Windows 11 looks like the perfect reason to give UNIX-based systems another try. Literally the only thing that's kept me hooked to Windows are the Office apps. They're baked into so many of my workflows, from creating simple graphics to doing my personal finances, and of course plenty of legacy documents that I'd like to continue being able to use. They're really Windows-native I've found, even the official versions for iOS seem to be missing some features (last time I checked was in the past year, and I couldn't find some paragraph-level formatting options I wanted in Word, eg). Google Docs seem like a different product, they apparently have great APIs, but the "click-based" features are no match. It's been ages since I tried LibreOffice, but it was no match back then either.
I'm thinking, either I need to get used to different workflows or just try virtualization. I heard Figma is great for presentations, anything that Excel can do where the alternatives are lacking is probably better done in R/Python anyway, but for Word I don't see an alternative. No way I'll use LaTeX for all my writing, and anything Markdown-based just won't cut it formatting-wise. Or just use something like Wine I guess. Anyone facing a similar situation?
lenova 146 days ago [-]
Long-time Windows user here that made the jump from Windows 11+WSL to Linux a few months ago. After test driving a few distros, I settled on CachyOS (an Arch-based distro)[1].
Performance wise it's smooth as heck, and Geekbench scores show it performing better than Win11 across the board. The default install uses KDE Plasma for its desktop, which is a perfect fit for Windows users like myself in terms of UX/UI.
For an alternative to MS Office, I've been using OnlyOffice[2] with no compatibility issues yet (though I am only a casual user and not a hardcore Word/Excel user).
I reinstalled Win11 last week to confirm whether or not I was experiencing bias, and there was noticeable feeling of "lag" when using Win11 compared to CachyOS (this test was with the latest Win drivers and patches on relatively recent Thinkpad hardware). I went back to Cachy with no hesitation after that.
> Yes, every dependency onlyoffice uses is outdated. They even use v8 8.9 that doesn't include any security patches. They also uses outdated CEF binary downloaded from an http url and doesn't check its integrity at all. Even worse, that CEF binary might be closed source as suggested by dbermond in https://github.com/ONLYOFFICE/DesktopEditors/issues/1664
> I would advise anyone who uses onlyoffice to avoid opening any untrusted documents with it. It appears that onlyoffice upstream doesn't care about security at all. See https://github.com/ONLYOFFICE/DesktopEditors/issues/1664 for more details
mikkelam 146 days ago [-]
How do you know if someone uses Arch Linux? Don't worry they'll tell you ;)
All kidding aside, I recently migrated to EndeavourOS, but CachyOS looks dope too
lenova 145 days ago [-]
Ahaha, I've become that person I guess. I only mentioned Arch as I've always used Ubuntu when using Linux desktop VMs, and even test drove Kubuntu before trying out Cachy. Apart from some brief time getting used to pacman as a package manager instead of apt, I haven't encountered any other items that felt different to Ubuntu.
LargoLasskhyfv 145 days ago [-]
It is.
Without much fuss.
Tu(r)ned to eleven, speed, bliss & heaven.
On BTRFS, no less!
mebizzle 145 days ago [-]
Can't recommend this enough, I was letting a few games with anticheat keep my personal use on Windows and I decided to jettison those and make the plunge and couldnt be happier.
I went with Mint instead of an arch-based distro, but my experience has been really great even dealing with Geforce drivers.
I use the 365 suite in a web browser if I need to work on it , no issues.
yoyohello13 146 days ago [-]
+1 for only office. When I was a data analyst I made this custom graph in Excel that rendered some lines as speedometers. It calculated the rotation based on the input numbers to align them in the right position. LibreOffice could not handle it (and I don't blame them). I was shocked when I opened the file in OnlyOffice and it worked!
riezebos 145 days ago [-]
On the other hand, I recently tried onlyoffice and could not find a way to format a date with the day of the week
packetlost 146 days ago [-]
Woah, OnlyOffice looks like pretty much exactly what I've been looking for! Nice!
_fat_santa 146 days ago [-]
I run Linux on my work machine and my office is full Windows/MacOS shop.I've so far been able to get away with using either office web apps for things like Teams, Outlook, Excel and Word and I also have a Window 11 VM that has all the desktop versions of the same apps.
I would say that 99.9% of the time I can get away with using the web app versions, even for things like Teams meetings it works really well. Once in a blue moon I will have a document that I can't open in the web versions so I fire up the VM and open it on there.
There are definitely some annoyances around this workflow but IMHO the annoyances pale in comparison to the annoyance of having to use Windows or MacOS every day.
RGamma 145 days ago [-]
What VM setup do you use? Does it play well with W11's TPM requirements? Does GPU acceleration work?
globular-toast 146 days ago [-]
When I see people waking up now I wonder what's taken them so long. I could see this 15 years ago and jumped off Windows at that point. Been using Linux ever since. It's become so easy since then I've intentionally made my life more difficult by switching to Gentoo about 5 years ago. I'm so glad none of my work is locked into the products of rent seeking companies like Microsoft. It was easier for me because 15 years I didn't already have a body of work and an investment into any tools, but I still think it's something you'll be glad you did in another 15 years.
mixmastamyk 146 days ago [-]
Indeed, the security shenanigans around XP are what convinced me to finally move over.
“Better formatting” is not nearly enough to stay in an abusive relationship.
freeone3000 145 days ago [-]
How the documents look is everything. That’s what separates desktop publishing like Word from Notepad. The documents have to look the same and have to print the same. Legal cases depend on it. Academic submissions depend on it (Nature Communications template is not latex, it is word). This is not something that can be omitted.
globular-toast 145 days ago [-]
Word doesn't guarantee they look the same anyway. People send PDFs when they care about that.
freeone3000 145 days ago [-]
Ah, but, “pdfs aren’t editable” and “pdfs cost more money to view”. People absolutely do use Word when they want documents to look the same, and will complain when the documents look different.
mixmastamyk 144 days ago [-]
That's the conventional short-term wisdom, but you'll find just about any rule is bendable to breakable when market conditions change, folks get scared, or they simply decide to.
There's no document formatting that can't be copied elsewhere. Start with new documents and convert the old ones (to pdf or whatever) at some point.
pjmlp 145 days ago [-]
Since Windows XP that is is going to be the year of Linux migration following the Windows exodus after each Windows version is announced, and here we are.
Even Valve can't get the folks targeting Android to port their NDK powered games into SteamDeck, they have to translate Windows/DirectX instead.
Karellen 146 days ago [-]
It's probably worth trying LibreOffice again if your last install was a couple of years ago. They take document compatibility bugs pretty seriously and fix a bunch with every release.
That's probably the easiest step to take next, before looking at virtualization or a full Linux install with Wine.
kbelder 145 days ago [-]
LibreOffice does everything I need personally, and is far more powerful and useful than Google's or Microsoft's web suite.
I still use desktop Office for spreadsheets that need to be shared. Word docs are pretty well supported by Libre at this point.
baq 145 days ago [-]
Calc is... bad. It's slow and I've run into bugs in formulas; would rather use google sheets, which are a different kind of bad, but better than calc. No issues with writer, haven't used anything else.
Paianni 145 days ago [-]
You would probably like Gnumeric, though that project is very Unix-specific.
juujian 146 days ago [-]
I can vouch that the OnlyOffice flatpak is worth at least giving a try. Just sending sth important without requiring Microsoft office at all, feels so good. Granted I have a docx template and generated the initial version with pandoc, so I'm not doing any formatting or anything, just back and forth over editing.
pinoy420 146 days ago [-]
Office is moving web based. OWA is first class now, with Outlook New being a thin wrapper around it with some natives. Also their mockups all use macs primarily so “go figure”
p_ing 146 days ago [-]
There is a long, long road ahead for that to happen. Excel has to not only radically change itself, but so does Power BI. The 3rd party ecosystem has slowly changed from COM add-ins to the JS-based Add-ins, but even then there are many 3rd parties that continue to go the COM route, hence the very long deprecation road for 'legacy' Outlook in the enterprise.
semi-extrinsic 146 days ago [-]
I can tell you very definitely that the OWA apps for Word, Excel and Powerpoint have a way to go before being usable on complex/legacy documents.
scblock 145 days ago [-]
So do the native apps. I can type faster than word can render my text.
tonyedgecombe 146 days ago [-]
>Also their mockups all use macs primarily so “go figure”
That tells you everything.
Aaron2222 145 days ago [-]
> No way I'll use LaTeX for all my writing, and anything Markdown-based just won't cut it formatting-wise.
Have a look at Typst[0]. It's a lot easier to use than LaTeX, while still offering full formatting and layout.
Or you could give macOS a go. UNIX with proper desktop versions of the Office apps. ;)
I gave up on Linux Desktop by Windows 7 timeframe, there is always something that doesn't work, even for old dogs with UNIX experience back to 1990's.
Since I am not to pay Apple prices for private gear, I rather keep Windows with Linux VM approach.
At work, it is a mix of Windows and macOS, depending on the project.
We leave Linux for the cloud servers, and embedded devices.
themaninthedark 142 days ago [-]
I am curious what made you give up? The EOL of Windows 7 is precipitated my switch.
I went down the fun path of running Windows on Linux with a pass-through VM for a while but found that most of what I was trying to do worked well in Linux.
Of course, I don't do any development or work on my own computer. Work computer is now 11 and I dislike it but honestly the IT lockdown drives more ire than the Microsoft redesign
dehrmann 145 days ago [-]
I've used windows for 30+ years, and I'm getting a Mac this year. I seriously considered Linux on a Thinkpad and even test-drove Debian on my older X1 Carbon. I tried, but too many things didn't quite work. I'd get stuck on the login screen for no apparent reason. VMware modules were a pain to build and sign. Something (might have been VMware modules) caused it to freeze. Hidpi support isn't ready. And nothing was really polished.
janfoeh 145 days ago [-]
As someone who has used OSX for .. 21 years now and is slowly, but surely moving off: the grass is not greener on the other side.
Bugs aplenty, a user interface which has seriously deteriorated over the last decade bundled with an ever-increasing user hostility and tendency to lock you out of your system.
One example: you can no longer manage which applications may run as daemons/background tasks. Any application can register itself with the OS to do so, and your only recourse is a little tiny switch in the system preferences.
Only, in the case of Google Chrome this does not work; the application constantly re-registers itself, overriding the setting. I can no longer prevent Chrome from doing whatever the hell it wants to do, and — adding insult to injury — every time it does, I get a persistent notification from macOS that it is now doing what ever the hell it wants to do. About a dozen times a day.
mycall 145 days ago [-]
Is there some .dylib or .so file that runs the Chrome registration.. chmod that file and maybe it will stop doing that.
ge96 145 days ago [-]
Used Carbon x1s are such a great buy, $200 you get 1440p i7 16gb ram only problem is batteries but yeah works great on Ubuntu in my experience
dehrmann 145 days ago [-]
Sounds like my 6th Gen X1, only I replaced the battery last fall. I also noticed the display glitches sometimes when I open it, and the USB-C ports have connection issues sometimes.
raintrees 146 days ago [-]
Same, although I have been on a Linux distro (different over the years) for the last 18 years, I keep a virtual Win7 machine just to run Outlook.
I have been able to do pretty much everything I need to workflow-wise with LibreOffice.
And any office basic dev work, I just do on the client machine or a virtual machine now.
binkHN 145 days ago [-]
Give Linux a try. After seeing how ad-centered Windows 11 has become, I made the decision to wipe my drive and go full Linux, and I couldn't be happier. Is it perfect? No. Is it better for my workflow and caters to my more advanced usage? A big resounding yes.
It cannot replace Microsoft Office, but it's getting close. Most people don't use the full functionality of Microsoft Office, so LibreOffice and Google's online suite are good enough, but I still keep a remote Windows Virtual Machine (VM) around for those time I need Windows-specific stuff and RDP into the VM. I look forward to the day Microsoft finally wakes up and ports Microsoft Office to Linux.
airstrike 146 days ago [-]
I'm working on a cross-platform native-first, offline-first replacement for Excel and PowerPoint, so hopefully it can help you and others make the switch.
I, too, spent far too long trapped in Windows because I couldn't get away from MS Office
alemanek 145 days ago [-]
That sounds cool. Do you have a product page or GitHub? I would love to follow along or contribute if you are building in public
raxxorraxor 145 days ago [-]
For me it is only Excel. I am not even a power user, but its strongest features is its integration with powerquery. In many use cases it is perfectly enough to quickly analyze some data and it is still friendly enough to give non-tech workers possibilities to refresh the newest data available.
Apart from that every other part of the MS ecosystem is replaceable. If there would be a solution for corporate IT account management, Windows could be replaced without much friction.
You can install Office 2016 in Wine. The newer versions have some sort of DRM that is illegal for Wine to support.
zamalek 145 days ago [-]
Office is moving to the cloud, so the current dying breed of desktop apps should be covered by WINE, eventually. Or cave in and use O365, like I do for work - the irony is that Microsoft's insistence on O365 has completely defeated the purpose of their OS.
contingencies 145 days ago [-]
https://www.lyx.org/ (for print documentation), markdown (for normal documentation)
hbs18 145 days ago [-]
Microsoft Word worked pretty well in Wine the last time I tried it, I wouldn't doubt rest of the Office apps worked fine as well.
nosioptar 145 days ago [-]
I've had good luck with OpenOffice Writer being compatible with MS Office.
(LibreOffice was constantly having compatibility problems when I used it.)
giancarlostoro 146 days ago [-]
I mean... Office also just runs just fine on a Mac. But I agree, Linux is the way to go. VMs are not so bad, but you can also use Steam's Proton to run most Windows software just fine, I would be surprised if people don't just run Office from Steam's flavor of Wine, since the game support is phenomenal.
