I am a IT solutions provider for the public and small business. I think the changes to Windows 11 is gearing up to work with organizations to create a surveillance state.
So I have to decided to promote Linux over Windows for computers I build for customers. If you have any suggestions on how I can make this promotion, better let me know.
The Snap store on Ubuntu is quite good. Has Spotify, VS code, Blender, Chromium.
LibreOffice has a tabbed UI setting that mimics Office (easy to enable). Personally I love LibreOffice, something about it resonates with me. Everybody who liked office 2003 and could never get used to the newer weird ribbon UI in Office will love the default LibreOffice. Those who love the ribbon can enable the tabbed UI bar in LibreOffice. Only complaint is that performance is not as fluid as it could be.
I avoid snap myself because I use apt, but apt is a hard sell and arguably not ideal as well. E.g. I added Spotify repos which in theory could break other packages. In practice this doesn't happen (probably due to Ubuntu essentially freezing major versions for packages in their releases).
The article lists 4 Linux distros. I think the most important thing is to recommend just one distro, DE, window server combo, don't know which one but it has to be carefully thought out. They're all coming from the same thing.
The Linux choice matrix is confusing even for programmers. Like I can understand the pieces in theory, but in practice with hardware, user-installed software, varying degrees of compatibility between components, and updates...
Perhaps https://zorin.com/os/ might be a nice distro for your customers. It has 2 UI options: one that is close to macOS and one that looks more like Windows.
If it makes their decision makers fuzzy in the stomach to pay for a suite of office software, consider SoftMaker.
Create a 'showroom', virtual through network screen sharing or physical if possible. Demo machines where you can let customers get a bit of immediate experience with GNOME, Xfce and possibly something more. You can walk them through checking their email, creating a document and doing a bit of web browsing.
Don't front 'Linux', it's a tainted word that is of no use to typical public sector and small to medium business people, preferably don't mention it. Instead talk about your solutions being secure, cheap, enterprise grade, customisable, long term supported, things like that.
I think describing TPM and Secure Boot as "artificial limitations" is unfair. Many Linux distros have no problem working with both of these and they serve a valuable purpose.
The problem is not that they exist or that Windows 11 supports them. It's that Microsoft pretends they are required, when they are not.
They have good reasons to be required, though: Secure Boot reduces the ability of malware to infect the bootloader. TPM gives a strong foundation for things like Passkeys.
TPM also enables things that average users care less about like DRM, but Passkeys are a good idea and having them more-secure-by-default is good for the average user (even with accidental vendor lock-in implications).
I switched my at home setup to MX Linux just in the last 2 months for dissatisfaction with even Win10.
Win11 is a hard no, I’m keeping a laptop with Win10 for the small amount of games I play. I will likely even try WINE for them soon but just haven’t got around to it.
I think it's a good plan, though there might be some pain.
I have a bog standard AMD graphics card that does not work in Linux. I've tried multiple distributions and version in those distributions and both the Linux and AMD drivers. It just randomly flashes. Where do I go to get help? Who knows?
Try the forums or Discord chat for the distro you're trying. LinuxQuestions.org and the "Linux for All" discord are good places to ask distro-agnostic questions.
This happened with a new AMD chipset with a Framework. One firmware update improved it and then kernel 6.8? I think fixed it. Was about perfect, then kernel 6.13 AMD driver broke it again. ;-)
Where would you get help with Microsoft Windows? Same support story as Linux, in my experience. If it's a PC, I'd consider selling the card and getting a different one that looks good from a cursory research, if it's a laptop, similar story, but I'd get a 2-3 year old one so that the drivers etc situation is sorted.
I know this isn't Stackoverflow, but... Does anyone have a good mental model for disentangling the issues of full-disk encryption versus secure-boot? I've been badly procrastinating with my desktop's new SSD because of it.
Use-case is:
* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
* I don't need unattended boot at all, I'd rather enter a passphrase every time.
* Resistance to evil-maid attacks is nice but not top-priority compared to theft.
* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
I second slicktux's suggestion: look into OPAL, it's much more easier to setup and use compared to LUKS. The best part is, the encryption is transparent to the OS, so you could multi-boot between multiple OSes and not worry about encryption or compatibility with partitioning tools etc.
