Windows 11 looks like the perfect reason to give UNIX-based systems another try. Literally the only thing that's kept me hooked to Windows are the Office apps. They're baked into so many of my workflows, from creating simple graphics to doing my personal finances, and of course plenty of legacy documents that I'd like to continue being able to use. They're really Windows-native I've found, even the official versions for iOS seem to be missing some features (last time I checked was in the past year, and I couldn't find some paragraph-level formatting options I wanted in Word, eg). Google Docs seem like a different product, they apparently have great APIs, but the "click-based" features are no match. It's been ages since I tried LibreOffice, but it was no match back then either.
I'm thinking, either I need to get used to different workflows or just try virtualization. I heard Figma is great for presentations, anything that Excel can do where the alternatives are lacking is probably better done in R/Python anyway, but for Word I don't see an alternative. No way I'll use LaTeX for all my writing, and anything Markdown-based just won't cut it formatting-wise. Or just use something like Wine I guess. Anyone facing a similar situation?
Long-time Windows user here that made the jump from Windows 11+WSL to Linux a few months ago. After test driving a few distros, I settled on CachyOS (an Arch-based distro)[1].
Performance wise it's smooth as heck, and Geekbench scores show it performing better than Win11 across the board. The default install uses KDE Plasma for its desktop, which is a perfect fit for Windows users like myself in terms of UX/UI.
For an alternative to MS Office, I've been using OnlyOffice[2] with no compatibility issues yet (though I am only a casual user and not a hardcore Word/Excel user).
I reinstalled Win11 last week to confirm whether or not I was experiencing bias, and there was noticeable feeling of "lag" when using Win11 compared to CachyOS (this test was with the latest Win drivers and patches on relatively recent Thinkpad hardware). I went back to Cachy with no hesitation after that.
> Yes, every dependency onlyoffice uses is outdated. They even use v8 8.9 that doesn't include any security patches. They also uses outdated CEF binary downloaded from an http url and doesn't check its integrity at all. Even worse, that CEF binary might be closed source as suggested by dbermond in https://github.com/ONLYOFFICE/DesktopEditors/issues/1664
> I would advise anyone who uses onlyoffice to avoid opening any untrusted documents with it. It appears that onlyoffice upstream doesn't care about security at all. See https://github.com/ONLYOFFICE/DesktopEditors/issues/1664 for more details
Ahaha, I've become that person I guess. I only mentioned Arch as I've always used Ubuntu when using Linux desktop VMs, and even test drove Kubuntu before trying out Cachy. Apart from some brief time getting used to pacman as a package manager instead of apt, I haven't encountered any other items that felt different to Ubuntu.
Can't recommend this enough, I was letting a few games with anticheat keep my personal use on Windows and I decided to jettison those and make the plunge and couldnt be happier.
I went with Mint instead of an arch-based distro, but my experience has been really great even dealing with Geforce drivers.
I use the 365 suite in a web browser if I need to work on it , no issues.
+1 for only office. When I was a data analyst I made this custom graph in Excel that rendered some lines as speedometers. It calculated the rotation based on the input numbers to align them in the right position. LibreOffice could not handle it (and I don't blame them). I was shocked when I opened the file in OnlyOffice and it worked!
I run Linux on my work machine and my office is full Windows/MacOS shop.I've so far been able to get away with using either office web apps for things like Teams, Outlook, Excel and Word and I also have a Window 11 VM that has all the desktop versions of the same apps.
I would say that 99.9% of the time I can get away with using the web app versions, even for things like Teams meetings it works really well. Once in a blue moon I will have a document that I can't open in the web versions so I fire up the VM and open it on there.
There are definitely some annoyances around this workflow but IMHO the annoyances pale in comparison to the annoyance of having to use Windows or MacOS every day.
When I see people waking up now I wonder what's taken them so long. I could see this 15 years ago and jumped off Windows at that point. Been using Linux ever since. It's become so easy since then I've intentionally made my life more difficult by switching to Gentoo about 5 years ago. I'm so glad none of my work is locked into the products of rent seeking companies like Microsoft. It was easier for me because 15 years I didn't already have a body of work and an investment into any tools, but I still think it's something you'll be glad you did in another 15 years.
How the documents look is everything. That’s what separates desktop publishing like Word from Notepad. The documents have to look the same and have to print the same. Legal cases depend on it. Academic submissions depend on it (Nature Communications template is not latex, it is word). This is not something that can be omitted.
Ah, but, “pdfs aren’t editable” and “pdfs cost more money to view”. People absolutely do use Word when they want documents to look the same, and will complain when the documents look different.
That's the conventional short-term wisdom, but you'll find just about any rule is bendable to breakable when market conditions change, folks get scared, or they simply decide to.
There's no document formatting that can't be copied elsewhere. Start with new documents and convert the old ones (to pdf or whatever) at some point.
Since Windows XP that is is going to be the year of Linux migration following the Windows exodus after each Windows version is announced, and here we are.
Even Valve can't get the folks targeting Android to port their NDK powered games into SteamDeck, they have to translate Windows/DirectX instead.
It's probably worth trying LibreOffice again if your last install was a couple of years ago. They take document compatibility bugs pretty seriously and fix a bunch with every release.
That's probably the easiest step to take next, before looking at virtualization or a full Linux install with Wine.
Calc is... bad. It's slow and I've run into bugs in formulas; would rather use google sheets, which are a different kind of bad, but better than calc. No issues with writer, haven't used anything else.
I can vouch that the OnlyOffice flatpak is worth at least giving a try. Just sending sth important without requiring Microsoft office at all, feels so good. Granted I have a docx template and generated the initial version with pandoc, so I'm not doing any formatting or anything, just back and forth over editing.
Office is moving web based. OWA is first class now, with Outlook New being a thin wrapper around it with some natives. Also their mockups all use macs primarily so “go figure”
There is a long, long road ahead for that to happen. Excel has to not only radically change itself, but so does Power BI. The 3rd party ecosystem has slowly changed from COM add-ins to the JS-based Add-ins, but even then there are many 3rd parties that continue to go the COM route, hence the very long deprecation road for 'legacy' Outlook in the enterprise.
I am curious what made you give up? The EOL of Windows 7 is precipitated my switch.
I went down the fun path of running Windows on Linux with a pass-through VM for a while but found that most of what I was trying to do worked well in Linux.
Of course, I don't do any development or work on my own computer. Work computer is now 11 and I dislike it but honestly the IT lockdown drives more ire than the Microsoft redesign
I've used windows for 30+ years, and I'm getting a Mac this year. I seriously considered Linux on a Thinkpad and even test-drove Debian on my older X1 Carbon. I tried, but too many things didn't quite work. I'd get stuck on the login screen for no apparent reason. VMware modules were a pain to build and sign. Something (might have been VMware modules) caused it to freeze. Hidpi support isn't ready. And nothing was really polished.
As someone who has used OSX for .. 21 years now and is slowly, but surely moving off: the grass is not greener on the other side.
Bugs aplenty, a user interface which has seriously deteriorated over the last decade bundled with an ever-increasing user hostility and tendency to lock you out of your system.
One example: you can no longer manage which applications may run as daemons/background tasks. Any application can register itself with the OS to do so, and your only recourse is a little tiny switch in the system preferences.
