sylver_dragon

Stopping Windows from running, probably not. MS could stop sending updates and could deactivate it, but it would mostly keep running. And, if any EU/Russian systems were not connected to the internet (yes, this sort of thing still happens in 2025), nothing MS did would matter. Office/Azure and other cloud based services are more vulnerable. Yes, Microsoft could geo-fence those services such that they did nor work if you were coming from an IP address in EU/Russia. Though, the simple workaround for this is to install a VPN. And given US sanctions on Russia, this is probably happening right now anyway.

As much as the tin-foil hat crowd likes to think about MS having some master control switch, it's incredibly unlikely. The problem with backdoors is that hackers are constantly looking for ways to attack systems, especially Windows. If there was some sort of master "off switch" baked into the code, it's likely some one would have stumbled upon it by now. Even if it's that well hidden, it's a "one use" item with high reputational damage attached. Stop and consider for a moment, what happens when that kill switch gets used? It's going to be picked up on. People record internet traffic for fun. As soon as that kill command went out, security researchers, the world over, would be dissecting logs to find the command, and then it would be reversed engineered. That MS had such a kill switch in their codebase would cause massive distrust in MS software going forward. No one would want to take the risk of having that kill switch running in their environment, certainly not on anything critical. Also, given how bad people are at updating Windows, we'd probably see a lot of systems killed by hackers just doing hacker things. Since the versions with the kill code would be know, you'd get bored teenagers searching Shodan for vulnerable systems and sending the kill command for fun. And all of this would be "Microsoft's fault" for having the backdoor. It would be a PR nightmare. And since everyone would now know what the kill command looked like, anyone who mattered would install filters to block it at the firewall. So, it got used once, caused some damage with a lot of damage to MS's reputation but is now neutralized. Was it worth it? Probably not to Microsoft.

When I was first switching to Linux, I installed Arch on a USB3 stick and ran from there for a month or two. It worked pretty well, however I did seem to have issues with I/O contention. During some read and write operations and multi-tasking, the whole OS would just hang up until the operations were done. Since moving that installation to an SSD, that issue is gone. So, it does work, it's a pretty good way to "try before you buy"", but do keep in mind that performance will suffer.

At the same time, I'd definitely recommend working through the pain of getting it setup right. When you have a problem (and they will crop up), it gives you a better understanding to work from for troubleshooting. You may also want to try our different distros. I used Arch, because I hate myself. But, that may not be the right choice for someone else. Something like PopOS could be a good choice for something that is aimed more at gaming, but is supposed to "just work". Ubuntu is a good choice for a more "mainstream" look and feel. There is no good reason to do things the hard way, unless you really, really want to. The goal is to have a functional system, don't tie yourself in knots getting there.

Uh, no shit. State backed espionage groups are targeting the communications channels used by their primary targets. What are you going to tell me next? That water is wet and fire is hot? If the US government started using IP over Avian Carrier (RFC1149) you can bet that the GRU would start up a program to intercept the carriers.

This is why many communication options these days advertise that they are encrypted.

Like Signal. You know, the app they were using, as was mentioned in the article, multiple times. You did read the article, right?

Season 5 will premiere later in 2025

For those, like me, that mostly just wanted to know when.

It's also not really a bug. It's just understanding that whitespace characters are often ignored and can be used to push a command past the end of the textbox in the "edit shortcut" form. I'm not sure I really see a fix for it either. Granted, I think always showing file extensions would be a good start; but, that horse is so long out of the barn it's grown old and died in the woods. Much like hyperlinks, I think people just need to learn to be careful where they put their click.

You could create one with the normal shortcut editor, which is built right into Windows. As for considering Windows a risk, well yes it is.

This is going to be a teaching moment for cyber security.

This really is solvable with a KeePass setup, but it is harder. I use KeePass and host my own Nextcloud instance. One of the files I have up there is my KeePass database. If I need one of my passwords, I access it from my phone and type it in. If I really, really wanted to drop my password database on someone else's computer, I could login to my Nextcloud instance via a web browser, pull down the file and run KeePass as a portable executable (not installed). It'd be a PITA (and there are some caveats around this process), but it's certainly possible.

That said, online password managers make sense for a lot of use cases. I generally recommend BitWarden when people ask me for what to use. The whole "KeePass and manual sync" answer really only works for those folks who want to self host lots of things. And it brings its own set of risks with it. I'm the type of weirdo who is running splunk locally, feed all my logs into it and have dashboards setup (and looked at regularly) dealing with security. I have no expectation that my wife will do that and so she uses BitWarden.

I think the most important thing to convince people of is "use a password manager". The problem TommySoda brought up is very real:

While I understand that password reuse is a problem I also understand that remembering 50+ passwords, because literally everything requires you to make an account, is impossible.

The hard thing to teach people is that, you don't actually need to know those 50+ passwords, nor should you care what they are. With a password manager, they can be the crazy unique 20 character, random string of letters, numbers, symbols, upper and lower case characters. And you won't care. Open the website, and either copy/paste the password or (if you password manager supports it) use the auto-type feature. There are risks to each; but, nothing will ever be without risk. Just please folks, stop reusing passwords. That's bad, m'kay.

Thank you.

I was introduced to it when it was still Hero’s Quest (and EGA)

This is the version I always play. There's something just "right" about the EGA graphics and text parser. A clicky interface will never replicate:
Hut of brown, now sit down

There's probably a lot of nostalgia in the choice, but my all time favorite game is Quest for Glory: So You Want to be a Hero. The game was just the right mix of fantasy, adventure and humor for a young me, and I still go back an play it about once a year. A close second is Valheim. It's kinda my "cozy game". I find building and exploring relaxing, and there's enough fighting to keep the game from getting boring.