Your drive does need to support OPAL though, check out sedcli for managing SEDs.
they are not incompatible. You can have secure boot and FDE for both linux and windows on the same system.
Just put linux's boot drive on a removable USB that has boot priority over the builtin drive. Then configure UEFI secure boot so that it works for both windows and your custom keys.
This setup has the added benefit of making it so that windows can't overwrite your linux boot drive, but from linux you can still access your disk from disklocker
Thanks for fighting the good fight. My chief concern is that you will alienate some of your customers because normies think privacy is for crackpots. I don't have any experience being in small business computer repair, but just my feeling as a neutral 3rd party.
Try to identify the problems the customers have. If privacy isn't one of their concerns, convincing them to switch PC OS is not a great fit on that basis.
Normies don't think privacy is for crackpots, that's a meme among techies who are trying to justify surveilling their users.
Normies desperately want privacy, but think it is too hard to do, they're too dumb to figure it out, even if they figure it out it still won't really work, and that they won't be able to use stuff that they don't want to live without. They are often right, because they are smarter than they think and the industry is working against them full-time. A lot of people's incomes (on this very site) depend on keeping normies ignorant.
I have Win10 on a laptop that I use and am thinking of either taking it an offline completely (and keep on win10 forever on it) or upgrade it to Linux but am not sure if it's worth the hassle upgrading a $200 Thinkpad Carbon x1, I may as well get another one and leave this one as is. I still own a laptop with Windows 7 that when I turn on, that is quite rarely, but when I do I am hit by wave of nostalgia. This win10 machine, I wish I could extend its operation as I am pleased with how it operates in its current form but I guess it's not possible. One thing I'm certain of, I will not upgrade it to Windows 11 and Microsoft and I as a user will part ways.
go for it (upgrade to linux). My T480s is still my goto laptop when I'm travelling (if I lose it, no biggie - encrypted home dir, meanwhile it can last for 5-7 hours playing videos, running webapps etc), versus my work laptop on windows 11 dying after 2+ hours.
There are several options for desktop environment, and you can select which ones to install when you boot that installer image (and also add/subtract more later, and change your preference at login time).
One of the nicest-looking ones that should be self-explanatory to use (for anyone who's used any version of Microsoft Windows since 95) is Cinnamon. Most of other desktop environments default to similar, except for the current default Gnome one, which is a bit more creative in a way that's not intuitive.
I use Debian Stable + Gnome as my main PC. I use a handful of native apps which are all available on Linux, and most other apps are web-based. I never used to like the Gnome desktop, but modern Gnome is fast, unbloated, and it gets out of your way.
With my last PC, I was looking at Freedesktop issues and waiting for cutting edge software for a year to get complete support for my hardware. Hence Ubuntu and Fedora.
I've been living on an Unbuntu variant (Pop_OS) for over a year now and it's surprisingly good. Note that I had been a Mac-and-some-Windows user as far as desktops go for about 10 years prior to that, and had lots of Linux experience before that - so I'm experiencing a 10 year before-and-after.
Things that intrigue me:
- For photos, darktable is surprisingly good. I think this was my biggest single surprise, being a Lightroom user.
- GIMP was always great and now it's even better.
- LibreOffice is good enough that I can live on it just fine. I do miss Keynote, but it's not a showstopper.
- Dia is good enough for diagrams, though I miss OmniGraffle.
- Notice how there aren't any Windows apps I miss. There are Mac apps I miss (Keynote and OmniGraffle).
- Anything involving the web just works.
- Suspend/resume on my Linux laptop works better than suspend/resume on Windows, but not as good as what you get on Apple M hardware.
- Battery life on my Linux laptop is better than on Windows, almost entirely because Windows wakes the laptop up while it's suspended, so if you close the Windows laptop and carry it around unplugged, you'll find that the battery is totally drained after some number of hours. Linux doesn't have this problem.
- Development workflow is amazing. I'd rather program on Linux than anything else.
- Similarly for Photoshop users, Photopea might suit them better than GIMP. And there's also Photoshop Express/Online if they really want to stay in the Adobe ecosystem.
For adding shapes/colours/annotations etc to photos, I found krita to be more accessible than gimp. E.g. I wanted to do changes to my contractor's realistic concept drawings and I could learn krita (guided by Claude Sonnet) and make the changes in a span of couple of hours.