145 days ago [-]
ch_123 146 days ago [-]
What is Microsoft hoping to accomplish here? Given the rate of adoption of Windows 11, it seems unlikely that a majority of Windows 10 users will replace their hardware between now and October. It also seems to me that the scenario where a majority of PC users are running an unsupported Windows release is likely to create MS more problems than is offset by potential revenue from a hardware refresh cycle. Is there an ulterior motive at play beyond wanting to create a hardware refresh cycle?
kjellsbells 146 days ago [-]
I would it is a combination of metric-stuffing, land grab, and genuine concern about security.
Metric stuffing. Everyone at Microsoft is graded on "impact". All the EVP-types at Microsoft have their eye on boldface jobs, so they need a track record of massive impact. Beimg able to claim that they got W11 from X billion devices to Y is how theyll be judged. Another example is how in Azure, the only metric that matters is consumed revenue. That sort of thing drives behavior.
Land grab. W11 infamously makes the Start menu a billboard and has all kinds of usage data going back to the mother ship. If adoption slows, then Microsoft misses out on eyeballs, misses out on the ability to weld users to Copilot, misses the opportunity to earn money from ads, misses the opportunity to improve Windows by learning how people really use their conputers.
Security. Windows is embedded in modern life and although Microsoft gets a lot of flak, (and sometimes it takes a major beating to remind them of their responsibilities), they do want to elevate the security of users. They believe that W11 and TPM will give them a basis to really deliver stronger services. I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
Then again, I plan to use this opportunity to install Linux on my old PC.
Croftengea 146 days ago [-]
> Security.
Ironically, TPM requirement comes from the same company that invented logging your screen every few seconds and storing it unencrypted and without your consent.
stackskipton 145 days ago [-]
Copilot+ thing is due to Metric stuffing. AI is big and Microsoft wanted to juice the numbers so stuffing copilot down everyone throat.
Security is important but like every company, will take a backseat to "revenue" or "growth".
145 days ago [-]
WorldMaker 146 days ago [-]
> I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
One particularly generous view is that the TPM requirements catch PCs up with the TPM requirements of modern phones. (Both iOS and Android have had very strict TPM requirements for a while now.) With a lot of industry interest in moving to hardware security-backed Passkeys to replace passwords, it would help to have PCs on an equal security footing with phones.
Passkeys are a pretty big deal to reduce home user exposure. Phishing and all of its variants are as much or more a home user problem as ransomware.
brutal_chaos_ 145 days ago [-]
Passkeys are also a great way to have vendor lock-in.
WorldMaker 145 days ago [-]
Passkeys are a multi-vendor standard. Because Windows is no one's phone vendor today, it's generally a good idea that Windows has strong Passkey support because it can be an intermediate between the two major phone vendors and help even average users avoid vendor lock-in by pushing a majority of users to try keeping keys with at least two vendors (their phone, and their Windows device) in their common accounts.
brutal_chaos_ 136 days ago [-]
If there was no vendor lock in, you'd only need one key, no?
AnthonyMouse 145 days ago [-]
Your first two reasons are why they're discontinuing support for Windows 10. The intention to drive Windows 11 adoption is inverse to disabling upgrades, because then some of the people without a supported PC won't be able to afford a new one and will switch to Linux or continue to run Windows 10 unsupported when they would otherwise have installed Windows 11 on it.
And the security reason is nonsense because as you point out, the overwhelming majority of Windows security problems are in no way improved by a TPM.
The most likely real explanation is that Microsoft is constantly at war with itself and the manager currently occupying the relevant coign of vantage finds it to be in their personal interest for some muddy reason having to do with internal politics.
Hawxy 146 days ago [-]
> Security
There's a pretty interesting video from 2023 that goes through much of Microsoft's thoughts around Windows security. It flew under the radar unfortunately:
- Windows 11 has provided a hardware security baseline for Microsoft, with features that require hardware support (HVCI, TPM etc) to be enabled by default going forward, stating that Windows 10 strategy of off-by-default was a failure.
- Admin accounts are a continued security problem within the Windows ecosystem, so a future version of Windows will be adding a new "Adminless" account model with linux-like just-in-time escalation. This new model intends to provide a secure middle-ground between the frustrations of a standard user account and the security risks of an Admin account. "Adminless" accounts will run as a "less privileged" user by default and prompt users with Windows Hello when an application requires escalation for a given operation, rather than permanently running the account as a standard or admin user.
- Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP. Developers will be able to specify what privileges an application requires, much like other application platforms. A demo was shown of Notepad++ running under this sandbox model with minimal modification.
-TPMs within the ecosystem are not in a healthy state, with telemetry telling Microsoft that many are running vulnerable firmware due to manufactures not pushing out updates, and some being inoperable due to hardware failures or other issues. Microsoft is working on its Pluton security chip to replace/augment the existing TPM ecosystem and have the ability to push out firmware updates via Windows Update.
- Software/Hardware mitigations are reaching the end of the road in terms of viability. Microsoft is now focused on eliminating classes of security bugs with extensive R&D going into the use of Memory-safe languages (Rust) in areas of the system that exploits often appear in.
gsnedders 146 days ago [-]
> a new "Adminless" account model with linux-like just-in-time escalation
This was the promise of User Account Control, was it not? Or does that just prompt for confirmation for various actions, without actually enforcing a security boundary?
WorldMaker 145 days ago [-]
The way I read it, the difference between existing UAC and "Adminless" is that the user is always in the Administrators group and UAC just unlocks an Administrator token/ACL temporarily to bestow the actual powers of the Administrators group. In "Adminless" the user is only a less privileged/low privilege user, a new system-managed Admin User is created, and the new security boundary prompts instead of unlocking a temporary token/ACL are more "runas" the system-managed Admin User. It's similar to Linux sudo sending commands to the root account, where Linux doesn't have a token/ACL model that allows temporarily upgrading the existing user "in place". It's also similar to how Windows Admin security was managed pre-UAC in places that separated standard accounts and Admin accounts, and similar to how many corporations still manage security, with the difference being that the new "Adminless" admin account is system owned (like the various internal service accounts), supposedly does not allow interactive login, has no password only a hardware security key (hence why the new security boundary requires Windows Hello unlocks every time, versus UAC can be as subtle as Yes/No, depending on configuration/group policy).
"Adminless" is a funny name given that there's still an admin account involved, it's just an admin account that is much more than before not a user account but more like a service account.
p_ing 146 days ago [-]
UAC provides just-in-time elevation. The user belongs to the 'admin' group (aka wheel) and only receives an admin token when performing a task that requires elevation. Once the task is complete, the token is destroyed.
cptskippy 145 days ago [-]
> Once the task is complete, the token is destroyed.
It's less granular than a task though, it's an execution context. If you're running Notepad++ and it wants to update, it requires an elevation. The installer is now running in an admin context and can do whatever it wants, once it's finished installing it usually asks if you want to launch Notepad++ again. At that point the installer running in the admin context can launch Notepad++ within that admin context.
Thus there's a potential for the admin context to persist indefinitely.
In my mind, tasked based elevation is more granular. Something like "I need to write to the program files directory" and not a carte blanche "gimmie admin access to do whatever the hell I want".
Karellen 146 days ago [-]
Sorry, I'm confused. I can't figure out from your explanation how the new adminless just-in-time elevation is supposed to be different from UAC's just-in-time elevation?
kbolino 145 days ago [-]
As far as I can tell, the difference is this:
UAC is per-process and monotonic. Once elevated, the entire process stays elevated.
The new model is per-operation. Even if the same process has been allowed to elevate before, it must ask to do it again. I don't know how granular this is, and whether there's a grace period like sudo.
However, the biggest problem with UAC was that it was considered too noisy for the end user, leading to people just blindly accepting every dialog and Microsoft turning down the default level to the much less secure "don't always prompt". I don't know how this new model will address that problem; naively, it seems to be worse on this front.
Karellen 145 days ago [-]
Huh. In that case, the upthread commenter likening the new model to being more "linux-like" seems confusing.
Given that they didn't mention which Linux security model the new system was like, I presumed they meant the most commonly referenced model for performing administrative tasks: sudo/doas - which elevates a process for its entire runtime.
But if it's a per-operation model, I guess they might have been comparing it to the "desktop portal"/"policykit-dbus" model instead? Which does kind of fit, but I don't think is the security model that most people think of when someone says "linux-like just-in-time escalation"?
DCH3416 146 days ago [-]
> Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP.
Wow that thing they probably should've been doing in the first place. I'll be curious if it'll end up as a supervisor (AI) model or if each program will have its own scope of a file system. The latter of course will be very tricky with how intertwined legacy software can be for file and registry access.
pixl97 146 days ago [-]
Yea, making sure legacy apps keep working is the hard part especially when they have million+ unit customers that have issues around it.
butlike 146 days ago [-]
win32 isolation sounds cool.
binkHN 145 days ago [-]
> I plan to use this opportunity to install Linux on my old PC.
Use this opportunity to install Linux and your NEW PC, and then buckle in!
xmodem 146 days ago [-]
I don't think there's anything going on here other than general corporate ham-fisted-ness.
* Microsoft believes the improvements in windows 11 provide genuine benefit to their users.
* Microsoft doesn't want to maintain their older OS forever.
What we are seeing play out however is that the consumer / small business market either does not understand or does not care about those benefits. I don't see any viable end-state for this other than Microsoft relaxing the requirements for Windows 11 or extending the end-of-support date for Windows 10. Based on this action my money is on the latter.
smw 146 days ago [-]
Wouldn't disallowing updates to Win 11 be the opposite of a logical plan if your goal was to get people upgraded to Win 11?
xmodem 145 days ago [-]
Depends why you want to get users upgraded. If you want your users to be upgraded so they have access to security improvements, and those security improvements require TPM 2.0 or whatever, then allowing upgrades on older systems without TPM 2.0 rather undermines the point of getting those users upgraded.
hparadiz 146 days ago [-]
The secondary goal is lowering support costs. Less hardware to support does that.
AnthonyMouse 145 days ago [-]
Substantially the entirety of the legacy hardware support cost is for accessories, i.e. PCIe cards and USB devices. All of that still exists and people will continue to expect to plug their existing devices into their new PC and have them work.
butlike 146 days ago [-]
"Well you see..."
<starts waving hands around wildly>
"If you debase your current OS, you PRIME people for the next OS, Win13!"
<speech devolves into gibberish at this point>
Avamander 146 days ago [-]
What you've said does seem plausible.
But on the other hand there are valid reasons for requiring a minimum baseline for Windows 11.
The TPM requirements for example allow seamless BitLocker (which provides feature-parity with macOS), it allows secure system credential storage (in both consumer and enterprise contexts) and it's also useful for application developers. For example Chrome can defend user data better against malware or provide features like Device Bound Session Credentials (DBSC).
Requiring certain CPU features on the other hand makes it easier to ship better-optimized executables.
The two combined make it possible to provide things like VBS/HVCI, which is a massive leap for Windows security (it's actually considered a security boundary, unlike UAC).
lukeschlather 146 days ago [-]
The number of functioning computers that are restricted to Windows 10 probably still outnumber the number of computers that can run Windows 11. Most people don't have $500 to drop on a replacement. (Very many of these computers might've been thousands of dollars new and will still outperform the majority of new Windows 11 machines.)
Microsoft is just putting a huge environmental waste of a mandated obsolesence tax on the entire world. But Microsoft doesn't pay the opportunity cost of losing all that hardware. (I wonder how much the hardware Microsoft wants destroyed is worth, hundreds of millions of dollars?)
Avamander 146 days ago [-]
Sure and the number of computers that can run Linux outperform them both. Maybe you don't need W11?
I also don't think the share of TPM-less computers out there is actually that significant. Most laptops have shipped with one for a long time. Desktops that lack one can often buy one. Which is way cheaper than a new PC should you need W11. (I also suspect there are options way cheaper than $500 as well.)
Saying that not being able to run W11 turns something into e-waste is frankly rather crazy. Neither do they want that hardware destroyed.
AnthonyMouse 145 days ago [-]
There is still a lot of quite useful hardware that isn't supported. For example, the first gen Ryzen is apparently not supported, so then you're having to replace e.g. a Threadripper 1950X which has 16 cores and a 4GHz turbo. A new PC with even equivalent performance would be $600+ and a $500 new PC would be a downgrade.
There is also plenty of hardware that isn't fast but is being used in a situation where that doesn't matter. Some Haswell quad core being used for web and email could continue to be used for that indefinitely. That is old enough that it could be replaced with something newer for less than $500, but the entirety of the replacement cost is still lost money because it otherwise wouldn't have had to be replaced at all.
BenjiWiebe 144 days ago [-]
Hopefully this means I can get cheap 1st gen ryzens for my Linux computers soon.
prmoustache 146 days ago [-]
Allowing old devices without those TPM requirements to work would not limit security of the devices that can work with it.
Sooner or later, these non windows 11 compliant machines will mostly disappear from most households and offices and will only attract retro computing and linux users when they will not match the usual memory requirements of the day. These are usually the kind of computers that came with 8GB or less of memory out of the box and they could quietly drop support for them somewhere later within the next 10 years when everybody is running 128GB of ram or so and only a handful of people care about it.
Avamander 146 days ago [-]
I'm fairly sure that you'll be able to run W11 without a TPM for a relatively long time, it's just not supported. It's a risk you have to take, it's a requirement for OEMs not to shaft you with the hardware they sell.
If anything it's the CPU requirements that create a hard requirement for newer HW. But in that case, that support is a cost for them. Why should they spend the effort for what is likely going to be a very subpar experience?
hennell 146 days ago [-]
As an Occam fan, I'd assume the main accomplishment is ensuring a minimum level of hardware capability for Windows 11. Anything on W11 will have a TPM so you can build around it. There's also a minimum CPU spec or whatever you can know you don't need to test under.
I'd imagine that cutting off support for 10+ year old machines and hardware would give a much bigger advantage then the revenue they get from a hardware refresh itself.
66fm472tjy7 145 days ago [-]
puts tinfoil hat on
Ensuring that a critical mass of people use remote attestation[0] capable devices.
