Posts by DCdave 121 publicly visible posts • joined 29 Jan 2018
[quote]
1. If they're keeping the LTSC version updated anyway, is it really that much more work (if any) just to keep regular Windows 10 installations updated too? I mean they're writing the software, aren't they?
[/quote]
Yes and no. Windows 10 general availability is 22H2, Windows 10 LTSC is 21H2. Admittedly that is the same code base as Server 2022, but of course one is a client OS and the other a server OS.
Yeah, me too, for a recent private laptop that isn't supported by Windows 11. MS even say it's only $30 for year 1 for individuals or Windows Home users, which hopefully also covers Windows Professional in my case. But then it doubles the following two years.
https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates
Failing that probably 0patch at €25/year. May even be the better option.
Both are better than a new laptop.
Looking at most of the OS we have (and crucially the servers), they pretty much only support these cryptography standards, and half of them are scheduled to be still in support well after that date, so a standoff between vendor and regulators seems pre-programmed.
Granted that the servicing stack itself is not really relevant to a problematic specific issue like an LSASS memory leak, but Microsoft nonetheless officially recommend using DISM to uninstall cumulative patches:
[Quote]
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
[/Quote]
Just because you're using a browser on a server doesn't mean you're browsing the internet, which certainly isn't recommended - indeed in our organisation it is actively prevented.
However, apart from Edge Chromium being part of Server 2022, there are all manner of applications these days that require administration via browser - even to administrate services running on the local machine, so it's not as simple as saying "no browser" in every environment. If your browser is not working, your app might not be working either, which is a problem, and is very much the downside of cumulative patches.
"There's a reasonable rationale for most of those minimum requirements and junking backward compatibility. The CPU threshold seems to be around memory security controls that could be enabled on older machines, but would incur a significant performance penalty, and I can see why MS wouldn't go down that route. It is possible to load WIn 11 on just about any machine by circumventing the hardware checks, albeit missing out on some of the specific security improvements, if people want to do that MS have not stopped them. "
All true, but there are plenty of not very old machines that were supported all througout pre-release, yet disappeared from the release version. My private laptop is among them and whilst I have no wish to "upgrade" to Windows 11, that increasingly becomes a problem as Windows 10 EOL draws near. Even if I can and will apply the workarounds to be able to install Windows 11, it remains at Microsoft's whim to allow those workarounds to be in place. That's not a good place to be, and should have been avoided.
Something wrong with your Windows implementation if it's taking that long and needing multiple restarts.
All current Windows OS have cumulative updates, thus taking care of supersedence, and the servicing stack embedded in the cumulative update so no separate reboot is required. Typically the only other required update would be for .NET framework, which can install alongside the OS patch and does not need a separate reboot.
It does look like metal in the photos, however reports state that it was seen floating in the shallows and was dragged out of the water by a 4x4. People on the scene described it being made of something like carbon fibre or a lightweight resin (which doesn't sound very substantial for part of a space vehicle).
As anyone in Germany who lives at an address with especially a 7 in and receives letters from English-speaking countries will testify. German posties tend to interpret the un-crossed 7 as a 1.
On a related matter, it does make me wonder that Germans manage to cope with computer and print typefaces that do not have crossed 7s and heavily-seriphed 1s when they apparently cannot for handwriting.
Rename Active Directory as Active Directory Classic, or Classic Active Directory, and keep Azure Active Directory as it is. I've already forgotten what they want to rename AAD as. Something like Entrada*
Which, on double-checking, probably isn't what they want.
"Critics also claim that the water and dust resistance consumers have come to assume will be present in their mobiles will be hit hard – a sealed unit isn't just a deterrent for techies after all."
Dust resistance was a myth, at least on the Galaxy S21 5G. It couldn't be charged via cable and when taken to Samsung, the techie was less than suprised and cleaned out all the gunk that was statically attracted, saying it was hard to do at home without the proper kit, advising using a rubber plug in the charging port in future. Never needed that on predecessor models though.
...but from experience it leads to hiding insecure things from people responsible for making sure they are secure. How to report on something that is hidden from you?
In the middle of an incident the last thing you need is to find that some little-used access rights that you have for good reason have in the meantime been silently removed and you don't even know who you need to speak to to get them back.
Yes, opt-in seems to have an increasing tendency to 'default' to opted-in (whether by tick box or by simply ignoring your choice), thus making it actually an illegal opt-out. Allegedly, of course, and I'm sure it's entirely accidental.
As an aside, having your own domain and registering with every company with a separate email address (actually a forwarding address) <company name>@<your domain> is remarkably effective in controlling miscreants who abuse email in some way or another, although it is more effort to set up each time. You get to know the culprit and to delete the forwarding address.
Steps 1 & 2 are automated here, step 3 is autopilot.
Addendum based on November patches:
4. Wake up and find lots and lots of things broken and people screaming. Marvel that no-one invoked on-call.
5. Spend the next week with Microsoft trying to fix everything.
Lots of admins on here defending Spamhaus and saying it's easy to get off the lists, and as a sysadmin (but not responsible for email) I understand that, however as a user I have very much been collateral damage as a result of a single one of my email provider's servers being put on their list due to relatively spurious reasons.
I will not forget the arrogant and unhelpful attitude of Spamhaus at the time. They just did not care about collateral damage and there wasn't a thing I could do about it.
Of course, the problem was made immeasurably worse by my Dad's email provider mostly not sending a bounce, or occasionally sending one after 48 hours.
Either way, absolutely nightmare of a problem to troubleshoot as an end user, the problem effectively manifested itself as "random" depending on where my provider's load balancer directed me - to the flagged server, my mail wouldn't get through, or to an unflagged server and my mail would get through.
I don't know how the problem was eventually resolved, but it was months later, well after I had started using another provider just to keep in touch with my Dad.
I had a very similar experience with my Philips Streamium. I continued to use it for streaming on my home network for a while, before consigning it to history, and learning a lesson about devices that require a service to function, as well as the companies that provide that service.
Hmm, not so sure about that, really. It's newer, but it has some compromises due to portability. If you're setting up a new environment from scratch, then maybe go for it. If you've got a mature environment with lots of scripts then you're likely going to need and want to keep using 5.1.
Also, just using 7.2 isn't enough anyway, you do actually need to disable 5.1 in some way, at least for remote access, otherwise all you're doing is stopping using 5.1 and leaving it open for anyone who wants to use it.
This one took a little too long though. Patches issued on Tuesday, tested, no problems seen in our environment, updates pushed to next test machines over the weekend. Discover on Monday there's an out-of-band patch that compromises your testing strategy, even if no adverse affects were actually seen.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