Only, in the case of Google Chrome this does not work; the application constantly re-registers itself, overriding the setting. I can no longer prevent Chrome from doing whatever the hell it wants to do, and — adding insult to injury — every time it does, I get a persistent notification from macOS that it is now doing what ever the hell it wants to do. About a dozen times a day.
Sounds like my 6th Gen X1, only I replaced the battery last fall. I also noticed the display glitches sometimes when I open it, and the USB-C ports have connection issues sometimes.
Give Linux a try. After seeing how ad-centered Windows 11 has become, I made the decision to wipe my drive and go full Linux, and I couldn't be happier. Is it perfect? No. Is it better for my workflow and caters to my more advanced usage? A big resounding yes.
It cannot replace Microsoft Office, but it's getting close. Most people don't use the full functionality of Microsoft Office, so LibreOffice and Google's online suite are good enough, but I still keep a remote Windows Virtual Machine (VM) around for those time I need Windows-specific stuff and RDP into the VM. I look forward to the day Microsoft finally wakes up and ports Microsoft Office to Linux.
I'm working on a cross-platform native-first, offline-first replacement for Excel and PowerPoint, so hopefully it can help you and others make the switch.
I, too, spent far too long trapped in Windows because I couldn't get away from MS Office
For me it is only Excel. I am not even a power user, but its strongest features is its integration with powerquery. In many use cases it is perfectly enough to quickly analyze some data and it is still friendly enough to give non-tech workers possibilities to refresh the newest data available.
Apart from that every other part of the MS ecosystem is replaceable. If there would be a solution for corporate IT account management, Windows could be replaced without much friction.
Office is moving to the cloud, so the current dying breed of desktop apps should be covered by WINE, eventually. Or cave in and use O365, like I do for work - the irony is that Microsoft's insistence on O365 has completely defeated the purpose of their OS.
I mean... Office also just runs just fine on a Mac. But I agree, Linux is the way to go. VMs are not so bad, but you can also use Steam's Proton to run most Windows software just fine, I would be surprised if people don't just run Office from Steam's flavor of Wine, since the game support is phenomenal.
What is Microsoft hoping to accomplish here? Given the rate of adoption of Windows 11, it seems unlikely that a majority of Windows 10 users will replace their hardware between now and October. It also seems to me that the scenario where a majority of PC users are running an unsupported Windows release is likely to create MS more problems than is offset by potential revenue from a hardware refresh cycle. Is there an ulterior motive at play beyond wanting to create a hardware refresh cycle?
I would it is a combination of metric-stuffing, land grab, and genuine concern about security.
Metric stuffing. Everyone at Microsoft is graded on "impact". All the EVP-types at Microsoft have their eye on boldface jobs, so they need a track record of massive impact. Beimg able to claim that they got W11 from X billion devices to Y is how theyll be judged. Another example is how in Azure, the only metric that matters is consumed revenue. That sort of thing drives behavior.
Land grab. W11 infamously makes the Start menu a billboard and has all kinds of usage data going back to the mother ship. If adoption slows, then Microsoft misses out on eyeballs, misses out on the ability to weld users to Copilot, misses the opportunity to earn money from ads, misses the opportunity to improve Windows by learning how people really use their conputers.
Security. Windows is embedded in modern life and although Microsoft gets a lot of flak, (and sometimes it takes a major beating to remind them of their responsibilities), they do want to elevate the security of users. They believe that W11 and TPM will give them a basis to really deliver stronger services. I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
Then again, I plan to use this opportunity to install Linux on my old PC.
Ironically, TPM requirement comes from the same company that invented logging your screen every few seconds and storing it unencrypted and without your consent.
> I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
One particularly generous view is that the TPM requirements catch PCs up with the TPM requirements of modern phones. (Both iOS and Android have had very strict TPM requirements for a while now.) With a lot of industry interest in moving to hardware security-backed Passkeys to replace passwords, it would help to have PCs on an equal security footing with phones.
Passkeys are a pretty big deal to reduce home user exposure. Phishing and all of its variants are as much or more a home user problem as ransomware.
Passkeys are a multi-vendor standard. Because Windows is no one's phone vendor today, it's generally a good idea that Windows has strong Passkey support because it can be an intermediate between the two major phone vendors and help even average users avoid vendor lock-in by pushing a majority of users to try keeping keys with at least two vendors (their phone, and their Windows device) in their common accounts.
Your first two reasons are why they're discontinuing support for Windows 10. The intention to drive Windows 11 adoption is inverse to disabling upgrades, because then some of the people without a supported PC won't be able to afford a new one and will switch to Linux or continue to run Windows 10 unsupported when they would otherwise have installed Windows 11 on it.
And the security reason is nonsense because as you point out, the overwhelming majority of Windows security problems are in no way improved by a TPM.
The most likely real explanation is that Microsoft is constantly at war with itself and the manager currently occupying the relevant coign of vantage finds it to be in their personal interest for some muddy reason having to do with internal politics.
There's a pretty interesting video from 2023 that goes through much of Microsoft's thoughts around Windows security. It flew under the radar unfortunately:
- Windows 11 has provided a hardware security baseline for Microsoft, with features that require hardware support (HVCI, TPM etc) to be enabled by default going forward, stating that Windows 10 strategy of off-by-default was a failure.
- Admin accounts are a continued security problem within the Windows ecosystem, so a future version of Windows will be adding a new "Adminless" account model with linux-like just-in-time escalation. This new model intends to provide a secure middle-ground between the frustrations of a standard user account and the security risks of an Admin account. "Adminless" accounts will run as a "less privileged" user by default and prompt users with Windows Hello when an application requires escalation for a given operation, rather than permanently running the account as a standard or admin user.
- Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP. Developers will be able to specify what privileges an application requires, much like other application platforms. A demo was shown of Notepad++ running under this sandbox model with minimal modification.
-TPMs within the ecosystem are not in a healthy state, with telemetry telling Microsoft that many are running vulnerable firmware due to manufactures not pushing out updates, and some being inoperable due to hardware failures or other issues. Microsoft is working on its Pluton security chip to replace/augment the existing TPM ecosystem and have the ability to push out firmware updates via Windows Update.
- Software/Hardware mitigations are reaching the end of the road in terms of viability. Microsoft is now focused on eliminating classes of security bugs with extensive R&D going into the use of Memory-safe languages (Rust) in areas of the system that exploits often appear in.
> a new "Adminless" account model with linux-like just-in-time escalation
This was the promise of User Account Control, was it not? Or does that just prompt for confirmation for various actions, without actually enforcing a security boundary?
The way I read it, the difference between existing UAC and "Adminless" is that the user is always in the Administrators group and UAC just unlocks an Administrator token/ACL temporarily to bestow the actual powers of the Administrators group. In "Adminless" the user is only a less privileged/low privilege user, a new system-managed Admin User is created, and the new security boundary prompts instead of unlocking a temporary token/ACL are more "runas" the system-managed Admin User. It's similar to Linux sudo sending commands to the root account, where Linux doesn't have a token/ACL model that allows temporarily upgrading the existing user "in place". It's also similar to how Windows Admin security was managed pre-UAC in places that separated standard accounts and Admin accounts, and similar to how many corporations still manage security, with the difference being that the new "Adminless" admin account is system owned (like the various internal service accounts), supposedly does not allow interactive login, has no password only a hardware security key (hence why the new security boundary requires Windows Hello unlocks every time, versus UAC can be as subtle as Yes/No, depending on configuration/group policy).
