I'm happy to have this setting. It's a great setting and I appreciate Signal adding it.
However, if an attacker has the ability to directly query the Recall database, they almost certainly have access to read all your Signal messages on your device. The locations where Recall files live are even more protected and isolated than your %APPDATA%\Roaming\Signal directory is.
Everything running as you on your computer has full control of all your Signal messages and your identity assigned to the device. This is untrue of your Recall data, which from last I saw required a lot of finagling to get the permissions right for you to access it raw.
It's kind of funny that this argument always comes up when talking about Windows security.
What if I told you that botched sandboxing by default is not the standard we should accept? And that Windows' lack of competence to isolate processes isn't even what the NT Kernel envisioned (see e.g. ReactOS)?
I'd never run Windows as a host system, given the track record of how Microsoft deals with RCEs and privilege escalation issues that have been unfixed for decades at this point.
* Arguing about what should be doesn't alter the facts of the current situation
* It's unfair to single out Windows here, when other platforms are not much better. Mechanisms for stronger sandboxing and storage firewalling do exist on all platforms, but in practice these are barely used on desktops, and this is true across all three major OS families. E.g. Flatpaks exist, but I believe they still represent the minority of actual application installs
And ironically Wayland also gets frequent, heavy criticism for doing the right thing here - treating screen or input capture as a privileged operation, rather than a default right of any random application you have running (though I agree they should have standardized an escape hatch earlier)
I do not want stronger sandboxing for my apps. I'll only allow it to run on my machine if I trust it anyway. I'm not worried about my apps being able to read my data. If a piece of software doesn't do what I want safely and securely, then I don't try to duct-tape it into a sandbox that's regularly broken out of anyway. I remove and use other software.
If flatpak/appimage are the only way to get a piece of software, I won't even waste my time evaluating it.
No, I don't. Because it doesn't need to. But not running as root already provides all the protection I want. System files are not my data. My data lives in my home. I want my apps to have access to my stuff, not the whole system. But more importantly, I do want them to be able to talk to each other and effortlessly open files written by one another. "Isolating" them from each other is pointless if I then proceed to punch holes in everything just so it can work.
"This thing isn't working ... "Oh... it turns out it was missing a permission, should I give it that permission? What's it for? Fuck if I know..."
Or the other way round:
"This app seems like it's working properly, but can I restrict this particular permission for it? Fuck if I know. I'll just try and see if anything is broken"
Or I can just run the application normally and have everything always work.
You should dig into ~/.local and what happens there. I'd never store my keepassxc database file in my home folder if I were you.
Apps need sandboxing, because the linux/posix philosophy of separation through users and groups for each process doesn't really work in the modern day and how graphical software works.
Firejail's approach comes close to "sane" user sandboxes, but technically that's the job of the init daemon (pid 0), there's just no GUI for systemd sandboxes yet that's easily usable.
Podman is also really nice as a user-facing sandboxing daemon.
i know what happens in there. Shit that I install because I want to goes in there. And my keepassxc password is protected by a strong password and a hardware token. They are specifically designed so you can safely store them anywhere (ex cloud backup), so I don't see why you brought that specific example up
Well, I agree with the Wayland and copy/paste clusterfvck.
I was more referring towards Qubes. I think Qubes does a lot of things right, I just wish its user facing settings and tools were easier to use in a graphical manner.
It's the same security for the Signal as on MacOS and Linux. Your user has full control to it, generally all processes running as you can see it and mess with it.
Recall is encrypted with a key in the TPM. But getting access to that encrypted sqlite db is a yawn.
Getting the key is harder, but possible. You can breach into Microsoft's group with a particular set of GPOs - if you can run a particular set of server commands on the local network.
Signal data is encrypted at rest. The key is stored in the OS store - usually meaning the TPM.
However, the key isn't in Microsoft's main grouping. To date, no one has extracted the Signal key this way. Other exploits are required.
Signal being smaller than the whole of Microsoft, reduces the attack surface.
If Signal uses the Windows Data Protection API for saving/encrypting the key (and some data online suggests that it does), then it’s trivial to fetch it back with the same APIs if you’re running as the same user. (I use `keyring` on Windows to access the key(s) VMware Workstation uses to encrypt Windows 11 VM vTPMs)
It’s kept secure by a chain of keys that may be backed by the TPM, but the security boundary is the user, not the app identity. IIRC Store/UWP apps may get their own boundary for credentials (due to how .appx is implemented).
At least this gives forward secrecy, so if someone takes control of your computer they can only spy on signal messages AFTER that point, and can't access prior messages that Recall has captured.
This is only forward secrecy for messages that were deleted and would have been captured by Recall and are still within the snapshot history which has a maximum number of days.
All the messages you've previously synced to the device exist in that Signal AppData directory and can be trivially searched and read by any application running as your user account. And all attachments are also just sitting there.
Given how popular the disappearing messages feature is, a lot of messages are going to be deleted where Recall is a second, less tested copy of things which the user believes are gone. Given the past history of AI tools it seems dangerously likely that someone would find that their Recall history was retained longer than necessary or could be retrieved through some creative misuse of Recall which doesn’t require system access.
> Given how popular the disappearing messages feature is,
I don't think it's really that popular or extensively used. Most people I know who use signal use it pretty rarely. I'll turn it on when I'm about to send something sensitive, but generally it's not enabled. I've been using Signal since 2015 and I've probably only sent or received a hundred or so disappearing messages. I've sent and received many, many thousands of messages. And I mean even in this HN thread tons of people are taking about how they wish the iOS app would have better backup and transfer functions. Something tells me they're not itching to transfer all those already deleted messages.
And sure, maybe Recall ends up saving things longer than it was set for. Maybe Signal does as well. And once again, accessing all your Signal database doesn't even require system privileges just your local user account.
Your browser can access all your Signal messages. Your chat app can access all your Signal messages. Your email client can access all your Signal messages. Your calculator app can access all your Signal messages. That videogame made by Tencent can access all your Signal messages. They don't even have to screengrab, they can just read them.
You should be able to access everything on your own computer - that is a good thing.
The real problem with Recall is that Microsoft will access the data to apply some algorithmic secret sauce. The product manager already probably has all kinds of ideas for the future: targeting ads, upselling licenses, or making MS more attractive to law enforcement.
Yes, there is a benefit for the user, like a nicer search or something, but that is relatively minor. ..because Microsoft is not your friend. This feature is born from a harvesting mindset.
Regarding disappearing messages: I have two chats on WhatsApp where disappearing messages are turned off, and maybe a handful on Signal.
It is actually less common to disable them on WhatsApp than on Signal, mainly because Signal forbids delete windows longer than four weeks. That is not long enough sometimes.
I have no idea how our usage here ends up being so dramatically different. I don't even tend to talk about the feature with most contacts.
Incorrect. This runs locally.
Microsoft is advertising the data just as much as you opening the file in notepad or browsing a folder in explorer.
And once again I just point to all the people complaining about a lack of backup and weak transfer ability. They're not looking to backup a nearly empty history.
It does not matter whether Recall runs locally. Microsoft controls the OS, the feature, and the update pipeline. If they decide tomorrow to start syncing Recall data to the cloud - for any reason - they can. The local processing angle is just an implementation detail, not a meaningful protection.
What matters is that - with this feature turned on - MS is structuring and indexing your private data at the system level. That is not a neutral act. Once the data is structured and accessible, uploading it is trivial. And given Microsoft's cloud-first direction, the trajectory seems clear to me.
I understand your point, but the theoretical similarity between unstructured local data and the Recall database is not useful in practice. It's like telling a farmer that it doesn't matter whether the grain is in the barn or still in the field because he can access it either way.
> Microsoft controls the OS, the feature, and the update pipeline
So then this is true whether or not Recall exists, because Microsoft could have gathered this data either way. They could decide tomorrow to have Explorer siphon off that data, they could have Edge siphon off that data, they could have Windows update siphon off that data. Microsoft could have silently been doing this the whole time.
If you don't trust Microsoft with Recall, you shouldn't trust Microsoft with any of it. And you probably should have moved off Windows a long time before.
> MS is structuring and indexing your private data at the system level
This has been going on for a long time. Once again, if you don't like the idea of Microsoft running software in a Microsoft operating system to read your files you really shouldn't be running Windows, and shouldn't have been running Windows for decades.
It's not different on Linux, every App can access any key in kwallet. To make this not possible the os would need to generate some kind of unique app id that can access only what it stored. This would probably result in a lot of lost passwords for normal users.
I agree with Signal here and love their commitment. Strangely (to me) they do 'recall' things in other ways:
* They have a message retention setting, 'Disappearing messages'; it works on message correspondents' devices too (if Ali sets Disappearing messages' to '1 day' for the chat with Barry, and then texts Barry, 1 day later Signal deletes the message on both Ali's and Barry's devices).
However, 'Disappearing messages' applies only to text messages. For every voice and video call, Signal retains a record of the date and time and the participants, and Signal saves it on the devices of each participant. Beyond a doubt, Signal's developers are well aware of the value of such metadata - as valuable as call content, in different ways - and the need for confidentiality (if you aren't familiar with that particular issue, I promise that every security professional is).
I'm shocked that they do it. What about a human rights dissident who is arrested - or whose phone is stolen - their phone won't show any sign of the text messages but it shows everyone they called and when, implicating all those other people and putting them at risk, and also evidence against the phone's owner. And even if they are disciplined and manually delete each of those records - afaik you can delete each call record one at a time - the other call participants' phones still retain the records. There is nothing someone can do to protect themself.
Better security here doesn't seem hard to implement. Also, I think having different settings for text messages and for voice/video calls makes retention settings more confusing for users. Many will believe they are safe without realizing the risk of this metadata - they trust the experts at Signal to understand these things and keep them safe - and many will assume everything disappears. Just have one setting for all data and metadata in the chat.
* Also, afaik if you delete the entire correpondence with someone - delete their entire chat history and delete them from the Signal address book - Signal retains information on them, such as settings for that chat. It seems that an attacker could identify all the deleted correspondents; again, there's no way to protect yourself.
> Better security here doesn't seem hard to implement.
You seem to assume it would be very simple to implement this — how do you come to this conclusion? My priors would suggest that the vast amount of effort that went into the Signal protocol renders low-hanging fruit regarding privacy fairly unlikely.
The GP is actually right here, Signal keeps the call log in the message history (deleting the call entry from the message history deletes it from the call log), but the disappearing messages setting doesn't get applied to the call log.
It's weird to see a bunch of messages, a call, more messages, and a day later the messages around are gone, but the call remains in the history. They could have just applied the disappearing messages settings to the call entries too, as it would be natural to do, and this problem wouldn't exist.
I don't think it's malicious, because what the server knows is independent of what the UI shows, but it's a very odd UI issue that does reduce privacy.
They keep it in the UI, therefore I assume in the database as well. If you delete a call entry in the message history (like you delete a message), it gets removed from the "call history" tab as well.
> vast amount of effort that went into the Signal protocol
If it requires protocol development, I'd agree. I expect - knowing no more than Signal's blog posts - that it has two components:
* Local database: These records need a retention period column, somehow - however they implement it with text messages. That seems straightforward.
* 'Distributed retention' - implementing the retention period setting on the remote devices of other call participants. I expect they would do it the same way they do with text messages, and I would guess it's just a field in a packet somewhere; e.g., establish a secure connection and then in the call's initial packet,
It can use usernames now. I don't have any of my Signal contacts in my contact list, and I can't see their phone numbers any more since they introduced the usernames. Not sure if by digging in the database files I could extract the numbers or not.
Ok, now where are Signal's servers hosted? You're not safe for any secret police from those countries and countries friendly to the hosting countries.
> It's never used after that (unless you want to use it).
As in there's no way to accidentally leak your phone number to your contacts on, say, a new installation that comes with the option to make it visible by default?
Edit: You are making one uninformed assertion after another. Stop making endless errors and just look up these things at signal.org. They are very open about it.
> Ok, now where are Signal's servers hosted? You're not safe for any secret police from those countries and countries friendly to the hosting countries.
Signal is very open about what information they collect, which is all they can produce: a phone number, and "the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service".
> As in there's no way to accidentally leak your phone number to your contacts on, say, a new installation that comes with the option to make it visible by default?
Is there? What are you claiming, and based on what? There are infinite speculative security risks.
Windows has turned itself into spyware. Apple is too expensive and going the same way.
Meanwhile the user experience of Linux has dramatically increased. Put on a good skin and most people wouldn't notice the difference. You don't need to reply that you can, I know you can. You're on HN. But most people just use their computer for the browser and most people can't tell Chrome from Firefox. Most people get their lockin by their tech friend or child. Really, Microsoft's only lockin remains Office.
It won't be a complete shift but the signs of growing userbase is there. Would be a huge win for open source! If you haven't tried Linux in a few years try giving something like PopOS a go or if you want to say you use Arch then try EndeavourOS. Both are very stable, latter slightly less.
Edit: enfuse was right, I should have suggested EndeavourOS instead of Manjaro.
The problem is, until laptops sold at Walmart or Best Buy start coming with Linux pre-installed as an option, adoption will never happen. Installing an aftermarket OS is just an incredibly unrealistic expectation from the average user.
Microsoft knows this, and they will do everything they can to prevent OEMs from shipping anything other than Windows. Apple of course, forget it. Their profit comes from leeching off FOSS and selling it, they would never allow distribution of it directly.
> until laptops sold at Walmart or Best Buy start coming with Linux pre-installed as an option
This is a circular problem though. They'll do it if Linux starts becoming more popular.
If you want to see this, make sure your browser agent is broadcasting Linux[0]. Make sure you're using Steam in Linux.
But right now Steam has Linux at <3%[1]. It is more than OSX, but not enough. I do think above 5% and it'll start to be taken seriously, and 10% we'll start seeing moves. Linux doesn't need 90% of the marketshare to dramatically change the world. 10% is more than enough. Even 20% would be momentous and force both Microsoft and Apple to change strategies. Don't feel like there's no hope. Just because it is an unrealistic expectation today doesn't mean it will be tomorrow. And your actions today change the odds of what happens tomorrow. So don't give up.
You don't have to change the world overnight. But you do need to make steps in the right direction, even if small, to make the world move.
[0] You can even do this while using Windows! Hell, you can use Chrome and tell people you're using Firefox on Linux if you believe in those things but just are unwilling to make the switch yourself. The signaling still does something (it is better than nothing).
I think the overwhelming majority of this is Steam Deck usage. While that's certainly a feather in the cap for Linux, I don't think really counts toward Linux momentum as we're using the term here. Nobody is going to start investing in polished desktop Linux software because there are a lot of Steam Deck buyers.
> I think the overwhelming majority of this is Steam Deck usage
Please click the link and on the OS tab for a breakdown, as your conjecture is falsifiable[0]
MOST POPULAR PERCENTAGE CHANGE
------------------------------------------------------
Linux 2.27% -0.06%
------------------------------------------------------
"Arch Linux" 64 bit 0.21% -0.02%
Linux Mint 22.1 64 bit 0.14% +0.02%
Ubuntu Core 22 64 bit 0.10% 0.00%
Ubuntu 24.04.2 LTS 64 bit 0.10% 0.00%
"Manjaro Linux" 64 bit 0.06% 0.00%
"EndeavourOS Linux" 64 bit 0.06% 0.00%
Debian GNU/Linux 12 (bookworm) 64 bit 0.05% 0.00%
We do know that SteamOS is Arch based. So yeah, it is the dominant player there. I'm not entirely surprised, but I don't think anyone was.
But important to note, there's only a 0.05 difference between Arch and Mint. It's important to note because
1) Arch is incredibly popular and we can't guarantee all users in the Arch category are SteamOS users
2) Mint is currently the most popular distro[1]
> Nobody is going to start investing in polished desktop Linux software because there are a lot of Steam Deck buyers.
Maybe not, but also polishing of the Linux desktop has happened regardless of this. In fact, it is what drove SteamOS. Please refer to the items on [1] as literally the top 8 distros were developed for this explicit purpose (making Linux more user friendly).
I came back and found the difference. You clicked "Linux Only". But I'm glad you did, because it gives us additional information helping us actually answer the previous question more accurately. Strongly falsifying the earlier conjecture that they were mostly SteamOS. We can see only a third are. 2/3rds of Linux Gamers are NOT using SteamOS (definitely a subset of SteamOS users are also not using a Steam Deck)
"SteamOS Holo" 64 bit 33.78% -0.70%
"Arch Linux" 64 bit 9.45% -0.23%
Freedesktop SDK 24.08 (Flatpak runtime) 64 bit 6.41% +0.15%
Linux Mint 22.1 64 bit 6.20% +0.89%
Ubuntu Core 22 64 bit 4.62% +0.23%
Ubuntu 24.04.2 LTS 64 bit 4.44% +0.26%
"Manjaro Linux" 64 bit 2.61% -0.05%
"EndeavourOS Linux" 64 bit 2.46% +0.06%
Debian GNU/Linux 12 (bookworm) 64 bit 2.27% -0.08%
Pop!_OS 22.04 LTS 64 bit 2.23% +0.02%
Other 25.54% -0.53%
https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam?platform=linux
With the number of Steam Decks sold estimated at 3-4 million, and the number of monthly active Steam users being around 130 million, I think it's safe to say that 0.21% does not represent SteamOS install base.
As far as I know, SteamOS doesn't show as Arch, but rather as its own thing
The way to make Linux takeover is get kids using it
To get kids using it needs to do lots of cool shit easily
Windows could play games easily when Linux could not even use a USB mouse
The time is right to make Linux do cool shit easily with local generative models that help iteratively create games
Replace all the desktop legacy with some blank canvas and local models that draw on the canvas. Ship some baked in models to generate shells of games to iterate from, boom.
This is exactly the fear of big SaaS and why VCs outside a key handful are done with it.
Apple Silicon is a glimpse of local compute future. Fanless laptops running models that generate entire coherent universes like Marvel and Star Wars. (Don’t need giant models just dense enough to get 80% and let users “zoom and enhance” with their own input)
Show that potential with local models on Linux and it’s over. Three options then; government demands hardware is locked down to preserve Hollywood/gaming/media, open compute wins, or both sides destroy the world over it.
In an interview with IGN during Covid lockdown Gabe Newell was describing generative AI as an existential threat to content creators. It could be temporary as the next gen grows up with a new normal and doesn’t obsess about a career in digital design or web dev, yt video production. It could end humanity as existential dread settles in for millions stuck in some narrative about their existence that no longer holds economic value.
> The way to make Linux takeover is get kids using it
Agree!
> Windows could play games easily when Linux could not even use a USB mouse
I don't think I've ever had a USB mouse (or wireless mouse or keyboard) issue in the last 15 years.
Games? I'll give you that. But honestly, Steam has really made that almost a non-issue. Good guy steam! (their work has affected more than SteamOS)
> Replace all the desktop legacy with some blank canvas and local models
This seems like the opposite of what you initially argued.
Models as in... LLMs or ML models? This seems like a great way to break things. I'd really encourage you to get these things to try to do what you're saying they should do.
> Apple Silicon is
Where are you going with this?
> Show that potential with local models on Linux and it’s over.
I'm an ML researcher... these models are generally made and deployed on linux systems. Explicitly because they work better there and is easier to deal with.
> In an interview with IGN during Covid lockdown
Serious question: you okay? Did a LLM contribute to your comment? Did a LLM make the whole comment? GPT, can you describe to me Act 4 Scene 5 from Henry V but as told by a Pirate from the deep south? (American south)
Kernel-level anti-cheats. It's pretty much a prerequisite for any sort of competitive multiplayer gaming these days, but also increasingly common even for online coop. And they usually only work on Windows.
KDE has seen plenty of activity related to the Steam Desk, I heard. Valve regularly contribute to Wine, which is used for desktop Windows software. If the entire stack is consistent between the two, how wouldn't it translate to better desktop software? It's the same as how server investment in the kernel benefits the desktop users, only with a much greater intersection.
I think a lot of people feel powerless when going against such big entities. I get this. But I think it is important to remind everyone that you don't need to do everything at once.
Our job often involves breaking down big problems into many little problems. So it should be clear that making little steps makes progress towards solving the big problems. It can be easy to feel like that progress isn't happening and it can be frustrating that it isn't happening fast enough. But our experience should also tell us that it all seems to quickly come together towards the end. There was never a magic leap, it was all the small steps put together.
Linux advocacy often reminds me of a favourite quote from Margaret Mead:
“Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it’s the only thing that ever has.”
I think it’s very promising, if you believe in the potential of Linux on the desktop, that gaming used to be the standard “Linux doesn’t do what I need, so I stay on Windows” argument. Thanks to a lot of investment and hard work, particularly by Valve and others contributing to software like Wine/Proton, that is no longer the case. Many games work fine on Linux today, even among the big names. Some even have native versions. It mostly seems to be “anti-cheat” measures that are statistically indistinguishable from malware that still cause trouble.
Another potential sticking point for adoption by home users today is that few, if any, of the big streaming services work well on Linux. This also seems to come down at least partly to DRM. A cynic might suggest that this is because Linux will give a more appropriate response if a copy protection system tries to do invasive things that it has no business doing on someone else’s computer. In any case, it’s another significant barrier, but if we could get to the point where you could at least watch HD content like users of other platforms when you’re paying the same subscription fees, it’s another barrier that could fall.
This latter example is, of course, more than a little ironic given the subject of today’s discussion. But then the behaviour that the DRM system is being subverted to protect against by Signal probably wouldn’t fly for more than five minutes on Linux in the first place, so I don’t think Linux not enabling intrusive/abusive DRM is really the problem here…
I agree. I think the problem is it is easier to see the distance we still need to go than the distance we've already covered. It is good to reflect and look back, seeing how far we've come. It's the best thing to motivate continued efforts forward.
> It mostly seems to be “anti-cheat” measures that are statistically indistinguishable from malware that still cause trouble.
This seems to be a big hitch. But we also know that studios will drop these methods (hopefully in favor of ones that actually work without being incredibly invasive) if the userbase pushes back. They can only make these moves because people don't care. Or they care only as far as their mouth, but not to their wallet. Certainly there is addiction here, and that should be accounted for, but it does still warrant push. That's only sufficient as an explanation, rather than an excuse.
This seems like a worldview borne from an era where the PC was _the_ definitive, ubiquitous computing device of choice for the layperson. These days, that crown is taken by the smartphone.
If you need a PC in 2025, you're probably a fair bit more knowledgeable than someone buying one in 2005. You're also almost certainly buying one online, possibly even directly from the manufacturer or builder, which means the seller can simply give you options and doesn't have to worry about competing for store shelf space.
Surely the people who speak of "linux on the desktop" (not me, for the record) are at least in some small sense alluding to being able to have some of the freedoms historically associated with Linux, originating in the GNU movement and all that? The right to study, share, etc.
What I mean is that I would have picked Android as quite a good example of how the technicality of running the Linux kernel under the hood means very little in terms of users being empowered, or anything of the sort.
You are correct. If folks want that "freedom," then these are not the droids they are looking for.
However, folks that want that freedom, are a pretty small segment of the population, heavily represented in this community. Apple is a 3 trillion-dollar company, because most folks aren't like HN members.
iOS is pretty much Apple’s fully bespoke operating system at this point. You might be overestimating how much it actually shares with Unix (it boils down to a few standard libraries and terminal commands and no actual code).
Functionally, iOS and Linux are only about as similar as a penguin and a robotic statue of a penguin.
Well, I'm not sure exactly what's under the hood, but I write Apple software, and I use a lot of the same NSXXX calls that have been in it since the dawn of OSX.
NextStep was a shell over FreeBSD. MacOS X was an evolution of NextStep.
Some time ago, I wrote a network driver for iOS, and used BSD sockets, accessed via standard C. I remember using the BSD manual, to figure out how to use them.
The NS calls behave the same now, as they did, back when OSX was new, and, at that time, MacOS was definitely UINX. iOS is a direct descendant of MacOS.
macOS is literally certified Unix. Apple still shells out for certification of their new releases, although I'm not sure what they're getting out of it given that macOS Server isn't a thing anymore.
iOS is arguably a subset, but whether it's Unix-like or not is a philosophical question depending on how you define the minimal set of features that'd make it one. It's certainly not Unix-like from the end user perspective.
> Microsoft knows this, and they will do everything they can to prevent OEMs from shipping anything other than Windows
You're right and they effectively licensed XP to Asus for free for use on the Eee PC (which originally only shipped with Linux) when it was shaping up to be a hit.
The way that the netbook 'evolutionary branch' went from lean and mean to underspecified bloated windows small laptops is one where I really wonder if MS suffocated something that would have been to their benefit longer term if only they could have put out their own lean OS and an ecosystem of lean software to run on it.
It was at the time mobiles were picking up momentum, and just before tablets arrived on the scene (the ipad launched 2010, the tablet focused Android 3 came out in 2011), and a lot of people migrated away from windows for their personal computing needs. There's also been MS's ultimately failed efforts for their own mobile platform. Besides the established huge momentum of gaming and professional/office usage it's difficult to see why consumers would move to windows, or what MS offers to prevent the momentum slowing and linux slowly chipping away at it.
I worked at a computer shop at the time. Few consumers wanted the Linux versions: they all chose Windows. I'm not sure the license was free, as the Windows machines were more expensive with the same hardware.
So I checked on the Internet Archive; we sold the EEEPC 900 with Linux for €329, and the Windows EEEPC 901 for €409. The Linux had a Celeron M and the Windows an Atom N270, so I guess I misremember them having identical specs.
I assume the Atom is faster(?) The XP machine felt slower though.
Most people just don't care that they're being spied on. Most people don't care about anything actually, they're in a constant state of despair and see no point to anything so they just try to make the best of the time they have.
Adoption is already happening, as it has been for years, but especially now that MS and Apple are producing worse and worse OS/software that treats the people who use it worse and worse. I'm frequently pleasantly surprised by hearing that someone uses a Linux machine with regularity. It used to be a really rare, techie-only kind of thing. Pulling people away from literal decades of complete personal-computing domination with a completely free, near-zero-marketing alternative is a very slow, gradual process. It's great that those dominant vendors are doing their very best to push everyone to the alternatives :)
This is all well and good, but the problem is, I've seen comments word for word like this one back in 2006 - and wrote some of them myself even. Back then it was Vista that was supposed to drive Windows users away, and, indeed, I personally helped some brave folk switch. Some lasted longer than ours but all were eventually back on Windows.
You can buy a PC with Linux off the shelf in some countries. In practice, it's an open secret that the machines are for people who don't want to pay for a Windows license but will use Windows anyway.
Until these vendors break into EDU it’s an uphill battle.
In WA, every school has Microsoft smart boards and laptops running windows. Kids grow up using it and when they buy their own computers they aren’t going to choose a small boutique builder running an unfamiliar OS they won’t know how to use right away.
Apple has a lock on a lot of EDU as well, and the iPhone is so ubiquitous it’s an easy sell to get folk using other products
Those systems look beautiful but it’s a minority of people that will make a large purchase on something like this.
You think kids have brand loyalty to the vendors that scam/muscle/bribe their way into the classroom?
Most of the EDU software is trash, the incentives are all aligned to spend billions on acquiring the contract and close to zero on execution and most of these kids are traumatized from sitting in a classroom with some clueless dope at the front yelling at them to IPad IPad IPad algebra
Is it? You can get an M1 MacBook Air at Walmart for $699 now. That's more than many of the bottom-of-the-barrel Windows machines out there, but it's not an unreasonable price at all. It'll keep away the lowest-end users, but most of those users 1) are not going to care about the security issues, because they don't know anything about computers beyond base utility, and 2) have mostly switched to doing everything on their phone/tablet, and aren't as big of the computer demographic these days anyway.
The $699 MacBook Air has 8GB of RAM. That's hardly enough now, much less if you plan to keep it for a few years. Which hardly matters when you can get 64GB of DDR5 to put in it for less than $100. Except that it isn't upgradable.
I've been using 8 GB of RAM MacBook since 2015, and by then this “8 GB isn't enough” chorus was strong. Nowadays I use a M1 Air, 8 GB of RAM, zero complains, really.
For most people that just browse the web, write some stuff and do their email, 8 GB is still enough.
Yeah, Apple's bottom barrel pricing isn't terrible, but as soon as you start upping specs the price goes out of control (disproportionally from the underlying costs.) Looking at pricing for the current Macbook Air, it's $400 to upgrade from 16GB to 32GB. A 16GB SODIMM costs ~$40 retail.
That $40 16GB SODIMM is significantly slower than the memory they use - even on the desktop side 16GB of comparable DDR costs twice as much, and that’s before you factor in the latency and bandwidth hit.
The problem is that there’s no alternative in the Mac world for people who don’t want the fastest option any more. Moving from the 16GB MacBook Air to the 32GB is a mandatory CPU/GPU upgrade and there’s no way to only buy one of the two if you don’t need the other.
> That $40 16GB SODIMM is significantly slower than the memory they use
No it isn't, Apple uses ordinary LPDDR5. The higher end models achieve higher bandwidth in the same way as HEDT PCs: By using more memory channels. The base M1 in that MacBook Air doesn't even do that, it has the same memory bandwidth as dual channel DDR5 PCs.
many people in this thread are saying average users are just using their web browser, so they are “served fine with linux”. But apparently 8GB is unacceptable to run a web browser on mac os.
So which is it? lol.
And FYI 8GB is more than enough for a casual desktop/laptop user, at least on the M series macs. I used my wife’s M1 macbook air with 8GB of ram for a week while my new laptop was shipping in the mail. Even if I pushed it with 1 or 2 heavy apps, such as IntelliJ IDE (java development), it performs pretty well, albeit with some paging to disk on large projects. Barely noticeable and the system remained very responsive. For casual usage (zoom, google docs, gmail, instagram) it didn’t fill up the ram.
> many people in this thread are saying average users are just using their web browser, so they are “served fine with linux”. But apparently 8GB is unacceptable to run a web browser on mac os.
Are these things in contradiction? A web browser can very easily use more than 8GB of RAM by itself.
> Barely noticeable and the system remained very responsive.
"It's fine to run out of ram and start swapping because the SSD is fast."
I've been using an M1 MBP with 8GB of RAM since 2020 for video editing, Blender, music production, and web development, and it's fine. It's not perfect, but it's totally serviceable and I rarely think about it, which tells me that 8GB is enough for the average computer user who's doing much less intense work.
If your SSD is near its max-capacity, then any extra wear has a bad affect on its longevity. But modern SSD’s handle excess writes very well if they are not near capacity.
A few extra GB written to disk daily is a drop in the bucket in an SSD’d TBW rating, no??
I’d say for a casual user with low storage needs, it’s perfectly fine. Otherwise it’s a bad idea imo.
Wear leveling spreads the wear out. If there is no free space, it can't do that, and you're completely screwed.
The problem with swapping is that SSDs are fast. If you have 8GB of RAM and manage to pick up any workload with a 10GB working set size, you're short 2GB, so the OS will have to put 2GB on the SSD. But your working set is 10GB and now only 8GB is in RAM, so it needs that 2GB back immediately. To do that it has to swap out some other 2GB, which it also needs to have back immediately. The result is that your SSD is the bottleneck and ends up maxed out doing writes.
NVMe SSDs will do something like 4GB/sec. Not a few GB a day, a few GB a second. A 256GB consumer SSD that can handle 100 full drive writes over its lifetime can thereby hit its lifetime wear rating in just two hours. Under ordinary storage use that doesn't happen because you're not maxing out the drive for hours on end -- after all, if you were storing ordinary data, writing at 4GB/s would cause the drive to be completely full after only 64 seconds.
But swap is deleting stuff and overwriting it and deleting it again. In a pathological case it could burn out a brand new drive in an afternoon and in more realistic cases could plausibly do it over a few months.
What's telling for me is that SSDs have been a readily available consumer part for around 15 years now, a default option in PCs for quite a while now, and to my knowledge there hasn't been many tales of SSDs dying (specifically for write endurance or otherwise) beyond occasional bad models like the old OCZ vortex2s. Even early torture tests were finding that you'd need to push around 2PB of writes (on smaller drives than we have now) to get failures, and that was on a sample size of 1 for each model. I wouldn't expect a SSD to die more than any other electronics.
