Windows Archive
It turns out that the storm of criticism Microsoft’s recently unveiled Recall feature has actually pushed Microsoft to change its mind and make some very significant changes to the feature. Today, after over a week of sustained criticism and worries, Redmond announced it’s going to implement Recall very differently. First and foremost, instead of Recall being enabled by default and only configurable after installation and the out-of-box experience, it will not be disabled by default, and the user will be prompted during the OOBE if they want to enable the feature or not. This in and of itself should alleviate quite a few worries, since having this on by default without most users really realising it was a recipe for disaster and privacy issues. Second, Recall will not be taking advantage of Windows Hello, and using Window Hello will be a requirement before you can use Recall. On op of that, Recall will use Windows Hello presence detection, so that it will only show any collected and saved data if you’re the one sitting behind the computer. It’s wild to me that they didn’t think of this one sooner, but alas – I have a feeling a lot of this “AI” stuff has been implemented in a bit of a hurry. Last but definitely not least, the Recall database, where information extracted from the screenshots is stored as well as the search index will now be properly encrypted. They will only be decrypted once the user in question is authenticated. Here, too, one really has to wonder why it wasn’t implemented this way from the very beginning, and the fact that it wasn’t makes me think we’ll be finding more questionable security and implementation details as the feature becomes widely available in a few weeks.
Before PC users can enjoy everything Windows 11 has on tap, they must first enter an e-mail address that’s linked to a Microsoft account. If you don’t have one, you’ll be asked to create one before you can start setting it up. A frequently used trick to circumvent this block is a small but ingenious step. By entering a random e-mail address and password, which doesn’t exist and causes the link to fail, you end up directly with the creation of a local account and can thus avoid creating an official account with Microsoft. ↫ Laura Pippig at PCWorld Microsoft has now “fixed” this trick, and it’s no longer possible to use it. The other popular method of circumventing the Microsoft account requirement, by opening the command prompt during installation and running OOBE\BYPASSNRO, still works, but one has to wonder how long it’s going to take before Microsoft plugs that method, too. It seems the company is hell-bent on getting every consumer onto the Microsoft Account train, come hell or high water, so I wouldn’t be surprised seeing local accounts eventually being positioned as a “pro” or even “enterprise” feature that will simply no longer be available on consumer PCs. I don’t think there’s anything inherently wrong with offering an online account option, but the keyword here is option. You should always be able to set up any computer to run with a regular old local account, even if only because internet access isn’t always a given in many places around the world. Add the obvious privacy concerns to that – an issue amplified by Recall – and I doubt users’ desire to run a local account and jump through hoops to do so will fade any time soon.
The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work. Beaumont says “several days” of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC’s native resolution, minus the taskbar area). Recall works locally thanks to Azure AI code that runs on your device, and it works without Internet connectivity and without a Microsoft account. Data is encrypted at rest, sort of, at least insofar as your entire drive is generally encrypted when your PC is either signed into a Microsoft account or has Bitlocker turned on. But in its current form, Beaumont says Recall has “gaps you can drive a plane through” that make it trivially easy to grab and scan through a user’s Recall database if you either (1) have local access to the machine and can log into any account (not just the account of the user whose database you’re trying to see), or (2) are using a PC infected with some kind of info-stealer virus that can quickly transfer the SQLite database to another system. ↫ Andrew Cunningham at Ars Technica It really does seem Recall is kind of a mess in the security department, and it has a certain rushed quality about it. All the screenshots are saved in an AppData folder, and data pulled from those screenshots is stored in a local SQLite database that happens to be entirely unencrypted. TotalRecall, a tool developed by Alexander Hagenah, will neatly pull the data from Recall for you without any hassle or issues. This truly is a security nightmare. Aside from all the obvious issues this presents, such as making it even easier for law enforcement to gain access to pretty much everything you do online, something especially troubling for minorities or in countries with less-than-stellar police departments, Recall also presents a whole host of other problems. Imagine being in an abusive relationship, and the abusive partner demanding Recall be left on at all times to exert even more control. Imagine an unscrupulous employee abusing Recall to steal sensitive information from a company for a competitor. Imagine living in some backwards part of a country with controlling religious parents, and you happen to be gay. The problems here are endless. The fact you can turn Recall off doesn’t mean much, since in the above examples, turning it off is not an option since there are controlling people involved who will demand you keep it on. Browser history and other forms of history in your computer exist as well, of course, but they’re not always as easy to parse, they’re easier to manipulate, sanitise, and temporarily hide. Recall just combines all of this and puts a neat little bow on it, ready to be abused by anyone with bad intentions. Recall is ill-conceived, badly implemented, and a solution looking for a problem, that in an of itself creates tons of other problems. I hope Microsoft reconsiders, but in a world where “AI” makes investors go nuts, I doubt we’ll see a sudden sense of clarity coming out of Redmond.
