Windows 11 looks like the perfect reason to give UNIX-based systems another try. Literally the only thing that's kept me hooked to Windows are the Office apps. They're baked into so many of my workflows, from creating simple graphics to doing my personal finances, and of course plenty of legacy documents that I'd like to continue being able to use. They're really Windows-native I've found, even the official versions for iOS seem to be missing some features (last time I checked was in the past year, and I couldn't find some paragraph-level formatting options I wanted in Word, eg). Google Docs seem like a different product, they apparently have great APIs, but the "click-based" features are no match. It's been ages since I tried LibreOffice, but it was no match back then either.
I'm thinking, either I need to get used to different workflows or just try virtualization. I heard Figma is great for presentations, anything that Excel can do where the alternatives are lacking is probably better done in R/Python anyway, but for Word I don't see an alternative. No way I'll use LaTeX for all my writing, and anything Markdown-based just won't cut it formatting-wise. Or just use something like Wine I guess. Anyone facing a similar situation?
lenova 4 hours ago [-]
Long-time Windows user here that made the jump from Windows 11+WSL to Linux a few months ago. After test driving a few distros, I settled on CachyOS (an Arch-based distro)[1].
Performance wise it's smooth as heck, and Geekbench scores show it performing better than Win11 across the board. The default install uses KDE Plasma for its desktop, which is a perfect fit for Windows users like myself in terms of UX/UI.
For an alternative to MS Office, I've been using OnlyOffice[2] with no compatibility issues yet (though I am only a casual user and not a hardcore Word/Excel user).
I reinstalled Win11 last week to confirm whether or not I was experiencing bias, and there was noticeable feeling of "lag" when using Win11 compared to CachyOS (this test was with the latest Win drivers and patches on relatively recent Thinkpad hardware). I went back to Cachy with no hesitation after that.
Can't recommend this enough, I was letting a few games with anticheat keep my personal use on Windows and I decided to jettison those and make the plunge and couldnt be happier.
I went with Mint instead of an arch-based distro, but my experience has been really great even dealing with Geforce drivers.
I use the 365 suite in a web browser if I need to work on it , no issues.
> Yes, every dependency onlyoffice uses is outdated. They even use v8 8.9 that doesn't include any security patches. They also uses outdated CEF binary downloaded from an http url and doesn't check its integrity at all. Even worse, that CEF binary might be closed source as suggested by dbermond in https://github.com/ONLYOFFICE/DesktopEditors/issues/1664
> I would advise anyone who uses onlyoffice to avoid opening any untrusted documents with it. It appears that onlyoffice upstream doesn't care about security at all. See https://github.com/ONLYOFFICE/DesktopEditors/issues/1664 for more details
mikkelam 4 hours ago [-]
How do you know if someone uses Arch Linux? Don't worry they'll tell you ;)
All kidding aside, I recently migrated to EndeavourOS, but CachyOS looks dope too
yoyohello13 3 hours ago [-]
+1 for only office. When I was a data analyst I made this custom graph in Excel that rendered some lines as speedometers. It calculated the rotation based on the input numbers to align them in the right position. LibreOffice could not handle it (and I don't blame them). I was shocked when I opened the file in OnlyOffice and it worked!
packetlost 4 hours ago [-]
Woah, OnlyOffice looks like pretty much exactly what I've been looking for! Nice!
_fat_santa 4 hours ago [-]
I run Linux on my work machine and my office is full Windows/MacOS shop.I've so far been able to get away with using either office web apps for things like Teams, Outlook, Excel and Word and I also have a Window 11 VM that has all the desktop versions of the same apps.
I would say that 99.9% of the time I can get away with using the web app versions, even for things like Teams meetings it works really well. Once in a blue moon I will have a document that I can't open in the web versions so I fire up the VM and open it on there.
There are definitely some annoyances around this workflow but IMHO the annoyances pale in comparison to the annoyance of having to use Windows or MacOS every day.
Karellen 3 hours ago [-]
It's probably worth trying LibreOffice again if your last install was a couple of years ago. They take document compatibility bugs pretty seriously and fix a bunch with every release.
That's probably the easiest step to take next, before looking at virtualization or a full Linux install with Wine.
baq 2 hours ago [-]
Calc is... bad. It's slow and I've run into bugs in formulas; would rather use google sheets, which are a different kind of bad, but better than calc. No issues with writer, haven't used anything else.
kbelder 2 hours ago [-]
LibreOffice does everything I need personally, and is far more powerful and useful than Google's or Microsoft's web suite.
I still use desktop Office for spreadsheets that need to be shared. Word docs are pretty well supported by Libre at this point.
binkHN 1 hours ago [-]
Give Linux a try. After seeing how ad-centered Windows 11 has become, I made the decision to wipe my drive and go full Linux, and I couldn't be happier. Is it perfect? No. Is it better for my workflow and caters to my more advanced usage? A big resounding yes.
It cannot replace Microsoft Office, but it's getting close. Most people don't use the full functionality of Microsoft Office, so LibreOffice and Google's online suite are good enough, but I still keep a remote Windows Virtual Machine (VM) around for those time I need Windows-specific stuff and RDP into the VM. I look forward to the day Microsoft finally wakes up and ports Microsoft Office to Linux.
juujian 5 hours ago [-]
I can vouch that the OnlyOffice flatpak is worth at least giving a try. Just sending sth important without requiring Microsoft office at all, feels so good. Granted I have a docx template and generated the initial version with pandoc, so I'm not doing any formatting or anything, just back and forth over editing.
pinoy420 4 hours ago [-]
Office is moving web based. OWA is first class now, with Outlook New being a thin wrapper around it with some natives. Also their mockups all use macs primarily so “go figure”
p_ing 4 hours ago [-]
There is a long, long road ahead for that to happen. Excel has to not only radically change itself, but so does Power BI. The 3rd party ecosystem has slowly changed from COM add-ins to the JS-based Add-ins, but even then there are many 3rd parties that continue to go the COM route, hence the very long deprecation road for 'legacy' Outlook in the enterprise.
semi-extrinsic 4 hours ago [-]
I can tell you very definitely that the OWA apps for Word, Excel and Powerpoint have a way to go before being usable on complex/legacy documents.
scblock 25 minutes ago [-]
So do the native apps. I can type faster than word can render my text.
tonyedgecombe 4 hours ago [-]
>Also their mockups all use macs primarily so “go figure”
That tells you everything.
dehrmann 1 hours ago [-]
I've used windows for 30+ years, and I'm getting a Mac this year. I seriously considered Linux on a Thinkpad and even test-drove Debian on my older X1 Carbon. I tried, but too many things didn't quite work. I'd get stuck on the login screen for no apparent reason. VMware modules were a pain to build and sign. Something (might have been VMware modules) caused it to freeze. Hidpi support isn't ready. And nothing was really polished.
ge96 1 hours ago [-]
Used Carbon x1s are such a great buy, $200 you get 1440p i7 16gb ram only problem is batteries but yeah works great on Ubuntu in my experience
dehrmann 1 hours ago [-]
Sounds like my 6th Gen X1, only I replaced the battery last fall. I also noticed the display glitches sometimes when I open it, and the USB-C ports have connection issues sometimes.
brudgers 20 minutes ago [-]
Windows 11 looks like the perfect reason to give UNIX-based systems another try.
For me, I went back to Linux from Windows 10 on my soon to be ten year old laptop when the SSD died.
My newer laptop was upgraded from 10 to 11 without much heartbreak. Windows is much better supported by manufacturers when it comes to upgrading and configuring ordinary consumer products.
For me, Windows is just another tool. Not an ideology. In some ways it sucks in some ways it is great. Same with Linux.
pjmlp 2 hours ago [-]
I gave up on Linux Desktop by Windows 7 timeframe, there is always something that doesn't work, even for old dogs with UNIX experience back to 1990's.
Since I am not to pay Apple prices for private gear, I rather keep Windows with Linux VM approach.
At work, it is a mix of Windows and macOS, depending on the project.
We leave Linux for the cloud servers, and embedded devices.
raintrees 4 hours ago [-]
Same, although I have been on a Linux distro (different over the years) for the last 18 years, I keep a virtual Win7 machine just to run Outlook.
I have been able to do pretty much everything I need to workflow-wise with LibreOffice.
And any office basic dev work, I just do on the client machine or a virtual machine now.
nosioptar 2 hours ago [-]
I've had good luck with OpenOffice Writer being compatible with MS Office.
(LibreOffice was constantly having compatibility problems when I used it.)
airstrike 4 hours ago [-]
I'm working on a cross-platform native-first, offline-first replacement for Excel and PowerPoint, so hopefully it can help you and others make the switch.
I, too, spent far too long trapped in Windows because I couldn't get away from MS Office
ryao 2 hours ago [-]
You can install Office 2016 in Wine. The newer versions have some sort of DRM that is illegal for Wine to support.
globular-toast 4 hours ago [-]
When I see people waking up now I wonder what's taken them so long. I could see this 15 years ago and jumped off Windows at that point. Been using Linux ever since. It's become so easy since then I've intentionally made my life more difficult by switching to Gentoo about 5 years ago. I'm so glad none of my work is locked into the products of rent seeking companies like Microsoft. It was easier for me because 15 years I didn't already have a body of work and an investment into any tools, but I still think it's something you'll be glad you did in another 15 years.
mixmastamyk 3 hours ago [-]
Indeed, the security shenanigans around XP are what convinced me to finally move over.
“Better formatting” is not nearly enough to stay in an abusive relationship.
freeone3000 2 hours ago [-]
How the documents look is everything. That’s what separates desktop publishing like Word from Notepad. The documents have to look the same and have to print the same. Legal cases depend on it. Academic submissions depend on it (Nature Communications template is not latex, it is word). This is not something that can be omitted.
globular-toast 1 hours ago [-]
Word doesn't guarantee they look the same anyway. People send PDFs when they care about that.
freeone3000 55 minutes ago [-]
Ah, but, “pdfs aren’t editable” and “pdfs cost more money to view”. People absolutely do use Word when they want documents to look the same, and will complain when the documents look different.
giancarlostoro 5 hours ago [-]
I mean... Office also just runs just fine on a Mac. But I agree, Linux is the way to go. VMs are not so bad, but you can also use Steam's Proton to run most Windows software just fine, I would be surprised if people don't just run Office from Steam's flavor of Wine, since the game support is phenomenal.
ch_123 6 hours ago [-]
What is Microsoft hoping to accomplish here? Given the rate of adoption of Windows 11, it seems unlikely that a majority of Windows 10 users will replace their hardware between now and October. It also seems to me that the scenario where a majority of PC users are running an unsupported Windows release is likely to create MS more problems than is offset by potential revenue from a hardware refresh cycle. Is there an ulterior motive at play beyond wanting to create a hardware refresh cycle?
kjellsbells 5 hours ago [-]
I would it is a combination of metric-stuffing, land grab, and genuine concern about security.
Metric stuffing. Everyone at Microsoft is graded on "impact". All the EVP-types at Microsoft have their eye on boldface jobs, so they need a track record of massive impact. Beimg able to claim that they got W11 from X billion devices to Y is how theyll be judged. Another example is how in Azure, the only metric that matters is consumed revenue. That sort of thing drives behavior.
Land grab. W11 infamously makes the Start menu a billboard and has all kinds of usage data going back to the mother ship. If adoption slows, then Microsoft misses out on eyeballs, misses out on the ability to weld users to Copilot, misses the opportunity to earn money from ads, misses the opportunity to improve Windows by learning how people really use their conputers.
Security. Windows is embedded in modern life and although Microsoft gets a lot of flak, (and sometimes it takes a major beating to remind them of their responsibilities), they do want to elevate the security of users. They believe that W11 and TPM will give them a basis to really deliver stronger services. I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
Then again, I plan to use this opportunity to install Linux on my old PC.
Croftengea 3 hours ago [-]
> Security.
