MissConstrue1d ago

Ok, I recognize that since starting HRT, I have reclaimed Bitch Mode, (estrogen, my old friend, how I've missed you), and I am crankier than advertised. So, perhaps my morning of aggravation is not so severe that it requires me to call in tactical airstrikes on #Dell and #Microsoft...but it just might.

Back in 2011, #UEFI Secure Boot, a mechanism for verifying PC bootloaders to ensure that unverified software can’t be loaded at startup was added to #Windows. It became a formal system requirement for installing Windows starting with Windows 11 in 2021.

#SecureBoot has relied on the same security certificates to verify bootloaders since 2011. But those original certificates are set to expire today, 06/24/2026.

1/

Show threadMissConstrue

Because I am a slacker, I didn't really think much about it. I ran a #powershell command to check that I had the new certificates, and it came back "True"...so...golden, right? Ooooooh, but no.

(Powershell command to check cert: run it as an Administrator, and type

([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')

If True, you have updated certs. )

But...just because you have new certificates DOES NOT MEAN THEY ARE INSTALLED.

The second thing to check is the “default db,” which shows whether the new #SecureBoot certificates are baked into your PC’s firmware.

#PowerShell command:
([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI dbdefault).bytes) -match 'Windows UEFI CA 2023')

If this command returns “true,” your system is running an updated BIOS with the new Secure Boot certificates built in. Older PCs and systems without a #BIOS update installed will return “false” here.

2/

Jun 24 at 8:01pmWeb
Show threadMissConstrue1d ago

So, I got True on option 1, and false on option 2. And thus began a morning of frustration.

I flashed my bios more times than an OnlyFans camboi flashes daddy. I updated my IO drivers, my video drivers, my firmware drivers, all in a vain attempt to get this silly old box to accept the new certificates.

Fail, time after time. Finally went old school, working directly at the bios level, watching what was happening.

It failed because the chip needs 64k more memory than it has. A molecule of memory. This insanely powerful box, even though it's old, is kneecapped by 64k of missing memory in a component part that cannot be replaced.

Yeah...I don't think tactical airstrikes are an overreaction.

3/3

Show threadNetraven1d ago

@MissConstrue ruh roh, better rewrite your bios and hard code the certificate in. /s

Meanwhile, my mobo shipped with AMI FACTORY KEY DO NOT TRUST.pki

good luck with that.

Show threadNetraven1d ago
@MissConstrue don't have to worry about secure bios if bios settings won't load due to fried embedded controller and haunted pci and dmi mappings preserved in software memory only. Ultra secure because the second anyone tampers with anything, the system never boots again.
Show threadStacey Cornelius 🇨🇦1d ago
@MissConstrue Good grief. Fire up the bat signal.
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉1d ago
@MissConstrue Same here –I’ve got an older, jaded device from many years ago that was worth over €5k, but now it’s worth fuck all. I mean the specs are still baller, whether it’s the CPU, graphics cards, or 64 GB of RAM by today’s standards. Also, the Pro Samsung PRo NVMe SSD with over 512 GB, plus a second one with 2 TB, all for the dumpster heaven– except I’ve got Linux installed. Still on this one, Windows 11 yuk will never run, even if I would want to test it – Nada…
Show threadMissConstrue1d ago
@nemo Yeah, I'm probably going to make this one my new media server. Just replacing the motherboard is so much hassle, I'm just going to roll her to linux, airgap, and maybe get a mac.
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉1d ago
@MissConstrue No shame in it, thanks to the heavens that linux exist and yeah better get a Mac everything is better then another Wndows device… their hold and grip on the market enabled this secureboot bios/uefi bs in the first place…
Show threadMissConstrue1d ago
@nemo Yeah. I have so much legacy software on PC. My formula database was created just for my soap company, and only runs on this box, because it's hardware locked and the developer died, so I need to print out all the formulas I guess. Grrr. If the tariffs hadn't killed the company, I'd be more upset, probably. I have time to restructure if I relaunch.
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉1d ago
@MissConstrue :shooked: OH! Yikes! Sorry to read that…
Show threadMissConstrue1d ago

@nemo My other company's name was hijacked by a Chinese company, and I got hacked so much and so hard that now it's just a single page that says "I'm not them, stop attacking me."

It's been a bad year for my IP, is my point. ;)

Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉1d ago
@MissConstrue I know you had posted that a few times :bulb:
Show threadWulfy—Speaker to the machines1d ago

@MissConstrue @nemo

If you can live with yourself, unless the database file is encrypted, the AI will extract your data from the binary database file into a CSV or even an SQL import, esp. if you provide fields from a screen cap. One look at a hex dump will tell you if the data is salvageable.

Show threadMissConstrue1d ago

@n_dimension I can export directly to sql, but no matter what, I'll lose historical data, such as cost analysis of components, batch modifications, supplier notes, etc., but retrieving the baseline formulas in digital form is possible without a lot of hassle.

Recreating the code is a whole different thing. It is a beautiful bit of kit.

Show thread⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️1d ago
@nemo @MissConstrue instead of Microsoft deciding what boots, Apple do...
Show threadMissConstrue1d ago
@falken yeah… this timeline sucks.
Show threadWeekend Editor21h ago

@MissConstrue

"I don't think tactical airstrikes are an overreaction."

Just don't try *strategic* airstrikes.

That would be an overreaction.

Show threadMissConstrue21h ago
@weekend_editor duly noted. 🥳