As Torvalds pointed out in 2019, is that while some major hardware vendors do sell Linux PCs – Dell, for example, with Ubuntu – none of them make it easy. There are also great specialist Linux PC vendors, such as System76, Germany’s TUXEDO Computers, and the UK-based Star Labs, but they tend to market to people who are already into Linux, not disgruntled Windows users. No, one big reason why Linux hasn’t taken off is that there are no major PC OEMs strongly backing it. To Torvalds, Chromebooks “are the path toward the desktop.”
He’s right. If vendors offered Linux based machines people would try. Valve is helping Linux adoption more than all the big names like Dell, Lenovo, HP… combined.
I do a lot of work setting up computers and laptops for people, mostly getting software they need installed and setting up ad blocking so I don’t need to come back later on and clean up a million viruses.
Lately, I’ve been offering a discount to people that allow me to get rid of windows entirely and install Linux, with the option to reinstall Windows for free later. I’ve had several people take me up on the offer, especially once I explain what Recall is to them. Only 1 has had me switch it back, and they needed to use some super niche piece of software that I just absolutely could not get running with wine no matter what I installed, and I suspect that it has something built in to make it not run on non-windows systems.
Basically, just explaining Microsoft’s security nightmare in a way that your average person can understand (and I mean a real average person, not the average person as people on Linux forums see them) has gotten over 2 dozen clients to switch over to Linux with minimal issues.
Also windows borking like 5 peoples SSDs certainly helped!
Do you mind sharing your “script” or bullet points how you tell people about the Recall thing?
Basically it goes like this -
Imagine a stranger is standing over your shoulder with a notepad and a camera. Every couple seconds, he takes a photo of what you’re doing and writes down everything you’ve typed. Then, the man hands that information off to another person. When you ask what that person is going to do with the info, the stranger assures you that he’s a friend and your information is perfectly safe.
You don’t know what it’s being used for, and you can’t be certain that the second stranger will actually keep your information safe. What if he just tosses it into an unlocked file cabinet? Anyone can now just come along and grab your information. That could be something as simple as something you looked at on Facebook. Or, it could contain your banking login. You can’t be certain what they’re taking notes and photos of, and what they or the strangers they supposedly trust are going to do with your information…
So basically just explaining what Recall and data selling are using metaphor combined with a not insignificant amount of fear mongering. The best way I’ve found to explain 99% of computer concepts to lay people is to avoid mentioning a computer as much as possible. This varies depending on the age of the person, but most of the time I’m cleaning or setting up computers and laptops, I’m doing it for someone 50+
- Game studios support - most games don’t support Linux natively (and no, I don’t want compatibility layer upon layer).
- “Default” Linux distribution for average consumers. Average consumers don’t want 2000 distro choices as they will rather stick to one Windows that having to think between many Linux distros and pick one.
- The “default” Linux needs to have the consumer-marketing name of simply “Linux OS”.
Who would make this “default” Linux? Who would be in charge of it? What power would they have over directing development of the kernel? What happens when this centralization that’s so important to soothing the confusion of people who aren’t even using the OS yet inevitably causes it to enshitify and brings us right back to the Windows problem?
No, I’m sorry - there may be some things that would make Linux more palatable to non-techies, but this just recreates the Windows problem again. The same dichotomy that’s been at play for the past 30 years is still at play - you can have it easy or you can have freedom and control, but you can’t have both.
“Default” is basically Ubuntu. By “default” I mean you can use most things without needing to ever think about which desktop environment do I have, which package manager I have etc… it “just works”. It is very bad for average Joe if it says “Linux app” and then you can’t install it using apt because it’s available only in another package manager.
It looks like you can’t install Linux apps onto Linux. What kind of message does that send to the broad consumer market?
Linux don’t need anything to challenge Windows. Windows is doing great on their own.
For gaming and home use I think Windows will slowly die off. But I see precious few enterprise customers who are willing to consider Linux desktops for anyone other than sysadmins or programmers. Some will allow Macs for general users but I’ve never seen one that allows Linux.
Hard to enforce a GPO on Linux, unless it’s locked down like ChromeOS.
That’s really the limiting factor: liability and support costs.
I think you can:
- set up something like Fedora Silverblue,
- disallow root,
- disallow sysrq and such,
- allow sudo only for select few things,
- refresh configuration centrally.
I’m not sure it’s much more work than what I’ve seen in corporate environments with Windows.