Ironically, TPM requirement comes from the same company that invented logging your screen every few seconds and storing it unencrypted and without your consent.
stackskipton 1 hours ago [-]
Copilot+ thing is due to Metric stuffing. AI is big and Microsoft wanted to juice the numbers so stuffing copilot down everyone throat.
Security is important but like every company, will take a backseat to "revenue" or "growth".
2 hours ago [-]
WorldMaker 3 hours ago [-]
> I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
One particularly generous view is that the TPM requirements catch PCs up with the TPM requirements of modern phones. (Both iOS and Android have had very strict TPM requirements for a while now.) With a lot of industry interest in moving to hardware security-backed Passkeys to replace passwords, it would help to have PCs on an equal security footing with phones.
Passkeys are a pretty big deal to reduce home user exposure. Phishing and all of its variants are as much or more a home user problem as ransomware.
Hawxy 5 hours ago [-]
> Security
There's a pretty interesting video from 2023 that goes through much of Microsoft's thoughts around Windows security. It flew under the radar unfortunately:
- Windows 11 has provided a hardware security baseline for Microsoft, with features that require hardware support (HVCI, TPM etc) to be enabled by default going forward, stating that Windows 10 strategy of off-by-default was a failure.
- Admin accounts are a continued security problem within the Windows ecosystem, so a future version of Windows will be adding a new "Adminless" account model with linux-like just-in-time escalation. This new model intends to provide a secure middle-ground between the frustrations of a standard user account and the security risks of an Admin account. "Adminless" accounts will run as a "less privileged" user by default and prompt users with Windows Hello when an application requires escalation for a given operation, rather than permanently running the account as a standard or admin user.
- Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP. Developers will be able to specify what privileges an application requires, much like other application platforms. A demo was shown of Notepad++ running under this sandbox model with minimal modification.
-TPMs within the ecosystem are not in a healthy state, with telemetry telling Microsoft that many are running vulnerable firmware due to manufactures not pushing out updates, and some being inoperable due to hardware failures or other issues. Microsoft is working on its Pluton security chip to replace/augment the existing TPM ecosystem and have the ability to push out firmware updates via Windows Update.
- Software/Hardware mitigations are reaching the end of the road in terms of viability. Microsoft is now focused on eliminating classes of security bugs with extensive R&D going into the use of Memory-safe languages (Rust) in areas of the system that exploits often appear in.
gsnedders 4 hours ago [-]
> a new "Adminless" account model with linux-like just-in-time escalation
This was the promise of User Account Control, was it not? Or does that just prompt for confirmation for various actions, without actually enforcing a security boundary?
WorldMaker 3 hours ago [-]
The way I read it, the difference between existing UAC and "Adminless" is that the user is always in the Administrators group and UAC just unlocks an Administrator token/ACL temporarily to bestow the actual powers of the Administrators group. In "Adminless" the user is only a less privileged/low privilege user, a new system-managed Admin User is created, and the new security boundary prompts instead of unlocking a temporary token/ACL are more "runas" the system-managed Admin User. It's similar to Linux sudo sending commands to the root account, where Linux doesn't have a token/ACL model that allows temporarily upgrading the existing user "in place". It's also similar to how Windows Admin security was managed pre-UAC in places that separated standard accounts and Admin accounts, and similar to how many corporations still manage security, with the difference being that the new "Adminless" admin account is system owned (like the various internal service accounts), supposedly does not allow interactive login, has no password only a hardware security key (hence why the new security boundary requires Windows Hello unlocks every time, versus UAC can be as subtle as Yes/No, depending on configuration/group policy).
"Adminless" is a funny name given that there's still an admin account involved, it's just an admin account that is much more than before not a user account but more like a service account.
p_ing 4 hours ago [-]
UAC provides just-in-time elevation. The user belongs to the 'admin' group (aka wheel) and only receives an admin token when performing a task that requires elevation. Once the task is complete, the token is destroyed.
Karellen 3 hours ago [-]
Sorry, I'm confused. I can't figure out from your explanation how the new adminless just-in-time elevation is supposed to be different from UAC's just-in-time elevation?
kbolino 3 hours ago [-]
As far as I can tell, the difference is this:
UAC is per-process and monotonic. Once elevated, the entire process stays elevated.
The new model is per-operation. Even if the same process has been allowed to elevate before, it must ask to do it again. I don't know how granular this is, and whether there's a grace period like sudo.
However, the biggest problem with UAC was that it was considered too noisy for the end user, leading to people just blindly accepting every dialog and Microsoft turning down the default level to the much less secure "don't always prompt". I don't know how this new model will address that problem; naively, it seems to be worse on this front.
cptskippy 2 hours ago [-]
> Once the task is complete, the token is destroyed.
It's less granular than a task though, it's an execution context. If you're running Notepad++ and it wants to update, it requires an elevation. The installer is now running in an admin context and can do whatever it wants, once it's finished installing it usually asks if you want to launch Notepad++ again. At that point the installer running in the admin context can launch Notepad++ within that admin context.
Thus there's a potential for the admin context to persist indefinitely.
In my mind, tasked based elevation is more granular. Something like "I need to write to the program files directory" and not a carte blanche "gimmie admin access to do whatever the hell I want".
DCH3416 4 hours ago [-]
> Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP.
Wow that thing they probably should've been doing in the first place. I'll be curious if it'll end up as a supervisor (AI) model or if each program will have its own scope of a file system. The latter of course will be very tricky with how intertwined legacy software can be for file and registry access.
pixl97 3 hours ago [-]
Yea, making sure legacy apps keep working is the hard part especially when they have million+ unit customers that have issues around it.
butlike 4 hours ago [-]
win32 isolation sounds cool.
AnthonyMouse 2 hours ago [-]
Your first two reasons are why they're discontinuing support for Windows 10. The intention to drive Windows 11 adoption is inverse to disabling upgrades, because then some of the people without a supported PC won't be able to afford a new one and will switch to Linux or continue to run Windows 10 unsupported when they would otherwise have installed Windows 11 on it.
And the security reason is nonsense because as you point out, the overwhelming majority of Windows security problems are in no way improved by a TPM.
The most likely real explanation is that Microsoft is constantly at war with itself and the manager currently occupying the relevant coign of vantage finds it to be in their personal interest for some muddy reason having to do with internal politics.
binkHN 1 hours ago [-]
> I plan to use this opportunity to install Linux on my old PC.
Use this opportunity to install Linux and your NEW PC, and then buckle in!
66fm472tjy7 22 minutes ago [-]
puts tinfoil hat on
Ensuring that a critical mass of people use remote attestation[0] capable devices.
The next step is a browser API[1] for this so that content owners can exclude devices capable of storing the content, or stripping out ads/tracking, etc.
Sure, there will be a cat-and-mouse game where people will figure out how to fake the attestation for some period of time, but general computation[2] is probably on the way out.
But on the other hand there are valid reasons for requiring a minimum baseline for Windows 11.
The TPM requirements for example allow seamless BitLocker (which provides feature-parity with macOS), it allows secure system credential storage (in both consumer and enterprise contexts) and it's also useful for application developers. For example Chrome can defend user data better against malware or provide features like Device Bound Session Credentials (DBSC).
Requiring certain CPU features on the other hand makes it easier to ship better-optimized executables.
The two combined make it possible to provide things like VBS/HVCI, which is a massive leap for Windows security (it's actually considered a security boundary, unlike UAC).
lukeschlather 4 hours ago [-]
The number of functioning computers that are restricted to Windows 10 probably still outnumber the number of computers that can run Windows 11. Most people don't have $500 to drop on a replacement. (Very many of these computers might've been thousands of dollars new and will still outperform the majority of new Windows 11 machines.)
Microsoft is just putting a huge environmental waste of a mandated obsolesence tax on the entire world. But Microsoft doesn't pay the opportunity cost of losing all that hardware. (I wonder how much the hardware Microsoft wants destroyed is worth, hundreds of millions of dollars?)
Avamander 4 hours ago [-]
Sure and the number of computers that can run Linux outperform them both. Maybe you don't need W11?
I also don't think the share of TPM-less computers out there is actually that significant. Most laptops have shipped with one for a long time. Desktops that lack one can often buy one. Which is way cheaper than a new PC should you need W11. (I also suspect there are options way cheaper than $500 as well.)
Saying that not being able to run W11 turns something into e-waste is frankly rather crazy. Neither do they want that hardware destroyed.
AnthonyMouse 1 hours ago [-]
There is still a lot of quite useful hardware that isn't supported. For example, the first gen Ryzen is apparently not supported, so then you're having to replace e.g. a Threadripper 1950X which has 16 cores and a 4GHz turbo. A new PC with even equivalent performance would be $600+ and a $500 new PC would be a downgrade.
There is also plenty of hardware that isn't fast but is being used in a situation where that doesn't matter. Some Haswell quad core being used for web and email could continue to be used for that indefinitely. That is old enough that it could be replaced with something newer for less than $500, but the entirety of the replacement cost is still lost money because it otherwise wouldn't have had to be replaced at all.
prmoustache 4 hours ago [-]
Allowing old devices without those TPM requirements to work would not limit security of the devices that can work with it.
Sooner or later, these non windows 11 compliant machines will mostly disappear from most households and offices and will only attract retro computing and linux users when they will not match the usual memory requirements of the day. These are usually the kind of computers that came with 8GB or less of memory out of the box and they could quietly drop support for them somewhere later within the next 10 years when everybody is running 128GB of ram or so and only a handful of people care about it.
Avamander 4 hours ago [-]
I'm fairly sure that you'll be able to run W11 without a TPM for a relatively long time, it's just not supported. It's a risk you have to take, it's a requirement for OEMs not to shaft you with the hardware they sell.
If anything it's the CPU requirements that create a hard requirement for newer HW. But in that case, that support is a cost for them. Why should they spend the effort for what is likely going to be a very subpar experience?
xmodem 6 hours ago [-]
I don't think there's anything going on here other than general corporate ham-fisted-ness.
* Microsoft believes the improvements in windows 11 provide genuine benefit to their users.
* Microsoft doesn't want to maintain their older OS forever.
What we are seeing play out however is that the consumer / small business market either does not understand or does not care about those benefits. I don't see any viable end-state for this other than Microsoft relaxing the requirements for Windows 11 or extending the end-of-support date for Windows 10. Based on this action my money is on the latter.
smw 4 hours ago [-]
Wouldn't disallowing updates to Win 11 be the opposite of a logical plan if your goal was to get people upgraded to Win 11?
xmodem 28 minutes ago [-]
Depends why you want to get users upgraded. If you want your users to be upgraded so they have access to security improvements, and those security improvements require TPM 2.0 or whatever, then allowing upgrades on older systems without TPM 2.0 rather undermines the point of getting those users upgraded.
hparadiz 4 hours ago [-]
The secondary goal is lowering support costs. Less hardware to support does that.
AnthonyMouse 1 hours ago [-]
Substantially the entirety of the legacy hardware support cost is for accessories, i.e. PCIe cards and USB devices. All of that still exists and people will continue to expect to plug their existing devices into their new PC and have them work.
butlike 4 hours ago [-]
"Well you see..."
<starts waving hands around wildly>
"If you debase your current OS, you PRIME people for the next OS, Win13!"
<speech devolves into gibberish at this point>
hennell 5 hours ago [-]
As an Occam fan, I'd assume the main accomplishment is ensuring a minimum level of hardware capability for Windows 11. Anything on W11 will have a TPM so you can build around it. There's also a minimum CPU spec or whatever you can know you don't need to test under.
I'd imagine that cutting off support for 10+ year old machines and hardware would give a much bigger advantage then the revenue they get from a hardware refresh itself.
asveikau 45 minutes ago [-]
If you think of how much hardware is capable to run it but they're artificially blocking, it's also rather morally irresponsible from the perspective of e-waste.
somenameforme 5 hours ago [-]
Be thankful you've never found yourself involved in the Microsoft system of APIs. They behave beyond irrationally. Perhaps somebody can explain why from an internal view, but from an external view it's like this - WPF was one of Microsoft's first UI frameworks released after the Winforms age. It was initially Windows only but had a large enough following that it eventually ended up getting non-official ports to just about every platform. And it was really quite an excellent UI library.
