I agree with all of the articles points except for the first one: TPM and Secure Boot do not reduce user choice or promote state or corporate surveillance. If you want to be able to prevent root kits you need secure boot, and if you want to store secrets that don't need a user password to unlock and can't be stolen by taking apart the computer, you need a TPM; or you need substantially similar alternatives.
I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't. A Windows Logo compliant PC _also_ needs a way for users to install their own root of trust. Microsoft didn't need to add that requirement. Sure, there are large corporate and government buyers that would insist on that, but they could convince (without loss of generality) Dell to offer it to them. Instead, Microsoft said all PCs need it, and as a result, anybody who wants to take advantage of secure boot can do so if they go through the bother of installing their own root of trust and signing their boot image.
> I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't.
This was not the case with the initial rollout of Secure Boot, it was combined with locked BIOS to lock PCs so that they could only boot Windows 8 on some devices. This was the case on Windows RT ARM machines from that era.
All that has to be done today for machines to be locked down again is to flip a bit or blow an e-fuse. It's already the case on phones and tablets.
There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
I say this as someone who agrees with your first paragraph and uses Secure Boot + TPMs on all of my machines.
And it's already happening in the form of Google play integrity API. Many apps already require it. It's just a matter of time before they push similar tech to the desktop. And on mobile it hurts more because many banks now require a mobile app for 2FA.
Personally I think any form of attestation is evil.
There's a reason Microsoft is aggressively deprecating "older" CPU's that work perfectly fine. Heck, I have one laptop with Windows 11 that worked great, but won't update from 22h2 to 24h2 because CPU support was dropped between versions, leaving me with only the glib suggestion from the Windows Update UI to "Buy a new device".
Ironically, installing Windows 10 and activating ESU would lead to longer hardware life.
Of course, I didn't. Instead, I installed Linux on that laptop too. My partner had no issues switching.
TPM wasn't the only reason older CPUs were dropped. The biggest reasons where the line in the sand Microsoft chose would not be supported in Windows 11 was Spectre/Meltdown [0] mitigation. Windows 10 added a bunch of intentional slowdowns to mitigate that disaster and people incorrectly blamed Windows 10 for being slow and not the CPUs and their CVEs. Windows 11 seems to have wanted a clean slate without needing to have any of those slowdown mitigations in the codebase and eliminate some classes of "Windows 11 is slow on my machine" complaints.
I'm not sure Microsoft took the best approach. I might have opted into a "Windows 11 Slow CPU" SKU if it was marketed right. That might have been a little kinder than "all these CPUs with this awful series of bugs are trash, even though we have had a successful workaround".
> People here REALLY need to start understanding this issue.
The idea that understanding is the problem feels like a fallacy. People need to upgrade hardware, and when all chips contain such functionality, consumers won't have a choice of alternatives. What you want is legislation (or a dominant competitor lacking such features, which doesn't exist).
No, I think they bend over backwards not to do it overnight because of the outcry but try to make all required changes and enforcements gradually over the years so in the end you will have no choice but there will not be any sudden change that would spark protests.
> This was not the case with the initial rollout of Secure Boot, it was combined with locked BIOS to lock PCs so that they could only boot Windows 8 on some devices. This was the case on Windows RT ARM machines from that era.
Okay, but, that was like 15 years ago, on some shitty first-run computers that no one bought. A failed first attempt. I've never met a single person that owned, or has ever used, a Windows RT device.
The world has moved on. But oddly continues to buy bootloader-locked iPhones and Androids by the bucketful.
Dwelling on the past isn't going to move us forward. Anyone pushing the "Secure Boot and TPM are evil" trope in 2025 is objectively a fool and should be ignored. Most don't even realize what a TPM does, they think it's some secret chip inserted by glowies into their computers to prevent them from running free software. No.
> There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
Remote attestation can be misused, yes. But why writing it as TPM is the problem? In cases where remote attestation is used for good, TPM improves the setup, if anything.
I dont see the rationale for what you wrote, and am genuinely curious what it is.
You can't do remote attestation without something like a TPM.
Let's compare these scenarios:
A) TPMs are optional and 30% of users have them. A bank is thinking about requiring remote attestation to use their services. Since they'd lock out 70% of users they decide to not do it.
B) TPMs are mandatory and 90% of users have them. A bank is thinking about requiring remote attestation to use their services. Since they'd only lock out 10% of users they decide to do it.
And banking is the nice example here. Refusing to serve a site if the user is using an ablocker is very much in the interest of powerful players in the space, see WEI. Every platform that has wide spread TPM adoption, namely Android and iOS have shown that they will abuse them for anti-consumer purposes sooner or later. We are talking about Microsoft here, the current and past poster child for anti-consumer decisions.
I hope that explains why making TPMs blanket available introduces new risks to sovereign computing.
Because that's what has been going on in the Android world for years and for the iPhone was the case from the start.
Root your phone, even if it is just for the ability to make full backups (because that is, to this day, not a thing on Android)? Say goodbye to banking, most games, even the proposed new EU "digital identity" government wallet was supposed to enforce attestation.
And everyone with a phone on the "bad vendor" list that either doesn't get Google certification from the start or gets it revoked due to sanctions? Same.
TPMs form the root of trust needed for remote attestation. If not TPMs, cryptographic co-processors can do similar things, or work in tandem with TPMs to accomplish the same thing.
TPM and Secure Boot would be good things if there were no way to prove to third parties that you're using them, or have them configured a certain way (i.e., remote attestation). It's the fact that that is possible that makes them reduce user choice and promote state and corporate surveillance.
Maybe. This assumes I trust Microsoft to have part of my computer where I have no ability to interrogate it to see what they’re doing in there.
If it’s on my computer, I should be allowed to read and write to it. End of story. I don’t care if that makes it vulnerable. So far as I’m concerned, letting Microsoft keep secrets from me on my own computer is similarly catastrophic to losing my HD to a crypto-locker virus.
> TPM and Secure Boot would be good things if there were no way to prove to third parties that you're using them, or have them configured a certain way (i.e., remote attestation).
This is exactly what a TPM was made for, so your statement is a little bit paradoxical.
The ideal is the owner being able to use TPM/SecureBoot/etc to ensure that the device is in the configuration they want. That means resisting tampering, and making any successful tampering become obvious.
The problem is third parties using TPM/SecureBoot/etc as a weapon against the owner via remote attestation, by preventing them from configuring their own device, with the threat of being cut off from critical services.
Having the upside without the downside would be nice, but how could it work? Is a technical solution feasible, or would it need a law/regulation?
Not a crypto expert, but given how both, bad players seeking control and people seeking to verify their cloud machines are both remote it seems that the technology will rollout without problem and will end up being force fed into all consumer devices with bullshit excuses.
On the face of it they're just security features, and I don't deny they are, but the industry as a whole are using those features to implement device verification systems that are being used to lock down their platforms and centralize control over their software ecosystems.
Being able to install another OS isn't much good if critical applications and websites refuse to run on it.
That the battle is lost doesn't mean we should stop fighting. Even the war being lost isn't a reason to. The equivalent in the real world is resistance.
I honestly have only come across one company that is app only. That was because I was with them when they changed over, otherwise I would never have signed up.
This was my local gym which sacked their front desk staff and moved to app access only, and with an app infested with trackers at that. Needless to say I don't go to that gym anymore.
It's popular with fintechs, especially new ones. Robinhood for instance was app-only for a few years before they got their web version. Revolut theoretically has a web version but it has far less features than the mobile app. Restaurant "apps" (for ordering and offers) are often app-only as well.
Honest question: What does TPM have to do with this? I mean, Revolut developers don't need to check for TPM or similar to serve other functionalities just because you're on browser or mobile app. Am I getting something wrong?
There might not be "TPMs" exactly on smartphones, but both Android and iOS have device attestation APIs that does the same thing that TPMs do, ie. cryptographically prove to a remote party that you're running some particular version of software.
>I mean, Revolut developers don't need to check for TPM or similar to serve other functionalities just because you're on browser or mobile app.
Some features are simply not available in the web version. You can try running the app in an emulator to get past that limitation, but an emulator won't be able to spoof device attestations, so if they bother checking for it you're screwed.
I'm on a move, had to pay some transport company to move some stuff for me, pick-up date tomorrow. Paid online, website asked for a confirmation from my bank's app (N26), fair enough. Opened the app, just to be greated with "Please Update. The latest app version includes new features, enhancements and stability improvements" with the only choice: "Update now".
Being confronted with an app designed to refuse to work was irritating enough (for context, I'm from a generation were we used to own our devices), but I clicked on "Update" anyway, just to be told by apple store that there was no update for my iPhone 7.
Ok, the writting was on the wall. You know, I own one iphone and 2 android phones already, all of them several years old but in pristine condition. That's how I am, I care for things. I'm not going to buy yet another one, if only because I hate waste and fear mismanagement of natural resources. That's how I am, I care for things.
Now you are mandating me to add more e-waste? There is no way I'm going to do that, so I decided to connect to N26's wensite, but guess what? You need the app to login. Well, if you insist you can also login with a short message, which I did, just to check that there was no way to confirm a paiement on the website.
But you can contact "support", so I tried that. To their credit, the robot bouncer was quick to admit incompetence and to connect me with a friendly fellow human, who was unfortunately only allowed to lecture me about why those "new features and enhancements" were essential to my account's security, while being unable to tell me exaclty what they were or what was the problem with the current version, and suggested I login from someone else's phone instead.
Security? Whose security?
To anyone working in tech, let me remind you what an actual threat model is.
My actual threat model in the actual world is that your company might stole my money, or prevent me from access it which amount to the same thing. Data points: Despite all the stories on the news about mischievous hackerz from russia and china, I've been stolen money only twice in my life, not a lot of but at the time I needed it, and twice by banks.
My threat model is that the electronic gadget that I bought and carry with me all the time stops obeying me and starts obeying some adversarial company. And that, in perfect novlang mastery, you want me to call this a "trusted device".
My threat model is that our civilization might drown in e-waste.
Want another exemple of app only service? Wait for a days or two, as I'm confident I will face the same issue soon.
I must just have a sixth sense to avoid those kinds of services. And I also have a zero tolerance policy. For example, if a restaurant says I have to order on my phone, I stand up and go to leave. I am old enough now they probably just assume I am technologically illiterate.
Yes, your bank is shit, but this is also Apple's fault to a large degree.
There is absolutely no reason to release a new major version of your OS every year, and there is no reason to arbitrarily drop support for older devices (except extremely contrived ones, that I'm sure will be posted below). I made the mistake of acquiring an Ipad once. Its only job was playing YouTube videos in bed (yes I know), until Apple and Google in unison decided that it should be thrown into a landfill, because its OS was unsupported and the YouTube app, for no reason at all, would no longer work. Was the device suddenly unable to decode H.264 video or playing audio? Nope. But please just throw it in the trash and buy a new one - what are you, poor?!
I don't know, I haven't checked extensively but I believe supporting iphone7 is still one checkbox away in xcode (xcode 26 release notes state that it "supports on-device debugging in iOS 15 and later", which is what is installed on my iphone).
I could imagine how some team at N26 though that "supporting" more devices was too much on their plate, which I would sympathise with, but the most likely scenario to me is that some technically inept "decision maker" decided to ban older phones in a security gesture to give the impression that he is adding value.
Note: I also own a venerable ipad air2 (2009) that I bought second hand long ago to serve as a midi controller. Still a very nice, well build machine. It's not allowed to connect to wifi or it would figure out what year it is. I call it "hibernatus" (reference to https://en.wikipedia.org/wiki/Hibernatus) :)
Your story is appalling, and I agree that this is a major problem.
However, drowning in e-waste from smartphones is many orders of magnitude from being an issue, as trivial calculations easily show. Mentioning it makes your argument rhetorically much weaker. The iPhone 16 is 147.6mm × 71.6mm × 7.8mm (8.2 × 10⁻⁵ m³) and weighs 170g, according to https://www.dimensions.com/element/apple-iphone-16-18th-gen. The population of France is 68.6 million people. One iPhone per person each year for the next century would be 6.86 billion iPhones in France, assuming the population remained constant. This would weigh 1.2 million tonnes and fit in a sphere 51 meters in diameter. If stacked 6 meters deep it would cover 9.4 hectares, a circle 340 meters in diameter. France contains 63 million hectares. The hypothetical pile of iPhones would cover about a third of the area of the Gravelines Nuclear Power Station near Calais.
Far from drowning in e-waste from smartphones, if you dump it in a landfill, it will be extremely hard even to find the e-waste without a map.
Even if you didn't have a countryside to bury e-waste in, this should be obvious even on the household scale. Suppose you and your four children each get a new iPhone every year, and instead of throwing them away, you put them in a box in the attic. How big is the box? It's a 35 cm cube after 100 years. It would weigh 85 kg, though, so you'd want to use several smaller boxes. But there is no risk of drowning.
"Drowning in e-waste" was a metaphor for "slowly destroying the conditions for civilisation with the violent obsession for more fossil fuel and more minerals to extract".
That's a bad metaphor, because those problems don't have anything significant in common with the e-waste problem, but there is no particular danger of smartphones being a major contributor to them, either. According to https://www.apple.com/nz/environment/pdf/products/iphone/iPh... the emissions per iPhone 16 are 56 kg of CO₂ equivalent, 18% of which is the expected energy consumption during the life of the product. France emits 4.14 tonnes of CO₂ per person per year, so buying an extra iPhone per year would increase your total yearly CO₂ (equivalent) emissions by about 1%. Similarly, the quantity of minerals in a smartphone is insignificant (170 grams! largely recycled!) compared with the quantity of minerals in, for example, a sidewalk (many tonnes).
Some of those minerals, like the gold in the bond wires, are pretty heavily refined, requiring the excavation of some much larger amount of gangue and leaving most of it as tailings. But the total quantities of those minerals in the device are very small indeed. Instead, worry about things like electric vehicles and CO₂ emissions from making concrete.
What you are doing by attempting to reduce fossil fuel and other mineral usage by buying smartphones less frequently is analogous to attempting to pay the rent on a Paris apartment by looking for lost coins in the subway station, or attempting to take a running leap across the English Channel. You are doomed by your complete lack of understanding of the orders of magnitude involved.
e-waste is very much linked with over-production, of which any particular product taken in isolation, be it iphone or tomatoes, is of course insignificant, the issue being the economy at large not iphones or Apple.
I don't know what's your point exactly? I was close to believe that this near perfect mix of naive quotation from Apple PR BS, computation of tons of minerals required to build a phone to the 5th decimal, and the lackadaisical insulting remarks, was some refined form of humor. But given we are on HN, you might just be this kind of engineer who can't see the forest for the tree.
So, assuming you are just inapropriately expressing a genuine concern that I might be mislead into believing that refraining oneself from buying any more phones is going to slow our society spiraling down into chaos, rest assured: I'm not believing this. My posture is all about principles, and holds for an iphone like for any of the many useless things a normal, modern life wants us to consume routinely, because I believe one should try to do the right thing no matter what, regardless of the odds of success, because proceeding otherwise requires to define success, an end goal, and that's a circular impossibility. Yes, as you can see, I'm with you on the spectrum. :-)
Thing is, because the whole design is closed as well as firmware, the security of it is near zero, even for sealing firmware device images (e.g. option ROM), much less bootloaders. Multiple security holes have been found.
There's no issue booting a boot rootkit with the standard Windows bootloader unless you manually seal the image with command line or group policy, and even then it's possible to bypass by installing a fresh bootloader because the images are identical and will boot after a wipe.
> if you want to store secrets that don't need a user password to unlock and can't be stolen by taking apart the computer, you need a TPM
I had a Win 7 system and just entered a password on boot, this decrypted the disk. It was supported without mods or TPM (maybe some registry tweaks though).
On Ubuntu I do the same, no need for TPM.
Am I missing something?
My disk is encrypted. If they take it apart, they need my password to crack the encryption.
The important part in the parent is "that don't need a user password". You just said you had to supply a (user) password.
With a TPM you can set it up that your disk is unlocked automatically, but only if no-one changed anything in the signed boot chain. This is the default with Bitlocker on Windows and is also possible on Linux, though somewhat more finicky.
But most people don't want to enter a password, and if you make people enter a password too much, they'll choose terrible passwords and put them on a sticky note. Windows Hello can only be done securely with a TPM. A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
I want a TPM in my computer so I can have the security and convenience. Yes, it's another point of failure. But I need backups in case the hard drive fails anyway. And besides, the OS can be designed so I can enter a password if I need to use the drive without the TPM.
>Windows Hello can only be done securely with a TPM
I think in general biometrics are in the same ballpark as low-entropy passwords. IDK, I personally have no faith in trusted computing hardware because it can be broken with the right equipment. You're right that it can be used alongside ordinary security measures, but I just think it encourages putting your eggs into a cryptographicially-weak hardware-strong basket (which represents a downgrade because crypto is stronger than hw).
>A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
Can you describe how this prevents a MITM attack? I assume you mean a remote server? I've heard of colocation setups like this, but I think they rely on a couple of unstated assumptions.
But without password, anybody can physically access the device and exfiltrate data. That is even easier than regular password protection, where the storage medium would have to be removed or a live OS would have to be booted.
The risk is data leakage. With a TPM and no password, there is no data leakage protection.
> Am I missing something? My disk is encrypted. If they take it apart, they need my password to crack the encryption.
You’re not protected from an evil maid attack. An attacker with physical access could make your device boot their own payload to capture your encryption key and install a rootkit.
I—like most people—don't have a maid. Is Tom Cruise going to break into my house to add a keylogger to my computer without me noticing? If anyone is breaking in, my threat model is worrying about me or my family getting killed, not someone installing an evil bootloader.
Most market segmentation is just to screw customers (e.g. ECC support), but measured boot is one that really only needs to be on enterprise server or workstation-class hardware, and actually causes issues by existing in mass market hardware.
If your threat model includes evil maid attacks a TMP will not save you. They can just install a physical keylogger and then do whatever they want. The only threat model that a TPM helps with is where the owner of the computer is considered the threat by someone else.
So what happens when they use their physical access to turn off secure boot or just replace the component/device with one that looks the same, prompts for your password and sends it to them?
That's Windows doing that, which they've just compromised and then configured to display only the normal login prompt but send your credentials to the attacker.
They can also decrypt your hard drive by doing the same thing without modifying the original machine by just stealing it and leaving you a compromised one of the same model to also steal your password.
Either you're entering something into the machine to authenticate yourself or they can just copy or modify your files without authenticating to begin with.
If they just want your password they don't need to decrypt your hard drive, they can format it and install a rootkit that steals your password as soon as you try to login.
So don't turn off secure boot. Replace the target machine with an identical decoy machine set up to capture whatever credentials are required to log in to the machine once BitLocker auto-unlocks, then use these to log in to Windows on the original machine and steal any encrypted data accessible by the user who logs in.
This would be more difficult to pull off in the presence of non-password security like a hardware token, as you'd need to forward the actual login UI to the decoy machine, but still not terribly difficult if the login UI will display on an externally-connected monitor and accept input from an externally-connected keyboard and pointing device, and the hardware security device connects via an external interface like USB.
I think it has the potential to create that situation if those features ever change. I should probably update that language, but I still feel from a consumer choice perspective, those solutions seem vendor specific and not governed by an open organization.
Between 2011 and 2013, multiple Linux / free software organisations raised the issue with the EC. There was an actual antitrust investigation which at the time was seen as what motivated Microsoft to open the solution to third parties by 2013.
So in a way, thank you EU for making it so we have choices at all.
With that said, I think the technology still does more to promote vendor lock-in and as others have said, it’s one windows update away from a dystopian hellscape where all your bits have been pre-approved by someone else.
I am starting to see the benefits to secure boot and TPM from a gaming perspective. I realize this can still be tampered with but it eliminates so many casual cheaters that the edge case is practically irrelevant.
I don't see how my TPM module will prevent me from using the machine the way I want. The offer of a cryptographic assurance to a 3rd party is something I happily provide in order to gain access to a competitive gaming resource. Cheaters really fucking suck and if this is what it takes to ruin their day, then fantastic. I'm looking forward to TPM3.0 now after seeing how ruinous this has been to their schemes. These tools are effective.
Battlefield 6 is especially problematic for malcontents because its developers also enjoy using statistical methods to detect cheaters. TPM2.0 + statistical methods + $69.99 per try = probably can't afford to play this game unfairly for very long. Even if you can afford it, the in game progression takes an eternity. You're gonna need that 8x scope if you want your "undetectable" frame scanning aimbot to be of any use.
> I don't see how my TPM module will prevent me from using the machine the way I want.
I guess people don't know this particular dystopia is implemented.
First a platform gets third parties (games, banks, etc.) to impose their attestation system on customers. Congrats, you're locked in! This is the gun they point at you but the bullet comes after.
Now you can't leave the platform or you lose all your games, have to get a new bank, etc. The more stuff they can get to require that, the more stuck you are. This also prevents any new competitors from building a network effect. But competition -- the ability to switch to a competitor -- is the only thing stopping them from being the worst people in the world. Ads in the start menu. Censoring whatever they don't like. If you want to buy something -- anything -- they want a 30% cut. They'll hide it from you but take it anyway. All your local files get uploaded to their cloud and the terms let them use it for AI training, or whatever else they want. And soon you have to pay a monthly fee if you don't want them to be deleted. Why would not paying also delete them from your local machine? Because screw you, you don't have a choice anymore.
> I don't see how my TPM module will prevent me from using the machine the way I want.
"Your version of TPM is unsupported. Please update your hardware to enjoy playing Battlefield 7". Your 69.99 per try just went up to 769.99 _for legitimate users_ because you need a new CPU with updated TPM for every new version. I'm being hyperbolic, but only slightly.
If you want a real example of this, Windows 11 requires TPM 2.0 to run. Hardware predating wide TPM2 adoption can be powerful enough to run Windows 11, except the company decided you need a new computer to do that.
Not to mention hardware based cheating that just implements a fully compliant USB mouse, keyboard, and HDMI setup, and DMA like https://www.dma-cheats.com/
I have been using windows since version 95. I even liked the Millennium version, that was most hated before Vista. I tried Linux several times, but Windows just always worked and Linux usually had always some issues(mostly drivers, lack of good programs and no gaming).
But now, after more than two decades, I am certain Windows 10 is my last Windows.
Nothing lasts for ever, not even Microsoft's domination on personal computers. It took them decades, but now they finally f'd up so bad that there is just no going back.
I think, like many people, it will take me few years to need to reinstall my computer(or get a new one). So I will still be a Windows user and that will skew the numbers for upcoming years. But I think that also means that in 1-5 years, Microsoft will see a massive double digit percentage drop of users, almost over night, and nobody will have a clue what is going on.
By then, I bet the distributions will be even better. The gaming will be event better. The drivers will be even better. The saturation will be even better. So the transition will be even more seamless than it is today.
I am looking forward to it. I think Linux, or open source and free OS, should have been the norm. But we took a bad turn in the past and got hijacked by few smart people. That will come to a natural end, finally.
I could but I do not need to, so i'd rather make better use of the time it would take me to move at this time.
Biggest pain point actually are not programs, but the need to format all hard drives to some linux file system. I cannot just replace windows with linux and that is it. No, I have to migrate all my data somehow to reformat all my drives and then move the data back. That was always huge pain in the ass.
+1, switched to Bazzite about three weeks ago. I did have to dualboot a Windows after a couple of days, unfortunately. Mostly related to Anti-Cheat and other shitty measures. Dark Souls II did not want to recognize my Controller, even though it works fine in every other game. Skate can't be played on Linux because of Anti-Cheat, but fuck EA anyways. Wolfenstein: The Old Blood, Dishonored 2 and Death to the Outsider and Bioshock worked fine. Did have to tinker with the graphics settings a bit and the experience is definitely buggier than on Windows, but the huge upside is that I don't have to use Windows anymore, or at least just as a fallback-option. I know care 0 about the Windows, it's on a separate SSD, haven't even set a Wallpaper or other things, which is rare for me.
I've been gaming on Linux for about a decade, it has improved massively since Proton, and I'm at the point where I'm able to play Helldivers 2 with its anti-cheat with my buddies and get great performance (the game's performance/bug issues aside).
I tried Bazzite for a while on my desktop, it's fantastic for gaming, but I'm also a dev and a Linux user since I was a teen (almost all of the years of Linux) so I found it a little limiting for my other PC related stuff (I typically prefer to run Arch and Arch based distros on my machines).
For anyone with a computer dedicated to gaming I'd recommend Bazzite, I still run it on my ROG Ally since the moment I took it out of the box; I bought it _because_ Bazzite existed, never even considered booting Windows. It's a great distro tuned for gaming, and comes with some features like VRR and HDR that aren't as easily available on other distros (I've been able to get HDR on Arch/Gnome but not VRR).
It's hard for someone who relies on Windows software to be entirely rid of Windows, which is why I don't tell people they should switch to Linux, but it's not impossible if you really want to, unless you rely on a piece of software that just won't run under WINE or doesn't have an alternative.
For me, I grew up with Linux alongside Windows, went into a career that uses and targets Linux exclusively (backend SE) and for my computer based hobbies; gaming, coding, 3D printing/modelling they're served very well these days, and constantly improving.
> Dark Souls II did not want to recognize my Controller
I ran into that problem on DS2 also. It seems that game picks the first input device it finds, so I was able to force it to use the controller by unplugging my keyboard (or maybe it was the mouse? It was one of those).
As far as I know almost all (if not all) anti cheat software just does not work on linux therefore "gaming on linux has been awesome for years" is not true if you play games online or competitive.
> This is simply not true. Most anti-cheat software does work on linux, but many games choose not to allow linux.
Iam not sure if I care whether the AC software does work (theoretically) on linux. Most of the games with AC cannot be played on linux. (You can see this on the graphic you linked).