IT & software dev for a small-midsize company. I wasn't able to finish migrating last month due to a pressing project, but we're migrating almost all of our systems at work to Linux. 90% of our user's work is done in a browser, and the other 10% is in an in-house application I wrote. That app works on Linux, since my work machine has been on Linux for years.
We'll have a few macs and 2 win11 machines, but the rest are getting migrated.
We're in the Google ecosystem for email, docs, and drive so I'll just deploy Chrome instead of a Libre chromium. I'd rather not troubleshoot user profile issues, and they have access to all our data anyway. Honestly, I fully expect I'll have more than a few users that don't even notice the OS change.
Can you elaborate on the decision making? Was it purely a financial design (i.e. not to buy Win11 new systems and use the legacy PCs for Linux), or was it just a decision to break free from the Windows upgrade cycle? Thanks!
Funny seeing this here at the exact moment my frustration has boiled over with windows. I'm just completely baffled at the hostility and disdain Microsoft is showing it's customers. These issues are on top of just the disregard that people actually use these products for work and business so force-updating and breaking them so often, just so they can re-force you to accept their surveillance bloatware. My feeling today has been that we're going to look back at this moment as the straw that broke the camel's back.
The camel's back is already broken, it just so happens that changing OSs is very hard. MSFT has a leak; once they lose a customer, and that customer has figured out alternatives, they are never getting them back.
They are on a slow death spiral. Their solution to raise revenue when their marketshare goes down is to squeeze harder. So they lose more users and the vicious cycle continues. In 10-15 years, they'll dip below 50% of marketshare, at which point there will be various alternatives which will accelerate their downfall. This already happened in tablets/phones.
It might also happen faster since they have a stronghold in Asia and China is now looking to accelerate the building of alternatives.
A number of customers are leaving Windows for Linux ahead of Windows 11. To support them, we had to offer a linux equivalent for a bunch of C# .NET desktop apps.
After evaluating a lot of options, pyQT + nuitka gave a reliable cross-platform result (can target distros based on Debian and Enterprise Linux easily.) And we are still able to target Windows for the customers that remain there.
I agree with all of the articles points except for the first one: TPM and Secure Boot do not reduce user choice or promote state or corporate surveillance. If you want to be able to prevent root kits you need secure boot, and if you want to store secrets that don't need a user password to unlock and can't be stolen by taking apart the computer, you need a TPM; or you need substantially similar alternatives.
I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't. A Windows Logo compliant PC _also_ needs a way for users to install their own root of trust. Microsoft didn't need to add that requirement. Sure, there are large corporate and government buyers that would insist on that, but they could convince (without loss of generality) Dell to offer it to them. Instead, Microsoft said all PCs need it, and as a result, anybody who wants to take advantage of secure boot can do so if they go through the bother of installing their own root of trust and signing their boot image.
Thing is, because the whole design is closed as well as firmware, the security of it is near zero, even for sealing firmware device images (e.g. option ROM), much less bootloaders. Multiple security holes have been found.
There's no issue booting a boot rootkit with the standard Windows bootloader unless you manually seal the image with command line or group policy, and even then it's possible to bypass by installing a fresh bootloader because the images are identical and will boot after a wipe.
> I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't.
This was not the case with the initial rollout of Secure Boot, it was combined with locked BIOS to lock PCs so that they could only boot Windows 8 on some devices. This was the case on Windows RT ARM machines from that era.
All that has to be done today for machines to be locked down again is to flip a bit or blow an e-fuse. It's already the case on phones and tablets.
There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
I say this as someone who agrees with your first paragraph and uses Secure Boot + TPMs on all of my machines.
On the face of it they're just security features, and I don't deny they are, but the industry as a whole are using those features to implement device verification systems that are being used to lock down their platforms and centralize control over their software ecosystems.
Being able to install another OS isn't much good if critical applications and websites refuse to run on it.
TPM and Secure Boot would be good things if there were no way to prove to third parties that you're using them, or have them configured a certain way (i.e., remote attestation). It's the fact that that is possible that makes them reduce user choice and promote state and corporate surveillance.