I've got a few dozen tales of SSDs dying in machines I've managed. Some dying slow deaths with lots of bad reads, some locking themselves in a read only mode, some just disappearing from the system.
Neither of those assertions is correct. You personally may have a workload which requires more RAM, but there are many people – even developers – who have direct experience otherwise. macOS is notably more memory efficient than Windows and the M series hardware has efficient compression, and that configuration holds up fine for the usual browser+editor+Slack+normal app usage which a lot of developers have.
SSD wear is a concern, but they aren’t using low-end components so you’re looking at 5+ years of daily usage. I used an 8GB M1 for years and when I upgraded to an M3 there was no indication of SSD wear either in measured performance or the diagnostic counters.
> You personally may have a workload which requires more RAM, but there are many people – even developers – who have direct experience otherwise. macOS is notably more memory efficient than Windows and the M series hardware has efficient compression, and that configuration holds up fine for the usual browser+editor+Slack+normal app usage which a lot of developers have.
Sure, it's physically possible to use a machine with 8GB of RAM without running out. If all you do is open some terminals and a single-digit number of browser tabs to well-behaved websites, 8GB is an ocean.
But that use case is the exception, not the rule. Worse, ordinary people don't know what causes it. If you're a developer and your machine is sluggish, you know enough to realize it's because it's swapping, and in turn to know that it's swapping because you opened up some ultra-high-res NASA images in an image viewer and forgot to close them, or because you have the tab open for that awful news website that will suck up 20GB of RAM all by itself with its ridiculous JS, or simply because you have 10 different apps running.
For most people, all they know is that their computer is slow -- which it wouldn't be if it had an adequate amount of RAM.
Meanwhile, because they don't know what causes it, they don't know what to do about it, so they just suffer through it. Which has the machine continuously swapping, which is what wears out the SSD.
No, $699 is too much. That being said price isn't the only thing that keeps me away from Apple. They are beautiful systems but very annoying to use IMO. Speaking as a long time Linux user who occasionally helps people with their computer problems (Mac and Windows).
For some perspective: Computer Shopper 1993 GW2K 386SX at $1300. Today that is $2800. That $699 Mac is getting you a machine that would have been a TOP500 supercomputer in the 90s.
And your credit card has a more powerful computer than the Apollo lunar lander.
But software development (for both OS and applications) is continuing in parallel with hardware improvements, so there's a strong implicit demand of you to also continue upgrading, at least if you need to interoperate with any other computer in the world.
If my Grandmother had wheels she would have been a bike. Yes, things change over time. I cringe to think of what some of the original 42" flat screen displays cost relative to the huge (much better looking) OLED panels of today.
Here's one data point. My grandmother and mother now both use Raspberry Pis as their primary computers and are 100% satisfied. My father is looking to switch as well and he's been setting up a GrapheneOS phone I made for him which runs flawlessly.
If year of Linux doesn't arrive by choice, authoritarianism will force the issue one way or another.
My kids have an old Thinkpad T440p that's their Scratch/Roblox/Minecraft machine, and overall it works well enough running Ubuntu (originally 22.04, then 24.04, now 25.04). But it has been far from seamless:
- the built in bluetooth and wifi can't be used at the same time; for a while we mitigated this with a USB wifi module, but that eventually broke and so now bluetooth is just disabled.
- it's hard to figure out what apps and app data are shared between users. AFAICT there's one Steam install my kids are sharing, but each one installs their own copy of a game, which is terrible for disk usage.
- a bunch of games don't work, especially from non-steam sources like Epic and Itch.io. I've heard about the Heroic Launcher, and I will try it at some point, but it's just... one more fiddly thing to have to mess with.
- several Minecraft launchers / mod-managers have been tried, but I can't seem to keep my Microsoft account logged in on there, so I eventually just put my password on a sticky note so they could re-auth it whenever needed (fortunately I don't use it for anything else).
- unattended-upgrades pulled a new kernel and the thing just panicked on startup until I went into the grub menu to get the previous one and reverted.
- until 25.04 the power management story was terrible, the machine would chew through the whole (newly replaced) battery in less than an hour.
As a competent nerd I've been ~fine with all this, but it's honestly right on the edge of acceptable. I expect a normal person would immediately give up in the face of most of these— either give up in terms of ditching the machine/OS or give up as in accepting a limitation like it just doesn't play that game or I just can't use my earbuds.
The minecraft thing is a problem regardless of launcher, to the point that I actively condone people pay for the game then find ways to not require online auth.
Some moron at Microsoft decided that if your password is serving its purpose and people aren't able to get in but that there are a bunch of attempts that you should need to reset your password. Because of this, I have to reset my password. Every. Time. I. Want. To. Play.
But that means multiple 2FA codes to both my non-mirosoft account email and to my phone. All in all, it usually takes about 7 or 8 minutes each time I want to play, which is an ABSURD amount of friction for an account I don't want to be using to play the game anyway, given when I bought it it was a Mojang account without all the associated, creepy TOS changes.
Don't be afraid to look around for ways to play without a legitimate account if you've paid. If that's the better experience, it is what it is.
>- several Minecraft launchers / mod-managers have been tried, but I can't seem to keep my Microsoft account logged in on there, so I eventually just put my password on a sticky note so they could re-auth it whenever needed (fortunately I don't use it for anything else).
I used to work on a T440s on Debian from 2013 - 2017. I am surprised that your battery life is so poor on Ubuntu. I was able to frequently push my 9-cell battery laptop to 12 hours with careful usage.
If I forgot my charging cable at home, I could do a full day at the office with music and internet on battery.
Might be the nature of the task, game playing vs text editing, or there was something wrong with a driver or background process.
Or another factor is that I think often the "new" batteries for old devices are in fact themselves old and have just been sitting around on shelves for years. Obviously that doesn't wear them as hard as actual cycling, but it's not nothing, particularly if they're allowed to discharge down to empty.
This is a perspective I'd like to hear more often. Too often I hear all these supposed ideal solutions without mentioning the pitfalls of having to support a non-technical family.
Pi hole is a good example. Do all websites (and other services) still work perfectly but without ads, or am I going to have to endure sighing and eyerolling everytime someone asks me why their site isn't loading (again)?
The main annoying thing about piHole with a non-technical family has been that it blocks google shopping.
You know, when you search for a thing you want to buy and google shopping shows a list of common stores on top of the search results like a bunch of little cards? Yep. Clicking one there causes a failure because that link is a google ad link. Same thing if you tab into "Shopping". All links are broken.
Otherwise, it's been 4 years and no other complaints at all.
GP here and yes I've experienced that too— I run a pihole-style blocklist on my OpenWRT router and never got a good workflow together for adding exemptions to it.
On a phone it's not a huge deal as you can just momentarily switch to data, click through, and then switch back. But it's more annoying on a computer where you have to figure out where that link was going to go and then get there by an organic path.
> Do all websites (and other services) still work perfectly
Like 99%? I've rarely seen problems running it for years
> but without ads,
No. It is only a DNS blocker. Most browsers these days will bypass that anyways. But it is definitely helpful for lots of other things on your network. You can also point the browser there to get the same benefits but still won't replace an adblocker.
I have been using thinkpads since forever and bluetooth and wifi both work (at the same time, yes). It seems more likely to be a broken machine. Which can happen.
I had a faulty keyboard on a thinkpad that was causing a lot of seemingly unrelated problems, like freezes or suspend not working. Replacing the keyboard resolved everything.
It was kind of a subtle failure, tbh— like when bluetooth was active (game controller, headphones) then the wifi would suddenly have huge packet loss resulting in a bunch of retransmissions. So it would kind of still work but be really annoying to use. That said, I haven't fully re-tried it since updating to 25.04, so maybe the story is better on the newer kernel.
The keyboard has already been replaced once, though at the time I just bought whatever was cheapest on eBay, assuming they were all the same, and I think I did get a bit burned with a crappy knockoff— the keys are weirdly clicky and several feel like they're about to pop off at any moment; I have the LiteOn keyboard standing by which I'd like to try out, as that's the one that comes recommended most often online.
The bluetooth problem predated the installation of the replacement keyboard.
Anyway, I'm not going to fight for this, I'm just saying my "Linux desktop for non-technical users" experience in 2023-2025 timeframe was such that I don't know that I would do it again, and certainly would be extremely hesitant to recommend it to a household where no one is standing by with the willingness and aptitude required to tackle a boot-to-grub situation.
Linux is great for technical people, or at least technically-inclined and patient people, who can overcome the inevitable technical obstacle that most of us don't even think about. It's also great for people whose needs are so basic-- email client and web browser basic-- that once they're set up with a default everything, they have no interest in doing anything that might present a technical obstacle.
Neither of those user groups are the problem. The problem is the majority of computer users that have real practical skill born from computer use at school, work, while gaming, doing art, etc. They want to do enough with their computer to run up against technical obstacles, but
a) don't have the significant amount of prerequisite knowledge we take for granted to generalize what they know to other operating systems
b) don't have the subject matter interest to inspire them to get that knowledge
and those two things mean
c) view any extra steps required to do something on Linux (e.g. use wine to run software they've been using for a decade) as a needless hassle that prevents them from doing what they really want to do, rather than a satisfying problem to solve because configuring the computer is part of the fun.
So if they hadn't already given up on Linux, they might ask one of the bazillion "Hey I'm a bit of a noob here, but..." questions on reddit or whatnot only to receive a barrage of conceited responses by zealots who make it very clear how put-out they are by their question-- which they didn't have to read, let alone answer-- and how rude it was for them to not read entry 427 on the FAQ which leads to a page of resources that might have addressed part of their problem. If nothing else has already discouraged them from continuing, that sure will.
Unless someone with those users' needs at the forefront of their design practice Bluesky's Linux (some like pop os are making a solid effort), it will never ever work as a general-purpose desktop OS.
Please give Linux a try. Don't let the perception deceive you. Perceptions are slow to change and a lot has changed in that time.
> They want to do enough with their computer to run up against technical obstacles,
They will solve those problems the exact same way they solve them on Windows: Google, StackOverflow, forums, GPTs, or whatever. There's even an advantage in Linux as there's a large number of highly technical users already doing exactly the same thing and will share knowledge.
> use wine to run software they've been using for a decade
Wine for what? Word? I think most people will use the browser.
If you mean games, I think Steam has got most of that covered. Proton hides in the background for most people.
But these users also happily will install engines for game modding and other things. Give what I see these people doing, Wine seems like child's play.
> only to receive a barrage of conceited responses by zealots
I agree! That sucks! I do try to fight this and there has been serious strides in this direction over the last decade. In fact, I'd argue that the suggested distros were part of this response. The attitude you see on EndeavourOS, PopOS, or Ubuntu forums are very different. Hell, even the Arch forums are getting better! Sometimes they provide links to the "dupe". They're almost to the state of StackOverflow! But I mean... let's not expect that to be ever fully resolved. We lost the war for the Noob Guide (I fought for that and was a contributor!), but at least we got Manjaro and Endeavour in return ;)
I really do mean it, things have changed a lot in the last 10 years. I'm sorry for those experiences. I hated them when they happened to me and I step in when I see them happening. It's the only way we can make change. But what you describe does not seem to be the state of things I see today, but it does describe the state of things I saw (and experienced) in the past.
> Please give Linux a try. Don't let the perception deceive you. Perceptions are slow to change and a lot has changed in that time.
I've been using Linux for nearly 30 years-- professionally and as a desktop OS-- and am also a UI designer. I've even used everything from AIX to Solaris and even HP-UX on an old phone switch. What I'm saying is coming from the usability designer focus on the experience of new users and the problems they have.
>They will solve those problems the exact same way they solve them on Windows: Google, StackOverflow, forums, GPTs, or whatever. There's even an advantage in Linux as there's a large number of highly technical users already doing exactly the same thing and will share knowledge.
The difference is they don't generally have those problems on Windows or MacOS. How many windows users encounter serious problems... say... updating their video card drivers.
> Wine for what? Word? I think most people will use the browser.
Trivializing the needs of non-technical end users while also trivializing the difficulty of adopting new tech paradigms is really at the root of the problem in FOSS usability, in general. Lots of people use adobe products, video editing software, games, random utilities for hardware peripherals, CAD software, industry-specific or worplace-specific programs... there are lots of things that users who sit between software developers and users that would be fine with a chromebook.
> d argue that the suggested distros were part of this response. The attitude you see on EndeavourOS, PopOS, or Ubuntu forums are very different.
For users that don't want to 'use a computer,' but want the computer to solve whatever problem they're having in the way they're used to solving it, that's already a nonstarter. I'd wager that no more than 10% of computer users have seriously researched a technical problem trying to troubleshoot it. I'd wager about 20% of that already small crowd has consulted formal software documentation. It's just not a natural process for most computer users. It would be great if people were more interested enough in how computers work, even superficially, but many are not. It's just the way it is. People don't need encouragement to try linux-- they need a fundamental shift if the way they approach computer usage-- as a complex tool rather than a flexible appliance. There's a gulf of requirements that aren't being met to bridge that gap for all but the lowest-level users.
> one of the bazillion "Hey I'm a bit of a noob here, but..." questions on reddit or whatnot only to receive a barrage of conceited responses by zealots who make it very clear how put-out they are by their question-- which they didn't have to read, let alone answer-- and how rude it was for them to not read entry 427 on the FAQ which leads to a page of resources that might have addressed part of their problem.
Today's Linux support forums are nothing like this. You only get an angry response when you start out by whining about how Linux "can't" (doesn't, with your current understanding) do what you want, or doesn't behave exactly like what you're familiar with. You might get asked to pay attention to the forum rules and guidelines banner that tells you to use some inxi invocation or whatever to get your system info - and that will link to a fully detailed guide on how to do it, as well as how to format your post properly.
If anything, the Mint forums for example are too eager to assume you're a noob, and will suggest awkward foolproof approaches to everything that don't respect what you're trying to accomplish if it's a bit advanced.
Okay, the Arch forums will respond to you with just a link to the Wiki if you're asking something that's well covered in the wiki. That's supposed to be a hint to read one specific wiki page (and they told you which one); they won't waste breath on "how put-out they are by your question" because a) they aren't, and b) typing more words is the thing that would make them put out. The point is that if you can't make sense of the wiki, then you should ask something more specific. And if you don't know what a word means, you should look it up.
And if we're talking about "users that have real practical skill born from computer use at school, work, while gaming, doing art, etc." then they should be capable of those things.
Back when I was developing said "real practical skill", being assessed as having that "real practical skill" entailed understanding that far fewer people seem to have nowadays. I don't just mean things like poring through manpages or reasoning about command pipelines. Nowadays it seems that people can be perceived as computer literate without things like having a working mental model of a "file" or a "path".
My household of 5 has been running exclusively Linux desktops for the past several years. Coming from Windows, I installed KDE distros and nobody has had any trouble with it.
They average user needs to be able to turn on the machine and have it boot, log in, use a web browser, connect Bluetooth devices, and print stuff. Linux desktops are more than capable of that sort of thing with zero additional training.
This weekend, I actually booted an old Windows XP machine that I've had sitting in a closet, and was astonished at just how...clunky Windows XP felt to me. It's not that it was hard, but it really helped highlight to me just how actually-usable Linux desktops have become.
It honestly wouldn't have occurred to me that this is feasible - my mental model of a "Raspberry Pi" is basically what the first-gen models were. But apparently it's been a while now, and their newest models use an ARM Cortex-A76 CPU, which is actually pretty respectable - only a bit behind my 2014 desktop, from the numbers I can find. Absolutely capable of running a web browser on modern Linux.
The Raspberry Pi 500 series with the CPU built into the keyboard are very capable little computers and extremely easy to setup, maintain, and re-image. I could literally mail them a new microSD card to plug in if they needed a new system but it's never been a problem. They use the default Raspbian image or whatever it's called these days, Raspberry Pi OS. It's perfectly suited for their needs and is rock solid.
Which models have you given them? Linux has been my computing best friend for more than a decade and I have also enjoyed using the Raspberry Pi 400.
But the Raspberry Pi 500 (keyboard model) is even better and (literally and figuratively) a cool design. You get 8GB RAM, boot from NVME, Debian with Wayland (labwc), and the R.Pi community.
They both use Raspberry Pi 500s. Seriously the support requests are zero. They both know that if anything weird happens, they can just pull the USB cable out of the back and plug it back in and everything will go back to normal. They seriously mostly use web browsers and my grandmother absolutely loves her gigantic monitor.
+1 for setting up parents with Linux.
In my case, a Chromebook I hacked to run Mint.
Like fucking hell I'm going to let senior parents navigate the virus known as Windows 11, complete with forced updates and reboots, disappearing customizations, and the constant and unrelenting spyware?! No thanks.
I'd like this to be true, but Windows has been getting incrementally more user-hostile for a long time now. I'm not sure this change is going to mark any particular tipping point.
I think it can be true, but we have to make it happen. One of the biggest problems I see is that we complain about things like Linux in these comparative settings, as if we don't have to make a choice. It's like saying you don't want to eat a cookie because the chef sneezed in it and instead giving you a cookie the chef took a shit in. Sure, I'd rather have neither, but if I have to eat a cookie I know which one I'd choose.
I just want to vent here about the recent experience I had buying and installing MS Office 365 for my wife’s small business. I had assumed since the competition is effortless and free, MS would at least make Office for Desktop relatively easy to pay for. Instead I got suckered into paying for “Basic”, which doesn’t support desktop apps. The “supports desktop apps” version costs more, but the big problem is it’s not explained within the apps what you need to upgrade to (there are many plans.) Then once you finally figure out how to upgrade, the subscription and payment sites repeatedly error out. Once you force through an immediate upgrade, it turns out that it’s not immediate and takes an hour to go through.
This is mostly just venting, but if the “please take my money” pathways of MS’s most popular product work this badly, I don’t even want to think about ever going back to Windows.
What many have yet to notice is that Microsoft now makes more money from Cloud than they do from Windows, so the purpose of Windows is now as the funnel for Microsoft's cloud services. It's like using an operating system made by GoDaddy.
Average computer users could probably switch... but it would require one of two things:
Some way to make it ridiculously low friction for existing hardware owners to get into Linux. Like, less friction than downloading an ISO, mounting it, and installing it on your computer.
Or make computers come with it when people buy them. (This is still vanishingly rare.)
**
As a power user... I still have a few issues, some that might be common, and some that might be quite rare/unique to me. For example, post-concussion I really can't stand low refresh rates, and screen brightness is important to me. During my last 2-month Linux experiment, I had issues with controlling those things which was a mix of hardware, drivers, Linux kernel, GPU modes, etc. These sort of issues seem to be less and less common in Linux, and I'm optimistic, but I also am hesitant to sacrifice my own health to make a switch away from Windows. (Mental health aside.)
And some games still don't work right, at least not on launch. Which can make me sad as someone who plays games socially.
As a photographer, I bought and use DxO PhotoLab. I've compared alternatives, and I like it much better. It doesn't mean I couldn't use darktable but I definitely don't like it anywhere near as much. (And no, DxO does not support Linux.)
System 76 makes a great product in this space honestly. I always recommend them to people who are interested in trying linux. They ship with linux pre-installed, its exactly like buying a dell with windows.
This. I bought a System76 laptop in 2011 which is still working very well with lubuntu for office and browser and such, it's now the laptop of my neighbourhood association. I could without problem upgrade RAM and drive to SSD, I could even swap the keyboard after I broke it.
I bought a new one from them this year, still incredible hardware.
My only issue with them, which is a big one, is that they ship only from USA. So as EU customer I have to pay VAT on top!
I concur. I own a System 76 laptop, and it runs PopOS. It's been stable for years (taking the regular updates). They make a variety of hardware products ranging from portable/lightweight laptop to beefy engineering workstation.
(also not affiliated with them, just want to support good products/company)
People say more Linux availability would make it mainstream. However, Chromebooks are one of the most available laptops. The software is 100% compatible with hardware, and in many cases, the Play Store is included to address the lack of software. That is more than enough for casual computing and office work—two massive segments of the PC user market. And people still don't like them. ChromeOS's market share is similar to that of all the other Linux distributions.
I think the Windows and MacOS brands have become lifestyle choices. Windows is the "gamer" and "corporate" choice. MacOS is the "student" and "luxury" choice. Linux is the "hacker" choice (they use Arch, by the way). Like iOS vs Android, Xbox vs PlayStation, Toyota vs BMW, and all other brand tribalisms, it seems like most people are emotionally drawn to one or another.
> The software is 100% compatible with hardware, and in many cases, the Play Store is included to address the lack of software
The problem is that the Play store and Linux environments on ChromeOS are both run in VMs.
On a machine with good specs, this is perfectly fine. But when cheaper ChromeOS devices ship with 4GB of RAM, older mediatek APUs, and emmc instead of SSDs, it's just an outright bad experience.
If Google starts pushing Android Desktop as a replacement for ChromeOS, I think that could be interesting. Being able to run the Play store without the overhead of a VM will make Android potentially a much better experience than ChromeOS.
> On a machine with good specs, this is perfectly fine.
I think the VMs are fine on the type of machines most people would buy for Windows/macOS. Chromebooks go exceptionally low-spec on the low-end to the point that I'd say their lowest-spec machines probably aren't direct competition for Windows laptops, wouldn't you agree?
I agree making ISOs is too cumbersome now. But I think the install is 90% there. Realistically hiding options under an advanced menu would make it no different than when you first get a windows or Mac.
Fwiw, you can get it preinstalled on System 76, makers of Pop. I'm a bit surprised Framework doesn't do it. But this seems easy to expand
**
Maybe I or someone else can help out. What's your distro, GPU, Linux kernel, and driver? Sometimes that interplay can create weird mismatches but I have rarely experienced them in the last 5 years (but extremely common prior to that!). Pop and EndeavourOS specifically target NVIDIA GPUs and can be the easiest "fix". Pop being more Ubuntu like and EndeavourOS being more Archy. Being power user I'd suggest the latter as it has a lot less bloat. Fwiw I daily drive EndeavourOS with a 4080S (previously 3080Ti) without too many problems. Only getting HDR at 60fps when trying to use my TV as a display. Other then that two issues where a kernel driver mismatch happened, solved by a rollback and avoidable by using stable releases.
I'm not much of a gamer but will play some AAA and a handful of indie games. Occasional issues like Steam not loading the GUI (right click menu bar and directly open library fixes), and occasionally sync issues because VPN, or minor like needing to launch a game twice. But FWIW, past 3 years I've never needed to touch proton. I'm really hoping SteamOS gets a broader release soon. I'm not sure if I can help much here but I do know graphics cards which might help?
I'll definitely agree UI/UX in many apps needs major improvements. I've seen a trend in the right direction though. Alongside the same improvements in OS. We need people to realize that your backend doesn't matter if people can't use it. Design is hard. The magic is the interaction between awesome backend and awesome design. I think this philosophy is growing. Hopefully. Momentum appears to be building
Appreciate it but this was like 18 months ago, on a Lenovo Legion 5 which I've since sold to my niece. Main issue was brightness - basically having to reboot Linux twice to get it to work. Once to switch GPU mode and once to select a kernel because it would often fail to boot for some reason until I went through that. I don't remember the details too well - I documented some here: https://retorch.com/blog/linux-mint.htm
Linux Mint w/ KDE for most of the two month period.
Nowadays like 95% of my gaming is Digital Board Games on Steam which I'm mostly quite sure would run fine on Linux. Anno 1800 was one of the rare instances of LAN multiplayer which is rare in games these days and poorly supported.
When I'm really active sometimes as a group we'll start a new Survival game together, and it's nice when you can be involved. Games like Valheim run awesome on Linux, and I had no issues with Conan, ARK, etc. Occasionally a game isn't supported and that's when it's a bummer.
Still, sorry to hear the experience. I'd have been frustrated too.
For the brightness, hard to say what's wrong without more details. But I hope someone pointed you towards xrandr, which would allow you to manually set the brightness and help determine if it was just a bad setting (edit to /sys/). But could be a kernel issue too. Which sounds a lot scarier than it actually is.
I'll admit, fractional scaling sucks every time I've used it. There are some settings that can help, like letting applications control their setting instead of system. But I don't have enough experience with this, but can confirm it can be frustrating. (xrandr can help here too btw)
The booting is super weird. But that's also something I would have definitely been able to help with. It can seem like black magic at first but it eventually makes sense. Just most people don't bother learning because it usually isn't an issue (my friend and I had a dumb competition to get the fastest boot... We each got under 3s cold and under 2s warm. It was silly, but learned a lot)
Re Steam: I haven't had to do this in a while, but sometimes changing the proton version can make a world of difference. I haven't tried those games though so I can't speak from direct experience.
I will say, I'm not a fan of Mint. I do think Pop and Endeavour are better entry ways. So if you ever try it again, I'd recommend one of those. I'll also say that laptops tend to be a bit more finicky than desktops, especially around display issues. Things are worlds better than they used to be but it is definitely an uphill battle. Lots of variance and not enough resources dedicated to tackling the problems. Hopefully the continued momentum makes this completely a thing of the past. (Battery issues are also a common issue with laptops. In particular putting mobile GPUs into their hibernate state. NVIDIA hasn't been the kindest here...)
As a "not linux expert" I think distribution selection is... a pain point.
It's a bit like the Fediverse. I'm quite happy now, on Hachyderm.io, but it took some trial and error, and the median social media user is ill prepared to go out, select a Fediverse home, and begin piecing things together.
But back to Linux. It's hard to know which distribution, and why you'd select it, when you don't know about Linux. Coming from Windows, it was "Home" or "Pro" (once upon a time). Linux is... though you might not know it, Debian or Fedora, and then a dozen or two varieties off those branches, and then the Window Manager, and then the desktop.
I know nothing about Endeavour, but I've heard of Pop, and I thought it was a thin layer on top of Ubuntu? Not sure why Mint is so different? It's Ubuntu-based too? This adventure actually started with Nobara, which is "marketed" if there is such a thing, as being good for gaming. But I actually had no good experiences with it at all. And did some research and Mint seemed very friendly (and largely was!) But I didn't like Cinnamon much. Anyway, my point is... distribution can have a huge impact on overall experience, but it's very hard to decide on distribution without knowing a lot more about Linux. That pre-education is much more investment than most Windows users would want to make.
EDIT: Oof, I found EndeavorOS on Kagi and... the home page loads, and it says "Mercury Neo with Linux 6.13.7 and Arch mirror ranking bug fix"
I know a few of those words. What am I looking at? I think Linux needs a marketing team!
Yeah distros can be confusing. For the most part it isn't too big of a deal and the main difference is the package manager. apt and dpkg for distros based on Debian (includes Ubuntu), dnf for RedHat (Fedora, CentOS, etc), and pacman for Arch. There's more but you'd run into these the most. I'll be honest, it mostly doesn't matter and it is nerdy quibbling. That said, I still think PopOS is probably the best to start out on because it has some focus around making NVIDIA drivers work. They also build their own laptops (System76) so have some extra experience there. Endeavour is good, but it is Arch based so "rolling-release", meaning you're essentially always using beta software. Mostly not a problem but can lead to some additional instability. I wouldn't expect any real issues, but should be clear.
> "Mercury Neo with Linux 6.13.7 and Arch mirror ranking bug fix"
Yeah... that is weird to put at the top. It's a link to a new blog post. Mercury is their codename, the 6.13.7 is the Linux kernel, Arch mirror being where packages are hosted, and just prioritizing bug fixes. You can read the article if you want. Better would be looking at their about[0] or scroll down further on the front page past the mirrors. IDK why they don't put these things at the top. Definitely a mistake. Pop definitely does this better[1]
Linux marketshare is steadily increasing, especially among English speakers. It's complicated by how you want to count the Steam Deck, but the steam hardware survey has a clear upward trend: https://www.gamingonlinux.com/steam-tracker/
> Put on a good skin and most people wouldn't notice the difference.
I doubt it. Common people can't interpret GUI and discover features unlike developers who'd prefer dynamic "intuitive" interfaces. They rely more on dumb fixed rote memorization.
Most recent example of failure of this approach is Windows Settings app. Not only a lot of configuration panes started to mimic old Control Panel in both features layouts, even verbiages, many had become a mere shortcut links to old Control Panel applets.
To be fair, I can't figure out how to use OSX. I'm constantly going down the wrong menu paths. Same when someone asks me to use Windows, and in a completely different manner.
My point is that it's not like there's an objectively good way to do this. That people just get used to doing things one way or another. And frankly, with Linux you can copy those same structures and that's what I mean by "skin". You really can make it feel a lot like Windows or OSX and that really reduces the dissonance.
So it's not from skin and down, but from metal up to the skin, or the kernel and userland. It'll have to be ReactOS approach that don't necessarily have the exact Windows 11 theme.
Average people nowadays don't really use general-purpose computers at home. They use whatever their work provides at the office (which will continue to be Windows for most people and macOS for prestigious or highly-paid jobs), and use phones at home.
Just keep in mind that widespread Linux adoption means it will lose something special it has had from being relatively small on the desktop. This would be another Eternal September ... including a massive influx of entitled users and all that.
Because of that effect, I think there needs to be one or more for-profit Linux OS vendors prepared to absorb all the support and feedback needs (and contribute upstream, of course), and OEMs should only use it/them for anyone besides "advanced users and developers" or similar verbage.
I've never understood why Red Hat never tried breaking into this space. People clearly don't mind paying for an OS and RHEL is pretty much as polished and well supported as you can get. A fork of RHEL geared towards home use would be fantastic. I know Fedora exists but it isn't backed by RH the way RHEL is.
Just like other companies, home users do not make much money compared to enterprises. No home user will pay $10,000 annually for example and think nothing of it.
Enterprises is where the money is, that is also why a company like Cisco do not make consumer devices
The reason people buy RHEL is because you can get support for any problems. Consumers are not gonna get that so they might as well just run CentOS Stream for example.
> This would be another Eternal September ... including a massive influx of entitled users and all that.
Isn't that Ubuntu?
Jokes aside, I'm not too worried considering the plethora of distros. There's always been a range of them that target different subgroups. Which I think is where a lot of the magic comes from. Realistically, the kernel is about making an environment that everyone can build on top of. You can't make a product that meets the needs or desires of everyone, but you can certainly build environments which can be transformed to meet any needs. (Actually, I think that's the magic of programming and something we kinda lost sight of. Too focused on making "products" instead of environments)
A couple years ago was "the year of" open source OSes for me. I only have one remaining machine running Windows, and it just sits there doing nothing because I don't actually use it anymore. Same with my one remaining Apple machine. Well, I mean I have a couple retro machines that aren't in everyday use of course. Everything else is running Linux or BSD.
I feel like we are getting closer to the year of convergence... but with Android. Google is apparently working on it.
Many of my friends don't even have a computer: they do everything on their phone. If they could plug their phone to a dock station for the few times they need a keyboard and a bigger screen, they would be fine.
>If they could plug their phone to a dock station for the few times they need a keyboard and a bigger screen, they would be fine.
Samsung DeX does this, and I think similar solutions or workarounds are available for other manufacturers via USB-DP Alt Mode and BT for input devices.
I don't know anyone who uses it, though, and can't vouch for practicality.
It was definitely a thing for awhile. IIRC Mozilla made a phone OS that could do this and I think Ubuntu too. I think those projects gave up too quickly. Sometimes things take time and idk why in CS we have to always be in a rush. If Goodyear, who's made tires for 100 years, can take 8 years to make a tire, I think we can take that time to make a new novel OS that has a phone mode and desktop mode. Certainly such a thing is going to take time for people to even wrap their heads around
I think it needs to become "standard" on Android. Then developers will write apps for it, and I could imagine hotels offering "docking stations" (e.g. the TV with a keyboard/mouse).
If it's only the Samsung thing, probably developers don't care? Also it feels like Google may make Workspace work on wide Android screens (for their XR stuff).
They're great little computers but you're kidding if you think $400 to upgrade to 1Tb (from 256G) is not priced. I can get 2Tb of gen 5 NVMe for under $300. Same issue with RAM, but at least at 16Gb most people don't need to upgrade.