I tried it long enough. I played MTG Arena with lutris and every patch day was a frickle.
I don't even play FPS games seriously, let alone competitively, but many of the games I play don't run on Linux. It's that simple.
I've been using Linux daily for 25 years, but I have a dual boot with Windows. A week ago, I taught my NixOS to boot with secure boot because the new Battlefield requires it—and other games will follow.
Yeah, totally understand it isn't that simple but that's also my point. "Game has anti-cheat so it doesn't work on linux" is an oversimplification and people should check the specific games they're interested in. They could very well work if the developer allows it.
I switched to Ubuntu 3 years ago and never looked back for a daily driver.
The reason Windows (and Microsoft itself) is not 6' deep yet is a relatively small number of commercial creative software like DAWs, graphics suits and CAD modellers. Yes, there's a huge amount of legacy software in CAM, plant control and whatnot, but that can run alright on all those Windows XP and 7 machines like forever.
All major software vendors who think that Windows has too much inertial following and that its users will embrace whatever fascist surveillance machine their computers become under this abomination of OS, and refuse to port their products to Linux, will be in trouble soon.
Out of all DAW developers, only Bitwig got this trend right yet.
I have used linux for 10 years now but I think you just have to view a mac mini as the cost of a hardware synth or a guitar. Then all your problems are solved.
At this point, I need a nice gpu on a linux machine and a mac mini. It is a dream setup. I think I booted windows once on my most recent laptop because I messed up booting from the thumb drive to blow it away.
Reaper runs incredible on linux for DAW software but you always run into something that is not available with creative software. Then it is really nice keeping the mac only for creative pursuits.
Annoyingly, Ableton Push 3 Standalone runs on Linux. This means that Ableton have a working Linux version of, at least the core, of Ableton Live working on Linux. I sincerely hope they release a true Linux version soon. It's the last thing tying me to Windows.
But on WinME that was complete trash.. Never has an is crashed so much on me... I went to Win2k after that ... Win2k was the last windows I ran in a PC and was IMO peak windows.
Haha, true. But not from my experience. Not sure why. Either i just ignored any issues and simply don't remember them or i got lucky with hardware and drivers? Who knows. Either way, I never had issues with Windows. For me, it just always worked. Even now, I am on W10 and after i ripped out all the guts of the Defender out of the system, I'm quite happy with it. I have a TinyWall firewall so there are no background updates or any traffic without me knowing. I am in mostly full control and have no issues.
I am a IT solutions provider for the public and small business. I think the changes to Windows 11 is gearing up to work with organizations to create a surveillance state.
So I have to decided to promote Linux over Windows for computers I build for customers. If you have any suggestions on how I can make this promotion, better let me know.
Make sure libreoffice is included, and ublock origin. Show them how much faster it is, with fewer ads, and no subscription to Microsoft required just to write a document.
The business customers might want to know that databases are a lot cheaper on Linux, especially for small business.
Literally spoke to an automation company the other week that told me "we have to delete a bunch of stuff every time the database gets near 10GB or we'll have to pay Microsoft".
Plus there's no license cost for linux itself either.
This stuff might not be viable for hundreds of employees in a business where MS is already entrenched, but for a small business it absolutely is a better deal.
Probably an unpopular thing to say here, but in my experience pushing non-tech people to use libreoffice as part of a Linux transition is a fast track to getting them to hate Linux.
Using Google Docs has been much more welcoming in my experience. Something about libreoffice doesn’t resonate with a lot of non-tech people.
Couldn’t agree more, if you’re pitching Linux to a non-technical user, you need a gentler off-ramp, not a cliff dive. LibreOffice is a UI time capsule..more archaeology than productivity. Most millennials would think they’d accidentally opened a flight simulator.
I’m relieved to see I’m not alone. I expected my comment to be downvoted because speaking against LibreOffice triggers some people
> LibreOffice is a UI time capsule..more archaeology than productivity.
I agree. Seeing the comments here claiming the outdated UI is a good thing, actually, brings up one of the big problems with a lot of open source and/or Linux soecific software: The resistance to UI change is huge among die-hard users so the projects tend to get stuck in whatever UI language they had a decade ago when they started
When I introduce people to open source versions of different software I find myself starting with “The UI has a steep learning curve, but…”.
It would be so much easier if we could give people apps that were targeted at familiar UI patterns of today, even if it angers a vocal minority who want every UI to look like it came out of the 90s or early 2000s when they first discovered their love of computers.
I was confused about this because last time I used LibreOffice it wasn't that bad. Turns out, it's really just a normal UI? I guess the biggest difference is it doesn't conform to Microsoft's design but to call it a time capsule is a bit dramatic.
I think by default after fresh install it suggests the "old" layout akin to Office 2000, but you can just select "tabbed ribbon" and then it really isn't half bad.
You know we are living in crazy times when people actually actively ask for the ribbon interface instead of making fun of Microsoft for it. It's one of the worst things ever conceived in UI design.
Both have their issues but having 50 uncategorized icons (I just looked up default libre office ui screenshot and counted...) is something only a power user can love. They can keep their classic ui as an option.
Categorized ribbon is an improvement for most people. Especially new generations who simply can't enjoy the effect of shared conventions with other software.
I'll grant that it's personal preference and OP should do what his customers prefer, but what you said is a good thing. UIs have sucked for some time now, so something which deliberately uses an older style is generally far superior.
OnlyOffice might be a better option here - its UI is similar to MS Office, and it has a much better MS Office file format compatibility compared to LibreOffice.
I've never heard of OnlyOffice, but that really looks quite promising. I'll have a deeper look at it later, but even though it's all webapp based it can't really be slower than libreoffice...
I agree with this despite being a libre office user. The introduction should be gentle, not dogmatic. No harm in using a browser based web application for this use case.
I can't imagine trying to replace MS word with libreoffice for businesses. I respect the project and the complexity of the task, but it's just not there for even light professional use.
As an example, I recently submitted a manuscript following standard format [0] with libreoffice. Nothing difficult, just basic professional functionality.
The only way to do it involved editing global default page styles (because custom page styles can't be used for title pages?) and other advanced features. Fair enough, at least it was possible. It's a shame the export process didn't preserve the formatting and screwed up page numbering.
I had to fix the manuscript in gdocs instead, where it was easy.
FWIW I'm not trying to interrogate you, I'm just trying to understand your perspective. From mine I just checked their checklist [1] and it's unclear to me what on that list you're suggesting required advanced features in Libre Office to achieve.
Headers were the big one. The shunn format has no header on the first page, and numbered headers on subsequent pages.
Libreoffice only allows either headers on all pages of a specific style, or no headers. So, how to apply a different style to just the first page? It supports that with the title page concept. But that menu only allows you to select either the Default and First Page styles, not custom styles you've added, so you have to modify the global defaults.
Then there's the numbering. LO requires headers to be the same across all pages, up to left/right distinction. That means you can't manually number. If you want to use the shunn "name/title/number" format you have to write "name/title/" and then enable the checkbox, accepting the slightly uneven spacing.
This is probably half a dozen menus altogether, which I consider advanced. It also confused the page numbering and tried to label the title page as the last page.
Another issue is that shunn's requires multiple alignments within a single line. This isn't directly supported in a reasonable way, but the same workarounds are required in MS word and gdocs so it's not like LO is especially deficient.
Smart quotes also don't work on copy-pasted text, only by a primitive typo correction system when typing. That's more of a personal process issue, since I was copying out of the markdown I do my actual editing in.
>
I can't imagine trying to replace MS word with libreoffice for businesses. I respect the project and the complexity of the task, but it's just not there for even light professional use.
Exactly.
Just work in the finance or insurance industry for a year, and you will see how it is part of the daily workflow to use very obscure, advanced Excel feature combined with VBA. If a proposed Microsoft Office alternative cannot handle this, it's not suitable.
I personally observe that a lot of nerds who barely use Excel in their daily workflow patronising that ... (in particular LibreOffice) is an alternative to Microsoft Office. Better first learn how the actual powerusers' workflows (in particular for Excel in the finance and insurance industry) actually look like.
Totally agree. I would never use windows at home but Excel at work is the main reason to ever use Windows.
I have Libre Calc installed because I am on mint at home and even if it could do everything excel could do, I don't know how to do things the same way. Neither do most people. The personal experience and network effect is insurmountable for other software.
> I personally observe that a lot of nerds who barely use Excel
Most people using Excel/Sheets/Word/Docs are not power users. Pretty much all home use is covered by OpenOffice and that is the majority by user count.
There's an import function in the File dropdown, with a dialog giving you control over separators. If that fails, you can paste the data, followed by Data > Split text to Columns. I work with CSVs in Google Sheets often and it's pretty reliable.
You can either complain about how Microsoft is treating or you can keep making excuses and add on requirements until there is no alternative but if you keep doing both you deserve whatever you get.
I switched from Google Docs to Libre Office a few months ago. I'm surprised how buggy LO is, because I tried it a decade ago and it doesn't seem to have gotten any better. I don't plan on going back to MS or Google, but I am very frustrated with the number of bugs in LO's spreadsheets, so I try to keep my sheets simple and CTRL-S a LOT!
Examples: [1] I selected a range of cells recently, by clicking and dragging, and when I let go of the mouse button, all of the selected cells shifted up and to the right by one cell, and CTRL-Z didn't undo it! [2] I have a workbook and when i duplicate a sheet with a chart, the chart is blank, so i have to delete it and re-insert a new one. [3] Sometimes the left-hand X-axis is cut in half, and I have no idea why, but if I create a new doc it goes away. I really, really want to promote LO, but it is very buggy. I can deal with it but I don't think others would.
Please report the issues as Libreoffice developers would like to know how to improve it. Might I also suggest trying ONLYOFFICE, it really looks and feels like MS Office. I am not a heavy Office user so I never run into issues but this one 'looks' professional.
I use LO for its word processor fairly extensively and have been pretty happy with it, but for spreadsheets I am 100% on team gnumeric---it is rock solid, less buggy than Excel itself, and supports a lot of Excel formulas and formatting better than MS's own web client.
I wouldn't recommend deploying ublock on customer machines. Or at least ask what their workflow is first. There are a ton of SaaS sites that break with ad locking enabled.
I run firefox+UBO+privacy badger on my machines, and the only sites I've had to disable my privacy extensions in the last few years for were work related, B2B SaaS apps. A few years ago I pushed UBO to user machines (Chrome on win10) at work, and had a ton of user issues. I finally had to disable it, it wasn't a net benefit to us. It's not just a 'turn it on and leave it alone' thing, and people don't always think or remember to try toggling it off and reloading the page when they encounter issues.
That said, it's insane to me to be paying MS for a database with a 10GB limit, but I've seen their price lists. I've also worked with small businesses that don't have in-house IT, and they just end up overpaying for crappy service for many of those things.
I hope this win11 migration causes more MSPs and consultants to move small businesses over to linux though, MS has been predatory on pricing for business customers for far too long and with as much work has migrated to a browser there will be way less issues switching than there were years ago.
If they don't remember the two-click procedure for toggling ublock on a website that they want to be using, they weren't paying attention when they were told or showed that, and all they need is a remedial work training session to hammer it in.
I mean, easier said than done. We pay accountants because they are good at their specialized field. They have knowledge and experience I don't, and there's certainly things that are obvious and simple to them that I don't know 9r remember.
It's really easy to just say it's the LUsers fault and make pebkac jokes, and I definitely enjoy BOFH style humor, but honestly not everyone will remember the 30 seconds of training to go into this menu and toggle off an extension if netsuite throws a cryptic error or won't behave properly. I find it's better to have some empathy for other people, not everyone thinks like a computer and connecting 'I have this error message full of gibberish about API calls' and 'the IT guy mentioned 2 months ago that if a site isn't loading, I need to turn off this thing'.
> There are a ton of SaaS sites that break with ad locking enabled.
Never had one and I have been using uBlockOrigin for a decade. If a SaaS doesn't work with it, report it to them or skip it (if not already vendor locked on it).
Not defending it but for clarity: it’s SQL Server Express that has the 10GB limit, and it’s free. They’re staying under that limit so they DON’T have to pay Microsoft. Aside from the Windows license, presumably.
Thanks for clarifying. Looks like the jump to standard is 989/year (if I'm reading Microsoft's confusing pricing sheet correctly). That's enough of a jump that it would definitely be a budget item for a lot of business. And migrating to a different DB engine isn't often an easy task, but keeping a DB maintained under a size limit sounds like a PITA and prone to accidental deletion of needed data. I definitely don't envy someone having to deal with that.
You have sqlite, mariadb/mysql, postgres and more just for mostly traditional SQL. Then you have the others ... 8)
It's time for change. VMware have tossed themselves off into limbo and MS seem hell bent on alienating a vast swathe of humanity with W11's requirements - weirdest A/B test ever.
Yeah. I just tried LibreWolf recently and it comes with Ublock preinstalled. I think I am going to install that with some relaxed privacy settings. Libreoffice by default for sure.
If you're going to do this, set them up with something they can get commercial support for.
IMO, if a user's needs can be met with a Chromebook, Linux + a browser + email + Zoom/or whatever would suit them well.
I think you're going to have a hard sell if they rely on Office or other Windows-only software, and although well meaning, it might be doing them a disservice if they can't run the software they're accustomed to.
What are the arguments for Office at the small business or individual level, as opposed to Libre Office? For most users, they'll be able to reacclimate in a matter of hours to near 100% competence. And they now are in an ecosystem that won't constantly try to squeeze you for rent.
I think this is even more true in the era of LLMs, because on the rare difference somebody might get hung up on - there's no longer real need for support. LLMs absolutely excel at questions like 'In MS Office I can do [x] to achieve [y]. How do I do that in Libre Office?'
Sadly in small business Microsoft have a lock because no SMB wants to be the awkward outlier whose IT makes them hard to do business with.
For example, to be that supplier that whose documents never quite look quite right or who always struggles with the docusign /PDF /email /spreadsheet /whatever whatever.
For an SMB, fitting in with the de facto IT herd that is represented by your customers and partners is essential for survival. Sure, some SMBs do decide to buck the trend and move over, but it's hard and not for the faint hearted.
Time will tell if this problem solves itself as 365 becomes a pure web app and Windows becomes an RDP-like Cloud PC.
The irony of Bill Gates vision of a Personal computer where you run what you like and not what the mainframe gives your terminal becoming Windows where you consume what you are told to is not lost on me.
Generally nobody should exchange Office docs anyway, I find it much more professional to exchange PDFs. I use MS arial so my PDFs made with LibreOffice look immaculate on any device. I think people are really shit for being so attached to their stupid office. I could not sell my dad on LibreOffice though. He'd rather pay 100 EUR/yr than learn to use new software.
By default an Arial clone is present, ideally Arial is specified as a valid replacement font in the PDF if the user does not have the Arial clone present (Arial itself is a clone, but that is another story).
It would require deeper investigation to see if this is actually the case. I've always wondered about this.
PDF/A has given me all kinds of issues (windows users get incorrect glyp placement with very bad results). Regular PDF has worked fine for me.
> What are the arguments for Office at the small business or individual level, as opposed to Libre Office?
You have to open and edit documents you get from outside of the office. Clients regularly send me spreadsheets that don't work in Libreoffice, for example.
The article lists 4 Linux distros. I think the most important thing is to recommend just one distro, DE, window server combo, don't know which one but it has to be carefully thought out. They're all coming from the same thing.
The Linux choice matrix is confusing even for programmers. Like I can understand the pieces in theory, but in practice with hardware, user-installed software, varying degrees of compatibility between components, and updates...
Perhaps https://zorin.com/os/ might be a nice distro for your customers. It has 2 UI options: one that is close to macOS and one that looks more like Windows.
The Snap store on Ubuntu is quite good. Has Spotify, VS code, Blender, Chromium.
LibreOffice has a tabbed UI setting that mimics Office (easy to enable). Personally I love LibreOffice, something about it resonates with me. Everybody who liked office 2003 and could never get used to the newer weird ribbon UI in Office will love the default LibreOffice. Those who love the ribbon can enable the tabbed UI bar in LibreOffice. Only complaint is that performance is not as fluid as it could be.
I avoid snap myself because I use apt, but apt is a hard sell and arguably not ideal as well. E.g. I added Spotify repos which in theory could break other packages. In practice this doesn't happen (probably due to Ubuntu essentially freezing major versions for packages in their releases).
Choose the right distro and automate updates of possible. Mint is the softest landing for Windows users. But they never ever ever ever update anything on their own.
Get a distro with atomic updates, preferably an immutable one like Aurora[1]. Updates are automated and can't break your system. And in the rare event something does happen, you can easily boot the previous version right from the boot menu, no need for any scary commands or technical intervention.
I was thinking about setting up a package as part of the system build to do remote maintenance and I wondered if manually doing those updates every six months would be too long of a window. That way if something breaks, I can visit the customers location to fix it if I have to.
It can't. The device is in my room and making noise when on. If that device wakes up and wakes me up, it's either getting a force shutdown (breaking the update) or getting in the trash.
Plus the device is generally left in suspend mode, so shutting it down would interrupt my workflow.
If it makes their decision makers fuzzy in the stomach to pay for a suite of office software, consider SoftMaker.
Create a 'showroom', virtual through network screen sharing or physical if possible. Demo machines where you can let customers get a bit of immediate experience with GNOME, Xfce and possibly something more. You can walk them through checking their email, creating a document and doing a bit of web browsing.
Don't front 'Linux', it's a tainted word that is of no use to typical public sector and small to medium business people, preferably don't mention it. Instead talk about your solutions being secure, cheap, enterprise grade, customisable, long term supported, things like that.
you should look into the idea that you are a business, using linux installs in a way that may be subject to license.
if you promote, facillitate, provide resources for installation free of charge, thats probably fine. providing a system for sale, with linux pre-installed, may require, at least some attribution.
so if someone takes our freely available stuff, bundles it with a newly assembled system, and sells them, at a marked up price, like normal business does, it wont be an issue if no mention is made of GPL2 and what that means for the end user.
the idea that positive changes are made available to everyone, is not yet broadly salient. at least now, poster is probably aware of that condition.
you seem to be up on GPL2 , what happens when someone packages distros on disk or stick, and sells them for profit ? thats something to be aware of as well.
They stick the licenses in the back of whatever pack of documents are used during the sale. Heck, print it on the back of the work order in small print with a gray font.
On my motorcycle, there’s an option to view the software licenses used on the bike. The GPL is in there somewhere. So are a lot of other things.
And, no, during checkout at the dealer, we didn’t spend any time talking about software licenses.
As a bundler you’re obligated to provide the licenses. You’re not obliged to point them out, highlight them, point folks to links, or archives, or explain how they work or what rights users may have.
ok, so someone makes the license available for end user to read or not, thats one down for providers responsibility.
now the next is the nature of linux as a common good, generated by many contributors over some time. is it acceptable for anyone to turn a profit from distributing copies of linux on media, or as a component of a retail unit, for an additional price ?
how does that scale up? suppose thousands of ISOs or live distros are sold, enriching the seller by some thousands of dollars, is that ok?
could i, or you, or anyone, burn a couple hundred disks, or rufus thumbdrives, then sell them for $40 each, and have no concerns ?
the submission, links to what is clearly, a profit oriented business. what limitations exist? none if you just pack a GPL2 in with it? can he charge a fee as if he is selling linux to the end user? is public awareness, and availability a suitable contra for financial profit from sale of a product of many contributions from many individuals over many years?
Yes, it is fine. Thousands of companies include GPL’ed software in their products including Red Hat, a big contributor to FOSS. The GPL explicitly allows it. The FSF has said it’s OK as long as you provide the license and a copy of the source code. It’s not an issue.
You may find it morally objectionable to sell distributions of free software for a fee but for F/OSS licensing in no way forbids that.
GPL version 3 explicitly says "you may charge any price or no price for each copy that you convey". The MIT license also explicitly allows selling the work.
No other free or open source license forbids selling either. In fact the Open Source Definition from OSI expressly says: "The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources."
Linux distributions have been commercially sold for decades. Red Hat built its entire RHEL business on that, even when they still played nicer with open source. (Of course the key really was the support they provided to their paying customers but I think you still needed to pay to get your hands on RHEL anyway.)
Of course the problem you'd be facing if you wanted to sell free software at a significant price would be that since you can't forbid redistribution of the copies you sold (and you need to provide source code), someone else can take what you sell and redistribute it for free. So you can only really sell other people's free software if you either get ignorant people to buy it despite the same thing being available for free elsewhere, or if you provide something else on top of it that people are willing to pay for.
That severely limits the possibilities of making big bucks by just selling free software developed by others.
Perhaps the community is philanthropic to the point of providing free software for other people to sell. But the community or the authors of the licenses aren't naive. The possibility has been known from the start, as was the fact that it's after all quite difficult to charge a lot of money for selling something when free downloads are also almost guaranteed to exist.
I'd be a lot more concerned about how volunteers assume active maintenance burden and responsibility for software libraries that are used for free by just about every software company on the planet.
I don't see anything about trinsic2's (or anybody else's) promoting Linux or installing it on customers' computers that would be in contradiction with open source, even morally. I certainly don't see how a "license" could be required for doing so when the individual licenses of each included piece of software already permit commercial distribution. The only way he might need a separate license would be if he installed a distribution that's actually not entirely open source and bundles proprietary components that are not freely distributable.
Can you say specifically what you this there is to be concerned about, and why you think it is a problem? Just asking questions like this is not an effective warning, I think. We should be direct, to avoid spreading uncertainty and doubt.
Yes, you are allowed to sell devices with Linux on them. I’m shocked that you think otherwise. Android is pushing Linux to billions of devices and doesn’t have to pay anything.
>you seem to be up on GPL2 , what happens when someone packages distros on disk or stick, and sells them for profit ? thats something to be aware of as well.
Assuming that someone has customers, they have a viable business model, that's what happens.
That was, in fact, the business model of most Linux distros before we were all terminally online.
Don't be shy. Tell us what you're concerned about and why you think that's an issue.
Are you implying some sort of illegality or breach of license?
IT & software dev for a small-midsize company. I wasn't able to finish migrating last month due to a pressing project, but we're migrating almost all of our systems at work to Linux. 90% of our user's work is done in a browser, and the other 10% is in an in-house application I wrote. That app works on Linux, since my work machine has been on Linux for years.
We'll have a few macs and 2 win11 machines, but the rest are getting migrated.
We're in the Google ecosystem for email, docs, and drive so I'll just deploy Chrome instead of a Libre chromium. I'd rather not troubleshoot user profile issues, and they have access to all our data anyway. Honestly, I fully expect I'll have more than a few users that don't even notice the OS change.
Have you tried LibreOffice's ribbon interface? It is similar to the one on Microsoft Office. You go to View > User Interface and choose "Tabbed". There are 7 different variants available.
I guess I kind of agree with your disagree, but disagree overall!
The UI in LibreOffice feels quite clunky and outdated and never seems to have been given any thought since the OpenOffice days. But Google Docs is so feature poor that I'd rather live with LibreOffice's UI. Especially as you can adjust to the latter after using the software for a while.
Have you tried LibreOffice's ribbon interface? It is similar to the one on Microsoft Office. You go to View > User Interface and choose "Tabbed". There are 7 different variants available.
The best path forward for home users and small business for non-technical users:
Install Fedora with KDE.
Install Firefox, Thunderbird and Chrome.
Install uBlock Origin, Privacy Badger.
Install LibreOffice & bookmark Google Docs.
Install multimedia support, h264/h265, VLC/mpv/ffmpeg, enable DRM in browser.
Install Steam if applicable.
If they have a printer, connect it and show them how to print a page.
Configure & tweak KDE to be cleaner & more user friendly (its already near perfect out of the box). Show them how to manage wifi/lan connections.
Stick with Intel & AMD hardware, Nvidia drivers breaks on most kernel updates (and it messes with luks/secureboot/dracut). Intel & AMD, Just Works.
Educate the user on how to do Software Updates, install/remove software, how the file explorer works, maybe some terminal stuff if they seem inclined. Give them a high level overview of the benefits of linux.
With Fedora and KDE you can accomplish 95% of your computering needs, including software development. Only a handful of games & creative softwares don't work.
It will only take 6 months to have them permanently converted.
I don't have issues with Nvidia drivers in Archlinux (using cinnamon and X) after pacman updates that sometimes update kernel and/or Nvidia drivers, I'm curious what's different in your setup to get these issues
Also, how are the graphics drivers affecting LUKS for you? They are two independent and unrelated things for me, Nvidia drivers aren't doing anything disk or pam related
> If they have a printer, connect it and show them how to print a page.
This however is the thing that doesn't "just work" for me, even with a common hp printer. The one time in a year you need to use the printer, something will have broken about its drivers again in Linux. I just transfer the pdf to the printer with a USB stick now
Same here; I have had crazy hardware work out of the box in linux, but printers remain a mystery.
Furthermore, last time I tried printing, it was a surreal non-deterministic process. It wouldn't print, then it would, then it would get stuck in a handshake or something, rebooting wouldn't fix it, but rebooting twice would, then turning off the printer would break it again, and so on. No system update in between attempts. I genuinely want to know what the fuck the engineers for those machines are doing.
[Disclaimer: in the above process there was the extra hurdle that the printer was one of several on a local university network that may also have had cooky configuration]
I would take this a step further and recommend a Fedora-based immutable distro like Bazzite (for gamers) or Aurora (for everyone else). These come with codecs and even proprietary drivers (nVidia), so you don't need to install anything manually.
Immutable/atomic distros are rock solid and extremely hard to break, the automatic updates/upgrades are a godsend for newbies, and in the rare event something does break, you can boot directly into the previous version right from the boot menu - no command line wizardry required. Immutables also don't suffer from the dependency issues that can sometimes plague regular distros, so I would highly recommend them over a regular distro for most newbies.
