The problem is not that they exist or that Windows 11 supports them. It's that Microsoft pretends they are required, when they are not.
I think that's what "artificial limitations" mean. Microsoft pretending they are required when they are not.
If you want to add better security to a computer make it opt-in and not expect people to use it who don't need it.
But it's kind of MSFT's choice whether TPM and secure boot are requirements for their software. If their software makes security assumptions that the OS has access to trusted hardware then it's a requirement. One could argue that they should create secure and less secure versions of Windows, but I don't think anyone is really going to take that seriously beyond rhetoric.
There are a lot of advantages to assuming the hardware is mildly trustworthy. The downside is you may not want Microsoft to be controlling what counts as trusted on your machine. If so, then you probably don't want MSFT to have root in your machine either and you're better off with a different OS.
In an IT security context, "trusted" (example: "trusted computing") means distrusting the users.
They can also often be used as a (slow) source of hardware randomness.
Most modern intel (seris 8 onwards) and AMD Zen onwards have fTPM too. Often these can be enabled in the bios during upgrade then disabled again.
Personally I upgraded to Win11 the moment it became available, but that's because I want to continue my run of free MS windows forever and I only ever boot into it to play games, with even that becoming less common.
TPM also enables things that average users care less about like DRM, but Passkeys are a good idea and having them more-secure-by-default is good for the average user (even with accidental vendor lock-in implications).
There are security boons, sure, but these are a side effects. They are not what TPM is for.
Stated primary intent by Microsoft for TPM is Passkeys (because Microsoft has key incentives to kill Passwords and reduce Phishing) and Netflix-class DRM (because people want to still be able to watch Netflix on their PCs).
Sure, Microsoft has also tried locked down "Store-only" versions of Windows (partly to appease Educators who moved to Chrome OS for that need/compliance requirement), but also has heard loud and clear that isn't the version of Windows that will drive sales from the market at every one of those attempts. At this point there should be no way that Microsoft still thinks they can lock down Windows as much as Apple and Google lock down their phones. If anything Android moving even more locked down seems to be a marketing opportunity for Windows to point out that they generally won't.
Microsoft isn't perfect, and isn't a monolith (I'm sure there are executives that wish Microsoft was in the position of Apple or Google right now), but the flip side, Microsoft is a company with products to sell and the market tells it doesn't want locked down Windows and for the most part Microsoft is incentivized still to not lock down Windows. Basic greed is an easier explanation for their past and future behavior than imagining some conspiracy where Apple, Google, and Microsoft are all in it together to kill the unlocked computer.
Microsoft has tried, and failed, before but there is a culture shift here. All platforms are becoming locked down and consumers are being accustomed to being treated like cattle. Some even prefer it, beg for it.
One day, the time will come, and Microsoft will have all the tools. Because you gave them the tools.
Win11 is a hard no, I’m keeping a laptop with Win10 for the small amount of games I play. I will likely even try WINE for them soon but just haven’t got around to it.
I have a bog standard AMD graphics card that does not work in Linux. I've tried multiple distributions and version in those distributions and both the Linux and AMD drivers. It just randomly flashes. Where do I go to get help? Who knows?
I hear you though, I still have printing problems with my Epson WF printer.
AMD's kernel developers are incredibly responsive there, I've worked with them to fix a bunch of bugs I've run into.
Use-case is:
* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
* I don't need unattended boot at all, I'd rather enter a passphrase every time.
* Resistance to evil-maid attacks is nice but not top-priority compared to theft.
* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
So for it to be effective against the evil maid, you really need to bind the LUKS key to it. But you can do that _and_ set a strong PIN for your LUKS key.
1. Your data on the drive/partition is encrypted by $BIGKEY, which basically never changes because that would require redoing everything.
2. The LUKS header stores one-or-more encrypted versions of $BIGKEY, generally encrypted using a more convenient $SMALLKEY that a human could memorize. Optionally, $PIN can also be part of the encryption step.
3. Unlike $BIGKEY, the $SMALLKEY and/or $PIN can be changed over time. This changes the ciphertext of $BIGKEY and rewrites the LUKS header.
4. Optionally, secure boot is capable of storing and retrieving $SMALLKEY into system chips in such a way that most tampering ought to destroy $SMALLKEY.
> So for [Secure Boot] to be effective against the evil maid, you really need to bind the LUKS key to it.
If my $SMALLKEY is not stored inside the secure-boot chips, I can see how that would be inconvenient, but I'm not sure how that is safer.
Is it because the route $SMALLKEY automatically travels bypasses tricks like a hardware keylogger?
You can set HDD/SSD password via the BIOS/UEFI or (my preferred method) using HDPARM —SECURITY commands.
Then if you take the drive out you can unlock it from another computer so as long as you plug it in directly and the UEFI supports HDD/SSD unlocking during post; if not you can install a Pre-Boot authentication on the drive that runs Linux to unlock the drive and then once unlocked it with the PBA it re-boots and it works as a normal un-encrypted drive.
Look into HDPARM and OPAL standard for full disk encryption.
Other than that, FDE and Secure Boot are unrelated.
The board's UEFI will boot the EFI binary that is either your kernel + initramfs (UKI binary), or a bootloader of your choice that then boots your kernel + initramfs. Depending on your distro, you may have a bootloader like grub or systemd-boot that is already signed by the MS third-party CA and your board may already allow the third-party CA, in which case you don't need to generate and sign with your own keys. Otherwise generate your own keys, set up Secure Boot with them, and then figure out how to sign your UKI binary / bootloader binary with those keys.
This initramfs will then be responsible for locating and mounting your root etc partitions. For a systemd distro using the UAPI Discoverable Partitions spec (use a specific type ID for the root partition), systemd has a builtin cryptsetup target that will prompt you on tty to enter the LUKS password for that partition. Otherwise investigate your distro's initramfs options for doing that.
>* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
grub and systemd-boot both show menus to select one of the available EFI binaries to chain to. Otherwise your UEFI might give you a similar menu.
>* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
Any other PC can mount and decrypt the drive with cryptsetup just like your original PC could, as long as you specify the same password.
>* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
Yes. You will launch board's UEFI, set the SB status to "Setup mode", boot your OS, then generate and enroll new keys which will set the SB to "User mode" and start enforcing signatures on next boot. And if it breaks you can set it back to "Setup mode" in board's UEFI, boot the OS and troubleshoot / re-enroll keys. The OS wouldn't care that you had previously enabled SB but are now booting with SB disabled.
Note that Secure Boot != Measured Boot. With a standard Measured Boot setup the disk encryption key is protected by secure element on the board (eg TPM) measuring the boot chain, so your disk will automatically decrypt when the boot chain matches the previous measurement and automatically fail to decrypt when it doesn't match. Your concerns about failing to decrypt the disk apply to this setup, not to SB. But also LUKS-encrypted partitions can have multiple keys to unlock them, so you can have both a Measured Boot-guarded encryption key and an emergency fallback password to unlock the disk manually.
Your drive does need to support OPAL though, check out sedcli for managing SEDs.
Just put linux's boot drive on a removable USB that has boot priority over the builtin drive. Then configure UEFI secure boot so that it works for both windows and your custom keys.
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Inst...
This setup has the added benefit of making it so that windows can't overwrite your linux boot drive, but from linux you can still access your disk from disklocker
Try to identify the problems the customers have. If privacy isn't one of their concerns, convincing them to switch PC OS is not a great fit on that basis.
I feel like there needs to be some way to explain the changes to Windows 11 as hostile from a longevity perspective with the ads and the lock-in.. With one-drive being activated and moving customer data to the cloud without consent, the LLM that gets in the way of the user experience, recall, ect. It would still be their choice but at least they would know what they were getting into..
I feel like id be doing some justice by letting customers who qualify (who don't have use-cases that Linux cannot handle) know that its a better experience because Microsoft is creating friction in the desktop experience now..
Normies desperately want privacy, but think it is too hard to do, they're too dumb to figure it out, even if they figure it out it still won't really work, and that they won't be able to use stuff that they don't want to live without. They are often right, because they are smarter than they think and the industry is working against them full-time. A lot of people's incomes (on this very site) depend on keeping normies ignorant.
But of a bait and switch from that to the actual article title…
> Retiring Windows 10 and Microsoft's move towards a surveillance state
If nothing else adhering to HN’s guideline on titles would have saved me having to suffer through reading “recomming.”
https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/d...
There are several options for desktop environment, and you can select which ones to install when you boot that installer image (and also add/subtract more later, and change your preference at login time).
One of the nicest-looking ones that should be self-explanatory to use (for anyone who's used any version of Microsoft Windows since 95) is Cinnamon. Most of other desktop environments default to similar, except for the current default Gnome one, which is a bit more creative in a way that's not intuitive.
The Cinnamon desktop will use a lot of that Gnome stuff, but things like a start menu and task bar will be more familiar than the corresponding elements of the default Gnome desktop.
Things that intrigue me:
- For photos, darktable is surprisingly good. I think this was my biggest single surprise, being a Lightroom user.
- GIMP was always great and now it's even better.
- LibreOffice is good enough that I can live on it just fine. I do miss Keynote, but it's not a showstopper.
- Dia is good enough for diagrams, though I miss OmniGraffle.
- Notice how there aren't any Windows apps I miss. There are Mac apps I miss (Keynote and OmniGraffle).
- Anything involving the web just works.
- Suspend/resume on my Linux laptop works better than suspend/resume on Windows, but not as good as what you get on Apple M hardware.
- Battery life on my Linux laptop is better than on Windows, almost entirely because Windows wakes the laptop up while it's suspended, so if you close the Windows laptop and carry it around unplugged, you'll find that the battery is totally drained after some number of hours. Linux doesn't have this problem.
- Development workflow is amazing. I'd rather program on Linux than anything else.
- The lack of crapware and nagware is so amazing.
- Similarly for Photoshop users, Photopea might suit them better than GIMP. And there's also Photoshop Express/Online if they really want to stay in the Adobe ecosystem.
I like OmniGraffle but personally I didn't think it was worth it when draw.io was free anyway. Like I don't feel it was $150-$250 better than draw.io, especially since it's not cross platform.
I've played with it, and it seems pretty ok; the only reason I haven't used it much is because draw.io has been good enough, but I really should give it more of a test drive before I draw any conclusions.
For adding shapes/colours/annotations etc to photos, I found krita to be more accessible than gimp. E.g. I wanted to do changes to my contractor's realistic concept drawings and I could learn krita (guided by Claude Sonnet) and make the changes in a span of couple of hours.
We'll have a few macs and 2 win11 machines, but the rest are getting migrated.
We're in the Google ecosystem for email, docs, and drive so I'll just deploy Chrome instead of a Libre chromium. I'd rather not troubleshoot user profile issues, and they have access to all our data anyway. Honestly, I fully expect I'll have more than a few users that don't even notice the OS change.
The UI in LibreOffice feels quite clunky and outdated and never seems to have been given any thought since the OpenOffice days. But Google Docs is so feature poor that I'd rather live with LibreOffice's UI. Especially as you can adjust to the latter after using the software for a while.
See this for all OSs/platforms: https://gs.statcounter.com/os-market-share#monthly-200901-20...
See this for Desktop OSs: https://gs.statcounter.com/os-market-share/desktop/worldwide...
They are on a slow death spiral. Their solution to raise revenue when their marketshare goes down is to squeeze harder. So they lose more users and the vicious cycle continues. In 10-15 years, they'll dip below 50% of marketshare, at which point there will be various alternatives which will accelerate their downfall. This already happened in tablets/phones.