The next step is a browser API[1] for this so that content owners can exclude devices capable of storing the content, or stripping out ads/tracking, etc.
Sure, there will be a cat-and-mouse game where people will figure out how to fake the attestation for some period of time, but general computation[2] is probably on the way out.
It's pretty obviously two middle managers fighting each other, and senior management is too distracted by AI to worry about core products being on fire.
saratogacx 146 days ago [-]
Maybe if the renamed the bypass Microsoft Windows 11 Installer Co-Pilot for Legacy Systems it would get their attention.
thewebguyd 145 days ago [-]
Then next year, Microsoft Windows 11 Installer Co-Pilot for Legacy Systems (new)
grotorea 146 days ago [-]
Is this not important enough for senior management?
somenameforme 146 days ago [-]
Be thankful you've never found yourself involved in the Microsoft system of APIs. They behave beyond irrationally. Perhaps somebody can explain why from an internal view, but from an external view it's like this - WPF was one of Microsoft's first UI frameworks released after the Winforms age. It was initially Windows only but had a large enough following that it eventually ended up getting non-official ports to just about every platform. And it was really quite an excellent UI library.
So then Microsoft decided to follow this up with UWP. UWP was the intended successor to WPF, the 'Universal Windows Platform'. It was supposed to run on any Windows platform. But then the Windows Phone got cancelled, and they also eventually cancelled all support for anything except Windows 10. So it turned into the Windows 10 Platform. And it was heavily tied into the Microsoft store to the point that actually deploying it elsewhere was rendered infeasible. Outside of that it was a technically inferior WPF with a few nicer looking default UI elements and a bunch of new bugs. Oh and some namespaces and other things were changed mostly pretty randomly just enough to make it completely incompatible with WPF.
And then this process repeated multiple times over. Each time they lost more and more developers. If they had simply continued building on WPF I think they would likely be a universal standard for UI development, at least for desktop. Instead they're now onto WinUI 3 which nobody uses, including Microsoft. Oh and all the while this was happening they were also developing Xamarin (and similar timeline of a million subsequent renamings and 'refactorings') which is pretty much the same thing, but different, and cross platform, but not.
I'm the sort that'd naturally leap to conspiratorial explanations - Microsoft pushing anything called "trusted" feels like a rusted van with darkened windows sitting outside a school with "FREE CANDY" sloppily painted on the side. But in this case.. no, Microsoft is just so completely weird and irrational with how they push things, often to the point of self defeat.
mystified5016 145 days ago [-]
all of Microsoft's UI is like this and I really don't get it. Forms, WPF, and UWP were all abandoned at different stages of development.
Microsoft ships a UWP demo repository which includes the most fully functional Bluetooth manager anyone has ever built for W10. The stock Bluetooth manager has maybe 10% of the functionality. It's also fundamentally broken in a lot of ways. But this UWP demo they have should have been the stock app. It's wild.
Then of course you still have 50 year old UIs hiding in the lowest levels of the control panel. You can dig through the archeological record on your own pc and look at Win3 UI designs. It's astonishing.
At this point, I don't know anyone who uses any of Microsoft's UI frameworks for a real product. It's either QT or Avalonia or something. Who would ever trust their newest framework when every prior framework was abandoned half-finished and left to rot for years?
asveikau 145 days ago [-]
If you think of how much hardware is capable to run it but they're artificially blocking, it's also rather morally irresponsible from the perspective of e-waste.
butlike 146 days ago [-]
Why not release a tool that runs and shows me the minimum I need to spend to get my PC windows 11 ready? Hide it behind a few menus/drop downs since it will be an "advanced" pc-builder tool.
I imagine it's only my MOBO which is missing TPM, but a suggestion of what mobo to buy which would be compatible with all my other components (RAM DIMMS, PCI-e cards) would be killer.
johngossman 145 days ago [-]
PC Health check will tell you if your existing PC will run Win11. If you are building a computer, any new MOBO has TPM.
greenavocado 146 days ago [-]
If you burn an ISO with Rufus it has a checkbox to skip the checks.
Presumably that is going to stop working with new Windows 11 releases.
greenavocado 146 days ago [-]
Only the documentation is disappearing
RicoElectrico 144 days ago [-]
I couldn't boot a W11 installation USB drive on my newly built PC despite using the official MS tool to write the drive. Fiddling with secure boot options for an hour, even updating UEFI were all for nothing. I said "screw it", loaded the image with Rufus, and it worked on the first try, with the added bonus of MS account bypass.
delduca 145 days ago [-]
+1 for this unattended installation, I have been using for while, no issues.
A true clean Windows installation.
neilv 145 days ago [-]
Here's a bootable bypass .iso for this (and for the million other bits of anti-user behavior that MS has pulled, and will keep pulling):
I get the joke, but on the one hand Debian isn't the most user friendly option; on the other systemd is another monolithic potential problem. I suppose Devuan would be the recommendation I'd give instead of Debian; roughly the same, no systemd.
Alifatisk 146 days ago [-]
The requirements for Windows 11 has really put computers with older hardware in a difficult spot.
They are used to Windows so they want to stay there, I want to suggest Linux Mint but I am not aware of how much of the apps used daily is supported in Linux.
Not every user want to fiddle with the terminal.
Daunk 146 days ago [-]
I recently found out that a friend of mine installed Linux on his own, completely removing his Windows install. And he has yet to "fiddle with the terminal", but still enjoys gaming on Steam and goes on with his daily routine.
cesarb 146 days ago [-]
One thing I've observed is that people who started using Linux a long time ago (which is my case) tend to slide into the command line, even when there's a perfectly good GUI alternative. Want to rename a file? Why use F2, just open a terminal, cd to the path, and mv the file.
Newer users who started with the GUI are less likely to have these habits.
jillesvangurp 146 days ago [-]
It's a hard learned lesson that the UI tools can fail you at some point with Linux. At which point you are going to have to resort to the command line to fix it or just reinstall everything from scratch. A lot of people do the latter. Learning to fix things will get you familiar with the command line in a hurry.
blandenialo 146 days ago [-]
Maybe its just me but I never use the command line unless necessary even tho I used to fidget with it in Ubuntu
ta1243 146 days ago [-]
When did you start using linux?
ThatMedicIsASpy 146 days ago [-]
A dropdown terminal with tab autocomplete is faster for navigation on my end
skydhash 145 days ago [-]
I use a tiling WM, I'm always certain that Workspace 3 and 4 will have a terminal open, and from there it's just using lf (tui file manager). I don't have a GUI file manager installed.
b3lvedere 146 days ago [-]
For me personally it depends on what's the most convenient at the moment.
I've played around with Debian for several years using it for small little servers. They do not need to have a monitor connected, so i never use a gui.
When using my Steam Deck i don't have a keyboard and the virtual keyboard is kinda annoying, so i use the gui.
I can't seem to get used to work with a Debian installed laptop. I've tried many times, but i don't see a daily beneficial goal to use Linux, mostly because i'll always get Windows 10/11 working :)
ta1243 146 days ago [-]
I've been using Linux for 25 years, there were file browsers and I believe F2 did rename. I rarely use them, but then it's rare I want to rename a file. If I want to do something larger, it tends to be using things like "find" or at least "mv * /tgt".
marcosdumay 145 days ago [-]
The terminal is easier, allows for calm editing and reviewing, sharing the procedure, and is way more text-friendly than GUI file managers.
If you don't know how to do it, then yeah, you'll probably use a GUI manager. But those people will probably learn how to use a terminal if they do something a lot.
queuebert 146 days ago [-]
Linux is in desperate need of a PR campaign. The popular distros are just as functional out of the box as Windows, but no one knows it.
diggan 146 days ago [-]
> The popular distros are just as functional out of the box as Windows, but no one knows it.
As always, it depends on what the user uses the computer for. Not everyone can run Windows full-time, as some applications don't work on Linux. I am a full-time Linux user for decades at this point, yet I still use applications that only run on Windows and are too latency sensitive to run well through a VM (and don't work at all via Wine).
Maybe though, these applications could get some love if there was a PR campaign for people to move to Linux...
tassadarforaiur 146 days ago [-]
Valve expanding steamos compatibility might be the closest we're getting.Hopefully their flavour is viable for a variety of computers by windows 10 sunset date.
beart 146 days ago [-]
In my experience, it is not about functionality. It is about polish, integrations, and troubleshooting. If you assume all your devices and software will work on Linux mint out of the box, great. But they won't. Then you end up spending hours trying to get the 5th mouse button to do what it does automatically in Windows. Sure there's a fancy utility on Linux that supports programming that mouse, good luck getting your mother to figure that out.
vladvasiliu 146 days ago [-]
I think it's about habit more than anything. People are used to Windows' sharp edges and have developed workarounds (just reboot it).
But no, the experience is nowhere near "polished", and troubleshooting is a joke. "Something unexpected happened" or "contact your administrator" isn't exactly helpful. Sure, there may be some log somewhere in that godawful event viewer, but who has the patience to wait for that abomination to load? And then to go spelunking in the millions of categories?
Windows is hands-down the most annoying and janky computing experience among all my devices. I put up with it because I like Photoshop, and since I have PCs lying around can't justify buying a MacBook (plus Linux works well enough for all my other needs).
HiDPI support is a joke, with windows showing up wherever they want, the start menu becoming blurry, taskbar menus appearing at random locations on the screen. The windows jump up and down when switching virtual desktops. Windows appear as active, complete with a blinking cursor and everything, yet won't register text input until I click on them. I could go on for days.
skeaker 145 days ago [-]
"Just reboot it" is 1000x more polished than having to jump into the terminal or reinstall your OS (both of which are 100% inaccessible to the average user). Troubleshooting can be done by googling your issue on Windows whereas Linux has dozens of repos with that all require different troubleshooting steps on much more niche websites that won't come up on the first page of google while the average user doesn't know what the hell a GNOME or a KDE is.
Windows wins 100-0 in terms of polish in the eyes of the average user, and that's saying something given that it's not very polished as you said.
olyjohn 145 days ago [-]
Please. The standard for fixing Windows has been to backup and reinstall the OS for as long as I have used it. You can spend days trying to fix a problem with the OS, or just reinstall it in a couple of hours, most people go for the quick and easy reinstall. This is standard for phones, tablets too, since you can't actually even attempt to fix them.
BenjiWiebe 144 days ago [-]
Since Windows 10, I've had good luck with repairing installations using dism rather than reinstalling. And if you were planning to set the customer's computer up to be identical to the way it was before, doing an in place repair can save time.
keyringlight 146 days ago [-]
This seems to be my experience too. The "linux is a great simple windows alternative" attitude works great so long as your usage follows well trodden paths, but otherwise you end up in the weeds quickly.
The kinds of usages that consumer windows has had and the software ecosystem that's promoted for 3+ decades compared to what has been developed for linux affects this too. Windows is extremely broad in all the software available for all the little utilities users are going to look for, and hardware it's going to need to support (and support well). Even trying to pull windows applications that don't do anything too complex over to linux via Wine is very much a YMMV area. It's impressive what has been accomplished and the recent rate of progress, but there's always more to do so it's not an awkward, poorer version of doing the same task in windows.
The aspect I wonder about is what proportion of the 60% of people still using win10 are actually aware or care about it going end of life, assuming windows doesn't auto-update to 11 for them any EOL warning will just be swatted away like most other annoyances so they can get on with their intended task. Getting that type of user to switch to linux seems like it'd remain a herculean task.
jenscow 146 days ago [-]
"mother" has no need for a 5 button programmable mouse, nor does she have a need for applications beyond the web browser. No troubleshooting required.
Daunk 146 days ago [-]
I second this. A lot of technical people struggle with Linux, and I think a lot of that is because they have a way of working and they want to force whatever they use to work like that. While less technical people just use whatever they're given. My father and my grandmother both use Linux, and they don't even know it and there are no issues.
genewitch 144 days ago [-]
I do IT for free for anyone in my city (its small), and I tend to just give people elitedesks with Linux on them to replace aged Walmart PCs. YouTube and email is what most people do at home, that and Amazon/whatever.
I got to thinking in this thread I can even convert the "gamer" types to Linux - I need to make sure Facebook games work on chromium... And show them Steam.
beart 145 days ago [-]
Right, it's better to dictate how things should be when the user doesn't care and doesn't have the background. Which is probably why most people in the category are using iPhones and Chromebooks, not Linux mint.
butlike 146 days ago [-]
just dont turn her around and have her be a skeleton, please
wpm 146 days ago [-]
That’s if you can even connect to the internet!
Have an older device? It maybe didn’t come with WiFi, or came with an older card you replaced with a better one. Better hope the distro and version of that distro you picked has a kernel with drivers already baked in!
Otherwise it’s off to some random git following some random “download this source” and oh wait I’m not connected to the Internet.
vladvasiliu 146 days ago [-]
Well, latest windows 11 installer doesn't detect my laptop's touchpad nor trackpoint, nor wifi adapter. Sure, I usually have a mouse lying around which works, but not a network adapter. So I had to go look up on the internet how to convince it to go past the installer without insisting on connecting to the internet. Spoiler alert: it was some obscure command in the terminal.
This is a 2020 full-intel, basic enterprise machine, nothing fancy. Worked fully out of the box under Linux, including sleep. The display output was borken for about a year under Windows (wouldn't output 4k@60 without doing a stupid plug-unplug-replug-just-at-the-right-time dance). At one point, installing the latest driver from intel worked, but Windows would helpfully "update" it to an earlier, borked version every other day.