So then Microsoft decided to follow this up with UWP. UWP was the intended successor to WPF, the 'Universal Windows Platform'. It was supposed to run on any Windows platform. But then the Windows Phone got cancelled, and they also eventually cancelled all support for anything except Windows 10. So it turned into the Windows 10 Platform. And it was heavily tied into the Microsoft store to the point that actually deploying it elsewhere was rendered infeasible. Outside of that it was a technically inferior WPF with a few nicer looking default UI elements and a bunch of new bugs. Oh and some namespaces and other things were changed mostly pretty randomly just enough to make it completely incompatible with WPF.
And then this process repeated multiple times over. Each time they lost more and more developers. If they had simply continued building on WPF I think they would likely be a universal standard for UI development, at least for desktop. Instead they're now onto WinUI 3 which nobody uses, including Microsoft. Oh and all the while this was happening they were also developing Xamarin (and similar timeline of a million subsequent renamings and 'refactorings') which is pretty much the same thing, but different, and cross platform, but not.
I'm the sort that'd naturally leap to conspiratorial explanations - Microsoft pushing anything called "trusted" feels like a rusted van with darkened windows sitting outside a school with "FREE CANDY" sloppily painted on the side. But in this case.. no, Microsoft is just so completely weird and irrational with how they push things, often to the point of self defeat.
mystified5016 33 minutes ago [-]
all of Microsoft's UI is like this and I really don't get it. Forms, WPF, and UWP were all abandoned at different stages of development.
Microsoft ships a UWP demo repository which includes the most fully functional Bluetooth manager anyone has ever built for W10. The stock Bluetooth manager has maybe 10% of the functionality. It's also fundamentally broken in a lot of ways. But this UWP demo they have should have been the stock app. It's wild.
Then of course you still have 50 year old UIs hiding in the lowest levels of the control panel. You can dig through the archeological record on your own pc and look at Win3 UI designs. It's astonishing.
At this point, I don't know anyone who uses any of Microsoft's UI frameworks for a real product. It's either QT or Avalonia or something. Who would ever trust their newest framework when every prior framework was abandoned half-finished and left to rot for years?
butlike 4 hours ago [-]
Why not release a tool that runs and shows me the minimum I need to spend to get my PC windows 11 ready? Hide it behind a few menus/drop downs since it will be an "advanced" pc-builder tool.
I imagine it's only my MOBO which is missing TPM, but a suggestion of what mobo to buy which would be compatible with all my other components (RAM DIMMS, PCI-e cards) would be killer.
johngossman 3 hours ago [-]
PC Health check will tell you if your existing PC will run Win11. If you are building a computer, any new MOBO has TPM.
Mindwipe 6 hours ago [-]
It's pretty obviously two middle managers fighting each other, and senior management is too distracted by AI to worry about core products being on fire.
saratogacx 6 hours ago [-]
Maybe if the renamed the bypass Microsoft Windows 11 Installer Co-Pilot for Legacy Systems it would get their attention.
grotorea 5 hours ago [-]
Is this not important enough for senior management?
neilv 2 hours ago [-]
Here's a bootable bypass .iso for this (and for the million other bits of anti-user behavior that MS has pulled, and will keep pulling):
For next version of Windows 11, I'll wait what Rufus will do.
Alifatisk 7 hours ago [-]
The requirements for Windows 11 has really put computers with older hardware in a difficult spot.
They are used to Windows so they want to stay there, I want to suggest Linux Mint but I am not aware of how much of the apps used daily is supported in Linux.
Not every user want to fiddle with the terminal.
Daunk 6 hours ago [-]
I recently found out that a friend of mine installed Linux on his own, completely removing his Windows install. And he has yet to "fiddle with the terminal", but still enjoys gaming on Steam and goes on with his daily routine.
cesarb 6 hours ago [-]
One thing I've observed is that people who started using Linux a long time ago (which is my case) tend to slide into the command line, even when there's a perfectly good GUI alternative. Want to rename a file? Why use F2, just open a terminal, cd to the path, and mv the file.
Newer users who started with the GUI are less likely to have these habits.
jillesvangurp 3 hours ago [-]
It's a hard learned lesson that the UI tools can fail you at some point with Linux. At which point you are going to have to resort to the command line to fix it or just reinstall everything from scratch. A lot of people do the latter. Learning to fix things will get you familiar with the command line in a hurry.
blandenialo 6 hours ago [-]
Maybe its just me but I never use the command line unless necessary even tho I used to fidget with it in Ubuntu
ta1243 5 hours ago [-]
When did you start using linux?
b3lvedere 4 hours ago [-]
For me personally it depends on what's the most convenient at the moment.
I've played around with Debian for several years using it for small little servers. They do not need to have a monitor connected, so i never use a gui.
When using my Steam Deck i don't have a keyboard and the virtual keyboard is kinda annoying, so i use the gui.
I can't seem to get used to work with a Debian installed laptop. I've tried many times, but i don't see a daily beneficial goal to use Linux, mostly because i'll always get Windows 10/11 working :)
ta1243 5 hours ago [-]
I've been using Linux for 25 years, there were file browsers and I believe F2 did rename. I rarely use them, but then it's rare I want to rename a file. If I want to do something larger, it tends to be using things like "find" or at least "mv * /tgt".
ThatMedicIsASpy 5 hours ago [-]
A dropdown terminal with tab autocomplete is faster for navigation on my end
skydhash 2 hours ago [-]
I use a tiling WM, I'm always certain that Workspace 3 and 4 will have a terminal open, and from there it's just using lf (tui file manager). I don't have a GUI file manager installed.
queuebert 6 hours ago [-]
Linux is in desperate need of a PR campaign. The popular distros are just as functional out of the box as Windows, but no one knows it.
diggan 6 hours ago [-]
> The popular distros are just as functional out of the box as Windows, but no one knows it.
As always, it depends on what the user uses the computer for. Not everyone can run Windows full-time, as some applications don't work on Linux. I am a full-time Linux user for decades at this point, yet I still use applications that only run on Windows and are too latency sensitive to run well through a VM (and don't work at all via Wine).
Maybe though, these applications could get some love if there was a PR campaign for people to move to Linux...
tassadarforaiur 6 hours ago [-]
Valve expanding steamos compatibility might be the closest we're getting.Hopefully their flavour is viable for a variety of computers by windows 10 sunset date.
Alifatisk 5 hours ago [-]
> The popular distros are just as functional out of the box as Windows
Give me some names that works out of the box and resembles Windows. I have not tried Linux mint so I don't know how well it works for older people. Ubuntu has been quite good and stable but it has also required fiddling with the terminal.
The only one I found to be the best alternative to Windows is ... believe it or not, DeepinOS.
graemep 3 hours ago [-]
Why is resembles Windows important? Macos does not and is doing fine, so is Chromeos, so is Android.
Even Windows can be quite different from older versions of Windows.
bigstrat2003 2 hours ago [-]
Because if you wish to convince people they should switch from Windows, that's a very important factor. People do not like change, and they want the skills they have to transfer over as much as possible.
graemep 2 hours ago [-]
So why have so many people switched from Windows to MacOS?
Alifatisk 1 hours ago [-]
I can't speak for every single one of them but I can say that some of them probably did it by choice and was prepared to handle the friction in the beginning until they get used to it. I know lots of people who switched from Windows to Mac where power users / had good computer habit.
However, I don't think some of the older people are willing to go through all that. I wish to see an easier option for people who wants a smoother transition from Win10 to something else, especially now since Win10 is being discontinued october this year.
StefanBatory 2 hours ago [-]
My parents would break down in panic if they did as much as moved a single icon to the left on Android phones. To them it was almost as if they broke the phone.
mystified5016 20 minutes ago [-]
I gave my husband Manjaro and he's fine. I gave him a shell script to force update discord (ugh) but he only has to double click it.
People like to freak about how arch isn't for newbies but honestly it's fine. I find it to be just as stable as Debian.
But let's be real, aside from gaming, 99% of what the average user does with a computer is open a web browser. Dekstop apps are secondary. If you put a Firefox/chrome button in the task bar, you've covered most user requirements.
Power users who actually need a bunch of proper desktop applications have a different set of needs. It's impossible to generalize, but a very large fraction of those users would probably be happy with the Linux alternatives, or wine and proton. A lobotomized W10 LTSC VM is also quite usable.
most users won't know or care they're on Linux if the browser works.
dbcjv7vhxj 5 hours ago [-]
PopOS is more Mac than windows but it's what you're after.
butlike 4 hours ago [-]
KDE is as close to win as you can get on a linux kernel
beart 6 hours ago [-]
In my experience, it is not about functionality. It is about polish, integrations, and troubleshooting. If you assume all your devices and software will work on Linux mint out of the box, great. But they won't. Then you end up spending hours trying to get the 5th mouse button to do what it does automatically in Windows. Sure there's a fancy utility on Linux that supports programming that mouse, good luck getting your mother to figure that out.
vladvasiliu 4 hours ago [-]
I think it's about habit more than anything. People are used to Windows' sharp edges and have developed workarounds (just reboot it).
But no, the experience is nowhere near "polished", and troubleshooting is a joke. "Something unexpected happened" or "contact your administrator" isn't exactly helpful. Sure, there may be some log somewhere in that godawful event viewer, but who has the patience to wait for that abomination to load? And then to go spelunking in the millions of categories?
Windows is hands-down the most annoying and janky computing experience among all my devices. I put up with it because I like Photoshop, and since I have PCs lying around can't justify buying a MacBook (plus Linux works well enough for all my other needs).
HiDPI support is a joke, with windows showing up wherever they want, the start menu becoming blurry, taskbar menus appearing at random locations on the screen. The windows jump up and down when switching virtual desktops. Windows appear as active, complete with a blinking cursor and everything, yet won't register text input until I click on them. I could go on for days.
skeaker 2 hours ago [-]
"Just reboot it" is 1000x more polished than having to jump into the terminal or reinstall your OS (both of which are 100% inaccessible to the average user). Troubleshooting can be done by googling your issue on Windows whereas Linux has dozens of repos with that all require different troubleshooting steps on much more niche websites that won't come up on the first page of google while the average user doesn't know what the hell a GNOME or a KDE is.
Windows wins 100-0 in terms of polish in the eyes of the average user, and that's saying something given that it's not very polished as you said.
olyjohn 28 minutes ago [-]
Please. The standard for fixing Windows has been to backup and reinstall the OS for as long as I have used it. You can spend days trying to fix a problem with the OS, or just reinstall it in a couple of hours, most people go for the quick and easy reinstall. This is standard for phones, tablets too, since you can't actually even attempt to fix them.
keyringlight 5 hours ago [-]
This seems to be my experience too. The "linux is a great simple windows alternative" attitude works great so long as your usage follows well trodden paths, but otherwise you end up in the weeds quickly.
The kinds of usages that consumer windows has had and the software ecosystem that's promoted for 3+ decades compared to what has been developed for linux affects this too. Windows is extremely broad in all the software available for all the little utilities users are going to look for, and hardware it's going to need to support (and support well). Even trying to pull windows applications that don't do anything too complex over to linux via Wine is very much a YMMV area. It's impressive what has been accomplished and the recent rate of progress, but there's always more to do so it's not an awkward, poorer version of doing the same task in windows.
The aspect I wonder about is what proportion of the 60% of people still using win10 are actually aware or care about it going end of life, assuming windows doesn't auto-update to 11 for them any EOL warning will just be swatted away like most other annoyances so they can get on with their intended task. Getting that type of user to switch to linux seems like it'd remain a herculean task.
jenscow 4 hours ago [-]
"mother" has no need for a 5 button programmable mouse, nor does she have a need for applications beyond the web browser. No troubleshooting required.
