If they offered to support higher security on win11 with a tpm chip that'd be one thing, but they're creating a situation where you either pay them for security updates on win10 forever or be forced to upgrade hardware that is otherwise perfectly functional.
AFAICT the author isn't saying "TPM bad" but rather "wasteful disposal of millions of functional computers for no valid reason is bad"
You can disable the requirements for these features in Windows setup with Microsoft approved group policies. They are the definition of not required. My workbench PC is a shitty old XPS from 2014 and it runs 11 just fine.
Like, would people be more secure with TPMs? Absolutely, but I've been using computers in my home since fucking 2004 that did not have these features. Surely we can let it go a little longer without throwing folks to the digital wolves for the crime of not having a few hundred around for another new goddamn gadget?
I am. They by definition mean you no longer have full authority over your computer which is unacceptable. Even their name is orwellian - they are all about NOT trusting the user.
> They are the definition of not required.
They will be once support is widespread enough. And they will be used against your interests.
As for Secure boot, its main goal seems to be preventing you from installing non Windows operating systems.
The primary function of Secure Boot is to protect against bootkits. In a way, you're right, because for most desktop/laptop computers, a bootkit is indeed a "non-Windows operating system" that shouldn't be allowed to run. It's hard to get clear numbers on how prevalent bootkits actually are, but they're not purely theoretical. They can also be chained into compromising the UEFI and peripheral device firmware. So there's a real security threat being addressed by Secure Boot. Whether it should be required or not is really about the question of where the responsibility boundary between Microsoft and the end user lies.
This is not unilaterally true and there is no reason they won't try to push more locked down computers now that the base technology is accepted.
> The primary function of Secure Boot is to protect against bootkits.
Which are pure FUD when it comes to regular users. Once your computer is owned to the point where a bootkit can install itself all the user data (what actually matters) is already long gone. Secure boot isn't going to help you one bit.
"They" will absolutely push more locked down computers, indeed this has become the norm in many areas of computing already, like smartphones, tablets, and video game consoles. For that same regular user, though, this is irrelevant: they're never going to install a different operating system.
A computer once compromised by a bootkit is also e-waste. It can never be trusted again. Now, I think an argument can be made that Secure Boot as implemented on most PCs isn't enough to truly protect against bootkits, but that just leads us to even more aggressive ways of locking people out of fully controlling their own computers.
Ultimately, Microsoft (and any PC O/S vendor that might supplant them in the future) will be expected by enterprises, judges, legislators, average home users, etc. to take responsibility for exploitation of "their" systems. Computers connected to the Internet 24/7 cannot rely on end-user discretion alone, and the effectiveness of such discretion varies widely anyway.
What you're describing is more like security theater.
Does the TPM protect grandma from malicious javascript? :)
Mandatory code signing for web sites would go a long way to addressing some of the most common types of exploits we see today, and that doesn't require a TPM. I'd love to see it, but it is going to require some infrastructure and enforcement to work, and it too could become user-hostile (e.g., you can't block ads, because that would change the code).
> "Services open to the Internet" is more of a 2000s problem than a modern problem.
Then why does Windows need a firewall that's on by default, if it has no open services?
> Mandatory code signing for web sites would go a long way to addressing some of the most common types of exploits we see today
All the spam I'm filtering today has their DKIM and domain whatever and and and ... in order. I'm sure it would be the same for $random_phishing_site. They do have legit looking SSL certs don't they?
> it too could become user-hostile (e.g., you can't block ads, because that would change the code)
Or even worse, you'd need to submit your site to a review from some authority, App Store style. Pay for the signature. Pay for the review process.
Can you spell barrier to entry and speech that's restricted via financial means?
The question of what's good for people who do know what they're doing is an important one but it is a bit beside the point. These security measures have a purpose and it's not just to take control away from the end user. There are some other paths that could be taken, of course, but many of them seem to be starting from the point of willful naivete about the reality of computer security today.
And the alternative is ZFS encryption which apparently still has data loss race condition bugs and the person submitting patches to fix those admits they have no idea why that happens.
How does secure boot help against a browser vulnerability exploitation? Especially on Windows?
And if we're talking local attacks, there's always the $5 wrench to bypass the TPM.
> force-dragging their manufacturers and customers into 2010s era security is long overdue.
Spoken like someone who gets the newest tech toy without having to think if they can afford it. How much are your lattes?
It will eventually do that by only allowing you to run microsoft-approved signed software. Of course no sane person should want that but it's what all this is building towards.