I've been living on an Unbuntu variant (Pop_OS) for over a year now and it's surprisingly good. Note that I had been a Mac-and-some-Windows user as far as desktops go for about 10 years prior to that, and had lots of Linux experience before that - so I'm experiencing a 10 year before-and-after.
Things that intrigue me:
- For photos, darktable is surprisingly good. I think this was my biggest single surprise, being a Lightroom user.
- GIMP was always great and now it's even better.
- LibreOffice is good enough that I can live on it just fine. I do miss Keynote, but it's not a showstopper.
- Dia is good enough for diagrams, though I miss OmniGraffle.
- Notice how there aren't any Windows apps I miss. There are Mac apps I miss (Keynote and OmniGraffle).
- Anything involving the web just works.
- Suspend/resume on my Linux laptop works better than suspend/resume on Windows, but not as good as what you get on Apple M hardware.
- Battery life on my Linux laptop is better than on Windows, almost entirely because Windows wakes the laptop up while it's suspended, so if you close the Windows laptop and carry it around unplugged, you'll find that the battery is totally drained after some number of hours. Linux doesn't have this problem.
- Development workflow is amazing. I'd rather program on Linux than anything else.
- Similarly for Photoshop users, Photopea might suit them better than GIMP. And there's also Photoshop Express/Online if they really want to stay in the Adobe ecosystem.
Draw.io is my go-to tool on any platform now. I did an entire bachelors and masters using it for all my diagrams.
I like OmniGraffle but personally I didn't think it was worth it when draw.io was free anyway. Like I don't feel it was $150-$250 better than draw.io, especially since it's not cross platform.
Draw.io’s development philosophy is just too cool: “doesn’t use artificial scarcity to produce a bloated sales-centric company with matching revenues.”
Draw.io all the way. I've operated as a Network Consultant and Architect for the last 3 years using it exclusively. Not only is it great, it's fast and cross-platform. I will never use visio again.
Have you ever tried Excalidraw? It doesn’t have as many features but with the keyboard shortcuts you can whip up diagrams so fast. It’s just so nice to draw in.
We use Excalidraw at work. I have a friend who uses it for everything.
I've played with it, and it seems pretty ok; the only reason I haven't used it much is because draw.io has been good enough, but I really should give it more of a test drive before I draw any conclusions.
For adding shapes/colours/annotations etc to photos, I found krita to be more accessible than gimp. E.g. I wanted to do changes to my contractor's realistic concept drawings and I could learn krita (guided by Claude Sonnet) and make the changes in a span of couple of hours.
I'm sure I will regret this, something will change and I'll be "F.U. Win11!". But, I'm on Windows 11 Pro (upgraded from Windows 10 Pro) and I have barely noticed a difference.
Maybe because it's Windows Pro, not Home? Maybe because I have 2 profiles. The one I used to install it which required a microsoft account, and a separate, local only account which is the one I use always. I can't remember the last time I had to use the other account. Maybe when I upgraded to Windows 11. I don't remember.
I'm not trying to excuse Microsoft. I had to go into settings and turn off everything I could find. I had to futs around to get it to stop trying to get me to install Exchange every time I pressed Win-E (or was it Win-W) which I press often because I use the same keyboard on Mac and Win-W is Cmd-W (open new Window) (A: Powertoys). So yea, I cursed that. But, I found a solution.
Other than that, so far, it stays mostly out of my way and just works. I'm hard pressed to notice too many differences. Is it because I'm on Pro? Is it because it's a local account? Is it just luck? I don't know. It only suggests that it's at least possible, so far, to use it.
Some things that any semi-power user will notice and get angry at:
* Needing internet and a microsoft account to install the OS
* Start menu now requiring two clicks to get to programs list
* Right-click requiring two clicks to get to the options you most likely want to use (e.g. 7z unzip or opening in a specific program)
* Task manager being slow and laggy
* Random ads asking you to install a game pop up in the notification area
* ...
And then there's little bugs everywhere that just grind away at you on a daily basis:
* A tab in explorer will sometimes randomly stop accepting clicks (keyboard select works). So I have to close the tab and re-open
* The keyboard layout setting gets corrupted and there's no proper way to reset it (nevermind the fact tha this setting is now burried twenty levels deep in the new settings app)
* The settings app search does not work
* ...
It is by far the worst Windows version (beating Vista and ME to that title) in my opinion.
I use linux as my daily but am forced to use Windows at work and they have of course been forced to upgrade us to Windows 11...
> And then there's little bugs everywhere that just grind away at you on a daily basis:
When I create a new folder or file in a directory in explorer it hangs for a bit and doesn’t show up unless I click refresh. Ditto if I save a file to a directory that is open in explorer.
Thinking about trying to get a copy of Win 10 IoT LTSC instead at this point.
You don't need IoT, just the normal LTSC (2027, and then security updates until 2032, iirc). And there are easy ways to swap to it, present on GitHub...
Main downside is other applications dropping support for 10, if relevant. I only swapped my main system due to Fusion 360 notifying me they were dropping 10 in January 2026.
I'm using Windows 10 IoT Enterprise LTSC to write this and using Massgrave(l) it's activated to 2038 or something now. The only thing I wanted that LTSC didn't have out of the box was the Microsoft Store but you install that from PowerShell with the command "wsreset -i" and wait for 30s or so :)
I'd love to know how many people are verifying checksums, and sourcing the checksums themselves from reputable sources. An event like this seems like a prime opportunity for someone to insert something extra into one of the components needed and a proportion of users will pick it up, whether the security cure is worse than the disease of an unsupported OS.
Just as an example of this everyone points out Massgrave for activation on a version of windows I doubt many are properly licensed for, and one of the methods used relies on periodically talking to KMS servers they provide including some on a Chinese TLD [0]. Personally I'd be charitable and say it's probably well intentioned using the cheap resources they can get (there's no mention of donations on the site), but I wonder how many are aware of what is involved and this is just something they rush through to get rid of the big scary warning that windows puts up and tech news hysteria.
I largely agree with your points, but in this context -
* A microsoft account is only needed for Windows 11 Home. A "semi-power user" is hopefully not using that edition of Windows...
* I'm also greatly annoyed by the right click - but holding shift when right-clicking opens the expected menu, removing the extra click requirement.
Some of my own annoyances though:
* The taskbar/windows button seems to just...crash...sometimes. It'll eventually restart, but extremely annoying. Left clicking taskbar icons still works, but right clicks or the start button don't work as expected.
* Additional clicks to change audio devices...drives me crazy on my main system.
* I like the autosaving aspect of notepad, but they've killed the main reason I used it - an instantaneous, lightweight text app. It's still quick, but is noticeably slower.
* Settings and Control Panel is still a mess, and even less usable than Windows 10 was.
> * A microsoft account is only needed for Windows 11 Home. A "semi-power user" is hopefully not using that edition of Windows...
Both Home and Pro require Microsoft account to install and start using. Then you can create local only users in both editions and delete user joined to Microsoft account. This is standard operation even in OEM installs.
Oh goodness yes. I was forced from Linux to W11 Pro for my new job. Use wsl2 they said, it'll be fine.
And wsl2 is mostly fine. But that doesn't stop the rest of the OS from being a dumpster fire. Why is it asking me to install or play Xbox games constantly? It feels like I have malware...
I jumped ship over a decade ago and have been using Linux Mint as my daily driver; there hasn't been one day I've regretted it. Seeing the recent news about the constant full-screen Windows Backup/OneDrive popovers and needing a Microsoft Account just to install the OS (they recently killed the OOBE workaround) is just the stale icing on this dumpster fire of a cake.
Don't even get me started on all the AI crap in Edge.
> Why is it asking me to install or play Xbox games constantly?
Because Microsoft got too large and some manager of Xbox pressured the Windows team to allow such notification to boost up their KPIs (games installed, game hours played).
Telemetry and KPIs are the single worst combination of bullshit that has happened to the entire IT industry.
It just sounds as if you haven't reached whatever your capacity is for "having to setup the OS to get out of your way". And that's a personal choice for everyone.
Windows 10 eventually breached my capacity due to the number of defaults I had to change post installation, and then often, again, post-patch/update. This was very soon after Windows 10 was released, and I already didn't like Windows 8's hybrid monstrosity following on from the sublime Windows 7, which I consider to be peak Windows.
I moved to Pop! OS and have been enjoying it on both desktop and laptop for over 5 years.
Forced updates were the last straw for me - after several iterations of using my machine until late, then being forced to let it update itself for another 30-60 minutes when I just wanted to switch everything off and go to bed, and noting that Proton made almost every game playable on Linux (thanks Valve).... the switch was a no-brainer.
My work laptop allows me a view into the dystopian Windows future, including updates as you've described as well as the occasional update and reboot in the middle of doing actual work - yes, I know it should not happen like that, but reality doesn't seem to care for _should_ or _should not_. Just a rare as it is inexplicable.
The difference for me is how much time do I need to spend to tweak the system, and how much frustration will I still experience after tweaking everything I could.
I found a Linux distro which suits my needs and desires out of the box, that I can just install and immediately get started doing whatever I need to do. It makes using a computer much more enjoyable.
The "Microsoft account" requirement is a weird one, because when I got a Win 11 PC after the death of my Win 10 one, I tried to set it up with my Microsoft account .. and it told me that this was unsupported on this account, and then it just fell back to creating a local one anyway. Which was what I wanted. No idea how I got into that state, other than the account being very old.
Might have to wait and see. I recently installed Win10 on my spare PC that previously had Ubuntu. Thought it was remarkably clean, but then the nagging about backups etc started coming.
The PC also had Win10 before Ubuntu, and I remember that being way worse because of the constant updates which always triggered more nags and resetting my default browser.
Funny seeing this here at the exact moment my frustration has boiled over with windows. I'm just completely baffled at the hostility and disdain Microsoft is showing it's customers. These issues are on top of just the disregard that people actually use these products for work and business so force-updating and breaking them so often, just so they can re-force you to accept their surveillance bloatware. My feeling today has been that we're going to look back at this moment as the straw that broke the camel's back.
The camel's back is already broken, it just so happens that changing OSs is very hard. MSFT has a leak; once they lose a customer, and that customer has figured out alternatives, they are never getting them back.
They are on a slow death spiral. Their solution to raise revenue when their marketshare goes down is to squeeze harder. So they lose more users and the vicious cycle continues. In 10-15 years, they'll dip below 50% of marketshare, at which point there will be various alternatives which will accelerate their downfall. This already happened in tablets/phones.
It might also happen faster since they have a stronghold in Asia and China is now looking to accelerate the building of alternatives.
There are several options for desktop environment, and you can select which ones to install when you boot that installer image (and also add/subtract more later, and change your preference at login time).
One of the nicest-looking ones that should be self-explanatory to use (for anyone who's used any version of Microsoft Windows since 95) is Cinnamon. Most of other desktop environments default to similar, except for the current default Gnome one, which is a bit more creative in a way that's not intuitive.
I use Debian Stable + Gnome as my main PC. I use a handful of native apps which are all available on Linux, and most other apps are web-based. I never used to like the Gnome desktop, but modern Gnome is fast, unbloated, and it gets out of your way.
The author spoke of migrating Windows users, so I suggested what would be familiar to them.
The Cinnamon desktop will use a lot of that Gnome stuff, but things like a start menu and task bar will be more familiar than the corresponding elements of the default Gnome desktop.
With my last PC, I was looking at Freedesktop issues and waiting for cutting edge software for a year to get complete support for my hardware. Hence Ubuntu and Fedora.
I think describing TPM and Secure Boot as "artificial limitations" is unfair. Many Linux distros have no problem working with both of these and they serve a valuable purpose.
The problem is not that they exist or that Windows 11 supports them. It's that Microsoft pretends they are required, when they are not.
I don't use Windows and actually find it kind of insane when I use someone else's computer to see what Windows is like...
But it's kind of MSFT's choice whether TPM and secure boot are requirements for their software. If their software makes security assumptions that the OS has access to trusted hardware then it's a requirement. One could argue that they should create secure and less secure versions of Windows, but I don't think anyone is really going to take that seriously beyond rhetoric.
There are a lot of advantages to assuming the hardware is mildly trustworthy. The downside is you may not want Microsoft to be controlling what counts as trusted on your machine. If so, then you probably don't want MSFT to have root in your machine either and you're better off with a different OS.
> There are a lot of advantages to assuming the hardware is mildly trustworthy. The downside is you may not want Microsoft to be controlling what counts as trusted on your machine.
In an IT security context, "trusted" (example: "trusted computing") means distrusting the users.
I'm no MS fanboy, but don't you think Content Platforms like Netflix or Steam might be applying DRM pressure to Microsoft? And perhaps IP owners also apply pressure to the Content Providers to lock down their platforms, which may include hardware that has access to protected IP
I'd say content platforms absolutely are applying pressure on MS (And Google, and Apple as well). I'd be willing to bet governments are as well, and I'd also be willing to bet that Google's upcoming sideloading/developer ID changes on Android are also from government pressure.
Valve/Steam is definitely not applying any pressure, they've always been against strong DRM. Even the steam deck lacks any hardware locks or fancy DRM.
Yup, they can give you a secure boot chain that's otherwise hard to prove, and I've worked at places where (for example) disk encryption keys were protected by TPM encryption, using TrouSrS.
They can also often be used as a (slow) source of hardware randomness.
Most modern intel (seris 8 onwards) and AMD Zen onwards have fTPM too. Often these can be enabled in the bios during upgrade then disabled again.
Personally I upgraded to Win11 the moment it became available, but that's because I want to continue my run of free MS windows forever and I only ever boot into it to play games, with even that becoming less common.
I like the fact that it has done a lot for the linux ecosystem, but there are a few things:
- it has a privacy policy
- it forces updates
- their hardwired package ubuntu-advantage-tools cannot be uninstalled without breaking the os
- motd has telemetry and nags
- can't disable snaps
- whoopsie uploads crashes to canonical
now, this is different from windows because the os is mostly open source, but it is important to know not all linux distros are the same
(note that because the source is generally open, you can probably figure out how to "fix" most of these problems, but not easily and they are moving targets)
I know this isn't Stackoverflow, but... Does anyone have a good mental model for disentangling the issues of full-disk encryption versus secure-boot? I've been badly procrastinating with my desktop's new SSD because of it.
Use-case is:
* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
* I don't need unattended boot at all, I'd rather enter a passphrase every time.
* Resistance to evil-maid attacks is nice but not top-priority compared to theft.
* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
they are not incompatible. You can have secure boot and FDE for both linux and windows on the same system.
Just put linux's boot drive on a removable USB that has boot priority over the builtin drive. Then configure UEFI secure boot so that it works for both windows and your custom keys.
This setup has the added benefit of making it so that windows can't overwrite your linux boot drive, but from linux you can still access your disk from disklocker
I second slicktux's suggestion: look into OPAL, it's much more easier to setup and use compared to LUKS. The best part is, the encryption is transparent to the OS, so you could multi-boot between multiple OSes and not worry about encryption or compatibility with partitioning tools etc.
Your drive does need to support OPAL though, check out sedcli for managing SEDs.
?? OPAL is transparent to the OS, Microsoft doesn't need to see/care about it. I'm multi-booting Win11, Linux and GhostBSD on my OPAL2 encrypted drive (on a ThinkPad Z13) and I've got zero issues.
They're talking about Windows Bitlocker. It used to be able to use hardware encryption if the drive supported it, then there were sufficient vulnerabilities in implementations that it now always does software encryption.
Being that it’s an SSD it’s already encrypting by default. You just have to set the User and Admin password and you’ll have full disk encryption!
You can set HDD/SSD password via the BIOS/UEFI or (my preferred method) using HDPARM —SECURITY commands.
Then if you take the drive out you can unlock it from another computer so as long as you plug it in directly and the UEFI supports HDD/SSD unlocking during post; if not you can install a Pre-Boot authentication on the drive that runs Linux to unlock the drive and then once unlocked it with the PBA it re-boots and it works as a normal un-encrypted drive.
Look into HDPARM and OPAL standard for full disk encryption.
I can't say anything about dual-booting Windows. I have heard that Windows Updates will frequently overwrite your custom EFI vars setup and reinstate the Windows bootloader etc.
Other than that, FDE and Secure Boot are unrelated.
The board's UEFI will boot the EFI binary that is either your kernel + initramfs (UKI binary), or a bootloader of your choice that then boots your kernel + initramfs. Depending on your distro, you may have a bootloader like grub or systemd-boot that is already signed by the MS third-party CA and your board may already allow the third-party CA, in which case you don't need to generate and sign with your own keys. Otherwise generate your own keys, set up Secure Boot with them, and then figure out how to sign your UKI binary / bootloader binary with those keys.
This initramfs will then be responsible for locating and mounting your root etc partitions. For a systemd distro using the UAPI Discoverable Partitions spec (use a specific type ID for the root partition), systemd has a builtin cryptsetup target that will prompt you on tty to enter the LUKS password for that partition. Otherwise investigate your distro's initramfs options for doing that.
>* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
grub and systemd-boot both show menus to select one of the available EFI binaries to chain to. Otherwise your UEFI might give you a similar menu.
>* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
Any other PC can mount and decrypt the drive with cryptsetup just like your original PC could, as long as you specify the same password.
>* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
Yes. You will launch board's UEFI, set the SB status to "Setup mode", boot your OS, then generate and enroll new keys which will set the SB to "User mode" and start enforcing signatures on next boot. And if it breaks you can set it back to "Setup mode" in board's UEFI, boot the OS and troubleshoot / re-enroll keys. The OS wouldn't care that you had previously enabled SB but are now booting with SB disabled.
Note that Secure Boot != Measured Boot. With a standard Measured Boot setup the disk encryption key is protected by secure element on the board (eg TPM) measuring the boot chain, so your disk will automatically decrypt when the boot chain matches the previous measurement and automatically fail to decrypt when it doesn't match. Your concerns about failing to decrypt the disk apply to this setup, not to SB. But also LUKS-encrypted partitions can have multiple keys to unlock them, so you can have both a Measured Boot-guarded encryption key and an emergency fallback password to unlock the disk manually.
You can turn the secure boot on/off at any time. The only effect from this is the loss of encryption keys that you might have bound to the measured values.
So for it to be effective against the evil maid, you really need to bind the LUKS key to it. But you can do that _and_ set a strong PIN for your LUKS key.
Yeah, I just got a msg the other day from someone who's saying "Windows 11 won't work on my computer, what should I do?" .. I'm suggesting they try Linux. All they do is browse the web and play card games. Linux has way the hell more games than Windows comes with, and it doesn't bundle ads with its games either!
It's kind of primitive but AisleRiot is my favorite solitaire application. It's simple, it's lightweight, it's either included with or easy to install into any distro. I play FreeCell on there all the time.
Oh, yeah, this is absolutely perfect. Thanks again, that's amazing! It was really the only thing I wasn't sure about upfront for the person I'm thinking of. So awesome :D
Agreed! I replaced XP with Xubuntu (my preferred distro at the time) on my parent's computer about 15 years ago. I told them that "it works like Windows[0]", showed them how to check email, browse the web, play solitare, and shut down. Even the random HP printer + scanner worked great! I expected a call from them to "put it back to what it was", but it never happened. (The closest was Mom wondering why solitare (the gnome-games version) was different, then guided her on how to change the game type to klondike.)
[0] If "it [Xubuntu] works like Windows" offended you, I'd like to point out that normies don't care about how operating system kernels are designed. They care about things like a start menu, and that the X in the corner closes programs.
A number of customers are leaving Windows for Linux ahead of Windows 11. To support them, we had to offer a linux equivalent for a bunch of C# .NET desktop apps.
After evaluating a lot of options, pyQT + nuitka gave a reliable cross-platform result (can target distros based on Debian and Enterprise Linux easily.) And we are still able to target Windows for the customers that remain there.
Where I work, I'd love to move our remaining Windows boxes to linux, but there's often software that only works on Windows. How well does Wine work these days? Can they run CAD software for example?
CAD machines are some of the few in our company that are staying windows instead of going to Linux. We're an autodesk shop, I tested fusion under Debian 6 months ago and it didn't work very well. I tried proton and wine, couldn't get either to work great and had issues. It would launch, but opening a medium complexity assembly was laggy, and the CAM module would crash fairly often. I can't speak for other programs from personal experience though.
That said, for home use freecad has gotten a lot better after the ondsel changes were merged, I was using the free liscence of fusion360 for personal projects, and moved over to freecad 6 months ago. I'd originally tried it 7 or 8 years ago, and it was just absolutely awful to use, but modern versions are really very good. There wasn't a huge learning curve, and I haven't run into anything that the program can't do. For hobby CAD, I'm using it for 3d printing, a Cnc mill, and making prints for manual machining. Honestly, I've been less frustrated with freecad than fusion360, it does a better job of getting out of my way and letting me design things. That said, I'm a software dev and IT guy, I don't know if it would work for commercial use. I certainly didn't push for the engineers to change, but their workstations are already running win11 that I had to debloat.
CAD applications usually require graphics acceleration. I've tried to make Fusion 360 work on linux using VMware, VirtualBox and GNOME Boxes – performance was unacceptably bad.
On linux, you have OpenSCAD (which is okay for some applications) and you have FreeCAD (which sucks imo). Right now, I just use OnShape which works in my web browser and is similar to SOLIDWORKS (and it's $0 for students).
They want to try to force me to buy a new PC? In this economy?
I'm using Ubuntu as my daily driver for the first time since ~2010, and I'm solidly not hating it.
Thinking about other desktop environments and what not, but this was easy and familiar. Everything literally just worked... Which is the first for me with Linux.
I wish there was an active dev community that could patch win10 going forward, but without access to source code for the kernel, perhaps that isn't really viable.
Ideally I would want to use Linux but I also want to play games that are only supported on windows.
Does using WSL help or is an outdated windows base still going to be the weakest link in the security onion?
WSL is unfortunately is less than ideal, not only is it rubbish (it has its own set of issues like weird networking bugs), it also doesn't mitigate any of the security vulnerabilities/bloatware/telemetry/bugs etc present in Windows.
But you can always dual-boot between Windows and Linux. Just uninstall all your browsers (to mitigate risk) and other non-essential app in your Windows install, configure the firewall to block everything except games. And boot into Linux for everything else.
I think it's a good plan, though there might be some pain.
I have a bog standard AMD graphics card that does not work in Linux. I've tried multiple distributions and version in those distributions and both the Linux and AMD drivers. It just randomly flashes. Where do I go to get help? Who knows?
What card is it? If it's older than Volcanic Islands (2015), yeah, those old cards aren't well supported by the current amdgpu driver, so you'd need to use a distribution that still supports the old ati driver. The linked article recommends MX Linux for old machines. I think you can get it working with Arch Linux but that would require a higher level of effort.
This happened with a new AMD chipset with a Framework. One firmware update improved it and then kernel 6.8? I think fixed it. Was about perfect, then kernel 6.13 AMD driver broke it again. ;-)
Try the forums or Discord chat for the distro you're trying. LinuxQuestions.org and the "Linux for All" discord are good places to ask distro-agnostic questions.
I have Win10 on a laptop that I use and am thinking of either taking it an offline completely (and keep on win10 forever on it) or upgrade it to Linux but am not sure if it's worth the hassle upgrading a $200 Thinkpad Carbon x1, I may as well get another one and leave this one as is. I still own a laptop with Windows 7 that when I turn on, that is quite rarely, but when I do I am hit by wave of nostalgia. This win10 machine, I wish I could extend its operation as I am pleased with how it operates in its current form but I guess it's not possible. One thing I'm certain of, I will not upgrade it to Windows 11 and Microsoft and I as a user will part ways.
go for it (upgrade to linux). My T480s is still my goto laptop when I'm travelling (if I lose it, no biggie - encrypted home dir, meanwhile it can last for 5-7 hours playing videos, running webapps etc), versus my work laptop on windows 11 dying after 2+ hours.
It seems to me that he's missed Teams off his list of "where this might not work for you" situations. A lot more than half my money comes from clients who know of nothing else. I'm not pleased about this, but it's another part of their grip on their more-or-less monopoly.
I would also say that the desktop version of Microsoft Outlook is much better than the web app. Can you even drag and drop emails to attach them from the web app? I never tried it. (It always bothers me that I cannot do it in Gmail. Attached emails are so common in the business world.)
Also: Almost all replacements for Excel are much worse, and incompatible with existing VBA macros that run a lot of HR, accounting, budgets, and other support functions.
Regarding Teams desktop app vs web app: Is there a big difference? I don't have experience with the web app.
Luckily, to replace most of the Office applications, their respective online web applications work very well. That wouldn't be a major issue in migrating to Linux.
Would highly recommend Mint. Very stable, sensible defaults. Updates never broke anything in the past several years I have been using it on desktop and laptop. Just install the latest LTS version, turn on automatic updates and forget about it.
Ubuntu has unfortunately become the Windows of the Linux world - and I don't mean that in a good way.
Unless you want to be the perpetual IT support for your parents, I would recommend getting a user-friendly immutable/atomic distro, like Aurora[1]. Aurora uses KDE, which most Windows users would find familiar. It is immutable, which makes it very hard to break, and it uses atomic updates (basically updates either apply or don't: there's no partial state which can break the system). And in the rare event that something does break, you can boot directly to the previous version right from the boot menu, no need to run any manual rollback commands. My 70yr old mother also uses Aurora and has zero issues.
In my experience, if you aren't dealing with power users, normal people won't be able to break their Linux install. The standard permissions model stops them from doing anything stupid, and they don't know enough to be dangerous.