My point is that the current hardware situation seems pretty much hit-and-miss, and figuring that running windows to avoid fiddling with drivers and whatnot isn't such a sure-thing as people in this thread make it out to be.
kjellsbells 146 days ago [-]
I know the jungle of PCs has some strange beasts in it, but I still suspect that there is a very strong Pareto curve, even considering the kinds of PCs that the stereotypical retired parents have. If Ubuntu (say) decided that they were going to release a version for Windows refugees,they could probably mop up 75% of the market by focusing on Dell hardware and Logitech peripherals, and get to 80+ with HP and whoever the number 3 vendor was. Leave the 2005-era Packard Bell junk to Windows, define the base level, and partner officially with these vendors to get access to their build sheets and specs to deliver a solid path out of Windows. It could be done. (It wont be done, though, cos theres no money in it)
genewitch 144 days ago [-]
Debian derivatives work fine with 99% of older hardware, say pre-2021. 802.11n is fine for HD youtube, too.
modo_mario 146 days ago [-]
I've had very much the opposite experience with old wifi dongles and the like.
I can think of only one example where it was the other way around...but at least i got it working.
Alifatisk 146 days ago [-]
> The popular distros are just as functional out of the box as Windows
Give me some names that works out of the box and resembles Windows. I have not tried Linux mint so I don't know how well it works for older people. Ubuntu has been quite good and stable but it has also required fiddling with the terminal.
The only one I found to be the best alternative to Windows is ... believe it or not, DeepinOS.
graemep 145 days ago [-]
Why is resembles Windows important? Macos does not and is doing fine, so is Chromeos, so is Android.
Even Windows can be quite different from older versions of Windows.
bigstrat2003 145 days ago [-]
Because if you wish to convince people they should switch from Windows, that's a very important factor. People do not like change, and they want the skills they have to transfer over as much as possible.
bendhoefs 145 days ago [-]
This is a bad idea. You can make Linux look like Windows on the surface but people are going to then be surprised and frustrated when it doesn't act like Windows, it will come off as cheap imitation. People get confused about the idea of something as simple as the concept of a single root file system, they will not understand that coming from a world of C, D, and E drives. It's best to make it look foreign to them so that they don't have their expectations subverted when they realize it actually is a fundamentally different operating system.
StefanBatory 145 days ago [-]
My parents would break down in panic if they did as much as moved a single icon to the left on Android phones. To them it was almost as if they broke the phone.
graemep 145 days ago [-]
So why have so many people switched from Windows to MacOS?
Alifatisk 145 days ago [-]
I can't speak for every single one of them but I can say that some of them probably did it by choice and was prepared to handle the friction in the beginning until they get used to it. I know lots of people who switched from Windows to Mac where power users / had good computer habit.
However, I don't think some of the older people are willing to go through all that. I wish to see an easier option for people who wants a smoother transition from Win10 to something else, especially now since Win10 is being discontinued october this year.
BenjiWiebe 144 days ago [-]
Yes there's an awful lot of change from Windows 7 to Windows 10. Especially if you try to do anything at all in the settings.
mystified5016 145 days ago [-]
I gave my husband Manjaro and he's fine. I gave him a shell script to force update discord (ugh) but he only has to double click it.
People like to freak about how arch isn't for newbies but honestly it's fine. I find it to be just as stable as Debian.
But let's be real, aside from gaming, 99% of what the average user does with a computer is open a web browser. Dekstop apps are secondary. If you put a Firefox/chrome button in the task bar, you've covered most user requirements.
Power users who actually need a bunch of proper desktop applications have a different set of needs. It's impossible to generalize, but a very large fraction of those users would probably be happy with the Linux alternatives, or wine and proton. A lobotomized W10 LTSC VM is also quite usable.
most users won't know or care they're on Linux if the browser works.
dbcjv7vhxj 146 days ago [-]
PopOS is more Mac than windows but it's what you're after.
butlike 146 days ago [-]
KDE is as close to win as you can get on a linux kernel
dbcjv7vhxj 144 days ago [-]
Kde isn't a distro?
butlike 146 days ago [-]
We're just 5 years away from...
- AGI/ASI
- Fusion Energy
- Linux overtaking Windows
marcosdumay 145 days ago [-]
If the current exponential holds, we are ~40 years away from Linux overtaking Windows.
(The exponent has been increasing since MS decided to snapshot the user screen all the time. But it's hard to say if it's just noise.)
electrosphere 145 days ago [-]
2025 - Year of the Linux Desktop
p_ing 146 days ago [-]
Linux is in desperate need of a stable ABI that isn't Win32 as well as a stable, unified Window Server.
marcodiego 146 days ago [-]
Snaps, flatpaks and appimages are converging to that. Slowly indeed, but they are.
chupasaurus 146 days ago [-]
IBM employee without a disclosure? /sarcasm
dehrmann 145 days ago [-]
There are too many distros. Even the Gnome/KDE split has been unproductive. Desktop linux would have done better with more resources polishing a single product rather than making 20 half-baked products.
AnthonyMouse 145 days ago [-]
It doesn't really matter how many distros there are. If you're a new user, just use Debian Stable or Ubuntu LTS.
BobaFloutist 145 days ago [-]
It does if every comment saying "Just use" has a different arcane incantation after it, and three comments under it saying why that specific version sucks and you should actually use something else.
AnthonyMouse 145 days ago [-]
They don't though. The recommendations for new users are nearly universally to use Debian or one of its most popular derivatives like Ubuntu or Mint, which are all very similar to one another and share the large majority of their code.
It's like saying Windows has too many versions because there is Home/Pro/Education/Enterprise and then 23H2 vs. 24H2 etc. There is barely any difference between them.
The distro wars are a bunch of programmers arguing about which one has the best toys for power users. Any of them will run a web browser and the boring popular Debian Stable or LTS derivatives are the ones least likely to deliver unscheduled maintenance as a result of an update.
MiddleEndian 146 days ago [-]
A friend of mine also uses Linux Mint of his own volition. Smart but not a tech enthusiast, he's also never touched the command line.
xmodem 146 days ago [-]
At no point in history has using a 10-year-old PC been as viable as it is today.
genewitch 144 days ago [-]
My 8 year old uses an i3-7350k, which I'll admit is probably the best cpu Intel ever put out, but I built it before he was born, I think. It has a 1050ti, an NVMe and a spindle.
I never have to mess with it, it just works for him. Win11.
Kenji 146 days ago [-]
[dead]
xet7 146 days ago [-]
For Windows 11 24H2, there is already workaroud at Rufus:
For next version of Windows 11, I'll wait what Rufus will do.
Kokouane 146 days ago [-]
Still feels like the solution here is just using Windows 10 IoT LTSC to avoid all this madness. It's a bloated product that feels worse to use than Windows 10, plain and simple.
ranger_danger 145 days ago [-]
Windows 11 IoT Enterprise 24H2 (LTSC and non), very officially does not require TPM.
dehrmann 145 days ago [-]
Are there any off-the-beaten-path issues with setting up my parents with this?
lenova 145 days ago [-]
LTSC doesn't come with Microsoft Store installed (a pro or con depending how you look at it), but it can be installed by running "wsreset -i" in Powershell.
Bonus: LTSC gets extended security patching support lifespan.
dade_ 146 days ago [-]
I’m nearly 100% migrated to Pop. MS gave lots of warning, but I still have a VM on 10 for a couple apps I rarely using including Office in case I absolutely need it. Hoping that Steam Console is real.
For work, I am stuck dealing with 11. There are many things I hate about 11, but why is it so damned slow and laggy on a brand new Copilot PC? File explorer is like loading file lists with a 2400 bps modem, and Office apps take far too long to load. It’s absurd how bad it is, and I can’t figure out why.
I’m getting old, I forget why I load an app before it loads…
doodlebugging 146 days ago [-]
The first app I grab for any Windows installation is Everything from VoidTools [0]. It is simply the best, fastest way to find anything on a Windows computer. If you know any part of the file name you are a few keystrokes away from locating it on any indexed disk that is connected.
Since this is a work PC maybe you don't have the option but if that's the case you should talk to your IT nerd and get permission. Also, make a donation. Great software like Everything is worth buying.
I can't help with Office. Too bad you have to use Win11. Win7 Pro still works great for me when I need a Winbox.
mrweasel 146 days ago [-]
Does TPM support/requirements actually have any meaningful impact on a home user? I could understand being a requirement for Windows 11 Pro (which I believe has Bitlocker, but Home does not). I don't see why it would be required for Home, maybe some features just wouldn't be available, but are those features that people actually care about?
Avamander 146 days ago [-]
If I'm not misremembering, Home can use BitLocker on W11.
The existence of a TPM also lets DPAPI use it, which in turn lets things like browsers and other software protect user data (from malware for example). It also makes new features like Device Bound Session Credentials (DBSC) possible.
But there's also VBS and by extension things like Device Guard. Which in turn entails things like ESS (Enhanced Sign-in Security, more secure biometric auth), Trusted Boot, HVCI, Credential Guard and so on.
DRM is like the last thing it's actually good for, if you actually look into it.
pieenjoyer 146 days ago [-]
Microsoft has made device encryption available to Home edition users if they sign in with a Microsoft account. It relies on the TPM to seal the volume key.
> Does TPM support/requirements actually have any meaningful impact on a home user?
Disk encryption, Windows Hello and PIN bruteforce prevention. I have no love Microsoft and avoid using Windows whenever I can, but I think making those features accessible to more people is a good thing.
p_ing 146 days ago [-]
VBS also requires it, which is a big improvement to Windows' security.
I was under the impression that Bitlocker wasn't available on Windows Home?
If you have an older computer, without TPM 1.2/2.0, then you already don't things like Windows Hello, but you might have secure boot and some brute force prevention, so you wouldn't be worse of as a home user if Microsoft allowed you to run Windows 11.
For new computers I can completely understand that Microsoft would demand that vendors ship systems with TPM 2.0. For upgrades I just struggle to see any really compelling reason, it's not like Apple where Microsoft is trying to also sell hardware, that's mostly on the OEMs.
xmodem 146 days ago [-]
As of Windows 11, you can use Bitlocker on Windows Home.
(Personally I think you probably shouldn't bother with it unless you set a boot PIN, which still requires Pro to be allowed to change the right group policy settings.)
RobotToaster 146 days ago [-]
> but are those features that people actually care about?
The users? No.
The corporations that make DRM? Yes.
gruez 146 days ago [-]
What are some examples of DRM that uses TPM? What does TPM provide that stuff like SGX (which is already used in DRM) doesn't provide?
mkopec 146 days ago [-]
There are none. It's so immensely frustrating to me that so many people believe that a TPM is a DRM device. I'm sure Richard Stallman's Treacherous Computing article played a big part in this.
A TPM is useless for DRM, and there are way more suited solutions like Intel's PAVP that takes an encrypted video stream and puts it on the screen directly, yet I don't see nearly as much uproar about that.
zinekeller 146 days ago [-]
In a sense, graphics cards are the root-of-trust for PC-based DRMs (as they implement the necessary components such as HDCP authentication), not the TPM (which is useless for this task). In fact, PlayReady (which is Microsoft's DRM solution) does this exact thing: https://learn.microsoft.com/en-us/windows/uwp/audio-video-ca...
(...or use things such as the already-dead Intel SGX, which never touched TPMs at all)
deno 146 days ago [-]
It goes TPM → OS Integrity (dm-/fs-verity) → Browser Attestation (Web Integrity) → Your banking website no longer working on Linux because of "security". It’s Play Integrity for the PC.
Encrypted video is a red herring. The real long game is to also get your "secure" video player to refuse playback if it detects watermark in the pirated video. This patches the analog hole.
If you have attested Windows it can just refuse to download "freeworld" VLC because it can be used for piracy and/or even watching child pornography. Imagine that!
Of course you can use Linux instead but now you have to use the approved distro that also won’t let you run "dangerous" apps.
This is of course slippery slope argument and Microsoft would not be able to force all that right now, but better get started on the foundations. Some future government can then just force them to implement the rest, but by then it will be just a flip of a switch.
"TPM is not DRM" argument seriously lacks imagination.
mkopec 146 days ago [-]
Google SafetyNet is basically swiss cheese with lots of bypass solutions for custom ROMs.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.
deno 146 days ago [-]
And that’s why Play Integrity is based on hardware attestation and it is no longer a swiss cheese? And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
If all DVD players came with watermark detection instead of copy protection you wouldn’t have bootlegs because now every single client device needs to do the bypass instead of just once to extract unencrypted stream.
How many people have bypassed or hardware modded Playstations or Switches? This is what you’re talking about. Almost everyone will just accept it.
mkopec 146 days ago [-]
> If all DVD players came with watermark detection instead of copy protection
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?
deno 146 days ago [-]
How would you do it if this was the goal? First you introduce TPM to every device under the sun until it’s everywhere, then you just have to flip a switch. You write Patriot Act then stash in the drawer until it’s time...
> you can happily sideload apps.
This is extremely weak argument when the other major platform does not let you do that, right? Sideloading could go away at any moment just like that. That’s my point. There’s nothing technical stopping it.
> People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit.
Already Windows has: Smart screen (which requires code signing) and app store. Locking down the OS and Apps is hardly unprecedented. Both Windows and MacOS now have developer modes which is a software devkit equivalent.
> Without a mass exodus to Linux?
That’s why you wait until mass adoption (win11) only then start boiling the frog.
Look, I acknowledge this is slippery slope argument. But the slope is very slippery. Something is clearly going on.
gruez 146 days ago [-]
>And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
>You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
There's no need to "lock down the OS" when there's already a locked down OS on the CPU itself (intel SGX), is way more secure (because it doesn't have a bazillion userspace programs and third party drivers loaded), but for whatever reason gets way less flak than TPM.
deno 146 days ago [-]
Intel SGX was never pushed on anyone and it's also Intel only Skylake to Ice lake and requires vendors to provide consistent firmware updates to stay secure. You can’t run the entire OS in SGX enclave because it can’t do I/O on its own.
> There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
gruez 145 days ago [-]
>Intel SGX was never pushed on anyone
Considering that's the only way to play most DRM protected 4K videos, it's probably more of a "push" than requiring TPM. It didn't even have the fig leaf of being usable for FDE or webauthn.