Remember when I said the honeymoon with AMD’s consumer-friendly chipset and socket support policy would eventually end? Well, while this is not exactly that, it will make a lot of people very unhappy. While AMD, as does any other company, was boastful about its product touting the 16% IPC boost on Zen 5 and the big AI performance leap delivering up to 50 TOPS on the NPU side, an interesting drawback of the Ryzen AI 300 series that has managed to avoid getting media attention is the lack of support for Windows 10. While this was just an unconfirmed rumour last month even though it was suggested by a supposed Lenovo China manager, we have now got confirmation from AMD itself that the report, that Strix point and newer CPUs and APUs will not support Windows 10 is true. ↫ Sayan Sen at NeoWin Official support for Windows 10 is ending next year, so there is some reason to AMD’s madness, but at the same time, almost 70% of Windows users are currently using Windows 10, and leaving those users behind might not be the best idea AMD ever had. There is an argument to be made that at least a reasonable number of these people are still using Windows 10 not out of their own volition, but because of Microsoft’s strict hardware requirements, and as such, anyone buying a new AMD machine will just opt for the latest version of Windows out of habit, but I still think there’s a sizable contingent of people who actively choose Windows 10 over 11 for a whole host of reasons. On a strongly related note, despite 2025 marking the end of regular support for Windows 10, Microsoft yesterday announced it’s expanding the the number of Insider channels for new Windows 10 features from one to two, adding a Beta tier below the existing Release Preview tier. Microsoft, too, will have to come to terms with the fact that with 70% of Windows users using Windows 10, they might not even be able to drop support for the operating system as early as next year. While this 70% number will surely slowly decrease over the next 12 months, with many people simply being unable to upgrade due to hardware limitations, I have a suspicion we might see an extension on that 2025 date.
When you launch a game on a Snapdragon on a Windows laptop, you might get an AI frame rate boost from Microsoft’s mysterious Auto Super Resolution (Auto SR) feature. But while Microsoft hasn’t fully explained how the feature works, The Verge can now confirm it’s not Qualcomm technology, not exclusive to Qualcomm’s new Snapdragon X chips, and not exclusive to specific games, either. ↫ Sean Hollister at The Verge These resolution enhancer technologies from NVIDIA, AMD, and apparently Microsoft are another great use of what we today call “AI” technologies. Of course, I wish we didn’t have to deal with several proprietary offerings but instead enjoyed several open source versions and possibly a standard to work off of, but give it some time, and we may still get there. Like I’ve said before – there’s nothing inherently wrong with “AI” technologies, as long as they’re used in ways that make sense, run locally, and most importantly, aren’t based on the wholesale theft of artists’ and programmers’ works. Unsurprisingly, the tech bros at companies like OpenAI don’t really understand the concept of “consent”, and until they do, their offerings should be deemed illegal.