Thing is, regular Linux distros are most prone to breakage when it comes to updates - especially Ubuntu and Ubuntu-based distros[1]. My elderly mum is non-technical and has been a Linux user for the past decade, and she had Xubuntu, Mint and Zorin - all of which ran fine until update broke it (and this is just a bog standard DELL Optiplex desktop with an Intel iGPU). So I switched her to Aurora a couple of years ago and it's been rock solid.
This is why I recommend immutable/atomic distros for newbies, especially if the person installing it doesn't want to be a 24x7 tech support for that user.
I would be very surprised if Debian stable ever broke anything. I am on Debian testing and none of the "standard software" - browser, office suite, image editing, zoom - has broken in many years.
Sure, if you stick to stock Debian repositories you should be fine. However this guarantee is gone if you're using proprietary kernel modules, like say nVidia drivers - which is not an uncommon scenario.
Also, the /usr merge thing has caused some issues for users, requiring manual intervention[1]. Not a big deal for techy users familiar with the terminal, but this isn't something end users might want to deal with.
Image based immutable distros don't have issues like this.
I switched from Arch to Ubuntu a while ago (switching from desktop to laptop, thought the batteries-included experience would be easier). I had, I want to say, a decade old (maybe more like 7 years) Arch install… never experienced a computer thing more annoying than updating Ubuntu.
Canonical keeps packaging things like Firefox as Snaps and that leads to weird issues sometimes. If it were up to me, I'd avoid anything using Snap because of the potential for headaches.
I wouldn't rule out a distro like Rocky Linux or AlmaLinux (or anything else based on RHEL) with Gnome or KDE installed. They will receive 10 years of kernel and OS security updates, and you can either use Firefox from their repos or use something like Flatpak or Snap to get newer software packages if necessary.
Even if I didn't give a shit about the privacy stuff, I would like to just reiterate something I said a few days ago.
My mom got an automatic update to Windows 11, and it bricked her computer. It wouldn't boot; it would spin and then say it needed to go into repair mode, and then doing repair mode didn't do anything.
My initial thought was that the disk was hosed, but of course my parents had a bunch of priceless documents that were never backed up anywhere else, so I talked my dad through flashing a USB of Ubuntu so I could boot into it [1], mounted the NTFS partition, and ran smartctl and the disk wasn't reporting any errors. I found and ran a few other diagnostic commands and again, no errors. I was able to rsync the files to my home server, so nothing was loss. My initial assumption is that the Windows Update team didn't properly check to see if the CPU was compatible, and that maybe they were calling a newer instruction that wasn't on my mom's relatively old laptop.
After unsuccessfully trying to convince my parents to move to Linux, I talked them through flashing a USB drive with Windows 11 with an official image from Microsoft and using Microsoft's official disk flashing software, and we were able to install Windows 11, and as far as we can tell, it worked completely fine.
My hypothesis now is that whomever built Windows Update fucked up some kind of boot key and it was failing as a result. That or they just decided my mom should buy a new computer.
I was actually more annoyed after Windows 11 worked perfectly fine, not just because that means my parents aren't going to move to Linux, but also because that means that there's no technical reason that the computer should have been bricked, it was just the utter incompetence of Windows Update. Just to reiterate, this wasn't some hacked version of Windows 11, this was directly downloaded from Microsoft, flashed with their tools, with no adulteration on our end, meaning regular Windows 11 works fine. I highly doubt that my mom is the only person who has gone through or will go through this, and a lot of the people that will go through this won't have kids who are software engineers and probably be forced to buy a new computer.
Genuinely, how much e-waste is going to be generated by this forced update?
[1] Why the hell isn't there any kind of "Live USB" version of Windows? I mean officially, not some hacked thing? Why is the best way to fix Windows to use Linux?
> Why the hell isn't there any kind of "Live USB" version of Windows? I mean officially, not some hacked thing? Why is the best way to fix Windows to use Linux?
The windows installer image includes repair tools (which probably wouldn't work much better than the automatic repair), and you can get a command prompt in there and do whatever.
Echoing a lot of users ITT, Windows has been good to me but the enshittification has reached what feels like the end point.
Windows value to me was "everything just worked". But that's no longer the case now, unless you are willing to walk down Microsoft's centralized rails. Need an MS Account and OneDrive... need expensive modern hardware... get ads and crapware... get telemetry and data exfiltration. The effort of working around all that is non trivial.
EDIT: and if I was ok with all that stuff I'd already by captured by Apple.
If I have to fuck around with something in my home OS, that OS might as well be Linux. So now I am compiling wifi and printer drivers from github (FFS Linux!) instead of disabling telemetry and hacking an install with local accounts only.
The challenge, as always, is going to be taking the family with me.
Microsoft is an oligopoly that monetizes mediocrity:
-unable to execute a clean chip-architecture transition (while Apple shipped three clean ones)
-unable to modernize its operating system consistently (5 layers of different UI/UX and 30 years old DLLs spread all over the place)
-unable to harden its own software
-unable to design its own hardware
-unable to keep users's data secure
I could continue, but the pattern is clear
I will never store personal or government issued documents on a Windows device and I will never use any form of digital ID to login on infrastructure that depends on Azure AD
TPM, Secure Boot, Windows Update stories are the evidence that the more you entrust Microsoft, the worse it gets
I have said this 10 times on HN and i ll say it again. Release a version of Windows 11 called "Windows Optinmal" that has 0 telemetry, 0 trackers, 0 bloatware that runs faster than Windows 7 on modern hardware. Charge 4x the prices if you want, I ll pay happily
This will only work if the customers have a considerable amount of experience with computers already. For the vast majority of people, Linux is going to present insurmountable challenges which will only lead to serious frustration.
I say this as someone who uses Linux daily. It's simply not ready for mass exposure. The second a layman wants to do anything remotely custom with it, they are going to struggle.
I think the vast majority of people use a PC for only basic functionality, like browsing the web and editing documents/spreadsheets, and for these users, Linux works fine. My 70yr old mum is a classic example of this - she used all versions of Windows from 3.1 to 7, and she switched to Linux about a decade ago and has zero issues. If my mum can use Linux, so can the average Joe.
It's the power users, or users who've got specific proprietary software/hardware requirements that usually run into issues: gamers who play games with kernel-level anti-cheat, professionals who're dependent on Adobe/AutoCAD etc.
I will hazard that the modal computer user in 2025 has never installed anything on their desktop computer. Almost everything is done through the browser these days - unfortunately.
Another "everyone will migrate in droves to Linux" article that keeps poping up a Windows version ends, since Windows XP days, yet even Valve was forced to translate Win32 APIs to actually have games for the Steam Deck, after how Steam Machines went down.
General public won't care until they can buy laptops with GNU/Linux on their favourite shopping mall PC store.
As it stands today they are more likely to buy an iPad or Android tablet than such alternative, which aren't much better than Microsoft in user tracking, and much worse in user freedom allowed by the OS.
I had a small business in 1995. We offered Slackware Linux for free and provided free training and installation for clients who wanted to try it. When Windows 95 came out, I had a 486DX 50Mhz system that booted Windows 95 and Linux, and Linux was more stable than Windows 95. Linux was also better than OS/2, but it didn't run DOS and Windows programs in Linux yet.
Those who chose Linux were happy with the choice. But they were only a minority.
Now, Windows 11 requirements make a lot of PCs obsolete unless they install Linux on them.
The fact Linux has like a zillion iterations and is all open source and free just proves companies like Microsoft are gangsters. They got to the hill first and now they sit on top with a gun.
Thanks for fighting the good fight. My chief concern is that you will alienate some of your customers because normies think privacy is for crackpots. I don't have any experience being in small business computer repair, but just my feeling as a neutral 3rd party.
Try to identify the problems the customers have. If privacy isn't one of their concerns, convincing them to switch PC OS is not a great fit on that basis.
Good point. Thanks. Your right I think I will create some eval questions and make sure I am putting the customers needs first.
I feel like there needs to be some way to explain the changes to Windows 11 as hostile from a longevity perspective with the ads and the lock-in.. With one-drive being activated and moving customer data to the cloud without consent, the LLM that gets in the way of the user experience, recall, ect. It would still be their choice but at least they would know what they were getting into..
I feel like id be doing some justice by letting customers who qualify (who don't have use-cases that Linux cannot handle) know that its a better experience because Microsoft is creating friction in the desktop experience now..
Normies don't think privacy is for crackpots, that's a meme among techies who are trying to justify surveilling their users.
Normies desperately want privacy, but think it is too hard to do, they're too dumb to figure it out, even if they figure it out it still won't really work, and that they won't be able to use stuff that they don't want to live without. They are often right, because they are smarter than they think and the industry is working against them full-time. A lot of people's incomes (on this very site) depend on keeping normies ignorant.
This is an excellent article as well as a sign of the times. I wish the list of Linux choices had included Mint, which is essentially Ubuntu without Snaps. Snaps are a partly closed-source Ubuntu project that contradicts the open nature of Linux.
Linux users can install the free software suite LibreOffice, which not only replaces Office but reads and writes the same file formats. Many similar choices exist, this is just one.
Gamers can install the free Steam game compatibility layer on Linux, then play many of the same games they play on Windows.
Meanwhile, Redmond's recent requirement that everyone sign up for a Microsoft account, and its pushing the Recall eavesdropping-to-cloud feature with no user opt-out provisions, clearly signals Microsoft's belief that their customers should't be allowed to choose.
Here is a list of current Windows traits that should be options, but are out of an end-user's control:
* Required Microsoft account.
* User tracking and telemetry without knowledge or consent.
* OneDrive, which is cloud storage and tracking, requires technical skill to disable.
* Desktop-recall images to the cloud, essentially Microsoft mass surveillance.
* Edge browser, cannot disable or remove.
* Unintuitive user interface, out of user's control.
* Advertising everywhere.
All these frequently heard complaints are addressed by Linux, and Linux is free.
I've been a Linux user for 30 years. I maintain one Windows dual-boot system, partly to help friends deal with Windows issues, partly to entertain myself with what most people believe constitutes a normal end-user computer experience.
How do you feel about binary blobs required to run most WiFi cards in Linux? And, I am pretty sure that both NVidia and AMD have similar (binary blobs).
It's a matter of choice. We have no choice about firmware drivers, but we do about which Linux distribution to install. Since there is a choice, we can exercise it and send a signal that open-source is preferred.
> And, I am pretty sure that both NVidia and AMD have similar (binary blobs).
Yes, all true, and as more powerful GPUs appear, this is likely to become a more contentious issue.
Based on the corporate IT emails I receive from time to time, it also sounds like Apple enterprise management controls are weak to non-existent. A few times a year, there is a blast sent out to not upgrade your corporate iphone/mac because of some incompatibility. In the Windows world, IT would just hold back the patch without requiring N users to do the right thing.
You can still run older versions, but anything from 2019 onwards will struggle - and you can completely forget about the latest M365 versions.
Luckily OnlyOffice is a pretty decent alternative with excellent compatibility with MSO formats. And there's also the web versions of office, which is now a decent alternative (unless you're a power user who needs macros/VBA etc).
I've been using Windows 11 since it came out. Seems fine, no real difference over 10. Maybe a little bit faster.
Some of the more annoying stuff like ads in the start menu and the like only really affect americans, as far as I know. I've never seen it. Had a brief battle turning copilot off everywhere when that became a thing - including in notepad! - but thats hardly just a microsoft thing.
Don't really understand all this drama over the TPM chip, especially since you can bypass that requirement with a little effort if you can't upgrade your hardware.
I ran a few shut-up scripts and installed StartAllBack and my machine is almost indistinguishable from Windows 7 on first glance. And it was certainly no more work than configuring Linux to my liking.
I switched my at home setup to MX Linux just in the last 2 months for dissatisfaction with even Win10.
Win11 is a hard no, I’m keeping a laptop with Win10 for the small amount of games I play. I will likely even try WINE for them soon but just haven’t got around to it.
Try proton from valve. Every game that's not bound by kernel level anticheat pretty much works. ProtonDB is the place to get the required magic incantations for edge cases.
In general, the Ubuntu cinnamon desktop is a good starter system.
That being said, make sure to install printer, camera, and GPU drivers for new users before leaving your care (note iphone PhotoSync app also works with ssh.) Additionally, loading a suite of common Applications to replace web/email/CAD/publishing/media/gthumb/zoom tools will ease new users experience looking to complete some task.
Linux workstations are easier now given most services are web or App based. MacOS also tends to be easier for the people locked into Adobe =3
This would seem to require a little elaboration. LibreOffice Calc is supposed to be decent, but I practically never hear about it being used in the professional contexts where Excel typically appears. I'd be willing to bet that it will handle all of the spreadsheets currently used at our firm, but that's a convenient case where only a small number of spreadsheets matter and I know how they all work. For anyone managing a larger ecosystem the switching cost is daunting. Some links to case studies or analyses of when Calc can take over for Excel would probably be pretty helpful, since as far as I can tell Excel is the reason people stick to Microsoft, while Outlook, Teams and Word are mostly just tolerated.
I've been using Linux since the early 2000s. I've never been able to completely switch over from Windows or Mac.
One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
When I was young and poor, I had all the time in the world to tinker with my Linux machine to figure to get everything working again. I just want an operating system to work. If not Windows, I would recommend a Mac.
> One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
That's not really a problem anymore with immutable/atomic distros. Your entire system is upgraded in one go as a single image, any dependency issues are handled on the server (basically the image won't get built if there are issues). And most of your user apps will be installed via Flatpak or other means (homebrew/Nix etc) so you won't ever have to suffer from dependency issues unlike regular distros.
So if you want to get a distro that "just works", get an immutable+atomic distro (eg Aurora, Bazzite etc). Assuming of course, you've got compatible hardware.
I really don’t like articles like these because there’s so much FUD in a well-intentioned direction but it takes it too far.
Like, secure boot is not a bad feature, and I use it with Linux to enhance my security posture. It is a good thing. TPM is rather useful for encrypting your disks. Stop telling non-technical people stuff like this. The hypotheticals of a future of corporate control via TPM are completely outweighed by the importance of encrypting your data today. As of right now TPM isn’t enabling some kind of horrendous dystopian present. Maybe it will in the future but I dunno, I haven’t see it yet.
And then a lot of other parts of this article are gross exaggerations of reality, and a lot of those complaints already existed with Windows 10 users anyway. Some of these were actually worse at previous points in time (e.g., it used to be way more difficult to remove OneDrive and now it just uninstalls cleanly).
Windows Recall and Copoilot are entirely optional features that are very easy to disable entirely.
The author is straight up lying about windows recall and the “surveillance state,” Microsoft has directly stated that it is 100% local (doesn’t even work on hardware that lacks AI processing optimizations) and no information from the feature leaves your device. It also comes with a rather extensive list of security controls and sensible defaults if you actually read the documentation. Sure, a pre-release beta version had a security issue, but that was pre-release. If we want to start claiming that Microsoft is just directly lying about things they document very specifically and directly about Windows Recall that’s a really big accusation.
Windows 11 prevents complete uninstallation of features…yeah it’s an operating system, no shit. No they’re not going to let me uninstall File Explorer. Yes I know Linux lets you do that.
And the complaints about edge, sure, it’s true and all, but it is again a one-time issue that goes away once you change your default browser to some other browser that also begs you to make it default. It’s a minor annoyance at worst and judging by the marketshare of chrome everyone pretty much ignored Microsoft’s pathetic pleading. Everyone pretty much sleepwalks into installing chrome anyway.
Look, I say all this as a Linux user myself. There’s no need to exaggerate and lie about Windows just because we prefer Linux. I would still not recommend to most average joe windows 10 users that they should switch over to Linux, but I am recommending to more people than ever before.
Nobody thinks this is a weird reaction to an OS update that's been out for years at this point and barely makes a difference over the previous version?
There's no 'Recall'. Co-pilot isn't all over in your face so removing it isn't really a priority. Edge isn't forced on you, it's just part of the bundled software just like a bunch of other items as in every Windows for decades. Not saying it doesn't get hairy if you're going out of your way to remove them or not be in the ecosystem, but consumers don't care, and for the most part stuff isn't being forced in front of them.
I've started running windows 11 lately because I've gotten some laptops that had it, and after removing all the microsoft pushed apps including removing OneDrive at least twice... It just doesn't feel very good.
a) the lock screen gets stuck from time to time if you hit enter to get to the password entry, until you turn off all the pushed content on the lock screen. Which ok, I'm happy I turned that off... but then I had to log out and back in for that setting to take effect. Now that I know about that setting, I turned it off on my windows 10 machines, and it takes effect instantly.
b) I like my windows round on the top and square on the bottom. It's cutting off the bottom left character in my putty windows; you used to be able to undo that in the registry, but now you need to force load dlls (maybe putty can fix it?)
c) I don't want notepad to have tabs or autosaving
d) it feels like keyboard focus gets lost to the ether a lot more. I had this happen in new style apps on 10 (like the new calc), but it happens at the desktop from time to time on 11.
I had been using linux as my main desktop at home for years, and went back to windows 7 when gnome2 ended. 7 was very good, but it's been downhill since then, especially since Microsoft killed off SDET roles. I'll probably keep windows on the laptops (useful for FRC), but when support for 10 runs out, the desktops are going to move to FreeBSD and I dunno, fvwm maybe?
If you’re not on the corporate managed version of Windows 11, Microsoft frequently resets the default apps related to browsing, svg, pdf etc. I had it done twice in a week recently. That’s what flipped the trigger for me and I finally abandoned Microsoft.
If you’re measuring “Windows isn’t annoying” from the corporate perch, that’s not a fair comparison to what consumers and home users put up with.
Not to mention the forced upgrade and reboots that can’t easily be disabled for same.
Every other OS from MS is garbage. XP good, Vista bad, 7 good, 8 so bad no one remembers it, 10 goodish, 11 horrific.
The hate is hardly unprecedented and indeed well-deserved. MS has shown in the past that they’ll respond to poor OS reception with attempts to win back customers and that’s what I’m hoping for in this case.
A switch is viable for technical users but I’d still not be comfortable recommending it for family members.
It’s still a bridge too far for most
The hardware landfill issue is real though. My 70 year old dad announced he’s getting a new laptop out of the blue. Reason…this
I agree with all of the articles points except for the first one: TPM and Secure Boot do not reduce user choice or promote state or corporate surveillance. If you want to be able to prevent root kits you need secure boot, and if you want to store secrets that don't need a user password to unlock and can't be stolen by taking apart the computer, you need a TPM; or you need substantially similar alternatives.
I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't. A Windows Logo compliant PC _also_ needs a way for users to install their own root of trust. Microsoft didn't need to add that requirement. Sure, there are large corporate and government buyers that would insist on that, but they could convince (without loss of generality) Dell to offer it to them. Instead, Microsoft said all PCs need it, and as a result, anybody who wants to take advantage of secure boot can do so if they go through the bother of installing their own root of trust and signing their boot image.
> I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't.
This was not the case with the initial rollout of Secure Boot, it was combined with locked BIOS to lock PCs so that they could only boot Windows 8 on some devices. This was the case on Windows RT ARM machines from that era.
All that has to be done today for machines to be locked down again is to flip a bit or blow an e-fuse. It's already the case on phones and tablets.
There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
I say this as someone who agrees with your first paragraph and uses Secure Boot + TPMs on all of my machines.
> There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
People here REALLY need to start understanding this issue. Remote Attestation is the kind of tech that if abused will end free computing over night.
And it's already happening in the form of Google play integrity API. Many apps already require it. It's just a matter of time before they push similar tech to the desktop. And on mobile it hurts more because many banks now require a mobile app for 2FA.
Personally I think any form of attestation is evil.
There's a reason Microsoft is aggressively deprecating "older" CPU's that work perfectly fine. Heck, I have one laptop with Windows 11 that worked great, but won't update from 22h2 to 24h2 because CPU support was dropped between versions, leaving me with only the glib suggestion from the Windows Update UI to "Buy a new device".
Ironically, installing Windows 10 and activating ESU would lead to longer hardware life.
Of course, I didn't. Instead, I installed Linux on that laptop too. My partner had no issues switching.
TPM wasn't the only reason older CPUs were dropped. The biggest reasons where the line in the sand Microsoft chose would not be supported in Windows 11 was Spectre/Meltdown [0] mitigation. Windows 10 added a bunch of intentional slowdowns to mitigate that disaster and people incorrectly blamed Windows 10 for being slow and not the CPUs and their CVEs. Windows 11 seems to have wanted a clean slate without needing to have any of those slowdown mitigations in the codebase and eliminate some classes of "Windows 11 is slow on my machine" complaints.
I'm not sure Microsoft took the best approach. I might have opted into a "Windows 11 Slow CPU" SKU if it was marketed right. That might have been a little kinder than "all these CPUs with this awful series of bugs are trash, even though we have had a successful workaround".
[0] https://en.wikipedia.org/wiki/Spectre_(security_vulnerabilit...
> People here REALLY need to start understanding this issue.
The idea that understanding is the problem feels like a fallacy. People need to upgrade hardware, and when all chips contain such functionality, consumers won't have a choice of alternatives. What you want is legislation (or a dominant competitor lacking such features, which doesn't exist).
Legislation doesn't help unless its the right legislation.
After all, legislation is what is forbidding you from producing a competing x86 processor with the changes you want.
Remote attestation is already here with Play Protect/Integrity on Android, and Microsoft's Pluton co-processor enables the same thing
See also:
- Private Access Token [0]
- Web Environment Integrity [1]
among other proposals.
0: https://news.ycombinator.com/item?id=31751203
1: https://news.ycombinator.com/item?id=36785516
Microsoft had a lot of practice with this with the recent Xbox hardware & software.
> over night.
No, I think they bend over backwards not to do it overnight because of the outcry but try to make all required changes and enforcements gradually over the years so in the end you will have no choice but there will not be any sudden change that would spark protests.
s/if/when/
> This was not the case with the initial rollout of Secure Boot, it was combined with locked BIOS to lock PCs so that they could only boot Windows 8 on some devices. This was the case on Windows RT ARM machines from that era.
Okay, but, that was like 15 years ago, on some shitty first-run computers that no one bought. A failed first attempt. I've never met a single person that owned, or has ever used, a Windows RT device.
The world has moved on. But oddly continues to buy bootloader-locked iPhones and Androids by the bucketful.
Dwelling on the past isn't going to move us forward. Anyone pushing the "Secure Boot and TPM are evil" trope in 2025 is objectively a fool and should be ignored. Most don't even realize what a TPM does, they think it's some secret chip inserted by glowies into their computers to prevent them from running free software. No.
> Dwelling on the past isn't going to move us forward.
Forgetting the past will make PC's as closed as phones.
> There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
Remote attestation can be misused, yes. But why writing it as TPM is the problem? In cases where remote attestation is used for good, TPM improves the setup, if anything.
I dont see the rationale for what you wrote, and am genuinely curious what it is.
You can't do remote attestation without something like a TPM.
Let's compare these scenarios:
A) TPMs are optional and 30% of users have them. A bank is thinking about requiring remote attestation to use their services. Since they'd lock out 70% of users they decide to not do it.
B) TPMs are mandatory and 90% of users have them. A bank is thinking about requiring remote attestation to use their services. Since they'd only lock out 10% of users they decide to do it.
And banking is the nice example here. Refusing to serve a site if the user is using an ablocker is very much in the interest of powerful players in the space, see WEI. Every platform that has wide spread TPM adoption, namely Android and iOS have shown that they will abuse them for anti-consumer purposes sooner or later. We are talking about Microsoft here, the current and past poster child for anti-consumer decisions.
I hope that explains why making TPMs blanket available introduces new risks to sovereign computing.
Because that's what has been going on in the Android world for years and for the iPhone was the case from the start.
Root your phone, even if it is just for the ability to make full backups (because that is, to this day, not a thing on Android)? Say goodbye to banking, most games, even the proposed new EU "digital identity" government wallet was supposed to enforce attestation.
And everyone with a phone on the "bad vendor" list that either doesn't get Google certification from the start or gets it revoked due to sanctions? Same.
TPMs form the root of trust needed for remote attestation. If not TPMs, cryptographic co-processors can do similar things, or work in tandem with TPMs to accomplish the same thing.
TPM and Secure Boot would be good things if there were no way to prove to third parties that you're using them, or have them configured a certain way (i.e., remote attestation). It's the fact that that is possible that makes them reduce user choice and promote state and corporate surveillance.
Maybe. This assumes I trust Microsoft to have part of my computer where I have no ability to interrogate it to see what they’re doing in there.
If it’s on my computer, I should be allowed to read and write to it. End of story. I don’t care if that makes it vulnerable. So far as I’m concerned, letting Microsoft keep secrets from me on my own computer is similarly catastrophic to losing my HD to a crypto-locker virus.
> TPM and Secure Boot would be good things if there were no way to prove to third parties that you're using them, or have them configured a certain way (i.e., remote attestation).
This is exactly what a TPM was made for, so your statement is a little bit paradoxical.
The ideal is the owner being able to use TPM/SecureBoot/etc to ensure that the device is in the configuration they want. That means resisting tampering, and making any successful tampering become obvious.
The problem is third parties using TPM/SecureBoot/etc as a weapon against the owner via remote attestation, by preventing them from configuring their own device, with the threat of being cut off from critical services.
Having the upside without the downside would be nice, but how could it work? Is a technical solution feasible, or would it need a law/regulation?
Not a crypto expert, but given how both, bad players seeking control and people seeking to verify their cloud machines are both remote it seems that the technology will rollout without problem and will end up being force fed into all consumer devices with bullshit excuses.
On the face of it they're just security features, and I don't deny they are, but the industry as a whole are using those features to implement device verification systems that are being used to lock down their platforms and centralize control over their software ecosystems.
Being able to install another OS isn't much good if critical applications and websites refuse to run on it.