> if you want to store secrets that don't need a user password to unlock and can't be stolen by taking apart the computer, you need a TPM
I had a Win 7 system and just entered a password on boot, this decrypted the disk. It was supported without mods or TPM (maybe some registry tweaks though).
On Ubuntu I do the same, no need for TPM.
Am I missing something?
My disk is encrypted. If they take it apart, they need my password to crack the encryption.
Between 2011 and 2013, multiple Linux / free software organisations raised the issue with the EC. There was an actual antitrust investigation which at the time was seen as what motivated Microsoft to open the solution to third parties by 2013.
So in a way, thank you EU for making it so we have choices at all.
With that said, I think the technology still does more to promote vendor lock-in and as others have said, it’s one windows update away from a dystopian hellscape where all your bits have been pre-approved by someone else.
I am starting to see the benefits to secure boot and TPM from a gaming perspective. I realize this can still be tampered with but it eliminates so many casual cheaters that the edge case is practically irrelevant.
I don't see how my TPM module will prevent me from using the machine the way I want. The offer of a cryptographic assurance to a 3rd party is something I happily provide in order to gain access to a competitive gaming resource. Cheaters really fucking suck and if this is what it takes to ruin their day, then fantastic. I'm looking forward to TPM3.0 now after seeing how ruinous this has been to their schemes. These tools are effective.
Battlefield 6 is especially problematic for malcontents because its developers also enjoy using statistical methods to detect cheaters. TPM2.0 + statistical methods + $69.99 per try = probably can't afford to play this game unfairly for very long. Even if you can afford it, the in game progression takes an eternity. You're gonna need that 8x scope if you want your "undetectable" frame scanning aimbot to be of any use.
> I am starting to see the benefits to secure boot and TPM from a gaming perspective. I realize this can still be tampered with but it eliminates so many casual cheaters that the edge case is practically irrelevant.
This is overkill for a feature that is only relevant to one specific usage of PCs. Imagine if your PC got crippled because farmer IT admin benefits from it
> If you want to be able to prevent root kits you need secure boot
I think this is very misleading. Secure boot was a response to the poor security of commodity operating systems which allowed programs easy access to make low-level system modifications. In other words, the poor security models of commodity operating systems was the actual cause that allowed rootkits to spread and become a major threat that required mitigation.
In an alternate world in which operating systems enforced least privilege on all programs, the likelihood of a rootkit spreading would be orders of magnitude smaller, almost not even worth mentioning. The motivation for secure boot in this world is really only to prevent supply chain attacks, which can also be solved by just buying hardware from reputable companies. Secure boot arguably would not have been created in this world, thus avoiding the new dangers inherent to it.
Where I work, I'd love to move our remaining Windows boxes to linux, but there's often software that only works on Windows. How well does Wine work these days? Can they run CAD software for example?
CAD machines are some of the few in our company that are staying windows instead of going to Linux. We're an autodesk shop, I tested fusion under Debian 6 months ago and it didn't work very well. I tried proton and wine, couldn't get either to work great and had issues. It would launch, but opening a medium complexity assembly was laggy, and the CAM module would crash fairly often. I can't speak for other programs from personal experience though.
That said, for home use freecad has gotten a lot better after the ondsel changes were merged, I was using the free liscence of fusion360 for personal projects, and moved over to freecad 6 months ago. I'd originally tried it 7 or 8 years ago, and it was just absolutely awful to use, but modern versions are really very good. There wasn't a huge learning curve, and I haven't run into anything that the program can't do. For hobby CAD, I'm using it for 3d printing, a Cnc mill, and making prints for manual machining. Honestly, I've been less frustrated with freecad than fusion360, it does a better job of getting out of my way and letting me design things. That said, I'm a software dev and IT guy, I don't know if it would work for commercial use. I certainly didn't push for the engineers to change, but their workstations are already running win11 that I had to debloat.
On linux, you have OpenSCAD (which is okay for some applications) and you have FreeCAD (which sucks imo). Right now, I just use OnShape which works in my web browser and is similar to SOLIDWORKS (and it's $0 for students).
They want to try to force me to buy a new PC? In this economy?
I'm using Ubuntu as my daily driver for the first time since ~2010, and I'm solidly not hating it.
Thinking about other desktop environments and what not, but this was easy and familiar. Everything literally just worked... Which is the first for me with Linux.