>No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
deno 145 days ago [-]
You can just not buy blurays, they were never popular on PCs anyway. TPM is being pushed on everyone upgrading to Win11. One is opt in, the other is maybe opt out if you jump through hoops, for now. Very different. Also you can do other things with SGX though admittedly it’s mostly useful on servers, but you would still use SGX indirectly via remote attestation. E.g. it’s what Signal uses for some of its core functionality.
> If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
Again, missing the point. Denuvo, Widevine, whatever, it’s all weak to crack once & enjoy but only if you control the OS. The Great TPM Conspiracy Theory is about limiting what you can do with your mainstream Windows/Linux/Macos installation, in the ways I’ve laid out earlier. Taking the ‘P’ out of PC.
reginald78 146 days ago [-]
Valorant requires it for anticheat. The purpose is to prevent users from running unauthorized software on the computers they allegedly own.
I wouldn't expect many examples to exist yet. You want to wait until almost everyone is on Windows 11 before you get up to those shenanigans.
techjamie 146 days ago [-]
> The purpose is to prevent users from running unauthorized software on the computers they allegedly own.
I've maintained for several years now that the actual corporate wet dream is that they can lock down the average PC architecture/OS to the same degree they have on phones. Because unfortunately, in the phone sector, the market has already shown the majority of users don't care who really owns their devices.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
p_ing 146 days ago [-]
Buy a Mac. You'll see that corporate dream come a reality. Immutable OS partition. Security prompts that can no longer be bypassed. Binary signing requirement. It just keeps getting worse and worse, for a power user.
May be "certified UNIX" (when you look at it funny), but it feels like no freedom-loving UNIX-style system I've ever used.
wpm 146 days ago [-]
You can turn all that off if you wanted to. OpenCore Legacy Patcher will build you a kernel with the SIP flag mask set to 0xFF, ie, completely disabled.
p_ing 146 days ago [-]
No, I can't. My M2 Air isn't supported.
cesarb 146 days ago [-]
> My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
This has already happened: Linux had wide enough adoption that Microsoft could be convinced to allow alternative operating systems in Secure Boot.
userbinator 146 days ago [-]
Because unfortunately, in the phone sector, the market has already shown the majority of users don't care who really owns their devices.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
Linux already got a really wide adoption --- in the form of Android.
trelane 146 days ago [-]
Last I knew, Microsoft's goal is to get XBox restrictions into Windows.
p_ing 146 days ago [-]
Valorant uses VBS, which in turn requires TPM 2.0. Valorant isn't directly leveraging TPM.
They're leveraging TPMs in the sense that they're banning specific ones.
reginald78 145 days ago [-]
I can't remember if this was Valorant related but I recall an article voicing concerns that physical hardware in PCs being used to identify users to ban and that the ban would persist when you purchased a used motherboard. Not a great general concern to me for games but the idea has much more sinister potential than just that.
toast0 146 days ago [-]
Given than qemu (and I assume other virtual machines) can emulate a TPM 2.0 device, does this even work?
Yes, anticheat tends to detect virtualization too, so there's extra cat and mouse there, of course.
deno 145 days ago [-]
There’s an embedded immutable Endorsment Key (EK) sometimes along with public crypto cert (EKCert) signed by manufacturer the TPM can use to prove its authenticity. With the certificate you can detect the QEMU case.
bayindirh 146 days ago [-]
IIRC widewine requires TPM for highest quality (level1)?
mkopec 146 days ago [-]
Widevine L1 requires a trusted execution environment for decrypting video and only showing it on HDCP monitors. It's built on top of Intel PAVP, AMD secure display, or ARM TrustZone in the case of ARM chromebooks and Android devices. TPM is not involved, except in the ARM case where I believe it is used for antirollback counters (on x86, the security coprocessor would probably have that responsibility).
p_ing 146 days ago [-]
Widevine Level 1 requires a Trusted Execution Environment. Nothing to do with TPM.
bayindirh 146 days ago [-]
My bad, then.
toast0 146 days ago [-]
SGX is used for DRM in official Blu-Ray 4K playback on PCs, and Intel removed SGX from client cpus in 11th gen (Ice Lake) which means if you want to play those discs on a PC, you either need an older processor or a Xeon or to give in and use unauthorized software.
I'm not sure that tying their horse to SGX is good for adoption of the format.
deno 145 days ago [-]
Ice Lake is 10th gen and last gen with SGX on consumer SKUs.
bluescrn 146 days ago [-]
Given trends of everything going subscription-only, is it unreasonable to suspect that the future of Windows could be subscription-only and a lot harder to pirate than previously?
beretguy 146 days ago [-]
I hope windows will become subscription only so that people finally stop using it.
naikrovek 146 days ago [-]
Remember boot-sector viruses? The TPM helps prevent those. DRM is not something that the TPM enables or helps with or facilitates in any way.
If you don't dismiss my comment as the comment of a corporate shill, you might learn something, and in the future that knowledge may help you. I don't know, I can't predict the future, but I do know that ignorance is dumb.
LegionMammal978 146 days ago [-]
> Remember boot-sector viruses? The TPM helps prevent those. DRM is not something that the TPM enables or helps with or facilitates in any way.
¿Porque no los dos? As noted elsewhere in this thread, TPM certainly facilitates VBS [0], and games like Valorant are already using that for anticheat [1]. As long as application programs can use it to help detect the environment being 'tampered' with (as opposed to the system just wrapping it up in a report for the user), they can use it to protect their particular application state, and I don't see why that shouldn't include DRM state.
> Remember boot-sector viruses? The TPM helps prevent those.
What prevents boot sector viruses is Secure Boot, not TPM.
Avamander 146 days ago [-]
True, but someone disabling Secure Boot will cause the TPM not to release BitLocker keys. Making attempts at subverting it noisier.
Cumpiler69 146 days ago [-]
To corporations period regardless if they make DRM or not. Enterprises want any and all features under the security umbrella for their fleets.
braggerxyz 146 days ago [-]
I run 3 old and one modern PC at home. With the advent of Win11 and the TPM fiasco 3 years ago I sunset all my Windows installations in favor of Linux. After some experimentation I settled with Void Linux. Stable rolling release, and I have complete control over the hardware I own.
Microsoft can go kick rocks...
teeray 146 days ago [-]
I wonder if there’s any room for a manufacturer that would make an untrusted TPU. Like, one that quacks like a TPU, but has will sing like a bird if you ask for its keys. Violates all of the security guarantees? Yep, you bet. But it does provide some insurance against an industry that might want to use TPUs against us (e.g. DRM).
xmodem 146 days ago [-]
You can install Windows 11 into a virtual machine with a virtual TPM, and it will detect and use the vTPM the same as it would a physical TPM on real hardware.
Avamander 146 days ago [-]
Such a manufacturer's attestation key would quickly be considered untrustworthy and their TPMs unattested. An unattested TPM will be ignored by any DRM or anti-cheat use-cases.
Mindwipe 146 days ago [-]
As has been pointed out here before, this is all TPUs. They are not used by DRM vendors because they are quite bad at stopping people with physical access getting the keys.
matt_heimer 146 days ago [-]
Most of the systems would also fail the min CPU check.
I don't know how accurate StatCounter is, but their latest report is showing the breakdown of OS users as:
- Windows 11: 36%
- Windows 10: 60%
Using Steam Hardware survey, it shows:
- Windows 11: 53.46% (-1.50%)
- Windows 10: 42.87% (+0.48%)
Whilst these numbers look very bad for Microsoft, especially given that we're less than 10 months away from Windows 10's home user support, it's potentially even worse if the data is correct and more people are reverting to Windows 10. Reasons I can think of there might be due to some of the recent Windows 11 updates harming performance in applications, notably many major Ubisoft titles.
I'm still on Windows 10, for two reasons. My motherboard does not support TPM 2.0, and I have not had any reason to need to upgrade given it still runs everything I need perfectly. Secondly, I have not seen any reason to go to 11 from 10; I don't love 10, but 11 doesn't seem to fix any of my issues, if anything I see many worse features.
I build and sell a product that is meant to talk to a windows host over Bluetooth.
My application does not work at all on W11. The Bluetooth stack is somehow even more broken than W10. It's to the point where we're developing our own wireless dongle to bypass this entire mess.
Microsoft has forcibly installed W11 on our test machine three times and every time it's completely broken and we have to revert.
It's not good.
RachelF 145 days ago [-]
I wonder how many hundreds of millions of Windows 10 machines are going to become e-waste because of Windows 11's TPM requirements?
Wildgoose 146 days ago [-]
My (unsupported) desktop PC is an AMD Ryzen 7 2700 eight-core CPU running at 3.2Ghz with 16GB of RAM and 2TB of SSD storage. It handles Windows 10 Professional but is apparently incapable of running Windows 11. I don't have a Webcam, but maybe face ID login is now mandated? It will be something stupid like that. I have no interest in replacing this machine though.
DemetriousJones 145 days ago [-]
The missing requirement might be no TPM 2.0
lights0123 145 days ago [-]
It's more likely you have TPM disabled—there's no webcam requirement, and Zen+ is supported.
roody15 145 days ago [-]
Recently moved to re-imaging many of the PC's that I mangage to Linux and so far has gone way smoother than I would have anticipated. Heavily considering moving two entire PC labs at another building to Linux as well. Not sure what Microsoft is thinking this go around Windows 11 has been a disaster. You essentially have to pay more to get a clean, stripped down version of the OS that is manageable.
Most of my machines are 12th gen Intel and they meet all the requirements for Windows 11. However frequently Win 11 updates have caused annoying boot loops, reset preferences, problems with apps already installed and more.
These are Dell Precision workstations so you would think they would have pretty good compatibility with Microsoft... but alas disappointed is the best word I can use.
ale42 146 days ago [-]
As a side note, Windows Server 2025 appears to share the OS base with Windows 11, but it doesn't seem to have the same requirements of CPU/TPM? Or am I wrong? (not that I'm suggesting to use Windows Server as a client OS, especially given its price tag)
ch_123 146 days ago [-]
I suspect this is because servers have a more predictable refresh cycle than consumer PCs/desktops. While some places run their servers to death, many places (particularly big corps who are generating the most revenue for MS anyway) will retire servers at the end of their warranty period and buy new ones.
Given that, there is not the same need to force hardware updates. That said, it also illustrates how the TPM requirement is a business decision, not a technical one.
swozey 146 days ago [-]
Not that it doesn't happen but I've worked in datacenters, including our favorite clouds, and cdn/video architecture for 15 years and have never seen servers replaced on any cadence that wasn't us losing a customer and me sticking a quad core xeon under my desk.
These are $10k-100k+ servers. My multitenant/offload capable NICs are usually $10k-25k themselves.
146 days ago [-]
TiredOfLife 146 days ago [-]
Same with windows 11 iot eneterprise. It's just the regular Windows 11, but without tpm and specific cpu requirements. Anything core i from intel works
EvanAnderson 146 days ago [-]
I haven't installed Windows Server 2025 on bare metal, but in a virtual machine it's happy to install w/o a TPM.
txdv 146 days ago [-]
My Mainboard has TPM turned off so I did not to sweat about the upgrade.
Now I will be forced to I guess.
userbinator 146 days ago [-]
Deleted from the documentation (and I'm sure the archive remembers), not the codebase. As anyone who has been in the Windows world long enough knows, there are plenty of such "unofficially documented" features.
146 days ago [-]
wnevets 146 days ago [-]
has anyone ever explained why TPM 2.0 is so much better than TPM 1.2 on Windows 11? What can't Microsoft do securely with 1.2 that it can with 2.0?
I'm not asking what 2.0 does better than 1.2, I am asking why is it a must have.
TPM 1.2 is only guaranteed to support SHA-1. That was a baffling inadequacy when it came out in 2011, proven so just a few years later when SHA-1 was publicly broken in 2017. This makes TPM 1.2 useless for its intended purpose.
TPM 2.0 is guaranteed to support SHA-256.
bangaladore 145 days ago [-]
The TPM spec is somewhat interesting in that many fundamental capabilities (or at least you would think) are optional. 2.0 enforces some more capabilities and/or adds more capabilities. That's at least one part of it.
andix 146 days ago [-]
They deleted the documentation for this bypass, not the bypass itself, right?
rtsil 145 days ago [-]
Yes. And the bypass can be found in the article.
hnpolicestate 146 days ago [-]
Windows 10 to SteamOS. Google workspace for my productivity needs.
ranger_danger 145 days ago [-]
Windows 11 IoT Enterprise does not require TPM, officially.
146 days ago [-]
throwacct 146 days ago [-]
I don't regret switching to mac 2 years ago.
bell-cot 146 days ago [-]
How long does Apple keep updating MacOS's for older hardware? That I'm aware, there are iPhone models that were discontinued <5 years ago, but get "security updates only" for iOS. And models disco'ed <7 years ago which no longer get even that.
(Vs. Windows 10 is just under 10 years old now - and I don't know what's the newest Windows 10 system that can't update to Window 11.)
ValentineC 145 days ago [-]
The annoying thing about macOS for legacy users is that they're regularly shut out of new Swift-based apps as developers either use newer Swift features, or just don't have enough resources or patience to keep around older Xcode versions.
I'm still on macOS Ventura (13.x), and am already seeing numerous apps with a minimum version of 14.x or 15.x.
A few years shorter than the Win 10 lifecycle. Much shorter than the XP lifecycle, though that was unusual.
trinix912 146 days ago [-]
I'd bet my money that if we took a Windows 10 and a macOS High Sierra laptop, the Windows one would run supported versions of apps much longer than the macOS one, even if one upgraded to the latest supported macOS on that machine while staying on Windows 10 as the time went on.
MacOS apps target the latest few versions and given macOS' rapid release cycle (in comparison to Windows, at least), you can easily find yourself with a machine <10 years old that can't run the latest versions of apps you're using.
leviathant 146 days ago [-]
Without a doubt, Microsoft wins on backward compatibility. I was running a circa-2006 Firewire audio device on Windows 10 in 2021 using drivers that had not been updated since 2012.