It might also happen faster since they have a stronghold in Asia and China is now looking to accelerate the building of alternatives.
After evaluating a lot of options, pyQT + nuitka gave a reliable cross-platform result (can target distros based on Debian and Enterprise Linux easily.) And we are still able to target Windows for the customers that remain there.
I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't. A Windows Logo compliant PC _also_ needs a way for users to install their own root of trust. Microsoft didn't need to add that requirement. Sure, there are large corporate and government buyers that would insist on that, but they could convince (without loss of generality) Dell to offer it to them. Instead, Microsoft said all PCs need it, and as a result, anybody who wants to take advantage of secure boot can do so if they go through the bother of installing their own root of trust and signing their boot image.
There's no issue booting a boot rootkit with the standard Windows bootloader unless you manually seal the image with command line or group policy, and even then it's possible to bypass by installing a fresh bootloader because the images are identical and will boot after a wipe.
This. It is secure only for MS, AMD or Intel.
This was not the case with the initial rollout of Secure Boot, it was combined with locked BIOS to lock PCs so that they could only boot Windows 8 on some devices. This was the case on Windows RT ARM machines from that era.
All that has to be done today for machines to be locked down again is to flip a bit or blow an e-fuse. It's already the case on phones and tablets.
There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
I say this as someone who agrees with your first paragraph and uses Secure Boot + TPMs on all of my machines.
People here REALLY need to start understanding this issue. Remote Attestation is the kind of tech that if abused will end free computing over night.
- Private Access Token [0]
- Web Environment Integrity [1]
among other proposals.
The idea that understanding is the problem feels like a fallacy. People need to upgrade hardware, and when all chips contain such functionality, consumers won't have a choice of alternatives. What you want is legislation (or a dominant competitor lacking such features, which doesn't exist).
After all, legislation is what is forbidding you from producing a competing x86 processor with the changes you want.
Personally I think any form of attestation is evil.
Ironically, installing Windows 10 and activating ESU would lead to longer hardware life.
Of course, I didn't. Instead, I installed Linux on that laptop too. My partner had no issues switching.
I'm not sure Microsoft took the best approach. I might have opted into a "Windows 11 Slow CPU" SKU if it was marketed right. That might have been a little kinder than "all these CPUs with this awful series of bugs are trash, even though we have had a successful workaround".
[0] https://en.wikipedia.org/wiki/Spectre_(security_vulnerabilit...
But also that's a bit victim blaming isn't it? Do you want to explain to your grandfather or partner or child "Oh sorry, you had a password stolen because you chose to visit Google.com on a day where Google let an ad buyer attach Spectre exploit malware"? (Google could also chose to not let ads attach JS at all, but that's a very different problem.)
Computers have millions of places they get code from to run. Is "your CPU has a data leaking bug in it" the user's problem or the OS's problem? When there's a mitigation the OS can manage? When security-in-depth is an option?
I installed Bazzite on my own old Desktop not supported by Windows 11. One of the first things the Linux kernel spits out on boot if I have the boot console up is about running with Spectre mitigations. The Linux kernel also thinks it is important to mitigate (as Windows 10 did, but Windows 11 doesn't include and so doesn't support this old Desktop).
The point I want to make is that allowing remote code execution is such a big attack surface that it makes all the other security measures look silly, which indicates that signed execution contexts in them self is an attack on privacy and control etc.
If there was any actual security concerns there could be a push for server side rendering or something.
No, I think they bend over backwards not to do it overnight because of the outcry but try to make all required changes and enforcements gradually over the years so in the end you will have no choice but there will not be any sudden change that would spark protests.
Okay, but, that was like 15 years ago, on some shitty first-run computers that no one bought. A failed first attempt. I've never met a single person that owned, or has ever used, a Windows RT device.
The world has moved on. But oddly continues to buy bootloader-locked iPhones and Androids by the bucketful.
Dwelling on the past isn't going to move us forward. Anyone pushing the "Secure Boot and TPM are evil" trope in 2025 is objectively a fool and should be ignored. Most don't even realize what a TPM does, they think it's some secret chip inserted by glowies into their computers to prevent them from running free software. No.
Forgetting the past will make PC's as closed as phones.
But they are not in control of Secure Boot.
Microsoft runs a root CA that is pre-installed on most PCs. It could have been Verisign or someone else, but MS made sense at the time, likely because they had additional code signing expertise.
You are free to delete these keys and/or install your own. If there wasn't preexisting infrastructure, Secure Boot would be DOA for most people.
> Microsoft runs a root CA that is pre-installed on most PCs.
How can you write those two statements on two adjacent rows? In practice that makes MS a gatekeeper.
Some combination of the advertising industry and those with a vested interest in anti-fraud such as banks will eventually try to sneak remote attestation in there, which has the potential to put a complete end to ownership of devices as we have always understood it.
I wouldn't call the first Microsoft Surface, Surface 2, Dell XPS 10, and Lenovo IdeaPad Yoga 11 products that no one bought.
> I've never met a single person that owned, or has ever used, a Windows RT device.
I have and I also regrettably bought one myself.
> Dwelling on the past isn't going to move us forward.
The past dictates the future, and history repeats itself. Microsoft made their intentions known, it would be foolish to pretend they haven't. They continue to make their intentions known today with the Pluton cryptographic co-processor, that paired with a TPM, can enforce remote attestation by design. That is literally the intent of the Pluton chip: ensuring platform integrity and securely attesting to 3rd parties that your system is Blessed/trusted.
> Anyone pushing the "Secure Boot and TPM are evil" trope in 2025 is objectively a fool and should be ignored
Anyone tearing down this strawman is tilting at windmills for some reason.
> Most don't even realize what a TPM does, they think it's some secret chip inserted by glowies into their computers to prevent them from running free software.
I wouldn't project ignorance on those you don't actually know. You can understand what a TPM does, understand how it can be abused today and acknowledge how it was abused in the past.
Remote attestation can be misused, yes. But why writing it as TPM is the problem? In cases where remote attestation is used for good, TPM improves the setup, if anything.
I dont see the rationale for what you wrote, and am genuinely curious what it is.
Root your phone, even if it is just for the ability to make full backups (because that is, to this day, not a thing on Android)? Say goodbye to banking, most games, even the proposed new EU "digital identity" government wallet was supposed to enforce attestation.
And everyone with a phone on the "bad vendor" list that either doesn't get Google certification from the start or gets it revoked due to sanctions? Same.
The preparations for eIDAS 2.0 (the EU thing) has been heavily inspired by SSI. If they keep up the good work, and implement it properly, security and privacy will be top notch. And that is only possible by using TPM (or really SE when we talk about mobile phones).
Yes, I know that eIDAS might end up not meeting the early promises. We will have to see. But in that case it will be despite the possibilities that the hardware provides, not because of them.
Let's compare these scenarios:
A) TPMs are optional and 30% of users have them. A bank is thinking about requiring remote attestation to use their services. Since they'd lock out 70% of users they decide to not do it.
B) TPMs are mandatory and 90% of users have them. A bank is thinking about requiring remote attestation to use their services. Since they'd only lock out 10% of users they decide to do it.
And banking is the nice example here. Refusing to serve a site if the user is using an ablocker is very much in the interest of powerful players in the space, see WEI. Every platform that has wide spread TPM adoption, namely Android and iOS have shown that they will abuse them for anti-consumer purposes sooner or later. We are talking about Microsoft here, the current and past poster child for anti-consumer decisions.
I hope that explains why making TPMs blanket available introduces new risks to sovereign computing.
Being able to install another OS isn't much good if critical applications and websites refuse to run on it.
The battle has already been lost on this. Just look at all the companies that are app-only and don't offer a web version.
This was my local gym which sacked their front desk staff and moved to app access only, and with an app infested with trackers at that. Needless to say I don't go to that gym anymore.
https://developer.android.com/google/play/integrity
https://developer.apple.com/documentation/devicecheck
>I mean, Revolut developers don't need to check for TPM or similar to serve other functionalities just because you're on browser or mobile app.
Some features are simply not available in the web version. You can try running the app in an emulator to get past that limitation, but an emulator won't be able to spoof device attestations, so if they bother checking for it you're screwed.
I'm on a move, had to pay some transport company to move some stuff for me, pick-up date tomorrow. Paid online, website asked for a confirmation from my bank's app (N26), fair enough. Opened the app, just to be greated with "Please Update. The latest app version includes new features, enhancements and stability improvements" with the only choice: "Update now".
Being confronted with an app designed to refuse to work was irritating enough (for context, I'm from a generation were we used to own our devices), but I clicked on "Update" anyway, just to be told by apple store that there was no update for my iPhone 7.
Ok, the writting was on the wall. You know, I own one iphone and 2 android phones already, all of them several years old but in pristine condition. That's how I am, I care for things. I'm not going to buy yet another one, if only because I hate waste and fear mismanagement of natural resources. That's how I am, I care for things.
Now you are mandating me to add more e-waste? There is no way I'm going to do that, so I decided to connect to N26's wensite, but guess what? You need the app to login. Well, if you insist you can also login with a short message, which I did, just to check that there was no way to confirm a paiement on the website.
But you can contact "support", so I tried that. To their credit, the robot bouncer was quick to admit incompetence and to connect me with a friendly fellow human, who was unfortunately only allowed to lecture me about why those "new features and enhancements" were essential to my account's security, while being unable to tell me exaclty what they were or what was the problem with the current version, and suggested I login from someone else's phone instead.
Security? Whose security?
To anyone working in tech, let me remind you what an actual threat model is.
My actual threat model in the actual world is that your company might stole my money, or prevent me from access it which amount to the same thing. Data points: Despite all the stories on the news about mischievous hackerz from russia and china, I've been stolen money only twice in my life, not a lot of but at the time I needed it, and twice by banks.
My threat model is that the electronic gadget that I bought and carry with me all the time stops obeying me and starts obeying some adversarial company. And that, in perfect novlang mastery, you want me to call this a "trusted device".
My threat model is that our civilization might drown in e-waste.
Want another exemple of app only service? Wait for a days or two, as I'm confident I will face the same issue soon.
There is absolutely no reason to release a new major version of your OS every year, and there is no reason to arbitrarily drop support for older devices (except extremely contrived ones, that I'm sure will be posted below). I made the mistake of acquiring an Ipad once. Its only job was playing YouTube videos in bed (yes I know), until Apple and Google in unison decided that it should be thrown into a landfill, because its OS was unsupported and the YouTube app, for no reason at all, would no longer work. Was the device suddenly unable to decode H.264 video or playing audio? Nope. But please just throw it in the trash and buy a new one - what are you, poor?!
I don't know, I haven't checked extensively but I believe supporting iphone7 is still one checkbox away in xcode (xcode 26 release notes state that it "supports on-device debugging in iOS 15 and later", which is what is installed on my iphone).
I could imagine how some team at N26 though that "supporting" more devices was too much on their plate, which I would sympathise with, but the most likely scenario to me is that some technically inept "decision maker" decided to ban older phones in a security gesture to give the impression that he is adding value.
Note: I also own a venerable ipad air2 (2009) that I bought second hand long ago to serve as a midi controller. Still a very nice, well build machine. It's not allowed to connect to wifi or it would figure out what year it is. I call it "hibernatus" (reference to https://en.wikipedia.org/wiki/Hibernatus) :)
I must just have a sixth sense to avoid those kinds of services. And I also have a zero tolerance policy. For example, if a restaurant says I have to order on my phone, I stand up and go to leave. I am old enough now they probably just assume I am technologically illiterate.