I’ve managed Linux desktop fleets in enterprise-like environments. I’ll modify your list a bit:
- Use Rocky or RHEL (because the commercial software you want to use only has support for RHEL and/or Ubuntu)
- disallow root completely without exception
- do additional hardening
- don’t allow sudo for fucking anything
- run centrally controlled configuration management (most likely Puppet)
- Ironically - disallow any use of Flatpak, Snap and AppImage. They don’t play that well with Kerberized NFS-mounted home directories, which you absofuckinglutely will be required to use. (Might have improved since I tried last time, but probably not. Kerberos and network mounted directories,home or otherwise, are usually a hard requirement.)
- Install and manage all software via configuration management (again, somewhat ironically, this works very well with RPMs and DEBs, but not with Flatpak/Snap/Appimage). Update religiously, but controlled (i.e. Snap is out).
- A full reprovision of everything fairly regularly.
- You most likely want TPM-based unlocking of your LUKS encrypted drives, with SecureBoot turned on. This is very fun to get working properly in a Linux environment, but super simple to do on Windows.
And as you have guessed, on Windows this requires a bit of point and click in SCCM to do decently.
On Linux, you’ll wanna start by getting a few really good sysadmins to write a bunch of Puppet for a year or so.
(If we include remote desktop capabilities in the discussion, I’ll do my yearly Wayland-rant.)
- OK. I agree, but personally hate RHEL.
- Yes.
- Suppose so.
- Brightness and sound controls too?..
- Yep, meant that.
- I thought of something like company-issued laptops, which might be good to have functional without Internet connectivity sometimes, if it’s remote work.
- Dependent on the role some users might need to regularly install software you haven’t thought about.
- Yes.
- Well, disagree about SecureBoot, there’s nothing secure about MS signing your binaries. It’s just proof they are signed by MS. Setting TPM under Linux is, eh, something I’ve never done.
You need to have secure boot in order to have the disk decrypt without user input, otherwise the chain is untrusted. You can (and probably should) load your own keys into the firmware and sign everything yourself. MS has nothing to do with it, except that BitLocker is much better than anything any Linux distro has to offer today.
You need to have the disk decrypt without user input, and you can’t have the secret with the user. (As the user is untrusted - could be someone stealing the laptop.) The normal Linux user mantra of ”I own the machine” does not apply here. In this threat model, the corporation owns the machine, and in particular any information on it.
As for sudo, this is why we have polkit. (Yes, technically root, but you get my point)
And as for number 7 - this is why most Windows fleets use ”Software Center” or similar. No reason you can’t do the same on Linux, just that no one has done it yet. (I mean, you can, with pull requests into a puppet repo, but that’s not very user friendly)
Hate RHEL all you want, but first take a look at what distros have any kind of commercial support at all from software vendors. This is the complete list: RHEL, sometimes Rocky, sometimes Ubuntu. Go ask your vendor about Fedora Silverblue and see what happens. The primary reason to run Linux like this is usually to use a specific (and probably very expensive) software that works best on Linux, so distro choice is usually very limited to what that software vendor supports. (And when they say Linux, they are really saying ”the oldest still supported RHEL.)
Basically, corporate requirements go completely against the requirements of enthusiasts and power users. You don’t need Secure Boot to protect your machine from thieves, but a corporation needs Secure Boot to protect the machine from you.
MS has nothing to do with it, except that BitLocker is much better than anything any Linux distro has to offer today.
It’s a piece of software with closed source code. I am aware that people can hide (and have done so many times) a backdoor or a mistake in source code so that it’ll be harder to find than many problems in binaries without source provided.
Still harder to audit.
You need to have the disk decrypt without user input, and you can’t have the secret with the user. (As the user is untrusted - could be someone stealing the laptop.) The normal Linux user mantra of ”I own the machine” does not apply here. In this threat model, the corporation owns the machine, and in particular any information on it.
Smart cards?
Hate RHEL all you want, but first take a look at what distros have any kind of commercial support at all from software vendors. This is the complete list: RHEL, sometimes Rocky, sometimes Ubuntu.
I know.
Basically, corporate requirements go completely against the requirements of enthusiasts and power users. You don’t need Secure Boot to protect your machine from thieves, but a corporation needs Secure Boot to protect the machine from you.
Sigh. Okay.
Linux needs nothing to succeed. It just needs to wait and be there while the big corporations continue to fuck up their systems all on their own.
The recent surge in Linux use from the Windows 10 deprecation and Windows 11 being annoying proves that.
More and more Vendors like Valve will pop up with a growing user base.
The biggest barrier to Linux is people who don’t know that Windows and Android fucking suck. I can’t wait for PostmarketOS to take off so I can tell Google to suck it. Actually, that reminds me to make a donation.