Come on. You can still think they're great while admitting they're over priced. Those aren't in contention.
your typical casual user needs 2TB of local storage (outside the cloud)? that’s news to me.
I agree it’s overpriced, and it bugs me too. But i still recommend mac’s to my less tech savvy family and friends. Why? I’m not interested in being their tech support, and also, it’s trivial to buy a portable 2TB thunderbolt 4 SSD for $200-$300, if the need arises in the future. In fact an external SSD is even easier to replace/upgrade than an internal ssd (generally speaking). i think we’re losing sight of the topic here. CASUAL USERS :)
> your typical casual user needs 2TB of local storage (outside the cloud)? that’s news to me.
That is *NOT* what I said... and you know it...
I don't believe 256GB is sufficient for the typical casual user. Apple knows it too. But $200 to upgrade FROM 256GB TO 512GB is, as you asked "too expensive".
It is "too expensive" BECAUSE comparable off-the-shelf hardware is significantly less AND has better performance. We're also talking about a level of performance most people will not notice the difference between.
I cannot find a 512GB NVMe drive that is PCIe 5.0, but here is a 1Tb one that costs $170[0]. They key point here being that you get twice the storage for 85% the price OF UPGRADING. That drive suggests it gets 14.7GBps reads and 13.3GBps writes while this Reddit user shows their Mac Mini M4 gets UNDER 3GBps for both read and write[1]. It definitely would go higher with the 512 variant because those disks are suffering from the same issue that the M2 Air suffered from... but that doesn't change the price that you pay more for less. You pay more for SIGNIFICANTLY less.
> I think we’re losing sight of the topic here. CASUAL USERS :)
It wasn't me... The question wasn't what you'd recommend to your less tech savvy friends and family, the question was if something was over priced.
P.S. iPhones won't capitalize a singular "i", as would be the proper grammatical usage.
P.S.S. External drives aren't just annoying, they're slower too.
I know it's a running joke, but we had a decade (+) of Linux in many other consumer use cases, such as smartphones. The problem is that if you're selling a consumer computing platform, you're subject to the same exact incentives as Microsoft. You want to be Microsoft! You want their revenue, their profit margins, their nice offices, their talented engineers.
Android is Linux, but your typical Android phone ships with invasive AI features, has a locked bootloader, a variety of components that collect data about you... and unless you jump through hoops, it only lets you install apps from the company store.
I just use Windows in a seamless VM with Office 2013.
It's fun, every time somebody sends me an exploit or dropper I am eager to click on the attachments to find out how it works. And after seeing what it does I just reset the filesystem snapshots back to the lsst step.
And for newbies to Linux I'd heavily recommend trying out KDE as a desktop environment. They're are really nicely integrated, even phone sync and other shenanigans work out of the box.
This is the crucial point that makes the whole question somewhat moot. Only one other of the 20-odd peers in this thread acknowledges it. Once again I'm disappointed by how out of touch the techies here seem to be.
Has anyone had success setting up a Linux machine and handing it off to a less tech savvy friend? I've had some people asking about it but I have techie brain and I don't know what's usable to normal people.
just saying, the comment you just wrote could have appeared, word for word, on any HN discussion in the last 20 years. The only words that would have to change are "PopOS" / "Arch" / "Manjaro" for more timely distros. (and Chrome didn't exist until ~2009)
I really don't think so. We didn't have GUI installers 20 years ago. I think you're undermining the advances linux has made. I think it is harder for us on the techy side to see but having been getting people to switch to linux over the last 10 years I can say that the last 5 have been significantly easier.
We did have GUI installers in 2005. At least SUSE did. Linux hasn't made much significant changes to its core architecture. There are better implementations for many things like Pulseaudio and Pipewire or Wayland compositors are a bit more streamlined than X11.
The core issues existed in 2005 still exist in exact form: how do you make money for the software devs on Linux, how to bring good closed-source software support for decades. If Linux cannot solve those two problems, it will not replace Windows. I think, without changing the software architecture to look more Windows-like, the latter problem cannot be feasibly solved.
I don't want people who want Windows to come to Linux because Windows has become a spyware. The result will be a bunch of entitled users asking for Linux to look more like Windows.
Anyone who has maintained an open source project knows how consumers of open source suck. "Your free project that you develop in your free time sucks" or "I won't make you the honour to use your project if you don't spend 2 weeks adding this feature I want". A mass influx of Windows people who want Windows-without-the-spyware would probably make this worse for Linux.
"I want BSplayer, how do I make it work?", and no other player will ever be good enough as BSplayer. And sometimes it's not even a good piece of software, but some stupid windows only thing that not even windows users use anymore.
I have plenty of hard disagreements on the "user experience improvements" in Linux. "Adding a skin" is not easy and making the experience somewhat coherent is extremely hard (GNOME is sort of successful at an extreme cost and plenty of limitations, KDE is still an incoherent mess with plenty of bad defaults starting from the base CDDM skin). It's full of things like the missing icon view in the GNOME/GTK file chooser [1] and while it's true that Windows11 is atrocious, all those little things add up.
I actually recovered a laptop my family was using to launch firefox by installing linux on it (soldered ram went bad, linux is the only OS I could use to tell it to skip the bad blocks through kernel command line) but I hold no illusion about its level of "user experience". Just look at the comments in this recent thread [2]. And as a power user I am baffled by some of the choices at the kernel level (which I mentioned in that thread) and others closer to the user by distros (ubuntu and snaps, name an iconic duo), or things like flatpak not being close to ready and still shoved down user's throats...
I spent years when I was younger submitting bug reports for the papercuts I noticed - some ignored for years, some closed and forgotten forever when some project decided to move on from bugzilla - and I have no more time or energy to continue doing so. The maintainers after all write the code, I'm just a user and get no voice :)
I've been reading about the "year of linux" for years now, it's a meme for a reason. People that are not "prosumer" will keep using the preinstalled OS even if it's garbage - assuming they buy a laptop or desktop at all - and the prosumer will probably keep an OSX or a Windows machine close by anyway. Linux is usable as a browser kiosk sure but there is still plenty of friction on everything else. Enshittification will continue, and possibly infect also linux.
> "Adding a skin" is not easy and making the experience somewhat coherent is extremely hard
I don't mean to imply this is easy. But I also do know that these efforts have been in the works for quite some time. They can get more dedication if that's the direction we need to go.
Quick Google
- 3 free Linux distros that look and feel like Windows: https://www.pcworld.com/article/2532994/3-free-linux-distros-that-look-and-feel-like-windows.html
- 5 Linux Distributions That are Inspired by the Look and Feel of macOS: https://itsfoss.com/macos-like-linux-distros/
> soldered ram went bad, linux is the only OS I could use to tell it to skip the bad blocks through kernel command line
IDK how to tell you this, but for 90% of people this is "throw the machine out, buy a new one." I'm really not sure what the critique is here. Even if running with more problems seems unsurprising given what you described. And you're talking about the kernel.
I don't deny that there are problems with Linux, nor that things need to improve to get better mass appeal. But I do think you should look at your own words. They're highly technical. And we should not forget how this would compare when discussing Windows or OSX. That's the choice! It's that these conversations of "Linux sucks" are not just complaints about Linux, they are also suggestions of using Windows or OSX. The context of our conversation is about choosing between these systems, not the existence of problems.
I want to be very clear
Linux is a dumpster fire.
This does not mean Windows isn't!
This does not mean OSX isn't!
The argument I'm making is that this doesn't matter for the general user. Fuck, it generally doesn't matter for the technical user. But there is a good reason why technical/power users have a strong bias towards using Linux. Because at least it is a dumpster fire they can fix. It is absurd to have the framing that we should not encourage people to use Linux in favor of them using systems that are user hostile and destroying all sense of personal privacy!
These arguments become equivalent to: "You don't want to eat that, the chef sneezed in it. Here, eat this cake instead. The chef only took a shit in it."
Idk about you, but give the choice, I'd rather take the sneeze than the shit. I'd (strongly) prefer neither, but frankly that isn't an option now, is it?
And let's be honest, if you want to get more resources to put out more fires, the only way that's going to happen is if there are more users.
It will never be the year of Linux. That statement doesn't even mean anything. Businesses desktops run on Windows. Linux wont replace the ease in which MS allows you to manage thousands of people in the near future. There will be billions of Windows computers for the forseeable future because they can be managed easily by sysadmins with AD/M365.
Out of curiosity, have you had any experience managing 100s or 1000s of users/workstations?
Could have happened 5 years ago. Could have happened 5 years before that. But it won't ever happen if the techy people that have the capabilities of making it happen are too busy self-righteously laughing about how it hasn't happened yet. Luckily that doesn't stop progress, but it sure doesn't let it get to the speed it could.
Meanwhile, I hope you're happy with the state of things. You have every right to point and laugh if you are happy with the direction Microsoft, Apple, and Google have led us. But if you aren't, it isn't too late to make efforts to change those directions.
If we're going to reference the past, let's not hyper-fixate on every failed "call to arms" while ignoring how future they were trying to fight actually happened...
> Meanwhile the user experience of Linux has dramatically increased. Put on a good skin and most people wouldn't notice the difference.
As someone who spends time using MacOS, Windows, and Linux ... even if you managed to make them look pixel perfect identical, everyone would notice something is off immediately. MacOS, Windows, and Linux desktop environments all feel distinctly different.
MacOS feels like you're waist deep in the shallow end of the pool trying to run. You feel like you're being held back in terms of speed but never out of control. Window max/min is easy, want to resize a window? That'll be 5 minutes of your life you'll never get back.
Windows is like an overeager dog, it's fast and nimble but don't blink or you'll loose your mouse cursor. Max/min/resize? Sure it's effortlessly easy right up until your mouse hits a zone and then it snaps the window exactly how you didn't want.
Linux gives you the freedom to do whatever you want, and that's exactly what every single app developer has done with their app experience. Will a click of the scroll wheel move at light speed or a glacial crawl? You never know, but what you can count on is that it will be entirely different if you use a touch pad. Want to resize a window? The mouse cursor might change to the resize icon, but damned if it doesn't activate the window beneath when you try to click and drag.
Do they use MS Office for work, or just simple hobby stuff? If it's work stuff - leave them alone. For hobby stuff LibreOffice is a good replacement that you can trial on Windows. As far as distros go, I don't like some of the decisions that Canonical has made with Ubuntu, but it's hard to argue with how simple, reliable, and complete it is. I don't want to run it for myself, but it's great for some people.
You will need to cite your sources that Apple is going the same way.
From what I see, Apple has launched private cloud compute with better privacy safeguards than any other big tech firm. In fact, their personal assistant is the worst one because it is so dumb.
They don’t seem to make money from your data because, as you say, they have already made huge margins on hardware and apps.
Why quiet downvotes? My links demonstrate that Apple is collecting a lot of data, not giving an easy choice for the opt-out and starting to use that for ads. Also the software is getting worse.
On literally what metric? Even if you do the most naive comparison of compute and storage, Apple now comes out ahead much of the time, to say nothing of differences around quality, display, controls, etc.
On the metric that people see PCs as disposable appliances and don't consider a small format box like a Mac Mini to be a real computing device. They don't give a crap about "compute," they care if they can open their web browser, outlook, and play their little slot machine game. You're not gonna get Meemaw who spent her entire career as a secretary working with Windows machines to go to Mac just because you like the specs. Hell, my mom has owned the same PC for 15 years now and I can't get her to move away from THAT.
I am definitely moving to Linux this year.
I'm a not a developer, but I am willing to tackle the learning curve.
I have been a Windows user from my very first computer, my first internship was at Microsoft. But I am done with the directions they have taken these past years!
There definitely can be some hurdles depending on what your goals are. If you're mainly browser user, don't stress. If gamer, go PopOS (if want to be a bit more, EndeavourOS is a good recommend).
If you do want to learn linux, then I actually suggest doing things "the hard way". That is installing Arch (fastest newbie I've seen is install on the 4th attempt) and try living in the terminal. The failures lead to a lot of learning. But it is a good way to learn because it forces you to get your hands dirty and makes you quick to not be afraid because well... you will have already experienced fucking up and it is less scary once you have haha. It's one of those things where you don't feel like you're making progress but boy do you learn fast this way.
But this of course is not what everyone should do! I just wanted to offer the advice in case you or anyone does. I am being serious about it being the hard way. But it pays off.
Linux still suffers the same flaw as always, though: it's just bad. And the projects that claim to make it better end up being a lot like Microsoft or Apple.
You or I can use Linux, because we're the same type of people who visit Hacker News. It's also completely possible to get your great-grandma on Linux, since the web browsers work the same and you can install the specific apps they need to use and they'll never care about anything else. But the middle user is working in an office exchanging Microsoft Office documents all day, making video calls through Teams, and using one out of a zillion business apps developed specifically for Windows.
We need more free and good projects, and the problem is, that costs time, and in between Richard Stallman's heyday and now, the rent's quadrupled.
I'd like to see stats about that middle user though, I would think that this usecase decreases fast as things are moving to the browser (Office366, Drive, mail, even corporate apps).
Other types of usecases have gone very Linux-friendly recently (e.g video games thanks to Valve).
Maybe I'm nuts, but I absolutely love timesnapper (the non-LLM predecessor of Recall, but the same screenshot every few seconds concept).
I originally got it for it's main advertised function--making it easy to record hours for contract billing--but once I had it running I was hooked.
It's just incredibly useful to be able to pull up what you were doing at any given moment, or how you did a particular thing, a few months after the fact.
I haven't used Recall yet but hooking it up to a multimodal LLM seems like an obviously useful thing.
Then it should 100% be a clear opt in, with no weasel words. No yes/no dialogs with "Yes" or "Maybe later".
OneDrive being on by default and hoovering up your data automatically has burned at least one family member, and it seems like recall will follow the same path.
One of the driving forces of my full windows exodus was Recall. I knew they wouldn't seriously scrap the project. Glad to see measures are being taken to avoid the spies. Shame it comes to DRM though.
Yours is the real solution. What Signal did is a temporary kludge around the underlying problems, which include that Microsoft is hostile towards customers and users whenever it thinks it can get away with it.
Also, as you get into mechanisms like DRM, which treat the owner and user of the device as adversaries, you make it harder to detect when the device or something on it is misbehaving against the interests of the owner/user (such as for secret surveillance).
> Microsoft is hostile towards customers and users
MSFT is implementing hierarchical control and monitoring on their desktop computers. Executive branch, legal and finance are the drivers. Users are serfs.
I mean what else can signal do? You can't win against whoever controls the OS or hardware. They have effective absolute power. They do have to treat the "owner" as an adversary because companies like Microsoft make claim that they are the owner, not the user.
From a security perspective, you shouldn't be using anything you don't control from the bottom up. That includes Windows and Signal. Full stop.
But in a pragmatic world, we can't have that level of security. You're reduced to deciding where you are willing to tolerate the security weaknesses. Obviously, no software or hardware will be 100% secure. But absent having an existential state level need to roll your own, you just have to pick from what's out there and accept that none of it is fully secure.
I mean I agree but this also is acting like there's no alternative. Apple exists. Hell, Linux exists and is easy these days (see main comment).
It's just unclear to me if your comment is implying that we should just roll over. If so, I vehemently disagree. If not, I'm actually not sure what you're saying and sorry if I'm misunderstanding.
> you shouldn't be using anything you don't control from the bottom up
You absolutely do not control any Apple device from the bottom up. It is Apple software running on Apple hardware, tons of closed off secret stuff in there.
And even then, you probably don't really control whatever Linux you installed from the bottom up. It's filled with code you didn't audit and validate, you're probably getting updates delivered on a regular basis by people you don't know, etc.
And even then, where are you going to run that? On a modern x86 processor running all kinds of UEFI software and microcode with security coprocessors you can't directly interface in but can see all your memory and devices?
So what's your point? I don't get what you're arguing other than giving up. I'm sorry, but if someone wants to take a shit on me I'm not just going to submit to that fate. I'll try to get out. I don't know about you, but I'd rather step in shit than have it forcefully poured down by throat.
At least with Linux, I know there are other people checking. People with expertise I don't have. People not incentivized by their own employer. Certainly this creates higher levels of trust than the closed source setting. If it doesn't, then your argument applies to literally any subject. Medicine, food, whatever. Let's not act like this is a binary setting, it is a spectrum. There are situations that are better than others even if they aren't perfect.
My point is, practically speaking normal users have just as much "control" over their stuff whether it's running Linux or Mac or Windows in the end. It's pretty much impossible to truly control the whole stack from the bottom up, it's a pretty much impossible standard for normal people they created.
> People not incentivized by their own employer.
Tons of FOSS is written by people paid to write it a a part of their jobs. And I don't know why I'd trust a passion project of an amateur doing it for fun over a paid professional doing it. Maybe the guy doing it for free is better, maybe he isn't. Do you trust the guy giving medical advice over the internet on some random blog over the licensed paid specialist doctor you might otherwise see? Do you trust the pills made by a pharmaceutical company to actually be what it says on the box more than a guy handing out pills at a concert? After all that guy posting on the internet or handing out pills isn't being incentivized by their employer!
And I wouldn't necessarily trust some random open source project over a similar closed source project if I'm not going to take the time to actually audit it myself. Just having the source code over there doesn't do anything for you if you don't read it. And besides, you're probably going to pull compiled binaries and aren't going to actually verify that build are you? And you're building it with what, a compiler you downloaded already compiled? You definitely validated that, right?
You're right, it's a spectrum of choices one makes. But it's not like open source instantly makes something more trustworthy or more secure or something. You have the ability to do more to trust it, but it isn't inherently more trustworthy by just having the source available.
Bingo. Furthermore, the annoying things that MS does are predictable and usually not directly harmful. Yeah they want telemetry, they want to encourage me to use expensive autocomplete everywhere, but ultimately the range of bad stuff is "oh dear the corporation is trying to upsell me nonsense I have to turn off", not "my OS is the combination of thousands of distinct software packages where I have to trust literally everybody with code execution... I sure hope this keeps working out".
Disagree; publishing the source is a genuine positive step. It means there's a much bigger chance that anything bad in the code will be found. Don't let perfect be the enemy of good; it's important to continue pressuring Linux distributors and hardware makers to do better, but we should also celebrate the things they're doing right and give credit for what they do better than MS or Apple.
I think you're misunderstanding what I'm trying to argue. There's important context to what we're talking about: Linux.
The argument is not: "Having source code makes it trustworthy"
The increase in trust is primarily driven by unaffiliated experts. The open source part makes that easier, but is not what explicitly drives the trust.
***The multi-party verification is what drives trust.***
> practically speaking normal users have just as much "control" over their stuff whether it's running Linux or Mac or Windows in the end.
No one is arguing against this. I even agree with you.
I brought up the difference in trust by third party due to this. The level of trust is different. While /control/ may be the same /trust/ is not.
It does not matter that FOSS is written by people that are paid. It matters that people that are not paid look at it and investigate it. Or even paid by a different party. Paid or unpaid is not the critical variable here.
Look at it this way:
In a closed source ecosystem, do you trust an organization that has had a 3rd party audit MORE THAN one that hasn't?
Of course you do! It isn't complete trust, and certainly you may wish to (and should) scrutinize the third party auditors to ensure that they aren't just acting as "yes men", but the level of trust objectively increases. Certainly this should continue to increase as the number of parties grows. That's because the likelihood that these parties are "on the dime" decreases.
> Do you trust the pills made by a pharmaceutical company to actually be what it says on the box more than a guy handing out pills at a concert?
This is significantly different from the scenario we're discussing... Let's rephrase
Which pills would you trust more to do what they claim to do?:
1) Pills made by a pharmaceutical company and tested by the pharmaceutical company
2) Pills made by a pharmaceutical company and tested by the pharmaceutical company, tested by third party organizations (medical and governmental) from multiple countries and have received recommendations from various organizations with no direct ties to the pharmaceutical company that developed the pills
Clearly we trust #2 more.
You'd be insane not to! It'd require a much more complex environment for that to be lest trustworthy with such high amounts of conspiracy that you may as well trust nothing that you can't verify yourself. But in that setting you can't trust your own knowledge because you aren't able to derive everything from scratch either. You literally can't trust the knowledge that you read in a book, on the internet, or anywhere if there is that level of conspiracy. But clearly we don't believe in that ludicrous scenario.
Certainly there are a lot of shit FOSS out there that is no better than the drug dealer in your example, but we're talking about fucking Linux, not a random GitHub project by some uni student. Certainly I don't trust that one! But that one doesn't have multi-party vetting and is far from the type of software we're talking about.
Linux, the kernel? Sure, I bet there's tons of analysis and studies and reviews and scrunity on every merge. Lots of organizations are constantly looking at it. It's probably one of the most scrutinized code bases ever created. Same with some other core system things like the various parts of systemd and similar components. I bet there's a lot of packages related with a major Linux distro that do get a lot of eyes.
But then what about the other 900 or so packages on that desktop install? Are all of those getting some extensive reviews every check in? Constantly getting audited? Probably not. We probably don't really know who many of those people are. How many other Jia Tans are there out there, quietly managing widely used packages, people assuming they're being reviewed?
You're seemingly making a massive assumption there's much review happening on the vast majority of packages. And yeah, on most normal Linux distro there's going to be tons of packages that aren't routinely being audited and looked at. And once again, having the source sitting in the corner with nobody looking at it isn't going to do much for you.
Don't get me wrong, I use FOSS all the time, and I generally do end up having it cross the threshold of trust. FOSS is awesome. But for most FOSS I use, I don't really trust it any more than I'd trust some codebase from some other large and otherwise reputable software vendor. And sometimes, I trust it even less.
Again, you're missing the entire argument being made.
*That doesn't mean you're wrong*
Again, I agree with you.
We're just talking about completely different things and I'm not sure why you insist that we aren't. I'm sorry, I just don't enjoy talking to the wall.
I feel like I do understand what you're saying. You're quite literally saying:
> At least with Linux, I know there are other people checking.
And I'm taking that as "a Linux-based OS", as that's how most people mean it.
And you're assuming there are people checking, you probably don't know there are for that entire OS distribution. But there's probably tons of software you're running in that "Linux" system that where there aren't people checking. And as we've seen with things like xz, a small seemingly unrelated package can routinely modify very highly privileged and trusted applications in ways allowing a backdoor to be inserted with nobody noticing it by looking at the code.
We've gone from "you shouldn't be using anything you don't control from the bottom up" which you suggested to use Apple (a platform you absolutely don't have much control and is filled with closed source). From there you shifted the discussion to trust and "At least with Linux, I know there are other people checking." Which isn't necessarily true, a ton of that code you're running has probably only been reviewed by a small handful of people. A handful of people who may be very nefarious.
You say "The multi-party verification is what drives trust", but tons of that "Linux" OS doesn't really have multi-party verification.
And in the end we're going to apt install something and probably get binaries built by who knows, docker pull tons-of-shady-stuff from wherever.
And don't get me wrong, I agree many similar arguments could be made for a lot of closed source software as well. There might not be many reviewers either.
If I'm not getting your point, I'd say you're not really sharing it coherently. I've been re-reading of your comments and I'm not sure how else to read them.
> but tons of that "Linux" OS doesn't really have multi-party verification
Because of this. That's not what we're talking about. You keep moving the discussion to somewhere else. The reason I keep pointing at things you're not looking at is because you keep wandering away from what I'm talking about.
> If I'm not getting your point, I'd say you're not really sharing it coherently.
I've been trying man. I just don't think it'll happen. Best I can do is point back to the pharmaceutical example. I really don't care about the street dealer, they aren't what's being discussed. If you can't hear me, sorry, I can't say it any louder.
Who we're comparing to matters. This is all I got left in me
Microsoft: Trust us, because we say so
Apple: Trust us, because we say so
Linux: Trust us, here, figure it out yourself
None of those magically imbue you with knowledge that should make you trust. But certainly one is easier to gain trust. Certainly one has more people with less incentives verifying. If you cannot differentiate that, then we're never going to be able to speak the same language.
Stop telling me what I'm saying and start listening to what I'm saying I'm saying.
Its a direct quote from an earlier comment you made. I can scroll up a few lines and see it my dude. What's the opening sentence of the second paragraph of this comment?
> Best I can do is point back to the pharmaceutical example. I really don't care about the street dealer, they aren't what's being discussed.
That's the thing though, there's probably packages installed on your Linux machine right now that are far closer to the guy handing out pills at a concert than highly regulated drug manufacturers with third-party auditors reviewing their ingredients in the pharmaceutical example. You're acting like that stuff just doesn't exist, burying your head in the sand to the problem and assuming people are actually reviewing things. They're often not.
> Linux: Trust us, here, figure it out yourself
Yeah, figure it out yourself. But don't worry, there's lots of other people looking at it for me. Except for all those times there aren't. Once again, you're assuming people are actually looking at these things without verifying it.
I'm not aware of this having been done, but it would be unsurprising. You can't win against the OS... If the OS (or hardware) is malicious, you're out of luck. Nothing you can do as a developer. The OS has complete control...
If this is your major concern, I suggest moving to a deGoogle'd OS. There's still going to be concerns even after wiping Android because there's hardware, but certainly this places trust less in the hands of Google (but you're still going to need to trust the OS maker).
Registration is fair. There's been a lot of pushback against this. Things look to be moving in a positive direction with usernames, but hasn't quite come to removing phone number requirement. I believe they are still using this to help reduce spam (much easier to spam if email or no outer registration. But I hope they resolve that).
I think there was always a similarity or homology between DRM and many privacy scenarios that people care about:
Party A sends information to party B intended for use in a specific context, but wants to limit the risk of it being stored or forwarded for use by other parties or in other contexts.
DRM typically connotes that party A is a media company and the information is a movie or something, but - as in the case the article is about - party A could also just be a regular person and the information could be private personal info.
Yeah, I'm a bit confused at all the Recall outrage. It's an opt-in app that only stores data locally. If you think they're lying and are going to secretly upload the screenshots, well they can do that already.
Fighting with the OS is futile. The OS is always in control and apps can only ask it nicely to do things.
Microsoft can simply change Recall to capture DRM-marked content too. And to avoid copyright issues, it will store some kind of visual summary (or whaterer the neural network can use) instead of plain screenshots like it is doing now.
It’s really come to this? As if accepting the 4 different data sharing Eulas required to install windows wasn’t enough, now apps need to DRM themselves…
I'm not sure, but in recent years, Microsoft has made a lot of negative headlines by silently re-enabling settings after updates, so this doesn't seem like something you should trust.
Does it really matter? They'll assault users with "Enable recall to access this feature, yada yada" and 99% of people will just do it. Just like every other spyware feature they provide.
"To use Recall, you will need to opt-in to saving snapshots, which are images of your activity, and enroll in Windows Hello to confirm your presence so only you can access your snapshots."
I understand people not liking Recall. I'm one of them. But for something that is opt in now and even if opt later can still be disabled. So changing OS's because of that seems like an overreaction.
It's the straw that breaks the camel's back I think for most people.
Constant nagging by the operating system for Windows products (I have enabled onedrive personally, but for some reason it installed two file explorer quick access links, and the workarounds online fail to persist reboots) -- hijacking file extensions, hijacking program aliases (I just had to remove a windows store alias in my env variables for "python" despite having it already installed months prior), the constant cat and mouse to have local account-only possible, inability to remove edge/stop being pestered about it, and now recall (which is not truely opt-in since it gets installed whether you want it or not).
the crutch is that an update could silently re-enable it, in a way that you aren't notified, and it'd be too late to try disable after it captured content off your machine you didnt want captured.
It is why i disable windows update, and manually check each first, before installing it.
The security vulnerabilities you fix is no longer the only threat actor these days - you have to also model the threat of microsoft, and how their updates can break your system, change it in irrevocable ways etc.
Does anyone else feel like Signal is acting like Recall is the only app that could record your screen on Windows? It seems like this is something they should have been stopping for a long time and they are finally addressing this loophole?
Will it though? They are acting like it is already 100%, when it isn't only in a difficult to access preview that only Windows 11 users with Copilot+ PCs can use, and even when installed, it requires opting in.
How many hours a day does Zoom/Google Meet/etc record many users' screens? I'd suggest that it unbelievably common for a screen to get recorded many hours every day already. I had always (incorrectly) assumed Signal required a desktop app so that they could block screen capture like they finally do now.
As somebody who had to use signal messages as evidence in court, there are legitimate reasons to capture screenshot of signal. If people have spyware then that’s on them. When the OS becomes the spyware… well I support signal’s timing on this.
Yeah; the lack of backup support is getting really old. I was hoping the article meant that you could optionally set it to recall your chat history across backup/restore.
iOS <-> Android account migration would also be good.
I last used Windows in the Windows 8 days. That was when they added the telemetry "feature" that lets MS engineers copy files off your box without your permission (and without notifying you).
At the time, they claimed it's only for debugging software failures, and even then, only with managerial approval. My reading of the US CLOUD Act says they're obligated to let the US gov't copy arbitrary data off your machine, regardless of what country it's in.
I'm not sure if they still do it. The documentation of this stuff is well-buried.
Continue to be happy to have deleted windows from all my computers, including for gaming. There are issues with closed source OSs in general, but microsoft has continually shown that they make bad decisions and just aren't trustworthy.
Gaming on Linux using steam works great for me. There are more games than I have time to play and I don't even need to worry how they work (emulation vs native) as I had to do many years ago.
I think this is quite strange, imo this is just virtue signalling / activism and much less about privacy. I install Signal on the Windows operating system on the computer I trust. If I wouldn't trust Windows, why would I install Signal? Also Recall is an opt-in feature, it's not spyware, that's simply FUD.
Second, Apple is doing something similar except they send all your data to the cloud (yes I know Apple says private cloud, but there's no such thing). What's Signal's take on that?
I respect their stance on privacy, but this doesn't feel like a rational decision to me.
You might trust Windows and even actively want Recall and simply not want private Signal messages, specifically, to be captured by it. For the same reason that Recall already tries to exclude browsers in incognito mode, as mentioned by the article.
Yes, I can see why the feature would be valuable. But the blog post is an emotional rant against Recall. Signal is lacking a lot of valuable features, I doubt this is high on the list of most users, yet time and effort has been spent on it. If you don't want Recall, then don't use it.
> Draws on your personal context without allowing anyone else to access your personal data — not even Apple.
Personal context === privacy sensitive data.
> Apple Intelligence is designed to protect your privacy at every step. It’s integrated into the core of your iPhone, iPad, and Mac through on-device processing. So it’s aware of your personal information without collecting your personal information. And with groundbreaking Private Cloud Compute, Apple Intelligence can draw on larger server-based models, running on Apple silicon, to handle more complex requests for you while protecting your privacy.
They can use nice sounding words such as "privacy at every step" and "protecting your privacy", but that's marketing. The facts are that Apple Intelligence is baked into the core of your iPhone for analyzing personal data and they send the data to the cloud.
Unfortunately Apple is in $HN_GOOD_COMPANIES and Microsoft is in $HN_BAD_COMPANIES so facts don't matter, but yes Windows Recall is objectively more private than Apple Intelligence.
this would presumambly also prevent signal from working over RDP/remote desktop.
With that said, anyone by default this seems somewhat pointless (though I might be wrong), as by default it seems signal keeps the entire message history in a sqlite DB on the machine. While one can argue that the screenshot history is problematic, the sqlite DB is just as problematic if one views it as a need to have good privacy defaults, and I'd argue that the sqlite DB is much more valuable to exfilitrate than the screenshot history.
Now, one can counter that one can purge the message history (all or in part) in a manner that is easier than with Recall, and I'd agree that Recall would be better if it gave the users fine grained ability to purge things from it, but that doesn't change the argument that we are simply seeing virtue signaling here (pun slightly intended), as this change to defaults doesn't really improve a user's privacy.
If an app did this without an off switch, what would be the easiest way to bypass it and take a screenshot anyway, assuming the goal is a higher quality result than taking a picture of the monitor?
Yeah, technically this seems like exactly a DRM scenario: Party A sends information to party B intended for use in a specific context, but wants to limit the risk of it being stored or forwarded for use by other parties or in other contexts.