Aside from that, the company also announced Windows 11 IoT Enterprise LTSC 2024 this week. The company has also published the minimum system requirements as well as supported processor families. They have been categorized as Preferred and Optional. Interestingly, SSD has been added as a minimum system requirement, which has been a rumour about the client OS since mid-2022. ↫ Sayan Sen at NeoWin The LTSC release, which is not really supposed to be used by average consumers, is still remarkably popular. It contains a fixed feature set and gets far fewer updates than regular Windows releases, it omits otherwise stock applications like Edge, and gives its users far more control over which updates are and are not installed. LTSC also enjoys 10 years of support from Microsoft. Interestingly enough, the minimum specifications for the IoT version of LTSC do not require a TPM 2.0, unlike the regular version of Windows, which infamously does require one. I would assume that the “preferred” minimum requirements, which does require TPM 2.0, line up very well with the minimum requirements for the regular LTSC version of Windows 11. Both will become available later this year, alongside the regular release of Windows 11 24H2.
About a month ago we talked about the rumours, but now the feature’s officially announced: Microsoft is going to keep track of everything you do on your Windows machine by taking a constant stream of screenshots, and then making said screenshots searchable by using things like text and image recognition. As you might expect, this is a privacy nightmare, and the details and fine print accompanying this new feature do not exactly instill confidence. First, the feature is a lot dumber than you might expect, as it doesn’t perform any “content moderation”, as Microsoft calls it. Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry. ↫ Privacy and control over your Recall experience Well, Microsoft says Recall doesn’t do any content moderation, but that’s actually a flat-out lie. Recall will not show any content with DRM that happens to be on your screen, and private browsing sessions in Chromium-based browsers won’t be shown either. You can also exclude specific applications and websites – filtering websites, however, is only available in Edge. In other words, managing this privacy nightmare is entirely left up to the user… Except for DRM content, of course. The mouse must be pleased, after all. It also seems Microsoft is enabling this feature by default for at least some business users, as machines managed with Microsoft Intune will have Recall enabled by default, and administrators will need to use Group Policy to disable it. There is no way in hell any company serious about data security will want Recall enabled, so I guess this can be added to the pile of headaches administrators already have to deal with. My biggest worry is the usual slippery slope this feature represents. How long before governments will legally require a feature like this on all our computers? The more Microsoft and other companies brag about how easy and low-power stuff like this is, the more governments – already on the warpath when it comes to things like encrypted messaging – will want their hands on this. This is such a bad idea.
At the heart of developer productivity lies improving performance for developer workloads on Windows. Last year at Build, we announced Dev Drive a new storage volume tailor-made for developers and supercharged for performance and security. Since then, we have continued to invest further in Windows performance improvements for developer workloads. With the release of Windows 11 24H2, workflows will get even faster when developing on a Dev Drive. Windows copy engine now has Filesystem Block Cloning, resulting in nearly instantaneous copy actions and drastically improving performance, especially in developer scenarios that copy large files. ↫ Pavan Davuluri on the Windows blog Sounds like a near and meaningful improvement.
Microsoft’s developer conference Build is taking place this week, so there’s been some major Windows news and announcements, and for once – we’re not talking about more ads in your operating system, or even “AI” shoehorned into, I don’t know, Phone Dialer or Windows Fax and Scan. First and foremost, Windows is going to get a new compiler, kernel, and scheduler, but despite such massive low-level changes, the marketing version number won’t jump from 11 to 12. Of course, we all know the marketing version number has nothing to do with the actual Windows NT version number, which currently sits at 10. The Windows NT version number, meanwhile, is actually also meaningless, since it magically jumps around left and right too, going from 6.2 to 10 between Windows 8.1 and Windows 10, where it has stayed ever since. “We really focused on modernizing this update of Windows 11,” said Microsoft Corporate Vice President of Windows and Devices Pavan Davuluri at a technical briefing on Microsoft’s campus in mid-April. “We engineered this update of Windows 11 with a real focus on AI inference and taking advantage of the Arm64 instruction set at every layer of the operating system stack. For us, what this meant really was building a new