>Being able to install another OS isn't much good if critical applications and websites refuse to run on it.
The battle has already been lost on this. Just look at all the companies that are app-only and don't offer a web version.
That the battle is lost doesn't mean we should stop fighting. Even the war being lost isn't a reason to. The equivalent in the real world is resistance.
I wouldn't say it's lost, but the trendlines aren't good.
I honestly have only come across one company that is app only. That was because I was with them when they changed over, otherwise I would never have signed up.
This was my local gym which sacked their front desk staff and moved to app access only, and with an app infested with trackers at that. Needless to say I don't go to that gym anymore.
It's popular with fintechs, especially new ones. Robinhood for instance was app-only for a few years before they got their web version. Revolut theoretically has a web version but it has far less features than the mobile app. Restaurant "apps" (for ordering and offers) are often app-only as well.
Honest question: What does TPM have to do with this? I mean, Revolut developers don't need to check for TPM or similar to serve other functionalities just because you're on browser or mobile app. Am I getting something wrong?
There might not be "TPMs" exactly on smartphones, but both Android and iOS have device attestation APIs that does the same thing that TPMs do, ie. cryptographically prove to a remote party that you're running some particular version of software.
https://developer.android.com/google/play/integrity
https://developer.apple.com/documentation/devicecheck
>I mean, Revolut developers don't need to check for TPM or similar to serve other functionalities just because you're on browser or mobile app.
Some features are simply not available in the web version. You can try running the app in an emulator to get past that limitation, but an emulator won't be able to spoof device attestations, so if they bother checking for it you're screwed.
Want another exemple as fresh as yesterday?
I'm on a move, had to pay some transport company to move some stuff for me, pick-up date tomorrow. Paid online, website asked for a confirmation from my bank's app (N26), fair enough. Opened the app, just to be greated with "Please Update. The latest app version includes new features, enhancements and stability improvements" with the only choice: "Update now".
Being confronted with an app designed to refuse to work was irritating enough (for context, I'm from a generation were we used to own our devices), but I clicked on "Update" anyway, just to be told by apple store that there was no update for my iPhone 7.
Ok, the writting was on the wall. You know, I own one iphone and 2 android phones already, all of them several years old but in pristine condition. That's how I am, I care for things. I'm not going to buy yet another one, if only because I hate waste and fear mismanagement of natural resources. That's how I am, I care for things.
Now you are mandating me to add more e-waste? There is no way I'm going to do that, so I decided to connect to N26's wensite, but guess what? You need the app to login. Well, if you insist you can also login with a short message, which I did, just to check that there was no way to confirm a paiement on the website.
But you can contact "support", so I tried that. To their credit, the robot bouncer was quick to admit incompetence and to connect me with a friendly fellow human, who was unfortunately only allowed to lecture me about why those "new features and enhancements" were essential to my account's security, while being unable to tell me exaclty what they were or what was the problem with the current version, and suggested I login from someone else's phone instead.
Security? Whose security?
To anyone working in tech, let me remind you what an actual threat model is.
My actual threat model in the actual world is that your company might stole my money, or prevent me from access it which amount to the same thing. Data points: Despite all the stories on the news about mischievous hackerz from russia and china, I've been stolen money only twice in my life, not a lot of but at the time I needed it, and twice by banks.
My threat model is that the electronic gadget that I bought and carry with me all the time stops obeying me and starts obeying some adversarial company. And that, in perfect novlang mastery, you want me to call this a "trusted device".
My threat model is that our civilization might drown in e-waste.
Want another exemple of app only service? Wait for a days or two, as I'm confident I will face the same issue soon.
Beautifully said!
I must just have a sixth sense to avoid those kinds of services. And I also have a zero tolerance policy. For example, if a restaurant says I have to order on my phone, I stand up and go to leave. I am old enough now they probably just assume I am technologically illiterate.
Yes, your bank is shit, but this is also Apple's fault to a large degree.
There is absolutely no reason to release a new major version of your OS every year, and there is no reason to arbitrarily drop support for older devices (except extremely contrived ones, that I'm sure will be posted below). I made the mistake of acquiring an Ipad once. Its only job was playing YouTube videos in bed (yes I know), until Apple and Google in unison decided that it should be thrown into a landfill, because its OS was unsupported and the YouTube app, for no reason at all, would no longer work. Was the device suddenly unable to decode H.264 video or playing audio? Nope. But please just throw it in the trash and buy a new one - what are you, poor?!
> this is also Apple's fault to a large degree
I don't know, I haven't checked extensively but I believe supporting iphone7 is still one checkbox away in xcode (xcode 26 release notes state that it "supports on-device debugging in iOS 15 and later", which is what is installed on my iphone).
I could imagine how some team at N26 though that "supporting" more devices was too much on their plate, which I would sympathise with, but the most likely scenario to me is that some technically inept "decision maker" decided to ban older phones in a security gesture to give the impression that he is adding value.
Note: I also own a venerable ipad air2 (2009) that I bought second hand long ago to serve as a midi controller. Still a very nice, well build machine. It's not allowed to connect to wifi or it would figure out what year it is. I call it "hibernatus" (reference to https://en.wikipedia.org/wiki/Hibernatus) :)
Your story is appalling, and I agree that this is a major problem.
However, drowning in e-waste from smartphones is many orders of magnitude from being an issue, as trivial calculations easily show. Mentioning it makes your argument rhetorically much weaker. The iPhone 16 is 147.6mm × 71.6mm × 7.8mm (8.2 × 10⁻⁵ m³) and weighs 170g, according to https://www.dimensions.com/element/apple-iphone-16-18th-gen. The population of France is 68.6 million people. One iPhone per person each year for the next century would be 6.86 billion iPhones in France, assuming the population remained constant. This would weigh 1.2 million tonnes and fit in a sphere 51 meters in diameter. If stacked 6 meters deep it would cover 9.4 hectares, a circle 340 meters in diameter. France contains 63 million hectares. The hypothetical pile of iPhones would cover about a third of the area of the Gravelines Nuclear Power Station near Calais.
Far from drowning in e-waste from smartphones, if you dump it in a landfill, it will be extremely hard even to find the e-waste without a map.
Even if you didn't have a countryside to bury e-waste in, this should be obvious even on the household scale. Suppose you and your four children each get a new iPhone every year, and instead of throwing them away, you put them in a box in the attic. How big is the box? It's a 35 cm cube after 100 years. It would weigh 85 kg, though, so you'd want to use several smaller boxes. But there is no risk of drowning.
"Drowning in e-waste" was a metaphor for "slowly destroying the conditions for civilisation with the violent obsession for more fossil fuel and more minerals to extract".
That's a bad metaphor, because those problems don't have anything significant in common with the e-waste problem, but there is no particular danger of smartphones being a major contributor to them, either. According to https://www.apple.com/nz/environment/pdf/products/iphone/iPh... the emissions per iPhone 16 are 56 kg of CO₂ equivalent, 18% of which is the expected energy consumption during the life of the product. France emits 4.14 tonnes of CO₂ per person per year, so buying an extra iPhone per year would increase your total yearly CO₂ (equivalent) emissions by about 1%. Similarly, the quantity of minerals in a smartphone is insignificant (170 grams! largely recycled!) compared with the quantity of minerals in, for example, a sidewalk (many tonnes).
Some of those minerals, like the gold in the bond wires, are pretty heavily refined, requiring the excavation of some much larger amount of gangue and leaving most of it as tailings. But the total quantities of those minerals in the device are very small indeed. Instead, worry about things like electric vehicles and CO₂ emissions from making concrete.
What you are doing by attempting to reduce fossil fuel and other mineral usage by buying smartphones less frequently is analogous to attempting to pay the rent on a Paris apartment by looking for lost coins in the subway station, or attempting to take a running leap across the English Channel. You are doomed by your complete lack of understanding of the orders of magnitude involved.
e-waste is very much linked with over-production, of which any particular product taken in isolation, be it iphone or tomatoes, is of course insignificant, the issue being the economy at large not iphones or Apple.
I don't know what's your point exactly? I was close to believe that this near perfect mix of naive quotation from Apple PR BS, computation of tons of minerals required to build a phone to the 5th decimal, and the lackadaisical insulting remarks, was some refined form of humor. But given we are on HN, you might just be this kind of engineer who can't see the forest for the tree.
So, assuming you are just inapropriately expressing a genuine concern that I might be mislead into believing that refraining oneself from buying any more phones is going to slow our society spiraling down into chaos, rest assured: I'm not believing this. My posture is all about principles, and holds for an iphone like for any of the many useless things a normal, modern life wants us to consume routinely, because I believe one should try to do the right thing no matter what, regardless of the odds of success, because proceeding otherwise requires to define success, an end goal, and that's a circular impossibility. Yes, as you can see, I'm with you on the spectrum. :-)
its even worse when you discover the app itself is just a webview
Thing is, because the whole design is closed as well as firmware, the security of it is near zero, even for sealing firmware device images (e.g. option ROM), much less bootloaders. Multiple security holes have been found.
There's no issue booting a boot rootkit with the standard Windows bootloader unless you manually seal the image with command line or group policy, and even then it's possible to bypass by installing a fresh bootloader because the images are identical and will boot after a wipe.
> if you want to store secrets that don't need a user password to unlock and can't be stolen by taking apart the computer, you need a TPM
I had a Win 7 system and just entered a password on boot, this decrypted the disk. It was supported without mods or TPM (maybe some registry tweaks though). On Ubuntu I do the same, no need for TPM. Am I missing something? My disk is encrypted. If they take it apart, they need my password to crack the encryption.
The important part in the parent is "that don't need a user password". You just said you had to supply a (user) password.
With a TPM you can set it up that your disk is unlocked automatically, but only if no-one changed anything in the signed boot chain. This is the default with Bitlocker on Windows and is also possible on Linux, though somewhat more finicky.
but why bother? I can fit enough entropy in my head to make my hard drive uncrackable, and I can back up my data even if some chip breaks.
It's just added complexity and corporate control so people can use worse passwords
But most people don't want to enter a password, and if you make people enter a password too much, they'll choose terrible passwords and put them on a sticky note. Windows Hello can only be done securely with a TPM. A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
I want a TPM in my computer so I can have the security and convenience. Yes, it's another point of failure. But I need backups in case the hard drive fails anyway. And besides, the OS can be designed so I can enter a password if I need to use the drive without the TPM.
>Windows Hello can only be done securely with a TPM
I think in general biometrics are in the same ballpark as low-entropy passwords. IDK, I personally have no faith in trusted computing hardware because it can be broken with the right equipment. You're right that it can be used alongside ordinary security measures, but I just think it encourages putting your eggs into a cryptographicially-weak hardware-strong basket (which represents a downgrade because crypto is stronger than hw).
>A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
Can you describe how this prevents a MITM attack? I assume you mean a remote server? I've heard of colocation setups like this, but I think they rely on a couple of unstated assumptions.
But without password, anybody can physically access the device and exfiltrate data. That is even easier than regular password protection, where the storage medium would have to be removed or a live OS would have to be booted.
The risk is data leakage. With a TPM and no password, there is no data leakage protection.
> Am I missing something? My disk is encrypted. If they take it apart, they need my password to crack the encryption.
You’re not protected from an evil maid attack. An attacker with physical access could make your device boot their own payload to capture your encryption key and install a rootkit.
I—like most people—don't have a maid. Is Tom Cruise going to break into my house to add a keylogger to my computer without me noticing? If anyone is breaking in, my threat model is worrying about me or my family getting killed, not someone installing an evil bootloader.
Most market segmentation is just to screw customers (e.g. ECC support), but measured boot is one that really only needs to be on enterprise server or workstation-class hardware, and actually causes issues by existing in mass market hardware.
If your threat model includes evil maid attacks a TMP will not save you. They can just install a physical keylogger and then do whatever they want. The only threat model that a TPM helps with is where the owner of the computer is considered the threat by someone else.
So what happens when they use their physical access to turn off secure boot or just replace the component/device with one that looks the same, prompts for your password and sends it to them?
You get a prompt to enter Bitlocker recovery key if you turn off Secure boot in BIOS.
That's Windows doing that, which they've just compromised and then configured to display only the normal login prompt but send your credentials to the attacker.
They can also decrypt your hard drive by doing the same thing without modifying the original machine by just stealing it and leaving you a compromised one of the same model to also steal your password.
If evil maid attack, and you see this prompt, you a) re-enable secure boot, if did not work b) throw away the device.
In any case data stays secure.
Edit: Hmm, you have a point, how do I know secure boot was disabled in the first place? Anyway, still works for servers and unattended reboots.
There is no password. The machine will fail to boot and decrypt you hard drive.
Either you're entering something into the machine to authenticate yourself or they can just copy or modify your files without authenticating to begin with.
If they just want your password they don't need to decrypt your hard drive, they can format it and install a rootkit that steals your password as soon as you try to login.
So don't turn off secure boot. Replace the target machine with an identical decoy machine set up to capture whatever credentials are required to log in to the machine once BitLocker auto-unlocks, then use these to log in to Windows on the original machine and steal any encrypted data accessible by the user who logs in.
This would be more difficult to pull off in the presence of non-password security like a hardware token, as you'd need to forward the actual login UI to the decoy machine, but still not terribly difficult if the login UI will display on an externally-connected monitor and accept input from an externally-connected keyboard and pointing device, and the hardware security device connects via an external interface like USB.
You're now just making up more and more ridiculous nonsense to beat a wrong point.
Many OEM's don't allow changing keys and Microsoft doesn't even enforce their own certification requirements. See:
https://linustechtips.com/topic/1610033-hp-charges-for-warra...
I think it has the potential to create that situation if those features ever change. I should probably update that language, but I still feel from a consumer choice perspective, those solutions seem vendor specific and not governed by an open organization.
> Microsoft actually promoted user choice
Let’s not give Microsoft too much credit here…
Between 2011 and 2013, multiple Linux / free software organisations raised the issue with the EC. There was an actual antitrust investigation which at the time was seen as what motivated Microsoft to open the solution to third parties by 2013.
So in a way, thank you EU for making it so we have choices at all.
With that said, I think the technology still does more to promote vendor lock-in and as others have said, it’s one windows update away from a dystopian hellscape where all your bits have been pre-approved by someone else.
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bo...
> TPM and Secure Boot do not reduce user choice or promote state or corporate surveillance
Now with remote attestation they do.
> installing their own root of trust and signing their boot image
Won't matter. They can tell we did this. They won't trust our keys. Only their own.
I am starting to see the benefits to secure boot and TPM from a gaming perspective. I realize this can still be tampered with but it eliminates so many casual cheaters that the edge case is practically irrelevant.
I don't see how my TPM module will prevent me from using the machine the way I want. The offer of a cryptographic assurance to a 3rd party is something I happily provide in order to gain access to a competitive gaming resource. Cheaters really fucking suck and if this is what it takes to ruin their day, then fantastic. I'm looking forward to TPM3.0 now after seeing how ruinous this has been to their schemes. These tools are effective.
Battlefield 6 is especially problematic for malcontents because its developers also enjoy using statistical methods to detect cheaters. TPM2.0 + statistical methods + $69.99 per try = probably can't afford to play this game unfairly for very long. Even if you can afford it, the in game progression takes an eternity. You're gonna need that 8x scope if you want your "undetectable" frame scanning aimbot to be of any use.
> I don't see how my TPM module will prevent me from using the machine the way I want.
I guess people don't know this particular dystopia is implemented.
First a platform gets third parties (games, banks, etc.) to impose their attestation system on customers. Congrats, you're locked in! This is the gun they point at you but the bullet comes after.
Now you can't leave the platform or you lose all your games, have to get a new bank, etc. The more stuff they can get to require that, the more stuck you are. This also prevents any new competitors from building a network effect. But competition -- the ability to switch to a competitor -- is the only thing stopping them from being the worst people in the world. Ads in the start menu. Censoring whatever they don't like. If you want to buy something -- anything -- they want a 30% cut. They'll hide it from you but take it anyway. All your local files get uploaded to their cloud and the terms let them use it for AI training, or whatever else they want. And soon you have to pay a monthly fee if you don't want them to be deleted. Why would not paying also delete them from your local machine? Because screw you, you don't have a choice anymore.
> I don't see how my TPM module will prevent me from using the machine the way I want.
"Your version of TPM is unsupported. Please update your hardware to enjoy playing Battlefield 7". Your 69.99 per try just went up to 769.99 _for legitimate users_ because you need a new CPU with updated TPM for every new version. I'm being hyperbolic, but only slightly.
If you want a real example of this, Windows 11 requires TPM 2.0 to run. Hardware predating wide TPM2 adoption can be powerful enough to run Windows 11, except the company decided you need a new computer to do that.
Entertainment is the last thing you should give up your freedoms for.
I don't think it helps for cheaters, you have cheaters on console and it's even more locked down than that.
Not to mention hardware based cheating that just implements a fully compliant USB mouse, keyboard, and HDMI setup, and DMA like https://www.dma-cheats.com/
I'm sure some jackass is going to suggest cryptographically verifying that you are using peripherals from trusted manufacturers soon.
You are 100% correct and we can see the situation on phones where you can't boot anything not approved by the vendor.
These are old counterproductive FSF memes that should be retired, but stick around anyway.
a lot of what he says is straight lies or stupidity. I love linux but disagree with everything he says.
I have been using windows since version 95. I even liked the Millennium version, that was most hated before Vista. I tried Linux several times, but Windows just always worked and Linux usually had always some issues(mostly drivers, lack of good programs and no gaming).
But now, after more than two decades, I am certain Windows 10 is my last Windows.
Nothing lasts for ever, not even Microsoft's domination on personal computers. It took them decades, but now they finally f'd up so bad that there is just no going back.
I think, like many people, it will take me few years to need to reinstall my computer(or get a new one). So I will still be a Windows user and that will skew the numbers for upcoming years. But I think that also means that in 1-5 years, Microsoft will see a massive double digit percentage drop of users, almost over night, and nobody will have a clue what is going on.
By then, I bet the distributions will be even better. The gaming will be event better. The drivers will be even better. The saturation will be even better. So the transition will be even more seamless than it is today.
I am looking forward to it. I think Linux, or open source and free OS, should have been the norm. But we took a bad turn in the past and got hijacked by few smart people. That will come to a natural end, finally.
If you’re this engaged already I’d just make the jump. Be part of the future you want to have rather than watching from the sidelines.
I could but I do not need to, so i'd rather make better use of the time it would take me to move at this time.
Biggest pain point actually are not programs, but the need to format all hard drives to some linux file system. I cannot just replace windows with linux and that is it. No, I have to migrate all my data somehow to reformat all my drives and then move the data back. That was always huge pain in the ass.
fyi NTFS works perfectly on my linux machine.. ntfs-3g ftw
Yea, what this guy says. Throw a new HD in the machine, install linux to it, and then just /mount your other previously-windows HDs.
iirc linux can read ntfs but not write...unless things progressed. it was a licence issue, not a software one.
Things progressed, certainly, and it looks like this was broadly fixed in October 2021 (kernel 5.15):
https://www.paragon-software.com/home/ntfs3-driver-faq/
But there will be details, limitations of some kind, and I can't work out what those are without much more digging.
ntfs-3g uses a userspace driver that crap-ifies the performance
... there is always some excuse.
Gaming on linux has been awesome for years. With the advent of systems like bazzite, the transition is only getting easier.
+1, switched to Bazzite about three weeks ago. I did have to dualboot a Windows after a couple of days, unfortunately. Mostly related to Anti-Cheat and other shitty measures. Dark Souls II did not want to recognize my Controller, even though it works fine in every other game. Skate can't be played on Linux because of Anti-Cheat, but fuck EA anyways. Wolfenstein: The Old Blood, Dishonored 2 and Death to the Outsider and Bioshock worked fine. Did have to tinker with the graphics settings a bit and the experience is definitely buggier than on Windows, but the huge upside is that I don't have to use Windows anymore, or at least just as a fallback-option. I know care 0 about the Windows, it's on a separate SSD, haven't even set a Wallpaper or other things, which is rare for me.
I've been gaming on Linux for about a decade, it has improved massively since Proton, and I'm at the point where I'm able to play Helldivers 2 with its anti-cheat with my buddies and get great performance (the game's performance/bug issues aside).
I tried Bazzite for a while on my desktop, it's fantastic for gaming, but I'm also a dev and a Linux user since I was a teen (almost all of the years of Linux) so I found it a little limiting for my other PC related stuff (I typically prefer to run Arch and Arch based distros on my machines).
For anyone with a computer dedicated to gaming I'd recommend Bazzite, I still run it on my ROG Ally since the moment I took it out of the box; I bought it _because_ Bazzite existed, never even considered booting Windows. It's a great distro tuned for gaming, and comes with some features like VRR and HDR that aren't as easily available on other distros (I've been able to get HDR on Arch/Gnome but not VRR).
It's hard for someone who relies on Windows software to be entirely rid of Windows, which is why I don't tell people they should switch to Linux, but it's not impossible if you really want to, unless you rely on a piece of software that just won't run under WINE or doesn't have an alternative.
For me, I grew up with Linux alongside Windows, went into a career that uses and targets Linux exclusively (backend SE) and for my computer based hobbies; gaming, coding, 3D printing/modelling they're served very well these days, and constantly improving.
> Dark Souls II did not want to recognize my Controller
I ran into that problem on DS2 also. It seems that game picks the first input device it finds, so I was able to force it to use the controller by unplugging my keyboard (or maybe it was the mouse? It was one of those).
As far as I know almost all (if not all) anti cheat software just does not work on linux therefore "gaming on linux has been awesome for years" is not true if you play games online or competitive.
I'm generally not an online gaming, never enjoyed PvP, so gaming on Linux has been a breeze for me.
I recently got into playing Helldivers 2 with some family members and luckily for me it works just fine.
My opinion is that Linux gaming is most suited for majority single-player gamers like myself.
If you are worried about what Microsoft is doing you should be even more worried about running anti cheat malware on your computer.
This is like saying you won't stop smoking because then you might get less cancer.
This is simply not true. Most anti-cheat software does work on linux, but many games choose not to allow linux.
This has a good list of what works and what doesn't: https://areweanticheatyet.com
> This is simply not true. Most anti-cheat software does work on linux, but many games choose not to allow linux.
Iam not sure if I care whether the AC software does work (theoretically) on linux. Most of the games with AC cannot be played on linux. (You can see this on the graphic you linked).
I tried it long enough. I played MTG Arena with lutris and every patch day was a frickle.
I don't even play FPS games seriously, let alone competitively, but many of the games I play don't run on Linux. It's that simple. I've been using Linux daily for 25 years, but I have a dual boot with Windows. A week ago, I taught my NixOS to boot with secure boot because the new Battlefield requires it—and other games will follow.
AFAIK on linux they are not kernel level and thus are easier to work around. It isn't just that devs are lazy or hate linux.
Yeah, totally understand it isn't that simple but that's also my point. "Game has anti-cheat so it doesn't work on linux" is an oversimplification and people should check the specific games they're interested in. They could very well work if the developer allows it.
I switched to Ubuntu 3 years ago and never looked back for a daily driver.
The reason Windows (and Microsoft itself) is not 6' deep yet is a relatively small number of commercial creative software like DAWs, graphics suits and CAD modellers. Yes, there's a huge amount of legacy software in CAM, plant control and whatnot, but that can run alright on all those Windows XP and 7 machines like forever.
All major software vendors who think that Windows has too much inertial following and that its users will embrace whatever fascist surveillance machine their computers become under this abomination of OS, and refuse to port their products to Linux, will be in trouble soon.
Out of all DAW developers, only Bitwig got this trend right yet.
I have used linux for 10 years now but I think you just have to view a mac mini as the cost of a hardware synth or a guitar. Then all your problems are solved.
At this point, I need a nice gpu on a linux machine and a mac mini. It is a dream setup. I think I booted windows once on my most recent laptop because I messed up booting from the thumb drive to blow it away.
Reaper runs incredible on linux for DAW software but you always run into something that is not available with creative software. Then it is really nice keeping the mac only for creative pursuits.
Jumping into a different walled garden isnt the answer.
Annoyingly, Ableton Push 3 Standalone runs on Linux. This means that Ableton have a working Linux version of, at least the core, of Ableton Live working on Linux. I sincerely hope they release a true Linux version soon. It's the last thing tying me to Windows.
Glad you are trying Linux again!
But on WinME that was complete trash.. Never has an is crashed so much on me... I went to Win2k after that ... Win2k was the last windows I ran in a PC and was IMO peak windows.
Haha, true. But not from my experience. Not sure why. Either i just ignored any issues and simply don't remember them or i got lucky with hardware and drivers? Who knows. Either way, I never had issues with Windows. For me, it just always worked. Even now, I am on W10 and after i ripped out all the guts of the Defender out of the system, I'm quite happy with it. I have a TinyWall firewall so there are no background updates or any traffic without me knowing. I am in mostly full control and have no issues.
Just use Linux Mint
I am a IT solutions provider for the public and small business. I think the changes to Windows 11 is gearing up to work with organizations to create a surveillance state.
So I have to decided to promote Linux over Windows for computers I build for customers. If you have any suggestions on how I can make this promotion, better let me know.
Make sure libreoffice is included, and ublock origin. Show them how much faster it is, with fewer ads, and no subscription to Microsoft required just to write a document.
The business customers might want to know that databases are a lot cheaper on Linux, especially for small business.
Literally spoke to an automation company the other week that told me "we have to delete a bunch of stuff every time the database gets near 10GB or we'll have to pay Microsoft".
Plus there's no license cost for linux itself either.
This stuff might not be viable for hundreds of employees in a business where MS is already entrenched, but for a small business it absolutely is a better deal.