I have a very nice Microsoft Surface Pro running Windows 10. I refuse to update to Windows 11. Has anyone tried a Linux distribution on such a device? Which one would you recommend?
No OS or app should be able to stop me taking screenshots. Not my phone, not my desktop. It's MY device. I should be able to take screenshots of whatever the hell I want.
And I have the expectation that my OS not take constant screenshots of what I’m doing (Microsoft Recall), which is what this Signal feature is trying to prevent. You’re welcome to turn the feature off so that Microsoft can store screenshots of your Signal chats.
Are you upset about DRM in general? Or that Signal, by default, prevents Windows from capturing the Signal window when it screenshots the screen every few seconds?
because it sounds like Windows is the problem here, doing this screenshotting at all. And Signal allows you to disable the anti-screenshotting measure
Second this. What's the point of this security aspect when everyone has their pocket cameras in their phones? This is nonsense.
The same is true for spyware installed on employee computers. Google laptops will snitch on you if you even attempt to attach USB drive. While there is HDMI and KVMs, there is no point of having these restrictions.
Apps take screenshots all the time, e.g for crash reporting. Then they phone home with them. Most apps obviously ask politely when this happens but I’m sure there are exceptions. Not to mention malicious apps. There is no real security or isolation for screenshots that I’m aware of so app one will happily snap a picture of app two, without needing special permissions. That other app can be your password manager or baking browser tab. So apps explicitly opting into being in the picture is perhaps not such a bad idea.
“ To help mitigate this issue, we made the setting easy to disable (Signal Settings → Privacy → Screen security), but it’s difficult to accidentally disable. Turning off “Screen security” in Signal Desktop on Windows 11 will always display a warning and require confirmation in order to continue.”
If you have to have this kind of monitoring on your OS, to circumvent spying on your apps, something is really wrong and you should probably take the nearest exit.
> If you’re wondering why we’re only implementing this on Windows right now, it’s because the purpose of this setting is to protect your Signal messages from Microsoft Recall.
To nitpick, that doesn't tell me why you're only implementing this now. That tells me why it's more important now, but it doesn't tell me why it wasn't good before now. But the word "only" suggests that there was a reason you didn't do this before now.
I don't think they meant that 'only' in a temporal sense. Rather, they meant why that's the only platform they're implementing it on for the time being.
> "If you're wondering why we're [not implementing this on other platforms right now] [...]"
Hopefully Signal manages to turn all the recent press into a positive for user acquisition. It's a fantastic app and service. In an ideal world, laws could be updated for the digital age such that automated disappearing messages were not considered equivalent to deleting records, but rather to an in-person conversation or phone call for which records would not be expected to be kept in the first place. I'm not holding my breath on that one though.
> “Take a screenshot every few seconds” legitimately sounds like a suggestion from a low-parameter LLM that was given a prompt like “How do I add an arbitrary AI feature to my operating system as quickly as possible in order to make investors happy?”
No, actual AI is smarter than Microsoft managers, it seems:
Here are some ideas for adding an arbitrary AI feature to your operating system quickly to make investors happy:
- AI File Search: NLP for file/setting search (search files by NLP querying)
- Auto Window Layouts: AI-suggested window organization ("coding mode", "research mode" depending on detected usage patterns)
- Smart Notifications: automatic notification condensing to reduce clutter
- AI Clipboard: Keeping a categorized clipboard paste based on content
- Predictive App Launcher: Suggests apps based on daytime, usage, recently opened files
- AI Wallpaper/Theme: Smart visual suggestions, i.e. wallpaper based on current weather, mood, etc.
- Voice Quick Commands: AI-based voice OS control ("Open browser")
- AI System optimization: for example, content-based disk space cleanup
You know I understand this is HN so I might get downvoted for saying this (with no explanation) but we should start enforcing computer crimes when corporations do it
If Microsoft decides spying on you and inflicting DRM or whatever or any of the other companies they should be liable in criminal prosecution
At least some of these you could plausibly argue even violate the CFAA and is about on the same level of some lone black hat hackers
I switched to Linux permanently in 2015. Didn't know it would get this bad but forced updates was what convinced me to switch. It seems every time I see Microsoft in the news, it's very specifically NOT for good reasons. Grabbing my popcorn...
I look forward to the first report of domestic abuse or worse caused by recall. I really hope this never happens and pray it doesn’t but I am 100% sure someone is going to utilize this feature to see exactly what their bf/gf is doing when online.
Those who are not very tech savvy will ultimately do something online and their partner will look and see exactly what they did and snap.
This scenario will be Microsoft’s fault. They are literally installing spyware as a feature. I hope no one gets killed.
As per the aicorp jurisprudence copyright doesn’t apply to AI usecases, so I’m sure they’ll fix the DRM „no screenshots“ flag preventing AI capture — it’s only legally self-consistent. Teams probably gets its own private API to exclude itself anyway (all Teams content must be privy only to the TeamsAI).
From a legal standpoint, it's also not a privacy issue, since the US Supreme Court eliminated the right to privacy at the same time as Roe v Wade. Certainly, it's not trademark related.
Microsoft really seems out of control. Yesterday I noticed that OneDrive was turned on automatically (I've always been very clear about not turning it on). Which was incredibly shocking to me, that they'd just turn on uploading my data to the cloud on the sly. And of course, it's nearly impossible to turn off Edge loading things. I'm really on the verge of switching to Linux, it's getting too awful
I’ve been running Linux distros on my primary machines for over a decade now, and there’s no way I’m going back. Even a few years ago I figured “when I finish grad school, I’ll probably get a Mac just for a smoother experience working with colleagues.” But even in the past few years the volume of complaints I hear from friends and colleagues seems to have skyrocketed - updates randomly breaking their environments, new annoying barriers to installing real software, pestering notifications that you can’t seem to turn off. Meanwhile, my Linux experience only seems to improve! And I hate Windows with a burning passion - just no way I’m using it on my personal machines.
Been using Linux for ages, but only for a few years on my home desktop, because Steam is now that good, and gaming is a major part of that computers duties.
HOWEVER - I've yet to find a good email client. Kmail is good, but uses Akonadi with is a disaster, and literally doesn't work. I have to restart it multiple times a day, because it silently stops working. I have found bug reports about this issue going back years which are either ignored or marked fixed, which it clearly isn't.
Thunderbird. Seriously though, why do people hate on it so much? I use it on all of my non-mobile devices and the latest version out of the box (at least for Linux desktops) is really sleek.
My only issue is Google Calendar integration, and that's only because auto-generated calendar entries suck and cannot be dismissed. When those events pop up, I just click on the link in the notification which takes me to the email and calendar view, and I delete the auto-gemerated event on the Gmail website.
I've heard folks complain it gets slow with very large or old mailboxes. One reason that happens is that they need to be compacted, another is that the sqlites need to be vacuumed.
So, twice a year I compact my mailboxes, and I put a sqlite command loop to vacuum in my main cleanup script. Which I run maybe once a month.
Yes, strictly speaking I shouldn't need to do this, but my tbird install has been running happily for decades now.
Because in v115 (I think, it's been a while), the interface received a thick coat of clown makeup for no reason, and now it's terrible and there's no way to revert it. You can apparently hack some CSS to make it tolerable, but I'm not going to engage in a war with my email client, because I know that solution will break with every update.
You search for a solution to this, you get plenty of hits of people trying to revert the UI. I'm not alone with this opinion. It's an email client, it's not supposed to be new and exciting. The interface was fine.
All I really want is working Kmail. It's boring in the best kind of way.
Is "Message List Display Options -> Table View" not pretty well exactly what you want? I enabled it (on desktop) shortly after the roll-out, and I've never had it revert back. There's no CSS hackery, no forced reversion, not even a hidden menu - Card vs. Table view is a top-level menu item.
Telling me "There's no way to revert it" feels like, at best, giving up at the sign of the smallest difficulty. At worst it's a bad-faith argument, as it's clearly possible - and fairly easy and straightforward, IMO.
Mozilla themselves called it "Rebuilding The Thunderbird Interface From Scratch", and as we know, rebuilding something from scratch is a great idea, and improves the product on all metrics always.
In my opinion, it's a travesty. I refuse to use it. I would rather use broken Kmail.
Working offline such as on a train. This includes having all emails and attachments saved locally. Also useful for backups. E.g. suppose you get locked out of your email account because "AI says you look suspicious". How ruined is your day?
Managing multiple email accounts in a single interface.
Easily moving emails between different accounts and from online to offline.
Relatedly, storing years of emails with attachments on a local drive is cheap. Storing them in webmail is a hefty subscription fee. I have no issue with one time payments, but I like to minimize subscriptions.
Local search in most commercial software has regressed since ~2000.
My only explanation is that local search is inherently cross-team and integration-heavy. Consequently, if there's no higher-org prioritization it just molds and breaks over time, as unaddressed integration bugs pile up that cannot be fixed by a single team.
Companies shipping their dysfunctional org chart.
Still, I never thought I'd say that I could do things with the built-in search 20 years ago that I can't today.
The only ads I ever see in either Google or Proton web mail clients are for their own services, or if I check the spam folder. And I don't have an ad blocker set up (I have NoScript, but there isn't any third-party JavaScript anyway).
I absolutely hate how Windows now basically forces you to sign in with a Microsoft ID in order to facilitate this kind of stuff. I just want a local system; I don't need all this online crap built into my desktop OS.
For the last two decades or so I've been running Linux for everything (personal and work) except for gaming. I'm to the point of being sufficiently annoyed with Windows that I'm going to set up a Linux disk for gaming to see how that goes. I've used Wine etc. for gaming sporadically throughout the years. Recently that landscape has improved quite a bit thanks to Valve.
While it's been improved a whole lot, it's not all sunshine and rainbow as some game companies decided to drop support after they decided kernel anti-cheat is the way (notably GTA onlin & Apex legend).
That being said, I personally use proton compatibility to gauge whether a game is worth my time so I'm not too bothered by this. And I'm constantly surprised by how much the Venn diagram of games that don't run on Linux and games that have off-putting bullshit unrelated to Linux looks like a single overlapping circle.
While VAC is indeed far from competent at detecting all but the most rudimentary cheats, it is so by design. When the first third party CSGO matchmaking/league services decided to use kernel level AC, Valve publically said they would personally not do such a thing. I can't remember if any exact reasons were named at the time, but I do think it's a fair take on their end. It's not like they're locking developers into using VAC anyway.
Furthermore, more recently they have debuted VACNet, which uses machine learning, most likely to recognize certain patterns and behaviors associated with cheating. Probably still avoidable if one were to use subtle settings and knows how to act properly. But it shows they haven't given up and are trying to explore alternative methods at least. I'm admittedly not familiar with how successful it has been as I have not been playing or even following the game for a long time.
"VAC bans are permanent, non-negotiable, and cannot be removed by Steam Support. If a VAC ban is determined to have been issued incorrectly it will automatically be removed." [0]
False bans cannot be appealed. They do happen. [1] You have no power to deal with them when they happen, and they really, really do happen. [2] You don't just get a game or server ban, you lose pretty much everything, and it becomes a public permanent record. Unless you're part of a headline, you have zero chance of reversal.
Most anti-cheats will immediately kick/ban someone from a game if it detects certain applications or hooks. Good for removing cheaters, but that gives cheat devs immediate feedback that something in their cheat has triggered it – they'll modify the cheat, try again, then see if it's detected or not.
VAC is designed around obscurity. When it detects a cheat it flags the account, and then an indeterminate amount of time later it/Valve bans all the flagged accounts. It makes it much harder for cheat devs to figure out what exactly flagged VAC, but the lack of an immediate ban means that normal players are still putting up with cheaters day in day out.
Another caveat is that VAC only bans you from the game engine. So you could get VAC banned from Counter-Strike and Counter-Strike: Source, yet still be free to hack on Counter-Strike 2.
Also considering how many of Valve's titles are free, there's no wonder why hacks are so prolific in their games.
I recommend Bazzite, a Fedora SilverBlue image customised for gaming on Linux.
I've been gaming on it exclusively for over a year and between it, Steam, and Proton, I'm yet to encounter a game in my steam library that doesn't run.
I don't really care how easy or difficult Linux is, I'm done with Windows.
(On the upside: holy cow some computers work way better with Linux. A crappy $100 Chromebook I had lying around gets over 30 hours of battery life with my normal use now, it's insane. It has become my go-to "just chuck it in a bag for whatever" machine because I can forget to charge it for weeks and it's fine)
An "IdeaPad 3 CB 11IGLO5" apparently, likely from mid 2020. And it's just vanilla Mint + XFCE, I haven't done anything to optimize it. It ain't fast, but it is definitely fast enough for normal web / writing / etc, and 4GB of ram goes a lot further than I expected (with Firefox and a few dozen tabs, I'm at around 2GB used, and I almost never touch even 3GB).
My only real complaint is the pretty crappy screen, it's one of those cheap LCDs that drastically changes color/contrast/etc as you move away from the tiny perfect viewing angle... but that screen is probably a moderate amount of the reason why the battery lasts so long.
When fully charged and on low brightness, Mint claims I have ~77h of battery life. It's definitely over-estimating, but 30 is totally reachable while I'm doing my normal stuff (likely not on high brightness tho). And when closed I lose like 2%/week, noticeably better than any other laptop I've ever had.
It's really easy to just try different distros and desktop environments out. For me, KDE Plasma has been an excellent vaguely Windows shaped Windows replacement.
With MacOS dropping subpixel support for text and with the cleartype patents expiring, Linux font rendering just keeps getting better while the others stay the same or get worse. I can't really conceive any reason to stay on Windows now unless you're a hardcore gamer.
Everything about Microsoft these days feels like they're working to point their software AT me ... not help me in any way, or even think of the end user at all.
I feel like that's the entire tech and b2c space lately. It's a restriction of options and forced compliance into things that take away value and give the company money.
Fedora desktop is actually a really nice experience in 2025. I switched in maybe 2022, after getting annoyed by the surge in nagging. The last time I tried desktop Linux was maybe 2008. Things have come quite a long way since then.
Ive been distro hopping and landedon Fedora KDE plasma edition. It is amazing, so much configurability yet its super slick and clean. It is a real joy to use. Kudos to the dev community.
Recently rebuilt my PC and installed Fedora 42 KDE, it's been great so far, except that I've been running into a reboot/shutdown bug that freezes the system.
I'm using Linux (Ubuntu LTS is a no brainer) on my desktop for years. It enables me to just do the things I want or need to do with my computer. Windows is much more in our way than it's helping us just using our devices.
Linux works.
At home I made the switch in 2003, after a couple of years triple booting Win98, OS/2 and Linux. I feel lucky to have never used XP/Vista/7/8/10/11.
If you ever sign into a Microsoft account - i.e. when setting up your PC since it's nearly mandatory - Windows turns on OneDrive automatically even if you explicitly opt out of it during the setup wizard because apparently user consent doesn't mean anything. Happened to me a couple times.
I've never had it hijack the desktop/documents/pictures folder when I've explicitly disabled it, so perhaps that's a viable workaround. Ie enable OneDrive, but have it use it's own separate folders and just ignore those.
That said, really dark pattern to enable stuff users have explicitly said no to. Microsoft really is a two-headed monster these days. Parts of Windows is really good, but then there's shit like this that just ruins it.
Chrome on linux does the same sadly... prompts to be the default browser, never remembers the "no" option, and if you misclick the small 'x', it sets itself as the default again.
if signal tried to do something this bad themeselves, we wouldnt really be able to for it or switch to another client. Just another bad actor bitching about worse actors, huh?
I bought an AMD mini-PC. It came with windows 11, but I just yanked that NVMe drive out, and installed Linux on it. Linux support for such devices is excellent because they're basically down to just one SoC package that's been tested by AMD. This one also has an Intel Wifi/Bluetooth chip, which is exactly as flaky as any other Intel product would be with any other OS.
Anyway, there are options to disable TPM in the BIOS if you care, but I don't think any of the DRM stuff works by default.
The tradeoff here is "do you want to trust this repeat abuser again, or trust someone else who has not been [as] abusive?", not "do you want to trust this repeat abuser again, or nobody ever again?"
You're presenting an extreme example of a false dichotomy.
I don't see MS as the problem, but the structure of how we, as a society, create and use IT.
Signal uses DRM to protect its users from the OS. This is nice, because now they don't have to run to some other companies that could do the same thing.
The "DRM" used here by Signal is just a Win32 function that keeps a window out of screen capture, not an anti-tamper software nor a protected media path.
Isn't that how trust works? You stop trusting those that don't deserve it. Unless you're a complete isolationist and/or sociopath living off the land in the woods, you need some level of trust in others.
I'm normally not one to attack the messenger and just attack the message, but lay off the crack.
99% of users don't want anything even remotely like this. The thought of a single database (even encrypted) that could contain random login/password information, personal information, etc. and easily exfiltrated by whatever new zero-day of the week is NOT pleasant in the slightest.
If I could run the model locally I would do that, but sending screenshots of everything I do + metadata to microsoft is way too much for me because, to start, I don’t want them selling my data to advertisers.
It’s still not fully user-controllable, which is a critical distinction. It remains local-only until Microsoft decides otherwise, and MS can always put in hooks that makes it easy for them to exfiltrate specific data that was technically harvested locally on a per-user or per-demographic basis. The level of trust required is truly extraordinary.
Er, isn't that how onedrive works? It's not a "tin foil hat" move to point out that that's exactly what does happen to users who aren't paying attention and opting out, and it's equally valid to extrapolate that they might continue similar behaviors with new features.
With AI that processes periodically-captured screenshots, the threat is an order of magnitude greater. It’s always been possible for companies to indiscriminately copy data, but cost and risk of detection have made doing so an expensive and risky proposition. AI flips that on its head and makes it possible to target individuals and groups with incredible precision and reduces the volume of data that needs to be transmitted to almost nothing.
Not in the fullest sense. It can be turned off (for now), but its behavior once enabled is subject entirely to Microsoft’s whims.
Full user control is what you’d have if e.g. you were running a FOSS Recall analogue powered by the local LLM of your choice on some flavor of Linux. That setup will only ever do what the user intends it to and barring supply chain exploits, cannot go rogue.
The behavior of Windows is subject to Microsoft's whims. Microsoft could just as easily have pushed an update to Windows XP that exfiltrated sensitive screenshots too. The existence of a user-facing feature changes nothing at all here
See again: Raymond Chen's "other side of an airtight hatchway" analogy. Microsoft already have ring 0 access to your machine
Alright, let’s rephrase it to be a bit more pedantry-proof: A Linux-based FOSS analogue of Recall built on a self-hosted LLM of the user’s choice will never actively undermine the user’s privacy or sell them out as long as they’ve vetted all software involved.
There’s always the possibility of vulnerabilities and exploits but that’s not the point.
Oh, is it that lightweight? I’ll look forward to the open source equivalent then. I try not to rope myself into services that may change for the worse later, but I’ve got nothing against the idea.
>To help mitigate this issue, we made the setting easy to disable (Signal Settings → Privacy → Screen security), but it’s difficult to accidentally disable
It's easy to disable, but it's difficult to disable?
They aren't opposites though. Its entirely possible to have something "easy to disable" and "difficult to accidentally disable".
Easy to disable, in that there are some easy to understand and find steps to disable it. Difficult to accidentally disable, meaning its not something that would be disabled as a side effect of some other change, isn't just a single click, isn't poorly labeled or described, etc.
In this case, it is first presented as a check box in the Privacy Settings area. It is titled "Screen security" and says "Prevent screenshots of Signal on this computer for added privacy.". Well documented. Click the check box, and it presents a modal window. The window then says, "Disable screen security? If disabled, this may allow Microsoft Windows to capture screenshots of Signal and use them for features that may not be private." You then have a Cancel or Disable buttons.
Its two steps to change it after navigating to that part of the menu. The positions to click are different between the two steps. It confirms if you're really wanting to disable it, and tells you things may be able to take screenshots of the app.
This reminds me of platforms which require you to type the name of a resource to delete something potentially important. It's easy to do, but one wouldn't accidentally click a button, type the full name of the resource, then click the confirm button.
My electric lawn mower is both easy to start the blade and difficult to accidentally start. You have to hold a button and then pull the start lever. Its two actions that you reasonably have to do with two hands in a particular order. Both actions are easy to do, doing both of them are easy (assuming you have two somewhat functional hands). Once going you just need to continue to hold the lever and just release that to stop the blade.
To me, if something is "difficult to disable" in any way, accidentally or not, then by definition it can't be "easy to disable". You might disagree but that's ok.
Well then, I guess you're just intentionally misquoting it to drive confusion or something. "Difficult to do something" and "difficult to accidentally do something" are two radically different concepts. Typing in a password is easy, accidentally pressing random keys and having it be the password is hard. Pressing delete and then typing "delete me" and then clicking OK is pretty easy, accidentally clicking random spots on your screen and jamming random key presses and having it accidentally get deleted is hard. You may still have deleted something you later decide you shouldn't have, but you absolutely intentionally issued the delete.
Putting a cover over a button that can still be flipped open is a real-world example of making something difficult to accidentally do while still making it easy to actually do it. You pretty much have to want to press the button, you're not just going to set something down and accidentally trigger the button. Do you really disagree about that? How is it not making it more difficult to do on accident?
Or like my lawn mower example. How would I accidentally start the mower? You can see it would be difficult for me to accidentally start the mower, right? My hand wouldn't just brush against it and have it start going, correct? And it has a few other interlocks, such as the handle needs to be fully extended and locked at the right angle; you can't start it when its folded up. And yet this two-stage motion is still really easy to do for most people with two hands, right? And it's clearly documented on the mower how to do it with obvious glyphs that show it will start the blade.
And with the button cover, I wouldn't just end up leaning against the console and accidentally pressing the button, correct? But one can trivially just flip the cover and press the button still, right? But we made it more difficult to accidentally press it?
Meanwhile, they could have made it significantly easier to accidentally start the lawn mower. They could have made it without those interlocks. They could have just made the handle capacitive and any light brush with a hand would have started it. The button with a cover could have been made bigger and more sensitive and placed exactly next to where people naturally rest their hands or on the corner right at knee level ready to be bumped with no cover and unlabeled. So in these cases, its significantly harder to accidentally do the action than what it could have been, meanwhile still being generally pretty easy to do if you're intending to do it.
There are plenty of examples of things that are easy to do and at same time difficult to accidentally do. One that came to mind is the "slide to unlock" interface from the first iPhone.
not at all. "easy to disable" means you can easily find the place where and how to do it. "difficult to accidentally disable" means you can't disable it without intentionally going to the place and making that choice. of course there are cases where easy to change something also means easy to accidentally change it, and those are annoying. but they don't have to be like that.
Yes sure. There isn't much a userland app can actually do if your OS wants to spy on you. I wonder why they spend their time on this?
Meanwhile, Signal still requires a phone number to register and use. It's terrible: phone numbers are easy to lose, and not everyone has a phone number.
I like the ideas behind the Session[0] messenger: create an account with no authentication (no phone number, no email, no nothing), get a list-of-words-to-note-down, which allows you to access your account from any device. You get a UUID or something as your user id. Share that with a QR code or send a link over an existing channel to connect to someone.
To me this seems way ahead of Signal. I'm not affiliated with Session and haven't actually persuaded anyone to start using it just yet, so I don't really know how it is in practice. But the UX of creating an account made me weep tears of joy and hope <3
At least you should admit it's conceptually much nicer than Signal, even if they got the details wrong and/or intentionally backdoored.
I'll continue using Facebook messenger then, until someone figures out secure messaging without requiring me to hand over my phone number and/or email...
I'm not in the US. My current phone number is from a different country than the one I'm currently residing in. Endless headaches. Could I get a local phone number? Sure, but different kinds of headaches: updating all those asshole services who required me to give them a phone number.
> phone number portability
Portability? That makes me think "possible to hijack", ie "easy to lose".
Are you immune to SIM swap? If so, how have you achieved that?
Is this a socioeconomic status thing? Cellphone plans are dirt cheap, on the order of $20-30 for a modest plan. I guess it's theoretically easier to lose than a free email plan, but I don't see either actually occurring.
> To me this seems way ahead of Signal. I'm not affiliated with Session and haven't actually persuaded anyone to start using it just yet, so I don't really know how it is in practice.
I'm happy to have this setting. It's a great setting and I appreciate Signal adding it.
However, if an attacker has the ability to directly query the Recall database, they almost certainly have access to read all your Signal messages on your device. The locations where Recall files live are even more protected and isolated than your %APPDATA%\Roaming\Signal directory is.
Everything running as you on your computer has full control of all your Signal messages and your identity assigned to the device. This is untrue of your Recall data, which from last I saw required a lot of finagling to get the permissions right for you to access it raw.
It's kind of funny that this argument always comes up when talking about Windows security.
What if I told you that botched sandboxing by default is not the standard we should accept? And that Windows' lack of competence to isolate processes isn't even what the NT Kernel envisioned (see e.g. ReactOS)?
I'd never run Windows as a host system, given the track record of how Microsoft deals with RCEs and privilege escalation issues that have been unfixed for decades at this point.
* Arguing about what should be doesn't alter the facts of the current situation
* It's unfair to single out Windows here, when other platforms are not much better. Mechanisms for stronger sandboxing and storage firewalling do exist on all platforms, but in practice these are barely used on desktops, and this is true across all three major OS families. E.g. Flatpaks exist, but I believe they still represent the minority of actual application installs
And ironically Wayland also gets frequent, heavy criticism for doing the right thing here - treating screen or input capture as a privileged operation, rather than a default right of any random application you have running (though I agree they should have standardized an escape hatch earlier)
I do not want stronger sandboxing for my apps. I'll only allow it to run on my machine if I trust it anyway. I'm not worried about my apps being able to read my data. If a piece of software doesn't do what I want safely and securely, then I don't try to duct-tape it into a sandbox that's regularly broken out of anyway. I remove and use other software.
If flatpak/appimage are the only way to get a piece of software, I won't even waste my time evaluating it.
Do you also run everything as root?
No, I don't. Because it doesn't need to. But not running as root already provides all the protection I want. System files are not my data. My data lives in my home. I want my apps to have access to my stuff, not the whole system. But more importantly, I do want them to be able to talk to each other and effortlessly open files written by one another. "Isolating" them from each other is pointless if I then proceed to punch holes in everything just so it can work.
"This thing isn't working ... "Oh... it turns out it was missing a permission, should I give it that permission? What's it for? Fuck if I know..."
Or the other way round:
"This app seems like it's working properly, but can I restrict this particular permission for it? Fuck if I know. I'll just try and see if anything is broken"
Or I can just run the application normally and have everything always work.
You should dig into ~/.local and what happens there. I'd never store my keepassxc database file in my home folder if I were you.
Apps need sandboxing, because the linux/posix philosophy of separation through users and groups for each process doesn't really work in the modern day and how graphical software works.
Firejail's approach comes close to "sane" user sandboxes, but technically that's the job of the init daemon (pid 0), there's just no GUI for systemd sandboxes yet that's easily usable.
Podman is also really nice as a user-facing sandboxing daemon.
i know what happens in there. Shit that I install because I want to goes in there. And my keepassxc password is protected by a strong password and a hardware token. They are specifically designed so you can safely store them anywhere (ex cloud backup), so I don't see why you brought that specific example up
Well, I agree with the Wayland and copy/paste clusterfvck.
I was more referring towards Qubes. I think Qubes does a lot of things right, I just wish its user facing settings and tools were easier to use in a graphical manner.
It's the same security for the Signal as on MacOS and Linux. Your user has full control to it, generally all processes running as you can see it and mess with it.
Recall is encrypted with a key in the TPM. But getting access to that encrypted sqlite db is a yawn.
Getting the key is harder, but possible. You can breach into Microsoft's group with a particular set of GPOs - if you can run a particular set of server commands on the local network.
Signal data is encrypted at rest. The key is stored in the OS store - usually meaning the TPM.
However, the key isn't in Microsoft's main grouping. To date, no one has extracted the Signal key this way. Other exploits are required.
Signal being smaller than the whole of Microsoft, reduces the attack surface.
If Signal uses the Windows Data Protection API for saving/encrypting the key (and some data online suggests that it does), then it’s trivial to fetch it back with the same APIs if you’re running as the same user. (I use `keyring` on Windows to access the key(s) VMware Workstation uses to encrypt Windows 11 VM vTPMs)
It’s kept secure by a chain of keys that may be backed by the TPM, but the security boundary is the user, not the app identity. IIRC Store/UWP apps may get their own boundary for credentials (due to how .appx is implemented).
> no one has extracted the Signal key this way
This is incorrect. Any process running as your user can trivially get the key.
At least this gives forward secrecy, so if someone takes control of your computer they can only spy on signal messages AFTER that point, and can't access prior messages that Recall has captured.
This is only forward secrecy for messages that were deleted and would have been captured by Recall and are still within the snapshot history which has a maximum number of days.
All the messages you've previously synced to the device exist in that Signal AppData directory and can be trivially searched and read by any application running as your user account. And all attachments are also just sitting there.
For example:
https://vmois.dev/query-signal-desktop-messages-sqlite/
Given how popular the disappearing messages feature is, a lot of messages are going to be deleted where Recall is a second, less tested copy of things which the user believes are gone. Given the past history of AI tools it seems dangerously likely that someone would find that their Recall history was retained longer than necessary or could be retrieved through some creative misuse of Recall which doesn’t require system access.
> Given how popular the disappearing messages feature is,
I don't think it's really that popular or extensively used. Most people I know who use signal use it pretty rarely. I'll turn it on when I'm about to send something sensitive, but generally it's not enabled. I've been using Signal since 2015 and I've probably only sent or received a hundred or so disappearing messages. I've sent and received many, many thousands of messages. And I mean even in this HN thread tons of people are taking about how they wish the iOS app would have better backup and transfer functions. Something tells me they're not itching to transfer all those already deleted messages.
And sure, maybe Recall ends up saving things longer than it was set for. Maybe Signal does as well. And once again, accessing all your Signal database doesn't even require system privileges just your local user account.
Your browser can access all your Signal messages. Your chat app can access all your Signal messages. Your email client can access all your Signal messages. Your calculator app can access all your Signal messages. That videogame made by Tencent can access all your Signal messages. They don't even have to screengrab, they can just read them.
You should be able to access everything on your own computer - that is a good thing.
The real problem with Recall is that Microsoft will access the data to apply some algorithmic secret sauce. The product manager already probably has all kinds of ideas for the future: targeting ads, upselling licenses, or making MS more attractive to law enforcement.
Yes, there is a benefit for the user, like a nicer search or something, but that is relatively minor. ..because Microsoft is not your friend. This feature is born from a harvesting mindset.
Regarding disappearing messages: I have two chats on WhatsApp where disappearing messages are turned off, and maybe a handful on Signal.
It is actually less common to disable them on WhatsApp than on Signal, mainly because Signal forbids delete windows longer than four weeks. That is not long enough sometimes.
I have no idea how our usage here ends up being so dramatically different. I don't even tend to talk about the feature with most contacts.
> Microsoft will access the data
Incorrect. This runs locally. Microsoft is advertising the data just as much as you opening the file in notepad or browsing a folder in explorer.
And once again I just point to all the people complaining about a lack of backup and weak transfer ability. They're not looking to backup a nearly empty history.
> Incorrect. This runs locally.
It does not matter whether Recall runs locally. Microsoft controls the OS, the feature, and the update pipeline. If they decide tomorrow to start syncing Recall data to the cloud - for any reason - they can. The local processing angle is just an implementation detail, not a meaningful protection.
What matters is that - with this feature turned on - MS is structuring and indexing your private data at the system level. That is not a neutral act. Once the data is structured and accessible, uploading it is trivial. And given Microsoft's cloud-first direction, the trajectory seems clear to me.
I understand your point, but the theoretical similarity between unstructured local data and the Recall database is not useful in practice. It's like telling a farmer that it doesn't matter whether the grain is in the barn or still in the field because he can access it either way.
> Microsoft controls the OS, the feature, and the update pipeline
So then this is true whether or not Recall exists, because Microsoft could have gathered this data either way. They could decide tomorrow to have Explorer siphon off that data, they could have Edge siphon off that data, they could have Windows update siphon off that data. Microsoft could have silently been doing this the whole time.