That means it will only browse microsoft.com?
I support various machines owned by my family that are hardware encrypted spanning across the last 10 years. All work on Windows 10, use Secure Boot, and are encrypted with TPM and Bitlocker (or that invisible Home edition "device encryption" version). They don't support Windows 11.
Even the extreme outlier machine has TPM. This nonsense is not about security. What threats are actually affecting people's computers these days? What is this going to do against phishing and scammers? What new security features are present in Windows 11 and not 10 that are so critical to justify throwing out hundreds of millions of machines?
Ultimately my point is I don't think the following is true. What you describe basically exists, and no one wanted it. For Windows RT I remember it basically being, "wait a minute, this thing can't run my normal apps".
> but that might upset legacy corporate customers so instead they let ordinary people get hacked or lose their family photos and spend money on repairs
I doubt Microsoft could manage to market an umbrella in a rain storm, so I imagine that's why S mode is basically stillborn. These days people use a lot fewer native apps (and now it is possible to package many of them into the Store), and S mode can be converted to full. I imagine if it started in S mode by default most people would never notice
- Firefox is up to date (Fedora is often 2 weeks late on security patches)
- No upgrade cycle. Just `pacman -Syu` on a regular cadence, or whatever you're comfy with.
When you go with the vanilla install of a major distro, I find you simply run into fewer shenanigans.
I have Fedora on my main work computer (Dell XPS)
And I just got a Thinkpad E14 for CachyOS (arch based). It auto configured btrfs with snapper. Everything just worked fine so far (fingerprints, cameras, sleep, secure boot, sound, mics, etc)
Fedora is still the king as the main workhorse, no headaches, every 6 months there's a reasonable upgrade.
But I can't help myself going back to arch, it just feels snappier.
So if you have a boring hardware like this thinkpad I got, everything just works, go for Arch.
The main reason I went with Fedora on the XPS was some issues with hardware/wifi/bluetooth from time to time, usually an hour before an important meeting that made me chill, ask for a few minutes to rollback a btrfs snapshot, etc.
You do need to read the docs, though. Arch doesn't come with a firewall installed, etc out of the box. It really is a distro that is what you make of it.
If you're not technical honestly just buy a mac.
I still have rpm PTSD from my youth :)
> Debian is another great option, but packages are a bit behind.
I've got hardware for a new home server that's waiting to be set up, and I was planning to put Devuan on it. Anyone has any impressions of that?
> If you're not technical honestly just buy a mac.
I have two :) And a couple linux boxes but I mostly ssh into them.
I haven't used desktop linux in ages (about 2013, when I switched from linux desktops to mac desktops).
Once in a while I run into the newest Ubuntu desktop for various reasons (this time I needed a server in a VM and I thought why not, let's install the desktop) and I'm astonished at the corporate style spamminess.
Suspiciously like Windows.
I can't imagine recommending anyone run a distro that is effectively 10 years old & not really changing. It's still X11 and (mostly) gtk3!
It was a good option in 2015. And for some people I get that never changing never ever doing anything different is a huge value add for them. But I can't recommend starting your Linux experience by rusting in place, by using entirely backwards looking systems. Trying to ignore the broader ecosystem is a bad first Linux start.
Debian KDE is my go-to recommendation these days. Gnome is also fine but much less familiar, and most users I've found tend to like having options where-as gnome seemingly went to war with settings & customization. Debian isn't the most supportive but it's solid & amazing. Trixie is gonna be great, can't wait for release!
Just install the current Ubuntu release (not LTS) for a good experience.
The answer is no, not unless an absolutely crippled version is sufficient for your needs.
Even more reason to switch.
The last time I checked, Thunerbird can't flag a contact for reminder, or set the same category for an email and a task?
The mid-oughts battle over this in the international standardizations space is pretty fraught: https://en.wikipedia.org/wiki/Standardization_of_Office_Open...
And even now, even though there is a "standard" and schemas for, MS's apps mostly ignore them, or use undocumented extensions (as far as I'm aware), so it the whole thing was truly straight from MS's embrace/extend/extinguish playbook.
Primarily because there isn't a fully-functional equivalent.
Not really, unless they're doing something special. But if they're doing something special, they're not average users.
In my experience with Linux desktop, this could be "have the touchpad work the same as it did on Windows", "plug in an extra monitor and have it behave somewhat normally", or "play this game". But yeah, I guess that as long as we only expect "average users" to only use a web browser to look at Youtube, it's fine.