However, drowning in e-waste from smartphones is many orders of magnitude from being an issue, as trivial calculations easily show. Mentioning it makes your argument rhetorically much weaker. The iPhone 16 is 147.6mm × 71.6mm × 7.8mm (8.2 × 10⁻⁵ m³) and weighs 170g, according to https://www.dimensions.com/element/apple-iphone-16-18th-gen. The population of France is 68.6 million people. One iPhone per person each year for the next century would be 6.86 billion iPhones in France, assuming the population remained constant. This would weigh 1.2 million tonnes and fit in a sphere 51 meters in diameter. If stacked 6 meters deep it would cover 9.4 hectares, a circle 340 meters in diameter. France contains 63 million hectares. The hypothetical pile of iPhones would cover about a third of the area of the Gravelines Nuclear Power Station near Calais.
Far from drowning in e-waste from smartphones, if you dump it in a landfill, it will be extremely hard even to find the e-waste without a map.
Even if you didn't have a countryside to bury e-waste in, this should be obvious even on the household scale. Suppose you and your four children each get a new iPhone every year, and instead of throwing them away, you put them in a box in the attic. How big is the box? It's a 35 cm cube after 100 years. It would weigh 85 kg, though, so you'd want to use several smaller boxes. But there is no risk of drowning.
Some of those minerals, like the gold in the bond wires, are pretty heavily refined, requiring the excavation of some much larger amount of gangue and leaving most of it as tailings. But the total quantities of those minerals in the device are very small indeed. Instead, worry about things like electric vehicles and CO₂ emissions from making concrete.
What you are doing by attempting to reduce fossil fuel and other mineral usage by buying smartphones less frequently is analogous to attempting to pay the rent on a Paris apartment by looking for lost coins in the subway station, or attempting to take a running leap across the English Channel. You are doomed by your complete lack of understanding of the orders of magnitude involved.
I don't know what's your point exactly? I was close to believe that this near perfect mix of naive quotation from Apple PR BS, computation of tons of minerals required to build a phone to the 5th decimal, and the lackadaisical insulting remarks, was some refined form of humor. But given we are on HN, you might just be this kind of engineer who can't see the forest for the tree.
So, assuming you are just inapropriately expressing a genuine concern that I might be mislead into believing that refraining oneself from buying any more phones is going to slow our society spiraling down into chaos, rest assured: I'm not believing this. My posture is all about principles, and holds for an iphone like for any of the many useless things a normal, modern life wants us to consume routinely, because I believe one should try to do the right thing no matter what, regardless of the odds of success, because proceeding otherwise requires to define success, an end goal, and that's a circular impossibility. Yes, as you can see, I'm with you on the spectrum. :-)
I do respect self-sacrifice on principled grounds. If you were starving in a besieged city, and killing and eating a baby were your best chance for survival (https://youtu.be/KOkBEqtGUI8?t=2886), I'd endorse you not doing it. Even if, in some utilitarian calculus, you were more important than the baby, I'd endorse your hypothetical non-baby-eating moral choice. I'd like to think that I'd be one of the people abstaining from lifesaving cannibalism myself, though I've often seen people fail to uphold their principles when it comes down to it. I respect drawing a line in the sand beyond which you refuse to coldly weigh costs and benefits like an engineer.
But that's not what you're doing. If not buying a smartphone were "all about principles" to you, you wouldn't have a smartphone in the first place. You've crossed the line in the sand; you're already eating babies. All that remains to you is balancing the number of babies you kill and eat against your nourishment.
And, in that situation, refusing to balance costs and benefits isn't a matter of principle. It's merely irresponsibility, and will result in you eating unnecessary quantities of babies.
This is HN naivete at its best. Engineer-centric worldview directly inspired by Ayn Rand science fantasies with single-factor causality at its core.
Engineering happens in and is regulated by its surrounding socio-entrepreneurial-political context. Apple releasing Apple Intelligence is not exclusively an engineering decision. OpenAI releasing ChatGPT is not exclusively an engineering decision. The birth of the internet is not an exclusively engineering decision.
Every single one of those decisions involved more than just calculating costs and benefits of tradeoffs.
What is the difference between saying "I am an engineer" and "I work as an engineer" if we leave aside any desires to bind your personality to your employment contract?
But when you try to reduce a relationship in the infinitely complex and mostly unknown real world to a sentence, or even an essay or an encyclopedia, you have to simplify it. When you do this well, you can manage to say things that guide your readers toward the inexpressible and incompletely knowable truth, rather than away from it. You may even be able to figure out how to do something that you are trying to do.
To describe a bit more of the situation, among the unbounded complexity of the causal graph that has mostly eliminated the risk of global warming continuing, many of the critical nexuses are engineering achievements: the reduction of the resources required to manufacture solar panels to a tiny fraction of what they were only ten years ago, the construction and successful operation of solar panel factories that would already suffice to meet the human world's energy demands within decades, the similar improvements in rechargeable batteries, the not-yet-built solar farms that will deploy these panels, and so on.
These are ultimately causally dependent on nearly all of human history and especially on the political history of China, Germany, and Spain in the early 21st century and of the US in the late 20th. And the effects that will proceed from them are still largely unknown and unknowable, depending on future politics, but some of them are predictable; in particular, fossil fuels have become economically uncompetitive as a source of energy almost everywhere in the world, and will consequently decline over time. This may not be completely inevitable, but it is likely enough at this point that the alternatives are not worth worrying about.
You ask what it means to be an engineer if it's not just an employment contract, which makes me wonder if you have ever met an engineer. I have already given a partial answer: it is a way of thinking that seeks acceptable tradeoffs rather than perfection. I think it has a lot of other aspects as well. For example, engineers tend not to worry too much about factions with conflicting interests; we see life as a series of problems; we expect problems to be solved with enough knowledge and diligent hard work; we tend to value what is knowable and measurable over intuition, even as we depend unavoidably on intuition every day; we design things; our designs are based on material implications of inequalities (to compensate for the unknown unknowns in the world) rather than just equations; we respect expertise, especially expertise that can be put into words; we dare to imagine what has never been, and bring it into existence.
Contrast this with, for example, the worldview of a lawyer, or a doctor, or a mystic, or even a scientist.
Each of these aspects of being an engineer has good effects and bad effects, and sometimes the congenital blind spots of engineering thinking lead us into disasters. (Those blind spots don't bear much resemblance to your caricature of them, presumably because you know almost nothing about engineering, but they do exist and are very important.) But that's basically the way we have not only built the internet but also solved the climate change problem, including at the political level—you may have recognized Xi Jinping's good and bad points in the outline above.
Are you counting the emissions produced to make it and all the packaging that comes with it, the vehicles used to transport it, lightning used in the warehouse where it sits and the appliances used to keep the warehouse clean too? Phones, just like anything else, are not made in a vaccuum
It ought to be obvious, but I'll say it anyway: the carbon emissions of shipping things like a smartphone are quite small, and the carbon emissions of things like warehouse lighting and warehouse cleaning are utterly insignificant.
Obvious is just shorthand for unsubstantiated beliefs ime. What does "quite small" even mean? The iPhone carbon footprint is likely the lowest of all smartphones given Apple's efforts to look as green as possible. Your regular smartphone has almost double the carbot footprint at around 80kg. When you consider that most non-iPhone non-flagship smartphones become virtual bricks after 2-3 years, 80kg is a lot to me.
Year 2034, you have a nice vintage, lightly used electric car. Battery still charges and whole box drives. Do you need to buy new car or gov need to prohibit you using it or enforce to scrap it ? Most likely yes - battery is about to explode, possibly on crowded crossroad...
Real problems sometimes demands 0 or 1 action.
Just "phone app from everyone" etc is monopolies inflicted harm on society.
This is exactly what a TPM was made for, so your statement is a little bit paradoxical.
The problem is third parties using TPM/SecureBoot/etc as a weapon against the owner via remote attestation, by preventing them from configuring their own device, with the threat of being cut off from critical services.
Having the upside without the downside would be nice, but how could it work? Is a technical solution feasible, or would it need a law/regulation?
If it’s on my computer, I should be allowed to read and write to it. End of story. I don’t care if that makes it vulnerable. So far as I’m concerned, letting Microsoft keep secrets from me on my own computer is similarly catastrophic to losing my HD to a crypto-locker virus.
Now with remote attestation they do.
> installing their own root of trust and signing their boot image
Won't matter. They can tell we did this. They won't trust our keys. Only their own.
I had a Win 7 system and just entered a password on boot, this decrypted the disk. It was supported without mods or TPM (maybe some registry tweaks though). On Ubuntu I do the same, no need for TPM. Am I missing something? My disk is encrypted. If they take it apart, they need my password to crack the encryption.
With a TPM you can set it up that your disk is unlocked automatically, but only if no-one changed anything in the signed boot chain. This is the default with Bitlocker on Windows and is also possible on Linux, though somewhat more finicky.
It's just added complexity and corporate control so people can use worse passwords
I want a TPM in my computer so I can have the security and convenience. Yes, it's another point of failure. But I need backups in case the hard drive fails anyway. And besides, the OS can be designed so I can enter a password if I need to use the drive without the TPM.
I think in general biometrics are in the same ballpark as low-entropy passwords. IDK, I personally have no faith in trusted computing hardware because it can be broken with the right equipment. You're right that it can be used alongside ordinary security measures, but I just think it encourages putting your eggs into a cryptographicially-weak hardware-strong basket (which represents a downgrade because crypto is stronger than hw).
>A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
Can you describe how this prevents a MITM attack? I assume you mean a remote server? I've heard of colocation setups like this, but I think they rely on a couple of unstated assumptions.
> Can you describe how this prevents a MITM attack? I assume you mean a remote server? I've heard of colocation setups like this, but I think they rely on a couple of unstated assumptions.
I'm not sure what you mean by prevent a MitM attack, unless you're worried about someone with probes MitM-ing your TPM-CPU connection in the DC.
You can bind a TPM to measurements on the host (let's say for argument's sake you want Secure Boot state, Option ROM state, and UEFI state), then configure the OS to ask the TPM for the (or rather, a) decryption key during boot.
The TPM will check that the state(s) you bound to is (are) the same as when you bound them, and if so it will give the OS the key. Your disk is encrypted, but the boot process is automatic/unattended, as well as completely contained within the server chassis.
There are ways to attack this hypothetical setup, buuuuut there are ways to attack remotely entering your disk password as well, and bear in mind that denial of service is a security vulnerability. Tradeoffs.
Windows Hello allows you to log in with a 6-digit pin. That's perfectly secure, because the TPM lets them design a system where you can't do an offline attack on the pin. Too many wrong entries and you'll need to use your password.
I doubt there's more than two dozen bits of entropy provided by finger print readers or facial recognition authentication, but you can make an acceptably secure login experience with it because, again, the TPM lets you prevent offline attacks.
The risk is data leakage. With a TPM and no password, there is no data leakage protection.
Consider a server. It can have an encrypted hard drive, boot with the TPM without a password, and run its services. In order to steal data from it, you need to either convince software running on the server to give you that data, or you need to do some sort of advanced hardware attack, like trying to read the contents of DRAM while the computer is running.
There are other use cases too, like kiosks, booting to a guest login, corporate owned laptops issued to employees, allowing low-entropy (but rate limited) authentication after booting, to name a few.
You’re not protected from an evil maid attack. An attacker with physical access could make your device boot their own payload to capture your encryption key and install a rootkit.
If they just want your password they don't need to decrypt your hard drive, they can format it and install a rootkit that steals your password as soon as you try to login.