If you don't trust Microsoft with Recall, you shouldn't trust Microsoft with any of it. And you probably should have moved off Windows a long time before.
> MS is structuring and indexing your private data at the system level
This has been going on for a long time. Once again, if you don't like the idea of Microsoft running software in a Microsoft operating system to read your files you really shouldn't be running Windows, and shouldn't have been running Windows for decades.
https://en.wikipedia.org/wiki/Windows_Search
https://en.wikipedia.org/wiki/Windows_thumbnail_cache
signal desktop keeps database keys in the os keystore via electron safestorage api
on linux that’ll be kwallet or something, on mac it’s the keyring. it’s as secure as your password manager
edit: okay, you’re right, on windows it’s useless lol https://www.electronjs.org/docs/latest/api/safe-storage
> [on Windows] content is protected from other users on the same machine, but not from other apps running in the same userspace.
It's not different on Linux, every App can access any key in kwallet. To make this not possible the os would need to generate some kind of unique app id that can access only what it stored. This would probably result in a lot of lost passwords for normal users.
Right, this feels like an entry to Raymond Chen's "it rather involved being on the other side of this airtight hatchway"!
I have nothing against Signal implementing screenshot hiding. But it's not exactly fixing a gaping security hole.
I agree with Signal here and love their commitment. Strangely (to me) they do 'recall' things in other ways:
* They have a message retention setting, 'Disappearing messages'; it works on message correspondents' devices too (if Ali sets Disappearing messages' to '1 day' for the chat with Barry, and then texts Barry, 1 day later Signal deletes the message on both Ali's and Barry's devices).
However, 'Disappearing messages' applies only to text messages. For every voice and video call, Signal retains a record of the date and time and the participants, and Signal saves it on the devices of each participant. Beyond a doubt, Signal's developers are well aware of the value of such metadata - as valuable as call content, in different ways - and the need for confidentiality (if you aren't familiar with that particular issue, I promise that every security professional is).
I'm shocked that they do it. What about a human rights dissident who is arrested - or whose phone is stolen - their phone won't show any sign of the text messages but it shows everyone they called and when, implicating all those other people and putting them at risk, and also evidence against the phone's owner. And even if they are disciplined and manually delete each of those records - afaik you can delete each call record one at a time - the other call participants' phones still retain the records. There is nothing someone can do to protect themself.
Better security here doesn't seem hard to implement. Also, I think having different settings for text messages and for voice/video calls makes retention settings more confusing for users. Many will believe they are safe without realizing the risk of this metadata - they trust the experts at Signal to understand these things and keep them safe - and many will assume everything disappears. Just have one setting for all data and metadata in the chat.
* Also, afaik if you delete the entire correpondence with someone - delete their entire chat history and delete them from the Signal address book - Signal retains information on them, such as settings for that chat. It seems that an attacker could identify all the deleted correspondents; again, there's no way to protect yourself.
> Better security here doesn't seem hard to implement.
You seem to assume it would be very simple to implement this — how do you come to this conclusion? My priors would suggest that the vast amount of effort that went into the Signal protocol renders low-hanging fruit regarding privacy fairly unlikely.
The GP is actually right here, Signal keeps the call log in the message history (deleting the call entry from the message history deletes it from the call log), but the disappearing messages setting doesn't get applied to the call log.
It's weird to see a bunch of messages, a call, more messages, and a day later the messages around are gone, but the call remains in the history. They could have just applied the disappearing messages settings to the call entries too, as it would be natural to do, and this problem wouldn't exist.
I don't think it's malicious, because what the server knows is independent of what the UI shows, but it's a very odd UI issue that does reduce privacy.
> Signal keeps the call log in the message history
Do you mean in the UI or do you mean in the underlying database, or in both?
They keep it in the UI, therefore I assume in the database as well. If you delete a call entry in the message history (like you delete a message), it gets removed from the "call history" tab as well.
The UI could combine data from two db tables. Anyway, that part is just a curiosity.
Sure, but that's still "both the UI and the DB".
> vast amount of effort that went into the Signal protocol
If it requires protocol development, I'd agree. I expect - knowing no more than Signal's blog posts - that it has two components:
* Local database: These records need a retention period column, somehow - however they implement it with text messages. That seems straightforward.
* 'Distributed retention' - implementing the retention period setting on the remote devices of other call participants. I expect they would do it the same way they do with text messages, and I would guess it's just a field in a packet somewhere; e.g., establish a secure connection and then in the call's initial packet,
Correct. Signal also saves changes to the disappearing messages timer by default.
> but it shows everyone they called and when
Let's not forget that Signal uses real life phone numbers as identifiers, making the secret police's job even easier.
It can use usernames now. I don't have any of my Signal contacts in my contact list, and I can't see their phone numbers any more since they introduced the usernames. Not sure if by digging in the database files I could extract the numbers or not.
Can you sign up without a phone number?
I think it's required to sign up. It's never used after that (unless you want to use it).
> I think it's required to sign up.
Ok, now where are Signal's servers hosted? You're not safe for any secret police from those countries and countries friendly to the hosting countries.
> It's never used after that (unless you want to use it).
As in there's no way to accidentally leak your phone number to your contacts on, say, a new installation that comes with the option to make it visible by default?
Edit: You are making one uninformed assertion after another. Stop making endless errors and just look up these things at signal.org. They are very open about it.
> Ok, now where are Signal's servers hosted? You're not safe for any secret police from those countries and countries friendly to the hosting countries.
Signal is very open about what information they collect, which is all they can produce: a phone number, and "the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service".
https://signal.org/bigbrother/eastern-virginia-grand-jury/
> As in there's no way to accidentally leak your phone number to your contacts on, say, a new installation that comes with the option to make it visible by default?
Is there? What are you claiming, and based on what? There are infinite speculative security risks.
I wonder if 2025 will be the year of Linux.
Windows has turned itself into spyware. Apple is too expensive and going the same way.
Meanwhile the user experience of Linux has dramatically increased. Put on a good skin and most people wouldn't notice the difference. You don't need to reply that you can, I know you can. You're on HN. But most people just use their computer for the browser and most people can't tell Chrome from Firefox. Most people get their lockin by their tech friend or child. Really, Microsoft's only lockin remains Office.
It won't be a complete shift but the signs of growing userbase is there. Would be a huge win for open source! If you haven't tried Linux in a few years try giving something like PopOS a go or if you want to say you use Arch then try EndeavourOS. Both are very stable, latter slightly less.
Edit: enfuse was right, I should have suggested EndeavourOS instead of Manjaro.
The problem is, until laptops sold at Walmart or Best Buy start coming with Linux pre-installed as an option, adoption will never happen. Installing an aftermarket OS is just an incredibly unrealistic expectation from the average user.
Microsoft knows this, and they will do everything they can to prevent OEMs from shipping anything other than Windows. Apple of course, forget it. Their profit comes from leeching off FOSS and selling it, they would never allow distribution of it directly.
If you want to see this, make sure your browser agent is broadcasting Linux[0]. Make sure you're using Steam in Linux.
But right now Steam has Linux at <3%[1]. It is more than OSX, but not enough. I do think above 5% and it'll start to be taken seriously, and 10% we'll start seeing moves. Linux doesn't need 90% of the marketshare to dramatically change the world. 10% is more than enough. Even 20% would be momentous and force both Microsoft and Apple to change strategies. Don't feel like there's no hope. Just because it is an unrealistic expectation today doesn't mean it will be tomorrow. And your actions today change the odds of what happens tomorrow. So don't give up.
You don't have to change the world overnight. But you do need to make steps in the right direction, even if small, to make the world move.
[0] You can even do this while using Windows! Hell, you can use Chrome and tell people you're using Firefox on Linux if you believe in those things but just are unwilling to make the switch yourself. The signaling still does something (it is better than nothing).
[1] https://store.steampowered.com/hwsurvey/Steam-Hardware-Softw...
> But right now Steam has Linux at <3%[1].
I think the overwhelming majority of this is Steam Deck usage. While that's certainly a feather in the cap for Linux, I don't think really counts toward Linux momentum as we're using the term here. Nobody is going to start investing in polished desktop Linux software because there are a lot of Steam Deck buyers.
But important to note, there's only a 0.05 difference between Arch and Mint. It's important to note because
Maybe not, but also polishing of the Linux desktop has happened regardless of this. In fact, it is what drove SteamOS. Please refer to the items on [1] as literally the top 8 distros were developed for this explicit purpose (making Linux more user friendly).[0] We can determine it to be true or false.
[1] https://distrowatch.com/
Where did you pull this data for? I get exteremely different results myself:
https://i.imgur.com/vyC10O6.png
I literally just googled "Steam hardware survey"
Btw, for some reason I can't view that image. Tried in 3 browsers on my phone...
I came back and found the difference. You clicked "Linux Only". But I'm glad you did, because it gives us additional information helping us actually answer the previous question more accurately. Strongly falsifying the earlier conjecture that they were mostly SteamOS. We can see only a third are. 2/3rds of Linux Gamers are NOT using SteamOS (definitely a subset of SteamOS users are also not using a Steam Deck)
With the number of Steam Decks sold estimated at 3-4 million, and the number of monthly active Steam users being around 130 million, I think it's safe to say that 0.21% does not represent SteamOS install base. As far as I know, SteamOS doesn't show as Arch, but rather as its own thing
The way to make Linux takeover is get kids using it
To get kids using it needs to do lots of cool shit easily
Windows could play games easily when Linux could not even use a USB mouse
The time is right to make Linux do cool shit easily with local generative models that help iteratively create games
Replace all the desktop legacy with some blank canvas and local models that draw on the canvas. Ship some baked in models to generate shells of games to iterate from, boom.
This is exactly the fear of big SaaS and why VCs outside a key handful are done with it.
Apple Silicon is a glimpse of local compute future. Fanless laptops running models that generate entire coherent universes like Marvel and Star Wars. (Don’t need giant models just dense enough to get 80% and let users “zoom and enhance” with their own input)
Show that potential with local models on Linux and it’s over. Three options then; government demands hardware is locked down to preserve Hollywood/gaming/media, open compute wins, or both sides destroy the world over it.
In an interview with IGN during Covid lockdown Gabe Newell was describing generative AI as an existential threat to content creators. It could be temporary as the next gen grows up with a new normal and doesn’t obsess about a career in digital design or web dev, yt video production. It could end humanity as existential dread settles in for millions stuck in some narrative about their existence that no longer holds economic value.
Interesting times.
Games? I'll give you that. But honestly, Steam has really made that almost a non-issue. Good guy steam! (their work has affected more than SteamOS)
This seems like the opposite of what you initially argued.Models as in... LLMs or ML models? This seems like a great way to break things. I'd really encourage you to get these things to try to do what you're saying they should do.
Where are you going with this? I'm an ML researcher... these models are generally made and deployed on linux systems. Explicitly because they work better there and is easier to deal with. Serious question: you okay? Did a LLM contribute to your comment? Did a LLM make the whole comment? GPT, can you describe to me Act 4 Scene 5 from Henry V but as told by a Pirate from the deep south? (American south)Your last line sounds like it'll get some hilarious prompts. I'm going to try it.
How'd it turn out?
> honestly, Steam has really made that almost a non-issue.
Not for online gaming.
I haven't tried tbh, but I also hadn't heard about it. What's the issue?
Kernel-level anti-cheats. It's pretty much a prerequisite for any sort of competitive multiplayer gaming these days, but also increasingly common even for online coop. And they usually only work on Windows.
[flagged]
[flagged]
[flagged]
[flagged]
KDE has seen plenty of activity related to the Steam Desk, I heard. Valve regularly contribute to Wine, which is used for desktop Windows software. If the entire stack is consistent between the two, how wouldn't it translate to better desktop software? It's the same as how server investment in the kernel benefits the desktop users, only with a much greater intersection.
Yo. Just came here to say Thanks for the inspiring post. We need more you. ;^)
I think a lot of people feel powerless when going against such big entities. I get this. But I think it is important to remind everyone that you don't need to do everything at once.
Our job often involves breaking down big problems into many little problems. So it should be clear that making little steps makes progress towards solving the big problems. It can be easy to feel like that progress isn't happening and it can be frustrating that it isn't happening fast enough. But our experience should also tell us that it all seems to quickly come together towards the end. There was never a magic leap, it was all the small steps put together.
Linux advocacy often reminds me of a favourite quote from Margaret Mead:
“Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it’s the only thing that ever has.”
I think it’s very promising, if you believe in the potential of Linux on the desktop, that gaming used to be the standard “Linux doesn’t do what I need, so I stay on Windows” argument. Thanks to a lot of investment and hard work, particularly by Valve and others contributing to software like Wine/Proton, that is no longer the case. Many games work fine on Linux today, even among the big names. Some even have native versions. It mostly seems to be “anti-cheat” measures that are statistically indistinguishable from malware that still cause trouble.
Another potential sticking point for adoption by home users today is that few, if any, of the big streaming services work well on Linux. This also seems to come down at least partly to DRM. A cynic might suggest that this is because Linux will give a more appropriate response if a copy protection system tries to do invasive things that it has no business doing on someone else’s computer. In any case, it’s another significant barrier, but if we could get to the point where you could at least watch HD content like users of other platforms when you’re paying the same subscription fees, it’s another barrier that could fall.
This latter example is, of course, more than a little ironic given the subject of today’s discussion. But then the behaviour that the DRM system is being subverted to protect against by Signal probably wouldn’t fly for more than five minutes on Linux in the first place, so I don’t think Linux not enabling intrusive/abusive DRM is really the problem here…
I agree. I think the problem is it is easier to see the distance we still need to go than the distance we've already covered. It is good to reflect and look back, seeing how far we've come. It's the best thing to motivate continued efforts forward.
This seems to be a big hitch. But we also know that studios will drop these methods (hopefully in favor of ones that actually work without being incredibly invasive) if the userbase pushes back. They can only make these moves because people don't care. Or they care only as far as their mouth, but not to their wallet. Certainly there is addiction here, and that should be accounted for, but it does still warrant push. That's only sufficient as an explanation, rather than an excuse.This seems like a worldview borne from an era where the PC was _the_ definitive, ubiquitous computing device of choice for the layperson. These days, that crown is taken by the smartphone.
If you need a PC in 2025, you're probably a fair bit more knowledgeable than someone buying one in 2005. You're also almost certainly buying one online, possibly even directly from the manufacturer or builder, which means the seller can simply give you options and doesn't have to worry about competing for store shelf space.
> These days, that crown is taken by the smartphone.
Which, if you use Android, is ...Linux...
iOS is really just repackaged UINX.
Surely the people who speak of "linux on the desktop" (not me, for the record) are at least in some small sense alluding to being able to have some of the freedoms historically associated with Linux, originating in the GNU movement and all that? The right to study, share, etc.
What I mean is that I would have picked Android as quite a good example of how the technicality of running the Linux kernel under the hood means very little in terms of users being empowered, or anything of the sort.
You are correct. If folks want that "freedom," then these are not the droids they are looking for.
However, folks that want that freedom, are a pretty small segment of the population, heavily represented in this community. Apple is a 3 trillion-dollar company, because most folks aren't like HN members.
Well ok then, agreed. Most people want what the advertisers tell them they want, absolutely.
Android does not resemble a traditional GNU/Linux desktop.
iOS is pretty much Apple’s fully bespoke operating system at this point. You might be overestimating how much it actually shares with Unix (it boils down to a few standard libraries and terminal commands and no actual code). Functionally, iOS and Linux are only about as similar as a penguin and a robotic statue of a penguin.
Well, I'm not sure exactly what's under the hood, but I write Apple software, and I use a lot of the same NSXXX calls that have been in it since the dawn of OSX.
NextStep was a shell over FreeBSD. MacOS X was an evolution of NextStep.
Some time ago, I wrote a network driver for iOS, and used BSD sockets, accessed via standard C. I remember using the BSD manual, to figure out how to use them.
The NS calls behave the same now, as they did, back when OSX was new, and, at that time, MacOS was definitely UINX. iOS is a direct descendant of MacOS.
macOS is literally certified Unix. Apple still shells out for certification of their new releases, although I'm not sure what they're getting out of it given that macOS Server isn't a thing anymore.
iOS is arguably a subset, but whether it's Unix-like or not is a philosophical question depending on how you define the minimal set of features that'd make it one. It's certainly not Unix-like from the end user perspective.
> Microsoft knows this, and they will do everything they can to prevent OEMs from shipping anything other than Windows
You're right and they effectively licensed XP to Asus for free for use on the Eee PC (which originally only shipped with Linux) when it was shaping up to be a hit.
This is a worthwhile watch if you're interested in this corner of computing history: https://www.youtube.com/watch?v=6bVno8dlM3E
The way that the netbook 'evolutionary branch' went from lean and mean to underspecified bloated windows small laptops is one where I really wonder if MS suffocated something that would have been to their benefit longer term if only they could have put out their own lean OS and an ecosystem of lean software to run on it.
It was at the time mobiles were picking up momentum, and just before tablets arrived on the scene (the ipad launched 2010, the tablet focused Android 3 came out in 2011), and a lot of people migrated away from windows for their personal computing needs. There's also been MS's ultimately failed efforts for their own mobile platform. Besides the established huge momentum of gaming and professional/office usage it's difficult to see why consumers would move to windows, or what MS offers to prevent the momentum slowing and linux slowly chipping away at it.
I worked at a computer shop at the time. Few consumers wanted the Linux versions: they all chose Windows. I'm not sure the license was free, as the Windows machines were more expensive with the same hardware.
Either way: people wanted what they knew, which was Windows, and they paid more for it. I wrote about this before: https://news.ycombinator.com/item?id=41431733
I don't doubt your experience but the linked video emphasizes that the cost for the device with XP was the same $399.
This is from a random contemporaneous TechCrunch article about the 2nd/3rd? gen offerings:
Eee PC 901 (Linux or Windows): $599 Eee PC 1000 (Linux or Windows): $699
https://techcrunch.com/2008/06/13/new-eee-pc-models-get-us-p...
So I checked on the Internet Archive; we sold the EEEPC 900 with Linux for €329, and the Windows EEEPC 901 for €409. The Linux had a Celeron M and the Windows an Atom N270, so I guess I misremember them having identical specs.
I assume the Atom is faster(?) The XP machine felt slower though.
Most people just don't care that they're being spied on. Most people don't care about anything actually, they're in a constant state of despair and see no point to anything so they just try to make the best of the time they have.
Adoption is already happening, as it has been for years, but especially now that MS and Apple are producing worse and worse OS/software that treats the people who use it worse and worse. I'm frequently pleasantly surprised by hearing that someone uses a Linux machine with regularity. It used to be a really rare, techie-only kind of thing. Pulling people away from literal decades of complete personal-computing domination with a completely free, near-zero-marketing alternative is a very slow, gradual process. It's great that those dominant vendors are doing their very best to push everyone to the alternatives :)
This is all well and good, but the problem is, I've seen comments word for word like this one back in 2006 - and wrote some of them myself even. Back then it was Vista that was supposed to drive Windows users away, and, indeed, I personally helped some brave folk switch. Some lasted longer than ours but all were eventually back on Windows.
ChromeOS is the desktop linux you can get installed on Wal-Mart PCs. It is linux even if not the linux we want :D
For what it's worth, it can almost be done (but is still a minority) https://www.dell.com/en-us/shop/dell-laptops/scr/laptops/app...
You can buy a PC with Linux off the shelf in some countries. In practice, it's an open secret that the machines are for people who don't want to pay for a Windows license but will use Windows anyway.
Purism and System76 offer laptops with preinstalled GNU/Linux.
Yes and they are great. But you have to already know they exist and seek them out.
Until these vendors break into EDU it’s an uphill battle.
In WA, every school has Microsoft smart boards and laptops running windows. Kids grow up using it and when they buy their own computers they aren’t going to choose a small boutique builder running an unfamiliar OS they won’t know how to use right away.
Apple has a lock on a lot of EDU as well, and the iPhone is so ubiquitous it’s an easy sell to get folk using other products
Those systems look beautiful but it’s a minority of people that will make a large purchase on something like this.
It would be a surprise if Microsoft didn't have WA locked.
You think kids have brand loyalty to the vendors that scam/muscle/bribe their way into the classroom?
Most of the EDU software is trash, the incentives are all aligned to spend billions on acquiring the contract and close to zero on execution and most of these kids are traumatized from sitting in a classroom with some clueless dope at the front yelling at them to IPad IPad IPad algebra
Don't forget Tuxedo.
I don't know what they're like these days but before they were essentially white-label Clevo hardware with PopOS or Ubuntu, etc.
Why does it matter? They provide the support for GNU/Linux and work fine. Also Purism laptops aren't Clevo and never were.
[dead]
Lenovo currently offers Linux (Ubuntu) as an option Thinkpads. Dell used to once upon a time; I don't know if they still do.
Dell still does.
https://www.dell.com/en-us/shop/dell-laptops/scr/laptops/app...
> Apple is too expensive
Is it? You can get an M1 MacBook Air at Walmart for $699 now. That's more than many of the bottom-of-the-barrel Windows machines out there, but it's not an unreasonable price at all. It'll keep away the lowest-end users, but most of those users 1) are not going to care about the security issues, because they don't know anything about computers beyond base utility, and 2) have mostly switched to doing everything on their phone/tablet, and aren't as big of the computer demographic these days anyway.
The $699 MacBook Air has 8GB of RAM. That's hardly enough now, much less if you plan to keep it for a few years. Which hardly matters when you can get 64GB of DDR5 to put in it for less than $100. Except that it isn't upgradable.
I've been using 8 GB of RAM MacBook since 2015, and by then this “8 GB isn't enough” chorus was strong. Nowadays I use a M1 Air, 8 GB of RAM, zero complains, really.
For most people that just browse the web, write some stuff and do their email, 8 GB is still enough.
Yeah, Apple's bottom barrel pricing isn't terrible, but as soon as you start upping specs the price goes out of control (disproportionally from the underlying costs.) Looking at pricing for the current Macbook Air, it's $400 to upgrade from 16GB to 32GB. A 16GB SODIMM costs ~$40 retail.
That $40 16GB SODIMM is significantly slower than the memory they use - even on the desktop side 16GB of comparable DDR costs twice as much, and that’s before you factor in the latency and bandwidth hit.
The problem is that there’s no alternative in the Mac world for people who don’t want the fastest option any more. Moving from the 16GB MacBook Air to the 32GB is a mandatory CPU/GPU upgrade and there’s no way to only buy one of the two if you don’t need the other.
> That $40 16GB SODIMM is significantly slower than the memory they use
No it isn't, Apple uses ordinary LPDDR5. The higher end models achieve higher bandwidth in the same way as HEDT PCs: By using more memory channels. The base M1 in that MacBook Air doesn't even do that, it has the same memory bandwidth as dual channel DDR5 PCs.
many people in this thread are saying average users are just using their web browser, so they are “served fine with linux”. But apparently 8GB is unacceptable to run a web browser on mac os.
So which is it? lol.
And FYI 8GB is more than enough for a casual desktop/laptop user, at least on the M series macs. I used my wife’s M1 macbook air with 8GB of ram for a week while my new laptop was shipping in the mail. Even if I pushed it with 1 or 2 heavy apps, such as IntelliJ IDE (java development), it performs pretty well, albeit with some paging to disk on large projects. Barely noticeable and the system remained very responsive. For casual usage (zoom, google docs, gmail, instagram) it didn’t fill up the ram.
> many people in this thread are saying average users are just using their web browser, so they are “served fine with linux”. But apparently 8GB is unacceptable to run a web browser on mac os.
Are these things in contradiction? A web browser can very easily use more than 8GB of RAM by itself.
> Barely noticeable and the system remained very responsive.
"It's fine to run out of ram and start swapping because the SSD is fast."
Wearing out the soldered SSD isn't fine.
I've been using an M1 MBP with 8GB of RAM since 2020 for video editing, Blender, music production, and web development, and it's fine. It's not perfect, but it's totally serviceable and I rarely think about it, which tells me that 8GB is enough for the average computer user who's doing much less intense work.
8GB of RAM w/ swap on SSD is just fine for most use cases
No it isn't, and doing that will chew up your SSD. Which on that MacBook Air is soldered.
The answer is it depends i think…
If your SSD is near its max-capacity, then any extra wear has a bad affect on its longevity. But modern SSD’s handle excess writes very well if they are not near capacity.
A few extra GB written to disk daily is a drop in the bucket in an SSD’d TBW rating, no??
I’d say for a casual user with low storage needs, it’s perfectly fine. Otherwise it’s a bad idea imo.
Wear leveling spreads the wear out. If there is no free space, it can't do that, and you're completely screwed.
The problem with swapping is that SSDs are fast. If you have 8GB of RAM and manage to pick up any workload with a 10GB working set size, you're short 2GB, so the OS will have to put 2GB on the SSD. But your working set is 10GB and now only 8GB is in RAM, so it needs that 2GB back immediately. To do that it has to swap out some other 2GB, which it also needs to have back immediately. The result is that your SSD is the bottleneck and ends up maxed out doing writes.
NVMe SSDs will do something like 4GB/sec. Not a few GB a day, a few GB a second. A 256GB consumer SSD that can handle 100 full drive writes over its lifetime can thereby hit its lifetime wear rating in just two hours. Under ordinary storage use that doesn't happen because you're not maxing out the drive for hours on end -- after all, if you were storing ordinary data, writing at 4GB/s would cause the drive to be completely full after only 64 seconds.
But swap is deleting stuff and overwriting it and deleting it again. In a pathological case it could burn out a brand new drive in an afternoon and in more realistic cases could plausibly do it over a few months.
What's telling for me is that SSDs have been a readily available consumer part for around 15 years now, a default option in PCs for quite a while now, and to my knowledge there hasn't been many tales of SSDs dying (specifically for write endurance or otherwise) beyond occasional bad models like the old OCZ vortex2s. Even early torture tests were finding that you'd need to push around 2PB of writes (on smaller drives than we have now) to get failures, and that was on a sample size of 1 for each model. I wouldn't expect a SSD to die more than any other electronics.
I've got a few dozen tales of SSDs dying in machines I've managed. Some dying slow deaths with lots of bad reads, some locking themselves in a read only mode, some just disappearing from the system.
Neither of those assertions is correct. You personally may have a workload which requires more RAM, but there are many people – even developers – who have direct experience otherwise. macOS is notably more memory efficient than Windows and the M series hardware has efficient compression, and that configuration holds up fine for the usual browser+editor+Slack+normal app usage which a lot of developers have.
SSD wear is a concern, but they aren’t using low-end components so you’re looking at 5+ years of daily usage. I used an 8GB M1 for years and when I upgraded to an M3 there was no indication of SSD wear either in measured performance or the diagnostic counters.
> You personally may have a workload which requires more RAM, but there are many people – even developers – who have direct experience otherwise. macOS is notably more memory efficient than Windows and the M series hardware has efficient compression, and that configuration holds up fine for the usual browser+editor+Slack+normal app usage which a lot of developers have.
Sure, it's physically possible to use a machine with 8GB of RAM without running out. If all you do is open some terminals and a single-digit number of browser tabs to well-behaved websites, 8GB is an ocean.
But that use case is the exception, not the rule. Worse, ordinary people don't know what causes it. If you're a developer and your machine is sluggish, you know enough to realize it's because it's swapping, and in turn to know that it's swapping because you opened up some ultra-high-res NASA images in an image viewer and forgot to close them, or because you have the tab open for that awful news website that will suck up 20GB of RAM all by itself with its ridiculous JS, or simply because you have 10 different apps running.
For most people, all they know is that their computer is slow -- which it wouldn't be if it had an adequate amount of RAM.
Meanwhile, because they don't know what causes it, they don't know what to do about it, so they just suffer through it. Which has the machine continuously swapping, which is what wears out the SSD.
I have not used swap for about 10 years and I'm not about to start.
I'm running 8GB on an M2 and it's no problem at all. I'm not a developer, but will run more CPU/memory intensive processes than most users.
No, $699 is too much. That being said price isn't the only thing that keeps me away from Apple. They are beautiful systems but very annoying to use IMO. Speaking as a long time Linux user who occasionally helps people with their computer problems (Mac and Windows).
$699 for a computer that will stop getting updates in just a few years
That's about 6 years. Plenty enough for a laptop that's not upgradeable.
For some perspective: Computer Shopper 1993 GW2K 386SX at $1300. Today that is $2800. That $699 Mac is getting you a machine that would have been a TOP500 supercomputer in the 90s.
And your credit card has a more powerful computer than the Apollo lunar lander.
But software development (for both OS and applications) is continuing in parallel with hardware improvements, so there's a strong implicit demand of you to also continue upgrading, at least if you need to interoperate with any other computer in the world.
If my Grandmother had wheels she would have been a bike. Yes, things change over time. I cringe to think of what some of the original 42" flat screen displays cost relative to the huge (much better looking) OLED panels of today.
Here's one data point. My grandmother and mother now both use Raspberry Pis as their primary computers and are 100% satisfied. My father is looking to switch as well and he's been setting up a GrapheneOS phone I made for him which runs flawlessly.
If year of Linux doesn't arrive by choice, authoritarianism will force the issue one way or another.
My kids have an old Thinkpad T440p that's their Scratch/Roblox/Minecraft machine, and overall it works well enough running Ubuntu (originally 22.04, then 24.04, now 25.04). But it has been far from seamless:
- the built in bluetooth and wifi can't be used at the same time; for a while we mitigated this with a USB wifi module, but that eventually broke and so now bluetooth is just disabled.
- it's hard to figure out what apps and app data are shared between users. AFAICT there's one Steam install my kids are sharing, but each one installs their own copy of a game, which is terrible for disk usage.
- a bunch of games don't work, especially from non-steam sources like Epic and Itch.io. I've heard about the Heroic Launcher, and I will try it at some point, but it's just... one more fiddly thing to have to mess with.
- several Minecraft launchers / mod-managers have been tried, but I can't seem to keep my Microsoft account logged in on there, so I eventually just put my password on a sticky note so they could re-auth it whenever needed (fortunately I don't use it for anything else).
- unattended-upgrades pulled a new kernel and the thing just panicked on startup until I went into the grub menu to get the previous one and reverted.
- until 25.04 the power management story was terrible, the machine would chew through the whole (newly replaced) battery in less than an hour.
As a competent nerd I've been ~fine with all this, but it's honestly right on the edge of acceptable. I expect a normal person would immediately give up in the face of most of these— either give up in terms of ditching the machine/OS or give up as in accepting a limitation like it just doesn't play that game or I just can't use my earbuds.
The minecraft thing is a problem regardless of launcher, to the point that I actively condone people pay for the game then find ways to not require online auth.
Some moron at Microsoft decided that if your password is serving its purpose and people aren't able to get in but that there are a bunch of attempts that you should need to reset your password. Because of this, I have to reset my password. Every. Time. I. Want. To. Play.
But that means multiple 2FA codes to both my non-mirosoft account email and to my phone. All in all, it usually takes about 7 or 8 minutes each time I want to play, which is an ABSURD amount of friction for an account I don't want to be using to play the game anyway, given when I bought it it was a Mojang account without all the associated, creepy TOS changes.
Don't be afraid to look around for ways to play without a legitimate account if you've paid. If that's the better experience, it is what it is.
>- several Minecraft launchers / mod-managers have been tried, but I can't seem to keep my Microsoft account logged in on there, so I eventually just put my password on a sticky note so they could re-auth it whenever needed (fortunately I don't use it for anything else).
https://prismlauncher.org/
I used to work on a T440s on Debian from 2013 - 2017. I am surprised that your battery life is so poor on Ubuntu. I was able to frequently push my 9-cell battery laptop to 12 hours with careful usage.
If I forgot my charging cable at home, I could do a full day at the office with music and internet on battery.
Might be the nature of the task, game playing vs text editing, or there was something wrong with a driver or background process.
Or another factor is that I think often the "new" batteries for old devices are in fact themselves old and have just been sitting around on shelves for years. Obviously that doesn't wear them as hard as actual cycling, but it's not nothing, particularly if they're allowed to discharge down to empty.