I have no idea how touchpads behave on Windows, but in, say, Gnome or KDE, you can adjust it through the GUI. Extra monitors work fine on Gnome. Steam works fine in general, across distros.
Like, I understand that my MRI operator can't just install Linux on their PC. But the majority of people are usually not dependent on Windows-exclusive software, especially in the smartphone era.
I know things have improved a bit after 10, but I used to say that it is easy to see who is using windows because they always brought their mice with their laptops.
Perhaps a far more polished and documented version of Qubes with various btrfs trees selectively presented cleanly to appropriate VM containers. Focus on the user UX meets the dev/ops UX but without gimmicks, not-invented-here, or fragility. All of the various desktop-laptop things need to work without surprises and be easily configurable with a UI. For fleet management, a desktop OS really needs simple, programmatic/declarative/imperative MDM- and/or chef-like configuration agent or hooks.
That's something you can make happen if you're paying people... but it's pretty hard when you aren't.
Why should someone work on something they're not thrilled about? (from their perspective)
You absolutely don't have to. There's no reason for normal users to ever touch the command line, every essential task (installing stuff, updating) can be done through the GUI on most distros. Certainly the main ones like Ubuntu, Fedora and openSuse.
> the software you are used to is not available
This is the main issue. The average user has a meltdown if a single button moves. I still remember the Office ribbon fiasco, Windows 8 fiasco, etc...
2. Enterprise software runs on Windows, that creates enough lock-in for Windows to always be a majority.
So few people actually use Linux and they use wildly different versions of it.
That said, Steam OS for desktop (if ever) would be a serious contender, since a big chunk of high-end PCs are only used for gaming and internet browsing.
The apps are quite specific to me, but I imagine there are similar killer apps for other windows users.
Man, I'm not so sure about that. The M-series Macbooks are just crazy good for speed and battery life. The basic bottom-tier Macbook is $1000 and will do for a vast majority of people. A $330 Windows laptop is going to be a phenomenal heap of junk. People were running Ableton on 16GB M1 Macbooks a couple of years ago.
There are good alternatives to Ableton, but once you get to know a DAW it is hard to switch. And running a DAW with an ecosystem of 3rd party VST plugins and low level access to audio hardware on Wine sounds like a recipe for a bad time, but I confess I haven't tried it.
So, yes, these things are possible, but it is still easier to just use Windows.
At the same time, Linux on the desktop fails often for everyone in between: the learning curve is still higher (especially for people coming from Windows), and some very specialized professional proprietary software can be missing.
Luckily, as mentioned in the article, Microsoft tries to make the balance more equal.
Writing this as a person who has used Linux for the last 15 years with a 2-year break for macOS and back.
I don't think the learning curve is higher at all. It's roughly the same as with Windows. But if you're coming from Windows, the fact that you have to mount a learning curve for the new OS can be a real friction point. When most people learned Windows, they did so over time, without pressure. If you're switching operating systems, you likely want to become competent in it very quickly. That can make it seem like the learning curve is higher when, in fact, it's just that you're trying to run up that hill faster.
Some [1] Linux distros were even trying to emulate this experience (which is a dead end obviously)
[1] Like Linux XP https://distrowatch.com/table.php?distribution=linuxxp
But also new people grow up with their school-provided Windows/Apple/ChromeOS laptops and only know mobile phones beyond that so the trend is probably not all that positive.
With one difference: I'm not scared of software upgrades. The number of times my laptop was semi-bricked by an update, usually graphics driver, which required frantic googling for random commands, GRUB scripts with enormous disclaimers about how mistyping something will brick the laptop for good, discussions about Nouveau and how it's lal Nvidia's fault really... That's bad, always was, never got better for me, and I really don't miss it.
I can’t take an article seriously, whatever merits it might have, if this is the opening gambit.
“End of life” is a fairly common term of art amongst software and hardware OEMs. Windows 10 is going to be end of life. No scare quotes needed.
Doesn’t matter if they do one off fixes because they decide that’s the right thing to do - product is still EoL. You won’t get support if, say, Word crashes due to a core library bug. You can’t rely on them doing regular testing. EoL.
Doesn’t matter if the DoD comes to some ridiculously expensive bespoke support arrangement - still EoL. You could probably offer them enough money to provide a support contract for MSDOS 1.0, but that’s still EoL for everyone else and in general.
You don't get that under regular contracts either. There are tons of bugs, including crashing ones going back decades.
EOL either means "no more fixes period" or means nothing.