compiler in Windows. We built a new kernel in Windows on top of that compiler. We now have new schedulers in the operating system that take advantage of these new SoC architecture.” ↫ Andrew Cunningham at Ars Technica The focus is clearly on ARM here, which coincides with the launch of Qualcomm’s Snapdragon X Elite, a new SoC that finally seems to truly make ARM laptops that aren’t from Apple a real, competitive thing – so much so that Qualcomm is even breaking with tradition and taking Linux support very seriously for this new chip. Microsoft also unveiled the name for its new x86 translation layer for Windows on ARM: Prism. Microsoft told Ars Technica that Prism is as fast as Apple’s Rosetta 2, which is interesting because Apple’s M series chips contain special silicon to speed up the translation process, making me wonder if Qualcomm has done the same, or is just brute-forcing it. Performance like this means the apps customers love work great. Microsoft has partnered closely with developers across the globe to optimize their applications for this processor. In addition, the powerful new Prism emulation engine delivers a 2x performance boost compared to Surface Pro 9 with 5G. On the new Surface Pro and Surface Laptop, powered by Snapdragon X Elite and Snapdragon X Plus processors, experiences like Adobe Creative Cloud, Microsoft 365 and Chrome will feel snappy, quick and responsive. ↫ Pete Kyriacou on the Windows blog The new Windows on ARM machines using the Snapdragon X Elite will be marketed under the new Copilot+ brand name, which brings with it some requirements, the biggest of which is the neural processing unit: it must be capable of at least 40 trillion operations per second. At the time of writing, the only Windows-capable processor that can boast such numbers is, of course, the new Snapdragon X Elite. AMD and Intel need not apply. They simply cannot match this. Microsoft tied a bow on all this stuff by unveiling the new Surface Pro and new Surface Laptop, both powered by the new Snapdragon SoCs. You can preorder them today, but they won’t be available until 18 June.
Windows Server 2025 comes equipped with dtrace as a native tool. DTrace is a command-line utility that enables users to monitor and troubleshoot their system’s performance in real-time. DTrace allows users to dynamically instrument both the kernel and user-space code without any need to modify the code itself. This versatile tool supports a range of data collection and analysis techniques, such as aggregations, histograms, and tracing of user-level events. To learn more, see DTrace for command line help and DTrace on Windows for additional capabilities. ↫ What’s new in Windows Server 2025 DTrace was originally developed by Sun as part of Solaris, but eventually made its way to other operating systems as Sun collapsed in on itself and Oracle gave it the final push. DTrace is available for the various surviving Solars-based operating systems, Linux, FreeBSD, NetBSD, macOS, and QNX, and Microsoft ported DTrace from FreeBSD to Windows back in 2018. With Windows Server 2025, DTrace will be shipped out of the box.
I didn’t know this was a thing, but apparently Microsoft offers a Windows tune-up application in the vein of things like CCleaner and similar tools. One of the things it does is protect users from applications that try and change default settings, and it seems the application takes this matter very seriously. Microsoft may be taking a bit of liberty with that last bit. It looks like the PC Manager feels your PC is broken and needs repair if you changed your default search engine from Bing. ↫ Sayan Sen at Neowin Setting aside just how defeatist it feels that the creator of Windows needs to make an application to keep Windows from falling over, I find it almost endearing just how hard Microsoft is trying to get users to choose Bing. If you’ve ever seen the Swedish film Fucking Åmål, it’s also very likely you remember the gut-wrenching, maximally cringe-inducing birthday party for main character Agnes where nobody shows up, while her mother, oblivious to just how deeply disliked Agnes is by her classmates, tries desperately to assure her daughter that people will show up. Director Lukas Moodysson takes no prisoners and drags out the scene to really maximise just how uncomfortably sad the whole thing is. It’s incredibly hard to watch. Well, Agnes is Bing, Microsoft is its mother, and nobody shows up to Bing’s birthday party either.
As Nintendo Switch unlocks and homebrew software develops, people are inclined to explore the possibilities and whether or not they actually provide a good experience. Our new prime example seems to be a full install of Windows 11 Arm on the Switch. As noted by @PatRyk on Twitter, who actually set this up, the experience is pretty grueling! The initial installation took three hours, and even basic system tasks were unresponsive. ↫ Christopher Harper at Tom’s Hardware Silly, sure, but efforts like these all contribute to emulation efforts, which will eventually be important once Nintendo drops support for this machine and they become increasingly harder to get. Give it a decade or so and we’ll need the Switch emulators to keep playing Switch games.