I had a Dell Laptop that, when I bought it in 2006, had Windows XP on it. I was able to upgrade it all the way to Windows 10, at no charge. (The beta versions of Windows 7 and Windows 8 both just kind of rolled over into full fledged versions of the OS. Now, even by the time I had Win8 on that machine, it was just for fun. I mostly kept it around because the screen resolution was unusually high for 2006, and for a period afterward, laptop screen resolutions were almost all lower than WXGA+ even on higher end machines. But you could run Windows 10 and modern browsers on a machine built for the WinXP era. Also, I think I paid $700 for that machine, from the Dell Outlet. That's a lot of mileage for the price paid.
So when Windows 10 told me that my 12-year-old Ship of Theseus Dell XPS desktop was unable to take an upgrade to Windows 11, I took a long hard look, and sprung for an M1 Macbook w/ 64gb of RAM. They had a pretty killer deal on these at B&H, and it's the first time I've ever felt like I've had a true "desktop replacement" laptop. I still think Explorer is better than Finder (and I'm not going to argue with anyone about why so don't bother asking), there are things I will miss about having an ATX case, but Apple's abdication on proprietary ports is ultimately what pushed me over the edge. Everything is USB-C. Great! I had gotten a lot of mileage out of Firewire hardware, but I saw this as a pivotal moment to use some of that money I'd saved over the last decade and a half to completely modernize my setup.
If Windows 11 hadn't forced me to consider new core hardware (and if Apple silicon hadn't leapfrogged everything else on the market - using a laptop all day without charging? Phenomenal.) I'd still be using Windows.
I've been using MS operating systems since DOS 3.1, I just have to assume I'm no longer their target market.
thewebguyd 145 days ago [-]
I've also been a long time user of Microsoft's OSes, and despite many others here on HN, I actually liked windows almost the whole time I was a user.
I switched when Apple Silicon came out as well, but had a few flirtations with macOS prior to that with Intel macs. Finder is dog shit compared to almost any other file manager on both Windows and Linux. So much so that I just use the terminal now for almost all file tasks.
I don't love macOS, but I hate what Windows has become more, and these laptops are hard to beat, almost perfect combination of performance & battery life.
I suppose if Apple ever fully iOS-isfys macOS I'll just end up on Linux full-time, and I keep Mint on a spare laptop to toy with, I don't mind it, but I have no need to fully switch yet.
MaxGripe 146 days ago [-]
If I have TPM disabled in the BIOS, is there any point in not enabling it and using a bypass to install Windows 11? I’m wondering if there’s any scenario where keeping TPM disabled might seem like a good idea?
bArray 146 days ago [-]
Just to name a few...
Operational reasons:
* You often replace hardware and move disks, etc, around
* As others have pointed out, what if you're locked into using Windows, Windows requires TPM, and TPM implements something you don't like, for example DRM or it snoops on you. Maybe you have to let it scan your drives, maybe your TPM doesn't like your politics.
p_ing 146 days ago [-]
> for example DRM or it snoops on you
Stop spreading FUD.
bArray 145 days ago [-]
It's not a guarantee, you may consider it FUD, but you can't tell me it's impossible - you can't even promise me it won't happen.
The TPM is fundamentally about storing cryptographic keys, platform integrity checks, unique IDs, etc. It is already used for secure logins by the Windows OS. Microsoft are successfully enforcing your email, ID, logins, etc, to be associated directly with your unique hardware.
One day you will request a video from Netflix or Youtube, and your device will be the only device in the world that can view it. You might think to screen record, but the OS does not allow it. You might think to record it via an external display, but this has to interface with the TPM. You decide to record your screen from your phone, but the phone's TPM recognises that the camera tries to record DRM material.
Don't get me wrong, security devices should exist 100%. But. It should never be forced.
p_ing 145 days ago [-]
TPM isn't capable of the outlandish claims you're making. It stores textual content in PCRs, and is extremely limited at that, not at the very least of in size.
Unique IDs of a system don't require a TPM. Microsoft uses unique IDs from various hardware to bind a product key to a particular device, and has been doing that since the XP era.
Intel and gfx vendors already provide secure DRM paths. TPM isn't capable of doing so.
> Don't get me wrong, security devices should exist 100%. But. It should never be forced.
They should be forced otherwise users would continue leaving themselves open to attack. Security has moved on from ACLs. Microsoft recognizes the need for things like VBS to protect against modern threats, which in turn requires TPM.
Apple has been doing this for roughly 15 or so years now with no fanfare on consumer devices. TPM has been around on x86 since the late '00s with little-to-no fanfare.
waynesonfire 145 days ago [-]
How would we deploy Windows 11 if we couldn't bypass CPU/TPM on a bhyve vm under FreeBSD?
Cumpiler69 146 days ago [-]
The title is misleading. Microsoft deleted their article documenting the bypass, not the workaround itself.
zoobab 146 days ago [-]
any cache?
Cumpiler69 146 days ago [-]
You can just google this, there's like a million blogs out there parroting how to bypass TPM, its's not some incantation that only Microsoft had.
146 days ago [-]
ge354067 141 days ago [-]
[dead]
olukwa 146 days ago [-]
[flagged]
daft_pink 146 days ago [-]
[flagged]
heroprotagonist 146 days ago [-]
[flagged]
jonathantf2 146 days ago [-]
TPM is a security device, nothing to do with AI.
p_ing 146 days ago [-]
Has HN stooped this low?
Cumpiler69 145 days ago [-]
Yes it has.
heroprotagonist 145 days ago [-]
[flagged]
Cumpiler69 145 days ago [-]
[flagged]
dang 143 days ago [-]
We've banned this account for breaking the site guidelines and ignoring our request to stop.
The TPM push predates the AI craze and I don't see this as a particularly strong compliment so this doesn't really follow to me. But the general idea isn't that crazy honestly. They already use your upload bandwidth via a bittorrent-like system to distribute Windows updates to other users so there is precedent to use client resources to lower their own operating costs.
I think an AI botnet is probably a poor fit for AI workloads not mention it would be a security nightmare.
heroprotagonist 145 days ago [-]
I think I triggered some people by saying "AI" here, and you're right. This can definitely be used at a much wider scope. It's not specific to AI.
The "AI" comes in where the cost of processing all of the data is high, and Microsoft start pushing everyone to include NPU in their next "AI-enabled Windows PCs". On-device processing with a lot of benefits to the users.. but even more if the results of all of that processing can be sent back to the cloud and not take up space on Microsoft analytics processing farms.
colejohnson66 146 days ago [-]
What kind of conspiracy theory is this? A TPM stores keys and releases them upon attestation. How does that allow offloaded processing?
im3w1l 145 days ago [-]
I don't believe in his theory, but running software on someone elses machine clearly benefits from attestation. Otherwise how can you be sure they run what they are told?
heroprotagonist 145 days ago [-]
It's the basis of the root of trust.
Describe to me, how would you perform secure processing of encrypted workloads without it, and know it was secure? That the workload was not in a VM and the hardware was not issuing deliberately weak keys that could be exploited to expose the workload?
Cumpiler69 146 days ago [-]
[flagged]
Rendered at 04:48:55 GMT+0000 (Coordinated Universal Time) with Vercel.
I'm thinking, either I need to get used to different workflows or just try virtualization. I heard Figma is great for presentations, anything that Excel can do where the alternatives are lacking is probably better done in R/Python anyway, but for Word I don't see an alternative. No way I'll use LaTeX for all my writing, and anything Markdown-based just won't cut it formatting-wise. Or just use something like Wine I guess. Anyone facing a similar situation?
Performance wise it's smooth as heck, and Geekbench scores show it performing better than Win11 across the board. The default install uses KDE Plasma for its desktop, which is a perfect fit for Windows users like myself in terms of UX/UI.
For an alternative to MS Office, I've been using OnlyOffice[2] with no compatibility issues yet (though I am only a casual user and not a hardcore Word/Excel user).
I reinstalled Win11 last week to confirm whether or not I was experiencing bias, and there was noticeable feeling of "lag" when using Win11 compared to CachyOS (this test was with the latest Win drivers and patches on relatively recent Thinkpad hardware). I went back to Cachy with no hesitation after that.
[1] https://cachyos.org/
[2] https://www.onlyoffice.com/
>> Since Qt5 is now already outdated,
> Yes, every dependency onlyoffice uses is outdated. They even use v8 8.9 that doesn't include any security patches. They also uses outdated CEF binary downloaded from an http url and doesn't check its integrity at all. Even worse, that CEF binary might be closed source as suggested by dbermond in https://github.com/ONLYOFFICE/DesktopEditors/issues/1664
> I would advise anyone who uses onlyoffice to avoid opening any untrusted documents with it. It appears that onlyoffice upstream doesn't care about security at all. See https://github.com/ONLYOFFICE/DesktopEditors/issues/1664 for more details
All kidding aside, I recently migrated to EndeavourOS, but CachyOS looks dope too
Without much fuss.
Tu(r)ned to eleven, speed, bliss & heaven.
On BTRFS, no less!
I went with Mint instead of an arch-based distro, but my experience has been really great even dealing with Geforce drivers.
I use the 365 suite in a web browser if I need to work on it , no issues.
I would say that 99.9% of the time I can get away with using the web app versions, even for things like Teams meetings it works really well. Once in a blue moon I will have a document that I can't open in the web versions so I fire up the VM and open it on there.
There are definitely some annoyances around this workflow but IMHO the annoyances pale in comparison to the annoyance of having to use Windows or MacOS every day.
“Better formatting” is not nearly enough to stay in an abusive relationship.
There's no document formatting that can't be copied elsewhere. Start with new documents and convert the old ones (to pdf or whatever) at some point.
Even Valve can't get the folks targeting Android to port their NDK powered games into SteamDeck, they have to translate Windows/DirectX instead.
That's probably the easiest step to take next, before looking at virtualization or a full Linux install with Wine.
I still use desktop Office for spreadsheets that need to be shared. Word docs are pretty well supported by Libre at this point.
That tells you everything.
Have a look at Typst[0]. It's a lot easier to use than LaTeX, while still offering full formatting and layout.
Or you could give macOS a go. UNIX with proper desktop versions of the Office apps. ;)
[0]: https://typst.app/
Since I am not to pay Apple prices for private gear, I rather keep Windows with Linux VM approach.
At work, it is a mix of Windows and macOS, depending on the project.
We leave Linux for the cloud servers, and embedded devices.
I went down the fun path of running Windows on Linux with a pass-through VM for a while but found that most of what I was trying to do worked well in Linux.
Of course, I don't do any development or work on my own computer. Work computer is now 11 and I dislike it but honestly the IT lockdown drives more ire than the Microsoft redesign
Bugs aplenty, a user interface which has seriously deteriorated over the last decade bundled with an ever-increasing user hostility and tendency to lock you out of your system.
One example: you can no longer manage which applications may run as daemons/background tasks. Any application can register itself with the OS to do so, and your only recourse is a little tiny switch in the system preferences.
Only, in the case of Google Chrome this does not work; the application constantly re-registers itself, overriding the setting. I can no longer prevent Chrome from doing whatever the hell it wants to do, and — adding insult to injury — every time it does, I get a persistent notification from macOS that it is now doing what ever the hell it wants to do. About a dozen times a day.
I have been able to do pretty much everything I need to workflow-wise with LibreOffice.
And any office basic dev work, I just do on the client machine or a virtual machine now.
It cannot replace Microsoft Office, but it's getting close. Most people don't use the full functionality of Microsoft Office, so LibreOffice and Google's online suite are good enough, but I still keep a remote Windows Virtual Machine (VM) around for those time I need Windows-specific stuff and RDP into the VM. I look forward to the day Microsoft finally wakes up and ports Microsoft Office to Linux.
I, too, spent far too long trapped in Windows because I couldn't get away from MS Office
Apart from that every other part of the MS ecosystem is replaceable. If there would be a solution for corporate IT account management, Windows could be replaced without much friction.
https://en.wikipedia.org/wiki/GNU_TeXmacs ?
De nada…
(LibreOffice was constantly having compatibility problems when I used it.)
Metric stuffing. Everyone at Microsoft is graded on "impact". All the EVP-types at Microsoft have their eye on boldface jobs, so they need a track record of massive impact. Beimg able to claim that they got W11 from X billion devices to Y is how theyll be judged. Another example is how in Azure, the only metric that matters is consumed revenue. That sort of thing drives behavior.
Land grab. W11 infamously makes the Start menu a billboard and has all kinds of usage data going back to the mother ship. If adoption slows, then Microsoft misses out on eyeballs, misses out on the ability to weld users to Copilot, misses the opportunity to earn money from ads, misses the opportunity to improve Windows by learning how people really use their conputers.
Security. Windows is embedded in modern life and although Microsoft gets a lot of flak, (and sometimes it takes a major beating to remind them of their responsibilities), they do want to elevate the security of users. They believe that W11 and TPM will give them a basis to really deliver stronger services. I dont know that they are right (eg if the #1 exposure for home users is ransomware, does a tpm help at all?), but I am prepared to give them dome grace.
Then again, I plan to use this opportunity to install Linux on my old PC.
Ironically, TPM requirement comes from the same company that invented logging your screen every few seconds and storing it unencrypted and without your consent.
Security is important but like every company, will take a backseat to "revenue" or "growth".
One particularly generous view is that the TPM requirements catch PCs up with the TPM requirements of modern phones. (Both iOS and Android have had very strict TPM requirements for a while now.) With a lot of industry interest in moving to hardware security-backed Passkeys to replace passwords, it would help to have PCs on an equal security footing with phones.
Passkeys are a pretty big deal to reduce home user exposure. Phishing and all of its variants are as much or more a home user problem as ransomware.
And the security reason is nonsense because as you point out, the overwhelming majority of Windows security problems are in no way improved by a TPM.
The most likely real explanation is that Microsoft is constantly at war with itself and the manager currently occupying the relevant coign of vantage finds it to be in their personal interest for some muddy reason having to do with internal politics.