This would be more difficult to pull off in the presence of non-password security like a hardware token, as you'd need to forward the actual login UI to the decoy machine, but still not terribly difficult if the login UI will display on an externally-connected monitor and accept input from an externally-connected keyboard and pointing device, and the hardware security device connects via an external interface like USB.
They can also decrypt your hard drive by doing the same thing without modifying the original machine by just stealing it and leaving you a compromised one of the same model to also steal your password.
In any case data stays secure.
Edit: Hmm, you have a point, how do I know secure boot was disabled in the first place? Anyway, still works for servers and unattended reboots.
The fact that Windows is compromised does not make it capable of extracting secrets from the TPM, though maybe a naïve user can be convinced to enter the recovery key anyway...
But the attacker isn't trying to get the key from the TPM right now, they're trying to get the credentials from the user. It's the same thing that happens with full disk encryption and no TPM. They can't read what's on the device without the secret but they can alter it.
So they alter it to boot a compromised Windows install -- not the original one -- and prompt for your credentials, which they then capture and use to unlock the original install.
They don't need secure boot to be turned on in order to do that, the original Windows install is never booted with it turned off and they can turn it back on later after they've captured your password. Or even leave it turned on but have it boot the second, compromised Windows install to capture your credentials with secure boot enabled.
How suspicious are you going to be if you enter your credentials and the next thing that happens is that Windows reboots "for updates" (into the original install instead of the compromised one)?
And again this presupposes that you can disable Secure Boot, boot a malicious OS from another drive, fool the user into entering their password, automatically reboot, enable Secure Boot, boot into the legit OS, then come back later and have the ability to boot the OS yourself and log in as the user (because again, you don't have the decryption key, you have the user's login credentials).
You are also presupposing what the TPM is bound to. I don't use Windows, but using systemd-cryptsetup I could configure a TPM to bind to the drives in the system; in this way, it will refuse to boot my legit OS while your malicious disk is installed (well, it will demand a recovery key). Again, setting off alarm bells, and if I discover the disk with my recorded credentials before you can physically access it, I can just destroy it.
But that's the same thing that happens with full disk encryption. They come get physical access to the machine but don't have the decryption key yet so they compromise the unencrypted part of the machine which is what prompts you for it, have that capture the key when you enter it, and now they have the key when they come back to use it.
If anything allowing the short password is even worse, because if you leave your machine in suspend you expect it to prompt for your unlock password but not the full disk encryption key when you come back, so the latter would be suspicious but the former doesn't let them unlock the disk, and now you're using the short password for both.
> You are also presupposing what the TPM is bound to. I don't use Windows, but using systemd-cryptsetup I could configure a TPM to bind to the drives in the system; in this way, it will refuse to boot my legit OS while your malicious disk is installed (well, it will demand a recovery key). Again, setting off alarm bells, and if I discover the disk with my recorded credentials before you can physically access it, I can just destroy it.
Except that it doesn't need to be installed once you're at that point. By then it has already captured your credentials and stored them or sent them to the attacker over the network, so it can disable that device right before it goes to boot into the original operating system.
Also notice that the original premise was to make it easy for ordinary users and now the workaround is to install Linux and change a setting that will confuse people as soon as they leave their own USB stick plugged into their computer.
Most market segmentation is just to screw customers (e.g. ECC support), but measured boot is one that really only needs to be on enterprise server or workstation-class hardware, and actually causes issues by existing in mass market hardware.
Let’s not give Microsoft too much credit here…
Between 2011 and 2013, multiple Linux / free software organisations raised the issue with the EC. There was an actual antitrust investigation which at the time was seen as what motivated Microsoft to open the solution to third parties by 2013.
So in a way, thank you EU for making it so we have choices at all.
With that said, I think the technology still does more to promote vendor lock-in and as others have said, it’s one windows update away from a dystopian hellscape where all your bits have been pre-approved by someone else.
I don't see how my TPM module will prevent me from using the machine the way I want. The offer of a cryptographic assurance to a 3rd party is something I happily provide in order to gain access to a competitive gaming resource. Cheaters really fucking suck and if this is what it takes to ruin their day, then fantastic. I'm looking forward to TPM3.0 now after seeing how ruinous this has been to their schemes. These tools are effective.
Battlefield 6 is especially problematic for malcontents because its developers also enjoy using statistical methods to detect cheaters. TPM2.0 + statistical methods + $69.99 per try = probably can't afford to play this game unfairly for very long. Even if you can afford it, the in game progression takes an eternity. You're gonna need that 8x scope if you want your "undetectable" frame scanning aimbot to be of any use.
"Your version of TPM is unsupported. Please update your hardware to enjoy playing Battlefield 7". Your 69.99 per try just went up to 769.99 _for legitimate users_ because you need a new CPU with updated TPM for every new version. I'm being hyperbolic, but only slightly.
If you want a real example of this, Windows 11 requires TPM 2.0 to run. Hardware predating wide TPM2 adoption can be powerful enough to run Windows 11, except the company decided you need a new computer to do that.
I guess people don't know this particular dystopia is implemented.
First a platform gets third parties (games, banks, etc.) to impose their attestation system on customers. Congrats, you're locked in! This is the gun they point at you but the bullet comes after.
Now you can't leave the platform or you lose all your games, have to get a new bank, etc. The more stuff they can get to require that, the more stuck you are. This also prevents any new competitors from building a network effect. But competition -- the ability to switch to a competitor -- is the only thing stopping them from being the worst people in the world. Ads in the start menu. Censoring whatever they don't like. If you want to buy something -- anything -- they want a 30% cut. They'll hide it from you but take it anyway. All your local files get uploaded to their cloud and the terms let them use it for AI training, or whatever else they want. And soon you have to pay a monthly fee if you don't want them to be deleted. Why would not paying also delete them from your local machine? Because screw you, you don't have a choice anymore.
This is overkill for a feature that is only relevant to one specific usage of PCs. Imagine if your PC got crippled because farmer IT admin benefits from it
https://linustechtips.com/topic/1610033-hp-charges-for-warra...
I think this is very misleading. Secure boot was a response to the poor security of commodity operating systems which allowed programs easy access to make low-level system modifications. In other words, the poor security models of commodity operating systems was the actual cause that allowed rootkits to spread and become a major threat that required mitigation.
In an alternate world in which operating systems enforced least privilege on all programs, the likelihood of a rootkit spreading would be orders of magnitude smaller, almost not even worth mentioning. The motivation for secure boot in this world is really only to prevent supply chain attacks, which can also be solved by just buying hardware from reputable companies. Secure boot arguably would not have been created in this world, thus avoiding the new dangers inherent to it.
Also remote attestation has pro-social uses. Without it, photographs will soon become useless as evidence because soon there will be no way to distinguish a photo of a real scene from the output of generative AI.
Yes, they did. It was written by the specter of the US Department Of Justice.
Secure boot is a rootkit.
That said, for home use freecad has gotten a lot better after the ondsel changes were merged, I was using the free liscence of fusion360 for personal projects, and moved over to freecad 6 months ago. I'd originally tried it 7 or 8 years ago, and it was just absolutely awful to use, but modern versions are really very good. There wasn't a huge learning curve, and I haven't run into anything that the program can't do. For hobby CAD, I'm using it for 3d printing, a Cnc mill, and making prints for manual machining. Honestly, I've been less frustrated with freecad than fusion360, it does a better job of getting out of my way and letting me design things. That said, I'm a software dev and IT guy, I don't know if it would work for commercial use. I certainly didn't push for the engineers to change, but their workstations are already running win11 that I had to debloat.
On linux, you have OpenSCAD (which is okay for some applications) and you have FreeCAD (which sucks imo). Right now, I just use OnShape which works in my web browser and is similar to SOLIDWORKS (and it's $0 for students).
In the future I will try running windows CAD under linux using kvm and this: https://github.com/casualsnek/cassowary
I'm using Ubuntu as my daily driver for the first time since ~2010, and I'm solidly not hating it.
Thinking about other desktop environments and what not, but this was easy and familiar. Everything literally just worked... Which is the first for me with Linux.
One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
When I was young and poor, I had all the time in the world to tinker with my Linux machine to figure to get everything working again. I just want an operating system to work. If not Windows, I would recommend a Mac.
That's not really a problem anymore with immutable/atomic distros. Your entire system is upgraded in one go as a single image, any dependency issues are handled on the server (basically the image won't get built if there are issues). And most of your user apps will be installed via Flatpak or other means (homebrew/Nix etc) so you won't ever have to suffer from dependency issues unlike regular distros.
So if you want to get a distro that "just works", get an immutable+atomic distro (eg Aurora, Bazzite etc). Assuming of course, you've got compatible hardware.
Those who chose Linux were happy with the choice. But they were only a minority.
Now, Windows 11 requirements make a lot of PCs obsolete unless they install Linux on them.
20 years ago Ubuntu was the go-to for baby's first Linux. Is that still the case?
Unless you want to be the perpetual IT support for your parents, I would recommend getting a user-friendly immutable/atomic distro, like Aurora[1]. Aurora uses KDE, which most Windows users would find familiar. It is immutable, which makes it very hard to break, and it uses atomic updates (basically updates either apply or don't: there's no partial state which can break the system). And in the rare event that something does break, you can boot directly to the previous version right from the boot menu, no need to run any manual rollback commands. My 70yr old mother also uses Aurora and has zero issues.
This is why I recommend immutable/atomic distros for newbies, especially if the person installing it doesn't want to be a 24x7 tech support for that user.
Also, the /usr merge thing has caused some issues for users, requiring manual intervention[1]. Not a big deal for techy users familiar with the terminal, but this isn't something end users might want to deal with.
Image based immutable distros don't have issues like this.
Luckily OnlyOffice is a pretty decent alternative with excellent compatibility with MSO formats. And there's also the web versions of office, which is now a decent alternative (unless you're a power user who needs macros/VBA etc).
Linux users can install the free software suite LibreOffice, which not only replaces Office but reads and writes the same file formats. Many similar choices exist, this is just one.
Gamers can install the free Steam game compatibility layer on Linux, then play many of the same games they play on Windows.
Meanwhile, Redmond's recent requirement that everyone sign up for a Microsoft account, and its pushing the Recall eavesdropping-to-cloud feature with no user opt-out provisions, clearly signals Microsoft's belief that their customers should't be allowed to choose.
Here is a list of current Windows traits that should be options, but are out of an end-user's control:
* Required Microsoft account.
* User tracking and telemetry without knowledge or consent.
* OneDrive, which is cloud storage and tracking, requires technical skill to disable.
* Desktop-recall images to the cloud, essentially Microsoft mass surveillance.
* Edge browser, cannot disable or remove.
* Unintuitive user interface, out of user's control.
* Advertising everywhere.
All these frequently heard complaints are addressed by Linux, and Linux is free.
I've been a Linux user for 30 years. I maintain one Windows dual-boot system, partly to help friends deal with Windows issues, partly to entertain myself with what most people believe constitutes a normal end-user computer experience.
A bit of context -- my first computer was an Apple II in 1977, so my definition of personal computing might seem out of touch with modern times (https://www.atariarchives.org/deli/cottage_computer_programm...).
> contradicts the open nature of Linux
> And, I am pretty sure that both NVidia and AMD have similar (binary blobs).
Yes, all true, and as more powerful GPUs appear, this is likely to become a more contentious issue.
So I say, choose where we have a choice.
That's not what Recall is and not how it works.
You're right, I overstated how Recall works, right now. At the moment, it's opt-in and the images are only stored locally. I was wrong -- my claims were several months out of date.
Recall's current form results from a heated online debate about its original form, which was neither encrypted nor opt-in.