> Make sure libreoffice is included
Probably an unpopular thing to say here, but in my experience pushing non-tech people to use libreoffice as part of a Linux transition is a fast track to getting them to hate Linux.
Using Google Docs has been much more welcoming in my experience. Something about libreoffice doesn’t resonate with a lot of non-tech people.
Couldn’t agree more, if you’re pitching Linux to a non-technical user, you need a gentler off-ramp, not a cliff dive. LibreOffice is a UI time capsule..more archaeology than productivity. Most millennials would think they’d accidentally opened a flight simulator.
I’m relieved to see I’m not alone. I expected my comment to be downvoted because speaking against LibreOffice triggers some people
> LibreOffice is a UI time capsule..more archaeology than productivity.
I agree. Seeing the comments here claiming the outdated UI is a good thing, actually, brings up one of the big problems with a lot of open source and/or Linux soecific software: The resistance to UI change is huge among die-hard users so the projects tend to get stuck in whatever UI language they had a decade ago when they started
When I introduce people to open source versions of different software I find myself starting with “The UI has a steep learning curve, but…”.
It would be so much easier if we could give people apps that were targeted at familiar UI patterns of today, even if it angers a vocal minority who want every UI to look like it came out of the 90s or early 2000s when they first discovered their love of computers.
You have a ribbon-like UI nowadays, if you prefer that.
I was confused about this because last time I used LibreOffice it wasn't that bad. Turns out, it's really just a normal UI? I guess the biggest difference is it doesn't conform to Microsoft's design but to call it a time capsule is a bit dramatic.
I think by default after fresh install it suggests the "old" layout akin to Office 2000, but you can just select "tabbed ribbon" and then it really isn't half bad.
You know we are living in crazy times when people actually actively ask for the ribbon interface instead of making fun of Microsoft for it. It's one of the worst things ever conceived in UI design.
Both have their issues but having 50 uncategorized icons (I just looked up default libre office ui screenshot and counted...) is something only a power user can love. They can keep their classic ui as an option.
Categorized ribbon is an improvement for most people. Especially new generations who simply can't enjoy the effect of shared conventions with other software.
> LibreOffice is a UI time capsule
I'll grant that it's personal preference and OP should do what his customers prefer, but what you said is a good thing. UIs have sucked for some time now, so something which deliberately uses an older style is generally far superior.
OnlyOffice might be a better option here - its UI is similar to MS Office, and it has a much better MS Office file format compatibility compared to LibreOffice.
I've never heard of OnlyOffice, but that really looks quite promising. I'll have a deeper look at it later, but even though it's all webapp based it can't really be slower than libreoffice...
They have desktop apps too, in my machine I'm only using the desktop stuff.
I use Office all the time. But I see you can use "2010 or 2016 with Wine on Linux"? Which would be fine by me. Office 2010 does all you need really.
I agree with this despite being a libre office user. The introduction should be gentle, not dogmatic. No harm in using a browser based web application for this use case.
You’re right, you can’t push that hard. The new SO works, but it might not feel that way for newcomers. And LibreOffice… well, that’s another story.
GDocs is so nice, haven't even thought about Office or similar software in years.
I can't imagine trying to replace MS word with libreoffice for businesses. I respect the project and the complexity of the task, but it's just not there for even light professional use.
As an example, I recently submitted a manuscript following standard format [0] with libreoffice. Nothing difficult, just basic professional functionality.
The only way to do it involved editing global default page styles (because custom page styles can't be used for title pages?) and other advanced features. Fair enough, at least it was possible. It's a shame the export process didn't preserve the formatting and screwed up page numbering.
I had to fix the manuscript in gdocs instead, where it was easy.
[0] https://www.shunn.net/format/story/1/
What exactly did you have to change?
FWIW I'm not trying to interrogate you, I'm just trying to understand your perspective. From mine I just checked their checklist [1] and it's unclear to me what on that list you're suggesting required advanced features in Libre Office to achieve.
[1] - https://www.shunn.net/format/2024/01/a_brief_manuscript_form...
Headers were the big one. The shunn format has no header on the first page, and numbered headers on subsequent pages.
Libreoffice only allows either headers on all pages of a specific style, or no headers. So, how to apply a different style to just the first page? It supports that with the title page concept. But that menu only allows you to select either the Default and First Page styles, not custom styles you've added, so you have to modify the global defaults.
Then there's the numbering. LO requires headers to be the same across all pages, up to left/right distinction. That means you can't manually number. If you want to use the shunn "name/title/number" format you have to write "name/title/" and then enable the checkbox, accepting the slightly uneven spacing.
This is probably half a dozen menus altogether, which I consider advanced. It also confused the page numbering and tried to label the title page as the last page.
Another issue is that shunn's requires multiple alignments within a single line. This isn't directly supported in a reasonable way, but the same workarounds are required in MS word and gdocs so it's not like LO is especially deficient.
Smart quotes also don't work on copy-pasted text, only by a primitive typo correction system when typing. That's more of a personal process issue, since I was copying out of the markdown I do my actual editing in.
Programmers use markdown or LaTeX anyway; there’s approximately nobody excited about working on an office suite. It is a completely unrewarding task.
I use typst.
This is a pretty ignorant take.
How so?
> I can't imagine trying to replace MS word with libreoffice for businesses. I respect the project and the complexity of the task, but it's just not there for even light professional use.
Exactly.
Just work in the finance or insurance industry for a year, and you will see how it is part of the daily workflow to use very obscure, advanced Excel feature combined with VBA. If a proposed Microsoft Office alternative cannot handle this, it's not suitable.
I personally observe that a lot of nerds who barely use Excel in their daily workflow patronising that ... (in particular LibreOffice) is an alternative to Microsoft Office. Better first learn how the actual powerusers' workflows (in particular for Excel in the finance and insurance industry) actually look like.
Totally agree. I would never use windows at home but Excel at work is the main reason to ever use Windows.
I have Libre Calc installed because I am on mint at home and even if it could do everything excel could do, I don't know how to do things the same way. Neither do most people. The personal experience and network effect is insurmountable for other software.
> I personally observe that a lot of nerds who barely use Excel
Most people using Excel/Sheets/Word/Docs are not power users. Pretty much all home use is covered by OpenOffice and that is the majority by user count.
Or something like Google sheets. Attempted very basic thing:
1. Got barcode reader and scanned some barcodes from books
2. Looked up these from online API
3. Wrote result in ISBN;Name;Year to output
4. Tried to copy result to Google Sheets
5. No import from custom CSV? (Excel has very good tooling)
6. Actually to split I had to use =SPLIT() and then copy paste results in weird way to actually be able to use first column...
Is this really better? Or good enough...
There's an import function in the File dropdown, with a dialog giving you control over separators. If that fails, you can paste the data, followed by Data > Split text to Columns. I work with CSVs in Google Sheets often and it's pretty reliable.
You can either complain about how Microsoft is treating or you can keep making excuses and add on requirements until there is no alternative but if you keep doing both you deserve whatever you get.
I switched from Google Docs to Libre Office a few months ago. I'm surprised how buggy LO is, because I tried it a decade ago and it doesn't seem to have gotten any better. I don't plan on going back to MS or Google, but I am very frustrated with the number of bugs in LO's spreadsheets, so I try to keep my sheets simple and CTRL-S a LOT!
Examples: [1] I selected a range of cells recently, by clicking and dragging, and when I let go of the mouse button, all of the selected cells shifted up and to the right by one cell, and CTRL-Z didn't undo it! [2] I have a workbook and when i duplicate a sheet with a chart, the chart is blank, so i have to delete it and re-insert a new one. [3] Sometimes the left-hand X-axis is cut in half, and I have no idea why, but if I create a new doc it goes away. I really, really want to promote LO, but it is very buggy. I can deal with it but I don't think others would.
Please report the issues as Libreoffice developers would like to know how to improve it. Might I also suggest trying ONLYOFFICE, it really looks and feels like MS Office. I am not a heavy Office user so I never run into issues but this one 'looks' professional.
I use LO for its word processor fairly extensively and have been pretty happy with it, but for spreadsheets I am 100% on team gnumeric---it is rock solid, less buggy than Excel itself, and supports a lot of Excel formulas and formatting better than MS's own web client.
If I have to use a spreadsheet, I prefer Gnumeric. I don’t have any solid evidence, it just seems less buggy generally.
I wouldn't recommend deploying ublock on customer machines. Or at least ask what their workflow is first. There are a ton of SaaS sites that break with ad locking enabled.
I run firefox+UBO+privacy badger on my machines, and the only sites I've had to disable my privacy extensions in the last few years for were work related, B2B SaaS apps. A few years ago I pushed UBO to user machines (Chrome on win10) at work, and had a ton of user issues. I finally had to disable it, it wasn't a net benefit to us. It's not just a 'turn it on and leave it alone' thing, and people don't always think or remember to try toggling it off and reloading the page when they encounter issues.
That said, it's insane to me to be paying MS for a database with a 10GB limit, but I've seen their price lists. I've also worked with small businesses that don't have in-house IT, and they just end up overpaying for crappy service for many of those things.
I hope this win11 migration causes more MSPs and consultants to move small businesses over to linux though, MS has been predatory on pricing for business customers for far too long and with as much work has migrated to a browser there will be way less issues switching than there were years ago.
If they don't remember the two-click procedure for toggling ublock on a website that they want to be using, they weren't paying attention when they were told or showed that, and all they need is a remedial work training session to hammer it in.
I mean, easier said than done. We pay accountants because they are good at their specialized field. They have knowledge and experience I don't, and there's certainly things that are obvious and simple to them that I don't know 9r remember.
It's really easy to just say it's the LUsers fault and make pebkac jokes, and I definitely enjoy BOFH style humor, but honestly not everyone will remember the 30 seconds of training to go into this menu and toggle off an extension if netsuite throws a cryptic error or won't behave properly. I find it's better to have some empathy for other people, not everyone thinks like a computer and connecting 'I have this error message full of gibberish about API calls' and 'the IT guy mentioned 2 months ago that if a site isn't loading, I need to turn off this thing'.
I rarely have issues with uBlock, it's NoScript that gums up the works usually
> There are a ton of SaaS sites that break with ad locking enabled.
Never had one and I have been using uBlockOrigin for a decade. If a SaaS doesn't work with it, report it to them or skip it (if not already vendor locked on it).
Not defending it but for clarity: it’s SQL Server Express that has the 10GB limit, and it’s free. They’re staying under that limit so they DON’T have to pay Microsoft. Aside from the Windows license, presumably.
Thanks for clarifying. Looks like the jump to standard is 989/year (if I'm reading Microsoft's confusing pricing sheet correctly). That's enough of a jump that it would definitely be a budget item for a lot of business. And migrating to a different DB engine isn't often an easy task, but keeping a DB maintained under a size limit sounds like a PITA and prone to accidental deletion of needed data. I definitely don't envy someone having to deal with that.
I'd also try using OnlyOffice, FreeOffice/Softmaker, Collabora and WPS to see what has the best compatibility with Office documents.
IMO, if they need Office, they should just use Windows.
You have sqlite, mariadb/mysql, postgres and more just for mostly traditional SQL. Then you have the others ... 8)
It's time for change. VMware have tossed themselves off into limbo and MS seem hell bent on alienating a vast swathe of humanity with W11's requirements - weirdest A/B test ever.
I'm working on some bigger clients ...
Yeah. I just tried LibreWolf recently and it comes with Ublock preinstalled. I think I am going to install that with some relaxed privacy settings. Libreoffice by default for sure.
If you're going to do this, set them up with something they can get commercial support for.
IMO, if a user's needs can be met with a Chromebook, Linux + a browser + email + Zoom/or whatever would suit them well.
I think you're going to have a hard sell if they rely on Office or other Windows-only software, and although well meaning, it might be doing them a disservice if they can't run the software they're accustomed to.
What are the arguments for Office at the small business or individual level, as opposed to Libre Office? For most users, they'll be able to reacclimate in a matter of hours to near 100% competence. And they now are in an ecosystem that won't constantly try to squeeze you for rent.
I think this is even more true in the era of LLMs, because on the rare difference somebody might get hung up on - there's no longer real need for support. LLMs absolutely excel at questions like 'In MS Office I can do [x] to achieve [y]. How do I do that in Libre Office?'
Sadly in small business Microsoft have a lock because no SMB wants to be the awkward outlier whose IT makes them hard to do business with.
For example, to be that supplier that whose documents never quite look quite right or who always struggles with the docusign /PDF /email /spreadsheet /whatever whatever.
For an SMB, fitting in with the de facto IT herd that is represented by your customers and partners is essential for survival. Sure, some SMBs do decide to buck the trend and move over, but it's hard and not for the faint hearted.
Time will tell if this problem solves itself as 365 becomes a pure web app and Windows becomes an RDP-like Cloud PC.
The irony of Bill Gates vision of a Personal computer where you run what you like and not what the mainframe gives your terminal becoming Windows where you consume what you are told to is not lost on me.
Generally nobody should exchange Office docs anyway, I find it much more professional to exchange PDFs. I use MS arial so my PDFs made with LibreOffice look immaculate on any device. I think people are really shit for being so attached to their stupid office. I could not sell my dad on LibreOffice though. He'd rather pay 100 EUR/yr than learn to use new software.
Ideally they wouldn't, but they do, so you have to meet them where they're at, which is Office.
*immaculate on any device that has Arial, unless your PDF conforms to PDF/A.
Linux machines don't normally include Arial due to the license, and only PDF/A includes the fonts used in the document.
By default an Arial clone is present, ideally Arial is specified as a valid replacement font in the PDF if the user does not have the Arial clone present (Arial itself is a clone, but that is another story). It would require deeper investigation to see if this is actually the case. I've always wondered about this.
PDF/A has given me all kinds of issues (windows users get incorrect glyp placement with very bad results). Regular PDF has worked fine for me.
nit: normal PDFs may embed fonts, but PDF/A must embed them, and PDF/A is not the default in most programs.
In practice however most programs seem to include fonts in exported PDFs?
> Sadly in small business Microsoft have a lock because no SMB wants to be the awkward outlier whose IT makes them hard to do business with.
Which, as companies switch away from using Microsoft products, are now the people using Microsoft Office.
Everybody can open a PDF. Do you want to be the ones having problems sending Office documents to companies that have already stopped using it?
Sounds like a load of FUD from a Microsoft salesman.
> What are the arguments for Office at the small business or individual level, as opposed to Libre Office?
You have to open and edit documents you get from outside of the office. Clients regularly send me spreadsheets that don't work in Libreoffice, for example.
> something something Chromebook something something
Why wait for mass survellience and remote attesention when u can have it today!!! :D
Yeah I was thinking of ZoroOS. The have a pro package.
Wine to run Office on Linux?
Only old versions of Office work on Wine, unfortunately
Office 2007 was the peak and it’s been all downhill since then.
The article lists 4 Linux distros. I think the most important thing is to recommend just one distro, DE, window server combo, don't know which one but it has to be carefully thought out. They're all coming from the same thing.
The Linux choice matrix is confusing even for programmers. Like I can understand the pieces in theory, but in practice with hardware, user-installed software, varying degrees of compatibility between components, and updates...
Perhaps https://zorin.com/os/ might be a nice distro for your customers. It has 2 UI options: one that is close to macOS and one that looks more like Windows.
The Snap store on Ubuntu is quite good. Has Spotify, VS code, Blender, Chromium. LibreOffice has a tabbed UI setting that mimics Office (easy to enable). Personally I love LibreOffice, something about it resonates with me. Everybody who liked office 2003 and could never get used to the newer weird ribbon UI in Office will love the default LibreOffice. Those who love the ribbon can enable the tabbed UI bar in LibreOffice. Only complaint is that performance is not as fluid as it could be.
I avoid snap myself because I use apt, but apt is a hard sell and arguably not ideal as well. E.g. I added Spotify repos which in theory could break other packages. In practice this doesn't happen (probably due to Ubuntu essentially freezing major versions for packages in their releases).
Choose the right distro and automate updates of possible. Mint is the softest landing for Windows users. But they never ever ever ever update anything on their own.
Ever.
Forever.
Or use Fedora with kickstart/modified atomic base image/bootable containers.
Mint still being on Xorg sounds like a rough ride when it inevitably goes to Wayland, which seems to be the more common default elsewhere.
Yea I need to think of a good way to automate updates..
Mint's Update Manager has automatic updates built in. Go to Edit > Preferences > Automation.
Get a distro with atomic updates, preferably an immutable one like Aurora[1]. Updates are automated and can't break your system. And in the rare event something does happen, you can easily boot the previous version right from the boot menu, no need for any scary commands or technical intervention.
[1] https://getaurora.dev/
`unattended-upgrades` package on Debian handles this well.
"automate updates"
A device can be woken up at silly o'clock and "apt update && apt upgrade && apt autoremove && shutdown -r now" can be run via cron.
apt as deployed by Debian itself has options for automatic updates (via cron), which is the better option. Have a look under /etc/apt/apt.conf.d/
I was thinking about setting up a package as part of the system build to do remote maintenance and I wondered if manually doing those updates every six months would be too long of a window. That way if something breaks, I can visit the customers location to fix it if I have to.
> A device can be woken up at silly o'clock
It can't. The device is in my room and making noise when on. If that device wakes up and wakes me up, it's either getting a force shutdown (breaking the update) or getting in the trash. Plus the device is generally left in suspend mode, so shutting it down would interrupt my workflow.
upgrade and autoremove can be combined in one command. My usual line is:
-V is just for verbose old/new version info.I thought I heard that TurboTax is moving to web only, but maybe that's only for personal use and not corporate?
If it makes their decision makers fuzzy in the stomach to pay for a suite of office software, consider SoftMaker.
Create a 'showroom', virtual through network screen sharing or physical if possible. Demo machines where you can let customers get a bit of immediate experience with GNOME, Xfce and possibly something more. You can walk them through checking their email, creating a document and doing a bit of web browsing.
Don't front 'Linux', it's a tainted word that is of no use to typical public sector and small to medium business people, preferably don't mention it. Instead talk about your solutions being secure, cheap, enterprise grade, customisable, long term supported, things like that.
How could they create something that already exists?
you should look into the idea that you are a business, using linux installs in a way that may be subject to license.
if you promote, facillitate, provide resources for installation free of charge, thats probably fine. providing a system for sale, with linux pre-installed, may require, at least some attribution.
Ok thanks for that reminder. I'll look into that.
Don't bother - no idea what your parent is up to.
Linux - the kernel is GPL 2 - that means you can use it to your heart's content. If you make changes, it would be nice if you shared them, please do.
A Linux distro will generally have a similar license. Again the idea is that positive changes that you make are made available to everyone.
That is the idea of the GNU Public License: If you take our freely available stuff and add to it, you should make your changes public too.
Seems fair!
so if someone takes our freely available stuff, bundles it with a newly assembled system, and sells them, at a marked up price, like normal business does, it wont be an issue if no mention is made of GPL2 and what that means for the end user.
the idea that positive changes are made available to everyone, is not yet broadly salient. at least now, poster is probably aware of that condition.
you seem to be up on GPL2 , what happens when someone packages distros on disk or stick, and sells them for profit ? thats something to be aware of as well.
They stick the licenses in the back of whatever pack of documents are used during the sale. Heck, print it on the back of the work order in small print with a gray font.
On my motorcycle, there’s an option to view the software licenses used on the bike. The GPL is in there somewhere. So are a lot of other things.
And, no, during checkout at the dealer, we didn’t spend any time talking about software licenses.
As a bundler you’re obligated to provide the licenses. You’re not obliged to point them out, highlight them, point folks to links, or archives, or explain how they work or what rights users may have.
They just have to be available.
ok, so someone makes the license available for end user to read or not, thats one down for providers responsibility.
now the next is the nature of linux as a common good, generated by many contributors over some time. is it acceptable for anyone to turn a profit from distributing copies of linux on media, or as a component of a retail unit, for an additional price ?
how does that scale up? suppose thousands of ISOs or live distros are sold, enriching the seller by some thousands of dollars, is that ok?
could i, or you, or anyone, burn a couple hundred disks, or rufus thumbdrives, then sell them for $40 each, and have no concerns ?
the submission, links to what is clearly, a profit oriented business. what limitations exist? none if you just pack a GPL2 in with it? can he charge a fee as if he is selling linux to the end user? is public awareness, and availability a suitable contra for financial profit from sale of a product of many contributions from many individuals over many years?
just how philanthropic is the community?
Yes, it is fine. Thousands of companies include GPL’ed software in their products including Red Hat, a big contributor to FOSS. The GPL explicitly allows it. The FSF has said it’s OK as long as you provide the license and a copy of the source code. It’s not an issue.
You may find it morally objectionable to sell distributions of free software for a fee but for F/OSS licensing in no way forbids that.
GPL version 3 explicitly says "you may charge any price or no price for each copy that you convey". The MIT license also explicitly allows selling the work.
No other free or open source license forbids selling either. In fact the Open Source Definition from OSI expressly says: "The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources."
Linux distributions have been commercially sold for decades. Red Hat built its entire RHEL business on that, even when they still played nicer with open source. (Of course the key really was the support they provided to their paying customers but I think you still needed to pay to get your hands on RHEL anyway.)
Of course the problem you'd be facing if you wanted to sell free software at a significant price would be that since you can't forbid redistribution of the copies you sold (and you need to provide source code), someone else can take what you sell and redistribute it for free. So you can only really sell other people's free software if you either get ignorant people to buy it despite the same thing being available for free elsewhere, or if you provide something else on top of it that people are willing to pay for.
That severely limits the possibilities of making big bucks by just selling free software developed by others.
Perhaps the community is philanthropic to the point of providing free software for other people to sell. But the community or the authors of the licenses aren't naive. The possibility has been known from the start, as was the fact that it's after all quite difficult to charge a lot of money for selling something when free downloads are also almost guaranteed to exist.
I'd be a lot more concerned about how volunteers assume active maintenance burden and responsibility for software libraries that are used for free by just about every software company on the planet.
I don't see anything about trinsic2's (or anybody else's) promoting Linux or installing it on customers' computers that would be in contradiction with open source, even morally. I certainly don't see how a "license" could be required for doing so when the individual licenses of each included piece of software already permit commercial distribution. The only way he might need a separate license would be if he installed a distribution that's actually not entirely open source and bundles proprietary components that are not freely distributable.
Can you say specifically what you this there is to be concerned about, and why you think it is a problem? Just asking questions like this is not an effective warning, I think. We should be direct, to avoid spreading uncertainty and doubt.
Yes, you are allowed to sell devices with Linux on them. I’m shocked that you think otherwise. Android is pushing Linux to billions of devices and doesn’t have to pay anything.
>you seem to be up on GPL2 , what happens when someone packages distros on disk or stick, and sells them for profit ? thats something to be aware of as well.
Assuming that someone has customers, they have a viable business model, that's what happens.
That was, in fact, the business model of most Linux distros before we were all terminally online.
Don't be shy. Tell us what you're concerned about and why you think that's an issue.
Are you implying some sort of illegality or breach of license?
IT & software dev for a small-midsize company. I wasn't able to finish migrating last month due to a pressing project, but we're migrating almost all of our systems at work to Linux. 90% of our user's work is done in a browser, and the other 10% is in an in-house application I wrote. That app works on Linux, since my work machine has been on Linux for years.
We'll have a few macs and 2 win11 machines, but the rest are getting migrated.
We're in the Google ecosystem for email, docs, and drive so I'll just deploy Chrome instead of a Libre chromium. I'd rather not troubleshoot user profile issues, and they have access to all our data anyway. Honestly, I fully expect I'll have more than a few users that don't even notice the OS change.
Next step: escape the Google ecosystem. LibreOffice for docs (its far superior to Google Docs anyway). Syncthing for drive.
Slightly disagree - while LibreOffice might be better in features, the UI/UX of Google Docs worked so much better for me, it's not even funny.
Have you tried LibreOffice's ribbon interface? It is similar to the one on Microsoft Office. You go to View > User Interface and choose "Tabbed". There are 7 different variants available.
I guess I kind of agree with your disagree, but disagree overall!
The UI in LibreOffice feels quite clunky and outdated and never seems to have been given any thought since the OpenOffice days. But Google Docs is so feature poor that I'd rather live with LibreOffice's UI. Especially as you can adjust to the latter after using the software for a while.
Have you tried LibreOffice's ribbon interface? It is similar to the one on Microsoft Office. You go to View > User Interface and choose "Tabbed". There are 7 different variants available.
The best path forward for home users and small business for non-technical users:
Install Fedora with KDE.
Install Firefox, Thunderbird and Chrome.
Install uBlock Origin, Privacy Badger.
Install LibreOffice & bookmark Google Docs.
Install multimedia support, h264/h265, VLC/mpv/ffmpeg, enable DRM in browser.
Install Steam if applicable.
If they have a printer, connect it and show them how to print a page.
Configure & tweak KDE to be cleaner & more user friendly (its already near perfect out of the box). Show them how to manage wifi/lan connections.
Stick with Intel & AMD hardware, Nvidia drivers breaks on most kernel updates (and it messes with luks/secureboot/dracut). Intel & AMD, Just Works.
Educate the user on how to do Software Updates, install/remove software, how the file explorer works, maybe some terminal stuff if they seem inclined. Give them a high level overview of the benefits of linux.
With Fedora and KDE you can accomplish 95% of your computering needs, including software development. Only a handful of games & creative softwares don't work.
It will only take 6 months to have them permanently converted.
FYI last guidance is saw said privacy badger provides no additional benefit if already using ublock
I don't have issues with Nvidia drivers in Archlinux (using cinnamon and X) after pacman updates that sometimes update kernel and/or Nvidia drivers, I'm curious what's different in your setup to get these issues
Also, how are the graphics drivers affecting LUKS for you? They are two independent and unrelated things for me, Nvidia drivers aren't doing anything disk or pam related
> If they have a printer, connect it and show them how to print a page.