"Adminless" is a funny name given that there's still an admin account involved, it's just an admin account that is much more than before not a user account but more like a service account.
UAC provides just-in-time elevation. The user belongs to the 'admin' group (aka wheel) and only receives an admin token when performing a task that requires elevation. Once the task is complete, the token is destroyed.
> Once the task is complete, the token is destroyed.
It's less granular than a task though, it's an execution context. If you're running Notepad++ and it wants to update, it requires an elevation. The installer is now running in an admin context and can do whatever it wants, once it's finished installing it usually asks if you want to launch Notepad++ again. At that point the installer running in the admin context can launch Notepad++ within that admin context.
Thus there's a potential for the admin context to persist indefinitely.
In my mind, tasked based elevation is more granular. Something like "I need to write to the program files directory" and not a carte blanche "gimmie admin access to do whatever the hell I want".
Sorry, I'm confused. I can't figure out from your explanation how the new adminless just-in-time elevation is supposed to be different from UAC's just-in-time elevation?
UAC is per-process and monotonic. Once elevated, the entire process stays elevated.
The new model is per-operation. Even if the same process has been allowed to elevate before, it must ask to do it again. I don't know how granular this is, and whether there's a grace period like sudo.
However, the biggest problem with UAC was that it was considered too noisy for the end user, leading to people just blindly accepting every dialog and Microsoft turning down the default level to the much less secure "don't always prompt". I don't know how this new model will address that problem; naively, it seems to be worse on this front.
Huh. In that case, the upthread commenter likening the new model to being more "linux-like" seems confusing.
Given that they didn't mention which Linux security model the new system was like, I presumed they meant the most commonly referenced model for performing administrative tasks: sudo/doas - which elevates a process for its entire runtime.
But if it's a per-operation model, I guess they might have been comparing it to the "desktop portal"/"policykit-dbus" model instead? Which does kind of fit, but I don't think is the security model that most people think of when someone says "linux-like just-in-time escalation"?
> Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP.
Wow that thing they probably should've been doing in the first place. I'll be curious if it'll end up as a supervisor (AI) model or if each program will have its own scope of a file system. The latter of course will be very tricky with how intertwined legacy software can be for file and registry access.
I don't think there's anything going on here other than general corporate ham-fisted-ness.
* Microsoft believes the improvements in windows 11 provide genuine benefit to their users.
* Microsoft doesn't want to maintain their older OS forever.
What we are seeing play out however is that the consumer / small business market either does not understand or does not care about those benefits. I don't see any viable end-state for this other than Microsoft relaxing the requirements for Windows 11 or extending the end-of-support date for Windows 10. Based on this action my money is on the latter.
Depends why you want to get users upgraded. If you want your users to be upgraded so they have access to security improvements, and those security improvements require TPM 2.0 or whatever, then allowing upgrades on older systems without TPM 2.0 rather undermines the point of getting those users upgraded.
Substantially the entirety of the legacy hardware support cost is for accessories, i.e. PCIe cards and USB devices. All of that still exists and people will continue to expect to plug their existing devices into their new PC and have them work.
"Well you see..."
<starts waving hands around wildly>
"If you debase your current OS, you PRIME people for the next OS, Win13!"
<speech devolves into gibberish at this point>
But on the other hand there are valid reasons for requiring a minimum baseline for Windows 11.
The TPM requirements for example allow seamless BitLocker (which provides feature-parity with macOS), it allows secure system credential storage (in both consumer and enterprise contexts) and it's also useful for application developers. For example Chrome can defend user data better against malware or provide features like Device Bound Session Credentials (DBSC).
Requiring certain CPU features on the other hand makes it easier to ship better-optimized executables.
The two combined make it possible to provide things like VBS/HVCI, which is a massive leap for Windows security (it's actually considered a security boundary, unlike UAC).
The number of functioning computers that are restricted to Windows 10 probably still outnumber the number of computers that can run Windows 11. Most people don't have $500 to drop on a replacement. (Very many of these computers might've been thousands of dollars new and will still outperform the majority of new Windows 11 machines.)
Microsoft is just putting a huge environmental waste of a mandated obsolesence tax on the entire world. But Microsoft doesn't pay the opportunity cost of losing all that hardware. (I wonder how much the hardware Microsoft wants destroyed is worth, hundreds of millions of dollars?)
Sure and the number of computers that can run Linux outperform them both. Maybe you don't need W11?
I also don't think the share of TPM-less computers out there is actually that significant. Most laptops have shipped with one for a long time. Desktops that lack one can often buy one. Which is way cheaper than a new PC should you need W11. (I also suspect there are options way cheaper than $500 as well.)
Saying that not being able to run W11 turns something into e-waste is frankly rather crazy. Neither do they want that hardware destroyed.
There is still a lot of quite useful hardware that isn't supported. For example, the first gen Ryzen is apparently not supported, so then you're having to replace e.g. a Threadripper 1950X which has 16 cores and a 4GHz turbo. A new PC with even equivalent performance would be $600+ and a $500 new PC would be a downgrade.
There is also plenty of hardware that isn't fast but is being used in a situation where that doesn't matter. Some Haswell quad core being used for web and email could continue to be used for that indefinitely. That is old enough that it could be replaced with something newer for less than $500, but the entirety of the replacement cost is still lost money because it otherwise wouldn't have had to be replaced at all.
Allowing old devices without those TPM requirements to work would not limit security of the devices that can work with it.
Sooner or later, these non windows 11 compliant machines will mostly disappear from most households and offices and will only attract retro computing and linux users when they will not match the usual memory requirements of the day. These are usually the kind of computers that came with 8GB or less of memory out of the box and they could quietly drop support for them somewhere later within the next 10 years when everybody is running 128GB of ram or so and only a handful of people care about it.
I'm fairly sure that you'll be able to run W11 without a TPM for a relatively long time, it's just not supported. It's a risk you have to take, it's a requirement for OEMs not to shaft you with the hardware they sell.
If anything it's the CPU requirements that create a hard requirement for newer HW. But in that case, that support is a cost for them. Why should they spend the effort for what is likely going to be a very subpar experience?
As an Occam fan, I'd assume the main accomplishment is ensuring a minimum level of hardware capability for Windows 11. Anything on W11 will have a TPM so you can build around it. There's also a minimum CPU spec or whatever you can know you don't need to test under.
I'd imagine that cutting off support for 10+ year old machines and hardware would give a much bigger advantage then the revenue they get from a hardware refresh itself.
Ensuring that a critical mass of people use remote attestation[0] capable devices.
The next step is a browser API[1] for this so that content owners can exclude devices capable of storing the content, or stripping out ads/tracking, etc.
Sure, there will be a cat-and-mouse game where people will figure out how to fake the attestation for some period of time, but general computation[2] is probably on the way out.