This is a perspective I'd like to hear more often. Too often I hear all these supposed ideal solutions without mentioning the pitfalls of having to support a non-technical family.
Pi hole is a good example. Do all websites (and other services) still work perfectly but without ads, or am I going to have to endure sighing and eyerolling everytime someone asks me why their site isn't loading (again)?
The main annoying thing about piHole with a non-technical family has been that it blocks google shopping.
You know, when you search for a thing you want to buy and google shopping shows a list of common stores on top of the search results like a bunch of little cards? Yep. Clicking one there causes a failure because that link is a google ad link. Same thing if you tab into "Shopping". All links are broken.
Otherwise, it's been 4 years and no other complaints at all.
IME the tradeoffs (reduction of ads + malware) are well worth the very occasional exception that needs to be made.
GP here and yes I've experienced that too— I run a pihole-style blocklist on my OpenWRT router and never got a good workflow together for adding exemptions to it.
On a phone it's not a huge deal as you can just momentarily switch to data, click through, and then switch back. But it's more annoying on a computer where you have to figure out where that link was going to go and then get there by an organic path.
Overall absolutely worth the slight pain though.
I have been using thinkpads since forever and bluetooth and wifi both work (at the same time, yes). It seems more likely to be a broken machine. Which can happen.
I had a faulty keyboard on a thinkpad that was causing a lot of seemingly unrelated problems, like freezes or suspend not working. Replacing the keyboard resolved everything.
Try to switch them to luanti!
It was kind of a subtle failure, tbh— like when bluetooth was active (game controller, headphones) then the wifi would suddenly have huge packet loss resulting in a bunch of retransmissions. So it would kind of still work but be really annoying to use. That said, I haven't fully re-tried it since updating to 25.04, so maybe the story is better on the newer kernel.
The keyboard has already been replaced once, though at the time I just bought whatever was cheapest on eBay, assuming they were all the same, and I think I did get a bit burned with a crappy knockoff— the keys are weirdly clicky and several feel like they're about to pop off at any moment; I have the LiteOn keyboard standing by which I'd like to try out, as that's the one that comes recommended most often online.
I assure you it works fine. I own bluetooth keyboards, speakers… and connect via wifi. It's not a general linux or thinkpad issue.
You plugged a chinese knockoff… there, found your problem.
Unfortunately most hardware is not done in a way to work properly when there's a bad device connected to the same BUS.
The bluetooth problem predated the installation of the replacement keyboard.
Anyway, I'm not going to fight for this, I'm just saying my "Linux desktop for non-technical users" experience in 2023-2025 timeframe was such that I don't know that I would do it again, and certainly would be extremely hesitant to recommend it to a household where no one is standing by with the willingness and aptitude required to tackle a boot-to-grub situation.
You've ever tried installing windows 10?
Linux is great for technical people, or at least technically-inclined and patient people, who can overcome the inevitable technical obstacle that most of us don't even think about. It's also great for people whose needs are so basic-- email client and web browser basic-- that once they're set up with a default everything, they have no interest in doing anything that might present a technical obstacle.
Neither of those user groups are the problem. The problem is the majority of computer users that have real practical skill born from computer use at school, work, while gaming, doing art, etc. They want to do enough with their computer to run up against technical obstacles, but
a) don't have the significant amount of prerequisite knowledge we take for granted to generalize what they know to other operating systems
b) don't have the subject matter interest to inspire them to get that knowledge
and those two things mean
c) view any extra steps required to do something on Linux (e.g. use wine to run software they've been using for a decade) as a needless hassle that prevents them from doing what they really want to do, rather than a satisfying problem to solve because configuring the computer is part of the fun.
So if they hadn't already given up on Linux, they might ask one of the bazillion "Hey I'm a bit of a noob here, but..." questions on reddit or whatnot only to receive a barrage of conceited responses by zealots who make it very clear how put-out they are by their question-- which they didn't have to read, let alone answer-- and how rude it was for them to not read entry 427 on the FAQ which leads to a page of resources that might have addressed part of their problem. If nothing else has already discouraged them from continuing, that sure will.
Unless someone with those users' needs at the forefront of their design practice Bluesky's Linux (some like pop os are making a solid effort), it will never ever work as a general-purpose desktop OS.
Please give Linux a try. Don't let the perception deceive you. Perceptions are slow to change and a lot has changed in that time.
They will solve those problems the exact same way they solve them on Windows: Google, StackOverflow, forums, GPTs, or whatever. There's even an advantage in Linux as there's a large number of highly technical users already doing exactly the same thing and will share knowledge. Wine for what? Word? I think most people will use the browser.If you mean games, I think Steam has got most of that covered. Proton hides in the background for most people.
But these users also happily will install engines for game modding and other things. Give what I see these people doing, Wine seems like child's play.
I agree! That sucks! I do try to fight this and there has been serious strides in this direction over the last decade. In fact, I'd argue that the suggested distros were part of this response. The attitude you see on EndeavourOS, PopOS, or Ubuntu forums are very different. Hell, even the Arch forums are getting better! Sometimes they provide links to the "dupe". They're almost to the state of StackOverflow! But I mean... let's not expect that to be ever fully resolved. We lost the war for the Noob Guide (I fought for that and was a contributor!), but at least we got Manjaro and Endeavour in return ;)I really do mean it, things have changed a lot in the last 10 years. I'm sorry for those experiences. I hated them when they happened to me and I step in when I see them happening. It's the only way we can make change. But what you describe does not seem to be the state of things I see today, but it does describe the state of things I saw (and experienced) in the past.
> Please give Linux a try. Don't let the perception deceive you. Perceptions are slow to change and a lot has changed in that time.
I've been using Linux for nearly 30 years-- professionally and as a desktop OS-- and am also a UI designer. I've even used everything from AIX to Solaris and even HP-UX on an old phone switch. What I'm saying is coming from the usability designer focus on the experience of new users and the problems they have.
>They will solve those problems the exact same way they solve them on Windows: Google, StackOverflow, forums, GPTs, or whatever. There's even an advantage in Linux as there's a large number of highly technical users already doing exactly the same thing and will share knowledge.
The difference is they don't generally have those problems on Windows or MacOS. How many windows users encounter serious problems... say... updating their video card drivers.
> Wine for what? Word? I think most people will use the browser.
Trivializing the needs of non-technical end users while also trivializing the difficulty of adopting new tech paradigms is really at the root of the problem in FOSS usability, in general. Lots of people use adobe products, video editing software, games, random utilities for hardware peripherals, CAD software, industry-specific or worplace-specific programs... there are lots of things that users who sit between software developers and users that would be fine with a chromebook.
> d argue that the suggested distros were part of this response. The attitude you see on EndeavourOS, PopOS, or Ubuntu forums are very different.
For users that don't want to 'use a computer,' but want the computer to solve whatever problem they're having in the way they're used to solving it, that's already a nonstarter. I'd wager that no more than 10% of computer users have seriously researched a technical problem trying to troubleshoot it. I'd wager about 20% of that already small crowd has consulted formal software documentation. It's just not a natural process for most computer users. It would be great if people were more interested enough in how computers work, even superficially, but many are not. It's just the way it is. People don't need encouragement to try linux-- they need a fundamental shift if the way they approach computer usage-- as a complex tool rather than a flexible appliance. There's a gulf of requirements that aren't being met to bridge that gap for all but the lowest-level users.
> one of the bazillion "Hey I'm a bit of a noob here, but..." questions on reddit or whatnot only to receive a barrage of conceited responses by zealots who make it very clear how put-out they are by their question-- which they didn't have to read, let alone answer-- and how rude it was for them to not read entry 427 on the FAQ which leads to a page of resources that might have addressed part of their problem.
Today's Linux support forums are nothing like this. You only get an angry response when you start out by whining about how Linux "can't" (doesn't, with your current understanding) do what you want, or doesn't behave exactly like what you're familiar with. You might get asked to pay attention to the forum rules and guidelines banner that tells you to use some inxi invocation or whatever to get your system info - and that will link to a fully detailed guide on how to do it, as well as how to format your post properly.
If anything, the Mint forums for example are too eager to assume you're a noob, and will suggest awkward foolproof approaches to everything that don't respect what you're trying to accomplish if it's a bit advanced.
Okay, the Arch forums will respond to you with just a link to the Wiki if you're asking something that's well covered in the wiki. That's supposed to be a hint to read one specific wiki page (and they told you which one); they won't waste breath on "how put-out they are by your question" because a) they aren't, and b) typing more words is the thing that would make them put out. The point is that if you can't make sense of the wiki, then you should ask something more specific. And if you don't know what a word means, you should look it up.
And if we're talking about "users that have real practical skill born from computer use at school, work, while gaming, doing art, etc." then they should be capable of those things.
Back when I was developing said "real practical skill", being assessed as having that "real practical skill" entailed understanding that far fewer people seem to have nowadays. I don't just mean things like poring through manpages or reasoning about command pipelines. Nowadays it seems that people can be perceived as computer literate without things like having a working mental model of a "file" or a "path".
The conceited response problem is solved by the infinitely patient ChatGPT.
That works if your problem doesn't involve troubleshooting an emergent problem involving a bug or hardware incompatibility.
My household of 5 has been running exclusively Linux desktops for the past several years. Coming from Windows, I installed KDE distros and nobody has had any trouble with it.
They average user needs to be able to turn on the machine and have it boot, log in, use a web browser, connect Bluetooth devices, and print stuff. Linux desktops are more than capable of that sort of thing with zero additional training.
This weekend, I actually booted an old Windows XP machine that I've had sitting in a closet, and was astonished at just how...clunky Windows XP felt to me. It's not that it was hard, but it really helped highlight to me just how actually-usable Linux desktops have become.
> use Raspberry Pis as their primary computers
It honestly wouldn't have occurred to me that this is feasible - my mental model of a "Raspberry Pi" is basically what the first-gen models were. But apparently it's been a while now, and their newest models use an ARM Cortex-A76 CPU, which is actually pretty respectable - only a bit behind my 2014 desktop, from the numbers I can find. Absolutely capable of running a web browser on modern Linux.
The Raspberry Pi 500 series with the CPU built into the keyboard are very capable little computers and extremely easy to setup, maintain, and re-image. I could literally mail them a new microSD card to plug in if they needed a new system but it's never been a problem. They use the default Raspbian image or whatever it's called these days, Raspberry Pi OS. It's perfectly suited for their needs and is rock solid.
Which models have you given them? Linux has been my computing best friend for more than a decade and I have also enjoyed using the Raspberry Pi 400.
But the Raspberry Pi 500 (keyboard model) is even better and (literally and figuratively) a cool design. You get 8GB RAM, boot from NVME, Debian with Wayland (labwc), and the R.Pi community.
They both use Raspberry Pi 500s. Seriously the support requests are zero. They both know that if anything weird happens, they can just pull the USB cable out of the back and plug it back in and everything will go back to normal. They seriously mostly use web browsers and my grandmother absolutely loves her gigantic monitor.
+1 for setting up parents with Linux. In my case, a Chromebook I hacked to run Mint. Like fucking hell I'm going to let senior parents navigate the virus known as Windows 11, complete with forced updates and reboots, disappearing customizations, and the constant and unrelenting spyware?! No thanks.
Give starving person a rotten potato and they will gladly eat it. It doesn't make the rotten potato a good source of nutrition.
You sort of answered your own question. If the alternative to a rotten potato is starving to death then the potato is plenty of nutrition.
I'd like this to be true, but Windows has been getting incrementally more user-hostile for a long time now. I'm not sure this change is going to mark any particular tipping point.
I think it can be true, but we have to make it happen. One of the biggest problems I see is that we complain about things like Linux in these comparative settings, as if we don't have to make a choice. It's like saying you don't want to eat a cookie because the chef sneezed in it and instead giving you a cookie the chef took a shit in. Sure, I'd rather have neither, but if I have to eat a cookie I know which one I'd choose.
Who is "we"?
You
Me
*gestures broadly at everyone*
I just want to vent here about the recent experience I had buying and installing MS Office 365 for my wife’s small business. I had assumed since the competition is effortless and free, MS would at least make Office for Desktop relatively easy to pay for. Instead I got suckered into paying for “Basic”, which doesn’t support desktop apps. The “supports desktop apps” version costs more, but the big problem is it’s not explained within the apps what you need to upgrade to (there are many plans.) Then once you finally figure out how to upgrade, the subscription and payment sites repeatedly error out. Once you force through an immediate upgrade, it turns out that it’s not immediate and takes an hour to go through.
This is mostly just venting, but if the “please take my money” pathways of MS’s most popular product work this badly, I don’t even want to think about ever going back to Windows.
What many have yet to notice is that Microsoft now makes more money from Cloud than they do from Windows, so the purpose of Windows is now as the funnel for Microsoft's cloud services. It's like using an operating system made by GoDaddy.
Average computer users could probably switch... but it would require one of two things:
Some way to make it ridiculously low friction for existing hardware owners to get into Linux. Like, less friction than downloading an ISO, mounting it, and installing it on your computer.
Or make computers come with it when people buy them. (This is still vanishingly rare.)
**
As a power user... I still have a few issues, some that might be common, and some that might be quite rare/unique to me. For example, post-concussion I really can't stand low refresh rates, and screen brightness is important to me. During my last 2-month Linux experiment, I had issues with controlling those things which was a mix of hardware, drivers, Linux kernel, GPU modes, etc. These sort of issues seem to be less and less common in Linux, and I'm optimistic, but I also am hesitant to sacrifice my own health to make a switch away from Windows. (Mental health aside.)
And some games still don't work right, at least not on launch. Which can make me sad as someone who plays games socially.
As a photographer, I bought and use DxO PhotoLab. I've compared alternatives, and I like it much better. It doesn't mean I couldn't use darktable but I definitely don't like it anywhere near as much. (And no, DxO does not support Linux.)
System 76 makes a great product in this space honestly. I always recommend them to people who are interested in trying linux. They ship with linux pre-installed, its exactly like buying a dell with windows.
https://system76.com/
I am not affliated with them, I am a customer and I like their products.
This. I bought a System76 laptop in 2011 which is still working very well with lubuntu for office and browser and such, it's now the laptop of my neighbourhood association. I could without problem upgrade RAM and drive to SSD, I could even swap the keyboard after I broke it.
I bought a new one from them this year, still incredible hardware.
My only issue with them, which is a big one, is that they ship only from USA. So as EU customer I have to pay VAT on top!
I concur. I own a System 76 laptop, and it runs PopOS. It's been stable for years (taking the regular updates). They make a variety of hardware products ranging from portable/lightweight laptop to beefy engineering workstation.
(also not affiliated with them, just want to support good products/company)
People say more Linux availability would make it mainstream. However, Chromebooks are one of the most available laptops. The software is 100% compatible with hardware, and in many cases, the Play Store is included to address the lack of software. That is more than enough for casual computing and office work—two massive segments of the PC user market. And people still don't like them. ChromeOS's market share is similar to that of all the other Linux distributions.
I think the Windows and MacOS brands have become lifestyle choices. Windows is the "gamer" and "corporate" choice. MacOS is the "student" and "luxury" choice. Linux is the "hacker" choice (they use Arch, by the way). Like iOS vs Android, Xbox vs PlayStation, Toyota vs BMW, and all other brand tribalisms, it seems like most people are emotionally drawn to one or another.
> The software is 100% compatible with hardware, and in many cases, the Play Store is included to address the lack of software
The problem is that the Play store and Linux environments on ChromeOS are both run in VMs.
On a machine with good specs, this is perfectly fine. But when cheaper ChromeOS devices ship with 4GB of RAM, older mediatek APUs, and emmc instead of SSDs, it's just an outright bad experience.
If Google starts pushing Android Desktop as a replacement for ChromeOS, I think that could be interesting. Being able to run the Play store without the overhead of a VM will make Android potentially a much better experience than ChromeOS.
> On a machine with good specs, this is perfectly fine.
I think the VMs are fine on the type of machines most people would buy for Windows/macOS. Chromebooks go exceptionally low-spec on the low-end to the point that I'd say their lowest-spec machines probably aren't direct competition for Windows laptops, wouldn't you agree?
I agree making ISOs is too cumbersome now. But I think the install is 90% there. Realistically hiding options under an advanced menu would make it no different than when you first get a windows or Mac.
Fwiw, you can get it preinstalled on System 76, makers of Pop. I'm a bit surprised Framework doesn't do it. But this seems easy to expand
Maybe I or someone else can help out. What's your distro, GPU, Linux kernel, and driver? Sometimes that interplay can create weird mismatches but I have rarely experienced them in the last 5 years (but extremely common prior to that!). Pop and EndeavourOS specifically target NVIDIA GPUs and can be the easiest "fix". Pop being more Ubuntu like and EndeavourOS being more Archy. Being power user I'd suggest the latter as it has a lot less bloat. Fwiw I daily drive EndeavourOS with a 4080S (previously 3080Ti) without too many problems. Only getting HDR at 60fps when trying to use my TV as a display. Other then that two issues where a kernel driver mismatch happened, solved by a rollback and avoidable by using stable releases.I'm not much of a gamer but will play some AAA and a handful of indie games. Occasional issues like Steam not loading the GUI (right click menu bar and directly open library fixes), and occasionally sync issues because VPN, or minor like needing to launch a game twice. But FWIW, past 3 years I've never needed to touch proton. I'm really hoping SteamOS gets a broader release soon. I'm not sure if I can help much here but I do know graphics cards which might help?
I'll definitely agree UI/UX in many apps needs major improvements. I've seen a trend in the right direction though. Alongside the same improvements in OS. We need people to realize that your backend doesn't matter if people can't use it. Design is hard. The magic is the interaction between awesome backend and awesome design. I think this philosophy is growing. Hopefully. Momentum appears to be building
Appreciate it but this was like 18 months ago, on a Lenovo Legion 5 which I've since sold to my niece. Main issue was brightness - basically having to reboot Linux twice to get it to work. Once to switch GPU mode and once to select a kernel because it would often fail to boot for some reason until I went through that. I don't remember the details too well - I documented some here: https://retorch.com/blog/linux-mint.htm
Linux Mint w/ KDE for most of the two month period.
Nowadays like 95% of my gaming is Digital Board Games on Steam which I'm mostly quite sure would run fine on Linux. Anno 1800 was one of the rare instances of LAN multiplayer which is rare in games these days and poorly supported.
When I'm really active sometimes as a group we'll start a new Survival game together, and it's nice when you can be involved. Games like Valheim run awesome on Linux, and I had no issues with Conan, ARK, etc. Occasionally a game isn't supported and that's when it's a bummer.
Still, sorry to hear the experience. I'd have been frustrated too.
For the brightness, hard to say what's wrong without more details. But I hope someone pointed you towards xrandr, which would allow you to manually set the brightness and help determine if it was just a bad setting (edit to /sys/). But could be a kernel issue too. Which sounds a lot scarier than it actually is.
I'll admit, fractional scaling sucks every time I've used it. There are some settings that can help, like letting applications control their setting instead of system. But I don't have enough experience with this, but can confirm it can be frustrating. (xrandr can help here too btw)
The booting is super weird. But that's also something I would have definitely been able to help with. It can seem like black magic at first but it eventually makes sense. Just most people don't bother learning because it usually isn't an issue (my friend and I had a dumb competition to get the fastest boot... We each got under 3s cold and under 2s warm. It was silly, but learned a lot)
Re Steam: I haven't had to do this in a while, but sometimes changing the proton version can make a world of difference. I haven't tried those games though so I can't speak from direct experience.
I will say, I'm not a fan of Mint. I do think Pop and Endeavour are better entry ways. So if you ever try it again, I'd recommend one of those. I'll also say that laptops tend to be a bit more finicky than desktops, especially around display issues. Things are worlds better than they used to be but it is definitely an uphill battle. Lots of variance and not enough resources dedicated to tackling the problems. Hopefully the continued momentum makes this completely a thing of the past. (Battery issues are also a common issue with laptops. In particular putting mobile GPUs into their hibernate state. NVIDIA hasn't been the kindest here...)
As a "not linux expert" I think distribution selection is... a pain point.
It's a bit like the Fediverse. I'm quite happy now, on Hachyderm.io, but it took some trial and error, and the median social media user is ill prepared to go out, select a Fediverse home, and begin piecing things together.
But back to Linux. It's hard to know which distribution, and why you'd select it, when you don't know about Linux. Coming from Windows, it was "Home" or "Pro" (once upon a time). Linux is... though you might not know it, Debian or Fedora, and then a dozen or two varieties off those branches, and then the Window Manager, and then the desktop.
I know nothing about Endeavour, but I've heard of Pop, and I thought it was a thin layer on top of Ubuntu? Not sure why Mint is so different? It's Ubuntu-based too? This adventure actually started with Nobara, which is "marketed" if there is such a thing, as being good for gaming. But I actually had no good experiences with it at all. And did some research and Mint seemed very friendly (and largely was!) But I didn't like Cinnamon much. Anyway, my point is... distribution can have a huge impact on overall experience, but it's very hard to decide on distribution without knowing a lot more about Linux. That pre-education is much more investment than most Windows users would want to make.
EDIT: Oof, I found EndeavorOS on Kagi and... the home page loads, and it says "Mercury Neo with Linux 6.13.7 and Arch mirror ranking bug fix"
I know a few of those words. What am I looking at? I think Linux needs a marketing team!
Yeah distros can be confusing. For the most part it isn't too big of a deal and the main difference is the package manager. apt and dpkg for distros based on Debian (includes Ubuntu), dnf for RedHat (Fedora, CentOS, etc), and pacman for Arch. There's more but you'd run into these the most. I'll be honest, it mostly doesn't matter and it is nerdy quibbling. That said, I still think PopOS is probably the best to start out on because it has some focus around making NVIDIA drivers work. They also build their own laptops (System76) so have some extra experience there. Endeavour is good, but it is Arch based so "rolling-release", meaning you're essentially always using beta software. Mostly not a problem but can lead to some additional instability. I wouldn't expect any real issues, but should be clear.
Yeah... that is weird to put at the top. It's a link to a new blog post. Mercury is their codename, the 6.13.7 is the Linux kernel, Arch mirror being where packages are hosted, and just prioritizing bug fixes. You can read the article if you want. Better would be looking at their about[0] or scroll down further on the front page past the mirrors. IDK why they don't put these things at the top. Definitely a mistake. Pop definitely does this better[1][0] https://endeavouros.com/about-us/
[1] https://system76.com/pop/
The year of Linux already happened quite a while ago (check your router, Android phone, TV, or countless other smart devices).
The year of desktop Linux on the other hand? It will never happen. It is a value like ∞ that you can never reach.
Linux marketshare is steadily increasing, especially among English speakers. It's complicated by how you want to count the Steam Deck, but the steam hardware survey has a clear upward trend: https://www.gamingonlinux.com/steam-tracker/
We could get to 30% in just 60 years!
> Put on a good skin and most people wouldn't notice the difference.
I doubt it. Common people can't interpret GUI and discover features unlike developers who'd prefer dynamic "intuitive" interfaces. They rely more on dumb fixed rote memorization.
Most recent example of failure of this approach is Windows Settings app. Not only a lot of configuration panes started to mimic old Control Panel in both features layouts, even verbiages, many had become a mere shortcut links to old Control Panel applets.
To be fair, I can't figure out how to use OSX. I'm constantly going down the wrong menu paths. Same when someone asks me to use Windows, and in a completely different manner.
My point is that it's not like there's an objectively good way to do this. That people just get used to doing things one way or another. And frankly, with Linux you can copy those same structures and that's what I mean by "skin". You really can make it feel a lot like Windows or OSX and that really reduces the dissonance.
So it's not from skin and down, but from metal up to the skin, or the kernel and userland. It'll have to be ReactOS approach that don't necessarily have the exact Windows 11 theme.
I love linux. It's been my primary OS nearly my whole life. It's not the year of linux.
Average people nowadays don't really use general-purpose computers at home. They use whatever their work provides at the office (which will continue to be Windows for most people and macOS for prestigious or highly-paid jobs), and use phones at home.
> Would be a huge win for open source!
Just keep in mind that widespread Linux adoption means it will lose something special it has had from being relatively small on the desktop. This would be another Eternal September ... including a massive influx of entitled users and all that.
Because of that effect, I think there needs to be one or more for-profit Linux OS vendors prepared to absorb all the support and feedback needs (and contribute upstream, of course), and OEMs should only use it/them for anyone besides "advanced users and developers" or similar verbage.
SteamOS maybe?
I've never understood why Red Hat never tried breaking into this space. People clearly don't mind paying for an OS and RHEL is pretty much as polished and well supported as you can get. A fork of RHEL geared towards home use would be fantastic. I know Fedora exists but it isn't backed by RH the way RHEL is.
Just like other companies, home users do not make much money compared to enterprises. No home user will pay $10,000 annually for example and think nothing of it.
Enterprises is where the money is, that is also why a company like Cisco do not make consumer devices
There is money to be made on consumer level OS.
The reason people buy RHEL is because you can get support for any problems. Consumers are not gonna get that so they might as well just run CentOS Stream for example.
Getting people to pay for an OS when the mainstream alternatives come bundled with hardware seems like a big lift.
If they could work with system 76 or something maybe yeah
they were. before RHEL, red hat linux was sold as desktop operating system to consumers. as was SUSE and a few others.
Jokes aside, I'm not too worried considering the plethora of distros. There's always been a range of them that target different subgroups. Which I think is where a lot of the magic comes from. Realistically, the kernel is about making an environment that everyone can build on top of. You can't make a product that meets the needs or desires of everyone, but you can certainly build environments which can be transformed to meet any needs. (Actually, I think that's the magic of programming and something we kinda lost sight of. Too focused on making "products" instead of environments)
Apple is expensive? I can get an refurb M1 for $400, which is still worthy (I use it for my main dev work, docker, cmake, qemu, nodejs and all)
Still blows the doors off a good many x86 machines you can buy new today, with twice the battery life.
A couple years ago was "the year of" open source OSes for me. I only have one remaining machine running Windows, and it just sits there doing nothing because I don't actually use it anymore. Same with my one remaining Apple machine. Well, I mean I have a couple retro machines that aren't in everyday use of course. Everything else is running Linux or BSD.
I feel like we are getting closer to the year of convergence... but with Android. Google is apparently working on it.
Many of my friends don't even have a computer: they do everything on their phone. If they could plug their phone to a dock station for the few times they need a keyboard and a bigger screen, they would be fine.
>If they could plug their phone to a dock station for the few times they need a keyboard and a bigger screen, they would be fine.
Samsung DeX does this, and I think similar solutions or workarounds are available for other manufacturers via USB-DP Alt Mode and BT for input devices.
I don't know anyone who uses it, though, and can't vouch for practicality.
It was definitely a thing for awhile. IIRC Mozilla made a phone OS that could do this and I think Ubuntu too. I think those projects gave up too quickly. Sometimes things take time and idk why in CS we have to always be in a rush. If Goodyear, who's made tires for 100 years, can take 8 years to make a tire, I think we can take that time to make a new novel OS that has a phone mode and desktop mode. Certainly such a thing is going to take time for people to even wrap their heads around
I think it needs to become "standard" on Android. Then developers will write apps for it, and I could imagine hotels offering "docking stations" (e.g. the TV with a keyboard/mouse).
If it's only the Samsung thing, probably developers don't care? Also it feels like Google may make Workspace work on wide Android screens (for their XR stuff).
>Windows has turned itself into spyware. Apple is too expensive and going the same way.
There is nothing too expensive about an M series mac mini.
They're great little computers but you're kidding if you think $400 to upgrade to 1Tb (from 256G) is not priced. I can get 2Tb of gen 5 NVMe for under $300. Same issue with RAM, but at least at 16Gb most people don't need to upgrade.
Come on. You can still think they're great while admitting they're over priced. Those aren't in contention.
your typical casual user needs 2TB of local storage (outside the cloud)? that’s news to me.
I agree it’s overpriced, and it bugs me too. But i still recommend mac’s to my less tech savvy family and friends. Why? I’m not interested in being their tech support, and also, it’s trivial to buy a portable 2TB thunderbolt 4 SSD for $200-$300, if the need arises in the future. In fact an external SSD is even easier to replace/upgrade than an internal ssd (generally speaking). i think we’re losing sight of the topic here. CASUAL USERS :)
I don't believe 256GB is sufficient for the typical casual user. Apple knows it too. But $200 to upgrade FROM 256GB TO 512GB is, as you asked "too expensive".
It is "too expensive" BECAUSE comparable off-the-shelf hardware is significantly less AND has better performance. We're also talking about a level of performance most people will not notice the difference between.
I cannot find a 512GB NVMe drive that is PCIe 5.0, but here is a 1Tb one that costs $170[0]. They key point here being that you get twice the storage for 85% the price OF UPGRADING. That drive suggests it gets 14.7GBps reads and 13.3GBps writes while this Reddit user shows their Mac Mini M4 gets UNDER 3GBps for both read and write[1]. It definitely would go higher with the 512 variant because those disks are suffering from the same issue that the M2 Air suffered from... but that doesn't change the price that you pay more for less. You pay more for SIGNIFICANTLY less.
It wasn't me... The question wasn't what you'd recommend to your less tech savvy friends and family, the question was if something was over priced.P.S. iPhones won't capitalize a singular "i", as would be the proper grammatical usage.
P.S.S. External drives aren't just annoying, they're slower too.
[0] https://www.newegg.com/samsung-1tb-9100-pro-nvme-2-0/p/N82E1...
[1] https://www.reddit.com/r/macmini/comments/1gmxrzc/base_m4_ma...
> I wonder if 2025 will be the year of Linux.
I know it's a running joke, but we had a decade (+) of Linux in many other consumer use cases, such as smartphones. The problem is that if you're selling a consumer computing platform, you're subject to the same exact incentives as Microsoft. You want to be Microsoft! You want their revenue, their profit margins, their nice offices, their talented engineers.
Android is Linux, but your typical Android phone ships with invasive AI features, has a locked bootloader, a variety of components that collect data about you... and unless you jump through hoops, it only lets you install apps from the company store.
I just use Windows in a seamless VM with Office 2013.
It's fun, every time somebody sends me an exploit or dropper I am eager to click on the attachments to find out how it works. And after seeing what it does I just reset the filesystem snapshots back to the lsst step.
And for newbies to Linux I'd heavily recommend trying out KDE as a desktop environment. They're are really nicely integrated, even phone sync and other shenanigans work out of the box.
The time of Linux on the desktop is now, but the era of desktops itself has passed.
This is the crucial point that makes the whole question somewhat moot. Only one other of the 20-odd peers in this thread acknowledges it. Once again I'm disappointed by how out of touch the techies here seem to be.
Has anyone had success setting up a Linux machine and handing it off to a less tech savvy friend? I've had some people asking about it but I have techie brain and I don't know what's usable to normal people.
Depends on how the user uses their computer.
Web browser + maybe some printing? Throw on Linux Mint + Firefox + uBlock origin, hook up a compatible printer via usb cable, and call it a day.
That's what I did for my 65 year old relatives, and it's been maintenance free.
One data point: I installed Fedora on my moms machine. She hasn't even mentioned it. She just clicks the Chrome icon.
Debian with Xfce has been flawless for my non-tech-savy relatives for years.
just saying, the comment you just wrote could have appeared, word for word, on any HN discussion in the last 20 years. The only words that would have to change are "PopOS" / "Arch" / "Manjaro" for more timely distros. (and Chrome didn't exist until ~2009)
I really don't think so. We didn't have GUI installers 20 years ago. I think you're undermining the advances linux has made. I think it is harder for us on the techy side to see but having been getting people to switch to linux over the last 10 years I can say that the last 5 have been significantly easier.
We did have GUI installers in 2005. At least SUSE did. Linux hasn't made much significant changes to its core architecture. There are better implementations for many things like Pulseaudio and Pipewire or Wayland compositors are a bit more streamlined than X11.
The core issues existed in 2005 still exist in exact form: how do you make money for the software devs on Linux, how to bring good closed-source software support for decades. If Linux cannot solve those two problems, it will not replace Windows. I think, without changing the software architecture to look more Windows-like, the latter problem cannot be feasibly solved.