There's a pretty interesting video from 2023 that goes through much of Microsoft's thoughts around Windows security. It flew under the radar unfortunately:
https://www.youtube.com/watch?v=8T6ClX-y2AE
- Admin accounts are a continued security problem within the Windows ecosystem, so a future version of Windows will be adding a new "Adminless" account model with linux-like just-in-time escalation. This new model intends to provide a secure middle-ground between the frustrations of a standard user account and the security risks of an Admin account. "Adminless" accounts will run as a "less privileged" user by default and prompt users with Windows Hello when an application requires escalation for a given operation, rather than permanently running the account as a standard or admin user.
- Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP. Developers will be able to specify what privileges an application requires, much like other application platforms. A demo was shown of Notepad++ running under this sandbox model with minimal modification.
-TPMs within the ecosystem are not in a healthy state, with telemetry telling Microsoft that many are running vulnerable firmware due to manufactures not pushing out updates, and some being inoperable due to hardware failures or other issues. Microsoft is working on its Pluton security chip to replace/augment the existing TPM ecosystem and have the ability to push out firmware updates via Windows Update.
- Software/Hardware mitigations are reaching the end of the road in terms of viability. Microsoft is now focused on eliminating classes of security bugs with extensive R&D going into the use of Memory-safe languages (Rust) in areas of the system that exploits often appear in.
This was the promise of User Account Control, was it not? Or does that just prompt for confirmation for various actions, without actually enforcing a security boundary?
"Adminless" is a funny name given that there's still an admin account involved, it's just an admin account that is much more than before not a user account but more like a service account.
It's less granular than a task though, it's an execution context. If you're running Notepad++ and it wants to update, it requires an elevation. The installer is now running in an admin context and can do whatever it wants, once it's finished installing it usually asks if you want to launch Notepad++ again. At that point the installer running in the admin context can launch Notepad++ within that admin context.
Thus there's a potential for the admin context to persist indefinitely.
In my mind, tasked based elevation is more granular. Something like "I need to write to the program files directory" and not a carte blanche "gimmie admin access to do whatever the hell I want".
UAC is per-process and monotonic. Once elevated, the entire process stays elevated.
The new model is per-operation. Even if the same process has been allowed to elevate before, it must ask to do it again. I don't know how granular this is, and whether there's a grace period like sudo.
However, the biggest problem with UAC was that it was considered too noisy for the end user, leading to people just blindly accepting every dialog and Microsoft turning down the default level to the much less secure "don't always prompt". I don't know how this new model will address that problem; naively, it seems to be worse on this front.
Given that they didn't mention which Linux security model the new system was like, I presumed they meant the most commonly referenced model for performing administrative tasks: sudo/doas - which elevates a process for its entire runtime.
But if it's a per-operation model, I guess they might have been comparing it to the "desktop portal"/"policykit-dbus" model instead? Which does kind of fit, but I don't think is the security model that most people think of when someone says "linux-like just-in-time escalation"?
Wow that thing they probably should've been doing in the first place. I'll be curious if it'll end up as a supervisor (AI) model or if each program will have its own scope of a file system. The latter of course will be very tricky with how intertwined legacy software can be for file and registry access.
Use this opportunity to install Linux and your NEW PC, and then buckle in!
* Microsoft believes the improvements in windows 11 provide genuine benefit to their users.
* Microsoft doesn't want to maintain their older OS forever.
What we are seeing play out however is that the consumer / small business market either does not understand or does not care about those benefits. I don't see any viable end-state for this other than Microsoft relaxing the requirements for Windows 11 or extending the end-of-support date for Windows 10. Based on this action my money is on the latter.
But on the other hand there are valid reasons for requiring a minimum baseline for Windows 11.
The TPM requirements for example allow seamless BitLocker (which provides feature-parity with macOS), it allows secure system credential storage (in both consumer and enterprise contexts) and it's also useful for application developers. For example Chrome can defend user data better against malware or provide features like Device Bound Session Credentials (DBSC).
Requiring certain CPU features on the other hand makes it easier to ship better-optimized executables.
The two combined make it possible to provide things like VBS/HVCI, which is a massive leap for Windows security (it's actually considered a security boundary, unlike UAC).
Microsoft is just putting a huge environmental waste of a mandated obsolesence tax on the entire world. But Microsoft doesn't pay the opportunity cost of losing all that hardware. (I wonder how much the hardware Microsoft wants destroyed is worth, hundreds of millions of dollars?)
I also don't think the share of TPM-less computers out there is actually that significant. Most laptops have shipped with one for a long time. Desktops that lack one can often buy one. Which is way cheaper than a new PC should you need W11. (I also suspect there are options way cheaper than $500 as well.)
Saying that not being able to run W11 turns something into e-waste is frankly rather crazy. Neither do they want that hardware destroyed.
There is also plenty of hardware that isn't fast but is being used in a situation where that doesn't matter. Some Haswell quad core being used for web and email could continue to be used for that indefinitely. That is old enough that it could be replaced with something newer for less than $500, but the entirety of the replacement cost is still lost money because it otherwise wouldn't have had to be replaced at all.
Sooner or later, these non windows 11 compliant machines will mostly disappear from most households and offices and will only attract retro computing and linux users when they will not match the usual memory requirements of the day. These are usually the kind of computers that came with 8GB or less of memory out of the box and they could quietly drop support for them somewhere later within the next 10 years when everybody is running 128GB of ram or so and only a handful of people care about it.
If anything it's the CPU requirements that create a hard requirement for newer HW. But in that case, that support is a cost for them. Why should they spend the effort for what is likely going to be a very subpar experience?
I'd imagine that cutting off support for 10+ year old machines and hardware would give a much bigger advantage then the revenue they get from a hardware refresh itself.
Ensuring that a critical mass of people use remote attestation[0] capable devices.
The next step is a browser API[1] for this so that content owners can exclude devices capable of storing the content, or stripping out ads/tracking, etc.
Sure, there will be a cat-and-mouse game where people will figure out how to fake the attestation for some period of time, but general computation[2] is probably on the way out.
----
[0] https://en.wikipedia.org/w/index.php?title=Trusted_Computing...
[1] https://news.ycombinator.com/item?id=36817305
[2] https://www.youtube.com/watch?v=HUEvRyemKSg
So then Microsoft decided to follow this up with UWP. UWP was the intended successor to WPF, the 'Universal Windows Platform'. It was supposed to run on any Windows platform. But then the Windows Phone got cancelled, and they also eventually cancelled all support for anything except Windows 10. So it turned into the Windows 10 Platform. And it was heavily tied into the Microsoft store to the point that actually deploying it elsewhere was rendered infeasible. Outside of that it was a technically inferior WPF with a few nicer looking default UI elements and a bunch of new bugs. Oh and some namespaces and other things were changed mostly pretty randomly just enough to make it completely incompatible with WPF.
And then this process repeated multiple times over. Each time they lost more and more developers. If they had simply continued building on WPF I think they would likely be a universal standard for UI development, at least for desktop. Instead they're now onto WinUI 3 which nobody uses, including Microsoft. Oh and all the while this was happening they were also developing Xamarin (and similar timeline of a million subsequent renamings and 'refactorings') which is pretty much the same thing, but different, and cross platform, but not.
I'm the sort that'd naturally leap to conspiratorial explanations - Microsoft pushing anything called "trusted" feels like a rusted van with darkened windows sitting outside a school with "FREE CANDY" sloppily painted on the side. But in this case.. no, Microsoft is just so completely weird and irrational with how they push things, often to the point of self defeat.
Microsoft ships a UWP demo repository which includes the most fully functional Bluetooth manager anyone has ever built for W10. The stock Bluetooth manager has maybe 10% of the functionality. It's also fundamentally broken in a lot of ways. But this UWP demo they have should have been the stock app. It's wild.
Then of course you still have 50 year old UIs hiding in the lowest levels of the control panel. You can dig through the archeological record on your own pc and look at Win3 UI designs. It's astonishing.
At this point, I don't know anyone who uses any of Microsoft's UI frameworks for a real product. It's either QT or Avalonia or something. Who would ever trust their newest framework when every prior framework was abandoned half-finished and left to rot for years?
I imagine it's only my MOBO which is missing TPM, but a suggestion of what mobo to buy which would be compatible with all my other components (RAM DIMMS, PCI-e cards) would be killer.
You can also use the unattended installation system: https://github.com/memstechtips/UnattendedWinstall
A true clean Windows installation.
https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/
They are used to Windows so they want to stay there, I want to suggest Linux Mint but I am not aware of how much of the apps used daily is supported in Linux.
Not every user want to fiddle with the terminal.
Newer users who started with the GUI are less likely to have these habits.
I've played around with Debian for several years using it for small little servers. They do not need to have a monitor connected, so i never use a gui.
When using my Steam Deck i don't have a keyboard and the virtual keyboard is kinda annoying, so i use the gui.
I can't seem to get used to work with a Debian installed laptop. I've tried many times, but i don't see a daily beneficial goal to use Linux, mostly because i'll always get Windows 10/11 working :)
If you don't know how to do it, then yeah, you'll probably use a GUI manager. But those people will probably learn how to use a terminal if they do something a lot.
As always, it depends on what the user uses the computer for. Not everyone can run Windows full-time, as some applications don't work on Linux. I am a full-time Linux user for decades at this point, yet I still use applications that only run on Windows and are too latency sensitive to run well through a VM (and don't work at all via Wine).
Maybe though, these applications could get some love if there was a PR campaign for people to move to Linux...
But no, the experience is nowhere near "polished", and troubleshooting is a joke. "Something unexpected happened" or "contact your administrator" isn't exactly helpful. Sure, there may be some log somewhere in that godawful event viewer, but who has the patience to wait for that abomination to load? And then to go spelunking in the millions of categories?
Windows is hands-down the most annoying and janky computing experience among all my devices. I put up with it because I like Photoshop, and since I have PCs lying around can't justify buying a MacBook (plus Linux works well enough for all my other needs).
HiDPI support is a joke, with windows showing up wherever they want, the start menu becoming blurry, taskbar menus appearing at random locations on the screen. The windows jump up and down when switching virtual desktops. Windows appear as active, complete with a blinking cursor and everything, yet won't register text input until I click on them. I could go on for days.
Windows wins 100-0 in terms of polish in the eyes of the average user, and that's saying something given that it's not very polished as you said.
The kinds of usages that consumer windows has had and the software ecosystem that's promoted for 3+ decades compared to what has been developed for linux affects this too. Windows is extremely broad in all the software available for all the little utilities users are going to look for, and hardware it's going to need to support (and support well). Even trying to pull windows applications that don't do anything too complex over to linux via Wine is very much a YMMV area. It's impressive what has been accomplished and the recent rate of progress, but there's always more to do so it's not an awkward, poorer version of doing the same task in windows.
The aspect I wonder about is what proportion of the 60% of people still using win10 are actually aware or care about it going end of life, assuming windows doesn't auto-update to 11 for them any EOL warning will just be swatted away like most other annoyances so they can get on with their intended task. Getting that type of user to switch to linux seems like it'd remain a herculean task.
I got to thinking in this thread I can even convert the "gamer" types to Linux - I need to make sure Facebook games work on chromium... And show them Steam.
Have an older device? It maybe didn’t come with WiFi, or came with an older card you replaced with a better one. Better hope the distro and version of that distro you picked has a kernel with drivers already baked in!
Otherwise it’s off to some random git following some random “download this source” and oh wait I’m not connected to the Internet.
This is a 2020 full-intel, basic enterprise machine, nothing fancy. Worked fully out of the box under Linux, including sleep. The display output was borken for about a year under Windows (wouldn't output 4k@60 without doing a stupid plug-unplug-replug-just-at-the-right-time dance). At one point, installing the latest driver from intel worked, but Windows would helpfully "update" it to an earlier, borked version every other day.
My point is that the current hardware situation seems pretty much hit-and-miss, and figuring that running windows to avoid fiddling with drivers and whatnot isn't such a sure-thing as people in this thread make it out to be.
Give me some names that works out of the box and resembles Windows. I have not tried Linux mint so I don't know how well it works for older people. Ubuntu has been quite good and stable but it has also required fiddling with the terminal.
The only one I found to be the best alternative to Windows is ... believe it or not, DeepinOS.
Even Windows can be quite different from older versions of Windows.
However, I don't think some of the older people are willing to go through all that. I wish to see an easier option for people who wants a smoother transition from Win10 to something else, especially now since Win10 is being discontinued october this year.
People like to freak about how arch isn't for newbies but honestly it's fine. I find it to be just as stable as Debian.
But let's be real, aside from gaming, 99% of what the average user does with a computer is open a web browser. Dekstop apps are secondary. If you put a Firefox/chrome button in the task bar, you've covered most user requirements.
Power users who actually need a bunch of proper desktop applications have a different set of needs. It's impossible to generalize, but a very large fraction of those users would probably be happy with the Linux alternatives, or wine and proton. A lobotomized W10 LTSC VM is also quite usable.
most users won't know or care they're on Linux if the browser works.
- AGI/ASI
- Fusion Energy
- Linux overtaking Windows
(The exponent has been increasing since MS decided to snapshot the user screen all the time. But it's hard to say if it's just noise.)
It's like saying Windows has too many versions because there is Home/Pro/Education/Enterprise and then 23H2 vs. 24H2 etc. There is barely any difference between them.
The distro wars are a bunch of programmers arguing about which one has the best toys for power users. Any of them will run a web browser and the boring popular Debian Stable or LTS derivatives are the ones least likely to deliver unscheduled maintenance as a result of an update.
I never have to mess with it, it just works for him. Win11.
https://www.ghacks.net/2024/10/11/rufus-4-6-bypasses-windows...
https://news.ycombinator.com/item?id=41809287
For next version of Windows 11, I'll wait what Rufus will do.
Bonus: LTSC gets extended security patching support lifespan.