Daunk 3 hours ago [-]
I second this. A lot of technical people struggle with Linux, and I think a lot of that is because they have a way of working and they want to force whatever they use to work like that. While less technical people just use whatever they're given. My father and my grandmother both use Linux, and they don't even know it and there are no issues.
butlike 4 hours ago [-]
just dont turn her around and have her be a skeleton, please
wpm 6 hours ago [-]
That’s if you can even connect to the internet!
Have an older device? It maybe didn’t come with WiFi, or came with an older card you replaced with a better one. Better hope the distro and version of that distro you picked has a kernel with drivers already baked in!
Otherwise it’s off to some random git following some random “download this source” and oh wait I’m not connected to the Internet.
vladvasiliu 5 hours ago [-]
Well, latest windows 11 installer doesn't detect my laptop's touchpad nor trackpoint, nor wifi adapter. Sure, I usually have a mouse lying around which works, but not a network adapter. So I had to go look up on the internet how to convince it to go past the installer without insisting on connecting to the internet. Spoiler alert: it was some obscure command in the terminal.
This is a 2020 full-intel, basic enterprise machine, nothing fancy. Worked fully out of the box under Linux, including sleep. The display output was borken for about a year under Windows (wouldn't output 4k@60 without doing a stupid plug-unplug-replug-just-at-the-right-time dance). At one point, installing the latest driver from intel worked, but Windows would helpfully "update" it to an earlier, borked version every other day.
My point is that the current hardware situation seems pretty much hit-and-miss, and figuring that running windows to avoid fiddling with drivers and whatnot isn't such a sure-thing as people in this thread make it out to be.
kjellsbells 5 hours ago [-]
I know the jungle of PCs has some strange beasts in it, but I still suspect that there is a very strong Pareto curve, even considering the kinds of PCs that the stereotypical retired parents have. If Ubuntu (say) decided that they were going to release a version for Windows refugees,they could probably mop up 75% of the market by focusing on Dell hardware and Logitech peripherals, and get to 80+ with HP and whoever the number 3 vendor was. Leave the 2005-era Packard Bell junk to Windows, define the base level, and partner officially with these vendors to get access to their build sheets and specs to deliver a solid path out of Windows. It could be done. (It wont be done, though, cos theres no money in it)
modo_mario 3 hours ago [-]
I've had very much the opposite experience with old wifi dongles and the like.
I can think of only one example where it was the other way around...but at least i got it working.
dehrmann 1 hours ago [-]
There are too many distros. Even the Gnome/KDE split has been unproductive. Desktop linux would have done better with more resources polishing a single product rather than making 20 half-baked products.
AnthonyMouse 1 hours ago [-]
It doesn't really matter how many distros there are. If you're a new user, just use Debian Stable or Ubuntu LTS.
p_ing 6 hours ago [-]
Linux is in desperate need of a stable ABI that isn't Win32 as well as a stable, unified Window Server.
marcodiego 4 hours ago [-]
Snaps, flatpaks and appimages are converging to that. Slowly indeed, but they are.
chupasaurus 5 hours ago [-]
IBM employee without a disclosure? /sarcasm
butlike 4 hours ago [-]
We're just 5 years away from...
- AGI/ASI
- Fusion Energy
- Linux overtaking Windows
electrosphere 2 hours ago [-]
2025 - Year of the Linux Desktop
MiddleEndian 6 hours ago [-]
A friend of mine also uses Linux Mint of his own volition. Smart but not a tech enthusiast, he's also never touched the command line.
xmodem 5 hours ago [-]
At no point in history has using a 10-year-old PC been as viable as it is today.
Kenji 4 hours ago [-]
[dead]
roskelld 2 hours ago [-]
I don't know how accurate StatCounter is, but their latest report is showing the breakdown of OS users as:
- Windows 11: 36%
- Windows 10: 60%
Using Steam Hardware survey, it shows:
- Windows 11: 53.46% (-1.50%)
- Windows 10: 42.87% (+0.48%)
Whilst these numbers look very bad for Microsoft, especially given that we're less than 10 months away from Windows 10's home user support, it's potentially even worse if the data is correct and more people are reverting to Windows 10. Reasons I can think of there might be due to some of the recent Windows 11 updates harming performance in applications, notably many major Ubisoft titles.
I'm still on Windows 10, for two reasons. My motherboard does not support TPM 2.0, and I have not had any reason to need to upgrade given it still runs everything I need perfectly. Secondly, I have not seen any reason to go to 11 from 10; I don't love 10, but 11 doesn't seem to fix any of my issues, if anything I see many worse features.
I wonder how many hundreds of millions of Windows 10 machines are going to become e-waste because of Windows 11's TPM requirements?
mystified5016 29 minutes ago [-]
I build and sell a product that is meant to talk to a windows host over Bluetooth.
My application does not work at all on W11. The Bluetooth stack is somehow even more broken than W10. It's to the point where we're developing our own wireless dongle to bypass this entire mess.
Microsoft has forcibly installed W11 on our test machine three times and every time it's completely broken and we have to revert.
It's not good.
Kokouane 5 hours ago [-]
Still feels like the solution here is just using Windows 10 IoT LTSC to avoid all this madness. It's a bloated product that feels worse to use than Windows 10, plain and simple.
dehrmann 1 hours ago [-]
Are there any off-the-beaten-path issues with setting up my parents with this?
ranger_danger 2 hours ago [-]
Windows 11 IoT Enterprise 24H2 (LTSC and non), very officially does not require TPM.
braggerxyz 5 hours ago [-]
I run 3 old and one modern PC at home. With the advent of Win11 and the TPM fiasco 3 years ago I sunset all my Windows installations in favor of Linux. After some experimentation I settled with Void Linux. Stable rolling release, and I have complete control over the hardware I own.
Microsoft can go kick rocks...
teeray 6 hours ago [-]
I wonder if there’s any room for a manufacturer that would make an untrusted TPU. Like, one that quacks like a TPU, but has will sing like a bird if you ask for its keys. Violates all of the security guarantees? Yep, you bet. But it does provide some insurance against an industry that might want to use TPUs against us (e.g. DRM).
xmodem 6 hours ago [-]
You can install Windows 11 into a virtual machine with a virtual TPM, and it will detect and use the vTPM the same as it would a physical TPM on real hardware.
Avamander 5 hours ago [-]
Such a manufacturer's attestation key would quickly be considered untrustworthy and their TPMs unattested. An unattested TPM will be ignored by any DRM or anti-cheat use-cases.
matt_heimer 6 hours ago [-]
Most of the systems would also fail the min CPU check.
Mindwipe 6 hours ago [-]
As has been pointed out here before, this is all TPUs. They are not used by DRM vendors because they are quite bad at stopping people with physical access getting the keys.
mrweasel 7 hours ago [-]
Does TPM support/requirements actually have any meaningful impact on a home user? I could understand being a requirement for Windows 11 Pro (which I believe has Bitlocker, but Home does not). I don't see why it would be required for Home, maybe some features just wouldn't be available, but are those features that people actually care about?
Avamander 5 hours ago [-]
If I'm not misremembering, Home can use BitLocker on W11.
The existence of a TPM also lets DPAPI use it, which in turn lets things like browsers and other software protect user data (from malware for example). It also makes new features like Device Bound Session Credentials (DBSC) possible.
But there's also VBS and by extension things like Device Guard. Which in turn entails things like ESS (Enhanced Sign-in Security, more secure biometric auth), Trusted Boot, HVCI, Credential Guard and so on.
DRM is like the last thing it's actually good for, if you actually look into it.
mkopec 7 hours ago [-]
> Does TPM support/requirements actually have any meaningful impact on a home user?
Disk encryption, Windows Hello and PIN bruteforce prevention. I have no love Microsoft and avoid using Windows whenever I can, but I think making those features accessible to more people is a good thing.
p_ing 6 hours ago [-]
VBS also requires it, which is a big improvement to Windows' security.
I was under the impression that Bitlocker wasn't available on Windows Home?
If you have an older computer, without TPM 1.2/2.0, then you already don't things like Windows Hello, but you might have secure boot and some brute force prevention, so you wouldn't be worse of as a home user if Microsoft allowed you to run Windows 11.
For new computers I can completely understand that Microsoft would demand that vendors ship systems with TPM 2.0. For upgrades I just struggle to see any really compelling reason, it's not like Apple where Microsoft is trying to also sell hardware, that's mostly on the OEMs.
xmodem 6 hours ago [-]
As of Windows 11, you can use Bitlocker on Windows Home.
(Personally I think you probably shouldn't bother with it unless you set a boot PIN, which still requires Pro to be allowed to change the right group policy settings.)
pieenjoyer 6 hours ago [-]
Microsoft has made device encryption available to Home edition users if they sign in with a Microsoft account. It relies on the TPM to seal the volume key.
> but are those features that people actually care about?
The users? No.
The corporations that make DRM? Yes.
gruez 7 hours ago [-]
What are some examples of DRM that uses TPM? What does TPM provide that stuff like SGX (which is already used in DRM) doesn't provide?
mkopec 7 hours ago [-]
There are none. It's so immensely frustrating to me that so many people believe that a TPM is a DRM device. I'm sure Richard Stallman's Treacherous Computing article played a big part in this.
A TPM is useless for DRM, and there are way more suited solutions like Intel's PAVP that takes an encrypted video stream and puts it on the screen directly, yet I don't see nearly as much uproar about that.
zinekeller 7 hours ago [-]
In a sense, graphics cards are the root-of-trust for PC-based DRMs (as they implement the necessary components such as HDCP authentication), not the TPM (which is useless for this task). In fact, PlayReady (which is Microsoft's DRM solution) does this exact thing: https://learn.microsoft.com/en-us/windows/uwp/audio-video-ca...
(...or use things such as the already-dead Intel SGX, which never touched TPMs at all)
deno 5 hours ago [-]
It goes TPM → OS Integrity (dm-/fs-verity) → Browser Attestation (Web Integrity) → Your banking website no longer working on Linux because of "security". It’s Play Integrity for the PC.
Encrypted video is a red herring. The real long game is to also get your "secure" video player to refuse playback if it detects watermark in the pirated video. This patches the analog hole.
If you have attested Windows it can just refuse to download "freeworld" VLC because it can be used for piracy and/or even watching child pornography. Imagine that!
Of course you can use Linux instead but now you have to use the approved distro that also won’t let you run "dangerous" apps.
This is of course slippery slope argument and Microsoft would not be able to force all that right now, but better get started on the foundations. Some future government can then just force them to implement the rest, but by then it will be just a flip of a switch.
"TPM is not DRM" argument seriously lacks imagination.
mkopec 4 hours ago [-]
Google SafetyNet is basically swiss cheese with lots of bypass solutions for custom ROMs.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.
deno 4 hours ago [-]
And that’s why Play Integrity is based on hardware attestation and it is no longer a swiss cheese? And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
If all DVD players came with watermark detection instead of copy protection you wouldn’t have bootlegs because now every single client device needs to do the bypass instead of just once to extract unencrypted stream.
How many people have bypassed or hardware modded Playstations or Switches? This is what you’re talking about. Almost everyone will just accept it.
mkopec 3 hours ago [-]
> If all DVD players came with watermark detection instead of copy protection
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?
deno 3 hours ago [-]
How would you do it if this was the goal? First you introduce TPM to every device under the sun until it’s everywhere, then you just have to flip a switch. You write Patriot Act then stash in the drawer until it’s time...
> you can happily sideload apps.
This is extremely weak argument when the other major platform does not let you do that, right? Sideloading could go away at any moment just like that. That’s my point. There’s nothing technical stopping it.
> People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit.
Already Windows has: Smart screen (which requires code signing) and app store. Locking down the OS and Apps is hardly unprecedented. Both Windows and MacOS now have developer modes which is a software devkit equivalent.
> Without a mass exodus to Linux?
That’s why you wait until mass adoption (win11) only then start boiling the frog.
