
Windows 11 25H2
Meh !!!
:)
Microsoft has confirmed that Windows 11 25H2 is almost here. However, the upgrade will be little more than an exercise in feature enablement since Windows 11 24H2 and 25H2 share the same source code. 25H2 became available to Windows Insiders at the end of last week and will be this year's annual feature update. Microsoft fans …
Tried it. A 3 quarter hour download/install with 3 or 4 reboots. Spent the time on my primary Linux machine! End result, nothing new, although I will say that the debloating of 24H2 was carried over to 25H2. Like moving from W10 to W11 was no benefit, W11 23H2 > 24H2 > 25H2 has no user benefit either. Same old, same old.
It's hard to work out what the real differences are. One that stands out to me is
Further Integration with Microsoft Services:
- Deeper integration with OneDrive, Teams, and other Microsoft 365 tools.
- More cloud-driven functionalities, such as cloud backups or storage options.
You can bet "storage" here means provided by Microsoft and nobody else.
So just trying to lock people in and generate even more revenue? Not much has changed then. Almost a non-story.
Then we go on to the cringeworthy
- Strengthening security features like Windows Defender, BitLocker, and AppGuard.
Presumably only for Pro users since Microsoft decided BitLocker wasn't necessary for Home users.
Having just migrated my partner to a new W11 Lenovo laptop I did find it very confusing as to whether any disk encryption was enabled by default on W11 home.
I thought BitLocker activated itself automatically but instead I found settings for "Device Encryption". MS don't seem very good at explaining exactly what it is or how it activates compared to BitLocker even on their own support pages: https://support.microsoft.com/en-us/windows/device-encryption-in-windows-cf7e2b6f-3e70-4882-9532-18633605b7df
My main concern is ensuring any auto-generated recovery key on the MS account is backed up where we can easily get to it, plus ensuring the encryption is disabled in the first place (until an update inevitably turns it back on).
Features like this are just an unncessary layer of complication for most users.
As I understand it, the encryption in the home version is Bitlocker but only works on the system drive, and only if signed in using a Microsoft account - and it stores the recovery key in the Microsoft account
Whereas on the other versions, even using a local account you can manually encrypt the system drive, and any other drives, and if the computer isn't signed in with a Microsoft account it will prompt you to save or print the recovery key.
The "manage-bde" command-line utility is your friend here, which I believe is available on Home editions of Windows.
"manage-bde -status" will tell you what's going on at the moment
"manage-bde c: -protectors -get" will print the recovery key to the console where upon you can copy-paste it into notepad to print it out
and "manage-bde c: -off" will get rid of it for good! This does take some time with no progress indication, so use "manage-bde -status" to monitor it.
Honestly, this is the exact reason Windows will never catch on for the desktop.
A user with a relatively simple request is pointed to open a command line (a completely unfamiliar interface) and type in commands. This just isn't what new users expect, and will put them off straight away.
Until Windows can be more polished & user friendly for beginners, it's just not going to get mainstream desktop adoption.
' ...will therefore be disappointed... '
Windows releases seem to be more about disappointment management than anything else these days. I expect there is a whole User Disappointment Management Department somewhere, subservient to the Complaints Division, naturally. Before Windows 12 can be released I'm expecting the Reduced Expectations Branch to join forces with the above but all the incompatibilities have to be ironed out first.
It also appears to have the ability to go into a reboot loop.
Possibly then decide to do the famed "Repair" function that then utterly trashes anything so you are pretty much left with the only option of rebuilding from scratch.
That now opens a new can of worms on whether data has been appropriately backed up and the software you use decides that you can install again on the same device without buying a new license of spending hours arguing with a bot (computerised, AI or human) that you really have had to install the OS again on the same device because it self-destructed.
Yes - it's been replaced with the Black Screen of Death...
This is like the (very) old joke about how many Microsoft programmers does it take to change a lightbulb? Answer: none as Bill Gates simply redefines darkness as the new standard!
Especially for features like Azure integration. I'm not sure why they installed it, none of my Windows servers have internet access... It would have been nice to have a Y/N prompt during boot, as it is, I'm removing the garbage as and when I have time.
My pc, that has literally been disconnected from the internet for YEARS, decided to "wake up", and is blasting me with "restart to install the newest micro$ features" prompt. I have heard it spinning and downloading in the middle of the night. It's NOT even connected to the wifi! I swear the thing reached out and connected its self in the middle of the night! By brute force.