At the time I write this, Microsoft won't allow users to uninstall Recall, a demand made by security professionals who see serious risks for non-technical end users in the event of a compromised system.
Having said that, let's revisit this feature some years from now. Let's see whether Microsoft's perennial corporate death-by-a thousand-cuts strategy has changed anything.
Can you fix?
There's no 'Recall'. Co-pilot isn't all over in your face so removing it isn't really a priority. Edge isn't forced on you, it's just part of the bundled software just like a bunch of other items as in every Windows for decades. Not saying it doesn't get hairy if you're going out of your way to remove them or not be in the ecosystem, but consumers don't care, and for the most part stuff isn't being forced in front of them.
If you’re measuring “Windows isn’t annoying” from the corporate perch, that’s not a fair comparison to what consumers and home users put up with.
Not to mention the forced upgrade and reboots that can’t easily be disabled for same.
The hate is hardly unprecedented and indeed well-deserved. MS has shown in the past that they’ll respond to poor OS reception with attempts to win back customers and that’s what I’m hoping for in this case.
Rather:
2000: good
XP: decent (after a long series of patches)
Vista: bad
7: good
8: horrific
10: bad (basically all the people hated it because of the surveillance stuff)
11: horrific
Because now is the real push to get everyone off 10.
a) the lock screen gets stuck from time to time if you hit enter to get to the password entry, until you turn off all the pushed content on the lock screen. Which ok, I'm happy I turned that off... but then I had to log out and back in for that setting to take effect. Now that I know about that setting, I turned it off on my windows 10 machines, and it takes effect instantly.
b) I like my windows round on the top and square on the bottom. It's cutting off the bottom left character in my putty windows; you used to be able to undo that in the registry, but now you need to force load dlls (maybe putty can fix it?)
c) I don't want notepad to have tabs or autosaving
d) it feels like keyboard focus gets lost to the ether a lot more. I had this happen in new style apps on 10 (like the new calc), but it happens at the desktop from time to time on 11.
I had been using linux as my main desktop at home for years, and went back to windows 7 when gnome2 ended. 7 was very good, but it's been downhill since then, especially since Microsoft killed off SDET roles. I'll probably keep windows on the laptops (useful for FRC), but when support for 10 runs out, the desktops are going to move to FreeBSD and I dunno, fvwm maybe?
Maybe because it's Windows Pro, not Home? Maybe because I have 2 profiles. The one I used to install it which required a microsoft account, and a separate, local only account which is the one I use always. I can't remember the last time I had to use the other account. Maybe when I upgraded to Windows 11. I don't remember.
I'm not trying to excuse Microsoft. I had to go into settings and turn off everything I could find. I had to futs around to get it to stop trying to get me to install Exchange every time I pressed Win-E (or was it Win-W) which I press often because I use the same keyboard on Mac and Win-W is Cmd-W (open new Window) (A: Powertoys). So yea, I cursed that. But, I found a solution.
Other than that, so far, it stays mostly out of my way and just works. I'm hard pressed to notice too many differences. Is it because I'm on Pro? Is it because it's a local account? Is it just luck? I don't know. It only suggests that it's at least possible, so far, to use it.
Windows 10 eventually breached my capacity due to the number of defaults I had to change post installation, and then often, again, post-patch/update. This was very soon after Windows 10 was released, and I already didn't like Windows 8's hybrid monstrosity following on from the sublime Windows 7, which I consider to be peak Windows.
I moved to Pop! OS and have been enjoying it on both desktop and laptop for over 5 years.
* Needing internet and a microsoft account to install the OS
* Start menu now requiring two clicks to get to programs list
* Right-click requiring two clicks to get to the options you most likely want to use (e.g. 7z unzip or opening in a specific program)
* Task manager being slow and laggy
* Random ads asking you to install a game pop up in the notification area
* ...
And then there's little bugs everywhere that just grind away at you on a daily basis:
* A tab in explorer will sometimes randomly stop accepting clicks (keyboard select works). So I have to close the tab and re-open
* The keyboard layout setting gets corrupted and there's no proper way to reset it (nevermind the fact tha this setting is now burried twenty levels deep in the new settings app)
* The settings app search does not work
* ...
It is by far the worst Windows version (beating Vista and ME to that title) in my opinion. I use linux as my daily but am forced to use Windows at work and they have of course been forced to upgrade us to Windows 11...
Right-click requiring two clicks to get to the options you most likely want to use (e.g. 7z unzip or opening in a specific program)
When I create a new folder or file in a directory in explorer it hangs for a bit and doesn’t show up unless I click refresh. Ditto if I save a file to a directory that is open in explorer.
Thinking about trying to get a copy of Win 10 IoT LTSC instead at this point.
Main downside is other applications dropping support for 10, if relevant. I only swapped my main system due to Fusion 360 notifying me they were dropping 10 in January 2026.
Just as an example of this everyone points out Massgrave for activation on a version of windows I doubt many are properly licensed for, and one of the methods used relies on periodically talking to KMS servers they provide including some on a Chinese TLD [0]. Personally I'd be charitable and say it's probably well intentioned using the cheap resources they can get (there's no mention of donations on the site), but I wonder how many are aware of what is involved and this is just something they rush through to get rid of the big scary warning that windows puts up and tech news hysteria.
[0] https://github.com/massgravel/Microsoft-Activation-Scripts/b...
Also, the script to activate it, go here [1] for that.
[0] - https://massgrave.dev/windows_ltsc_links
[1] - https://massgrave.dev/
I'm using Windows 10 IoT Enterprise LTSC to write this and using Massgrave(l) it's activated to 2038 or something now. The only thing I wanted that LTSC didn't have out of the box was the Microsoft Store but you install that from PowerShell with the command "wsreset -i" and wait for 30s or so :)
* A microsoft account is only needed for Windows 11 Home. A "semi-power user" is hopefully not using that edition of Windows...
* I'm also greatly annoyed by the right click - but holding shift when right-clicking opens the expected menu, removing the extra click requirement.
Some of my own annoyances though:
* The taskbar/windows button seems to just...crash...sometimes. It'll eventually restart, but extremely annoying. Left clicking taskbar icons still works, but right clicks or the start button don't work as expected.
* Additional clicks to change audio devices...drives me crazy on my main system.
* I like the autosaving aspect of notepad, but they've killed the main reason I used it - an instantaneous, lightweight text app. It's still quick, but is noticeably slower.
* Settings and Control Panel is still a mess, and even less usable than Windows 10 was.
Both Home and Pro require Microsoft account to install and start using. Then you can create local only users in both editions and delete user joined to Microsoft account. This is standard operation even in OEM installs.
I installed it offline in a VM, Home edition, US region. Shift+F10, oobe\bypassnro worked (with a warning/error at some step, but the local account was created fine). I read somewhere that it doesn't work if you connect to the internet during setup (which is always a bad idea IMO).
[1] https://www.microsoft.com/en-us/software-download/windows11
And wsl2 is mostly fine. But that doesn't stop the rest of the OS from being a dumpster fire. Why is it asking me to install or play Xbox games constantly? It feels like I have malware...
Because Microsoft got too large and some manager of Xbox pressured the Windows team to allow such notification to boost up their KPIs (games installed, game hours played).
Telemetry and KPIs are the single worst combination of bullshit that has happened to the entire IT industry.
It feels like I have malware...
I jumped ship over a decade ago and have been using Linux Mint as my daily driver; there hasn't been one day I've regretted it. Seeing the recent news about the constant full-screen Windows Backup/OneDrive popovers and needing a Microsoft Account just to install the OS (they recently killed the OOBE workaround) is just the stale icing on this dumpster fire of a cake.
Don't even get me started on all the AI crap in Edge.
The PC also had Win10 before Ubuntu, and I remember that being way worse because of the constant updates which always triggered more nags and resetting my default browser.
I thought that was not possible
Also: Almost all replacements for Excel are much worse, and incompatible with existing VBA macros that run a lot of HR, accounting, budgets, and other support functions.
Regarding Teams desktop app vs web app: Is there a big difference? I don't have experience with the web app.
I seem to recall : it would only work on Edge; and you couldn't share your screen in the web environment.
I say "only work on Edge" but, to be fair, it's possible I may not have tried Chrome as I never use it. It didn't work on Firefox.
It worked for a long time, I've been using Linux only for the past 25 years :) The Linux version of the Teams application never worked properly OTOH.
My mom got an automatic update to Windows 11, and it bricked her computer. It wouldn't boot; it would spin and then say it needed to go into repair mode, and then doing repair mode didn't do anything.
My initial thought was that the disk was hosed, but of course my parents had a bunch of priceless documents that were never backed up anywhere else, so I talked my dad through flashing a USB of Ubuntu so I could boot into it [1], mounted the NTFS partition, and ran smartctl and the disk wasn't reporting any errors. I found and ran a few other diagnostic commands and again, no errors. I was able to rsync the files to my home server, so nothing was loss. My initial assumption is that the Windows Update team didn't properly check to see if the CPU was compatible, and that maybe they were calling a newer instruction that wasn't on my mom's relatively old laptop.
After unsuccessfully trying to convince my parents to move to Linux, I talked them through flashing a USB drive with Windows 11 with an official image from Microsoft and using Microsoft's official disk flashing software, and we were able to install Windows 11, and as far as we can tell, it worked completely fine.
My hypothesis now is that whomever built Windows Update fucked up some kind of boot key and it was failing as a result. That or they just decided my mom should buy a new computer.
I was actually more annoyed after Windows 11 worked perfectly fine, not just because that means my parents aren't going to move to Linux, but also because that means that there's no technical reason that the computer should have been bricked, it was just the utter incompetence of Windows Update. Just to reiterate, this wasn't some hacked version of Windows 11, this was directly downloaded from Microsoft, flashed with their tools, with no adulteration on our end, meaning regular Windows 11 works fine. I highly doubt that my mom is the only person who has gone through or will go through this, and a lot of the people that will go through this won't have kids who are software engineers and probably be forced to buy a new computer.
Genuinely, how much e-waste is going to be generated by this forced update?
[1] Why the hell isn't there any kind of "Live USB" version of Windows? I mean officially, not some hacked thing? Why is the best way to fix Windows to use Linux?
The windows installer image includes repair tools (which probably wouldn't work much better than the automatic repair), and you can get a command prompt in there and do whatever.
Oh, yeah, this is absolutely perfect. Thanks again, that's amazing! It was really the only thing I wasn't sure about upfront for the person I'm thinking of. So awesome :D
I say this as someone who uses Linux daily. It's simply not ready for mass exposure. The second a layman wants to do anything remotely custom with it, they are going to struggle.
It's the power users, or users who've got specific proprietary software/hardware requirements that usually run into issues: gamers who play games with kernel-level anti-cheat, professionals who're dependent on Adobe/AutoCAD etc.
Like, secure boot is not a bad feature, and I use it with Linux to enhance my security posture. It is a good thing. TPM is rather useful for encrypting your disks. Stop telling non-technical people stuff like this. The hypotheticals of a future of corporate control via TPM are completely outweighed by the importance of encrypting your data today. As of right now TPM isn’t enabling some kind of horrendous dystopian present. Maybe it will in the future but I dunno, I haven’t see it yet.
And then a lot of other parts of this article are gross exaggerations of reality, and a lot of those complaints already existed with Windows 10 users anyway. Some of these were actually worse at previous points in time (e.g., it used to be way more difficult to remove OneDrive and now it just uninstalls cleanly).
Windows Recall and Copoilot are entirely optional features that are very easy to disable entirely.