Look, I acknowledge this is slippery slope argument. But the slope is very slippery. Something is clearly going on.
gruez 3 hours ago [-]
>And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
>You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
There's no need to "lock down the OS" when there's already a locked down OS on the CPU itself (intel SGX), is way more secure (because it doesn't have a bazillion userspace programs and third party drivers loaded), but for whatever reason gets way less flak than TPM.
deno 3 hours ago [-]
Intel SGX was never pushed on anyone and it's also Intel only Skylake to Ice lake and requires vendors to provide consistent firmware updates to stay secure. You can’t run the entire OS in SGX enclave because it can’t do I/O on its own.
> There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
reginald78 6 hours ago [-]
Valorant requires it for anticheat. The purpose is to prevent users from running unauthorized software on the computers they allegedly own.
I wouldn't expect many examples to exist yet. You want to wait until almost everyone is on Windows 11 before you get up to those shenanigans.
techjamie 6 hours ago [-]
> The purpose is to prevent users from running unauthorized software on the computers they allegedly own.
I've maintained for several years now that the actual corporate wet dream is that they can lock down the average PC architecture/OS to the same degree they have on phones. Because unfortunately, in the phone sector, the market has already shown the majority of users don't care who really owns their devices.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
p_ing 6 hours ago [-]
Buy a Mac. You'll see that corporate dream come a reality. Immutable OS partition. Security prompts that can no longer be bypassed. Binary signing requirement. It just keeps getting worse and worse, for a power user.
May be "certified UNIX" (when you look at it funny), but it feels like no freedom-loving UNIX-style system I've ever used.
wpm 6 hours ago [-]
You can turn all that off if you wanted to. OpenCore Legacy Patcher will build you a kernel with the SIP flag mask set to 0xFF, ie, completely disabled.
p_ing 6 hours ago [-]
No, I can't. My M2 Air isn't supported.
cesarb 5 hours ago [-]
> My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
This has already happened: Linux had wide enough adoption that Microsoft could be convinced to allow alternative operating systems in Secure Boot.
userbinator 4 hours ago [-]
Because unfortunately, in the phone sector, the market has already shown the majority of users don't care who really owns their devices.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
Linux already got a really wide adoption --- in the form of Android.
trelane 6 hours ago [-]
Last I knew, Microsoft's goal is to get XBox restrictions into Windows.
p_ing 6 hours ago [-]
Valorant uses VBS, which in turn requires TPM 2.0. Valorant isn't directly leveraging TPM.
They're leveraging TPMs in the sense that they're banning specific ones.
reginald78 2 hours ago [-]
I can't remember if this was Valorant related but I recall an article voicing concerns that physical hardware in PCs being used to identify users to ban and that the ban would persist when you purchased a used motherboard. Not a great general concern to me for games but the idea has much more sinister potential than just that.
toast0 4 hours ago [-]
Given than qemu (and I assume other virtual machines) can emulate a TPM 2.0 device, does this even work?
Yes, anticheat tends to detect virtualization too, so there's extra cat and mouse there, of course.
deno 2 hours ago [-]
There’s an embedded immutable Endorsment Key (EK) sometimes along with public crypto cert (EKCert) signed by manufacturer the TPM can use to prove its authenticity. With the certificate you can detect the QEMU case.
toast0 4 hours ago [-]
SGX is used for DRM in official Blu-Ray 4K playback on PCs, and Intel removed SGX from client cpus in 11th gen (Ice Lake) which means if you want to play those discs on a PC, you either need an older processor or a Xeon or to give in and use unauthorized software.
I'm not sure that tying their horse to SGX is good for adoption of the format.
deno 1 hours ago [-]
Ice Lake is 10th gen and last gen with SGX on consumer SKUs.
bayindirh 6 hours ago [-]
IIRC widewine requires TPM for highest quality (level1)?
mkopec 6 hours ago [-]
Widevine L1 requires a trusted execution environment for decrypting video and only showing it on HDCP monitors. It's built on top of Intel PAVP, AMD secure display, or ARM TrustZone in the case of ARM chromebooks and Android devices. TPM is not involved, except in the ARM case where I believe it is used for antirollback counters (on x86, the security coprocessor would probably have that responsibility).
p_ing 6 hours ago [-]
Widevine Level 1 requires a Trusted Execution Environment. Nothing to do with TPM.
bayindirh 6 hours ago [-]
My bad, then.
bluescrn 6 hours ago [-]
Given trends of everything going subscription-only, is it unreasonable to suspect that the future of Windows could be subscription-only and a lot harder to pirate than previously?
beretguy 6 hours ago [-]
I hope windows will become subscription only so that people finally stop using it.
Cumpiler69 7 hours ago [-]
To corporations period regardless if they make DRM or not. Enterprises want any and all features under the security umbrella for their fleets.
naikrovek 6 hours ago [-]
Remember boot-sector viruses? The TPM helps prevent those. DRM is not something that the TPM enables or helps with or facilitates in any way.
If you don't dismiss my comment as the comment of a corporate shill, you might learn something, and in the future that knowledge may help you. I don't know, I can't predict the future, but I do know that ignorance is dumb.
LegionMammal978 6 hours ago [-]
> Remember boot-sector viruses? The TPM helps prevent those. DRM is not something that the TPM enables or helps with or facilitates in any way.
¿Porque no los dos? As noted elsewhere in this thread, TPM certainly facilitates VBS [0], and games like Valorant are already using that for anticheat [1]. As long as application programs can use it to help detect the environment being 'tampered' with (as opposed to the system just wrapping it up in a report for the user), they can use it to protect their particular application state, and I don't see why that shouldn't include DRM state.
> Remember boot-sector viruses? The TPM helps prevent those.
What prevents boot sector viruses is Secure Boot, not TPM.
Avamander 4 hours ago [-]
True, but someone disabling Secure Boot will cause the TPM not to release BitLocker keys. Making attempts at subverting it noisier.
heroprotagonist 6 hours ago [-]
My theory?
TPM is just about allowing Microsoft to run AI models and other cloud workloads on people's computers without them snooping at what Microsoft are running. This will let them offload the processing of their very costly analytics to the devices themselves and only receive back the target data that they want.
Basically, it'll let them snoop on users more effectively, at a lower price, without giving up the game about what they're actually doing and how.
reginald78 2 hours ago [-]
The TPM push predates the AI craze and I don't see this as a particularly strong compliment so this doesn't really follow to me. But the general idea isn't that crazy honestly. They already use your upload bandwidth via a bittorrent-like system to distribute Windows updates to other users so there is precedent to use client resources to lower their own operating costs.
I think an AI botnet is probably a poor fit for AI workloads not mention it would be a security nightmare.
jonathantf2 5 hours ago [-]
TPM is a security device, nothing to do with AI.
p_ing 6 hours ago [-]
Has HN stooped this low?
Cumpiler69 49 minutes ago [-]
Yes it has.
colejohnson66 5 hours ago [-]
What kind of conspiracy theory is this? A TPM stores keys and releases them upon attestation. How does that allow offloaded processing?
im3w1l 2 hours ago [-]
I don't believe in his theory, but running software on someone elses machine clearly benefits from attestation. Otherwise how can you be sure they run what they are told?
Cumpiler69 5 hours ago [-]
HN becomes a ceapist of FUD and tech anti-intellectualism when it comes to topics or companies HN loves to hate.
Wildgoose 3 hours ago [-]
My (unsupported) desktop PC is an AMD Ryzen 7 2700 eight-core CPU running at 3.2Ghz with 16GB of RAM and 2TB of SSD storage. It handles Windows 10 Professional but is apparently incapable of running Windows 11. I don't have a Webcam, but maybe face ID login is now mandated? It will be something stupid like that. I have no interest in replacing this machine though.
lights0123 3 hours ago [-]
It's more likely you have TPM disabled—there's no webcam requirement, and Zen+ is supported.
As a side note, Windows Server 2025 appears to share the OS base with Windows 11, but it doesn't seem to have the same requirements of CPU/TPM? Or am I wrong? (not that I'm suggesting to use Windows Server as a client OS, especially given its price tag)
ch_123 6 hours ago [-]
I suspect this is because servers have a more predictable refresh cycle than consumer PCs/desktops. While some places run their servers to death, many places (particularly big corps who are generating the most revenue for MS anyway) will retire servers at the end of their warranty period and buy new ones.
Given that, there is not the same need to force hardware updates. That said, it also illustrates how the TPM requirement is a business decision, not a technical one.
swozey 4 hours ago [-]
Not that it doesn't happen but I've worked in datacenters, including our favorite clouds, and cdn/video architecture for 15 years and have never seen servers replaced on any cadence that wasn't us losing a customer and me sticking a quad core xeon under my desk.
These are $10k-100k+ servers. My multitenant/offload capable NICs are usually $10k-25k themselves.
EvanAnderson 3 hours ago [-]
I haven't installed Windows Server 2025 on bare metal, but in a virtual machine it's happy to install w/o a TPM.
6 hours ago [-]
TiredOfLife 6 hours ago [-]
Same with windows 11 iot eneterprise. It's just the regular Windows 11, but without tpm and specific cpu requirements. Anything core i from intel works
txdv 7 hours ago [-]
My Mainboard has TPM turned off so I did not to sweat about the upgrade.
Now I will be forced to I guess.
userbinator 4 hours ago [-]
Deleted from the documentation (and I'm sure the archive remembers), not the codebase. As anyone who has been in the Windows world long enough knows, there are plenty of such "unofficially documented" features.
3 hours ago [-]
wnevets 4 hours ago [-]
has anyone ever explained why TPM 2.0 is so much better than TPM 1.2 on Windows 11? What can't Microsoft do securely with 1.2 that it can with 2.0?
I'm not asking what 2.0 does better than 1.2, I am asking why is it a must have.
The TPM spec is somewhat interesting in that many fundamental capabilities (or at least you would think) are optional. 2.0 enforces some more capabilities and/or adds more capabilities. That's at least one part of it.
andix 5 hours ago [-]
They deleted the documentation for this bypass, not the bypass itself, right?
4 hours ago [-]
Cumpiler69 7 hours ago [-]
The title is misleading. Microsoft deleted their article documenting the bypass, not the workaround itself.
zoobab 4 hours ago [-]
any cache?
Cumpiler69 4 hours ago [-]
You can just google this, there's like a million blogs out there parroting how to bypass TPM, its's not some incantation that only Microsoft had.
throwacct 6 hours ago [-]
I don't regret switching to mac 2 years ago.
bell-cot 6 hours ago [-]
How long does Apple keep updating MacOS's for older hardware? That I'm aware, there are iPhone models that were discontinued <5 years ago, but get "security updates only" for iOS. And models disco'ed <7 years ago which no longer get even that.
(Vs. Windows 10 is just under 10 years old now - and I don't know what's the newest Windows 10 system that can't update to Window 11.)
ValentineC 2 hours ago [-]
The annoying thing about macOS for legacy users is that they're regularly shut out of new Swift-based apps as developers either use newer Swift features, or just don't have enough resources or patience to keep around older Xcode versions.
I'm still on macOS Ventura (13.x), and am already seeing numerous apps with a minimum version of 14.x or 15.x.
A few years shorter than the Win 10 lifecycle. Much shorter than the XP lifecycle, though that was unusual.
trinix912 4 hours ago [-]
I'd bet my money that if we took a Windows 10 and a macOS High Sierra laptop, the Windows one would run supported versions of apps much longer than the macOS one, even if one upgraded to the latest supported macOS on that machine while staying on Windows 10 as the time went on.
MacOS apps target the latest few versions and given macOS' rapid release cycle (in comparison to Windows, at least), you can easily find yourself with a machine <10 years old that can't run the latest versions of apps you're using.
leviathant 3 hours ago [-]
Without a doubt, Microsoft wins on backward compatibility. I was running a circa-2006 Firewire audio device on Windows 10 in 2021 using drivers that had not been updated since 2012.