Absolutely false. Of course vendors sometimes mark things WONTFIX, but Microsoft regularly produces bugfixes for supported products based on issues identified in support cases... As does every other reputable software vendor.
> EOL either means "no more fixes period" or means nothing.
Well, I disagree. Can you call in and get support with a support contract? Can you get a support contract without a one-off negotiation? Does the vendor regularly produce bug fixes -- not just emergency security fixes to allay a PR disaster -- for the product? No to all three? EoL.
Most important of all, has the vendor signaled that they will not support the product after X date and therefore a customer without a bespoke contract cannot rely on said support? EoL.
The worse an outcome with an outdated product the more the vendor has to support it because it would harm them to let any version of their product become synonymous with security risk.
Microsoft announced at its Ignite conference this week that Windows 10 will be the last version of Windows. Microsoft has no plans to let Windows 10 become stale. On the contrary, it plans to keep Windows evolving with regular improvements and updates.
Read More: https://www.slashgear.com/windows-10-said-to-be-microsofts-f...
And this is such a minor point to refuse to take an article seriously, one might as well refuse the theory of relativity paper because Einstein had some mispelling.
At least we’ve got smart paste
Microsoft really stumbled upon gold when they designed Windows 7, and fumbled it because investors always need novelty for growth. Mint just picked up the ball and kept running.
They don't mention the requirements directly because people would laugh them out of the room.
For hardware (aside from the TPM):
1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor, 4 gigabytes (GB), 64 GB or larger storage device.
That is "higher than they need to be"? I don't think so. That's the absolute _floor_ and I'm shocked it isn't higher. Windows raising requirements forces hardware vendors to ship something better and for many people who buy the entry-level computer that's a boon.
> Is it finally the year of the Linux desktop?
No, and I don't see that happening anytime soon. I can't take someone seriously if they legitimately think installing Linux Mint is a viable alternative for normal people. If you are reading this you are not normal and neither are any people for which you support a linux install (parents/friends).
Those computers efectively have fixed requirements measured in a few megabytes + Whatever Windows needs
This eventually will mean that either those apps get rewriten for no good reason and moved to other platforms, or they get stuck on 'unsupported OS, AirGapped from as much as possible' limbo
Effectively nothing about them changed, they didn't need anything new, the API's didn't change, Microsoft just decided to do the thing
There are plenty of ancient computers running DOS or older still, nothing stops them from working if you don't need features of the newer OS.
Also you can upgrade windows 10 to windows 11 even on hardware that Microsoft says is unsupported. Google for the workarounds. You only need to download the win11 iso from Microsoft and make a bootable USB stick using Rufus. Don't download anything from anywhere else. I wouldn't trust it.
I think about my mom. She's not tech literate, but needs a PC to do business. She cannot seem to remember Ctrl C, Ctrl V. She doesn't know what a file explorer is or how to pair a Bluetooth device. There is no way in hell she would know how to update to 11, nor would she even comprehend any of the differences between the two. She's the type of person that would buy a new computer if her charger stopped working. She represents millions of people that own a computer.
We're going to see a lot of 10 stragglers not due to protest, but incompetence. For any of us that actually care about updating, it is incredibly simple to bypass any checks. For anyone that would attempt to run Linux, it would be easier to bypass the requirement checks. This whole thing is blown completely out of proportion because people are still trying to push the year of the Linux desktop.
It might convert some people, but stop pushing (imo) misleading narratives like planned obsolescence when we're living in an era of a Windows that is more secure than ever, has the largest catalog of runnable software, and probably the largest step in the history of the platform.
I suspect if you were willing to cough up a few $B you could get companies to support any old hardware that you want, indefinitely.
You do understand how publicly traded companies work, right? The numbers must go up at all cost.
As for what their end game with TPM is we can only speculate - but they have been trying to push "trusted" computing for a long time now, with themselves in control of the master keys of course.
To introduce WEI, to remove possibility of running Linux, or open os. Everything needs to be signed so you could easily be controlled and tracked.
Those replying may or may not find objectionable
(a) "sluggishness",
(b) "ever-more advertising and tracking" or
(c) both (a) and (b)
Even if a default Windows install was fast, some people might still object to (b)
FlipperPA•8h ago
kgwxd•8h ago
This message needs to stop. I use both heavily, because 1. I need to work and 2. I believe it's my duty to attempt to escape the prison MS/Apple/et al have built around us. But running Linux is fucking hard, unless all you need is available in a browser, and even then...