The author is straight up lying about windows recall and the “surveillance state,” Microsoft has directly stated that it is 100% local (doesn’t even work on hardware that lacks AI processing optimizations) and no information from the feature leaves your device. It also comes with a rather extensive list of security controls and sensible defaults if you actually read the documentation. Sure, a pre-release beta version had a security issue, but that was pre-release. If we want to start claiming that Microsoft is just directly lying about things they document very specifically and directly about Windows Recall that’s a really big accusation.
Windows 11 prevents complete uninstallation of features…yeah it’s an operating system, no shit. No they’re not going to let me uninstall File Explorer. Yes I know Linux lets you do that.
And the complaints about edge, sure, it’s true and all, but it is again a one-time issue that goes away once you change your default browser to some other browser that also begs you to make it default. It’s a minor annoyance at worst and judging by the marketshare of chrome everyone pretty much ignored Microsoft’s pathetic pleading. Everyone pretty much sleepwalks into installing chrome anyway.
Look, I say all this as a Linux user myself. There’s no need to exaggerate and lie about Windows just because we prefer Linux. I would still not recommend to most average joe windows 10 users that they should switch over to Linux, but I am recommending to more people than ever before.
And very easy for Microsoft to enable silently. Missing the point here. The fact that they are enabled by default is the concerning bit. You shouldn't need to fight against your OS or worry if the next update will do something to your system that you don't like. This is the crux of it all
This would seem to require a little elaboration. LibreOffice Calc is supposed to be decent, but I practically never hear about it being used in the professional contexts where Excel typically appears. I'd be willing to bet that it will handle all of the spreadsheets currently used at our firm, but that's a convenient case where only a small number of spreadsheets matter and I know how they all work. For anyone managing a larger ecosystem the switching cost is daunting. Some links to case studies or analyses of when Calc can take over for Excel would probably be pretty helpful, since as far as I can tell Excel is the reason people stick to Microsoft, while Outlook, Teams and Word are mostly just tolerated.
I like the fact that it has done a lot for the linux ecosystem, but there are a few things:
- it has a privacy policy
- it forces updates
- their hardwired package ubuntu-advantage-tools cannot be uninstalled without breaking the os
- motd has telemetry and nags
- can't disable snaps
- whoopsie uploads crashes to canonical
now, this is different from windows because the os is mostly open source, but it is important to know not all linux distros are the same
(note that because the source is generally open, you can probably figure out how to "fix" most of these problems, but not easily and they are moving targets)
I also have a good out of the box experience with Zorin (an Ubuntu-based distro). Their goal is to be an alternative to Windows, to make the transition smoother for people coming from Windows. I wanted to test that and just installed it, never used the command line, etc. It feels nice and did everything via a graphical interface I wanted out of a desktop system.
>I think holds some non-technical people back.
That might seem like an issue, but what matters for adoption is what is packaged with hardware, and what gets support later. Microsoft realized this and capitalized on it big time, and that's why the de facto default PC is Windows. Microsoft took care that governments, schools use Windows and Office, that Windows comes bundled with PCs and laptops, meanwhile they took care that it all interacts at least on a basic level, but at least somewhat reliably.
That being said, make sure to install printer, camera, and GPU drivers for new users before leaving your care (note iphone PhotoSync app also works with ssh.) Additionally, loading a suite of common Applications to replace web/email/CAD/publishing/media/gthumb/zoom tools will ease new users experience looking to complete some task.
Linux workstations are easier now given most services are web or App based. MacOS also tends to be easier for the people locked into Adobe =3
Some of the more annoying stuff like ads in the start menu and the like only really affect americans, as far as I know. I've never seen it. Had a brief battle turning copilot off everywhere when that became a thing - including in notepad! - but thats hardly just a microsoft thing.
Don't really understand all this drama over the TPM chip, especially since you can bypass that requirement with a little effort if you can't upgrade your hardware.
[0] If "it [Xubuntu] works like Windows" offended you, I'd like to point out that normies don't care about how operating system kernels are designed. They care about things like a start menu, and that the X in the corner closes programs.
Install Fedora with KDE.
Install Firefox, Thunderbird and Chrome.
Install uBlock Origin, Privacy Badger.
Install LibreOffice & bookmark Google Docs.
Install multimedia support, h264/h265, VLC/mpv/ffmpeg, enable DRM in browser.
Install Steam if applicable.
If they have a printer, connect it and show them how to print a page.
Configure & tweak KDE to be cleaner & more user friendly (its already near perfect out of the box). Show them how to manage wifi/lan connections.
Stick with Intel & AMD hardware, Nvidia drivers breaks on most kernel updates (and it messes with luks/secureboot/dracut). Intel & AMD, Just Works.
Educate the user on how to do Software Updates, install/remove software, how the file explorer works, maybe some terminal stuff if they seem inclined. Give them a high level overview of the benefits of linux.
With Fedora and KDE you can accomplish 95% of your computering needs, including software development. Only a handful of games & creative softwares don't work.
It will only take 6 months to have them permanently converted.
Immutable/atomic distros are rock solid and extremely hard to break, the automatic updates/upgrades are a godsend for newbies, and in the rare event something does break, you can boot directly into the previous version right from the boot menu - no command line wizardry required. Immutables also don't suffer from the dependency issues that can sometimes plague regular distros, so I would highly recommend them over a regular distro for most newbies.
Also, how are the graphics drivers affecting LUKS for you? They are two independent and unrelated things for me, Nvidia drivers aren't doing anything disk or pam related
> If they have a printer, connect it and show them how to print a page.
This however is the thing that doesn't "just work" for me, even with a common hp printer. The one time in a year you need to use the printer, something will have broken about its drivers again in Linux. I just transfer the pdf to the printer with a USB stick now
Furthermore, last time I tried printing, it was a surreal non-deterministic process. It wouldn't print, then it would, then it would get stuck in a handshake or something, rebooting wouldn't fix it, but rebooting twice would, then turning off the printer would break it again, and so on. No system update in between attempts. I genuinely want to know what the fuck the engineers for those machines are doing.
[Disclaimer: in the above process there was the extra hurdle that the printer was one of several on a local university network that may also have had cooky configuration]
Sorry to tell you that, manual updates are not a thing your average user is familiar with. In Windows land, updates install themselves
-unable to execute a clean chip-architecture transition (while Apple shipped three clean ones)
-unable to modernize its operating system consistently (5 layers of different UI/UX and 30 years old DLLs spread all over the place)
-unable to harden its own software
-unable to design its own hardware
-unable to keep users's data secure
I could continue, but the pattern is clear
I will never store personal or government issued documents on a Windows device and I will never use any form of digital ID to login on infrastructure that depends on Azure AD
TPM, Secure Boot, Windows Update stories are the evidence that the more you entrust Microsoft, the worse it gets
But now, after more than two decades, I am certain Windows 10 is my last Windows.
Nothing lasts for ever, not even Microsoft's domination on personal computers. It took them decades, but now they finally f'd up so bad that there is just no going back.
I think, like many people, it will take me few years to need to reinstall my computer(or get a new one). So I will still be a Windows user and that will skew the numbers for upcoming years. But I think that also means that in 1-5 years, Microsoft will see a massive double digit percentage drop of users, almost over night, and nobody will have a clue what is going on.
By then, I bet the distributions will be even better. The gaming will be event better. The drivers will be even better. The saturation will be even better. So the transition will be even more seamless than it is today.
I am looking forward to it. I think Linux, or open source and free OS, should have been the norm. But we took a bad turn in the past and got hijacked by few smart people. That will come to a natural end, finally.
I tried Bazzite for a while on my desktop, it's fantastic for gaming, but I'm also a dev and a Linux user since I was a teen (almost all of the years of Linux) so I found it a little limiting for my other PC related stuff (I typically prefer to run Arch and Arch based distros on my machines).
For anyone with a computer dedicated to gaming I'd recommend Bazzite, I still run it on my ROG Ally since the moment I took it out of the box; I bought it _because_ Bazzite existed, never even considered booting Windows. It's a great distro tuned for gaming, and comes with some features like VRR and HDR that aren't as easily available on other distros (I've been able to get HDR on Arch/Gnome but not VRR).
It's hard for someone who relies on Windows software to be entirely rid of Windows, which is why I don't tell people they should switch to Linux, but it's not impossible if you really want to, unless you rely on a piece of software that just won't run under WINE or doesn't have an alternative.
For me, I grew up with Linux alongside Windows, went into a career that uses and targets Linux exclusively (backend SE) and for my computer based hobbies; gaming, coding, 3D printing/modelling they're served very well these days, and constantly improving.
don't have as much Proton experience as you, but i also feel like it's gotten way better compared to 4-5 years ago when i first tried it.
i'm always very mindful when suggesting people to use Linux, as like you i work with Linux daily, so of course i'm going to have less trouble using it compared to Joe Schmoe who exclusively uses Windows and never installed an OS himself. but for people who aren't afraid of tinkering a bit, sure.
now at the point where i'm considering switching to AMD from NVIDIA, just because it seems way better for Linux.
There's a few video editing tools on Linux, I believe Kdenlive[0] is popular, I don't really have any experience with them beyond very basic editing of family videos.
> but for people who aren't afraid of tinkering a bit, sure
My daughter who's now 6yo has only ever used Linux (Arch no less; yikes) and until someone in the educational system tries to make her use Windows, there's really no need she'll have to. She's a little too young for a conversation about "software freedoms" at the moment, but she can play Minecraft on my laptop just fine, once she's interested in branching out I'll find (or recommend) other tools for her.
> now at the point where I'm considering switching to AMD from NVIDIA
That's been on my mind for a while now too, I jumped back to AMD for CPUs when they got back in the game, my XPS laptop is the only Intel device I still have.
The only the holding me off AMD for GPUs is the performance, they're just not competing in the top end with Nvidia, once they have something I'm happy will perform I'll jump ship there too!
went through this process a couple of times. Kdenlive, Openshot, Shotcut. Sadly never found one i really like. problem for me is that i edit videos once every 2 years on average, so i never get to develop muscle-memory for these indie-linux-tools. with Davinci there's at least a ton of resources online to help me. i think i liked Kdenlive the most, but i also vaguely remember being really annoyed by the workflow and lack of a bit more advanced things. but as with proton, i should probably not loose hope and just try again the next time i "need" a video editing tool.
> My daughter who's now 6yo has only ever used Linux
that's really cute, glad that you're enabling these skills for her :)
> they're just not competing in the top end with Nvidia
i have the advantage of being a power-gamer but at the same time being concious of what i really need, so i'm sure a flagship AMD card will be more than enough for me. i of course don't care about ML and other use-cases, so get that it's not an option for everyone.
I ran into that problem on DS2 also. It seems that game picks the first input device it finds, so I was able to force it to use the controller by unplugging my keyboard (or maybe it was the mouse? It was one of those).
in the end i didn't care that much, as i only installed DS2 because my SO was playing it. apparently she didn't like the game anyways, so i just uninstalled it and that was it :D
This has a good list of what works and what doesn't: https://areweanticheatyet.com
Iam not sure if I care whether the AC software does work (theoretically) on linux. Most of the games with AC cannot be played on linux. (You can see this on the graphic you linked).
I tried it long enough. I played MTG Arena with lutris and every patch day was a frickle.
I don't even play FPS games seriously, let alone competitively, but many of the games I play don't run on Linux. It's that simple. I've been using Linux daily for 25 years, but I have a dual boot with Windows. A week ago, I taught my NixOS to boot with secure boot because the new Battlefield requires it—and other games will follow.
I recently got into playing Helldivers 2 with some family members and luckily for me it works just fine.