I've been using Linux since the early 2000s. I've never been able to completely switch over from Windows or Mac.
One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
When I was young and poor, I had all the time in the world to tinker with my Linux machine to figure to get everything working again. I just want an operating system to work. If not Windows, I would recommend a Mac.
> One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
That's not really a problem anymore with immutable/atomic distros. Your entire system is upgraded in one go as a single image, any dependency issues are handled on the server (basically the image won't get built if there are issues). And most of your user apps will be installed via Flatpak or other means (homebrew/Nix etc) so you won't ever have to suffer from dependency issues unlike regular distros.
So if you want to get a distro that "just works", get an immutable+atomic distro (eg Aurora, Bazzite etc). Assuming of course, you've got compatible hardware.
I had a small business in 1995. We offered Slackware Linux for free and provided free training and installation for clients who wanted to try it. When Windows 95 came out, I had a 486DX 50Mhz system that booted Windows 95 and Linux, and Linux was more stable than Windows 95. Linux was also better than OS/2, but it didn't run DOS and Windows programs in Linux yet.
Those who chose Linux were happy with the choice. But they were only a minority.
Now, Windows 11 requirements make a lot of PCs obsolete unless they install Linux on them.
This is an excellent article as well as a sign of the times. I wish the list of Linux choices had included Mint, which is essentially Ubuntu without Snaps. Snaps are a partly closed-source Ubuntu project that contradicts the open nature of Linux.
Linux users can install the free software suite LibreOffice, which not only replaces Office but reads and writes the same file formats. Many similar choices exist, this is just one.
Gamers can install the free Steam game compatibility layer on Linux, then play many of the same games they play on Windows.
Meanwhile, Redmond's recent requirement that everyone sign up for a Microsoft account, and its pushing the Recall eavesdropping-to-cloud feature with no user opt-out provisions, clearly signals Microsoft's belief that their customers should't be allowed to choose.
Here is a list of current Windows traits that should be options, but are out of an end-user's control:
* Required Microsoft account.
* User tracking and telemetry without knowledge or consent.
* OneDrive, which is cloud storage and tracking, requires technical skill to disable.
* Desktop-recall images to the cloud, essentially Microsoft mass surveillance.
* Edge browser, cannot disable or remove.
* Unintuitive user interface, out of user's control.
* Advertising everywhere.
All these frequently heard complaints are addressed by Linux, and Linux is free.
I've been a Linux user for 30 years. I maintain one Windows dual-boot system, partly to help friends deal with Windows issues, partly to entertain myself with what most people believe constitutes a normal end-user computer experience.
Nobody thinks this is a weird reaction to an OS update that's been out for years at this point and barely makes a difference over the previous version?
There's no 'Recall'. Co-pilot isn't all over in your face so removing it isn't really a priority. Edge isn't forced on you, it's just part of the bundled software just like a bunch of other items as in every Windows for decades. Not saying it doesn't get hairy if you're going out of your way to remove them or not be in the ecosystem, but consumers don't care, and for the most part stuff isn't being forced in front of them.
122 comments
[ 4.3 ms ] story [ 110 ms ] threadSo I have to decided to promote Linux over Windows for computers I build for customers. If you have any suggestions on how I can make this promotion, better let me know.
I avoid snap myself because I use apt, but apt is a hard sell and arguably not ideal as well. E.g. I added Spotify repos which in theory could break other packages. In practice this doesn't happen (probably due to Ubuntu essentially freezing major versions for packages in their releases).
The Linux choice matrix is confusing even for programmers. Like I can understand the pieces in theory, but in practice with hardware, user-installed software, varying degrees of compatibility between components, and updates...
Create a 'showroom', virtual through network screen sharing or physical if possible. Demo machines where you can let customers get a bit of immediate experience with GNOME, Xfce and possibly something more. You can walk them through checking their email, creating a document and doing a bit of web browsing.
Don't front 'Linux', it's a tainted word that is of no use to typical public sector and small to medium business people, preferably don't mention it. Instead talk about your solutions being secure, cheap, enterprise grade, customisable, long term supported, things like that.
The problem is not that they exist or that Windows 11 supports them. It's that Microsoft pretends they are required, when they are not.
