOS before? I can whole heartedly say it's better.. except the fact it doesn't support 32bit apps

Well Linux is the one that has problems with Secure Boot....


Whatever Secure Boot is, lol.


I have never encrypted a computer in the [redacted] decades I have been using computers.

I refuse to use a Microsoft login, only local accounts, so to encrypt I would have to use Bitlocker. I think losing the key is more likely than someone breaking into my apartment and stealing my heavy mid tower PC and carrying it down the stairs past anyone watching in my open air garden apartment complex. We don't even have porch pirates here. I would also have to find someplace safe to keep the recovery key.

With MFA, there isn't much someone could do even with access to my logins. And of course if it was stolen I would know about it and change all important passwords from my phone anyway.

Encryption might make perfect sense for other people but for me it always seemed riskier than non-encryption. I don't know that much about it but I suspect it is a real pain if the Windows or boot partitions get corrupted and you are trying to do data recovery from another boot source like a thumb drive or CD. I don't want to be locked out of my own stuff. I also have to imagine it impacts performance. But I admit I don't know much about it.

I used Macs for 16 years, until I switched to building PCs because of the gaming situation.

Macs basically did everything better and did it first. Macs had higher resolution, mice, WYSIWYG word processing/desktop publishing and laser printing, better games, and better graphics - everybody doing photo and video editing was using Photoshop and other apps on Macs, I used Photoshop 1.0 in the 1980s on a Mac. Apple dominated Hollywood. Microsoft's stuff was decidedly inferior. DOS was a horrible joke in comparison and Windows 3.11 was a pathetic copy of MacOS.

I remember the DOS wars, all the haters piling on Mac users. It was amusing to see all those people eventually slink away into obscurity when Windows took over the PC platform from DOS. I guess some went to Linux since they seemed to love command lines and having to look up commands instead of just using a GUI. But most moved to saying "Windows is better than Mac!" instead of "DOS is better than Mac!" and embraced GUIs without admitting they were wrong about command lines. I have noticed a lot of the same people say "Android is better than iPhone!" (and often eventually switch due to iPhone's vastly superior privacy and security).

Since then, Windows has caught up and you actually get better PC hardware than Mac hardware for the same money due to the commoditization of hardware. This was all basically a theft from IBM, which had made a terrible mistake in outsourcing (for the first and only time) an operating system for one of its platforms. (Franklin Computer tried to make an Apple II clone but were quickly shut down by a lawsuit.) Microsoft also engaged in anti-competitive behavior, bought up every company that made something better than Microsoft did for its platform, etc. Microsoft is a loathesome company but if you are a gamer, or have to use hardware compatible with work, it is hard to avoid it. Apple doesn't try to compete in the enterprise sector and has no equivalent to Active Directory for user management across networks, group policies etc. The average Windows user in the workplace has no idea the reason their organization uses Windows is because of Active Directory, a technology most of them have never heard of, not for any other reason. AD is the real key to Microsoft's monopoly.

When Steve Jobs came back to Apple from NeXT, MacOS changed completely under the hood, from its original form to a nice GUI running on top of a flavor of Unix, making it far faster and more secure than any flavor of bloatware Windows. Macs are proof it can be done, making an easy to use computer using *nix, with hardware working effortlessly and the command line virtually never having to be used or even seen by the average user, but it's there for power users who want it. Macs are why I am always in such disbelief that the Linux community can't get its act together and make the equivalent of a free MacOS running on PC commodity hardware, and instead keeps splintering into more and more distros, each with no guarantee it will be maintained into the future. The Linux community's spirit of "anyone can make a fork, it's free" dooms it to always being the equivalent of a thousand tiny countries instead of a superpower.

Gaming on computers used to be a fringe activity but it no longer is, it's very widespread. For a long time now there has been a chicken-and-egg problem where developers don't want to make games for platforms with tiny numbers of users, and users don't want to buy computers that have no real game selection. But technology exists now as Steam Proton shows that allows one platform to run another's games. I think Apple is missing a huge opportunity here, given how many people would switch to Mac in a heartbeat if only most Steam games would easily work on it. Recall, OneDrive, ads in the OS, the forced upgrades, everyone is sick of Microsoft and Windows and would love to switch. Apple could become a serious player in the home PC market again. But they seem laser focused on phones and tablets so I don't foresee the situation changing anytime soon, unfortunately. I would love it if Apple solved the problems and got Windows games to run on MacOS with no user effort required - my next comp would be a Mac for sure.

chuft Many people take for granted that their phones are encrypted. This is why you can carry your phone on you 24/7 without worrying about being the victim of extensive fraud if you lose it or have it stolen. My laptop is similar in the sense that I leave the house with it, so I keep it encrypted. If your threat model requires an attacker to break into your house and you think that's unlikely then it sound like not encrypting is the right choice.