This however is the thing that doesn't "just work" for me, even with a common hp printer. The one time in a year you need to use the printer, something will have broken about its drivers again in Linux. I just transfer the pdf to the printer with a USB stick now
Same here; I have had crazy hardware work out of the box in linux, but printers remain a mystery.
Furthermore, last time I tried printing, it was a surreal non-deterministic process. It wouldn't print, then it would, then it would get stuck in a handshake or something, rebooting wouldn't fix it, but rebooting twice would, then turning off the printer would break it again, and so on. No system update in between attempts. I genuinely want to know what the fuck the engineers for those machines are doing.
[Disclaimer: in the above process there was the extra hurdle that the printer was one of several on a local university network that may also have had cooky configuration]
It’s really surprising how printing from a Mac or iPhone just works. The foss people screwed up printing somehow.
I would take this a step further and recommend a Fedora-based immutable distro like Bazzite (for gamers) or Aurora (for everyone else). These come with codecs and even proprietary drivers (nVidia), so you don't need to install anything manually.
Immutable/atomic distros are rock solid and extremely hard to break, the automatic updates/upgrades are a godsend for newbies, and in the rare event something does break, you can boot directly into the previous version right from the boot menu - no command line wizardry required. Immutables also don't suffer from the dependency issues that can sometimes plague regular distros, so I would highly recommend them over a regular distro for most newbies.
[dead]
I've been living on an Unbuntu variant (Pop_OS) for over a year now and it's surprisingly good. Note that I had been a Mac-and-some-Windows user as far as desktops go for about 10 years prior to that, and had lots of Linux experience before that - so I'm experiencing a 10 year before-and-after.
Things that intrigue me:
- For photos, darktable is surprisingly good. I think this was my biggest single surprise, being a Lightroom user.
- GIMP was always great and now it's even better.
- LibreOffice is good enough that I can live on it just fine. I do miss Keynote, but it's not a showstopper.
- Dia is good enough for diagrams, though I miss OmniGraffle.
- Notice how there aren't any Windows apps I miss. There are Mac apps I miss (Keynote and OmniGraffle).
- Anything involving the web just works.
- Suspend/resume on my Linux laptop works better than suspend/resume on Windows, but not as good as what you get on Apple M hardware.
- Battery life on my Linux laptop is better than on Windows, almost entirely because Windows wakes the laptop up while it's suspended, so if you close the Windows laptop and carry it around unplugged, you'll find that the battery is totally drained after some number of hours. Linux doesn't have this problem.
- Development workflow is amazing. I'd rather program on Linux than anything else.
- The lack of crapware and nagware is so amazing.
- For diagrams, draw.io is a decent alternative
- Similarly for Photoshop users, Photopea might suit them better than GIMP. And there's also Photoshop Express/Online if they really want to stay in the Adobe ecosystem.
If you just want to draw a simple diagram, Excalidraw is amazing.
Draw.io is my go-to tool on any platform now. I did an entire bachelors and masters using it for all my diagrams.
I like OmniGraffle but personally I didn't think it was worth it when draw.io was free anyway. Like I don't feel it was $150-$250 better than draw.io, especially since it's not cross platform.
Draw.io’s development philosophy is just too cool: “doesn’t use artificial scarcity to produce a bloated sales-centric company with matching revenues.”
https://www.drawio.com/about
Draw.io all the way. I've operated as a Network Consultant and Architect for the last 3 years using it exclusively. Not only is it great, it's fast and cross-platform. I will never use visio again.
Have you ever tried Excalidraw? It doesn’t have as many features but with the keyboard shortcuts you can whip up diagrams so fast. It’s just so nice to draw in.
We use Excalidraw at work. I have a friend who uses it for everything.
I've played with it, and it seems pretty ok; the only reason I haven't used it much is because draw.io has been good enough, but I really should give it more of a test drive before I draw any conclusions.
I just checked and Draw.io is just Electron slop. Disappointing.
Well part of the appeal is that it can be in the browser without installing anything.
> GIMP was always great and now it's even better.
For adding shapes/colours/annotations etc to photos, I found krita to be more accessible than gimp. E.g. I wanted to do changes to my contractor's realistic concept drawings and I could learn krita (guided by Claude Sonnet) and make the changes in a span of couple of hours.
Adding shoutout to Inkscape, also a very good piece of software for editing graphics.
I'm sure I will regret this, something will change and I'll be "F.U. Win11!". But, I'm on Windows 11 Pro (upgraded from Windows 10 Pro) and I have barely noticed a difference.
Maybe because it's Windows Pro, not Home? Maybe because I have 2 profiles. The one I used to install it which required a microsoft account, and a separate, local only account which is the one I use always. I can't remember the last time I had to use the other account. Maybe when I upgraded to Windows 11. I don't remember.
I'm not trying to excuse Microsoft. I had to go into settings and turn off everything I could find. I had to futs around to get it to stop trying to get me to install Exchange every time I pressed Win-E (or was it Win-W) which I press often because I use the same keyboard on Mac and Win-W is Cmd-W (open new Window) (A: Powertoys). So yea, I cursed that. But, I found a solution.
Other than that, so far, it stays mostly out of my way and just works. I'm hard pressed to notice too many differences. Is it because I'm on Pro? Is it because it's a local account? Is it just luck? I don't know. It only suggests that it's at least possible, so far, to use it.
Some things that any semi-power user will notice and get angry at:
* Needing internet and a microsoft account to install the OS
* Start menu now requiring two clicks to get to programs list
* Right-click requiring two clicks to get to the options you most likely want to use (e.g. 7z unzip or opening in a specific program)
* Task manager being slow and laggy
* Random ads asking you to install a game pop up in the notification area
* ...
And then there's little bugs everywhere that just grind away at you on a daily basis:
* A tab in explorer will sometimes randomly stop accepting clicks (keyboard select works). So I have to close the tab and re-open
* The keyboard layout setting gets corrupted and there's no proper way to reset it (nevermind the fact tha this setting is now burried twenty levels deep in the new settings app)
* The settings app search does not work
* ...
It is by far the worst Windows version (beating Vista and ME to that title) in my opinion. I use linux as my daily but am forced to use Windows at work and they have of course been forced to upgrade us to Windows 11...
Or hold [Shift] while right clicking
Microsoft's own "you're holding it wrong moment": "You're right clicking wrong"
> And then there's little bugs everywhere that just grind away at you on a daily basis:
When I create a new folder or file in a directory in explorer it hangs for a bit and doesn’t show up unless I click refresh. Ditto if I save a file to a directory that is open in explorer.
Thinking about trying to get a copy of Win 10 IoT LTSC instead at this point.
You don't need IoT, just the normal LTSC (2027, and then security updates until 2032, iirc). And there are easy ways to swap to it, present on GitHub...
Main downside is other applications dropping support for 10, if relevant. I only swapped my main system due to Fusion 360 notifying me they were dropping 10 in January 2026.
Go here [0] to get the links to Windows 10 and Windows 11 LTSC.
Also, the script to activate it, go here [1] for that.
[0] - https://massgrave.dev/windows_ltsc_links
[1] - https://massgrave.dev/
I'm using Windows 10 IoT Enterprise LTSC to write this and using Massgrave(l) it's activated to 2038 or something now. The only thing I wanted that LTSC didn't have out of the box was the Microsoft Store but you install that from PowerShell with the command "wsreset -i" and wait for 30s or so :)
The Win 10 IoT LTSC iso is on archive.org (from microsoft)
I'd love to know how many people are verifying checksums, and sourcing the checksums themselves from reputable sources. An event like this seems like a prime opportunity for someone to insert something extra into one of the components needed and a proportion of users will pick it up, whether the security cure is worse than the disease of an unsupported OS.
Just as an example of this everyone points out Massgrave for activation on a version of windows I doubt many are properly licensed for, and one of the methods used relies on periodically talking to KMS servers they provide including some on a Chinese TLD [0]. Personally I'd be charitable and say it's probably well intentioned using the cheap resources they can get (there's no mention of donations on the site), but I wonder how many are aware of what is involved and this is just something they rush through to get rid of the big scary warning that windows puts up and tech news hysteria.
[0] https://github.com/massgravel/Microsoft-Activation-Scripts/b...
I largely agree with your points, but in this context -
* A microsoft account is only needed for Windows 11 Home. A "semi-power user" is hopefully not using that edition of Windows...
* I'm also greatly annoyed by the right click - but holding shift when right-clicking opens the expected menu, removing the extra click requirement.
Some of my own annoyances though:
* The taskbar/windows button seems to just...crash...sometimes. It'll eventually restart, but extremely annoying. Left clicking taskbar icons still works, but right clicks or the start button don't work as expected.
* Additional clicks to change audio devices...drives me crazy on my main system.
* I like the autosaving aspect of notepad, but they've killed the main reason I used it - an instantaneous, lightweight text app. It's still quick, but is noticeably slower.
* Settings and Control Panel is still a mess, and even less usable than Windows 10 was.
> * A microsoft account is only needed for Windows 11 Home. A "semi-power user" is hopefully not using that edition of Windows...
Both Home and Pro require Microsoft account to install and start using. Then you can create local only users in both editions and delete user joined to Microsoft account. This is standard operation even in OEM installs.
[dead]
Oh goodness yes. I was forced from Linux to W11 Pro for my new job. Use wsl2 they said, it'll be fine.
And wsl2 is mostly fine. But that doesn't stop the rest of the OS from being a dumpster fire. Why is it asking me to install or play Xbox games constantly? It feels like I have malware...
I jumped ship over a decade ago and have been using Linux Mint as my daily driver; there hasn't been one day I've regretted it. Seeing the recent news about the constant full-screen Windows Backup/OneDrive popovers and needing a Microsoft Account just to install the OS (they recently killed the OOBE workaround) is just the stale icing on this dumpster fire of a cake.
Don't even get me started on all the AI crap in Edge.
> Why is it asking me to install or play Xbox games constantly?
Because Microsoft got too large and some manager of Xbox pressured the Windows team to allow such notification to boost up their KPIs (games installed, game hours played).
Telemetry and KPIs are the single worst combination of bullshit that has happened to the entire IT industry.
It just sounds as if you haven't reached whatever your capacity is for "having to setup the OS to get out of your way". And that's a personal choice for everyone.
Windows 10 eventually breached my capacity due to the number of defaults I had to change post installation, and then often, again, post-patch/update. This was very soon after Windows 10 was released, and I already didn't like Windows 8's hybrid monstrosity following on from the sublime Windows 7, which I consider to be peak Windows.
I moved to Pop! OS and have been enjoying it on both desktop and laptop for over 5 years.
Forced updates were the last straw for me - after several iterations of using my machine until late, then being forced to let it update itself for another 30-60 minutes when I just wanted to switch everything off and go to bed, and noting that Proton made almost every game playable on Linux (thanks Valve).... the switch was a no-brainer.
My work laptop allows me a view into the dystopian Windows future, including updates as you've described as well as the occasional update and reboot in the middle of doing actual work - yes, I know it should not happen like that, but reality doesn't seem to care for _should_ or _should not_. Just a rare as it is inexplicable.
Meanwhile if a Linux distro wants to update, it politely asks you, and then goes away again when you say no ^^
[dead]
The difference for me is how much time do I need to spend to tweak the system, and how much frustration will I still experience after tweaking everything I could. I found a Linux distro which suits my needs and desires out of the box, that I can just install and immediately get started doing whatever I need to do. It makes using a computer much more enjoyable.
The "Microsoft account" requirement is a weird one, because when I got a Win 11 PC after the death of my Win 10 one, I tried to set it up with my Microsoft account .. and it told me that this was unsupported on this account, and then it just fell back to creating a local one anyway. Which was what I wanted. No idea how I got into that state, other than the account being very old.
Might have to wait and see. I recently installed Win10 on my spare PC that previously had Ubuntu. Thought it was remarkably clean, but then the nagging about backups etc started coming.
The PC also had Win10 before Ubuntu, and I remember that being way worse because of the constant updates which always triggered more nags and resetting my default browser.
So I can use windows 11 without an account?
I thought that was not possible
Funny seeing this here at the exact moment my frustration has boiled over with windows. I'm just completely baffled at the hostility and disdain Microsoft is showing it's customers. These issues are on top of just the disregard that people actually use these products for work and business so force-updating and breaking them so often, just so they can re-force you to accept their surveillance bloatware. My feeling today has been that we're going to look back at this moment as the straw that broke the camel's back.
The camel's back is already broken, it just so happens that changing OSs is very hard. MSFT has a leak; once they lose a customer, and that customer has figured out alternatives, they are never getting them back.
See this for all OSs/platforms: https://gs.statcounter.com/os-market-share#monthly-200901-20...
See this for Desktop OSs: https://gs.statcounter.com/os-market-share/desktop/worldwide...
They are on a slow death spiral. Their solution to raise revenue when their marketshare goes down is to squeeze harder. So they lose more users and the vicious cycle continues. In 10-15 years, they'll dip below 50% of marketshare, at which point there will be various alternatives which will accelerate their downfall. This already happened in tablets/phones.
It might also happen faster since they have a stronghold in Asia and China is now looking to accelerate the building of alternatives.
[dead]
In addition to the good distro options mentioned, there's also Debian Stable:
https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/d...
There are several options for desktop environment, and you can select which ones to install when you boot that installer image (and also add/subtract more later, and change your preference at login time).
One of the nicest-looking ones that should be self-explanatory to use (for anyone who's used any version of Microsoft Windows since 95) is Cinnamon. Most of other desktop environments default to similar, except for the current default Gnome one, which is a bit more creative in a way that's not intuitive.
I use Debian Stable + Gnome as my main PC. I use a handful of native apps which are all available on Linux, and most other apps are web-based. I never used to like the Gnome desktop, but modern Gnome is fast, unbloated, and it gets out of your way.
The author spoke of migrating Windows users, so I suggested what would be familiar to them.
The Cinnamon desktop will use a lot of that Gnome stuff, but things like a start menu and task bar will be more familiar than the corresponding elements of the default Gnome desktop.
With my last PC, I was looking at Freedesktop issues and waiting for cutting edge software for a year to get complete support for my hardware. Hence Ubuntu and Fedora.
Ubuntu is as good as Debian Sid for cutting edge (not really), PPAs work in both.
I think describing TPM and Secure Boot as "artificial limitations" is unfair. Many Linux distros have no problem working with both of these and they serve a valuable purpose.
The problem is not that they exist or that Windows 11 supports them. It's that Microsoft pretends they are required, when they are not.
> It's that Microsoft pretends they are required
I think that's what "artificial limitations" mean. Microsoft pretending they are required when they are not.
I don't use Windows and actually find it kind of insane when I use someone else's computer to see what Windows is like...
But it's kind of MSFT's choice whether TPM and secure boot are requirements for their software. If their software makes security assumptions that the OS has access to trusted hardware then it's a requirement. One could argue that they should create secure and less secure versions of Windows, but I don't think anyone is really going to take that seriously beyond rhetoric.
There are a lot of advantages to assuming the hardware is mildly trustworthy. The downside is you may not want Microsoft to be controlling what counts as trusted on your machine. If so, then you probably don't want MSFT to have root in your machine either and you're better off with a different OS.
> There are a lot of advantages to assuming the hardware is mildly trustworthy. The downside is you may not want Microsoft to be controlling what counts as trusted on your machine.
In an IT security context, "trusted" (example: "trusted computing") means distrusting the users.
I'm no MS fanboy, but don't you think Content Platforms like Netflix or Steam might be applying DRM pressure to Microsoft? And perhaps IP owners also apply pressure to the Content Providers to lock down their platforms, which may include hardware that has access to protected IP
I'd say content platforms absolutely are applying pressure on MS (And Google, and Apple as well). I'd be willing to bet governments are as well, and I'd also be willing to bet that Google's upcoming sideloading/developer ID changes on Android are also from government pressure.
Valve/Steam is definitely not applying any pressure, they've always been against strong DRM. Even the steam deck lacks any hardware locks or fancy DRM.
I hear you, but I don't really think its needed. IMHO, those features are being used to take away control of hardware you bought and paid for.
If you want to add better security to a computer make it opt-in and not expect people to use it who don't need it.
Yup, they can give you a secure boot chain that's otherwise hard to prove, and I've worked at places where (for example) disk encryption keys were protected by TPM encryption, using TrouSrS.
They can also often be used as a (slow) source of hardware randomness.
Most modern intel (seris 8 onwards) and AMD Zen onwards have fTPM too. Often these can be enabled in the bios during upgrade then disabled again.
Personally I upgraded to Win11 the moment it became available, but that's because I want to continue my run of free MS windows forever and I only ever boot into it to play games, with even that becoming less common.
I should mention that ubuntu phones home a lot.
I like the fact that it has done a lot for the linux ecosystem, but there are a few things:
- it has a privacy policy
- it forces updates
- their hardwired package ubuntu-advantage-tools cannot be uninstalled without breaking the os
- motd has telemetry and nags
- can't disable snaps
- whoopsie uploads crashes to canonical
now, this is different from windows because the os is mostly open source, but it is important to know not all linux distros are the same
(note that because the source is generally open, you can probably figure out how to "fix" most of these problems, but not easily and they are moving targets)
[dead]
> I'm recomming my customers switch to Linux rather that Upgrade to Windows 11 (scottrlarson.com)
But of a bait and switch from that to the actual article title…
> Retiring Windows 10 and Microsoft's move towards a surveillance state
If nothing else adhering to HN’s guideline on titles would have saved me having to suffer through reading “recomming.”
sorry about that. was trying to clarify the reason for the switch for hacker-news audience.
[flagged]
I know this isn't Stackoverflow, but... Does anyone have a good mental model for disentangling the issues of full-disk encryption versus secure-boot? I've been badly procrastinating with my desktop's new SSD because of it.
Use-case is:
* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
* I don't need unattended boot at all, I'd rather enter a passphrase every time.
* Resistance to evil-maid attacks is nice but not top-priority compared to theft.
* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
they are not incompatible. You can have secure boot and FDE for both linux and windows on the same system.
Just put linux's boot drive on a removable USB that has boot priority over the builtin drive. Then configure UEFI secure boot so that it works for both windows and your custom keys.
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Inst...
This setup has the added benefit of making it so that windows can't overwrite your linux boot drive, but from linux you can still access your disk from disklocker
I second slicktux's suggestion: look into OPAL, it's much more easier to setup and use compared to LUKS. The best part is, the encryption is transparent to the OS, so you could multi-boot between multiple OSes and not worry about encryption or compatibility with partitioning tools etc.
Your drive does need to support OPAL though, check out sedcli for managing SEDs.
Microsoft abandoned OPAL/SED support due to vendor's just f-ing it up making the encryption worthless. YMMV.
?? OPAL is transparent to the OS, Microsoft doesn't need to see/care about it. I'm multi-booting Win11, Linux and GhostBSD on my OPAL2 encrypted drive (on a ThinkPad Z13) and I've got zero issues.
They're talking about Windows Bitlocker. It used to be able to use hardware encryption if the drive supported it, then there were sufficient vulnerabilities in implementations that it now always does software encryption.
Being that it’s an SSD it’s already encrypting by default. You just have to set the User and Admin password and you’ll have full disk encryption!
You can set HDD/SSD password via the BIOS/UEFI or (my preferred method) using HDPARM —SECURITY commands.
Then if you take the drive out you can unlock it from another computer so as long as you plug it in directly and the UEFI supports HDD/SSD unlocking during post; if not you can install a Pre-Boot authentication on the drive that runs Linux to unlock the drive and then once unlocked it with the PBA it re-boots and it works as a normal un-encrypted drive.
Look into HDPARM and OPAL standard for full disk encryption.
I can't say anything about dual-booting Windows. I have heard that Windows Updates will frequently overwrite your custom EFI vars setup and reinstate the Windows bootloader etc.
Other than that, FDE and Secure Boot are unrelated.
The board's UEFI will boot the EFI binary that is either your kernel + initramfs (UKI binary), or a bootloader of your choice that then boots your kernel + initramfs. Depending on your distro, you may have a bootloader like grub or systemd-boot that is already signed by the MS third-party CA and your board may already allow the third-party CA, in which case you don't need to generate and sign with your own keys. Otherwise generate your own keys, set up Secure Boot with them, and then figure out how to sign your UKI binary / bootloader binary with those keys.
This initramfs will then be responsible for locating and mounting your root etc partitions. For a systemd distro using the UAPI Discoverable Partitions spec (use a specific type ID for the root partition), systemd has a builtin cryptsetup target that will prompt you on tty to enter the LUKS password for that partition. Otherwise investigate your distro's initramfs options for doing that.
>* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
grub and systemd-boot both show menus to select one of the available EFI binaries to chain to. Otherwise your UEFI might give you a similar menu.
>* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
Any other PC can mount and decrypt the drive with cryptsetup just like your original PC could, as long as you specify the same password.
>* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
Yes. You will launch board's UEFI, set the SB status to "Setup mode", boot your OS, then generate and enroll new keys which will set the SB to "User mode" and start enforcing signatures on next boot. And if it breaks you can set it back to "Setup mode" in board's UEFI, boot the OS and troubleshoot / re-enroll keys. The OS wouldn't care that you had previously enabled SB but are now booting with SB disabled.
Note that Secure Boot != Measured Boot. With a standard Measured Boot setup the disk encryption key is protected by secure element on the board (eg TPM) measuring the boot chain, so your disk will automatically decrypt when the boot chain matches the previous measurement and automatically fail to decrypt when it doesn't match. Your concerns about failing to decrypt the disk apply to this setup, not to SB. But also LUKS-encrypted partitions can have multiple keys to unlock them, so you can have both a Measured Boot-guarded encryption key and an emergency fallback password to unlock the disk manually.
You can turn the secure boot on/off at any time. The only effect from this is the loss of encryption keys that you might have bound to the measured values.
So for it to be effective against the evil maid, you really need to bind the LUKS key to it. But you can do that _and_ set a strong PIN for your LUKS key.
Yeah, I just got a msg the other day from someone who's saying "Windows 11 won't work on my computer, what should I do?" .. I'm suggesting they try Linux. All they do is browse the web and play card games. Linux has way the hell more games than Windows comes with, and it doesn't bundle ads with its games either!
It's kind of primitive but AisleRiot is my favorite solitaire application. It's simple, it's lightweight, it's either included with or easy to install into any distro. I play FreeCell on there all the time.
nice, thanks, I'll take a look!
Oh, yeah, this is absolutely perfect. Thanks again, that's amazing! It was really the only thing I wasn't sure about upfront for the person I'm thinking of. So awesome :D
I prefer Pysol but both are free anyway ;)
How about this, you don't need Windows. My mum runs Linux and has been for 10 years! No more support phonecalls!
Agreed! I replaced XP with Xubuntu (my preferred distro at the time) on my parent's computer about 15 years ago. I told them that "it works like Windows[0]", showed them how to check email, browse the web, play solitare, and shut down. Even the random HP printer + scanner worked great! I expected a call from them to "put it back to what it was", but it never happened. (The closest was Mom wondering why solitare (the gnome-games version) was different, then guided her on how to change the game type to klondike.)
[0] If "it [Xubuntu] works like Windows" offended you, I'd like to point out that normies don't care about how operating system kernels are designed. They care about things like a start menu, and that the X in the corner closes programs.
A number of customers are leaving Windows for Linux ahead of Windows 11. To support them, we had to offer a linux equivalent for a bunch of C# .NET desktop apps.
After evaluating a lot of options, pyQT + nuitka gave a reliable cross-platform result (can target distros based on Debian and Enterprise Linux easily.) And we are still able to target Windows for the customers that remain there.
Avalonia would have been a far, far better option.
We evaluated a ton of options, I'm not sure how Avalonia didn't make the list. Thanks for the tip!
[dead]
Where I work, I'd love to move our remaining Windows boxes to linux, but there's often software that only works on Windows. How well does Wine work these days? Can they run CAD software for example?
CAD machines are some of the few in our company that are staying windows instead of going to Linux. We're an autodesk shop, I tested fusion under Debian 6 months ago and it didn't work very well. I tried proton and wine, couldn't get either to work great and had issues. It would launch, but opening a medium complexity assembly was laggy, and the CAM module would crash fairly often. I can't speak for other programs from personal experience though.
That said, for home use freecad has gotten a lot better after the ondsel changes were merged, I was using the free liscence of fusion360 for personal projects, and moved over to freecad 6 months ago. I'd originally tried it 7 or 8 years ago, and it was just absolutely awful to use, but modern versions are really very good. There wasn't a huge learning curve, and I haven't run into anything that the program can't do. For hobby CAD, I'm using it for 3d printing, a Cnc mill, and making prints for manual machining. Honestly, I've been less frustrated with freecad than fusion360, it does a better job of getting out of my way and letting me design things. That said, I'm a software dev and IT guy, I don't know if it would work for commercial use. I certainly didn't push for the engineers to change, but their workstations are already running win11 that I had to debloat.
Here's a list of CAD application and their ratings on AppDB: https://appdb.winehq.org/objectManager.php?sClass=category&i...
Just run it in a windows vm for just that use, there's great ways to make this almost seamless in linux. works better than win/etc.
CAD applications usually require graphics acceleration. I've tried to make Fusion 360 work on linux using VMware, VirtualBox and GNOME Boxes – performance was unacceptably bad.
It’s often more a question of “will the vendor support it” than “can it run.”
Vendor support is mostly useless at the best of times. I'm more interested in 'can it run'.
Not really.
On linux, you have OpenSCAD (which is okay for some applications) and you have FreeCAD (which sucks imo). Right now, I just use OnShape which works in my web browser and is similar to SOLIDWORKS (and it's $0 for students).