It's pretty obviously two middle managers fighting each other, and senior management is too distracted by AI to worry about core products being on fire.
Be thankful you've never found yourself involved in the Microsoft system of APIs. They behave beyond irrationally. Perhaps somebody can explain why from an internal view, but from an external view it's like this - WPF was one of Microsoft's first UI frameworks released after the Winforms age. It was initially Windows only but had a large enough following that it eventually ended up getting non-official ports to just about every platform. And it was really quite an excellent UI library.
So then Microsoft decided to follow this up with UWP. UWP was the intended successor to WPF, the 'Universal Windows Platform'. It was supposed to run on any Windows platform. But then the Windows Phone got cancelled, and they also eventually cancelled all support for anything except Windows 10. So it turned into the Windows 10 Platform. And it was heavily tied into the Microsoft store to the point that actually deploying it elsewhere was rendered infeasible. Outside of that it was a technically inferior WPF with a few nicer looking default UI elements and a bunch of new bugs. Oh and some namespaces and other things were changed mostly pretty randomly just enough to make it completely incompatible with WPF.
And then this process repeated multiple times over. Each time they lost more and more developers. If they had simply continued building on WPF I think they would likely be a universal standard for UI development, at least for desktop. Instead they're now onto WinUI 3 which nobody uses, including Microsoft. Oh and all the while this was happening they were also developing Xamarin (and similar timeline of a million subsequent renamings and 'refactorings') which is pretty much the same thing, but different, and cross platform, but not.
I'm the sort that'd naturally leap to conspiratorial explanations - Microsoft pushing anything called "trusted" feels like a rusted van with darkened windows sitting outside a school with "FREE CANDY" sloppily painted on the side. But in this case.. no, Microsoft is just so completely weird and irrational with how they push things, often to the point of self defeat.
all of Microsoft's UI is like this and I really don't get it. Forms, WPF, and UWP were all abandoned at different stages of development.
Microsoft ships a UWP demo repository which includes the most fully functional Bluetooth manager anyone has ever built for W10. The stock Bluetooth manager has maybe 10% of the functionality. It's also fundamentally broken in a lot of ways. But this UWP demo they have should have been the stock app. It's wild.
Then of course you still have 50 year old UIs hiding in the lowest levels of the control panel. You can dig through the archeological record on your own pc and look at Win3 UI designs. It's astonishing.
At this point, I don't know anyone who uses any of Microsoft's UI frameworks for a real product. It's either QT or Avalonia or something. Who would ever trust their newest framework when every prior framework was abandoned half-finished and left to rot for years?
If you think of how much hardware is capable to run it but they're artificially blocking, it's also rather morally irresponsible from the perspective of e-waste.
Why not release a tool that runs and shows me the minimum I need to spend to get my PC windows 11 ready? Hide it behind a few menus/drop downs since it will be an "advanced" pc-builder tool.
I imagine it's only my MOBO which is missing TPM, but a suggestion of what mobo to buy which would be compatible with all my other components (RAM DIMMS, PCI-e cards) would be killer.
I couldn't boot a W11 installation USB drive on my newly built PC despite using the official MS tool to write the drive. Fiddling with secure boot options for an hour, even updating UEFI were all for nothing. I said "screw it", loaded the image with Rufus, and it worked on the first try, with the added bonus of MS account bypass.
I get the joke, but on the one hand Debian isn't the most user friendly option; on the other systemd is another monolithic potential problem. I suppose Devuan would be the recommendation I'd give instead of Debian; roughly the same, no systemd.
The requirements for Windows 11 has really put computers with older hardware in a difficult spot.
They are used to Windows so they want to stay there, I want to suggest Linux Mint but I am not aware of how much of the apps used daily is supported in Linux.
I recently found out that a friend of mine installed Linux on his own, completely removing his Windows install. And he has yet to "fiddle with the terminal", but still enjoys gaming on Steam and goes on with his daily routine.
One thing I've observed is that people who started using Linux a long time ago (which is my case) tend to slide into the command line, even when there's a perfectly good GUI alternative. Want to rename a file? Why use F2, just open a terminal, cd to the path, and mv the file.
Newer users who started with the GUI are less likely to have these habits.
It's a hard learned lesson that the UI tools can fail you at some point with Linux. At which point you are going to have to resort to the command line to fix it or just reinstall everything from scratch. A lot of people do the latter. Learning to fix things will get you familiar with the command line in a hurry.
I use a tiling WM, I'm always certain that Workspace 3 and 4 will have a terminal open, and from there it's just using lf (tui file manager). I don't have a GUI file manager installed.
For me personally it depends on what's the most convenient at the moment.
I've played around with Debian for several years using it for small little servers. They do not need to have a monitor connected, so i never use a gui.
When using my Steam Deck i don't have a keyboard and the virtual keyboard is kinda annoying, so i use the gui.
I can't seem to get used to work with a Debian installed laptop. I've tried many times, but i don't see a daily beneficial goal to use Linux, mostly because i'll always get Windows 10/11 working :)
I've been using Linux for 25 years, there were file browsers and I believe F2 did rename. I rarely use them, but then it's rare I want to rename a file. If I want to do something larger, it tends to be using things like "find" or at least "mv * /tgt".
The terminal is easier, allows for calm editing and reviewing, sharing the procedure, and is way more text-friendly than GUI file managers.
If you don't know how to do it, then yeah, you'll probably use a GUI manager. But those people will probably learn how to use a terminal if they do something a lot.
> The popular distros are just as functional out of the box as Windows, but no one knows it.
As always, it depends on what the user uses the computer for. Not everyone can run Windows full-time, as some applications don't work on Linux. I am a full-time Linux user for decades at this point, yet I still use applications that only run on Windows and are too latency sensitive to run well through a VM (and don't work at all via Wine).
Maybe though, these applications could get some love if there was a PR campaign for people to move to Linux...
Valve expanding steamos compatibility might be the closest we're getting.Hopefully their flavour is viable for a variety of computers by windows 10 sunset date.
In my experience, it is not about functionality. It is about polish, integrations, and troubleshooting. If you assume all your devices and software will work on Linux mint out of the box, great. But they won't. Then you end up spending hours trying to get the 5th mouse button to do what it does automatically in Windows. Sure there's a fancy utility on Linux that supports programming that mouse, good luck getting your mother to figure that out.
I think it's about habit more than anything. People are used to Windows' sharp edges and have developed workarounds (just reboot it).
But no, the experience is nowhere near "polished", and troubleshooting is a joke. "Something unexpected happened" or "contact your administrator" isn't exactly helpful. Sure, there may be some log somewhere in that godawful event viewer, but who has the patience to wait for that abomination to load? And then to go spelunking in the millions of categories?
Windows is hands-down the most annoying and janky computing experience among all my devices. I put up with it because I like Photoshop, and since I have PCs lying around can't justify buying a MacBook (plus Linux works well enough for all my other needs).
HiDPI support is a joke, with windows showing up wherever they want, the start menu becoming blurry, taskbar menus appearing at random locations on the screen. The windows jump up and down when switching virtual desktops. Windows appear as active, complete with a blinking cursor and everything, yet won't register text input until I click on them. I could go on for days.