I had a Dell Laptop that, when I bought it in 2006, had Windows XP on it. I was able to upgrade it all the way to Windows 10, at no charge. (The beta versions of Windows 7 and Windows 8 both just kind of rolled over into full fledged versions of the OS. Now, even by the time I had Win8 on that machine, it was just for fun. I mostly kept it around because the screen resolution was unusually high for 2006, and for a period afterward, laptop screen resolutions were almost all lower than WXGA+ even on higher end machines. But you could run Windows 10 and modern browsers on a machine built for the WinXP era. Also, I think I paid $700 for that machine, from the Dell Outlet. That's a lot of mileage for the price paid.
So when Windows 10 told me that my 12-year-old Ship of Theseus Dell XPS desktop was unable to take an upgrade to Windows 11, I took a long hard look, and sprung for an M1 Macbook w/ 64gb of RAM. They had a pretty killer deal on these at B&H, and it's the first time I've ever felt like I've had a true "desktop replacement" laptop. I still think Explorer is better than Finder (and I'm not going to argue with anyone about why so don't bother asking), there are things I will miss about having an ATX case, but Apple's abdication on proprietary ports is ultimately what pushed me over the edge. Everything is USB-C. Great! I had gotten a lot of mileage out of Firewire hardware, but I saw this as a pivotal moment to use some of that money I'd saved over the last decade and a half to completely modernize my setup.
If Windows 11 hadn't forced me to consider new core hardware (and if Apple silicon hadn't leapfrogged everything else on the market - using a laptop all day without charging? Phenomenal.) I'd still be using Windows.
I've been using MS operating systems since DOS 3.1, I just have to assume I'm no longer their target market.
dade_ 7 hours ago [-]
I’m nearly 100% migrated to Pop. MS gave lots of warning, but I still have a VM on 10 for a couple apps I rarely using including Office in case I absolutely need it. Hoping that Steam Console is real.
For work, I am stuck dealing with 11. There are many things I hate about 11, but why is it so damned slow and laggy on a brand new Copilot PC? File explorer is like loading file lists with a 2400 bps modem, and Office apps take far too long to load. It’s absurd how bad it is, and I can’t figure out why.
I’m getting old, I forget why I load an app before it loads…
doodlebugging 5 hours ago [-]
The first app I grab for any Windows installation is Everything from VoidTools [0]. It is simply the best, fastest way to find anything on a Windows computer. If you know any part of the file name you are a few keystrokes away from locating it on any indexed disk that is connected.
Since this is a work PC maybe you don't have the option but if that's the case you should talk to your IT nerd and get permission. Also, make a donation. Great software like Everything is worth buying.
I can't help with Office. Too bad you have to use Win11. Win7 Pro still works great for me when I need a Winbox.
MaxGripe 6 hours ago [-]
If I have TPM disabled in the BIOS, is there any point in not enabling it and using a bypass to install Windows 11? I’m wondering if there’s any scenario where keeping TPM disabled might seem like a good idea?
bArray 6 hours ago [-]
Just to name a few...
Operational reasons:
* You often replace hardware and move disks, etc, around
* As others have pointed out, what if you're locked into using Windows, Windows requires TPM, and TPM implements something you don't like, for example DRM or it snoops on you. Maybe you have to let it scan your drives, maybe your TPM doesn't like your politics.
p_ing 6 hours ago [-]
> for example DRM or it snoops on you
Stop spreading FUD.
bArray 3 hours ago [-]
It's not a guarantee, you may consider it FUD, but you can't tell me it's impossible - you can't even promise me it won't happen.
The TPM is fundamentally about storing cryptographic keys, platform integrity checks, unique IDs, etc. It is already used for secure logins by the Windows OS. Microsoft are successfully enforcing your email, ID, logins, etc, to be associated directly with your unique hardware.
One day you will request a video from Netflix or Youtube, and your device will be the only device in the world that can view it. You might think to screen record, but the OS does not allow it. You might think to record it via an external display, but this has to interface with the TPM. You decide to record your screen from your phone, but the phone's TPM recognises that the camera tries to record DRM material.
Don't get me wrong, security devices should exist 100%. But. It should never be forced.
p_ing 2 hours ago [-]
TPM isn't capable of the outlandish claims you're making. It stores textual content in PCRs, and is extremely limited at that, not at the very least of in size.
Unique IDs of a system don't require a TPM. Microsoft uses unique IDs from various hardware to bind a product key to a particular device, and has been doing that since the XP era.
Intel and gfx vendors already provide secure DRM paths. TPM isn't capable of doing so.
> Don't get me wrong, security devices should exist 100%. But. It should never be forced.
They should be forced otherwise users would continue leaving themselves open to attack. Security has moved on from ACLs. Microsoft recognizes the need for things like VBS to protect against modern threats, which in turn requires TPM.
Apple has been doing this for roughly 15 or so years now with no fanfare on consumer devices. TPM has been around on x86 since the late '00s with little-to-no fanfare.
ranger_danger 2 hours ago [-]
Windows 11 IoT Enterprise does not require TPM, officially.
hnpolicestate 3 hours ago [-]
Windows 10 to SteamOS. Google workspace for my productivity needs.
waynesonfire 3 hours ago [-]
How would we deploy Windows 11 if we couldn't bypass CPU/TPM on a bhyve vm under FreeBSD?
5 hours ago [-]
olukwa 6 hours ago [-]
[flagged]
daft_pink 6 hours ago [-]
Bought a Mac don’t care. Go jump in a lake Microsoft.
Rendered at 19:30:33 GMT+0000 (Coordinated Universal Time) with Vercel.
I'm thinking, either I need to get used to different workflows or just try virtualization. I heard Figma is great for presentations, anything that Excel can do where the alternatives are lacking is probably better done in R/Python anyway, but for Word I don't see an alternative. No way I'll use LaTeX for all my writing, and anything Markdown-based just won't cut it formatting-wise. Or just use something like Wine I guess. Anyone facing a similar situation?
Performance wise it's smooth as heck, and Geekbench scores show it performing better than Win11 across the board. The default install uses KDE Plasma for its desktop, which is a perfect fit for Windows users like myself in terms of UX/UI.
For an alternative to MS Office, I've been using OnlyOffice[2] with no compatibility issues yet (though I am only a casual user and not a hardcore Word/Excel user).
I reinstalled Win11 last week to confirm whether or not I was experiencing bias, and there was noticeable feeling of "lag" when using Win11 compared to CachyOS (this test was with the latest Win drivers and patches on relatively recent Thinkpad hardware). I went back to Cachy with no hesitation after that.
[1] https://cachyos.org/
[2] https://www.onlyoffice.com/
I went with Mint instead of an arch-based distro, but my experience has been really great even dealing with Geforce drivers.
I use the 365 suite in a web browser if I need to work on it , no issues.
>> Since Qt5 is now already outdated,
> Yes, every dependency onlyoffice uses is outdated. They even use v8 8.9 that doesn't include any security patches. They also uses outdated CEF binary downloaded from an http url and doesn't check its integrity at all. Even worse, that CEF binary might be closed source as suggested by dbermond in https://github.com/ONLYOFFICE/DesktopEditors/issues/1664
> I would advise anyone who uses onlyoffice to avoid opening any untrusted documents with it. It appears that onlyoffice upstream doesn't care about security at all. See https://github.com/ONLYOFFICE/DesktopEditors/issues/1664 for more details
All kidding aside, I recently migrated to EndeavourOS, but CachyOS looks dope too
I would say that 99.9% of the time I can get away with using the web app versions, even for things like Teams meetings it works really well. Once in a blue moon I will have a document that I can't open in the web versions so I fire up the VM and open it on there.
There are definitely some annoyances around this workflow but IMHO the annoyances pale in comparison to the annoyance of having to use Windows or MacOS every day.
That's probably the easiest step to take next, before looking at virtualization or a full Linux install with Wine.
I still use desktop Office for spreadsheets that need to be shared. Word docs are pretty well supported by Libre at this point.
It cannot replace Microsoft Office, but it's getting close. Most people don't use the full functionality of Microsoft Office, so LibreOffice and Google's online suite are good enough, but I still keep a remote Windows Virtual Machine (VM) around for those time I need Windows-specific stuff and RDP into the VM. I look forward to the day Microsoft finally wakes up and ports Microsoft Office to Linux.
That tells you everything.
For me, I went back to Linux from Windows 10 on my soon to be ten year old laptop when the SSD died.
My newer laptop was upgraded from 10 to 11 without much heartbreak. Windows is much better supported by manufacturers when it comes to upgrading and configuring ordinary consumer products.
For me, Windows is just another tool. Not an ideology. In some ways it sucks in some ways it is great. Same with Linux.
Since I am not to pay Apple prices for private gear, I rather keep Windows with Linux VM approach.
At work, it is a mix of Windows and macOS, depending on the project.
We leave Linux for the cloud servers, and embedded devices.
I have been able to do pretty much everything I need to workflow-wise with LibreOffice.
And any office basic dev work, I just do on the client machine or a virtual machine now.
(LibreOffice was constantly having compatibility problems when I used it.)
I, too, spent far too long trapped in Windows because I couldn't get away from MS Office
“Better formatting” is not nearly enough to stay in an abusive relationship.
Metric stuffing. Everyone at Microsoft is graded on "impact". All the EVP-types at Microsoft have their eye on boldface jobs, so they need a track record of massive impact. Beimg able to claim that they got W11 from X billion devices to Y is how theyll be judged. Another example is how in Azure, the only metric that matters is consumed revenue. That sort of thing drives behavior.
Land grab. W11 infamously makes the Start menu a billboard and has all kinds of usage data going back to the mother ship. If adoption slows, then Microsoft misses out on eyeballs, misses out on the ability to weld users to Copilot, misses the opportunity to earn money from ads, misses the opportunity to improve Windows by learning how people really use their conputers.
Security. Windows is embedded in modern life and although Microsoft gets a lot of flak, (and sometimes it takes a major beating to remind them of their responsibilities), they do want to elevate the security of users. They believe that W11 and TPM will give them a basis to really deliver stronger services. I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
Then again, I plan to use this opportunity to install Linux on my old PC.
Ironically, TPM requirement comes from the same company that invented logging your screen every few seconds and storing it unencrypted and without your consent.
Security is important but like every company, will take a backseat to "revenue" or "growth".
One particularly generous view is that the TPM requirements catch PCs up with the TPM requirements of modern phones. (Both iOS and Android have had very strict TPM requirements for a while now.) With a lot of industry interest in moving to hardware security-backed Passkeys to replace passwords, it would help to have PCs on an equal security footing with phones.
Passkeys are a pretty big deal to reduce home user exposure. Phishing and all of its variants are as much or more a home user problem as ransomware.
There's a pretty interesting video from 2023 that goes through much of Microsoft's thoughts around Windows security. It flew under the radar unfortunately:
https://www.youtube.com/watch?v=8T6ClX-y2AE
- Admin accounts are a continued security problem within the Windows ecosystem, so a future version of Windows will be adding a new "Adminless" account model with linux-like just-in-time escalation. This new model intends to provide a secure middle-ground between the frustrations of a standard user account and the security risks of an Admin account. "Adminless" accounts will run as a "less privileged" user by default and prompt users with Windows Hello when an application requires escalation for a given operation, rather than permanently running the account as a standard or admin user.
- Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP. Developers will be able to specify what privileges an application requires, much like other application platforms. A demo was shown of Notepad++ running under this sandbox model with minimal modification.
-TPMs within the ecosystem are not in a healthy state, with telemetry telling Microsoft that many are running vulnerable firmware due to manufactures not pushing out updates, and some being inoperable due to hardware failures or other issues. Microsoft is working on its Pluton security chip to replace/augment the existing TPM ecosystem and have the ability to push out firmware updates via Windows Update.
- Software/Hardware mitigations are reaching the end of the road in terms of viability. Microsoft is now focused on eliminating classes of security bugs with extensive R&D going into the use of Memory-safe languages (Rust) in areas of the system that exploits often appear in.