My opinion is that Linux gaming is most suited for majority single-player gamers like myself.
This is like saying you won't stop smoking because then you might get less cancer.
Biggest pain point actually are not programs, but the need to format all hard drives to some linux file system. I cannot just replace windows with linux and that is it. No, I have to migrate all my data somehow to reformat all my drives and then move the data back. That was always huge pain in the ass.
https://www.paragon-software.com/home/ntfs3-driver-faq/
But there will be details, limitations of some kind, and I can't work out what those are without much more digging.
The reason Windows (and Microsoft itself) is not 6' deep yet is a relatively small number of commercial creative software like DAWs, graphics suits and CAD modellers. Yes, there's a huge amount of legacy software in CAM, plant control and whatnot, but that can run alright on all those Windows XP and 7 machines like forever.
All major software vendors who think that Windows has too much inertial following and that its users will embrace whatever fascist surveillance machine their computers become under this abomination of OS, and refuse to port their products to Linux, will be in trouble soon.
Out of all DAW developers, only Bitwig got this trend right yet.
At this point, I need a nice gpu on a linux machine and a mac mini. It is a dream setup. I think I booted windows once on my most recent laptop because I messed up booting from the thumb drive to blow it away.
Reaper runs incredible on linux for DAW software but you always run into something that is not available with creative software. Then it is really nice keeping the mac only for creative pursuits.
Google is likely actively working towards a future where all of those programs run on a browser.
But on WinME that was complete trash.. Never has an is crashed so much on me... I went to Win2k after that ... Win2k was the last windows I ran in a PC and was IMO peak windows.
My way of switching over was to set up my system as a dual-boot, and then to set up my Linux in a way that enabled as much of my needs as possible. I got overwhelmed at first multiple times, but realized later that I'm just resistant to change. After a few tries, it stuck, and instead of feeling overwhelmed with change, I felt relief that I don't have to deal with Windows, and all the corporate bullshit that comes with it. Instead I have the vibrant culture of free software, and all the bullshit that comes with that, hehe. And I take that anytime over the former.
I'm also using KDE btw. I think it's by far the best DE, for me anyways. Fun fact, Valve's Steam Deck also uses it.
You don't want the migration to be harder than it should be, and doing everything at once is way too hard.
General public won't care until they can buy laptops with GNU/Linux on their favourite shopping mall PC store.
As it stands today they are more likely to buy an iPad or Android tablet than such alternative, which aren't much better than Microsoft in user tracking, and much worse in user freedom allowed by the OS.
Yeh, and it works great. Your point?
The Steam Deck hardware itself can run the original 32-bit libraries if your distro supports it, Valve wasn't "forced" to do anything. They chose WoW64 because it's the mature and functional solution.
Ideally I would want to use Linux but I also want to play games that are only supported on windows.
Does using WSL help or is an outdated windows base still going to be the weakest link in the security onion?
But you can always dual-boot between Windows and Linux. Just uninstall all your browsers (to mitigate risk) and other non-essential app in your Windows install, configure the firewall to block everything except games. And boot into Linux for everything else.
WSL2 is mostly just a virtual machine. All of its networking bugs aren't that weird, they are pretty common networking issues you'd see from any other virtual machine configuration. Depending on what you are trying to do, switching WSL2's networking mode to "Mirrored" can be a useful way to fix networking issues by more closely aligning the VM network stack with the host network stack. This is often the fix for VM networking issues in other environments, too. Things like the host's VPN get reused directly instead of the VM needing to run its own VPN copy, for instance.
Windows value to me was "everything just worked". But that's no longer the case now, unless you are willing to walk down Microsoft's centralized rails. Need an MS Account and OneDrive... need expensive modern hardware... get ads and crapware... get telemetry and data exfiltration. The effort of working around all that is non trivial. EDIT: and if I was ok with all that stuff I'd already by captured by Apple.
If I have to fuck around with something in my home OS, that OS might as well be Linux. So now I am compiling wifi and printer drivers from github (FFS Linux!) instead of disabling telemetry and hacking an install with local accounts only.
The challenge, as always, is going to be taking the family with me.
It’s still a bridge too far for most
The hardware landfill issue is real though. My 70 year old dad announced he’s getting a new laptop out of the blue. Reason…this
Linux isn't going to be any more secure than Windows was if everyone switches to it.
It's my own opinion that windows enforcement of TPM while retiring Windows 10 is a rough direction, but I also get the executive decision. Support for old software is costly, and Windows 10 is very old at this point. Add that to how many security issues Microsoft has been having, and this seems like the only sensible decision.
As much as I agree with the article's general tone, uninstalling Copilot is actually quite straightforward and easy.
trinsic2•3mo ago
So I have to decided to promote Linux over Windows for computers I build for customers. If you have any suggestions on how I can make this promotion, better let me know.
potsandpans•3mo ago
rolph•3mo ago
if you promote, facillitate, provide resources for installation free of charge, thats probably fine. providing a system for sale, with linux pre-installed, may require, at least some attribution.
trinsic2•3mo ago
gerdesj•3mo ago
Linux - the kernel is GPL 2 - that means you can use it to your heart's content. If you make changes, it would be nice if you shared them, please do.
A Linux distro will generally have a similar license. Again the idea is that positive changes that you make are made available to everyone.
That is the idea of the GNU Public License: If you take our freely available stuff and add to it, you should make your changes public too.
Seems fair!
rolph•3mo ago
the idea that positive changes are made available to everyone, is not yet broadly salient. at least now, poster is probably aware of that condition.
you seem to be up on GPL2 , what happens when someone packages distros on disk or stick, and sells them for profit ? thats something to be aware of as well.
bee_rider•3mo ago
whartung•3mo ago
On my motorcycle, there’s an option to view the software licenses used on the bike. The GPL is in there somewhere. So are a lot of other things.
And, no, during checkout at the dealer, we didn’t spend any time talking about software licenses.
As a bundler you’re obligated to provide the licenses. You’re not obliged to point them out, highlight them, point folks to links, or archives, or explain how they work or what rights users may have.
They just have to be available.
rolph•3mo ago
now the next is the nature of linux as a common good, generated by many contributors over some time. is it acceptable for anyone to turn a profit from distributing copies of linux on media, or as a component of a retail unit, for an additional price ?
how does that scale up? suppose thousands of ISOs or live distros are sold, enriching the seller by some thousands of dollars, is that ok?
could i, or you, or anyone, burn a couple hundred disks, or rufus thumbdrives, then sell them for $40 each, and have no concerns ?
the submission, links to what is clearly, a profit oriented business. what limitations exist? none if you just pack a GPL2 in with it? can he charge a fee as if he is selling linux to the end user? is public awareness, and availability a suitable contra for financial profit from sale of a product of many contributions from many individuals over many years?
just how philanthropic is the community?
iamnothere•3mo ago
Delk•3mo ago
GPL version 3 explicitly says "you may charge any price or no price for each copy that you convey". The MIT license also explicitly allows selling the work.
No other free or open source license forbids selling either. In fact the Open Source Definition from OSI expressly says: "The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources."
Linux distributions have been commercially sold for decades. Red Hat built its entire RHEL business on that, even when they still played nicer with open source. (Of course the key really was the support they provided to their paying customers but I think you still needed to pay to get your hands on RHEL anyway.)
Of course the problem you'd be facing if you wanted to sell free software at a significant price would be that since you can't forbid redistribution of the copies you sold (and you need to provide source code), someone else can take what you sell and redistribute it for free. So you can only really sell other people's free software if you either get ignorant people to buy it despite the same thing being available for free elsewhere, or if you provide something else on top of it that people are willing to pay for.
That severely limits the possibilities of making big bucks by just selling free software developed by others.
Perhaps the community is philanthropic to the point of providing free software for other people to sell. But the community or the authors of the licenses aren't naive. The possibility has been known from the start, as was the fact that it's after all quite difficult to charge a lot of money for selling something when free downloads are also almost guaranteed to exist.
I'd be a lot more concerned about how volunteers assume active maintenance burden and responsibility for software libraries that are used for free by just about every software company on the planet.
I don't see anything about trinsic2's (or anybody else's) promoting Linux or installing it on customers' computers that would be in contradiction with open source, even morally. I certainly don't see how a "license" could be required for doing so when the individual licenses of each included piece of software already permit commercial distribution. The only way he might need a separate license would be if he installed a distribution that's actually not entirely open source and bundles proprietary components that are not freely distributable.
rolph•3mo ago
theres nothing wrong with a wage for time and effort.
i think contributors could probably handle free coffees extended toward acknowledgement of the effort.
Delk•3mo ago
Well, you should, because doing so generally requires exploitation of the ignorant or an outright scam.
But the additional value provided might be as simple as (pre)installing the OS and making sure it works with the hardware. Or transferring the customer's data from their old OS for them. I see nothing wrong with charging for those. I might not pay for them since I can easily do them myself but they can be valuable services to others.
Hypothetically you could also sell copies of a distro on physical media to somewhere with poor internet access and it would be fine. People did that in the 90's even in rich countries.
Of course it all sort of depends on how much you charge and for what. You probably still couldn't charge $100 just for the copy without some kind of exploitation since informed people would figure out cheaper ways of getting it.
And of course if you just took an existing distro, changed its name and branding to RolphOS without adding anything of value, and then sold ISO images for $100 to the ignorant by presenting it as your unique special OS, you would get a bad name in the community. It probably still wouldn't violate copyright if all the software were open source, you didn't claim copyright for anything you didn't write and you retained the original licenses, but it would be scammy.
nobody9999•3mo ago
Assuming that someone has customers, they have a viable business model, that's what happens.
That was, in fact, the business model of most Linux distros before we were all terminally online.
Don't be shy. Tell us what you're concerned about and why you think that's an issue.
Are you implying some sort of illegality or breach of license?
kortilla•3mo ago
Loughla•3mo ago
Ever.
Forever.
trinsic2•3mo ago
gerdesj•3mo ago
A device can be woken up at silly o'clock and "apt update && apt upgrade && apt autoremove && shutdown -r now" can be run via cron.
apt as deployed by Debian itself has options for automatic updates (via cron), which is the better option. Have a look under /etc/apt/apt.conf.d/
trinsic2•3mo ago
encom•3mo ago
Orygin•3mo ago
It can't. The device is in my room and making noise when on. If that device wakes up and wakes me up, it's either getting a force shutdown (breaking the update) or getting in the trash. Plus the device is generally left in suspend mode, so shutting it down would interrupt my workflow.
1718627440•3mo ago
d3Xt3r•3mo ago
[1] https://getaurora.dev/
abdullahkhalids•3mo ago
timbit42•3mo ago
dralley•3mo ago
morshu9001•3mo ago
PostOnce•3mo ago
The business customers might want to know that databases are a lot cheaper on Linux, especially for small business.
Literally spoke to an automation company the other week that told me "we have to delete a bunch of stuff every time the database gets near 10GB or we'll have to pay Microsoft".
Plus there's no license cost for linux itself either.
This stuff might not be viable for hundreds of employees in a business where MS is already entrenched, but for a small business it absolutely is a better deal.
trinsic2•3mo ago
gerdesj•3mo ago
It's time for change. VMware have tossed themselves off into limbo and MS seem hell bent on alienating a vast swathe of humanity with W11's requirements - weirdest A/B test ever.
I'm working on some bigger clients ...
zrobotics•3mo ago
I run firefox+UBO+privacy badger on my machines, and the only sites I've had to disable my privacy extensions in the last few years for were work related, B2B SaaS apps. A few years ago I pushed UBO to user machines (Chrome on win10) at work, and had a ton of user issues. I finally had to disable it, it wasn't a net benefit to us. It's not just a 'turn it on and leave it alone' thing, and people don't always think or remember to try toggling it off and reloading the page when they encounter issues.