In the future I will try running windows CAD under linux using kvm and this: https://github.com/casualsnek/cassowary
They want to try to force me to buy a new PC? In this economy?
I'm using Ubuntu as my daily driver for the first time since ~2010, and I'm solidly not hating it.
Thinking about other desktop environments and what not, but this was easy and familiar. Everything literally just worked... Which is the first for me with Linux.
I wish there was an active dev community that could patch win10 going forward, but without access to source code for the kernel, perhaps that isn't really viable.
Ideally I would want to use Linux but I also want to play games that are only supported on windows.
Does using WSL help or is an outdated windows base still going to be the weakest link in the security onion?
WSL is unfortunately is less than ideal, not only is it rubbish (it has its own set of issues like weird networking bugs), it also doesn't mitigate any of the security vulnerabilities/bloatware/telemetry/bugs etc present in Windows.
But you can always dual-boot between Windows and Linux. Just uninstall all your browsers (to mitigate risk) and other non-essential app in your Windows install, configure the firewall to block everything except games. And boot into Linux for everything else.
I think it's a good plan, though there might be some pain.
I have a bog standard AMD graphics card that does not work in Linux. I've tried multiple distributions and version in those distributions and both the Linux and AMD drivers. It just randomly flashes. Where do I go to get help? Who knows?
I wouldn't expect users to do this, but have you filed a bug on kernel.org for the amdgpu driver?
AMD's kernel developers are incredibly responsive there, I've worked with them to fix a bunch of bugs I've run into.
What card is it? If it's older than Volcanic Islands (2015), yeah, those old cards aren't well supported by the current amdgpu driver, so you'd need to use a distribution that still supports the old ati driver. The linked article recommends MX Linux for old machines. I think you can get it working with Arch Linux but that would require a higher level of effort.
This happened with a new AMD chipset with a Framework. One firmware update improved it and then kernel 6.8? I think fixed it. Was about perfect, then kernel 6.13 AMD driver broke it again. ;-)
Sounds fishy. What card is this?
Yes low end chips that no one bothered to write drivers for has issues
Try the forums or Discord chat for the distro you're trying. LinuxQuestions.org and the "Linux for All" discord are good places to ask distro-agnostic questions.
I'd be curious how well it runs NetBSD or OpenBSD.. have you checked?
upgrade your graphics card or try another? is it old with limited support?
I hear you though, I still have printing problems with my Epson WF printer.
I have Win10 on a laptop that I use and am thinking of either taking it an offline completely (and keep on win10 forever on it) or upgrade it to Linux but am not sure if it's worth the hassle upgrading a $200 Thinkpad Carbon x1, I may as well get another one and leave this one as is. I still own a laptop with Windows 7 that when I turn on, that is quite rarely, but when I do I am hit by wave of nostalgia. This win10 machine, I wish I could extend its operation as I am pleased with how it operates in its current form but I guess it's not possible. One thing I'm certain of, I will not upgrade it to Windows 11 and Microsoft and I as a user will part ways.
go for it (upgrade to linux). My T480s is still my goto laptop when I'm travelling (if I lose it, no biggie - encrypted home dir, meanwhile it can last for 5-7 hours playing videos, running webapps etc), versus my work laptop on windows 11 dying after 2+ hours.
Install Linux or BSD on that thinkpad and you're good to go. I still use ThinkPad X230's and T480/A485's every day, with Linux and BSD.
Will a person without a personal device still be considered a person?
For office I'd recommend Softmaker's FreeOffice or Pro 2024. They've worked great in my linux and macs
It seems to me that he's missed Teams off his list of "where this might not work for you" situations. A lot more than half my money comes from clients who know of nothing else. I'm not pleased about this, but it's another part of their grip on their more-or-less monopoly.
I would also say that the desktop version of Microsoft Outlook is much better than the web app. Can you even drag and drop emails to attach them from the web app? I never tried it. (It always bothers me that I cannot do it in Gmail. Attached emails are so common in the business world.)
Also: Almost all replacements for Excel are much worse, and incompatible with existing VBA macros that run a lot of HR, accounting, budgets, and other support functions.
Regarding Teams desktop app vs web app: Is there a big difference? I don't have experience with the web app.
| Regarding Teams desktop app vs web app: Is there a big difference? I don't have experience with the web app.
I seem to recall : it would only work on Edge; and you couldn't share your screen in the web environment.
I say "only work on Edge" but, to be fair, it's possible I may not have tried Chrome as I never use it. It didn't work on Firefox.
Teams works in Firefox on Linux perfectly fine for me.
[dead]
Luckily, to replace most of the Office applications, their respective online web applications work very well. That wouldn't be a major issue in migrating to Linux.
I may recommended the same for my parents.
20 years ago Ubuntu was the go-to for baby's first Linux. Is that still the case?
Would highly recommend Mint. Very stable, sensible defaults. Updates never broke anything in the past several years I have been using it on desktop and laptop. Just install the latest LTS version, turn on automatic updates and forget about it.
Ubuntu has unfortunately become the Windows of the Linux world - and I don't mean that in a good way.
Unless you want to be the perpetual IT support for your parents, I would recommend getting a user-friendly immutable/atomic distro, like Aurora[1]. Aurora uses KDE, which most Windows users would find familiar. It is immutable, which makes it very hard to break, and it uses atomic updates (basically updates either apply or don't: there's no partial state which can break the system). And in the rare event that something does break, you can boot directly to the previous version right from the boot menu, no need to run any manual rollback commands. My 70yr old mother also uses Aurora and has zero issues.
[1] https://getaurora.dev/
In my experience, if you aren't dealing with power users, normal people won't be able to break their Linux install. The standard permissions model stops them from doing anything stupid, and they don't know enough to be dangerous.
Thing is, regular Linux distros are most prone to breakage when it comes to updates - especially Ubuntu and Ubuntu-based distros[1]. My elderly mum is non-technical and has been a Linux user for the past decade, and she had Xubuntu, Mint and Zorin - all of which ran fine until update broke it (and this is just a bog standard DELL Optiplex desktop with an Intel iGPU). So I switched her to Aurora a couple of years ago and it's been rock solid.
This is why I recommend immutable/atomic distros for newbies, especially if the person installing it doesn't want to be a 24x7 tech support for that user.
[1] https://ounapuu.ee/posts/2025/02/05/done-with-ubuntu/
I would be very surprised if Debian stable ever broke anything. I am on Debian testing and none of the "standard software" - browser, office suite, image editing, zoom - has broken in many years.
Sure, if you stick to stock Debian repositories you should be fine. However this guarantee is gone if you're using proprietary kernel modules, like say nVidia drivers - which is not an uncommon scenario.
Also, the /usr merge thing has caused some issues for users, requiring manual intervention[1]. Not a big deal for techy users familiar with the terminal, but this isn't something end users might want to deal with.
Image based immutable distros don't have issues like this.
[1] https://wiki.debian.org/UsrMerge
The Windows of 15 years ago, maybe. Using Ubuntu now does not feel anywhere near as bad as using current Windows.
You may feel so right now, but wait until it's time to do a dist-upgrade... https://ounapuu.ee/posts/2025/02/05/done-with-ubuntu/
I switched from Arch to Ubuntu a while ago (switching from desktop to laptop, thought the batteries-included experience would be easier). I had, I want to say, a decade old (maybe more like 7 years) Arch install… never experienced a computer thing more annoying than updating Ubuntu.
Probably Linux Mint these days.
Mint is great! I've been using it for years, everything just works out of the box
Canonical keeps packaging things like Firefox as Snaps and that leads to weird issues sometimes. If it were up to me, I'd avoid anything using Snap because of the potential for headaches.
I wouldn't rule out a distro like Rocky Linux or AlmaLinux (or anything else based on RHEL) with Gnome or KDE installed. They will receive 10 years of kernel and OS security updates, and you can either use Firefox from their repos or use something like Flatpak or Snap to get newer software packages if necessary.
[dead]
Even if I didn't give a shit about the privacy stuff, I would like to just reiterate something I said a few days ago.
My mom got an automatic update to Windows 11, and it bricked her computer. It wouldn't boot; it would spin and then say it needed to go into repair mode, and then doing repair mode didn't do anything.
My initial thought was that the disk was hosed, but of course my parents had a bunch of priceless documents that were never backed up anywhere else, so I talked my dad through flashing a USB of Ubuntu so I could boot into it [1], mounted the NTFS partition, and ran smartctl and the disk wasn't reporting any errors. I found and ran a few other diagnostic commands and again, no errors. I was able to rsync the files to my home server, so nothing was loss. My initial assumption is that the Windows Update team didn't properly check to see if the CPU was compatible, and that maybe they were calling a newer instruction that wasn't on my mom's relatively old laptop.
After unsuccessfully trying to convince my parents to move to Linux, I talked them through flashing a USB drive with Windows 11 with an official image from Microsoft and using Microsoft's official disk flashing software, and we were able to install Windows 11, and as far as we can tell, it worked completely fine.
My hypothesis now is that whomever built Windows Update fucked up some kind of boot key and it was failing as a result. That or they just decided my mom should buy a new computer.
I was actually more annoyed after Windows 11 worked perfectly fine, not just because that means my parents aren't going to move to Linux, but also because that means that there's no technical reason that the computer should have been bricked, it was just the utter incompetence of Windows Update. Just to reiterate, this wasn't some hacked version of Windows 11, this was directly downloaded from Microsoft, flashed with their tools, with no adulteration on our end, meaning regular Windows 11 works fine. I highly doubt that my mom is the only person who has gone through or will go through this, and a lot of the people that will go through this won't have kids who are software engineers and probably be forced to buy a new computer.
Genuinely, how much e-waste is going to be generated by this forced update?
[1] Why the hell isn't there any kind of "Live USB" version of Windows? I mean officially, not some hacked thing? Why is the best way to fix Windows to use Linux?
> Why the hell isn't there any kind of "Live USB" version of Windows? I mean officially, not some hacked thing? Why is the best way to fix Windows to use Linux?
The windows installer image includes repair tools (which probably wouldn't work much better than the automatic repair), and you can get a command prompt in there and do whatever.
There was a live USB version of windows; Windows to Go. Microsoft stopped supporting it about 6 years ago for some reason.
Echoing a lot of users ITT, Windows has been good to me but the enshittification has reached what feels like the end point.
Windows value to me was "everything just worked". But that's no longer the case now, unless you are willing to walk down Microsoft's centralized rails. Need an MS Account and OneDrive... need expensive modern hardware... get ads and crapware... get telemetry and data exfiltration. The effort of working around all that is non trivial. EDIT: and if I was ok with all that stuff I'd already by captured by Apple.
If I have to fuck around with something in my home OS, that OS might as well be Linux. So now I am compiling wifi and printer drivers from github (FFS Linux!) instead of disabling telemetry and hacking an install with local accounts only.
The challenge, as always, is going to be taking the family with me.
Microsoft is an oligopoly that monetizes mediocrity:
-unable to execute a clean chip-architecture transition (while Apple shipped three clean ones)
-unable to modernize its operating system consistently (5 layers of different UI/UX and 30 years old DLLs spread all over the place)
-unable to harden its own software
-unable to design its own hardware
-unable to keep users's data secure
I could continue, but the pattern is clear
I will never store personal or government issued documents on a Windows device and I will never use any form of digital ID to login on infrastructure that depends on Azure AD
TPM, Secure Boot, Windows Update stories are the evidence that the more you entrust Microsoft, the worse it gets
maybe 2026 is finally going to be that long awaited Year of Linux :) long overdue!
I have said this 10 times on HN and i ll say it again. Release a version of Windows 11 called "Windows Optinmal" that has 0 telemetry, 0 trackers, 0 bloatware that runs faster than Windows 7 on modern hardware. Charge 4x the prices if you want, I ll pay happily
[dead]
This will only work if the customers have a considerable amount of experience with computers already. For the vast majority of people, Linux is going to present insurmountable challenges which will only lead to serious frustration.
I say this as someone who uses Linux daily. It's simply not ready for mass exposure. The second a layman wants to do anything remotely custom with it, they are going to struggle.
I think the vast majority of people use a PC for only basic functionality, like browsing the web and editing documents/spreadsheets, and for these users, Linux works fine. My 70yr old mum is a classic example of this - she used all versions of Windows from 3.1 to 7, and she switched to Linux about a decade ago and has zero issues. If my mum can use Linux, so can the average Joe.
It's the power users, or users who've got specific proprietary software/hardware requirements that usually run into issues: gamers who play games with kernel-level anti-cheat, professionals who're dependent on Adobe/AutoCAD etc.
I will hazard that the modal computer user in 2025 has never installed anything on their desktop computer. Almost everything is done through the browser these days - unfortunately.
[dead]
Another "everyone will migrate in droves to Linux" article that keeps poping up a Windows version ends, since Windows XP days, yet even Valve was forced to translate Win32 APIs to actually have games for the Steam Deck, after how Steam Machines went down.
General public won't care until they can buy laptops with GNU/Linux on their favourite shopping mall PC store.
As it stands today they are more likely to buy an iPad or Android tablet than such alternative, which aren't much better than Microsoft in user tracking, and much worse in user freedom allowed by the OS.
[dead]
I had a small business in 1995. We offered Slackware Linux for free and provided free training and installation for clients who wanted to try it. When Windows 95 came out, I had a 486DX 50Mhz system that booted Windows 95 and Linux, and Linux was more stable than Windows 95. Linux was also better than OS/2, but it didn't run DOS and Windows programs in Linux yet.
Those who chose Linux were happy with the choice. But they were only a minority.
Now, Windows 11 requirements make a lot of PCs obsolete unless they install Linux on them.
The fact Linux has like a zillion iterations and is all open source and free just proves companies like Microsoft are gangsters. They got to the hill first and now they sit on top with a gun.
Thanks for fighting the good fight. My chief concern is that you will alienate some of your customers because normies think privacy is for crackpots. I don't have any experience being in small business computer repair, but just my feeling as a neutral 3rd party.
Try to identify the problems the customers have. If privacy isn't one of their concerns, convincing them to switch PC OS is not a great fit on that basis.
Good point. Thanks. Your right I think I will create some eval questions and make sure I am putting the customers needs first.
I feel like there needs to be some way to explain the changes to Windows 11 as hostile from a longevity perspective with the ads and the lock-in.. With one-drive being activated and moving customer data to the cloud without consent, the LLM that gets in the way of the user experience, recall, ect. It would still be their choice but at least they would know what they were getting into..
I feel like id be doing some justice by letting customers who qualify (who don't have use-cases that Linux cannot handle) know that its a better experience because Microsoft is creating friction in the desktop experience now..
Normies don't think privacy is for crackpots, that's a meme among techies who are trying to justify surveilling their users.
Normies desperately want privacy, but think it is too hard to do, they're too dumb to figure it out, even if they figure it out it still won't really work, and that they won't be able to use stuff that they don't want to live without. They are often right, because they are smarter than they think and the industry is working against them full-time. A lot of people's incomes (on this very site) depend on keeping normies ignorant.
Just use Linux. It is easy.
Title is: Retiring Windows 10 and Microsoft's move towards a surveillance state
Can you fix?
This is an excellent article as well as a sign of the times. I wish the list of Linux choices had included Mint, which is essentially Ubuntu without Snaps. Snaps are a partly closed-source Ubuntu project that contradicts the open nature of Linux.
Linux users can install the free software suite LibreOffice, which not only replaces Office but reads and writes the same file formats. Many similar choices exist, this is just one.
Gamers can install the free Steam game compatibility layer on Linux, then play many of the same games they play on Windows.
Meanwhile, Redmond's recent requirement that everyone sign up for a Microsoft account, and its pushing the Recall eavesdropping-to-cloud feature with no user opt-out provisions, clearly signals Microsoft's belief that their customers should't be allowed to choose.
Here is a list of current Windows traits that should be options, but are out of an end-user's control:
* Required Microsoft account.
* User tracking and telemetry without knowledge or consent.
* OneDrive, which is cloud storage and tracking, requires technical skill to disable.
* Desktop-recall images to the cloud, essentially Microsoft mass surveillance.
* Edge browser, cannot disable or remove.
* Unintuitive user interface, out of user's control.
* Advertising everywhere.
All these frequently heard complaints are addressed by Linux, and Linux is free.
I've been a Linux user for 30 years. I maintain one Windows dual-boot system, partly to help friends deal with Windows issues, partly to entertain myself with what most people believe constitutes a normal end-user computer experience.
A bit of context -- my first computer was an Apple II in 1977, so my definition of personal computing might seem out of touch with modern times (https://www.atariarchives.org/deli/cottage_computer_programm...).
It's a matter of choice. We have no choice about firmware drivers, but we do about which Linux distribution to install. Since there is a choice, we can exercise it and send a signal that open-source is preferred.
> And, I am pretty sure that both NVidia and AMD have similar (binary blobs).
Yes, all true, and as more powerful GPUs appear, this is likely to become a more contentious issue.
So I say, choose where we have a choice.
> pushing the Recall eavesdropping-to-cloud feature with no user opt-out provisions
That's not what Recall is and not how it works.
Huge opportunity for Apple too.
If the issue is the OS vendor having too much say in what hardware you can use, it's hard to understand what the opportunity is for Apple.
Apple has never really tried to compete for the corporate desktop. It’s too low margin for them.
This. Google and Microsoft are the two juggernauts in this arena, Apple products live on the periphery of the corporate cloud ecosystem.
Based on the corporate IT emails I receive from time to time, it also sounds like Apple enterprise management controls are weak to non-existent. A few times a year, there is a blast sent out to not upgrade your corporate iphone/mac because of some incompatibility. In the Windows world, IT would just hold back the patch without requiring N users to do the right thing.
for *BSD and illumos too
I used to run Office in Wine back in the day. Is that not a thing anymore?
You can still run older versions, but anything from 2019 onwards will struggle - and you can completely forget about the latest M365 versions.
Luckily OnlyOffice is a pretty decent alternative with excellent compatibility with MSO formats. And there's also the web versions of office, which is now a decent alternative (unless you're a power user who needs macros/VBA etc).
I've been using Windows 11 since it came out. Seems fine, no real difference over 10. Maybe a little bit faster.
Some of the more annoying stuff like ads in the start menu and the like only really affect americans, as far as I know. I've never seen it. Had a brief battle turning copilot off everywhere when that became a thing - including in notepad! - but thats hardly just a microsoft thing.
Don't really understand all this drama over the TPM chip, especially since you can bypass that requirement with a little effort if you can't upgrade your hardware.
I ran a few shut-up scripts and installed StartAllBack and my machine is almost indistinguishable from Windows 7 on first glance. And it was certainly no more work than configuring Linux to my liking.
I switched my at home setup to MX Linux just in the last 2 months for dissatisfaction with even Win10.
Win11 is a hard no, I’m keeping a laptop with Win10 for the small amount of games I play. I will likely even try WINE for them soon but just haven’t got around to it.
Try proton from valve. Every game that's not bound by kernel level anticheat pretty much works. ProtonDB is the place to get the required magic incantations for edge cases.
Steam Flatpak works great if your games are on Steam.
[dead]
In general, the Ubuntu cinnamon desktop is a good starter system.
That being said, make sure to install printer, camera, and GPU drivers for new users before leaving your care (note iphone PhotoSync app also works with ssh.) Additionally, loading a suite of common Applications to replace web/email/CAD/publishing/media/gthumb/zoom tools will ease new users experience looking to complete some task.
Linux workstations are easier now given most services are web or App based. MacOS also tends to be easier for the people locked into Adobe =3
> Alternative for Microsoft Office: LibreOffice,
This would seem to require a little elaboration. LibreOffice Calc is supposed to be decent, but I practically never hear about it being used in the professional contexts where Excel typically appears. I'd be willing to bet that it will handle all of the spreadsheets currently used at our firm, but that's a convenient case where only a small number of spreadsheets matter and I know how they all work. For anyone managing a larger ecosystem the switching cost is daunting. Some links to case studies or analyses of when Calc can take over for Excel would probably be pretty helpful, since as far as I can tell Excel is the reason people stick to Microsoft, while Outlook, Teams and Word are mostly just tolerated.
Upgrade from windows 10 to Windows XP or Windows 7. All the holes have been found already.
I've been using Linux since the early 2000s. I've never been able to completely switch over from Windows or Mac.
One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
When I was young and poor, I had all the time in the world to tinker with my Linux machine to figure to get everything working again. I just want an operating system to work. If not Windows, I would recommend a Mac.
> One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
That's not really a problem anymore with immutable/atomic distros. Your entire system is upgraded in one go as a single image, any dependency issues are handled on the server (basically the image won't get built if there are issues). And most of your user apps will be installed via Flatpak or other means (homebrew/Nix etc) so you won't ever have to suffer from dependency issues unlike regular distros.
So if you want to get a distro that "just works", get an immutable+atomic distro (eg Aurora, Bazzite etc). Assuming of course, you've got compatible hardware.
It's not with Windows or Mac.
“Upgrade to Linux”
[dead]
I really don’t like articles like these because there’s so much FUD in a well-intentioned direction but it takes it too far.
Like, secure boot is not a bad feature, and I use it with Linux to enhance my security posture. It is a good thing. TPM is rather useful for encrypting your disks. Stop telling non-technical people stuff like this. The hypotheticals of a future of corporate control via TPM are completely outweighed by the importance of encrypting your data today. As of right now TPM isn’t enabling some kind of horrendous dystopian present. Maybe it will in the future but I dunno, I haven’t see it yet.
And then a lot of other parts of this article are gross exaggerations of reality, and a lot of those complaints already existed with Windows 10 users anyway. Some of these were actually worse at previous points in time (e.g., it used to be way more difficult to remove OneDrive and now it just uninstalls cleanly).
Windows Recall and Copoilot are entirely optional features that are very easy to disable entirely.
The author is straight up lying about windows recall and the “surveillance state,” Microsoft has directly stated that it is 100% local (doesn’t even work on hardware that lacks AI processing optimizations) and no information from the feature leaves your device. It also comes with a rather extensive list of security controls and sensible defaults if you actually read the documentation. Sure, a pre-release beta version had a security issue, but that was pre-release. If we want to start claiming that Microsoft is just directly lying about things they document very specifically and directly about Windows Recall that’s a really big accusation.
Windows 11 prevents complete uninstallation of features…yeah it’s an operating system, no shit. No they’re not going to let me uninstall File Explorer. Yes I know Linux lets you do that.
And the complaints about edge, sure, it’s true and all, but it is again a one-time issue that goes away once you change your default browser to some other browser that also begs you to make it default. It’s a minor annoyance at worst and judging by the marketshare of chrome everyone pretty much ignored Microsoft’s pathetic pleading. Everyone pretty much sleepwalks into installing chrome anyway.
Look, I say all this as a Linux user myself. There’s no need to exaggerate and lie about Windows just because we prefer Linux. I would still not recommend to most average joe windows 10 users that they should switch over to Linux, but I am recommending to more people than ever before.
Nobody thinks this is a weird reaction to an OS update that's been out for years at this point and barely makes a difference over the previous version?
There's no 'Recall'. Co-pilot isn't all over in your face so removing it isn't really a priority. Edge isn't forced on you, it's just part of the bundled software just like a bunch of other items as in every Windows for decades. Not saying it doesn't get hairy if you're going out of your way to remove them or not be in the ecosystem, but consumers don't care, and for the most part stuff isn't being forced in front of them.
I've started running windows 11 lately because I've gotten some laptops that had it, and after removing all the microsoft pushed apps including removing OneDrive at least twice... It just doesn't feel very good.
a) the lock screen gets stuck from time to time if you hit enter to get to the password entry, until you turn off all the pushed content on the lock screen. Which ok, I'm happy I turned that off... but then I had to log out and back in for that setting to take effect. Now that I know about that setting, I turned it off on my windows 10 machines, and it takes effect instantly.
b) I like my windows round on the top and square on the bottom. It's cutting off the bottom left character in my putty windows; you used to be able to undo that in the registry, but now you need to force load dlls (maybe putty can fix it?)
c) I don't want notepad to have tabs or autosaving
d) it feels like keyboard focus gets lost to the ether a lot more. I had this happen in new style apps on 10 (like the new calc), but it happens at the desktop from time to time on 11.
I had been using linux as my main desktop at home for years, and went back to windows 7 when gnome2 ended. 7 was very good, but it's been downhill since then, especially since Microsoft killed off SDET roles. I'll probably keep windows on the laptops (useful for FRC), but when support for 10 runs out, the desktops are going to move to FreeBSD and I dunno, fvwm maybe?
If you’re not on the corporate managed version of Windows 11, Microsoft frequently resets the default apps related to browsing, svg, pdf etc. I had it done twice in a week recently. That’s what flipped the trigger for me and I finally abandoned Microsoft.
If you’re measuring “Windows isn’t annoying” from the corporate perch, that’s not a fair comparison to what consumers and home users put up with.
Not to mention the forced upgrade and reboots that can’t easily be disabled for same.
> been out for years
Because now is the real push to get everyone off 10.
Almost nobody thinks that. You sound like you don't use or are not very familiar with your OS very much tbh
Every other OS from MS is garbage. XP good, Vista bad, 7 good, 8 so bad no one remembers it, 10 goodish, 11 horrific.
The hate is hardly unprecedented and indeed well-deserved. MS has shown in the past that they’ll respond to poor OS reception with attempts to win back customers and that’s what I’m hoping for in this case.
> Every other OS from MS is garbage. XP good, Vista bad, 7 good, 8 so bad no one remembers it, 10 goodish, 11 horrific.
Rather:
2000: good
XP: decent (after a long series of patches)
Vista: bad
7: good
8: horrific
10: bad (basically all the people hated it because of the surveillance stuff)
11: horrific