"Just reboot it" is 1000x more polished than having to jump into the terminal or reinstall your OS (both of which are 100% inaccessible to the average user). Troubleshooting can be done by googling your issue on Windows whereas Linux has dozens of repos with that all require different troubleshooting steps on much more niche websites that won't come up on the first page of google while the average user doesn't know what the hell a GNOME or a KDE is.
Windows wins 100-0 in terms of polish in the eyes of the average user, and that's saying something given that it's not very polished as you said.
Please. The standard for fixing Windows has been to backup and reinstall the OS for as long as I have used it. You can spend days trying to fix a problem with the OS, or just reinstall it in a couple of hours, most people go for the quick and easy reinstall. This is standard for phones, tablets too, since you can't actually even attempt to fix them.
Since Windows 10, I've had good luck with repairing installations using dism rather than reinstalling. And if you were planning to set the customer's computer up to be identical to the way it was before, doing an in place repair can save time.
This seems to be my experience too. The "linux is a great simple windows alternative" attitude works great so long as your usage follows well trodden paths, but otherwise you end up in the weeds quickly.
The kinds of usages that consumer windows has had and the software ecosystem that's promoted for 3+ decades compared to what has been developed for linux affects this too. Windows is extremely broad in all the software available for all the little utilities users are going to look for, and hardware it's going to need to support (and support well). Even trying to pull windows applications that don't do anything too complex over to linux via Wine is very much a YMMV area. It's impressive what has been accomplished and the recent rate of progress, but there's always more to do so it's not an awkward, poorer version of doing the same task in windows.
The aspect I wonder about is what proportion of the 60% of people still using win10 are actually aware or care about it going end of life, assuming windows doesn't auto-update to 11 for them any EOL warning will just be swatted away like most other annoyances so they can get on with their intended task. Getting that type of user to switch to linux seems like it'd remain a herculean task.
I second this. A lot of technical people struggle with Linux, and I think a lot of that is because they have a way of working and they want to force whatever they use to work like that. While less technical people just use whatever they're given. My father and my grandmother both use Linux, and they don't even know it and there are no issues.
I do IT for free for anyone in my city (its small), and I tend to just give people elitedesks with Linux on them to replace aged Walmart PCs. YouTube and email is what most people do at home, that and Amazon/whatever.
I got to thinking in this thread I can even convert the "gamer" types to Linux - I need to make sure Facebook games work on chromium... And show them Steam.
Right, it's better to dictate how things should be when the user doesn't care and doesn't have the background. Which is probably why most people in the category are using iPhones and Chromebooks, not Linux mint.
Have an older device? It maybe didn’t come with WiFi, or came with an older card you replaced with a better one. Better hope the distro and version of that distro you picked has a kernel with drivers already baked in!
Otherwise it’s off to some random git following some random “download this source” and oh wait I’m not connected to the Internet.
Well, latest windows 11 installer doesn't detect my laptop's touchpad nor trackpoint, nor wifi adapter. Sure, I usually have a mouse lying around which works, but not a network adapter. So I had to go look up on the internet how to convince it to go past the installer without insisting on connecting to the internet. Spoiler alert: it was some obscure command in the terminal.
This is a 2020 full-intel, basic enterprise machine, nothing fancy. Worked fully out of the box under Linux, including sleep. The display output was borken for about a year under Windows (wouldn't output 4k@60 without doing a stupid plug-unplug-replug-just-at-the-right-time dance). At one point, installing the latest driver from intel worked, but Windows would helpfully "update" it to an earlier, borked version every other day.
My point is that the current hardware situation seems pretty much hit-and-miss, and figuring that running windows to avoid fiddling with drivers and whatnot isn't such a sure-thing as people in this thread make it out to be.
I know the jungle of PCs has some strange beasts in it, but I still suspect that there is a very strong Pareto curve, even considering the kinds of PCs that the stereotypical retired parents have. If Ubuntu (say) decided that they were going to release a version for Windows refugees,they could probably mop up 75% of the market by focusing on Dell hardware and Logitech peripherals, and get to 80+ with HP and whoever the number 3 vendor was. Leave the 2005-era Packard Bell junk to Windows, define the base level, and partner officially with these vendors to get access to their build sheets and specs to deliver a solid path out of Windows. It could be done. (It wont be done, though, cos theres no money in it)
I've had very much the opposite experience with old wifi dongles and the like.
I can think of only one example where it was the other way around...but at least i got it working.
> The popular distros are just as functional out of the box as Windows
Give me some names that works out of the box and resembles Windows. I have not tried Linux mint so I don't know how well it works for older people. Ubuntu has been quite good and stable but it has also required fiddling with the terminal.
The only one I found to be the best alternative to Windows is ... believe it or not, DeepinOS.
Because if you wish to convince people they should switch from Windows, that's a very important factor. People do not like change, and they want the skills they have to transfer over as much as possible.
This is a bad idea. You can make Linux look like Windows on the surface but people are going to then be surprised and frustrated when it doesn't act like Windows, it will come off as cheap imitation. People get confused about the idea of something as simple as the concept of a single root file system, they will not understand that coming from a world of C, D, and E drives. It's best to make it look foreign to them so that they don't have their expectations subverted when they realize it actually is a fundamentally different operating system.
My parents would break down in panic if they did as much as moved a single icon to the left on Android phones. To them it was almost as if they broke the phone.
I can't speak for every single one of them but I can say that some of them probably did it by choice and was prepared to handle the friction in the beginning until they get used to it. I know lots of people who switched from Windows to Mac where power users / had good computer habit.
However, I don't think some of the older people are willing to go through all that. I wish to see an easier option for people who wants a smoother transition from Win10 to something else, especially now since Win10 is being discontinued october this year.
I gave my husband Manjaro and he's fine. I gave him a shell script to force update discord (ugh) but he only has to double click it.
People like to freak about how arch isn't for newbies but honestly it's fine. I find it to be just as stable as Debian.
But let's be real, aside from gaming, 99% of what the average user does with a computer is open a web browser. Dekstop apps are secondary. If you put a Firefox/chrome button in the task bar, you've covered most user requirements.
Power users who actually need a bunch of proper desktop applications have a different set of needs. It's impossible to generalize, but a very large fraction of those users would probably be happy with the Linux alternatives, or wine and proton. A lobotomized W10 LTSC VM is also quite usable.
most users won't know or care they're on Linux if the browser works.
There are too many distros. Even the Gnome/KDE split has been unproductive. Desktop linux would have done better with more resources polishing a single product rather than making 20 half-baked products.
It does if every comment saying "Just use" has a different arcane incantation after it, and three comments under it saying why that specific version sucks and you should actually use something else.
They don't though. The recommendations for new users are nearly universally to use Debian or one of its most popular derivatives like Ubuntu or Mint, which are all very similar to one another and share the large majority of their code.
It's like saying Windows has too many versions because there is Home/Pro/Education/Enterprise and then 23H2 vs. 24H2 etc. There is barely any difference between them.
The distro wars are a bunch of programmers arguing about which one has the best toys for power users. Any of them will run a web browser and the boring popular Debian Stable or LTS derivatives are the ones least likely to deliver unscheduled maintenance as a result of an update.