That said, it's insane to me to be paying MS for a database with a 10GB limit, but I've seen their price lists. I've also worked with small businesses that don't have in-house IT, and they just end up overpaying for crappy service for many of those things.
I hope this win11 migration causes more MSPs and consultants to move small businesses over to linux though, MS has been predatory on pricing for business customers for far too long and with as much work has migrated to a browser there will be way less issues switching than there were years ago.
moduspol•3mo ago
zrobotics•3mo ago
harshreality•3mo ago
zrobotics•3mo ago
It's really easy to just say it's the LUsers fault and make pebkac jokes, and I definitely enjoy BOFH style humor, but honestly not everyone will remember the 30 seconds of training to go into this menu and toggle off an extension if netsuite throws a cryptic error or won't behave properly. I find it's better to have some empathy for other people, not everyone thinks like a computer and connecting 'I have this error message full of gibberish about API calls' and 'the IT guy mentioned 2 months ago that if a site isn't loading, I need to turn off this thing'.
chipsrafferty•3mo ago
firefax•3mo ago
Orygin•3mo ago
Never had one and I have been using uBlockOrigin for a decade. If a SaaS doesn't work with it, report it to them or skip it (if not already vendor locked on it).
Aurornis•3mo ago
Probably an unpopular thing to say here, but in my experience pushing non-tech people to use libreoffice as part of a Linux transition is a fast track to getting them to hate Linux.
Using Google Docs has been much more welcoming in my experience. Something about libreoffice doesn’t resonate with a lot of non-tech people.
d3Xt3r•3mo ago
sitharus•3mo ago
wbpaelias•3mo ago
foxandmouse•3mo ago
bigstrat2003•3mo ago
I'll grant that it's personal preference and OP should do what his customers prefer, but what you said is a good thing. UIs have sucked for some time now, so something which deliberately uses an older style is generally far superior.
squigz•3mo ago
amonith•3mo ago
account42•3mo ago
amonith•3mo ago
Categorized ribbon is an improvement for most people. Especially new generations who simply can't enjoy the effect of shared conventions with other software.
chipsrafferty•3mo ago
AuthAuth•3mo ago
darkwater•3mo ago
Aurornis•3mo ago
> LibreOffice is a UI time capsule..more archaeology than productivity.
I agree. Seeing the comments here claiming the outdated UI is a good thing, actually, brings up one of the big problems with a lot of open source and/or Linux soecific software: The resistance to UI change is huge among die-hard users so the projects tend to get stuck in whatever UI language they had a decade ago when they started
When I introduce people to open source versions of different software I find myself starting with “The UI has a steep learning curve, but…”.
It would be so much easier if we could give people apps that were targeted at familiar UI patterns of today, even if it angers a vocal minority who want every UI to look like it came out of the 90s or early 2000s when they first discovered their love of computers.
underlipton•3mo ago
Oh, worse: stuck in whatever weird, half-baked UI decisions that were made because someone had a great idea that they did not test at all, or because they hated the industry standard approach that everyone else uses. It's no secret that Blender adoption exploded when they added normal menus, and then made right-click select an optional function, and then finally added an auto Maya-like interface option.
But that's one instance where we lucked out. Not just because they fixed it, but also because the thing that needed to be fixed was in users' face and obvious.
chipsrafferty•3mo ago
eblanshey•3mo ago
malcolmxxx•3mo ago
morshu9001•3mo ago
politelemon•3mo ago
tim333•3mo ago
underlipton•3mo ago
My understanding is that the issue is the way OO/LO and the OS work together to handle file writes, which will not be changed because Linux distros do it right and Windows does it wrong and too bad that I was trying to use OO on a Windows PC. But I can't get a straight answer, and even if I were to, it wouldn't fix the bug - because the bug would be that I was using Windows. And now that I know that this is something that happens, I don't have any real guarantee that tomorrow the problem won't be the particular distro that I use, or whatever weird personal ax-to-grind led to the design decision that would now be giving me a headache. And that probably goes doubly for your average Windows user who doesn't really know what they're getting into.
Obviously, Google's support situation isn't any better. They've also had their share of catastrophic data loss fun-times. I genuinely don't know what the answer is.
heavyset_go•3mo ago
IMO, if they need Office, they should just use Windows.
AlotOfReading•3mo ago
As an example, I recently submitted a manuscript following standard format [0] with libreoffice. Nothing difficult, just basic professional functionality.
The only way to do it involved editing global default page styles (because custom page styles can't be used for title pages?) and other advanced features. Fair enough, at least it was possible. It's a shame the export process didn't preserve the formatting and screwed up page numbering.
I had to fix the manuscript in gdocs instead, where it was easy.
[0] https://www.shunn.net/format/story/1/
bee_rider•3mo ago
koakuma-chan•3mo ago
esun•3mo ago
bee_rider•3mo ago
chipsrafferty•3mo ago
chipsrafferty•3mo ago
somenameforme•3mo ago
FWIW I'm not trying to interrogate you, I'm just trying to understand your perspective. From mine I just checked their checklist [1] and it's unclear to me what on that list you're suggesting required advanced features in Libre Office to achieve.
[1] - https://www.shunn.net/format/2024/01/a_brief_manuscript_form...
AlotOfReading•3mo ago
Libreoffice only allows either headers on all pages of a specific style, or no headers. So, how to apply a different style to just the first page? It supports that with the title page concept. But that menu only allows you to select either the Default and First Page styles, not custom styles you've added, so you have to modify the global defaults.
Then there's the numbering. LO requires headers to be the same across all pages, up to left/right distinction. That means you can't manually number. If you want to use the shunn "name/title/number" format you have to write "name/title/" and then enable the checkbox, accepting the slightly uneven spacing.
This is probably half a dozen menus altogether, which I consider advanced. It also confused the page numbering and tried to label the title page as the last page.
Another issue is that shunn's requires multiple alignments within a single line. This isn't directly supported in a reasonable way, but the same workarounds are required in MS word and gdocs so it's not like LO is especially deficient.
Smart quotes also don't work on copy-pasted text, only by a primitive typo correction system when typing. That's more of a personal process issue, since I was copying out of the markdown I do my actual editing in.
aleph_minus_one•3mo ago
Exactly.
Just work in the finance or insurance industry for a year, and you will see how it is part of the daily workflow to use very obscure, advanced Excel feature combined with VBA. If a proposed Microsoft Office alternative cannot handle this, it's not suitable.
I personally observe that a lot of nerds who barely use Excel in their daily workflow patronising that ... (in particular LibreOffice) is an alternative to Microsoft Office. Better first learn how the actual powerusers' workflows (in particular for Excel in the finance and insurance industry) actually look like.
Ekaros•3mo ago
1. Got barcode reader and scanned some barcodes from books
2. Looked up these from online API
3. Wrote result in ISBN;Name;Year to output
4. Tried to copy result to Google Sheets
5. No import from custom CSV? (Excel has very good tooling)
6. Actually to split I had to use =SPLIT() and then copy paste results in weird way to actually be able to use first column...
Is this really better? Or good enough...
squidbeak•3mo ago
tpxl•3mo ago
Most people using Excel/Sheets/Word/Docs are not power users. Pretty much all home use is covered by OpenOffice and that is the majority by user count.
subjectivationx•3mo ago
I have Libre Calc installed because I am on mint at home and even if it could do everything excel could do, I don't know how to do things the same way. Neither do most people. The personal experience and network effect is insurmountable for other software.
account42•3mo ago
skopje•3mo ago
Examples: [1] I selected a range of cells recently, by clicking and dragging, and when I let go of the mouse button, all of the selected cells shifted up and to the right by one cell, and CTRL-Z didn't undo it! [2] I have a workbook and when i duplicate a sheet with a chart, the chart is blank, so i have to delete it and re-insert a new one. [3] Sometimes the left-hand X-axis is cut in half, and I have no idea why, but if I create a new doc it goes away. I really, really want to promote LO, but it is very buggy. I can deal with it but I don't think others would.
blahedo•3mo ago
skopje•3mo ago
blahedo•3mo ago
Oh, another nifty feature of gnumeric: if you save it in its uncompressed format, it's literally .xml (good both for version control and for scripting certain kinds of things)
bee_rider•3mo ago
ivolimmen•3mo ago
heavyset_go•3mo ago
IMO, if a user's needs can be met with a Chromebook, Linux + a browser + email + Zoom/or whatever would suit them well.
I think you're going to have a hard sell if they rely on Office or other Windows-only software, and although well meaning, it might be doing them a disservice if they can't run the software they're accustomed to.
trinsic2•3mo ago
tharmas•3mo ago
heavyset_go•3mo ago
jimbob45•3mo ago
weq•3mo ago
Why wait for mass survellience and remote attesention when u can have it today!!! :D
somenameforme•3mo ago
I think this is even more true in the era of LLMs, because on the rare difference somebody might get hung up on - there's no longer real need for support. LLMs absolutely excel at questions like 'In MS Office I can do [x] to achieve [y]. How do I do that in Libre Office?'
heavyset_go•3mo ago
You have to open and edit documents you get from outside of the office. Clients regularly send me spreadsheets that don't work in Libreoffice, for example.
kjellsbells•3mo ago
For example, to be that supplier that whose documents never quite look quite right or who always struggles with the docusign /PDF /email /spreadsheet /whatever whatever.
For an SMB, fitting in with the de facto IT herd that is represented by your customers and partners is essential for survival. Sure, some SMBs do decide to buck the trend and move over, but it's hard and not for the faint hearted.
Time will tell if this problem solves itself as 365 becomes a pure web app and Windows becomes an RDP-like Cloud PC.
The irony of Bill Gates vision of a Personal computer where you run what you like and not what the mainframe gives your terminal becoming Windows where you consume what you are told to is not lost on me.
edg5000•3mo ago
iamtedd•3mo ago
Linux machines don't normally include Arial due to the license, and only PDF/A includes the fonts used in the document.
cl3misch•3mo ago
In practice however most programs seem to include fonts in exported PDFs?
edg5000•3mo ago
PDF/A has given me all kinds of issues (windows users get incorrect glyp placement with very bad results). Regular PDF has worked fine for me.
heavyset_go•3mo ago
AnthonyMouse•3mo ago
Which, as companies switch away from using Microsoft products, are now the people using Microsoft Office.
Everybody can open a PDF. Do you want to be the ones having problems sending Office documents to companies that have already stopped using it?
encom•3mo ago
jmholla•3mo ago
edg5000•3mo ago
I avoid snap myself because I use apt, but apt is a hard sell and arguably not ideal as well. E.g. I added Spotify repos which in theory could break other packages. In practice this doesn't happen (probably due to Ubuntu essentially freezing major versions for packages in their releases).
morshu9001•3mo ago
The Linux choice matrix is confusing even for programmers. Like I can understand the pieces in theory, but in practice with hardware, user-installed software, varying degrees of compatibility between components, and updates...
hn111•3mo ago
cess11•3mo ago
Create a 'showroom', virtual through network screen sharing or physical if possible. Demo machines where you can let customers get a bit of immediate experience with GNOME, Xfce and possibly something more. You can walk them through checking their email, creating a document and doing a bit of web browsing.
Don't front 'Linux', it's a tainted word that is of no use to typical public sector and small to medium business people, preferably don't mention it. Instead talk about your solutions being secure, cheap, enterprise grade, customisable, long term supported, things like that.
npteljes•3mo ago