There were GUI installers for a few distros 19 years ago. I remember using a graphical installer for Ubuntu 6.06.
But even then back in the day I remember Windows applications that would partition and install a Linux distro for dual boot from within Windows.
This has been indeed more or less true for a long time, if you speak of preinstalled GNU/Linux, not using a "Windows-certified" hardware.
> or if you want to say you use Arch then try Manjaro
EndeavourOS preferred over Manjaro.
You're right. Not sure why I didn't say that. I updated:)
EndeavourOS with the niri window manager is a wonderful experience
Has anyone else managed to make a trackpad that is even close to as good as what apple makes? I've never tried a non-apple trackpad that didn't suck.
> Would be a huge win for open source!
Not sure.
I don't want people who want Windows to come to Linux because Windows has become a spyware. The result will be a bunch of entitled users asking for Linux to look more like Windows.
Anyone who has maintained an open source project knows how consumers of open source suck. "Your free project that you develop in your free time sucks" or "I won't make you the honour to use your project if you don't spend 2 weeks adding this feature I want". A mass influx of Windows people who want Windows-without-the-spyware would probably make this worse for Linux.
getting windows users to linux is a pain....
"I want BSplayer, how do I make it work?", and no other player will ever be good enough as BSplayer. And sometimes it's not even a good piece of software, but some stupid windows only thing that not even windows users use anymore.
I have plenty of hard disagreements on the "user experience improvements" in Linux. "Adding a skin" is not easy and making the experience somewhat coherent is extremely hard (GNOME is sort of successful at an extreme cost and plenty of limitations, KDE is still an incoherent mess with plenty of bad defaults starting from the base CDDM skin). It's full of things like the missing icon view in the GNOME/GTK file chooser [1] and while it's true that Windows11 is atrocious, all those little things add up.
I actually recovered a laptop my family was using to launch firefox by installing linux on it (soldered ram went bad, linux is the only OS I could use to tell it to skip the bad blocks through kernel command line) but I hold no illusion about its level of "user experience". Just look at the comments in this recent thread [2]. And as a power user I am baffled by some of the choices at the kernel level (which I mentioned in that thread) and others closer to the user by distros (ubuntu and snaps, name an iconic duo), or things like flatpak not being close to ready and still shoved down user's throats...
I spent years when I was younger submitting bug reports for the papercuts I noticed - some ignored for years, some closed and forgotten forever when some project decided to move on from bugzilla - and I have no more time or energy to continue doing so. The maintainers after all write the code, I'm just a user and get no voice :)
I've been reading about the "year of linux" for years now, it's a meme for a reason. People that are not "prosumer" will keep using the preinstalled OS even if it's garbage - assuming they buy a laptop or desktop at all - and the prosumer will probably keep an OSX or a Windows machine close by anyway. Linux is usable as a browser kiosk sure but there is still plenty of friction on everything else. Enshittification will continue, and possibly infect also linux.
[1] https://www.omglinux.com/gnome-thumbnails-file-picker/
[2] https://news.ycombinator.com/item?id=43945373
Quick Google
IDK how to tell you this, but for 90% of people this is "throw the machine out, buy a new one." I'm really not sure what the critique is here. Even if running with more problems seems unsurprising given what you described. And you're talking about the kernel.I don't deny that there are problems with Linux, nor that things need to improve to get better mass appeal. But I do think you should look at your own words. They're highly technical. And we should not forget how this would compare when discussing Windows or OSX. That's the choice! It's that these conversations of "Linux sucks" are not just complaints about Linux, they are also suggestions of using Windows or OSX. The context of our conversation is about choosing between these systems, not the existence of problems.
I want to be very clear
The argument I'm making is that this doesn't matter for the general user. Fuck, it generally doesn't matter for the technical user. But there is a good reason why technical/power users have a strong bias towards using Linux. Because at least it is a dumpster fire they can fix. It is absurd to have the framing that we should not encourage people to use Linux in favor of them using systems that are user hostile and destroying all sense of personal privacy!These arguments become equivalent to: "You don't want to eat that, the chef sneezed in it. Here, eat this cake instead. The chef only took a shit in it."
Idk about you, but give the choice, I'd rather take the sneeze than the shit. I'd (strongly) prefer neither, but frankly that isn't an option now, is it?
And let's be honest, if you want to get more resources to put out more fires, the only way that's going to happen is if there are more users.
It will never be the year of Linux. That statement doesn't even mean anything. Businesses desktops run on Windows. Linux wont replace the ease in which MS allows you to manage thousands of people in the near future. There will be billions of Windows computers for the forseeable future because they can be managed easily by sysadmins with AD/M365.
Out of curiosity, have you had any experience managing 100s or 1000s of users/workstations?
I have read almost the same thing 5yrs ago. And 5yrs before that. And so on.
Same about AI
Could have happened 5 years ago. Could have happened 5 years before that. But it won't ever happen if the techy people that have the capabilities of making it happen are too busy self-righteously laughing about how it hasn't happened yet. Luckily that doesn't stop progress, but it sure doesn't let it get to the speed it could.
Meanwhile, I hope you're happy with the state of things. You have every right to point and laugh if you are happy with the direction Microsoft, Apple, and Google have led us. But if you aren't, it isn't too late to make efforts to change those directions.
If we're going to reference the past, let's not hyper-fixate on every failed "call to arms" while ignoring how future they were trying to fight actually happened...
I remember posting basically their comment on /. something like 20 years ago.
>Apple is too expensive
M4 Minis are like, $500.
Scammers successfully sell reskinned Android phones as iPhones to unsuspecting marks, I’m sure you’re right that many people wouldn’t notice.
> Meanwhile the user experience of Linux has dramatically increased. Put on a good skin and most people wouldn't notice the difference.
As someone who spends time using MacOS, Windows, and Linux ... even if you managed to make them look pixel perfect identical, everyone would notice something is off immediately. MacOS, Windows, and Linux desktop environments all feel distinctly different.
MacOS feels like you're waist deep in the shallow end of the pool trying to run. You feel like you're being held back in terms of speed but never out of control. Window max/min is easy, want to resize a window? That'll be 5 minutes of your life you'll never get back.
Windows is like an overeager dog, it's fast and nimble but don't blink or you'll loose your mouse cursor. Max/min/resize? Sure it's effortlessly easy right up until your mouse hits a zone and then it snaps the window exactly how you didn't want.
Linux gives you the freedom to do whatever you want, and that's exactly what every single app developer has done with their app experience. Will a click of the scroll wheel move at light speed or a glacial crawl? You never know, but what you can count on is that it will be entirely different if you use a touch pad. Want to resize a window? The mouse cursor might change to the resize icon, but damned if it doesn't activate the window beneath when you try to click and drag.
> Windows has turned itself into spyware
Has?
I cannot recommend Linux to my parents simply because they're too attached to MS Office.
Anyway, I wonder to what distribution should I switch to.
Do they use MS Office for work, or just simple hobby stuff? If it's work stuff - leave them alone. For hobby stuff LibreOffice is a good replacement that you can trial on Windows. As far as distros go, I don't like some of the decisions that Canonical has made with Ubuntu, but it's hard to argue with how simple, reliable, and complete it is. I don't want to run it for myself, but it's great for some people.
You will need to cite your sources that Apple is going the same way.
From what I see, Apple has launched private cloud compute with better privacy safeguards than any other big tech firm. In fact, their personal assistant is the worst one because it is so dumb.
They don’t seem to make money from your data because, as you say, they have already made huge margins on hardware and apps.
> You will need to cite your sources that Apple is going the same way.
https://news.ycombinator.com/item?id=43047952
https://news.ycombinator.com/item?id=43003230
https://news.ycombinator.com/item?id=42014588
https://news.ycombinator.com/item?id=34299433
https://appleinsider.com/articles/24/04/10/apple-makes-it-re...
https://sneak.berlin/20231005/apple-operating-system-surveil...
> They don’t seem to make money from your data
It's changing:
https://www.macrumors.com/2024/11/19/apple-now-directly-sell...
And finally:
Apple's Software Quality Crisis (eliseomartelli.it)
1196 points by ajdude 79 days ago | 1213 comments
https://news.ycombinator.com/item?id=43243075
Why quiet downvotes? My links demonstrate that Apple is collecting a lot of data, not giving an easy choice for the opt-out and starting to use that for ads. Also the software is getting worse.
Heated topic. Don't let it get to you. People like having tribes.
(I'm definitely in a tribe too. But I hope my comments here, and elsewhere, show that I'm more than willing to criticize the tribes I affiliate with)
> Apple is too expensive
On literally what metric? Even if you do the most naive comparison of compute and storage, Apple now comes out ahead much of the time, to say nothing of differences around quality, display, controls, etc.
https://news.ycombinator.com/item?id=44055640
On the metric that people see PCs as disposable appliances and don't consider a small format box like a Mac Mini to be a real computing device. They don't give a crap about "compute," they care if they can open their web browser, outlook, and play their little slot machine game. You're not gonna get Meemaw who spent her entire career as a secretary working with Windows machines to go to Mac just because you like the specs. Hell, my mom has owned the same PC for 15 years now and I can't get her to move away from THAT.
Apple is too expensive and going the same way.
Apple would have had near 100% OS market share if they’d have tossed their hardware restrictions.
I am definitely moving to Linux this year. I'm a not a developer, but I am willing to tackle the learning curve. I have been a Windows user from my very first computer, my first internship was at Microsoft. But I am done with the directions they have taken these past years!
Awesome! Great to hear!
There definitely can be some hurdles depending on what your goals are. If you're mainly browser user, don't stress. If gamer, go PopOS (if want to be a bit more, EndeavourOS is a good recommend).
If you do want to learn linux, then I actually suggest doing things "the hard way". That is installing Arch (fastest newbie I've seen is install on the 4th attempt) and try living in the terminal. The failures lead to a lot of learning. But it is a good way to learn because it forces you to get your hands dirty and makes you quick to not be afraid because well... you will have already experienced fucking up and it is less scary once you have haha. It's one of those things where you don't feel like you're making progress but boy do you learn fast this way.
But this of course is not what everyone should do! I just wanted to offer the advice in case you or anyone does. I am being serious about it being the hard way. But it pays off.
Enjoy! Keep an open mind and you'll discover computing can still be very fun!
[dead]
Linux still suffers the same flaw as always, though: it's just bad. And the projects that claim to make it better end up being a lot like Microsoft or Apple.
You or I can use Linux, because we're the same type of people who visit Hacker News. It's also completely possible to get your great-grandma on Linux, since the web browsers work the same and you can install the specific apps they need to use and they'll never care about anything else. But the middle user is working in an office exchanging Microsoft Office documents all day, making video calls through Teams, and using one out of a zillion business apps developed specifically for Windows.
We need more free and good projects, and the problem is, that costs time, and in between Richard Stallman's heyday and now, the rent's quadrupled.
> Linux still suffers the same flaw as always, though: it's just bad.
It's not bad for me. "Bad" is subjective.
Sure, it's not a good fit for "normal people". But as long as it's not targetting "normal people", I don't see how this is a problem.
I'd like to see stats about that middle user though, I would think that this usecase decreases fast as things are moving to the browser (Office366, Drive, mail, even corporate apps).
Other types of usecases have gone very Linux-friendly recently (e.g video games thanks to Valve).
Maybe I'm nuts, but I absolutely love timesnapper (the non-LLM predecessor of Recall, but the same screenshot every few seconds concept).
I originally got it for it's main advertised function--making it easy to record hours for contract billing--but once I had it running I was hooked.
It's just incredibly useful to be able to pull up what you were doing at any given moment, or how you did a particular thing, a few months after the fact.
I haven't used Recall yet but hooking it up to a multimodal LLM seems like an obviously useful thing.
Then it should 100% be a clear opt in, with no weasel words. No yes/no dialogs with "Yes" or "Maybe later".
OneDrive being on by default and hoovering up your data automatically has burned at least one family member, and it seems like recall will follow the same path.
One of the driving forces of my full windows exodus was Recall. I knew they wouldn't seriously scrap the project. Glad to see measures are being taken to avoid the spies. Shame it comes to DRM though.
Yours is the real solution. What Signal did is a temporary kludge around the underlying problems, which include that Microsoft is hostile towards customers and users whenever it thinks it can get away with it.
Also, as you get into mechanisms like DRM, which treat the owner and user of the device as adversaries, you make it harder to detect when the device or something on it is misbehaving against the interests of the owner/user (such as for secret surveillance).
> Microsoft is hostile towards customers and users
MSFT is implementing hierarchical control and monitoring on their desktop computers. Executive branch, legal and finance are the drivers. Users are serfs.
I mean what else can signal do? You can't win against whoever controls the OS or hardware. They have effective absolute power. They do have to treat the "owner" as an adversary because companies like Microsoft make claim that they are the owner, not the user.
From a security perspective, you shouldn't be using anything you don't control from the bottom up. That includes Windows and Signal. Full stop.
But in a pragmatic world, we can't have that level of security. You're reduced to deciding where you are willing to tolerate the security weaknesses. Obviously, no software or hardware will be 100% secure. But absent having an existential state level need to roll your own, you just have to pick from what's out there and accept that none of it is fully secure.
I mean I agree but this also is acting like there's no alternative. Apple exists. Hell, Linux exists and is easy these days (see main comment).
It's just unclear to me if your comment is implying that we should just roll over. If so, I vehemently disagree. If not, I'm actually not sure what you're saying and sorry if I'm misunderstanding.
> you shouldn't be using anything you don't control from the bottom up
You absolutely do not control any Apple device from the bottom up. It is Apple software running on Apple hardware, tons of closed off secret stuff in there.
And even then, you probably don't really control whatever Linux you installed from the bottom up. It's filled with code you didn't audit and validate, you're probably getting updates delivered on a regular basis by people you don't know, etc.
And even then, where are you going to run that? On a modern x86 processor running all kinds of UEFI software and microcode with security coprocessors you can't directly interface in but can see all your memory and devices?
So what's your point? I don't get what you're arguing other than giving up. I'm sorry, but if someone wants to take a shit on me I'm not just going to submit to that fate. I'll try to get out. I don't know about you, but I'd rather step in shit than have it forcefully poured down by throat.
At least with Linux, I know there are other people checking. People with expertise I don't have. People not incentivized by their own employer. Certainly this creates higher levels of trust than the closed source setting. If it doesn't, then your argument applies to literally any subject. Medicine, food, whatever. Let's not act like this is a binary setting, it is a spectrum. There are situations that are better than others even if they aren't perfect.
My point is, practically speaking normal users have just as much "control" over their stuff whether it's running Linux or Mac or Windows in the end. It's pretty much impossible to truly control the whole stack from the bottom up, it's a pretty much impossible standard for normal people they created.
> People not incentivized by their own employer.
Tons of FOSS is written by people paid to write it a a part of their jobs. And I don't know why I'd trust a passion project of an amateur doing it for fun over a paid professional doing it. Maybe the guy doing it for free is better, maybe he isn't. Do you trust the guy giving medical advice over the internet on some random blog over the licensed paid specialist doctor you might otherwise see? Do you trust the pills made by a pharmaceutical company to actually be what it says on the box more than a guy handing out pills at a concert? After all that guy posting on the internet or handing out pills isn't being incentivized by their employer!
And I wouldn't necessarily trust some random open source project over a similar closed source project if I'm not going to take the time to actually audit it myself. Just having the source code over there doesn't do anything for you if you don't read it. And besides, you're probably going to pull compiled binaries and aren't going to actually verify that build are you? And you're building it with what, a compiler you downloaded already compiled? You definitely validated that, right?
You're right, it's a spectrum of choices one makes. But it's not like open source instantly makes something more trustworthy or more secure or something. You have the ability to do more to trust it, but it isn't inherently more trustworthy by just having the source available.
Bingo. Furthermore, the annoying things that MS does are predictable and usually not directly harmful. Yeah they want telemetry, they want to encourage me to use expensive autocomplete everywhere, but ultimately the range of bad stuff is "oh dear the corporation is trying to upsell me nonsense I have to turn off", not "my OS is the combination of thousands of distinct software packages where I have to trust literally everybody with code execution... I sure hope this keeps working out".
Disagree; publishing the source is a genuine positive step. It means there's a much bigger chance that anything bad in the code will be found. Don't let perfect be the enemy of good; it's important to continue pressuring Linux distributors and hardware makers to do better, but we should also celebrate the things they're doing right and give credit for what they do better than MS or Apple.
I think you're misunderstanding what I'm trying to argue. There's important context to what we're talking about: Linux.
The argument is not: "Having source code makes it trustworthy"
The increase in trust is primarily driven by unaffiliated experts. The open source part makes that easier, but is not what explicitly drives the trust.
No one is arguing against this. I even agree with you.I brought up the difference in trust by third party due to this. The level of trust is different. While /control/ may be the same /trust/ is not.
It does not matter that FOSS is written by people that are paid. It matters that people that are not paid look at it and investigate it. Or even paid by a different party. Paid or unpaid is not the critical variable here.
Look at it this way:
In a closed source ecosystem, do you trust an organization that has had a 3rd party audit MORE THAN one that hasn't?
Of course you do! It isn't complete trust, and certainly you may wish to (and should) scrutinize the third party auditors to ensure that they aren't just acting as "yes men", but the level of trust objectively increases. Certainly this should continue to increase as the number of parties grows. That's because the likelihood that these parties are "on the dime" decreases.
This is significantly different from the scenario we're discussing... Let's rephrase Clearly we trust #2 more.You'd be insane not to! It'd require a much more complex environment for that to be lest trustworthy with such high amounts of conspiracy that you may as well trust nothing that you can't verify yourself. But in that setting you can't trust your own knowledge because you aren't able to derive everything from scratch either. You literally can't trust the knowledge that you read in a book, on the internet, or anywhere if there is that level of conspiracy. But clearly we don't believe in that ludicrous scenario.
Certainly there are a lot of shit FOSS out there that is no better than the drug dealer in your example, but we're talking about fucking Linux, not a random GitHub project by some uni student. Certainly I don't trust that one! But that one doesn't have multi-party vetting and is far from the type of software we're talking about.
I hope we're on the same page now.
> we're talking about fucking Linux
Linux, the kernel? Sure, I bet there's tons of analysis and studies and reviews and scrunity on every merge. Lots of organizations are constantly looking at it. It's probably one of the most scrutinized code bases ever created. Same with some other core system things like the various parts of systemd and similar components. I bet there's a lot of packages related with a major Linux distro that do get a lot of eyes.
But then what about the other 900 or so packages on that desktop install? Are all of those getting some extensive reviews every check in? Constantly getting audited? Probably not. We probably don't really know who many of those people are. How many other Jia Tans are there out there, quietly managing widely used packages, people assuming they're being reviewed?
You're seemingly making a massive assumption there's much review happening on the vast majority of packages. And yeah, on most normal Linux distro there's going to be tons of packages that aren't routinely being audited and looked at. And once again, having the source sitting in the corner with nobody looking at it isn't going to do much for you.
Don't get me wrong, I use FOSS all the time, and I generally do end up having it cross the threshold of trust. FOSS is awesome. But for most FOSS I use, I don't really trust it any more than I'd trust some codebase from some other large and otherwise reputable software vendor. And sometimes, I trust it even less.
Again, you're missing the entire argument being made.
*That doesn't mean you're wrong*
Again, I agree with you.
We're just talking about completely different things and I'm not sure why you insist that we aren't. I'm sorry, I just don't enjoy talking to the wall.
I feel like I do understand what you're saying. You're quite literally saying:
> At least with Linux, I know there are other people checking.
And I'm taking that as "a Linux-based OS", as that's how most people mean it.
And you're assuming there are people checking, you probably don't know there are for that entire OS distribution. But there's probably tons of software you're running in that "Linux" system that where there aren't people checking. And as we've seen with things like xz, a small seemingly unrelated package can routinely modify very highly privileged and trusted applications in ways allowing a backdoor to be inserted with nobody noticing it by looking at the code.
We've gone from "you shouldn't be using anything you don't control from the bottom up" which you suggested to use Apple (a platform you absolutely don't have much control and is filled with closed source). From there you shifted the discussion to trust and "At least with Linux, I know there are other people checking." Which isn't necessarily true, a ton of that code you're running has probably only been reviewed by a small handful of people. A handful of people who may be very nefarious.
You say "The multi-party verification is what drives trust", but tons of that "Linux" OS doesn't really have multi-party verification.
And in the end we're going to apt install something and probably get binaries built by who knows, docker pull tons-of-shady-stuff from wherever.
And don't get me wrong, I agree many similar arguments could be made for a lot of closed source software as well. There might not be many reviewers either.
If I'm not getting your point, I'd say you're not really sharing it coherently. I've been re-reading of your comments and I'm not sure how else to read them.
It's okay. I don't think it is going to happy.
Because of this. That's not what we're talking about. You keep moving the discussion to somewhere else. The reason I keep pointing at things you're not looking at is because you keep wandering away from what I'm talking about. I've been trying man. I just don't think it'll happen. Best I can do is point back to the pharmaceutical example. I really don't care about the street dealer, they aren't what's being discussed. If you can't hear me, sorry, I can't say it any louder.Who we're comparing to matters. This is all I got left in me
None of those magically imbue you with knowledge that should make you trust. But certainly one is easier to gain trust. Certainly one has more people with less incentives verifying. If you cannot differentiate that, then we're never going to be able to speak the same language.Stop telling me what I'm saying and start listening to what I'm saying I'm saying.
> I am not
Its a direct quote from an earlier comment you made. I can scroll up a few lines and see it my dude. What's the opening sentence of the second paragraph of this comment?
https://news.ycombinator.com/item?id=44055994
> Best I can do is point back to the pharmaceutical example. I really don't care about the street dealer, they aren't what's being discussed.
That's the thing though, there's probably packages installed on your Linux machine right now that are far closer to the guy handing out pills at a concert than highly regulated drug manufacturers with third-party auditors reviewing their ingredients in the pharmaceutical example. You're acting like that stuff just doesn't exist, burying your head in the sand to the problem and assuming people are actually reviewing things. They're often not.
> Linux: Trust us, here, figure it out yourself
Yeah, figure it out yourself. But don't worry, there's lots of other people looking at it for me. Except for all those times there aren't. Once again, you're assuming people are actually looking at these things without verifying it.
> I mean what else can signal do?
How about allowing us to run it on hardware that we can control: GNU/Linux desktop and phones, without requiring a connection from Android?
Whats wrong with https://signal.org/download/linux/ ?
edit: Oh you mean the registration that requires a phone
AFAIK it's not just registration. The Android phone can control the Signal app, if I'm not mistaken.
Also:
Apple and Google confirm governments spy on users through push notifications (androidauthority.com)
https://news.ycombinator.com/item?id=38555810
If this is your major concern, I suggest moving to a deGoogle'd OS. There's still going to be concerns even after wiping Android because there's hardware, but certainly this places trust less in the hands of Google (but you're still going to need to trust the OS maker).
Registration is fair. There's been a lot of pushback against this. Things look to be moving in a positive direction with usernames, but hasn't quite come to removing phone number requirement. I believe they are still using this to help reduce spam (much easier to spam if email or no outer registration. But I hope they resolve that).
it is absolutely insane that we're forced to DRM our own applications to protect ourselves from our own computers
Agreed. Reading this makes my head explode a little.
15 years ago, DRM was all about the DVD restricting where and when it could be played. Now it seems like we're using DRM to reassert our own rights?
This timeline is cursed.
I think there was always a similarity or homology between DRM and many privacy scenarios that people care about:
Party A sends information to party B intended for use in a specific context, but wants to limit the risk of it being stored or forwarded for use by other parties or in other contexts.
DRM typically connotes that party A is a media company and the information is a movie or something, but - as in the case the article is about - party A could also just be a regular person and the information could be private personal info.
It's not even real DRM in any meaningful sense. It's just asking the OS really nicely to not allow the window to be screenshotted.
No, you can just turn Recall off. You don't need DRM for that.
Yeah, I'm a bit confused at all the Recall outrage. It's an opt-in app that only stores data locally. If you think they're lying and are going to secretly upload the screenshots, well they can do that already.
Enabled by default ≠ opt-in.
> we're forced to DRM our own applications to protect ourselves from our own computers
it's an interesting irony, but it has an apt comparison to GPL - forcing the laws of copyright to enforce freedom.
It's a classic "hack" of the system!
Go back 10 years and tell people that MS periodically takes screenshots of your apps and sends them to MS and there would be heavy lawsuits.
AI has made people idiots in more ways than expected.
They're "Sending them to MS"? Huh?
Well, it's not so much our own computers we need to worry about, it's more computers we think of as ours, but we actually borrow from our school/work.
Windows Recall would be a pretty good feature if it somehow only worked for real personal computers.
It is absolutely insane that FUD and misinformation is the default now.
[dead]
Fighting with the OS is futile. The OS is always in control and apps can only ask it nicely to do things.
Microsoft can simply change Recall to capture DRM-marked content too. And to avoid copyright issues, it will store some kind of visual summary (or whaterer the neural network can use) instead of plain screenshots like it is doing now.
It’s really come to this? As if accepting the 4 different data sharing Eulas required to install windows wasn’t enough, now apps need to DRM themselves…
I'd presume, this is a logical conclusion of trusting trust.
The moment you don't build your own device, TEE with provable encrypted executions or FHE is the only way to run reasonably secure apps.
Isn't Windows Recall opt-in?
I'm not sure, but in recent years, Microsoft has made a lot of negative headlines by silently re-enabling settings after updates, so this doesn't seem like something you should trust.
i would imagine there to be a tool in the future to constantly check for settings like these, and re-disable it when it changes.
Does it really matter? They'll assault users with "Enable recall to access this feature, yada yada" and 99% of people will just do it. Just like every other spyware feature they provide.
Yes.
"To use Recall, you will need to opt-in to saving snapshots, which are images of your activity, and enroll in Windows Hello to confirm your presence so only you can access your snapshots."
I understand people not liking Recall. I'm one of them. But for something that is opt in now and even if opt later can still be disabled. So changing OS's because of that seems like an overreaction.
It's the straw that breaks the camel's back I think for most people.
Constant nagging by the operating system for Windows products (I have enabled onedrive personally, but for some reason it installed two file explorer quick access links, and the workarounds online fail to persist reboots) -- hijacking file extensions, hijacking program aliases (I just had to remove a windows store alias in my env variables for "python" despite having it already installed months prior), the constant cat and mouse to have local account-only possible, inability to remove edge/stop being pestered about it, and now recall (which is not truely opt-in since it gets installed whether you want it or not).
the crutch is that an update could silently re-enable it, in a way that you aren't notified, and it'd be too late to try disable after it captured content off your machine you didnt want captured.
Oh, good. Local activities that used to be anonymous and private are now public with non-repudiation.
What's public here?
For now
We're only a single Windows Update from silently changing that
It is why i disable windows update, and manually check each first, before installing it.
The security vulnerabilities you fix is no longer the only threat actor these days - you have to also model the threat of microsoft, and how their updates can break your system, change it in irrevocable ways etc.
Does anyone else feel like Signal is acting like Recall is the only app that could record your screen on Windows? It seems like this is something they should have been stopping for a long time and they are finally addressing this loophole?
The penetration of other apps that record your whole screen 24/7 is pretty low. Whereas this will be close to 100% of windows users.
Will it though? They are acting like it is already 100%, when it isn't only in a difficult to access preview that only Windows 11 users with Copilot+ PCs can use, and even when installed, it requires opting in.
How many hours a day does Zoom/Google Meet/etc record many users' screens? I'd suggest that it unbelievably common for a screen to get recorded many hours every day already. I had always (incorrectly) assumed Signal required a desktop app so that they could block screen capture like they finally do now.
Very few computers support Recall, even if they support 11. So no, it won't be 100% of Windows users.
As somebody who had to use signal messages as evidence in court, there are legitimate reasons to capture screenshot of signal. If people have spyware then that’s on them. When the OS becomes the spyware… well I support signal’s timing on this.
It's nice to see them add an option to disable this behaviour, now if only we could get an option to include Signal messages in iOS backups...
Yeah; the lack of backup support is getting really old. I was hoping the article meant that you could optionally set it to recall your chat history across backup/restore.
iOS <-> Android account migration would also be good.
I last used Windows in the Windows 8 days. That was when they added the telemetry "feature" that lets MS engineers copy files off your box without your permission (and without notifying you).
At the time, they claimed it's only for debugging software failures, and even then, only with managerial approval. My reading of the US CLOUD Act says they're obligated to let the US gov't copy arbitrary data off your machine, regardless of what country it's in.
I'm not sure if they still do it. The documentation of this stuff is well-buried.
Continue to be happy to have deleted windows from all my computers, including for gaming. There are issues with closed source OSs in general, but microsoft has continually shown that they make bad decisions and just aren't trustworthy.
Gaming on Linux using steam works great for me. There are more games than I have time to play and I don't even need to worry how they work (emulation vs native) as I had to do many years ago.
I think this is quite strange, imo this is just virtue signalling / activism and much less about privacy. I install Signal on the Windows operating system on the computer I trust. If I wouldn't trust Windows, why would I install Signal? Also Recall is an opt-in feature, it's not spyware, that's simply FUD.
Second, Apple is doing something similar except they send all your data to the cloud (yes I know Apple says private cloud, but there's no such thing). What's Signal's take on that?
I respect their stance on privacy, but this doesn't feel like a rational decision to me.
You might trust Windows and even actively want Recall and simply not want private Signal messages, specifically, to be captured by it. For the same reason that Recall already tries to exclude browsers in incognito mode, as mentioned by the article.
Yes, I can see why the feature would be valuable. But the blog post is an emotional rant against Recall. Signal is lacking a lot of valuable features, I doubt this is high on the list of most users, yet time and effort has been spent on it. If you don't want Recall, then don't use it.
If only Recall had the option to configure which windows or apps to exclude. Wait. It does. Since announcement.
> Apple is doing something similar except they send all your data to the cloud
They do? Since when?
https://www.apple.com/apple-intelligence/
> Draws on your personal context without allowing anyone else to access your personal data — not even Apple.
Personal context === privacy sensitive data.
> Apple Intelligence is designed to protect your privacy at every step. It’s integrated into the core of your iPhone, iPad, and Mac through on-device processing. So it’s aware of your personal information without collecting your personal information. And with groundbreaking Private Cloud Compute, Apple Intelligence can draw on larger server-based models, running on Apple silicon, to handle more complex requests for you while protecting your privacy.
They can use nice sounding words such as "privacy at every step" and "protecting your privacy", but that's marketing. The facts are that Apple Intelligence is baked into the core of your iPhone for analyzing personal data and they send the data to the cloud.
Thanks.
This will give you a better idea of what they are doing [1].
[1] https://security.apple.com/blog/private-cloud-compute/
Unfortunately Apple is in $HN_GOOD_COMPANIES and Microsoft is in $HN_BAD_COMPANIES so facts don't matter, but yes Windows Recall is objectively more private than Apple Intelligence.
this would presumambly also prevent signal from working over RDP/remote desktop.
With that said, anyone by default this seems somewhat pointless (though I might be wrong), as by default it seems signal keeps the entire message history in a sqlite DB on the machine. While one can argue that the screenshot history is problematic, the sqlite DB is just as problematic if one views it as a need to have good privacy defaults, and I'd argue that the sqlite DB is much more valuable to exfilitrate than the screenshot history.
Now, one can counter that one can purge the message history (all or in part) in a manner that is easier than with Recall, and I'd agree that Recall would be better if it gave the users fine grained ability to purge things from it, but that doesn't change the argument that we are simply seeing virtue signaling here (pun slightly intended), as this change to defaults doesn't really improve a user's privacy.
I never thought I'd see the day when DRM would actually be used in a positive way. Good job, Signal.
If an app did this without an off switch, what would be the easiest way to bypass it and take a screenshot anyway, assuming the goal is a higher quality result than taking a picture of the monitor?
Can't wait for the day when I can have my gaming PC be on a Linux based OS, thats really the only reason I have it at all
I'm surprised that Signal isn't kicked out of the Windows app store for abusing DRM like that.