If someone is going in expecting an easy replacement, they're going to leave the second it's not. If they go in believing it's a fight for our collective souls, they might be willing to join the rebellion.
fainpul•8h ago
baal80spam•7h ago
This is not an issue for many, many years now.
> Both of these are much easier (or unnecessary) on most Linux distros.
Oh, now I know you are joking.
kgwxd•6h ago
Just this month, I put Linux Mint on an old dell laptop, and a custom built PC with a 1080 ti in it.
The laptop worked perfect, wifi worked out of the box, and it ran much smoother than it did with Windows 10.
The desktop was a pain because none of the 3 usb wifi devices I already had, worked out of the box. I started down the path of following some guides that got 2 of them "working" with the same steps, but they both behaved horribly. I gave up and ordered a device known to work with Linux for $50 because it just wasn't worth my time. It's connection speed is even faster than it runs on my windows machine, but there are frequent "blips" in the connection. Gah! Nothing is more demotivating than having trouble loading the web page trying to show you how to fix your networking issues.
The video card seems to work fine but none of the games I want to play via steam work nearly as smooth as I hoped, and they're old games, the newest one just turned 10 yo. I love what Steam is doing, and I'm sure I could get a lot of the games working pretty good with some more effort, but it's not the cakewalk it's often hyped up to be. I decided to just use it for old emulators, and stick to my Windows machine for other games.
On top of all that, it feels just about as "slow" as it did with Windows for basic operations. Again, I'm sure I could do some optimizing and get it blazing fast, but I don't have the time for that when I've already got things generally working fine on other machines.
moooo99•8h ago
For some it is, for others it isn‘t. It really heavily depends on what you want to do with it. I have migrated multiple family members to Ubuntu with KDE and they don‘t have any complaints at all. Many people fail to realize how basic the computing needs for many people are, especially individual consumers
neepi•8h ago
What I have learned is that in the last 30 years of being told that I should switch to Linux on the desktop is that I should stop listening to these people’s ideological perspective and just get on with creating and doing shit. Because that’s far more important. I’ll take Excel and Adobe over any of the alternatives.
I am not even sure I’m happy with it on the server these days. FreeBSD is far less nasty.
kgwxd•5h ago
I guess my point was that we're going to lose more potential users by over promising instead of just being honest.
It's built on an ideology.
It's pretty good but, when you struggle, we're here to help.
Things will be different, sometimes in very stupid ways, but there are multiple choices, with tradeoffs, YOU get to decided on.
The big corporations aren't really interested in you as a target demographic, but do you really want them to be?
All that sounds way more inspiring than "It'S tHe SaME thING, bUTT FReEEEEEdOm" which gets proven factually incorrect within the first 5 minutes of attempted productive use.
pjerem•8h ago
Changing your habits is hard. But that's also true for Windows > Mac.
Linux (Mint) in itself isn't hard. You need to understand what's different. If you have no hardware issue, the biggest different lies in "how do I install [software]" ? But now most distros (incl. Linux Mint) are hidding the package managers (including flatpack which provides a lot of software) behind nice "App Store" like GUIs.
How do I know that ? After years on Linux & Mac, I had to work on Windows in my previous job. Guess what ? It was hard. Especially Windows 10 & 11. It's complex, it's a mess, nothing is coherent. I started my journey into computing with Windows 95. It used to be somehow simple, with coherent ergonomics. It's long gone. Any big Linx DE is more coherent than recent Windows nowadays.
HWR_14•6h ago
account42•6h ago
kgwxd•5h ago
joseda-hg•7h ago
I'd say in many cases, it's already too hard in windows and they don't care anyway, might as well swap, and stick to the lesser of evils
andrepd•7h ago
Has this actually been a valid complaint for the past 15 years?
I'll concede that installing it (merely downloading, burning to a thumb drive, disabling secure boot, following the install wizard) already puts it beyond the scope of 99% of users, which will use the pre-installed OS no matter what.
But using it? Linux Mint is orders of magnitude more user friendly than Windows. It's fast, clear, there's no ads and no mandatory logins. Things work out of the box with no need to manually install drivers. There's an easy to use "app store". Most Windows programs even run with Wine/Proton.
We're not in the 90s slackware era anymore.
dismalaf•7h ago
Running Linux is easy. Literally everything is easier from installation to installing drivers (they're all in the kernel except Nvidia, which you don't have to worry about if you're on Ubuntu as it installs it for you), installing software, updates, upgrades...
The only difficult part is all the shit advice on the internet and the idea that you *need* certain software.
qoez•8h ago
charlieyu1•8h ago
account42•6h ago