|
|
So back in August there was a flurry of activity around this subject. In the time since, we have seen MS capitulate on the hardware requirement, now stating that your incompatible hardware ‘may’ not receive updates in the future.
I am still undecided at this time – mostly because Microsoft has pissed me off one too many times and I have lost faith in them. They are liars. They are unfaithful. They are drive by greed and are insecure as to what they stand for.
These traits do not contribute to a supportive foundation – whatever they build today will fall tomorrow as they have no belief in their own work. Windows 11 is the best evidence of these statements as possible.
Additionally, it appears that Windows 10 will in fact get updates for quite some time – MS is offering paid support for at least 3 years, and as we can see with their continued support of Windows 7 in 2023, they likely will continue to release critical patches for years to come.
0Patch has already publicly stated that they will offer patches for Windows 10 until at least 2030.
On top of all of this, I am unsure as to why anyone needs to patch anything anyway. Perhaps browsers, when critical faults are addressed, but at a OS level I have serious questions as to why one should update at all. With a basic firewall and trusted local users, some common sense regarding what you click on and download, I fail to see the need for updating. In fact with as rushed and haphazard as Microsoft’s updates are, applying updates immediately after release is a foolhardy practice and not recommended by most industry pros.
I have several Windows 10 systems on my home network that do not receive updates (for years now) and they are just fine.
The article linked below has some smart comments, I’ll post a few of the links suggested within, but give it a read.
Source: Windows 10 Support ends in exactly 1 year – here are your options – gHacks Tech News
https://www.0patch.com/pricing.html
https://massgrave.dev/
https://quad9.net/
https://safing.io/features/
If you have the means, then by all means block these 241 file extensions from your incoming email. I have provided both a flat text file of the extensions and a formatted text file for Barracuda Email Gateway Defense. Once you bulk add, you can easily remove any specific extensions you want to allow through.
file extensions to block
barracuda file extensions to block
SDR is the new HAM, and here is a great way to get deep into it.
Source: Pi-Pico RX – Breadboard Version — 101 Things 0.1 documentation
http://www.darlingtoninn.com/
Not nearly enough Transylvanian-Hungarian restaurants out there – and this one is kinda close!
At a certain age, one falls for trains again.
Source: HawkinsRails – Amtrak’s Pennsylvanian
Guitar Pedal Sim now free
Source: Download – Tonocracy
Source: MS-DOS Starter Pack – PHILSCOMPUTERLAB.COM
It seems I’m forever putting together a DOS rig… One of these days I’ll get around to finishing this project, till then… links!
https://www.retro-exo.com/exodos.html and
https://www.retro-exo.com/index2.html
https://dosbox-x.com/
A open application dashboard for linux.. allows for realtime updates directly from the apps being monitored.
Source: Heimdall Application Dashboard
In my continuing series of Microsoft can eat a bag of Dicks, here is how to disable required password changes due to expiration.
For disabling password expiration, execute this in a elevated command prompt:
wmic UserAccount where Name=”username” set PasswordExpires=False
In order to use Iperium Backup with Vmware’s esxi environment, you need to enable Change Block Tracking.
In vmware esxi, edit settings -> VM Options -> Advanced -> Configuration Paramaters, Edit Configuration and add:
ctkEnabled = “TRUE”
scsi0:0.ctkEnabled = “TRUE”
The option ctkEnabled = “TRUE” is a VMX option which controls the general CBT configuration for the virtual machine. To disable CBT for the complete VM, set the value to False to disable CBT. This setting is stored in the Virtual Machines configuration file ,vmx in the VM folder. For more information, see Changed Block Tracking (CBT) on virtual machines (1020128). For each virtual disk fo the VM, there are additional options named scsix:x.ctkEnabled = “TRUE”. To disable CBT on individually on eac
Source: Changed Block Tracking (CBT) on virtual machines (1020128)
I present for your enjoyment the hoops one must alight through to work with Windows 8 in 2024.
Sideloading Windows 8 Applications
https://archive.org/details/Win8AppxArchive
How to install metro apps on windows 8.1 using wsappbak
byu/randomusername12308 inwindows8
–>
Open PowerShell. Get a Windows developer registration using this command:
Show-WindowsDeveloperLicenseRegistration
If it doesn’t work the first time, try a few more times. If everything stops working after a certain amount of time, you will need to run this command again to renew the license. If you have the Enterprise edition, you will not need to do this.