Do you use MFA every time you login to something from your PC? The only thing that requires MFA on my own devices is PayPal. A lot of MFA stuff authenticates to my Gmail, which is continuously logged in on my computers. I also occasionally use a VPN and most sites don't automatically require MFA when accessed from an unusual location, so I wouldn't count on that.

I'd never considered the performance hit. The hit comes from your CPU having to perform calculations as the data is written/read, but even on my 8 year old budget laptop I can open a 25GB video file instantly and scroll through it seamlessly (I don't know why my rip of Ghost in the Shell is that big). If there is a difference it's not perceptible to me. Maybe if you're gaming and the game has a lot of big scene loads, but I can't speak to that.

As far as forgetting the password, I have lost data before. When I first started learning about encryption I made some encrypted partitions in Windows, and when I tried to access them again months later I had no clue how to get in. But since my laptop needs to be decrypted to boot I use the password nearly every day. There's no advantage to using separate passwords among devices, so all your backup/external drives should use the same one. Short of having a stroke or traumatic brain injury forgetting won't be a problem, and since losing those first two encrypted partitions I haven't lost any data in almost ten years.

Data recovery could be more complicated. If the part of your drive that gets corrupted contains the decryption key then there's nothing you can do.

16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now



https://www.forbes.com/sites/daveywi...nge-yours-now/

https://www.techradar.com/pro/websit...-if-youre-safe

Fair enough. I never thought about my phone being encrypted, didn't know it was lol. But it makes sense.


The more important the site the more likely I am to use MFA for it. I have been lazy about turning it on for my bank, since my money is guaranteed by the FDIC and banks don't tend to just let anybody use direct withdrawal - think about it, your routing number and account number are printed on every check. If you could just use them to siphon money out of accounts no bank account would be safe. My bank is also local so I could just walk in and tell them there was a problem and reset things in person. But I probably should turn it on for that. They didn't use to offer it but I noticed recently they are offering it via authenticator app.

The best MFA is an authenticator app on your phone, the second best is a phone text, and the third best is email or a Yubikey, both of which are subject to being physically stolen as you noted. I use a Yubikey a lot at work but I tend to leave it in my office since I am in a secured building. Although to access your email in a live fashion for authentication, I think they would need to actually log in to your computer, and of course mine has an admin password in Windows they wouldn't know. If they stole the machine they would have to unplug it and I don't think any running programs would still be running after that even if they plugged it in and tried some weird workarounds like trying the service login and then examining the disk from a third party OS to look for the resulting email before the 15 minutes was up. I tend to use phone texts for most MFA. In theory they are not secure, but if you look into the scenarios and what is required to try to access a phone text sent to someone else, they are not realistic and unlikely to be used by some thugs forcing open my apartment door.



The password is not the recovery key. The password hash lets the system use the encryption/decryption keys. If the hardware changes - the CPU dies or you replace it for some other reason like an upgrade, or a thief removes your drives to examine in another system they can log into - the password will not work. To get access to the data back you need to use the recovery key which is a 48 digit number (in Bitlocker) that needs to be kept someplace secure and away from the computer. There is a similar recovery key for Windows automatic encryption (which requires logging into the machine using a Microsoft account) and that is kept on a Microsoft server (or "the cloud" as people annoyingly call it using salesman hype jargon). So to recover the data if there was a hardware change all you need to do is log into your Microsoft account and access it that way (somehow, might have to be from a different machine).

When you say "the password" I am not sure if you are referring to a hardware BIOS password or the Windows account password or a Linux account password. Hardware BIOS passwords are pretty worthless because a thief could reset it by removing the CMOS battery. A Windows account password would be good for automatic encryption but that requires having the comp use a Microsoft account for login, and expose you to Microsoft enabling OneDrive when you least expect it, hoovering up all your data and uploading it to their "cloud" for their AIs to train on, I refuse to do that. If you are talking some Linux encryption system password similar to Bitlocker, then yeah you better have the recovery key stored somewhere in case there is a hardware failure/change. There should be (in a GUI anyway) a place to export and back up the recovery key in your encryption control panel.

Macs are better for productivity, albeit there's only so many things you can customize and mod with it. Windows is better for that. And gaming. And it supports old apps.

The only you can run Windows apps on a Mac is either a virtual machine or Wine (which barely works).

People also seem to say without Linux there would be no macOS. I think that's a load of garbage!