The grabber in Windows 3.1 was improved to save and restore the index register as well, but it does not attempt to restore the flip-flop state, which is significant. The problem with the VGA emulation was that it erroneously applied the flip-flop state to reads from port 3C0h, and Windows 3.1 would save the wrong index register value… but only the second time through, because the flip-flop state was different at that point. That is to say, the Windows 3.1 standard mode grabber read from port 3C0h to query the attribute controller index register state, but the emulation returned the currently selected data register contents instead. And then, when restoring the attribute controller index register the next time around, the register would be restored to the wrong value which didn’t have bit 5 set, causing the screen to go blank. ↫ Michal Necasek It’s not every day that you learn how an aspect of the workings of VGA causes a blank screen under very specific circumstances when running Windows 3.1 in Standard mode under emulation, and that this specific aspect of the workings of VGA was implemented to maintain backwards compatibility with EGA. Absolutely bonkers.
Windows 11 supports a variety of ARM processors from Qualcomm. According to the official documentation, you need a computer with the Snapdragon 850 processor inside or newer to run the current operating system officially. However, customers with PCs powered by the Snapdragon 835, the original Windows on ARM chip from 2016, can bypass hardware requirements and install Windows 11 at their own risk. Sadly, those days will be ending soon. Starting with Windows 11 version 24H2, Microsoft’s operating system requires ARM v8.1 to run. An attempt to boot it from a device with an ARM v8.0-based processor results in system crashes. For reference, the Snapdragon 835 from 2016 is a chip with Kryo 280 cores, which are derivative of ARM’s Cortex-A73 cores. ↫ Taras Buria at Neowin I’m sure all three Windows on ARM users are devastated.
That’s right: it’s PowerPC, the most unloved of the architectures CE ever ran on — in fact, this is the first PowerPC Windows CE device I’ve ever found, and I’m the self-described biggest pro-PowerPC bigot in the world. Here’s an unusual form factor Windows CE device, running on the operating system’s least used CPU, from a storied computer company near the end of its run, intended for medical applications, produced in very small numbers and cancelled within months. What are we going to do with it? Well, what do you think we’re gonna do with it? We’re going to program it, so that we can finally have some software! And, of course, since this wacky thing was there at the bitter end, we’ll talk more about the last days of Data General and what happened next. ↫ Cameron Kaiser I knew Windows CE supported PowerPC, but I never knew any PowerPC-based Windows CE devices ever actually shipped and made it to market. Only Windows CE 2.0 seems to have supported the architecture, and it seems to have been eliminated in 3.0 and 4.0, so it’s not surprising there weren’t many PowerPC Windows CE devices out there. The device that’s the subject of this article, too, only lasted on the market for a few months, so it’s definitely a rarity.
To support Zero Trust deployments trying to lock down devices to only access approved network destinations, we are announcing the development of Zero Trust DNS (ZTDNS) in a future version of Windows. ZTDNS was designed to be interoperable by using network protocols from open standards to satisfy Zero Trust requirements such as those found in OMB M-22-09 and NIST SP 800-207. ZTDNS will be helpful to any administrator trying to use domain names as a strong identifier of network traffic. ZTDNS integrates the Windows DNS client and the Windows Filtering Platform (WFP) to enable this domain-name-based lockdown. First, Windows is provisioned with a set of DoH or DoT capable Protective DNS servers; these are expected to only resolve allowed domain names. This provisioning may also contain a list of IP address subnets that should always be allowed (for endpoints without domain names), expected Protective DNS server certificate identities to properly validate the connection is to the expected server, or certificates to be used for client authentication. ↫ Tommy Jensen on the Microsoft blog If you think I know nothing about programming – wait until you hear me talk about networking. I consider it to basically be arcane magic, and my knowledge doesn’t extend much beyond “plug in cable to make light blinky” and “unplug from power to fix light no blinky”. Network administrators are the real heroes in my eyes. Anyway, what I do get from painfully reading this announcement over and over again until my eyes started bleeding is that ZTDNS will give network administrators more finegrained control over which DNS servers and domains are accessible, and perhaps more importantly, it will encrypt traffic between clients and the DNS server. I have no idea if this is unique, or if it even makes any sense to do so, but it seems like a good idea, especially for corporate and government networks. I’m struggling here, y’all. Please help me out.