If it's connected to a network with other Windows machines that are able to reach the internet, yes they do distribute updates that way. It's basically a CDN. Saves a lot of bandwidth for users as well as MS, allegedly. It can be turned off (Settings -> Windows Update -> Advanced options -> Delivery Optimisation)
So it is already a crock of shit, and that is without all this "enablement" shit. I wish it would concentrate on tools to allow you to remove all the bloat and unwanted crap and not have to check after each patch tuesday for
a) working machine
b) what shit Microsoft has reinstalled
c) what shit Microsoft has reenabled
I thought ALL versions of Windows shared a lot of the source code, which probably means that some skanky old stuff*, which no one at MS understands any more, lurks below the hood biding its time waiting for an opportunity to spring unwelcome surprises** on all and sundry.
* though probably not quite as skanky as the newer (AI-generated) stuff.
** don't worry, they'll release a patch*** in at least three months after denying it's an issue for a couple of weeks before finally admitting that it may be causing minor issues, though it's only affecting a small number of users****
*** which itself will need patching a month later as it broke printing documents on a Friday afternoon yet again
**** e.g. major outages and downtime for around 10% of the world
Yeah, you're not wrong there!
In January 2023, I got clobbered by the Windows Defender update that started removing icons and programs without warning! Lost more than a day as I had to reinstall Windows due to that total f@ck-up by Microsoft! I am now running in a more powerful Linux box upon which I've installed VirtualBox and a Win 10 guest (which I can clone for safety) for those programs that don't yet have a full Linux equivalent (oi, Affinity, I'm looking at YOU!)
VBS (virtualization based security) is mainly used to prevent "driver hijacking attacks" (also known as "Bring your own insecure driver" attacks). These security features depend on HVCI instructions. these have a theoretical performance impact of 0% to -40% with -15% to -30% in real world desktop applications.
To accelerate HVCI, so that the performance drop is 0% in all cases, one needs another feature set called MBEC*. Also, your drivers and software have too play nice with it (this has been a requiremnt since Win10 Aniversary update 1607 in Aug 2, 2016).
Currently all machines that shipped from the assembly line with Win11 have that turned on by default (as required by microsoft), while most machines that were upgraded from Win10 to Win11 have it off by default (to prevent driver snafus, while manufacturers updated their drivers to play nice with HVCI/MBEC).
If, for 25H2 MS turned this on by default for all machines, the whole Windows 11 ecosystem would be MUCH MORE secure. And, this would serve as preparation for making the support "MADATORY" in Win 11 26H2 (i.e. users getting the correct driver and/or replacing peripherals with drivers that still do not play nice with HVCI/MBEC)...
There is hope, one can dream....
* Present on Intel processors since the 7th gen and AMD processors since ZEN+
More info: https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/driver-compatibility-with-device-guard?source=recommendations
"The good or bad news (depending on your experience) is that having the same code base means that everything which worked on Windows 11 24H2 will continue working on Windows 11 25H2, and everything that didn't, won't."
Hmm, that might be over-optimistic. For example:
if (ProcessorHasAVX2)
{
if (AVX2CodePathIsFeatureEnabled)
{ UseAVX2FeatureAddedIn2022AndTurnedOffTillNow(); }
else { UseLegacyCodePath(); }
}
Just one example of how merely "enabling features" in the same source-code could wreak havoc while adhering to the letter of what the Microsoft spokesman said.
(Why, yes, I did stay up till ungodly o'clock bashing out WPF code and consequently have a brain buzzing with C# - how can you tell? Just be grateful that I didn't express my comment using XAML!)
Great a black screen of death instead of a blue screen of death.
Been happening already for the last several security updates.
Its called a crash, no BSOD, a crash, which then fucks up the windows component store, which itself could not be repaired.
So 25H2, you can stuff it MS
Sicck and tired of your BS OS
Time to move over to Linux me thinks
<< Time to move over to Linux me thinks >>
Done in 2020 just before the pandemic that is Windows 11. (You'd think Microsoft would go to Windows 13, to get away from W11, like they did by skipping Windows 9 to get further away from W8.x. Oh, wait - Windows 13 doesn't sound good! Just drop the number?)
There isn't really any point to the BSOD screen at all since Windows 8. It _used_ to be full of _USEFUL_ engineering data that could in fact be used by an engineer (take a photo with your phone and email me was a handy path) to diagnose quickly if 1) My product caused the crash at all 2) If my product did, did we already fix it and you couldn't be bothered to update 3) your server is sitting in a window in the middle of a heat wave (real thing that happens a lot is a late summer BSOD spike). Now I have to talk you through collecting a 8kb->128gb memory dump and somehow getting it to me to answer the same basic questions.