Also, I don't use an iPhone and I'm not planning to. Android works just fine.

This is fairly off topic but the Samsung Galaxy NX camera has Android built into it. Pretty interesting.

I always snicker when I see headlines like that. There can't be a "leak" or "breach" of Apple passwords because Apple does not store passwords, just hashes of them, or the encrypted keychain. There's nothing to leak. Apple passwords are stored locally in the keychain on the device. They have some magic proprietary way of syncing keychains between your Apple devices without storing the plaintext passwords on their servers, I think they are encrypted on one device and decrypted on the other, Apple can't see what they are during transmission or storage.

All that dump is, is a bunch of data that some black hats have collected over the years using keyloggers and such via malware on people's computers. That is what they mean by "infostealers." They did not break into Apple, Google, or any other service.

Android is insecure, the Google Play Store is not seriously vetted like the Apple App Store is, and unless you use a Google phone (Pixel), usually way behind in security updates. Nobody who takes security seriously uses Android. I work with some network and system admin guys who used to be anti-Apple until they learned more about security and they all switched to iPhones. Android is improving, in areas like end to end encryption for texts which Apple has always had, but overall still lags behind.


Unix is a proprietary operating system from AT&T's Bell Labs the 1970s that was pretty groundbreaking and was programmed in the new C programming language, a high level language allowing it to be compiled using local compilers and thus hardware independent. Several proprietary flavors of it eventually emerged, BSD Unix from UC Berkeley, SunOS/Solaris from Sun/Oracle, Xenix from Microsoft (which I have some experience with, on old TRS-80 servers from Tandy Corp), AIX from IBM and so on. It tends to be used on mainframes and in the past minicomputers (which had 25 terminals or so).

I learned to program on a PDP-11/44 minicomputer from Digital Equipment Corp (DEC) which ran RSTS/E 7.0 and Basic-Plus, but they had other later minicomputers like VAX which ran BSD Unix. There are other weird OS's used on mainframes as well, IBM System Z and so on, mainframes are sort of a different world, because a lot of mainframe systems are really old.


NeXTSTEP was a proprietary Unix used on NeXT computers, Steve Jobs' company during his exile from Apple. He used this as the basis for the new Unix-based MacOS (another proprietary flavor of Unix) when he returned to Apple and overhauled things including MacOS itself, which originally used a totally different operating system architecture programmed in Pascal (ugh) called Classic MacOS. Most of my Mac experience was with Classic MacOS, but in work settings I have used the newer Unix based MacOS. And yes Macs, both classic and modern, have always been infamous for every major system version breaking all or almost all games written for previous versions. Backwards compatibility has never been a MacOS strength. Every time I got a new Mac I basically had to toss my old software library. This seems to be happening more and more now on Windows, it didn't use to, I had no problems playing games from Windows 95 days on say Windows 7, but now it seems a lot of games don't run on newer versions. Homeworld 2 comes to mind and that's from 2003, not that old compared to say Fallout (1) or Baldur's Gate from the 1990's.


Linux is a non-proprietary, free, open source Unix clone written from scratch so as not to violate any Unix copyrights, in an almost unbelievable act of nerdery by Linus Torvalds (who wrote the kernel) and many others. It has nothing to do with MacOS. Its main use is for servers, where it's very popular since it is free, corporations are cheap, and servers do not require anything resembling a friendly user interface. It has a tiny percentage of the PC market, used by hobbyists who like to do things to, rather than with, their computers in attempts to get and keep them working and doing sophisticated tasks like printing a document or getting a graphics card to work.

MacOS in its current form shows what a Unix based system should look like when the emphasis is on being user friendly and having everything (like hardware) just work.

I'd never heard of that. I did a little reading and it sound like a feature of BitLocker, not something inherent to disk encryption.

When I encrypt a drive a Data Encryption Key (DEK) is randomly generated and stored on the drive itself. When I write data to the drive it is "tumbled" through the DEK, and when I want to read that data again it's unscrambled by running it back through the DEK. The DEK itself is encrypted by a Key Encryption Key (KEK). This is what my password is for. When I type in my password it's run through a Key Derivation Function (a bit of software) and the result is the KEK which decrypts the DEK.

That's it. Hardware doesn't come into play at all. I can pull my encrypted OS drive out of my laptop and boot it from my desktop, or I can view the contents of it from another operating system as long as I enter the password.

BitLocker seems to have a feature that, in addition to the key derived from your password, requires a key either stored on or derived from your hardware. I didn't read into it at all, so I don't know how it works. I can imagine how it would be beneficial for a corporation that manages thousands of computers: if one of your employees uses a weak password that can be brute forced in 5 minutes then an attacker with access to the drives alone still couldn't read the data. It's completely unnecessary if you use a strong password, though.