Well, this was a wild goose chase of a read. J. B. Crawford dove into the history of something I’ve never heard of – Microsoft At Work – and came away with a story that’ while clearer thanks to his research, is still frustratingly nebulous. I’m still not entirely sure what Microsoft At Work really was, but I think it had the goal of running Windows on communications devices like faxes, to make it easier to share and work on documents across various devices. Crawford did a lot of digging, and eventually settles on what he thinks might be a description of what MAW really consisted of. I am being a bit dismissive for effect. MAW was more ambitious than just installing Windows on a grape. The effort included a unified communications protocol for the control of office machines, including printers, for which a whole Microsoft stack was envisioned. This built on top of the Windows Printing System, a difficult-to-search-for project that apparently predated MAW by a short time, enough so that Windows Printing System products were actually on the market when MAW was announced—MAW products were, we will learn, very much not. MAW devices like the Ricoh IFS77 ran 16-bit Windows 3.1 with a new GUI intended to appear more modern while reducing resource requirements. Some reporters at the time noted that Microsoft was cagey about the supported architectures, I suspect they were waiting on ports to be completed. The fax machine was probably x86, though, as there’s little evidence MAW actually ran on anything else. ↫ J. B. Crawford The ’90s were a wild time, especially as Microsoft, and this MAW project seems to have ’90s written all over it, but I’d still love to learn a lot more about this. I hope this article will bring out some former Microsoft execs or employees who can give us more details, and possibly even some code. I want to know how this works and what it did.
Microsoft is about to go even more hog-wild with “AI” in Windows, as it intends to start recording everything you do on your Windows computer so “AI” features can find stuff for you. According to my sources, AI Explorer will run in the background and capture everything you do on your computer. It will document and triage everything it sees, no matter what apps or interfaces you’re looking at, and turn them into memories that you can recall at a later point. For example, you can have a conversation with a friend in the WhatsApp app for Windows, and AI Explorer will record and remember the content that was on-screen and process it with AI for you to recall later. AI Explorer can also summarize conversations, emails, web pages, and general UI surfaces just by asking for it during or after the fact. I’m told that much of this experience is rendered on-device and does not reach out to the cloud to process information. This is important for privacy reasons, but also for performance reasons. To reduce latency, AI Explorer will rely on NPU silicon to process content that has been recorded. I also understand that users will be able to filter out specific apps from being recorded by the AI Explorer process, or disable AI Explorer entirely. ↫ Zac Bowden at Windows Central Is this really something people wan to devote constant resources and thus battery life to?Setting aside the privacy implications of something like this, do people really want to have a permanent record of everything they’ve done on their machine? Maybe I’m just the odd one out here, but nothing about this appeals to me in any way, shape, or form. In fact, it’s quite the opposite – something like this would make make me run for the hills, looking for an alternative to the operating system I’m using. And the weasel words “much of this experience is rendered on-device” definitely did not go by unnoticed. This wording makes it very clear at least some data will be sent to Microsoft for processing, and over time, that amount will only increase. No data company has ever reduced the amount of data it captures, after all.
The maker of Tiny11, a third-party project that aims to make Windows 11 less bloated with unnecessary parts, released a new version of Tiny11 Builder, a special tool that lets you create a custom Windows 11 image tailored to your needs and preferences. The latest release makes it much easier to create a lightweight Windows 11 ISO without worrying about installing a system modified by unknown third parties. ↫ Taras Buria at Neowin Perhaps you can make Windows 11 slightly more bearable with this. If there’s any interest from y’all, I could build my own debloated Windows 11 install and see if I can make this platform bearable for myself? Let me know in the comments.
Microsoft is on a roll with updating its app store on Windows 10 and 11. Following the recent release of performance upgrades and improved algorithms, the company announced big changes in how the web version of the Microsoft Store works. Now, every user can download app executables directly from the website using new “installers for web.” ↫ Taras Buria at Neowin Neat.