But since it got dumbed down so that it would look like a Mac, but not be a Mac.... pointless. Just f'ing reset the system and pray you didn't just load the 5th kernel content update of the day from Crowdstrike. As an aside, Crowdstrikes actual sin was _rapidly_ updating content in the kernel MULTIPLE times a day globally. Security products if they can defend you at all, can just as easily utterly screw your system up from user-mode just fine. A slower release cycle that involves actual testing, telemetry and phased deployment is the ONLY way to go. Insist on it from your security vendors. Moving to user mode is just a distraction.
… and you are the sysadmin, do yourself a favour and search GitHub for win11debloat
I use windows purely for a bit of PCVR gaming. Debloating win11 has made it STFU and removed/disabled a ton of cruft.
I’ve also permanently turned off updates for the foreseeable future to avoid further enshitification.
Linux PCVR is coming along slowly but surely, soon it’ll be good enough for me to finally purge my computer of windows.
What a sad mess Microsoft have created.
the other day (for various reasons) I created a universal Linux boot via USB [512G USB stick - damn!] that should work on any am d-64 compatible computer running 11 in which you can enable non-UEFI bootup via USB. Needed it for a demo and to clone the failing HD of a win7 box.
Was not hard. Used VirtualBox. You can assign a VBox virtual hard drive to point to a specific (unmounted) hard drive as long as you chmod it to 0666 first. THEN install Linux normally [I used latest Devuan with Mate desktop]. The [company owned] machine is for a particular device I'm working on but control SW needs to be either windows or Linux and the box is one o' those touchscreen "all embedded" things on a stand. So no hard drive swap-out.
AMI BIOS, had to press 'Del' a few times, then alter boot sequence. Still won't default to USB boot first, have to press F11...
Anyway - maybe a similar thing. SanDisk USB stick-drive was cheaper than expected. Could run wine on it. Just needs wifi drivers... (available, had not installed yet)
"Windows 11 25H2 is effectively Windows 11 24H2, with additional features that Microsoft can turn on via an enablement package"
The idea that MS can 'turn on' anything obviously fills me with dread going on past experience of Microsoft's 'helping hands'. But delighted to know that they spent (probably) a inordinate amount of resource to change the BSOD from blue to black.
Can I suggest you work on more practical things, after all you have an OS which I discovered the other day is unable to even format a USB drive?
I could do that in Windows 2000 more easily than W11. In fact that basic process was so borked it was quicker to fire up a Linux desktop somewhere else in the house to do it.
So, will I be able to uninstall or at least disable the re-installed crap that I have spent time deleting after the last update?
Better still I want to tell MS to permanently eff-off when they have "updates" until I read about one I need..
I really do not appreciate unwanted "updates" just because I have re-started my laptop.
Yes, I'm a grumpy old bastard who uses win11 at work because I have to.
Who needs Windows?
Gamers. Not one myself, but apparently that's a thing.
Home users. No idea why they are not equally well served by the many alternatives other than familiarity, which Microsoft seems determined to destroy.
PC Manufacturers. We'll come back to that.
Office workers. Well, there's a thing.
So far as I can tell enterprise apps are all online, or heading that way, and need only a web browser to act as a slightly less dumb terminal. Windows not required. This includes Microsoft Office, apparently. Meanwhile enterprise IT support teams are doing everything they can to make Windows entirely unusable as a general purpose computing platform by turning PCs into very slightly less dumb terminals for accessing a dwindling number of authorised apps delivered over the web.
Oh, and there's developers. Those of us working for corporates that have followed the script so far find that the locked down slightly less dumb terminals that IT are prepared to issue are wholly useless for software development.
Dear old office workers no longer deserve the choice and freedom from the high priests that the PC revolution originally brought. They might as well have dumb terminals again, albeit ones which can display pretty graphics.
At some point someone will doubtless realise that they can use their mobile phone to circumvent the priesthood, and we'll be back to the 1980s. PC makers would do well to abandon Microsoft and give us mobile phones with big screens, keyboards and mice.
-A.
Sigh.
I never wanted to be an apple fanboi… and I’m not really a Linux geek… but I’ve been pushed out of the M$ ecosystem by all this bullshittery.
A nice WiFi printer stopped working “because drivers” so I hooked up a pi with CUPS and it has been up for over a thousand days and even AirPrint works.
My work laptop runs about 75pc CPU utilisation with all the cr@pware they insist on having so got a little iPad and a keyboard and do most of my work on that now.
My win10 gaming PC was replaced with a steam deck..
Whilst I do still have a couple of beast i9/RTX4080 systems with windows they’re about to go Debian now I’ve got proton working well…
Etc.