This was the promise of User Account Control, was it not? Or does that just prompt for confirmation for various actions, without actually enforcing a security boundary?
"Adminless" is a funny name given that there's still an admin account involved, it's just an admin account that is much more than before not a user account but more like a service account.
UAC is per-process and monotonic. Once elevated, the entire process stays elevated.
The new model is per-operation. Even if the same process has been allowed to elevate before, it must ask to do it again. I don't know how granular this is, and whether there's a grace period like sudo.
However, the biggest problem with UAC was that it was considered too noisy for the end user, leading to people just blindly accepting every dialog and Microsoft turning down the default level to the much less secure "don't always prompt". I don't know how this new model will address that problem; naively, it seems to be worse on this front.
It's less granular than a task though, it's an execution context. If you're running Notepad++ and it wants to update, it requires an elevation. The installer is now running in an admin context and can do whatever it wants, once it's finished installing it usually asks if you want to launch Notepad++ again. At that point the installer running in the admin context can launch Notepad++ within that admin context.
Thus there's a potential for the admin context to persist indefinitely.
In my mind, tasked based elevation is more granular. Something like "I need to write to the program files directory" and not a carte blanche "gimmie admin access to do whatever the hell I want".
Wow that thing they probably should've been doing in the first place. I'll be curious if it'll end up as a supervisor (AI) model or if each program will have its own scope of a file system. The latter of course will be very tricky with how intertwined legacy software can be for file and registry access.
And the security reason is nonsense because as you point out, the overwhelming majority of Windows security problems are in no way improved by a TPM.
The most likely real explanation is that Microsoft is constantly at war with itself and the manager currently occupying the relevant coign of vantage finds it to be in their personal interest for some muddy reason having to do with internal politics.
Use this opportunity to install Linux and your NEW PC, and then buckle in!
Ensuring that a critical mass of people use remote attestation[0] capable devices.
The next step is a browser API[1] for this so that content owners can exclude devices capable of storing the content, or stripping out ads/tracking, etc.
Sure, there will be a cat-and-mouse game where people will figure out how to fake the attestation for some period of time, but general computation[2] is probably on the way out.
----
[0] https://en.wikipedia.org/w/index.php?title=Trusted_Computing...
[1] https://news.ycombinator.com/item?id=36817305
[2] https://www.youtube.com/watch?v=HUEvRyemKSg
But on the other hand there are valid reasons for requiring a minimum baseline for Windows 11.
The TPM requirements for example allow seamless BitLocker (which provides feature-parity with macOS), it allows secure system credential storage (in both consumer and enterprise contexts) and it's also useful for application developers. For example Chrome can defend user data better against malware or provide features like Device Bound Session Credentials (DBSC).
Requiring certain CPU features on the other hand makes it easier to ship better-optimized executables.
The two combined make it possible to provide things like VBS/HVCI, which is a massive leap for Windows security (it's actually considered a security boundary, unlike UAC).
Microsoft is just putting a huge environmental waste of a mandated obsolesence tax on the entire world. But Microsoft doesn't pay the opportunity cost of losing all that hardware. (I wonder how much the hardware Microsoft wants destroyed is worth, hundreds of millions of dollars?)
I also don't think the share of TPM-less computers out there is actually that significant. Most laptops have shipped with one for a long time. Desktops that lack one can often buy one. Which is way cheaper than a new PC should you need W11. (I also suspect there are options way cheaper than $500 as well.)
Saying that not being able to run W11 turns something into e-waste is frankly rather crazy. Neither do they want that hardware destroyed.
There is also plenty of hardware that isn't fast but is being used in a situation where that doesn't matter. Some Haswell quad core being used for web and email could continue to be used for that indefinitely. That is old enough that it could be replaced with something newer for less than $500, but the entirety of the replacement cost is still lost money because it otherwise wouldn't have had to be replaced at all.
Sooner or later, these non windows 11 compliant machines will mostly disappear from most households and offices and will only attract retro computing and linux users when they will not match the usual memory requirements of the day. These are usually the kind of computers that came with 8GB or less of memory out of the box and they could quietly drop support for them somewhere later within the next 10 years when everybody is running 128GB of ram or so and only a handful of people care about it.
If anything it's the CPU requirements that create a hard requirement for newer HW. But in that case, that support is a cost for them. Why should they spend the effort for what is likely going to be a very subpar experience?
* Microsoft believes the improvements in windows 11 provide genuine benefit to their users.
* Microsoft doesn't want to maintain their older OS forever.
What we are seeing play out however is that the consumer / small business market either does not understand or does not care about those benefits. I don't see any viable end-state for this other than Microsoft relaxing the requirements for Windows 11 or extending the end-of-support date for Windows 10. Based on this action my money is on the latter.
I'd imagine that cutting off support for 10+ year old machines and hardware would give a much bigger advantage then the revenue they get from a hardware refresh itself.
So then Microsoft decided to follow this up with UWP. UWP was the intended successor to WPF, the 'Universal Windows Platform'. It was supposed to run on any Windows platform. But then the Windows Phone got cancelled, and they also eventually cancelled all support for anything except Windows 10. So it turned into the Windows 10 Platform. And it was heavily tied into the Microsoft store to the point that actually deploying it elsewhere was rendered infeasible. Outside of that it was a technically inferior WPF with a few nicer looking default UI elements and a bunch of new bugs. Oh and some namespaces and other things were changed mostly pretty randomly just enough to make it completely incompatible with WPF.
And then this process repeated multiple times over. Each time they lost more and more developers. If they had simply continued building on WPF I think they would likely be a universal standard for UI development, at least for desktop. Instead they're now onto WinUI 3 which nobody uses, including Microsoft. Oh and all the while this was happening they were also developing Xamarin (and similar timeline of a million subsequent renamings and 'refactorings') which is pretty much the same thing, but different, and cross platform, but not.
I'm the sort that'd naturally leap to conspiratorial explanations - Microsoft pushing anything called "trusted" feels like a rusted van with darkened windows sitting outside a school with "FREE CANDY" sloppily painted on the side. But in this case.. no, Microsoft is just so completely weird and irrational with how they push things, often to the point of self defeat.
Microsoft ships a UWP demo repository which includes the most fully functional Bluetooth manager anyone has ever built for W10. The stock Bluetooth manager has maybe 10% of the functionality. It's also fundamentally broken in a lot of ways. But this UWP demo they have should have been the stock app. It's wild.
Then of course you still have 50 year old UIs hiding in the lowest levels of the control panel. You can dig through the archeological record on your own pc and look at Win3 UI designs. It's astonishing.
At this point, I don't know anyone who uses any of Microsoft's UI frameworks for a real product. It's either QT or Avalonia or something. Who would ever trust their newest framework when every prior framework was abandoned half-finished and left to rot for years?
I imagine it's only my MOBO which is missing TPM, but a suggestion of what mobo to buy which would be compatible with all my other components (RAM DIMMS, PCI-e cards) would be killer.
https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/
You can also use the unattended installation system: https://github.com/memstechtips/UnattendedWinstall
A true clean Windows installation.
https://www.ghacks.net/2024/10/11/rufus-4-6-bypasses-windows...
https://news.ycombinator.com/item?id=41809287
For next version of Windows 11, I'll wait what Rufus will do.
They are used to Windows so they want to stay there, I want to suggest Linux Mint but I am not aware of how much of the apps used daily is supported in Linux.
Not every user want to fiddle with the terminal.
Newer users who started with the GUI are less likely to have these habits.
I've played around with Debian for several years using it for small little servers. They do not need to have a monitor connected, so i never use a gui.
When using my Steam Deck i don't have a keyboard and the virtual keyboard is kinda annoying, so i use the gui.
I can't seem to get used to work with a Debian installed laptop. I've tried many times, but i don't see a daily beneficial goal to use Linux, mostly because i'll always get Windows 10/11 working :)
As always, it depends on what the user uses the computer for. Not everyone can run Windows full-time, as some applications don't work on Linux. I am a full-time Linux user for decades at this point, yet I still use applications that only run on Windows and are too latency sensitive to run well through a VM (and don't work at all via Wine).
Maybe though, these applications could get some love if there was a PR campaign for people to move to Linux...
Give me some names that works out of the box and resembles Windows. I have not tried Linux mint so I don't know how well it works for older people. Ubuntu has been quite good and stable but it has also required fiddling with the terminal.
The only one I found to be the best alternative to Windows is ... believe it or not, DeepinOS.
Even Windows can be quite different from older versions of Windows.
However, I don't think some of the older people are willing to go through all that. I wish to see an easier option for people who wants a smoother transition from Win10 to something else, especially now since Win10 is being discontinued october this year.
People like to freak about how arch isn't for newbies but honestly it's fine. I find it to be just as stable as Debian.
But let's be real, aside from gaming, 99% of what the average user does with a computer is open a web browser. Dekstop apps are secondary. If you put a Firefox/chrome button in the task bar, you've covered most user requirements.
Power users who actually need a bunch of proper desktop applications have a different set of needs. It's impossible to generalize, but a very large fraction of those users would probably be happy with the Linux alternatives, or wine and proton. A lobotomized W10 LTSC VM is also quite usable.
most users won't know or care they're on Linux if the browser works.
But no, the experience is nowhere near "polished", and troubleshooting is a joke. "Something unexpected happened" or "contact your administrator" isn't exactly helpful. Sure, there may be some log somewhere in that godawful event viewer, but who has the patience to wait for that abomination to load? And then to go spelunking in the millions of categories?
Windows is hands-down the most annoying and janky computing experience among all my devices. I put up with it because I like Photoshop, and since I have PCs lying around can't justify buying a MacBook (plus Linux works well enough for all my other needs).
HiDPI support is a joke, with windows showing up wherever they want, the start menu becoming blurry, taskbar menus appearing at random locations on the screen. The windows jump up and down when switching virtual desktops. Windows appear as active, complete with a blinking cursor and everything, yet won't register text input until I click on them. I could go on for days.
Windows wins 100-0 in terms of polish in the eyes of the average user, and that's saying something given that it's not very polished as you said.
The kinds of usages that consumer windows has had and the software ecosystem that's promoted for 3+ decades compared to what has been developed for linux affects this too. Windows is extremely broad in all the software available for all the little utilities users are going to look for, and hardware it's going to need to support (and support well). Even trying to pull windows applications that don't do anything too complex over to linux via Wine is very much a YMMV area. It's impressive what has been accomplished and the recent rate of progress, but there's always more to do so it's not an awkward, poorer version of doing the same task in windows.
The aspect I wonder about is what proportion of the 60% of people still using win10 are actually aware or care about it going end of life, assuming windows doesn't auto-update to 11 for them any EOL warning will just be swatted away like most other annoyances so they can get on with their intended task. Getting that type of user to switch to linux seems like it'd remain a herculean task.
Have an older device? It maybe didn’t come with WiFi, or came with an older card you replaced with a better one. Better hope the distro and version of that distro you picked has a kernel with drivers already baked in!
Otherwise it’s off to some random git following some random “download this source” and oh wait I’m not connected to the Internet.
This is a 2020 full-intel, basic enterprise machine, nothing fancy. Worked fully out of the box under Linux, including sleep. The display output was borken for about a year under Windows (wouldn't output 4k@60 without doing a stupid plug-unplug-replug-just-at-the-right-time dance). At one point, installing the latest driver from intel worked, but Windows would helpfully "update" it to an earlier, borked version every other day.
My point is that the current hardware situation seems pretty much hit-and-miss, and figuring that running windows to avoid fiddling with drivers and whatnot isn't such a sure-thing as people in this thread make it out to be.
- AGI/ASI
- Fusion Energy
- Linux overtaking Windows
- Windows 11: 36%
- Windows 10: 60%
Using Steam Hardware survey, it shows:
- Windows 11: 53.46% (-1.50%)
- Windows 10: 42.87% (+0.48%)
Whilst these numbers look very bad for Microsoft, especially given that we're less than 10 months away from Windows 10's home user support, it's potentially even worse if the data is correct and more people are reverting to Windows 10. Reasons I can think of there might be due to some of the recent Windows 11 updates harming performance in applications, notably many major Ubisoft titles.