For work, I am stuck dealing with 11. There are many things I hate about 11, but why is it so damned slow and laggy on a brand new Copilot PC? File explorer is like loading file lists with a 2400 bps modem, and Office apps take far too long to load. It’s absurd how bad it is, and I can’t figure out why.
I’m getting old, I forget why I load an app before it loads…
Since this is a work PC maybe you don't have the option but if that's the case you should talk to your IT nerd and get permission. Also, make a donation. Great software like Everything is worth buying.
[0] https://www.voidtools.com/downloads/
I can't help with Office. Too bad you have to use Win11. Win7 Pro still works great for me when I need a Winbox.
The existence of a TPM also lets DPAPI use it, which in turn lets things like browsers and other software protect user data (from malware for example). It also makes new features like Device Bound Session Credentials (DBSC) possible.
But there's also VBS and by extension things like Device Guard. Which in turn entails things like ESS (Enhanced Sign-in Security, more secure biometric auth), Trusted Boot, HVCI, Credential Guard and so on.
DRM is like the last thing it's actually good for, if you actually look into it.
https://support.microsoft.com/en-us/windows/device-encryptio...
Disk encryption, Windows Hello and PIN bruteforce prevention. I have no love Microsoft and avoid using Windows whenever I can, but I think making those features accessible to more people is a good thing.
https://learn.microsoft.com/en-us/windows-hardware/design/de...
https://techcommunity.microsoft.com/blog/virtualization/virt...
If you have an older computer, without TPM 1.2/2.0, then you already don't things like Windows Hello, but you might have secure boot and some brute force prevention, so you wouldn't be worse of as a home user if Microsoft allowed you to run Windows 11.
For new computers I can completely understand that Microsoft would demand that vendors ship systems with TPM 2.0. For upgrades I just struggle to see any really compelling reason, it's not like Apple where Microsoft is trying to also sell hardware, that's mostly on the OEMs.
(Personally I think you probably shouldn't bother with it unless you set a boot PIN, which still requires Pro to be allowed to change the right group policy settings.)
The users? No.
The corporations that make DRM? Yes.
A TPM is useless for DRM, and there are way more suited solutions like Intel's PAVP that takes an encrypted video stream and puts it on the screen directly, yet I don't see nearly as much uproar about that.
(...or use things such as the already-dead Intel SGX, which never touched TPMs at all)
Encrypted video is a red herring. The real long game is to also get your "secure" video player to refuse playback if it detects watermark in the pirated video. This patches the analog hole.
If you have attested Windows it can just refuse to download "freeworld" VLC because it can be used for piracy and/or even watching child pornography. Imagine that!
Of course you can use Linux instead but now you have to use the approved distro that also won’t let you run "dangerous" apps.
This is of course slippery slope argument and Microsoft would not be able to force all that right now, but better get started on the foundations. Some future government can then just force them to implement the rest, but by then it will be just a flip of a switch.
"TPM is not DRM" argument seriously lacks imagination.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.
You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
If all DVD players came with watermark detection instead of copy protection you wouldn’t have bootlegs because now every single client device needs to do the bypass instead of just once to extract unencrypted stream.
How many people have bypassed or hardware modded Playstations or Switches? This is what you’re talking about. Almost everyone will just accept it.
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?
> you can happily sideload apps.
This is extremely weak argument when the other major platform does not let you do that, right? Sideloading could go away at any moment just like that. That’s my point. There’s nothing technical stopping it.
> People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit.
Already Windows has: Smart screen (which requires code signing) and app store. Locking down the OS and Apps is hardly unprecedented. Both Windows and MacOS now have developer modes which is a software devkit equivalent.
> Without a mass exodus to Linux?
That’s why you wait until mass adoption (win11) only then start boiling the frog.
Look, I acknowledge this is slippery slope argument. But the slope is very slippery. Something is clearly going on.
There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
>You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
There's no need to "lock down the OS" when there's already a locked down OS on the CPU itself (intel SGX), is way more secure (because it doesn't have a bazillion userspace programs and third party drivers loaded), but for whatever reason gets way less flak than TPM.
> There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
Considering that's the only way to play most DRM protected 4K videos, it's probably more of a "push" than requiring TPM. It didn't even have the fig leaf of being usable for FDE or webauthn.
>No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
> If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
Again, missing the point. Denuvo, Widevine, whatever, it’s all weak to crack once & enjoy but only if you control the OS. The Great TPM Conspiracy Theory is about limiting what you can do with your mainstream Windows/Linux/Macos installation, in the ways I’ve laid out earlier. Taking the ‘P’ out of PC.
I wouldn't expect many examples to exist yet. You want to wait until almost everyone is on Windows 11 before you get up to those shenanigans.
I've maintained for several years now that the actual corporate wet dream is that they can lock down the average PC architecture/OS to the same degree they have on phones. Because unfortunately, in the phone sector, the market has already shown the majority of users don't care who really owns their devices.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
May be "certified UNIX" (when you look at it funny), but it feels like no freedom-loving UNIX-style system I've ever used.
This has already happened: Linux had wide enough adoption that Microsoft could be convinced to allow alternative operating systems in Secure Boot.
My hope is that Linux gets wide enough adoption to prevent that from becoming a feasible option for them in the future.
Linux already got a really wide adoption --- in the form of Android.
https://support-valorant.riotgames.com/hc/en-us/articles/169...
Yes, anticheat tends to detect virtualization too, so there's extra cat and mouse there, of course.
I'm not sure that tying their horse to SGX is good for adoption of the format.
Please read this, and do your part to make the world a bit more educated, on average: https://en.wikipedia.org/wiki/Trusted_Platform_Module#Overvi...
If you don't dismiss my comment as the comment of a corporate shill, you might learn something, and in the future that knowledge may help you. I don't know, I can't predict the future, but I do know that ignorance is dumb.
¿Porque no los dos? As noted elsewhere in this thread, TPM certainly facilitates VBS [0], and games like Valorant are already using that for anticheat [1]. As long as application programs can use it to help detect the environment being 'tampered' with (as opposed to the system just wrapping it up in a report for the user), they can use it to protect their particular application state, and I don't see why that shouldn't include DRM state.
[0] https://learn.microsoft.com/en-us/windows-hardware/design/de...
[1] https://support-valorant.riotgames.com/hc/en-us/articles/169...
What prevents boot sector viruses is Secure Boot, not TPM.
- Windows 11: 36%
- Windows 10: 60%
Using Steam Hardware survey, it shows:
- Windows 11: 53.46% (-1.50%)
- Windows 10: 42.87% (+0.48%)
Whilst these numbers look very bad for Microsoft, especially given that we're less than 10 months away from Windows 10's home user support, it's potentially even worse if the data is correct and more people are reverting to Windows 10. Reasons I can think of there might be due to some of the recent Windows 11 updates harming performance in applications, notably many major Ubisoft titles.
I'm still on Windows 10, for two reasons. My motherboard does not support TPM 2.0, and I have not had any reason to need to upgrade given it still runs everything I need perfectly. Secondly, I have not seen any reason to go to 11 from 10; I don't love 10, but 11 doesn't seem to fix any of my issues, if anything I see many worse features.
https://www.theregister.com/2025/01/02/windows_10_grows/
https://gs.statcounter.com/windows-version-market-share/desk...
https://www.pcworld.com/article/2532669/ubisoft-games-are-cr...
My application does not work at all on W11. The Bluetooth stack is somehow even more broken than W10. It's to the point where we're developing our own wireless dongle to bypass this entire mess.
Microsoft has forcibly installed W11 on our test machine three times and every time it's completely broken and we have to revert.
It's not good.
Most of my machines are 12th gen Intel and they meet all the requirements for Windows 11. However frequently Win 11 updates have caused annoying boot loops, reset preferences, problems with apps already installed and more.
These are Dell Precision workstations so you would think they would have pretty good compatibility with Microsoft... but alas disappointed is the best word I can use.
Given that, there is not the same need to force hardware updates. That said, it also illustrates how the TPM requirement is a business decision, not a technical one.
These are $10k-100k+ servers. My multitenant/offload capable NICs are usually $10k-25k themselves.
Now I will be forced to I guess.
I'm not asking what 2.0 does better than 1.2, I am asking why is it a must have.
2.0 is required for Microsoft's purposes. Here's one of them:
https://learn.microsoft.com/en-us/windows/security/hardware-...
TPM 2.0 is guaranteed to support SHA-256.
(Vs. Windows 10 is just under 10 years old now - and I don't know what's the newest Windows 10 system that can't update to Window 11.)
I'm still on macOS Ventura (13.x), and am already seeing numerous apps with a minimum version of 14.x or 15.x.
https://support.apple.com/en-us/120282
A few years shorter than the Win 10 lifecycle. Much shorter than the XP lifecycle, though that was unusual.
MacOS apps target the latest few versions and given macOS' rapid release cycle (in comparison to Windows, at least), you can easily find yourself with a machine <10 years old that can't run the latest versions of apps you're using.
I had a Dell Laptop that, when I bought it in 2006, had Windows XP on it. I was able to upgrade it all the way to Windows 10, at no charge. (The beta versions of Windows 7 and Windows 8 both just kind of rolled over into full fledged versions of the OS. Now, even by the time I had Win8 on that machine, it was just for fun. I mostly kept it around because the screen resolution was unusually high for 2006, and for a period afterward, laptop screen resolutions were almost all lower than WXGA+ even on higher end machines. But you could run Windows 10 and modern browsers on a machine built for the WinXP era. Also, I think I paid $700 for that machine, from the Dell Outlet. That's a lot of mileage for the price paid.
So when Windows 10 told me that my 12-year-old Ship of Theseus Dell XPS desktop was unable to take an upgrade to Windows 11, I took a long hard look, and sprung for an M1 Macbook w/ 64gb of RAM. They had a pretty killer deal on these at B&H, and it's the first time I've ever felt like I've had a true "desktop replacement" laptop. I still think Explorer is better than Finder (and I'm not going to argue with anyone about why so don't bother asking), there are things I will miss about having an ATX case, but Apple's abdication on proprietary ports is ultimately what pushed me over the edge. Everything is USB-C. Great! I had gotten a lot of mileage out of Firewire hardware, but I saw this as a pivotal moment to use some of that money I'd saved over the last decade and a half to completely modernize my setup.
If Windows 11 hadn't forced me to consider new core hardware (and if Apple silicon hadn't leapfrogged everything else on the market - using a laptop all day without charging? Phenomenal.) I'd still be using Windows.
I've been using MS operating systems since DOS 3.1, I just have to assume I'm no longer their target market.
I switched when Apple Silicon came out as well, but had a few flirtations with macOS prior to that with Intel macs. Finder is dog shit compared to almost any other file manager on both Windows and Linux. So much so that I just use the terminal now for almost all file tasks.
I don't love macOS, but I hate what Windows has become more, and these laptops are hard to beat, almost perfect combination of performance & battery life.
I suppose if Apple ever fully iOS-isfys macOS I'll just end up on Linux full-time, and I keep Mint on a spare laptop to toy with, I don't mind it, but I have no need to fully switch yet.
Operational reasons:
* You often replace hardware and move disks, etc, around
* The TPM is not compatible with hardware that you have: https://wiki.archlinux.org/title/Trusted_Platform_Module
* You have a TPM that is too old: https://www.dell.com/support/kbdoc/en-uk/000132583/dell-syst...
* Your TPM is damaged
Security reasons:
* For some reason the TPM is actually seriously compromised itself (i.e. RCE or firmware backdoors):
- https://www.reddit.com/r/sysadmin/comments/1akxbfn/youtuber_...
- https://www.beyondidentity.com/resource/cybersecurity-mythbu...
- https://www.bleepingcomputer.com/news/security/new-tpm-20-fl...
* You have an alternative security model, i.e. PTT: https://uk.crucial.com/support/articles-faq-ssd/alternatives...
* As others have pointed out, what if you're locked into using Windows, Windows requires TPM, and TPM implements something you don't like, for example DRM or it snoops on you. Maybe you have to let it scan your drives, maybe your TPM doesn't like your politics.
Stop spreading FUD.
The TPM is fundamentally about storing cryptographic keys, platform integrity checks, unique IDs, etc. It is already used for secure logins by the Windows OS. Microsoft are successfully enforcing your email, ID, logins, etc, to be associated directly with your unique hardware.
One day you will request a video from Netflix or Youtube, and your device will be the only device in the world that can view it. You might think to screen record, but the OS does not allow it. You might think to record it via an external display, but this has to interface with the TPM. You decide to record your screen from your phone, but the phone's TPM recognises that the camera tries to record DRM material.
Don't get me wrong, security devices should exist 100%. But. It should never be forced.
Unique IDs of a system don't require a TPM. Microsoft uses unique IDs from various hardware to bind a product key to a particular device, and has been doing that since the XP era.
Intel and gfx vendors already provide secure DRM paths. TPM isn't capable of doing so.
> Don't get me wrong, security devices should exist 100%. But. It should never be forced.
They should be forced otherwise users would continue leaving themselves open to attack. Security has moved on from ACLs. Microsoft recognizes the need for things like VBS to protect against modern threats, which in turn requires TPM.
Apple has been doing this for roughly 15 or so years now with no fanfare on consumer devices. TPM has been around on x86 since the late '00s with little-to-no fanfare.
https://news.ycombinator.com/newsguidelines.html
https://news.ycombinator.com/newsguidelines.html
I think an AI botnet is probably a poor fit for AI workloads not mention it would be a security nightmare.
The "AI" comes in where the cost of processing all of the data is high, and Microsoft start pushing everyone to include NPU in their next "AI-enabled Windows PCs". On-device processing with a lot of benefits to the users.. but even more if the results of all of that processing can be sent back to the cloud and not take up space on Microsoft analytics processing farms.
Describe to me, how would you perform secure processing of encrypted workloads without it, and know it was secure? That the workload was not in a VM and the hardware was not issuing deliberately weak keys that could be exploited to expose the workload?