TPM also enables things that average users care less about like DRM, but Passkeys are a good idea and having them more-secure-by-default is good for the average user (even with accidental vendor lock-in implications).
Win11 is a hard no, I’m keeping a laptop with Win10 for the small amount of games I play. I will likely even try WINE for them soon but just haven’t got around to it.
I have a bog standard AMD graphics card that does not work in Linux. I've tried multiple distributions and version in those distributions and both the Linux and AMD drivers. It just randomly flashes. Where do I go to get help? Who knows?
Use-case is:
* Dual-boot where I choose in BIOS/UEFI to go to either the existing Win10 drive or new Linux drive.
* I don't need unattended boot at all, I'd rather enter a passphrase every time.
* Resistance to evil-maid attacks is nice but not top-priority compared to theft.
* I want to be able to take my drive out of a dead computer and access it elsewhere if something goes wrong, as opposed to needing to reformat and reload from backups.
* If I install a distro with secure-boot off, can I turn it on later for benefits, or vice-versa?
Your drive does need to support OPAL though, check out sedcli for managing SEDs.
Just put linux's boot drive on a removable USB that has boot priority over the builtin drive. Then configure UEFI secure boot so that it works for both windows and your custom keys.
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Inst...
This setup has the added benefit of making it so that windows can't overwrite your linux boot drive, but from linux you can still access your disk from disklocker
Try to identify the problems the customers have. If privacy isn't one of their concerns, convincing them to switch PC OS is not a great fit on that basis.
Normies desperately want privacy, but think it is too hard to do, they're too dumb to figure it out, even if they figure it out it still won't really work, and that they won't be able to use stuff that they don't want to live without. They are often right, because they are smarter than they think and the industry is working against them full-time. A lot of people's incomes (on this very site) depend on keeping normies ignorant.
But of a bait and switch from that to the actual article title…
> Retiring Windows 10 and Microsoft's move towards a surveillance state
If nothing else adhering to HN’s guideline on titles would have saved me having to suffer through reading “recomming.”
https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/d...
There are several options for desktop environment, and you can select which ones to install when you boot that installer image (and also add/subtract more later, and change your preference at login time).
One of the nicest-looking ones that should be self-explanatory to use (for anyone who's used any version of Microsoft Windows since 95) is Cinnamon. Most of other desktop environments default to similar, except for the current default Gnome one, which is a bit more creative in a way that's not intuitive.
Things that intrigue me:
- For photos, darktable is surprisingly good. I think this was my biggest single surprise, being a Lightroom user.
- GIMP was always great and now it's even better.
- LibreOffice is good enough that I can live on it just fine. I do miss Keynote, but it's not a showstopper.
- Dia is good enough for diagrams, though I miss OmniGraffle.
- Notice how there aren't any Windows apps I miss. There are Mac apps I miss (Keynote and OmniGraffle).
- Anything involving the web just works.
- Suspend/resume on my Linux laptop works better than suspend/resume on Windows, but not as good as what you get on Apple M hardware.
- Battery life on my Linux laptop is better than on Windows, almost entirely because Windows wakes the laptop up while it's suspended, so if you close the Windows laptop and carry it around unplugged, you'll find that the battery is totally drained after some number of hours. Linux doesn't have this problem.
- Development workflow is amazing. I'd rather program on Linux than anything else.
- The lack of crapware and nagware is so amazing.
- Similarly for Photoshop users, Photopea might suit them better than GIMP. And there's also Photoshop Express/Online if they really want to stay in the Adobe ecosystem.
For adding shapes/colours/annotations etc to photos, I found krita to be more accessible than gimp. E.g. I wanted to do changes to my contractor's realistic concept drawings and I could learn krita (guided by Claude Sonnet) and make the changes in a span of couple of hours.
We'll have a few macs and 2 win11 machines, but the rest are getting migrated.
We're in the Google ecosystem for email, docs, and drive so I'll just deploy Chrome instead of a Libre chromium. I'd rather not troubleshoot user profile issues, and they have access to all our data anyway. Honestly, I fully expect I'll have more than a few users that don't even notice the OS change.
See this for all OSs/platforms: https://gs.statcounter.com/os-market-share#monthly-200901-20...