When I say "password/passphrase" I'm talking about a password which is run through the Key Derivation Function and results in a key which is used to decrypted the Data Encryption Key and thus read the encrypted data on a drive.

When I said "for those who don't know, having a password on your home screen is not the same as having encryption" what I meant was that if your drives aren't encrypted none of this is taking place. You said you've never used encryption on your computers, but presumably you still have to enter a password on your homescreen to get to your desktop? This password is a nice little block to keep nosy people from looking through your search history while you're in the bathroom, but it has nothing to do with encryption. Someone with access to your drives could plug them in to any other computer and read plaintext data off them - all your files, saved passwords, stored credit cards, etc...

Was about to start the Win11 install and driver updates etc and it began thundering. Looks like there will be off and on rain all day and night. I just dragged my other UPS out of the bedroom and will use it once it looks clearer. This little Back-Ups 425 UPS wouldn't keep the system up for long but my main concern is power flickers not outage.

To add on to my post above, this is a case study of why I, as a not very tech-savy person, prefer Linux Mint to Windows.

If I encrypt a drive with Linux it works exactly how I would expect. I create a password and I can use that password to decrypt that drive for ever and always. Windows is catering to the lowest common denominator by involving hardware to help protect people with weak passwords. Ironically it makes things much more complicated (requiring you to understand that if your hardware changes you will be locked out and thus forcing you to create and store a recovery key, which is itself subject to being lost or damaged). Then they provide a solution to that complication ("create a Microsoft account and leave all that headache to us") which is easy and most people will go for but which costs your privacy (One Drive, etc).

Windows doesn't trust their users to update (thus forced updates) or use strong passwords (thus the above), and the same philosophy pervades many aspects of the user experience resulting in a janky and weirdly complicated mess. Linux Mint isn't catering to the lowest common denominator, and the user experience feels much more logical and comfortable to me.

I claim no experience in using encryption software, as I said before. (I have experience writing encryption/decryption software, which relies on the XOR logical bit operator, to learn the principles.) Bitlocker seems designed particularly for scenarios where the computer is off and someone has physical access to your device and is trying to break in using a variety of hardware based boot bypass attacks or by removing the drive and putting it into another device for analysis. It is tied in with the TPM and Secure Boot. I don't think it requires entry of a key on a day to day basis, that is stored in the TPM, it is basically transparent to the user unless there is a hardware or BIOS change.

You haven't said the name of the encryption software you are using so it is hard to compare pros and cons of their approaches. Presumably there is a reason Bitlocker utilizes the TPM security hardware and not just stuff stored on the disk itself.

But at what point are you prompted for this password, and how often? If the entire disk is encrypted I would think you could not boot to it without entering it during the boot up process somehow.

Usually there are two "log in" type passwords, one is the BIOS password, without which you can't do anything even in BIOS, but which can be defeated by clearing CMOS, and the other is the OS account password. I use an OS account password to log in/unlock the computer just so the maintenance people can't access my comp if they come in here while I am away. It is for the sole, admin account that I use for Windows. I don't bother with a BIOS password, I see no need for it and it wouldn't do much good if someone stole the computer since they could clear the BIOS and reset it.

I suspect the main point of Bitlocker is that you can log into Windows and have automatic encryption without having to enter some hairy decryption key every time, because it's kept in the TPM, and if someone messes with or tries to bypass the hardware boot stuff, TPM and SecureBoot will detect it and not allow decryption to proceed. If they are wiped by a BIOS flashback or something then the key is lost and without the recovery key the attacker is again at a dead end.

The automatic encryption you get from Windows Home as I said relies on a recovery key kept on their servers because Windows Home requires logging into a Microsoft account to even log into the computer, you can't use a local account like you can with Windows Pro (what I use). I think this encryption is Bitlocker, Microsoft is just managing the recovery key for you via your Microsoft account. If you use a local account to avoid OneDrive snooping/data theft by Microsoft, then you have to manage the recovery key yourself. Again the main point is the recovery key is only used if there is something that the system thinks is suspicious and it loses/discards the key kept in the TPM.

For encryption to really work I think you would also have to encrypt any backup devices as well, it just sounds like a pain in the rear to me with the possibility of data loss. I think a laptop is much more likely to be stolen than a tower so it makes more sense there.

Well it won't accept my Win7 Pro key. Apparently they stopped doing that a few years ago. Got bad information from people at work (not the first time). What a nuisance (and expense).