My 8 year old uses an i3-7350k, which I'll admit is probably the best cpu Intel ever put out, but I built it before he was born, I think. It has a 1050ti, an NVMe and a spindle.
I never have to mess with it, it just works for him. Win11.
Still feels like the solution here is just using Windows 10 IoT LTSC to avoid all this madness. It's a bloated product that feels worse to use than Windows 10, plain and simple.
LTSC doesn't come with Microsoft Store installed (a pro or con depending how you look at it), but it can be installed by running "wsreset -i" in Powershell.
Bonus: LTSC gets extended security patching support lifespan.
I’m nearly 100% migrated to Pop. MS gave lots of warning, but I still have a VM on 10 for a couple apps I rarely using including Office in case I absolutely need it. Hoping that Steam Console is real.
For work, I am stuck dealing with 11. There are many things I hate about 11, but why is it so damned slow and laggy on a brand new Copilot PC? File explorer is like loading file lists with a 2400 bps modem, and Office apps take far too long to load. It’s absurd how bad it is, and I can’t figure out why.
I’m getting old, I forget why I load an app before it loads…
The first app I grab for any Windows installation is Everything from VoidTools [0]. It is simply the best, fastest way to find anything on a Windows computer. If you know any part of the file name you are a few keystrokes away from locating it on any indexed disk that is connected.
Since this is a work PC maybe you don't have the option but if that's the case you should talk to your IT nerd and get permission. Also, make a donation. Great software like Everything is worth buying.
Does TPM support/requirements actually have any meaningful impact on a home user? I could understand being a requirement for Windows 11 Pro (which I believe has Bitlocker, but Home does not). I don't see why it would be required for Home, maybe some features just wouldn't be available, but are those features that people actually care about?
If I'm not misremembering, Home can use BitLocker on W11.
The existence of a TPM also lets DPAPI use it, which in turn lets things like browsers and other software protect user data (from malware for example). It also makes new features like Device Bound Session Credentials (DBSC) possible.
But there's also VBS and by extension things like Device Guard. Which in turn entails things like ESS (Enhanced Sign-in Security, more secure biometric auth), Trusted Boot, HVCI, Credential Guard and so on.
DRM is like the last thing it's actually good for, if you actually look into it.
Microsoft has made device encryption available to Home edition users if they sign in with a Microsoft account. It relies on the TPM to seal the volume key.
> Does TPM support/requirements actually have any meaningful impact on a home user?
Disk encryption, Windows Hello and PIN bruteforce prevention. I have no love Microsoft and avoid using Windows whenever I can, but I think making those features accessible to more people is a good thing.
I was under the impression that Bitlocker wasn't available on Windows Home?
If you have an older computer, without TPM 1.2/2.0, then you already don't things like Windows Hello, but you might have secure boot and some brute force prevention, so you wouldn't be worse of as a home user if Microsoft allowed you to run Windows 11.
For new computers I can completely understand that Microsoft would demand that vendors ship systems with TPM 2.0. For upgrades I just struggle to see any really compelling reason, it's not like Apple where Microsoft is trying to also sell hardware, that's mostly on the OEMs.
As of Windows 11, you can use Bitlocker on Windows Home.
(Personally I think you probably shouldn't bother with it unless you set a boot PIN, which still requires Pro to be allowed to change the right group policy settings.)
There are none. It's so immensely frustrating to me that so many people believe that a TPM is a DRM device. I'm sure Richard Stallman's Treacherous Computing article played a big part in this.
A TPM is useless for DRM, and there are way more suited solutions like Intel's PAVP that takes an encrypted video stream and puts it on the screen directly, yet I don't see nearly as much uproar about that.
In a sense, graphics cards are the root-of-trust for PC-based DRMs (as they implement the necessary components such as HDCP authentication), not the TPM (which is useless for this task). In fact, PlayReady (which is Microsoft's DRM solution) does this exact thing: https://learn.microsoft.com/en-us/windows/uwp/audio-video-ca...
(...or use things such as the already-dead Intel SGX, which never touched TPMs at all)
It goes TPM → OS Integrity (dm-/fs-verity) → Browser Attestation (Web Integrity) → Your banking website no longer working on Linux because of "security". It’s Play Integrity for the PC.
Encrypted video is a red herring. The real long game is to also get your "secure" video player to refuse playback if it detects watermark in the pirated video. This patches the analog hole.
If you have attested Windows it can just refuse to download "freeworld" VLC because it can be used for piracy and/or even watching child pornography. Imagine that!
Of course you can use Linux instead but now you have to use the approved distro that also won’t let you run "dangerous" apps.
This is of course slippery slope argument and Microsoft would not be able to force all that right now, but better get started on the foundations. Some future government can then just force them to implement the rest, but by then it will be just a flip of a switch.
"TPM is not DRM" argument seriously lacks imagination.
Google SafetyNet is basically swiss cheese with lots of bypass solutions for custom ROMs.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.
And that’s why Play Integrity is based on hardware attestation and it is no longer a swiss cheese? And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
If all DVD players came with watermark detection instead of copy protection you wouldn’t have bootlegs because now every single client device needs to do the bypass instead of just once to extract unencrypted stream.
How many people have bypassed or hardware modded Playstations or Switches? This is what you’re talking about. Almost everyone will just accept it.
> If all DVD players came with watermark detection instead of copy protection
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?
How would you do it if this was the goal? First you introduce TPM to every device under the sun until it’s everywhere, then you just have to flip a switch. You write Patriot Act then stash in the drawer until it’s time...
> you can happily sideload apps.
This is extremely weak argument when the other major platform does not let you do that, right? Sideloading could go away at any moment just like that. That’s my point. There’s nothing technical stopping it.
> People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit.
Already Windows has: Smart screen (which requires code signing) and app store. Locking down the OS and Apps is hardly unprecedented. Both Windows and MacOS now have developer modes which is a software devkit equivalent.
> Without a mass exodus to Linux?
That’s why you wait until mass adoption (win11) only then start boiling the frog.
Look, I acknowledge this is slippery slope argument. But the slope is very slippery. Something is clearly going on.
>And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
>You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
There's no need to "lock down the OS" when there's already a locked down OS on the CPU itself (intel SGX), is way more secure (because it doesn't have a bazillion userspace programs and third party drivers loaded), but for whatever reason gets way less flak than TPM.
Intel SGX was never pushed on anyone and it's also Intel only Skylake to Ice lake and requires vendors to provide consistent firmware updates to stay secure. You can’t run the entire OS in SGX enclave because it can’t do I/O on its own.
> There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
Considering that's the only way to play most DRM protected 4K videos, it's probably more of a "push" than requiring TPM. It didn't even have the fig leaf of being usable for FDE or webauthn.
>No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
You can just not buy blurays, they were never popular on PCs anyway. TPM is being pushed on everyone upgrading to Win11. One is opt in, the other is maybe opt out if you jump through hoops, for now. Very different. Also you can do other things with SGX though admittedly it’s mostly useful on servers, but you would still use SGX indirectly via remote attestation. E.g. it’s what Signal uses for some of its core functionality.
> If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
Again, missing the point. Denuvo, Widevine, whatever, it’s all weak to crack once & enjoy but only if you control the OS. The Great TPM Conspiracy Theory is about limiting what you can do with your mainstream Windows/Linux/Macos installation, in the ways I’ve laid out earlier. Taking the ‘P’ out of PC.