See this for Desktop OSs: https://gs.statcounter.com/os-market-share/desktop/worldwide...
They are on a slow death spiral. Their solution to raise revenue when their marketshare goes down is to squeeze harder. So they lose more users and the vicious cycle continues. In 10-15 years, they'll dip below 50% of marketshare, at which point there will be various alternatives which will accelerate their downfall. This already happened in tablets/phones.
It might also happen faster since they have a stronghold in Asia and China is now looking to accelerate the building of alternatives.
After evaluating a lot of options, pyQT + nuitka gave a reliable cross-platform result (can target distros based on Debian and Enterprise Linux easily.) And we are still able to target Windows for the customers that remain there.
I would say that specifically with Secure Boot, Microsoft actually promoted user choice: A Windows Logo compliant PC needs to have Microsoft's root of trust installed by default. Microsoft could have stopped there, but they didn't. A Windows Logo compliant PC _also_ needs a way for users to install their own root of trust. Microsoft didn't need to add that requirement. Sure, there are large corporate and government buyers that would insist on that, but they could convince (without loss of generality) Dell to offer it to them. Instead, Microsoft said all PCs need it, and as a result, anybody who wants to take advantage of secure boot can do so if they go through the bother of installing their own root of trust and signing their boot image.
There's no issue booting a boot rootkit with the standard Windows bootloader unless you manually seal the image with command line or group policy, and even then it's possible to bypass by installing a fresh bootloader because the images are identical and will boot after a wipe.
This was not the case with the initial rollout of Secure Boot, it was combined with locked BIOS to lock PCs so that they could only boot Windows 8 on some devices. This was the case on Windows RT ARM machines from that era.
All that has to be done today for machines to be locked down again is to flip a bit or blow an e-fuse. It's already the case on phones and tablets.
There is also a real potential for abusing TPMs or cryptographic co-processors to enforce remote attestation.
I say this as someone who agrees with your first paragraph and uses Secure Boot + TPMs on all of my machines.
Being able to install another OS isn't much good if critical applications and websites refuse to run on it.
Now with remote attestation they do.
> installing their own root of trust and signing their boot image
Won't matter. They can tell we did this. They won't trust our keys. Only their own.
I had a Win 7 system and just entered a password on boot, this decrypted the disk. It was supported without mods or TPM (maybe some registry tweaks though). On Ubuntu I do the same, no need for TPM. Am I missing something? My disk is encrypted. If they take it apart, they need my password to crack the encryption.
Let’s not give Microsoft too much credit here…
Between 2011 and 2013, multiple Linux / free software organisations raised the issue with the EC. There was an actual antitrust investigation which at the time was seen as what motivated Microsoft to open the solution to third parties by 2013.
So in a way, thank you EU for making it so we have choices at all.
With that said, I think the technology still does more to promote vendor lock-in and as others have said, it’s one windows update away from a dystopian hellscape where all your bits have been pre-approved by someone else.
I don't see how my TPM module will prevent me from using the machine the way I want. The offer of a cryptographic assurance to a 3rd party is something I happily provide in order to gain access to a competitive gaming resource. Cheaters really fucking suck and if this is what it takes to ruin their day, then fantastic. I'm looking forward to TPM3.0 now after seeing how ruinous this has been to their schemes. These tools are effective.
Battlefield 6 is especially problematic for malcontents because its developers also enjoy using statistical methods to detect cheaters. TPM2.0 + statistical methods + $69.99 per try = probably can't afford to play this game unfairly for very long. Even if you can afford it, the in game progression takes an eternity. You're gonna need that 8x scope if you want your "undetectable" frame scanning aimbot to be of any use.
This is overkill for a feature that is only relevant to one specific usage of PCs. Imagine if your PC got crippled because farmer IT admin benefits from it
https://linustechtips.com/topic/1610033-hp-charges-for-warra...
I think this is very misleading. Secure boot was a response to the poor security of commodity operating systems which allowed programs easy access to make low-level system modifications. In other words, the poor security models of commodity operating systems was the actual cause that allowed rootkits to spread and become a major threat that required mitigation.
In an alternate world in which operating systems enforced least privilege on all programs, the likelihood of a rootkit spreading would be orders of magnitude smaller, almost not even worth mentioning. The motivation for secure boot in this world is really only to prevent supply chain attacks, which can also be solved by just buying hardware from reputable companies. Secure boot arguably would not have been created in this world, thus avoiding the new dangers inherent to it.