I'm still on Windows 10, for two reasons. My motherboard does not support TPM 2.0, and I have not had any reason to need to upgrade given it still runs everything I need perfectly. Secondly, I have not seen any reason to go to 11 from 10; I don't love 10, but 11 doesn't seem to fix any of my issues, if anything I see many worse features.
https://www.theregister.com/2025/01/02/windows_10_grows/
https://gs.statcounter.com/windows-version-market-share/desk...
https://www.pcworld.com/article/2532669/ubisoft-games-are-cr...
My application does not work at all on W11. The Bluetooth stack is somehow even more broken than W10. It's to the point where we're developing our own wireless dongle to bypass this entire mess.
Microsoft has forcibly installed W11 on our test machine three times and every time it's completely broken and we have to revert.
It's not good.
The existence of a TPM also lets DPAPI use it, which in turn lets things like browsers and other software protect user data (from malware for example). It also makes new features like Device Bound Session Credentials (DBSC) possible.
But there's also VBS and by extension things like Device Guard. Which in turn entails things like ESS (Enhanced Sign-in Security, more secure biometric auth), Trusted Boot, HVCI, Credential Guard and so on.
DRM is like the last thing it's actually good for, if you actually look into it.
Disk encryption, Windows Hello and PIN bruteforce prevention. I have no love Microsoft and avoid using Windows whenever I can, but I think making those features accessible to more people is a good thing.
https://learn.microsoft.com/en-us/windows-hardware/design/de...
https://techcommunity.microsoft.com/blog/virtualization/virt...
If you have an older computer, without TPM 1.2/2.0, then you already don't things like Windows Hello, but you might have secure boot and some brute force prevention, so you wouldn't be worse of as a home user if Microsoft allowed you to run Windows 11.
For new computers I can completely understand that Microsoft would demand that vendors ship systems with TPM 2.0. For upgrades I just struggle to see any really compelling reason, it's not like Apple where Microsoft is trying to also sell hardware, that's mostly on the OEMs.
(Personally I think you probably shouldn't bother with it unless you set a boot PIN, which still requires Pro to be allowed to change the right group policy settings.)
https://support.microsoft.com/en-us/windows/device-encryptio...
The users? No.
The corporations that make DRM? Yes.
A TPM is useless for DRM, and there are way more suited solutions like Intel's PAVP that takes an encrypted video stream and puts it on the screen directly, yet I don't see nearly as much uproar about that.
(...or use things such as the already-dead Intel SGX, which never touched TPMs at all)
Encrypted video is a red herring. The real long game is to also get your "secure" video player to refuse playback if it detects watermark in the pirated video. This patches the analog hole.
If you have attested Windows it can just refuse to download "freeworld" VLC because it can be used for piracy and/or even watching child pornography. Imagine that!
Of course you can use Linux instead but now you have to use the approved distro that also won’t let you run "dangerous" apps.
This is of course slippery slope argument and Microsoft would not be able to force all that right now, but better get started on the foundations. Some future government can then just force them to implement the rest, but by then it will be just a flip of a switch.
"TPM is not DRM" argument seriously lacks imagination.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.
You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
If all DVD players came with watermark detection instead of copy protection you wouldn’t have bootlegs because now every single client device needs to do the bypass instead of just once to extract unencrypted stream.
How many people have bypassed or hardware modded Playstations or Switches? This is what you’re talking about. Almost everyone will just accept it.
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?
> you can happily sideload apps.
This is extremely weak argument when the other major platform does not let you do that, right? Sideloading could go away at any moment just like that. That’s my point. There’s nothing technical stopping it.
> People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit.
Already Windows has: Smart screen (which requires code signing) and app store. Locking down the OS and Apps is hardly unprecedented. Both Windows and MacOS now have developer modes which is a software devkit equivalent.
> Without a mass exodus to Linux?
That’s why you wait until mass adoption (win11) only then start boiling the frog.
Look, I acknowledge this is slippery slope argument. But the slope is very slippery. Something is clearly going on.
There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
>You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
There's no need to "lock down the OS" when there's already a locked down OS on the CPU itself (intel SGX), is way more secure (because it doesn't have a bazillion userspace programs and third party drivers loaded), but for whatever reason gets way less flak than TPM.
> There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
I wouldn't expect many examples to exist yet. You want to wait until almost everyone is on Windows 11 before you get up to those shenanigans.
I've maintained for several years now that the actual corporate wet dream is that they can lock down the average PC architecture/OS to the same degree they have on phones. Because unfortunately, in the phone sector, the market has already shown the majority of users don't care who really owns their devices.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
May be "certified UNIX" (when you look at it funny), but it feels like no freedom-loving UNIX-style system I've ever used.
This has already happened: Linux had wide enough adoption that Microsoft could be convinced to allow alternative operating systems in Secure Boot.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
Linux already got a really wide adoption --- in the form of Android.
https://support-valorant.riotgames.com/hc/en-us/articles/169...
Yes, anticheat tends to detect virtualization too, so there's extra cat and mouse there, of course.
I'm not sure that tying their horse to SGX is good for adoption of the format.
Please read this, and do your part to make the world a bit more educated, on average: https://en.wikipedia.org/wiki/Trusted_Platform_Module#Overvi...
If you don't dismiss my comment as the comment of a corporate shill, you might learn something, and in the future that knowledge may help you. I don't know, I can't predict the future, but I do know that ignorance is dumb.
¿Porque no los dos? As noted elsewhere in this thread, TPM certainly facilitates VBS [0], and games like Valorant are already using that for anticheat [1]. As long as application programs can use it to help detect the environment being 'tampered' with (as opposed to the system just wrapping it up in a report for the user), they can use it to protect their particular application state, and I don't see why that shouldn't include DRM state.
[0] https://learn.microsoft.com/en-us/windows-hardware/design/de...
[1] https://support-valorant.riotgames.com/hc/en-us/articles/169...
What prevents boot sector viruses is Secure Boot, not TPM.
TPM is just about allowing Microsoft to run AI models and other cloud workloads on people's computers without them snooping at what Microsoft are running. This will let them offload the processing of their very costly analytics to the devices themselves and only receive back the target data that they want.
Basically, it'll let them snoop on users more effectively, at a lower price, without giving up the game about what they're actually doing and how.
I think an AI botnet is probably a poor fit for AI workloads not mention it would be a security nightmare.
Given that, there is not the same need to force hardware updates. That said, it also illustrates how the TPM requirement is a business decision, not a technical one.
These are $10k-100k+ servers. My multitenant/offload capable NICs are usually $10k-25k themselves.
Now I will be forced to I guess.
I'm not asking what 2.0 does better than 1.2, I am asking why is it a must have.
2.0 is required for Microsoft's purposes. Here's one of them:
https://learn.microsoft.com/en-us/windows/security/hardware-...
(Vs. Windows 10 is just under 10 years old now - and I don't know what's the newest Windows 10 system that can't update to Window 11.)
I'm still on macOS Ventura (13.x), and am already seeing numerous apps with a minimum version of 14.x or 15.x.
https://support.apple.com/en-us/120282
A few years shorter than the Win 10 lifecycle. Much shorter than the XP lifecycle, though that was unusual.
MacOS apps target the latest few versions and given macOS' rapid release cycle (in comparison to Windows, at least), you can easily find yourself with a machine <10 years old that can't run the latest versions of apps you're using.
I had a Dell Laptop that, when I bought it in 2006, had Windows XP on it. I was able to upgrade it all the way to Windows 10, at no charge. (The beta versions of Windows 7 and Windows 8 both just kind of rolled over into full fledged versions of the OS. Now, even by the time I had Win8 on that machine, it was just for fun. I mostly kept it around because the screen resolution was unusually high for 2006, and for a period afterward, laptop screen resolutions were almost all lower than WXGA+ even on higher end machines. But you could run Windows 10 and modern browsers on a machine built for the WinXP era. Also, I think I paid $700 for that machine, from the Dell Outlet. That's a lot of mileage for the price paid.
So when Windows 10 told me that my 12-year-old Ship of Theseus Dell XPS desktop was unable to take an upgrade to Windows 11, I took a long hard look, and sprung for an M1 Macbook w/ 64gb of RAM. They had a pretty killer deal on these at B&H, and it's the first time I've ever felt like I've had a true "desktop replacement" laptop. I still think Explorer is better than Finder (and I'm not going to argue with anyone about why so don't bother asking), there are things I will miss about having an ATX case, but Apple's abdication on proprietary ports is ultimately what pushed me over the edge. Everything is USB-C. Great! I had gotten a lot of mileage out of Firewire hardware, but I saw this as a pivotal moment to use some of that money I'd saved over the last decade and a half to completely modernize my setup.
If Windows 11 hadn't forced me to consider new core hardware (and if Apple silicon hadn't leapfrogged everything else on the market - using a laptop all day without charging? Phenomenal.) I'd still be using Windows.
I've been using MS operating systems since DOS 3.1, I just have to assume I'm no longer their target market.
For work, I am stuck dealing with 11. There are many things I hate about 11, but why is it so damned slow and laggy on a brand new Copilot PC? File explorer is like loading file lists with a 2400 bps modem, and Office apps take far too long to load. It’s absurd how bad it is, and I can’t figure out why.
I’m getting old, I forget why I load an app before it loads…
Since this is a work PC maybe you don't have the option but if that's the case you should talk to your IT nerd and get permission. Also, make a donation. Great software like Everything is worth buying.
[0] https://www.voidtools.com/downloads/
I can't help with Office. Too bad you have to use Win11. Win7 Pro still works great for me when I need a Winbox.
Operational reasons:
* You often replace hardware and move disks, etc, around
* The TPM is not compatible with hardware that you have: https://wiki.archlinux.org/title/Trusted_Platform_Module
* You have a TPM that is too old: https://www.dell.com/support/kbdoc/en-uk/000132583/dell-syst...
* Your TPM is damaged
Security reasons:
* For some reason the TPM is actually seriously compromised itself (i.e. RCE or firmware backdoors):
- https://www.reddit.com/r/sysadmin/comments/1akxbfn/youtuber_...
- https://www.beyondidentity.com/resource/cybersecurity-mythbu...
- https://www.bleepingcomputer.com/news/security/new-tpm-20-fl...
* You have an alternative security model, i.e. PTT: https://uk.crucial.com/support/articles-faq-ssd/alternatives...
* As others have pointed out, what if you're locked into using Windows, Windows requires TPM, and TPM implements something you don't like, for example DRM or it snoops on you. Maybe you have to let it scan your drives, maybe your TPM doesn't like your politics.
Stop spreading FUD.
The TPM is fundamentally about storing cryptographic keys, platform integrity checks, unique IDs, etc. It is already used for secure logins by the Windows OS. Microsoft are successfully enforcing your email, ID, logins, etc, to be associated directly with your unique hardware.
One day you will request a video from Netflix or Youtube, and your device will be the only device in the world that can view it. You might think to screen record, but the OS does not allow it. You might think to record it via an external display, but this has to interface with the TPM. You decide to record your screen from your phone, but the phone's TPM recognises that the camera tries to record DRM material.
Don't get me wrong, security devices should exist 100%. But. It should never be forced.
Unique IDs of a system don't require a TPM. Microsoft uses unique IDs from various hardware to bind a product key to a particular device, and has been doing that since the XP era.
Intel and gfx vendors already provide secure DRM paths. TPM isn't capable of doing so.
> Don't get me wrong, security devices should exist 100%. But. It should never be forced.
They should be forced otherwise users would continue leaving themselves open to attack. Security has moved on from ACLs. Microsoft recognizes the need for things like VBS to protect against modern threats, which in turn requires TPM.
Apple has been doing this for roughly 15 or so years now with no fanfare on consumer devices. TPM has been around on x86 since the late '00s with little-to-no fanfare.