> The purpose is to prevent users from running unauthorized software on the computers they allegedly own.
I've maintained for several years now that the actual corporate wet dream is that they can lock down the average PC architecture/OS to the same degree they have on phones. Because unfortunately, in the phone sector, the market has already shown the majority of users don't care who really owns their devices.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
Buy a Mac. You'll see that corporate dream come a reality. Immutable OS partition. Security prompts that can no longer be bypassed. Binary signing requirement. It just keeps getting worse and worse, for a power user.
May be "certified UNIX" (when you look at it funny), but it feels like no freedom-loving UNIX-style system I've ever used.
You can turn all that off if you wanted to. OpenCore Legacy Patcher will build you a kernel with the SIP flag mask set to 0xFF, ie, completely disabled.
I can't remember if this was Valorant related but I recall an article voicing concerns that physical hardware in PCs being used to identify users to ban and that the ban would persist when you purchased a used motherboard. Not a great general concern to me for games but the idea has much more sinister potential than just that.
There’s an embedded immutable Endorsment Key (EK) sometimes along with public crypto cert (EKCert) signed by manufacturer the TPM can use to prove its authenticity. With the certificate you can detect the QEMU case.
Widevine L1 requires a trusted execution environment for decrypting video and only showing it on HDCP monitors. It's built on top of Intel PAVP, AMD secure display, or ARM TrustZone in the case of ARM chromebooks and Android devices. TPM is not involved, except in the ARM case where I believe it is used for antirollback counters (on x86, the security coprocessor would probably have that responsibility).
SGX is used for DRM in official Blu-Ray 4K playback on PCs, and Intel removed SGX from client cpus in 11th gen (Ice Lake) which means if you want to play those discs on a PC, you either need an older processor or a Xeon or to give in and use unauthorized software.
I'm not sure that tying their horse to SGX is good for adoption of the format.
Given trends of everything going subscription-only, is it unreasonable to suspect that the future of Windows could be subscription-only and a lot harder to pirate than previously?
If you don't dismiss my comment as the comment of a corporate shill, you might learn something, and in the future that knowledge may help you. I don't know, I can't predict the future, but I do know that ignorance is dumb.
> Remember boot-sector viruses? The TPM helps prevent those. DRM is not something that the TPM enables or helps with or facilitates in any way.
¿Porque no los dos? As noted elsewhere in this thread, TPM certainly facilitates VBS [0], and games like Valorant are already using that for anticheat [1]. As long as application programs can use it to help detect the environment being 'tampered' with (as opposed to the system just wrapping it up in a report for the user), they can use it to protect their particular application state, and I don't see why that shouldn't include DRM state.
I run 3 old and one modern PC at home. With the advent of Win11 and the TPM fiasco 3 years ago I sunset all my Windows installations in favor of Linux. After some experimentation I settled with Void Linux. Stable rolling release, and I have complete control over the hardware I own.
Microsoft can go kick rocks...
I wonder if there’s any room for a manufacturer that would make an untrusted TPU. Like, one that quacks like a TPU, but has will sing like a bird if you ask for its keys. Violates all of the security guarantees? Yep, you bet. But it does provide some insurance against an industry that might want to use TPUs against us (e.g. DRM).
You can install Windows 11 into a virtual machine with a virtual TPM, and it will detect and use the vTPM the same as it would a physical TPM on real hardware.
Such a manufacturer's attestation key would quickly be considered untrustworthy and their TPMs unattested. An unattested TPM will be ignored by any DRM or anti-cheat use-cases.
As has been pointed out here before, this is all TPUs. They are not used by DRM vendors because they are quite bad at stopping people with physical access getting the keys.
I don't know how accurate StatCounter is, but their latest report is showing the breakdown of OS users as:
- Windows 11: 36%
- Windows 10: 60%
Using Steam Hardware survey, it shows:
- Windows 11: 53.46% (-1.50%)
- Windows 10: 42.87% (+0.48%)
Whilst these numbers look very bad for Microsoft, especially given that we're less than 10 months away from Windows 10's home user support, it's potentially even worse if the data is correct and more people are reverting to Windows 10. Reasons I can think of there might be due to some of the recent Windows 11 updates harming performance in applications, notably many major Ubisoft titles.
I'm still on Windows 10, for two reasons. My motherboard does not support TPM 2.0, and I have not had any reason to need to upgrade given it still runs everything I need perfectly. Secondly, I have not seen any reason to go to 11 from 10; I don't love 10, but 11 doesn't seem to fix any of my issues, if anything I see many worse features.
I build and sell a product that is meant to talk to a windows host over Bluetooth.
My application does not work at all on W11. The Bluetooth stack is somehow even more broken than W10. It's to the point where we're developing our own wireless dongle to bypass this entire mess.
Microsoft has forcibly installed W11 on our test machine three times and every time it's completely broken and we have to revert.
My (unsupported) desktop PC is an AMD Ryzen 7 2700 eight-core CPU running at 3.2Ghz with 16GB of RAM and 2TB of SSD storage. It handles Windows 10 Professional but is apparently incapable of running Windows 11. I don't have a Webcam, but maybe face ID login is now mandated? It will be something stupid like that. I have no interest in replacing this machine though.
Recently moved to re-imaging many of the PC's that I mangage to Linux and so far has gone way smoother than I would have anticipated. Heavily considering moving two entire PC labs at another building to Linux as well. Not sure what Microsoft is thinking this go around Windows 11 has been a disaster. You essentially have to pay more to get a clean, stripped down version of the OS that is manageable.
Most of my machines are 12th gen Intel and they meet all the requirements for Windows 11. However frequently Win 11 updates have caused annoying boot loops, reset preferences, problems with apps already installed and more.
These are Dell Precision workstations so you would think they would have pretty good compatibility with Microsoft... but alas disappointed is the best word I can use.
As a side note, Windows Server 2025 appears to share the OS base with Windows 11, but it doesn't seem to have the same requirements of CPU/TPM? Or am I wrong? (not that I'm suggesting to use Windows Server as a client OS, especially given its price tag)
I suspect this is because servers have a more predictable refresh cycle than consumer PCs/desktops. While some places run their servers to death, many places (particularly big corps who are generating the most revenue for MS anyway) will retire servers at the end of their warranty period and buy new ones.
Given that, there is not the same need to force hardware updates. That said, it also illustrates how the TPM requirement is a business decision, not a technical one.
Not that it doesn't happen but I've worked in datacenters, including our favorite clouds, and cdn/video architecture for 15 years and have never seen servers replaced on any cadence that wasn't us losing a customer and me sticking a quad core xeon under my desk.
These are $10k-100k+ servers. My multitenant/offload capable NICs are usually $10k-25k themselves.
Same with windows 11 iot eneterprise. It's just the regular Windows 11, but without tpm and specific cpu requirements. Anything core i from intel works
Deleted from the documentation (and I'm sure the archive remembers), not the codebase. As anyone who has been in the Windows world long enough knows, there are plenty of such "unofficially documented" features.