Yes, they did. It was written by the specter of the US Department Of Justice.
Secure boot is a rootkit.
That said, for home use freecad has gotten a lot better after the ondsel changes were merged, I was using the free liscence of fusion360 for personal projects, and moved over to freecad 6 months ago. I'd originally tried it 7 or 8 years ago, and it was just absolutely awful to use, but modern versions are really very good. There wasn't a huge learning curve, and I haven't run into anything that the program can't do. For hobby CAD, I'm using it for 3d printing, a Cnc mill, and making prints for manual machining. Honestly, I've been less frustrated with freecad than fusion360, it does a better job of getting out of my way and letting me design things. That said, I'm a software dev and IT guy, I don't know if it would work for commercial use. I certainly didn't push for the engineers to change, but their workstations are already running win11 that I had to debloat.
On linux, you have OpenSCAD (which is okay for some applications) and you have FreeCAD (which sucks imo). Right now, I just use OnShape which works in my web browser and is similar to SOLIDWORKS (and it's $0 for students).
In the future I will try running windows CAD under linux using kvm and this: https://github.com/casualsnek/cassowary
I'm using Ubuntu as my daily driver for the first time since ~2010, and I'm solidly not hating it.
Thinking about other desktop environments and what not, but this was easy and familiar. Everything literally just worked... Which is the first for me with Linux.
One issue I've always had is when updating applications you use every day, one bad library could make the application unusable. Most are a dependency nightmares and there just aren't enough people paid to work on Linux apps to offer good support.
When I was young and poor, I had all the time in the world to tinker with my Linux machine to figure to get everything working again. I just want an operating system to work. If not Windows, I would recommend a Mac.
That's not really a problem anymore with immutable/atomic distros. Your entire system is upgraded in one go as a single image, any dependency issues are handled on the server (basically the image won't get built if there are issues). And most of your user apps will be installed via Flatpak or other means (homebrew/Nix etc) so you won't ever have to suffer from dependency issues unlike regular distros.
So if you want to get a distro that "just works", get an immutable+atomic distro (eg Aurora, Bazzite etc). Assuming of course, you've got compatible hardware.
Those who chose Linux were happy with the choice. But they were only a minority.
Now, Windows 11 requirements make a lot of PCs obsolete unless they install Linux on them.
20 years ago Ubuntu was the go-to for baby's first Linux. Is that still the case?
Linux users can install the free software suite LibreOffice, which not only replaces Office but reads and writes the same file formats. Many similar choices exist, this is just one.
Gamers can install the free Steam game compatibility layer on Linux, then play many of the same games they play on Windows.
Meanwhile, Redmond's recent requirement that everyone sign up for a Microsoft account, and its pushing the Recall eavesdropping-to-cloud feature with no user opt-out provisions, clearly signals Microsoft's belief that their customers should't be allowed to choose.
Here is a list of current Windows traits that should be options, but are out of an end-user's control:
* Required Microsoft account.
* User tracking and telemetry without knowledge or consent.
* OneDrive, which is cloud storage and tracking, requires technical skill to disable.
* Desktop-recall images to the cloud, essentially Microsoft mass surveillance.
* Edge browser, cannot disable or remove.
* Unintuitive user interface, out of user's control.
* Advertising everywhere.
All these frequently heard complaints are addressed by Linux, and Linux is free.
I've been a Linux user for 30 years. I maintain one Windows dual-boot system, partly to help friends deal with Windows issues, partly to entertain myself with what most people believe constitutes a normal end-user computer experience.
A bit of context -- my first computer was an Apple II in 1977, so my definition of personal computing might seem out of touch with modern times (https://www.atariarchives.org/deli/cottage_computer_programm...).
Can you fix?
There's no 'Recall'. Co-pilot isn't all over in your face so removing it isn't really a priority. Edge isn't forced on you, it's just part of the bundled software just like a bunch of other items as in every Windows for decades. Not saying it doesn't get hairy if you're going out of your way to remove them or not be in the ecosystem, but consumers don't care, and for the most part stuff isn't being forced in front of them.