After that, install the app using
Add-AppxPackage *name*.appx/appxbundle
The app is now installed, but you may notice that if you launch it, it won’t work. What you need to do is to go to C:\Program Files\WindowsApps. This directory is hidden by default, so you might need to type the path out or show hidden files. You won’t be granted access at first, so you should change ownership of the folder to your account.
After that, find the folder where the app resides and copy it’s path. If WSAppbak is in the same place as your appx file, delete the appx. Start WSAppbak and paste the folder path into the command prompt. After it has finished, you will find a .cer. Install it to the local machine > trusted root certificates. Delete the app. Install the newly generated appx.
Add-AppxPackage *name*.appx/appxbundle
when I typed it throws an error(the ”name” already replaced with the app package directory
No, you need to install the appx using PowerShell, then type the installed app’s directory into WSAppBak.
I got an error while trying to install the .appx
add-appxpackage : Deployment failed with HRESULT: 0x800B0109, A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
error 0x800B0109: The root certificate of the signature in the app package or bundle must be trusted.
Is there anything I’m doing wrong?
Edit: i didnt store it in the Trusted Root Certification Authorities, found my problem. My other problem is that the app cannot open.
Edit 2: It actually worked for Fresh paint. Woohoo! however i had to struggle with some flickers, i didnt have to restart but had to lock my pc once to get it to stop flickering. and after some time, it worked.
Edit 3: Anytime the app is fullscreen, it kept flickering. maybe it might be my display driver or adapter
Edit 4: starting the app after a few seconds crashes the app
didnt store it in the Trusted Root Certification Authorities, found my problem. My other problem is that the app cannot open.
If the app doesn’t open just unpack the appx in any location, delete the signature file and use add-appxpackage -path appxmanifest.xml -register Remember that removing the folder will not uninstall the app but leave it broken in your apps screen, you can delete it by right clicking it and selecting uninstall
As part of cutting cableTV we have been using Windows Sandbox a lot. I never really looked into configuring Sandbox much as I had used Sandboxie in the past and it is super configurable. Sandboxie is starting to show it’s age, and Windows Sandbox is still here so…
Here is a MS Support page going over how to configure Sandbox – turns out there is quite a bit one can do with it!
Windows Sandbox configuration – Windows Security Microsoft Learn
A post for my business brethren, or anyone with a firewall on their network (which, really, please consider!).
Microsoft is at war with my company. They forcibly introduce internet sites that have nothing to do with my business to my users, limiting the productivity of my employees and exposing my network to potentially compromised websites with the only purpose of creating additional profit for them.
What started with easing their financial burden of hosting Windows Updates (Delivery Optimization) – but in reality was a strong-armed attempt to get me to pay for the electricity and bandwidth required to deliver updates to unknown parties the world over – has turned into paid advertisements being foisted upon my users on a continual basis. And here we thought forcing Candy Crush on us was bad, now they are pushing (likely) un-vetted websites on our systems constantly. Attempting to subvert any web content controls we may have in place to create profit (for them) at the cost of productivity (for us).
Not to mention the security nightmare that they have created by pushing these sites into our networks.
I continually look for a replacement OS that actually cares about my business’s productivity. (PLEASE RED HAT, SAVE ME!) And have never considered Apple in a more positive light than I do currently. But as it is, I am stuck with over 100 Windows computers.
As such, I have taken to banning Microsoft sites in my firewall in order to restore a level of security and control back into my network. I will keep a running list of sites in this thread that I have found contribute to unnecessary exposure and risk. I put these sites into a DROP ALL rule that is at the top of my firewall security policies. Unfortunately MS actively fights back, so constant diligence is needed, but at least it is something.
Banning these IP’s/Sites will result in the “search highlights” presented when you click on Windows search bar, and the “weather” widget next to your clock no longer able to provide content (or at least it does on my network).
Please contribute any sites/addresses that you find as well.
204.79.197.203
*.aria.microsoft.com
*.azurefd.net
*.msedge.net
strict.bing.com
th.bing.com
Taste the Success!
|
Categories
Archives
Comments
|