TPM 1.2 is only guaranteed to support SHA-1. That was a baffling inadequacy when it came out in 2011, proven so just a few years later when SHA-1 was publicly broken in 2017. This makes TPM 1.2 useless for its intended purpose.
The TPM spec is somewhat interesting in that many fundamental capabilities (or at least you would think) are optional. 2.0 enforces some more capabilities and/or adds more capabilities. That's at least one part of it.
How long does Apple keep updating MacOS's for older hardware? That I'm aware, there are iPhone models that were discontinued <5 years ago, but get "security updates only" for iOS. And models disco'ed <7 years ago which no longer get even that.
(Vs. Windows 10 is just under 10 years old now - and I don't know what's the newest Windows 10 system that can't update to Window 11.)
The annoying thing about macOS for legacy users is that they're regularly shut out of new Swift-based apps as developers either use newer Swift features, or just don't have enough resources or patience to keep around older Xcode versions.
I'm still on macOS Ventura (13.x), and am already seeing numerous apps with a minimum version of 14.x or 15.x.
I'd bet my money that if we took a Windows 10 and a macOS High Sierra laptop, the Windows one would run supported versions of apps much longer than the macOS one, even if one upgraded to the latest supported macOS on that machine while staying on Windows 10 as the time went on.
MacOS apps target the latest few versions and given macOS' rapid release cycle (in comparison to Windows, at least), you can easily find yourself with a machine <10 years old that can't run the latest versions of apps you're using.
Without a doubt, Microsoft wins on backward compatibility. I was running a circa-2006 Firewire audio device on Windows 10 in 2021 using drivers that had not been updated since 2012.
I had a Dell Laptop that, when I bought it in 2006, had Windows XP on it. I was able to upgrade it all the way to Windows 10, at no charge. (The beta versions of Windows 7 and Windows 8 both just kind of rolled over into full fledged versions of the OS. Now, even by the time I had Win8 on that machine, it was just for fun. I mostly kept it around because the screen resolution was unusually high for 2006, and for a period afterward, laptop screen resolutions were almost all lower than WXGA+ even on higher end machines. But you could run Windows 10 and modern browsers on a machine built for the WinXP era. Also, I think I paid $700 for that machine, from the Dell Outlet. That's a lot of mileage for the price paid.
So when Windows 10 told me that my 12-year-old Ship of Theseus Dell XPS desktop was unable to take an upgrade to Windows 11, I took a long hard look, and sprung for an M1 Macbook w/ 64gb of RAM. They had a pretty killer deal on these at B&H, and it's the first time I've ever felt like I've had a true "desktop replacement" laptop. I still think Explorer is better than Finder (and I'm not going to argue with anyone about why so don't bother asking), there are things I will miss about having an ATX case, but Apple's abdication on proprietary ports is ultimately what pushed me over the edge. Everything is USB-C. Great! I had gotten a lot of mileage out of Firewire hardware, but I saw this as a pivotal moment to use some of that money I'd saved over the last decade and a half to completely modernize my setup.
If Windows 11 hadn't forced me to consider new core hardware (and if Apple silicon hadn't leapfrogged everything else on the market - using a laptop all day without charging? Phenomenal.) I'd still be using Windows.
I've been using MS operating systems since DOS 3.1, I just have to assume I'm no longer their target market.
I've also been a long time user of Microsoft's OSes, and despite many others here on HN, I actually liked windows almost the whole time I was a user.
I switched when Apple Silicon came out as well, but had a few flirtations with macOS prior to that with Intel macs. Finder is dog shit compared to almost any other file manager on both Windows and Linux. So much so that I just use the terminal now for almost all file tasks.
I don't love macOS, but I hate what Windows has become more, and these laptops are hard to beat, almost perfect combination of performance & battery life.
I suppose if Apple ever fully iOS-isfys macOS I'll just end up on Linux full-time, and I keep Mint on a spare laptop to toy with, I don't mind it, but I have no need to fully switch yet.
If I have TPM disabled in the BIOS, is there any point in not enabling it and using a bypass to install Windows 11? I’m wondering if there’s any scenario where keeping TPM disabled might seem like a good idea?
* As others have pointed out, what if you're locked into using Windows, Windows requires TPM, and TPM implements something you don't like, for example DRM or it snoops on you. Maybe you have to let it scan your drives, maybe your TPM doesn't like your politics.
It's not a guarantee, you may consider it FUD, but you can't tell me it's impossible - you can't even promise me it won't happen.
The TPM is fundamentally about storing cryptographic keys, platform integrity checks, unique IDs, etc. It is already used for secure logins by the Windows OS. Microsoft are successfully enforcing your email, ID, logins, etc, to be associated directly with your unique hardware.
One day you will request a video from Netflix or Youtube, and your device will be the only device in the world that can view it. You might think to screen record, but the OS does not allow it. You might think to record it via an external display, but this has to interface with the TPM. You decide to record your screen from your phone, but the phone's TPM recognises that the camera tries to record DRM material.
Don't get me wrong, security devices should exist 100%. But. It should never be forced.
TPM isn't capable of the outlandish claims you're making. It stores textual content in PCRs, and is extremely limited at that, not at the very least of in size.
Unique IDs of a system don't require a TPM. Microsoft uses unique IDs from various hardware to bind a product key to a particular device, and has been doing that since the XP era.
Intel and gfx vendors already provide secure DRM paths. TPM isn't capable of doing so.
> Don't get me wrong, security devices should exist 100%. But. It should never be forced.
They should be forced otherwise users would continue leaving themselves open to attack. Security has moved on from ACLs. Microsoft recognizes the need for things like VBS to protect against modern threats, which in turn requires TPM.
Apple has been doing this for roughly 15 or so years now with no fanfare on consumer devices. TPM has been around on x86 since the late '00s with little-to-no fanfare.
The TPM push predates the AI craze and I don't see this as a particularly strong compliment so this doesn't really follow to me. But the general idea isn't that crazy honestly. They already use your upload bandwidth via a bittorrent-like system to distribute Windows updates to other users so there is precedent to use client resources to lower their own operating costs.
I think an AI botnet is probably a poor fit for AI workloads not mention it would be a security nightmare.
I think I triggered some people by saying "AI" here, and you're right. This can definitely be used at a much wider scope. It's not specific to AI.
The "AI" comes in where the cost of processing all of the data is high, and Microsoft start pushing everyone to include NPU in their next "AI-enabled Windows PCs". On-device processing with a lot of benefits to the users.. but even more if the results of all of that processing can be sent back to the cloud and not take up space on Microsoft analytics processing farms.
I don't believe in his theory, but running software on someone elses machine clearly benefits from attestation. Otherwise how can you be sure they run what they are told?
Describe to me, how would you perform secure processing of encrypted workloads without it, and know it was secure? That the workload was not in a VM and the hardware was not issuing deliberately weak keys that could be exploited to expose the workload?
I'm thinking, either I need to get used to different workflows or just try virtualization. I heard Figma is great for presentations, anything that Excel can do where the alternatives are lacking is probably better done in R/Python anyway, but for Word I don't see an alternative. No way I'll use LaTeX for all my writing, and anything Markdown-based just won't cut it formatting-wise. Or just use something like Wine I guess. Anyone facing a similar situation?