(saying this as a Signal fan)
Is it abuse? Are there rules about what sorts of media can and cannot be protected by DRM?
Yeah, technically this seems like exactly a DRM scenario: Party A sends information to party B intended for use in a specific context, but wants to limit the risk of it being stored or forwarded for use by other parties or in other contexts.
It's not even DRM, just a Win32 call that hides the window from screen capture. There's no anti-tamper or protected media path.
I don't think Signal is in the Windows app store, is it? I've never installed it from there.
And this isn't really abusing anything. It's just a flag a window can set to say it's sensitive and shouldn't be included in screen grabs.
it's good that microsoft isn't the arbiter of what should be allowed to be installed onto a machine.
I actively dislike walled gardens. It's fine to have a store, and to sell via a store, but it should never be an exclusive option.
Signal isn't in a Windows app store to be kicked out of, though
I have a very nice Microsoft Surface Pro running Windows 10. I refuse to update to Windows 11. Has anyone tried a Linux distribution on such a device? Which one would you recommend?
sigh Time to go full *nix?
https://www.youtube.com/watch?v=lm51xZHZI6g
No OS or app should be able to stop me taking screenshots. Not my phone, not my desktop. It's MY device. I should be able to take screenshots of whatever the hell I want.
And I have the expectation that my OS not take constant screenshots of what I’m doing (Microsoft Recall), which is what this Signal feature is trying to prevent. You’re welcome to turn the feature off so that Microsoft can store screenshots of your Signal chats.
As are you welcome to turn Recall off.
Are you upset about DRM in general? Or that Signal, by default, prevents Windows from capturing the Signal window when it screenshots the screen every few seconds?
because it sounds like Windows is the problem here, doing this screenshotting at all. And Signal allows you to disable the anti-screenshotting measure
I agree with you, but this particular one seems to be a feature you can toggle off. It's a tradeoff between that said freedom and privacy.
That's off-topic:
1. You can disable that feature in the Signal settings (they say it in the post)
2. They don't have another way because of Microsoft (they say it in the post)
Did you read the post?
Second this. What's the point of this security aspect when everyone has their pocket cameras in their phones? This is nonsense.
The same is true for spyware installed on employee computers. Google laptops will snitch on you if you even attempt to attach USB drive. While there is HDMI and KVMs, there is no point of having these restrictions.
Apps take screenshots all the time, e.g for crash reporting. Then they phone home with them. Most apps obviously ask politely when this happens but I’m sure there are exceptions. Not to mention malicious apps. There is no real security or isolation for screenshots that I’m aware of so app one will happily snap a picture of app two, without needing special permissions. That other app can be your password manager or baking browser tab. So apps explicitly opting into being in the picture is perhaps not such a bad idea.
> What's the point of this security aspect when everyone has their pocket cameras in their phones?
It's not to stop the people from screenshotting. It's to stop the accidental exposure via some screenshot or some other mechanism.
“ To help mitigate this issue, we made the setting easy to disable (Signal Settings → Privacy → Screen security), but it’s difficult to accidentally disable. Turning off “Screen security” in Signal Desktop on Windows 11 will always display a warning and require confirmation in order to continue.”
If you have to have this kind of monitoring on your OS, to circumvent spying on your apps, something is really wrong and you should probably take the nearest exit.
as the official communication tool for the US government national security team, isnt signal required by law to recall now?
> If you’re wondering why we’re only implementing this on Windows right now, it’s because the purpose of this setting is to protect your Signal messages from Microsoft Recall.
To nitpick, that doesn't tell me why you're only implementing this now. That tells me why it's more important now, but it doesn't tell me why it wasn't good before now. But the word "only" suggests that there was a reason you didn't do this before now.
I don't think they meant that 'only' in a temporal sense. Rather, they meant why that's the only platform they're implementing it on for the time being.
> "If you're wondering why we're [not implementing this on other platforms right now] [...]"
I think they mean only Windows as in 'Windows but not other platforms yet'. The wording is confusing.
They do support this feature on other platforms though. It works on my Android phone.
Ha I love that DRM is being turned for protection of actual people instead of industry giants.
Hopefully Signal manages to turn all the recent press into a positive for user acquisition. It's a fantastic app and service. In an ideal world, laws could be updated for the digital age such that automated disappearing messages were not considered equivalent to deleting records, but rather to an in-person conversation or phone call for which records would not be expected to be kept in the first place. I'm not holding my breath on that one though.
> “Take a screenshot every few seconds” legitimately sounds like a suggestion from a low-parameter LLM that was given a prompt like “How do I add an arbitrary AI feature to my operating system as quickly as possible in order to make investors happy?”
No, actual AI is smarter than Microsoft managers, it seems:
Here are some ideas for adding an arbitrary AI feature to your operating system quickly to make investors happy:
- AI File Search: NLP for file/setting search (search files by NLP querying)
- Auto Window Layouts: AI-suggested window organization ("coding mode", "research mode" depending on detected usage patterns)
- Smart Notifications: automatic notification condensing to reduce clutter
- AI Clipboard: Keeping a categorized clipboard paste based on content
- Predictive App Launcher: Suggests apps based on daytime, usage, recently opened files
- AI Wallpaper/Theme: Smart visual suggestions, i.e. wallpaper based on current weather, mood, etc.
- Voice Quick Commands: AI-based voice OS control ("Open browser")
- AI System optimization: for example, content-based disk space cleanup
Any of the above are better than this nonsense.
Some of these features already exist in Windows such as the predictive app launcher, voice commands, and system optimization.
For example, when a meeting that had an attachment of some spreadsheet is coming up, it's already in my start menu.
You know I understand this is HN so I might get downvoted for saying this (with no explanation) but we should start enforcing computer crimes when corporations do it
If Microsoft decides spying on you and inflicting DRM or whatever or any of the other companies they should be liable in criminal prosecution
At least some of these you could plausibly argue even violate the CFAA and is about on the same level of some lone black hat hackers
> they should be liable in criminal prosecution
What's the crime? What's the damage? Nobody is forcing you to use Windows, in fact most developers I know are on a Mac
> they should be liable in criminal prosecution
What's the crime? What's the damage? Nobody is forcing you to use Windows, in fact most people I know are on Mac
I switched to Linux permanently in 2015. Didn't know it would get this bad but forced updates was what convinced me to switch. It seems every time I see Microsoft in the news, it's very specifically NOT for good reasons. Grabbing my popcorn...
I look forward to the first report of domestic abuse or worse caused by recall. I really hope this never happens and pray it doesn’t but I am 100% sure someone is going to utilize this feature to see exactly what their bf/gf is doing when online. Those who are not very tech savvy will ultimately do something online and their partner will look and see exactly what they did and snap. This scenario will be Microsoft’s fault. They are literally installing spyware as a feature. I hope no one gets killed.
As per the aicorp jurisprudence copyright doesn’t apply to AI usecases, so I’m sure they’ll fix the DRM „no screenshots“ flag preventing AI capture — it’s only legally self-consistent. Teams probably gets its own private API to exclude itself anyway (all Teams content must be privy only to the TeamsAI).
This isn't a copyright issue.
From a legal standpoint, it's also not a privacy issue, since the US Supreme Court eliminated the right to privacy at the same time as Roe v Wade. Certainly, it's not trademark related.
So, what legal recourse is left?
Uninstalling Windows?
DRM isn't about technical enforcement of copyright?
Microsoft really seems out of control. Yesterday I noticed that OneDrive was turned on automatically (I've always been very clear about not turning it on). Which was incredibly shocking to me, that they'd just turn on uploading my data to the cloud on the sly. And of course, it's nearly impossible to turn off Edge loading things. I'm really on the verge of switching to Linux, it's getting too awful
I’ve been running Linux distros on my primary machines for over a decade now, and there’s no way I’m going back. Even a few years ago I figured “when I finish grad school, I’ll probably get a Mac just for a smoother experience working with colleagues.” But even in the past few years the volume of complaints I hear from friends and colleagues seems to have skyrocketed - updates randomly breaking their environments, new annoying barriers to installing real software, pestering notifications that you can’t seem to turn off. Meanwhile, my Linux experience only seems to improve! And I hate Windows with a burning passion - just no way I’m using it on my personal machines.
Been using Linux for ages, but only for a few years on my home desktop, because Steam is now that good, and gaming is a major part of that computers duties.
HOWEVER - I've yet to find a good email client. Kmail is good, but uses Akonadi with is a disaster, and literally doesn't work. I have to restart it multiple times a day, because it silently stops working. I have found bug reports about this issue going back years which are either ignored or marked fixed, which it clearly isn't.
Don't say Thunderbird.
> Don't say Thunderbird.
Thunderbird. Seriously though, why do people hate on it so much? I use it on all of my non-mobile devices and the latest version out of the box (at least for Linux desktops) is really sleek.
My only issue is Google Calendar integration, and that's only because auto-generated calendar entries suck and cannot be dismissed. When those events pop up, I just click on the link in the notification which takes me to the email and calendar view, and I delete the auto-gemerated event on the Gmail website.
I've heard folks complain it gets slow with very large or old mailboxes. One reason that happens is that they need to be compacted, another is that the sqlites need to be vacuumed.
So, twice a year I compact my mailboxes, and I put a sqlite command loop to vacuum in my main cleanup script. Which I run maybe once a month.
Yes, strictly speaking I shouldn't need to do this, but my tbird install has been running happily for decades now.
I just switched from mbox to maildir instead. More storage used, faster client. Single change in settings.
Does Thunderbird convert each folder automatically? Reliably?
Yes. At least in my experience.
Because in v115 (I think, it's been a while), the interface received a thick coat of clown makeup for no reason, and now it's terrible and there's no way to revert it. You can apparently hack some CSS to make it tolerable, but I'm not going to engage in a war with my email client, because I know that solution will break with every update.
You search for a solution to this, you get plenty of hits of people trying to revert the UI. I'm not alone with this opinion. It's an email client, it's not supposed to be new and exciting. The interface was fine.
All I really want is working Kmail. It's boring in the best kind of way.
Is "Message List Display Options -> Table View" not pretty well exactly what you want? I enabled it (on desktop) shortly after the roll-out, and I've never had it revert back. There's no CSS hackery, no forced reversion, not even a hidden menu - Card vs. Table view is a top-level menu item.
Telling me "There's no way to revert it" feels like, at best, giving up at the sign of the smallest difficulty. At worst it's a bad-faith argument, as it's clearly possible - and fairly easy and straightforward, IMO.
No, it's not the list view.
Mozilla themselves called it "Rebuilding The Thunderbird Interface From Scratch", and as we know, rebuilding something from scratch is a great idea, and improves the product on all metrics always.
In my opinion, it's a travesty. I refuse to use it. I would rather use broken Kmail.
> Don't say Thunderbird.
Hmmmmmm, why are you saying that?
I'm using *** for 20 years. Even when I was on Windows years ago. *** might not be fancy, but just works. And IME works very reliably.
What actually do people expect from an email client that they don't get from a web-based one?
Working offline such as on a train. This includes having all emails and attachments saved locally. Also useful for backups. E.g. suppose you get locked out of your email account because "AI says you look suspicious". How ruined is your day?
Managing multiple email accounts in a single interface.
Easily moving emails between different accounts and from online to offline.
Relatedly, storing years of emails with attachments on a local drive is cheap. Storing them in webmail is a hefty subscription fee. I have no issue with one time payments, but I like to minimize subscriptions.
The new outlook lost all these capabilities - I was stunned to find out that I couldn't search through my emails while being offline
Local search in most commercial software has regressed since ~2000.
My only explanation is that local search is inherently cross-team and integration-heavy. Consequently, if there's no higher-org prioritization it just molds and breaks over time, as unaddressed integration bugs pile up that cannot be fixed by a single team.
Companies shipping their dysfunctional org chart.
Still, I never thought I'd say that I could do things with the built-in search 20 years ago that I can't today.
I used thunderbird when I had multiple email inboxes I needed to monitor. They were all visible in the same interface, with one master password.
Personally, I like local apps rather than everything being a browser tab.
I have seven emails to monitor for work. I'll probably have more before end of year. Multiple environments for multiple clients.
Having that in one place, is essential.
Not seeing ads?
The only ads I ever see in either Google or Proton web mail clients are for their own services, or if I check the spam folder. And I don't have an ad blocker set up (I have NoScript, but there isn't any third-party JavaScript anyway).
I use webmail clients nearly every day and I don't see ads.
Mailspring is ok but pretty massive. IIRC only the sync part of it is closed-source. Managing 10+ accounts is not a problem.
Also nextcloud email maybe?
Vivaldi mail component is underrated but comes with the browser baggage.
What were you using beforehand?
I personally use Claws Mail with plugins, but OAuth2 is laborious to setup. Works though.
mutt is all I'll ever need...
gnus (on emacs) is pretty good. But it may require an entire lifestyle change :)
The beauty of gnus is that it's elisp all the way down. So if you don't like something, it's most likely configurable.
Did you try Evolution?
I absolutely hate how Windows now basically forces you to sign in with a Microsoft ID in order to facilitate this kind of stuff. I just want a local system; I don't need all this online crap built into my desktop OS.
For the last two decades or so I've been running Linux for everything (personal and work) except for gaming. I'm to the point of being sufficiently annoyed with Windows that I'm going to set up a Linux disk for gaming to see how that goes. I've used Wine etc. for gaming sporadically throughout the years. Recently that landscape has improved quite a bit thanks to Valve.
While it's been improved a whole lot, it's not all sunshine and rainbow as some game companies decided to drop support after they decided kernel anti-cheat is the way (notably GTA onlin & Apex legend).
That being said, I personally use proton compatibility to gauge whether a game is worth my time so I'm not too bothered by this. And I'm constantly surprised by how much the Venn diagram of games that don't run on Linux and games that have off-putting bullshit unrelated to Linux looks like a single overlapping circle.
All major online game companies are moving towards kernel-level anticheat, as it's almost pointless to attempt anticheat otherwise.
Microsoft should block kernel mods and offer their own anti cheat hooks.
Seems like Linux can do the same? Or is it aleady done? If not, this would be a pretty great thing for Valve to contribute.
VAC already runs on Linux. So Valve have their "solution". Unfortunately, VAC is... Terrible. For both gamers and publishers.
While VAC is indeed far from competent at detecting all but the most rudimentary cheats, it is so by design. When the first third party CSGO matchmaking/league services decided to use kernel level AC, Valve publically said they would personally not do such a thing. I can't remember if any exact reasons were named at the time, but I do think it's a fair take on their end. It's not like they're locking developers into using VAC anyway.
Furthermore, more recently they have debuted VACNet, which uses machine learning, most likely to recognize certain patterns and behaviors associated with cheating. Probably still avoidable if one were to use subtle settings and knows how to act properly. But it shows they haven't given up and are trying to explore alternative methods at least. I'm admittedly not familiar with how successful it has been as I have not been playing or even following the game for a long time.
VACNet banned high-DPI mouse users. So its going "great".
> VAC is... Terrible. For both gamers and publishers.
as a non-online gamer, what's so terrible about VAC? I had heard it worked pretty well (at least for counterstrike).
"VAC bans are permanent, non-negotiable, and cannot be removed by Steam Support. If a VAC ban is determined to have been issued incorrectly it will automatically be removed." [0]
False bans cannot be appealed. They do happen. [1] You have no power to deal with them when they happen, and they really, really do happen. [2] You don't just get a game or server ban, you lose pretty much everything, and it becomes a public permanent record. Unless you're part of a headline, you have zero chance of reversal.
[0] https://help.steampowered.com/en/faqs/view/647C-5CC1-7EA9-3C...
[1] https://www.eurogamer.net/counter-strike-2-players-banned-fo...
[2] https://linustechtips.com/topic/1535786-valve-urges-amd-user...
Most anti-cheats will immediately kick/ban someone from a game if it detects certain applications or hooks. Good for removing cheaters, but that gives cheat devs immediate feedback that something in their cheat has triggered it – they'll modify the cheat, try again, then see if it's detected or not.
VAC is designed around obscurity. When it detects a cheat it flags the account, and then an indeterminate amount of time later it/Valve bans all the flagged accounts. It makes it much harder for cheat devs to figure out what exactly flagged VAC, but the lack of an immediate ban means that normal players are still putting up with cheaters day in day out.
Another caveat is that VAC only bans you from the game engine. So you could get VAC banned from Counter-Strike and Counter-Strike: Source, yet still be free to hack on Counter-Strike 2.
Also considering how many of Valve's titles are free, there's no wonder why hacks are so prolific in their games.
So what’s needed is an entirely new anti-cheat regime?
I recommend Bazzite, a Fedora SilverBlue image customised for gaming on Linux. I've been gaming on it exclusively for over a year and between it, Steam, and Proton, I'm yet to encounter a game in my steam library that doesn't run.
https://bazzite.gg/
Yep. 11 was my breaking point.
I don't really care how easy or difficult Linux is, I'm done with Windows.
(On the upside: holy cow some computers work way better with Linux. A crappy $100 Chromebook I had lying around gets over 30 hours of battery life with my normal use now, it's insane. It has become my go-to "just chuck it in a bag for whatever" machine because I can forget to charge it for weeks and it's fine)
What model chromebook, and what distro do you run on it? Sounds lovely!
An "IdeaPad 3 CB 11IGLO5" apparently, likely from mid 2020. And it's just vanilla Mint + XFCE, I haven't done anything to optimize it. It ain't fast, but it is definitely fast enough for normal web / writing / etc, and 4GB of ram goes a lot further than I expected (with Firefox and a few dozen tabs, I'm at around 2GB used, and I almost never touch even 3GB).
My only real complaint is the pretty crappy screen, it's one of those cheap LCDs that drastically changes color/contrast/etc as you move away from the tiny perfect viewing angle... but that screen is probably a moderate amount of the reason why the battery lasts so long.
When fully charged and on low brightness, Mint claims I have ~77h of battery life. It's definitely over-estimating, but 30 is totally reachable while I'm doing my normal stuff (likely not on high brightness tho). And when closed I lose like 2%/week, noticeably better than any other laptop I've ever had.
Just do it, man. There will be some pains in the first year or two, but it's so, so much better on the other side.
It's really easy to just try different distros and desktop environments out. For me, KDE Plasma has been an excellent vaguely Windows shaped Windows replacement.
With MacOS dropping subpixel support for text and with the cleartype patents expiring, Linux font rendering just keeps getting better while the others stay the same or get worse. I can't really conceive any reason to stay on Windows now unless you're a hardcore gamer.
...or use industry-specific software like AutoCAD for example...
Sure, though that list of Windows-exclusive software keeps getting shorter. You have my condolences though.
Everything about Microsoft these days feels like they're working to point their software AT me ... not help me in any way, or even think of the end user at all.
I feel like that's the entire tech and b2c space lately. It's a restriction of options and forced compliance into things that take away value and give the company money.
Are you living and breathing Copilot yet?
Fedora desktop is actually a really nice experience in 2025. I switched in maybe 2022, after getting annoyed by the surge in nagging. The last time I tried desktop Linux was maybe 2008. Things have come quite a long way since then.
Ive been distro hopping and landedon Fedora KDE plasma edition. It is amazing, so much configurability yet its super slick and clean. It is a real joy to use. Kudos to the dev community.
Recently rebuilt my PC and installed Fedora 42 KDE, it's been great so far, except that I've been running into a reboot/shutdown bug that freezes the system.
I'm using Linux (Ubuntu LTS is a no brainer) on my desktop for years. It enables me to just do the things I want or need to do with my computer. Windows is much more in our way than it's helping us just using our devices.
Linux works. At home I made the switch in 2003, after a couple of years triple booting Win98, OS/2 and Linux. I feel lucky to have never used XP/Vista/7/8/10/11.
I thought OneDrive asked for your credentials separately. Did you previously sign in to it, but remove it from startup?
If you ever sign into a Microsoft account - i.e. when setting up your PC since it's nearly mandatory - Windows turns on OneDrive automatically even if you explicitly opt out of it during the setup wizard because apparently user consent doesn't mean anything. Happened to me a couple times.
I've never had it hijack the desktop/documents/pictures folder when I've explicitly disabled it, so perhaps that's a viable workaround. Ie enable OneDrive, but have it use it's own separate folders and just ignore those.
That said, really dark pattern to enable stuff users have explicitly said no to. Microsoft really is a two-headed monster these days. Parts of Windows is really good, but then there's shit like this that just ruins it.
Chrome on linux does the same sadly... prompts to be the default browser, never remembers the "no" option, and if you misclick the small 'x', it sets itself as the default again.
People have actually written apparmour configs to prevent that: https://sergei.nz/stop-google-chrome-from-hijacking-mimes/
Android will also use chrome over the default Firefox on a lot of random apps.
Frequently this is due to those apps launching Chrome instead of "something to handle this URL".
But yes, it's pervasive, and I would love a way to intercept it. I don't care what they want, it's my phone.
>But yes, it's pervasive, and I would love a way to intercept it. I don't care what they want, it's my phone.
pm uninstall -k --user 0 com.android.chrome
OneDrive is pure evil. They force it on now and dupe their unwitting users into paying hundreds of eurodollars for cloud storage.
if signal tried to do something this bad themeselves, we wouldnt really be able to for it or switch to another client. Just another bad actor bitching about worse actors, huh?
My company now blocks signal.org, it must be a nefarious tool meant for ill intent.
Forced to DRM for security... And people will still argue that Windows (and I will generalize to "Microsoft products") is not evil?!
Come on guys, come on...
What would be the alternative?
Build your whole machine at home?
Linux is the most obvious
On the hardware you build yourself? I don't think so.
The OS and the hardware become irrelevant when you run your apps behind DRM.
At least one thing we can thank the copyright trolls for.
I bought an AMD mini-PC. It came with windows 11, but I just yanked that NVMe drive out, and installed Linux on it. Linux support for such devices is excellent because they're basically down to just one SoC package that's been tested by AMD. This one also has an Intel Wifi/Bluetooth chip, which is exactly as flaky as any other Intel product would be with any other OS.
Anyway, there are options to disable TPM in the BIOS if you care, but I don't think any of the DRM stuff works by default.
I’m very confused. You know what DRM is right? I’m not trying to insult you, but I feel like we’re working with different definitions or something.
Is it a joke?
There are multiple alternatives, for Microsoft Windows or other Microsoft products like Office or Azure.
So, trusting someone else is a solution?
The tradeoff here is "do you want to trust this repeat abuser again, or trust someone else who has not been [as] abusive?", not "do you want to trust this repeat abuser again, or nobody ever again?"
You're presenting an extreme example of a false dichotomy.
I don't see MS as the problem, but the structure of how we, as a society, create and use IT.
Signal uses DRM to protect its users from the OS. This is nice, because now they don't have to run to some other companies that could do the same thing.
Trusting something you can verify is a solution.
Which DRM solutions like TEE and FHE are, so I don't see the issue.
The "DRM" used here by Signal is just a Win32 function that keeps a window out of screen capture, not an anti-tamper software nor a protected media path.
Fair.
But it seems to me that's a step in the right direction, even if it doesn't go far enough.
In such a case as this, yes. Not every systems product is designed to exfiltrate your data.
Yes?
Isn't that how trust works? You stop trusting those that don't deserve it. Unless you're a complete isolationist and/or sociopath living off the land in the woods, you need some level of trust in others.
Weird way of attacking Microsoft, when this is a feature users will soon want everywhere.
The latest Android update already introduced screen sharing with Gemini. Their web app has that too.
It wont be long until people complaining here about DRM/Microsoft will have an always on AI watching their screen by their own choice.
I'm normally not one to attack the messenger and just attack the message, but lay off the crack.
99% of users don't want anything even remotely like this. The thought of a single database (even encrypted) that could contain random login/password information, personal information, etc. and easily exfiltrated by whatever new zero-day of the week is NOT pleasant in the slightest.
> this is a feature users will soon want everywhere
Some users - the less privacy-conscious. Many others (who probably frequent this site) actively do (and will) not.
If I could run the model locally I would do that, but sending screenshots of everything I do + metadata to microsoft is way too much for me because, to start, I don’t want them selling my data to advertisers.
Recall only runs locally - it doesn't send any data off-device, and doesn't work if you don't have an "AI+" chip.
It’s still not fully user-controllable, which is a critical distinction. It remains local-only until Microsoft decides otherwise, and MS can always put in hooks that makes it easy for them to exfiltrate specific data that was technically harvested locally on a per-user or per-demographic basis. The level of trust required is truly extraordinary.
> MS can always put in hooks that makes it easy for them to exfiltrate specific data
MS can issue an update any day to just copy all drives you currently have attached to Azure, if we're going to put on our tin foil hats.
Er, isn't that how onedrive works? It's not a "tin foil hat" move to point out that that's exactly what does happen to users who aren't paying attention and opting out, and it's equally valid to extrapolate that they might continue similar behaviors with new features.
No, OneDrive doesn't upload all data from all attached drives.
You're right, it only started uploading people's most important data without clear and deliberate setup, not all their data.
That's more than enough to make these worries not tinfoil hat.
It's also opt-in.
> and MS can always put in hooks that makes it easy for them to exfiltrate specific data that was technically harvested
Just like they always can put hooks into Windows to do the same thing. And Google can put hooks into Android. And Apple into macOS.
With AI that processes periodically-captured screenshots, the threat is an order of magnitude greater. It’s always been possible for companies to indiscriminately copy data, but cost and risk of detection have made doing so an expensive and risky proposition. AI flips that on its head and makes it possible to target individuals and groups with incredible precision and reduces the volume of data that needs to be transmitted to almost nothing.
It is fully user controllable and allways was.
Not in the fullest sense. It can be turned off (for now), but its behavior once enabled is subject entirely to Microsoft’s whims.
Full user control is what you’d have if e.g. you were running a FOSS Recall analogue powered by the local LLM of your choice on some flavor of Linux. That setup will only ever do what the user intends it to and barring supply chain exploits, cannot go rogue.
The behavior of Windows is subject to Microsoft's whims. Microsoft could just as easily have pushed an update to Windows XP that exfiltrated sensitive screenshots too. The existence of a user-facing feature changes nothing at all here
See again: Raymond Chen's "other side of an airtight hatchway" analogy. Microsoft already have ring 0 access to your machine
> That setup will only ever do what the user intends it to
There are tons of times I've had stuff running on a Linux box do things I didn't intend it to do. Often even with software I wrote!
I guess you're one of those people who only ever writes perfect code that exactly does what you intend the first time.
Alright, let’s rephrase it to be a bit more pedantry-proof: A Linux-based FOSS analogue of Recall built on a self-hosted LLM of the user’s choice will never actively undermine the user’s privacy or sell them out as long as they’ve vetted all software involved.
There’s always the possibility of vulnerabilities and exploits but that’s not the point.
Oh, is it that lightweight? I’ll look forward to the open source equivalent then. I try not to rope myself into services that may change for the worse later, but I’ve got nothing against the idea.
it doesn't send any data off-device... YET.
"Free cloud storage for your recalls, we will only scan it for bad thoughts not for good thoughts, we promise!"
>To help mitigate this issue, we made the setting easy to disable (Signal Settings → Privacy → Screen security), but it’s difficult to accidentally disable
It's easy to disable, but it's difficult to disable?
There is a difference between "disable" and "accidentally disable".
Yes but as I understand it, "easy to disable" and "difficult to accidentally disable" are opposites.
EDIT: Apparently people have different definitions of easy. Fair enough
They aren't opposites though. Its entirely possible to have something "easy to disable" and "difficult to accidentally disable".
Easy to disable, in that there are some easy to understand and find steps to disable it. Difficult to accidentally disable, meaning its not something that would be disabled as a side effect of some other change, isn't just a single click, isn't poorly labeled or described, etc.
In this case, it is first presented as a check box in the Privacy Settings area. It is titled "Screen security" and says "Prevent screenshots of Signal on this computer for added privacy.". Well documented. Click the check box, and it presents a modal window. The window then says, "Disable screen security? If disabled, this may allow Microsoft Windows to capture screenshots of Signal and use them for features that may not be private." You then have a Cancel or Disable buttons.
Its two steps to change it after navigating to that part of the menu. The positions to click are different between the two steps. It confirms if you're really wanting to disable it, and tells you things may be able to take screenshots of the app.
This reminds me of platforms which require you to type the name of a resource to delete something potentially important. It's easy to do, but one wouldn't accidentally click a button, type the full name of the resource, then click the confirm button.
My electric lawn mower is both easy to start the blade and difficult to accidentally start. You have to hold a button and then pull the start lever. Its two actions that you reasonably have to do with two hands in a particular order. Both actions are easy to do, doing both of them are easy (assuming you have two somewhat functional hands). Once going you just need to continue to hold the lever and just release that to stop the blade.
To me, if something is "difficult to disable" in any way, accidentally or not, then by definition it can't be "easy to disable". You might disagree but that's ok.
You're misreading things.
It's not "difficult to disable" && "easy to disable"
Its "difficult to accidentally disable".
Accidentally. Its another word in the sentence that radically changes the meaning of the phrase.
Read the whole sentence. Each word has meaning, you can't just ignore some of them.
I did read the whole sentence. I still believe that "difficult to accidentally disable" is the opposite of "easy to disable".
Well then, I guess you're just intentionally misquoting it to drive confusion or something. "Difficult to do something" and "difficult to accidentally do something" are two radically different concepts. Typing in a password is easy, accidentally pressing random keys and having it be the password is hard. Pressing delete and then typing "delete me" and then clicking OK is pretty easy, accidentally clicking random spots on your screen and jamming random key presses and having it accidentally get deleted is hard. You may still have deleted something you later decide you shouldn't have, but you absolutely intentionally issued the delete.
Putting a cover over a button that can still be flipped open is a real-world example of making something difficult to accidentally do while still making it easy to actually do it. You pretty much have to want to press the button, you're not just going to set something down and accidentally trigger the button. Do you really disagree about that? How is it not making it more difficult to do on accident?
Or like my lawn mower example. How would I accidentally start the mower? You can see it would be difficult for me to accidentally start the mower, right? My hand wouldn't just brush against it and have it start going, correct? And it has a few other interlocks, such as the handle needs to be fully extended and locked at the right angle; you can't start it when its folded up. And yet this two-stage motion is still really easy to do for most people with two hands, right? And it's clearly documented on the mower how to do it with obvious glyphs that show it will start the blade.
And with the button cover, I wouldn't just end up leaning against the console and accidentally pressing the button, correct? But one can trivially just flip the cover and press the button still, right? But we made it more difficult to accidentally press it?
Meanwhile, they could have made it significantly easier to accidentally start the lawn mower. They could have made it without those interlocks. They could have just made the handle capacitive and any light brush with a hand would have started it. The button with a cover could have been made bigger and more sensitive and placed exactly next to where people naturally rest their hands or on the corner right at knee level ready to be bumped with no cover and unlabeled. So in these cases, its significantly harder to accidentally do the action than what it could have been, meanwhile still being generally pretty easy to do if you're intending to do it.
There are plenty of examples of things that are easy to do and at same time difficult to accidentally do. One that came to mind is the "slide to unlock" interface from the first iPhone.
I strongly disagree as I have accidentally slide-unlocked many a phone in my day. Maybe we just have different definitions of easy.
Then inputting a pin or most patterns instead! Easy to do, but extremely unlikely to happen accidentally.
You're the one that is looking for an example, you should be able to make that iteration yourself.
Child-proof caps are easy to take off but difficult to accidentally take off.
I don't consider those easy to take off but ok
not at all. "easy to disable" means you can easily find the place where and how to do it. "difficult to accidentally disable" means you can't disable it without intentionally going to the place and making that choice. of course there are cases where easy to change something also means easy to accidentally change it, and those are annoying. but they don't have to be like that.
Dumbest announcement. Signal lost it's track...
[dead]
Yes sure. There isn't much a userland app can actually do if your OS wants to spy on you. I wonder why they spend their time on this?
Meanwhile, Signal still requires a phone number to register and use. It's terrible: phone numbers are easy to lose, and not everyone has a phone number.
I like the ideas behind the Session[0] messenger: create an account with no authentication (no phone number, no email, no nothing), get a list-of-words-to-note-down, which allows you to access your account from any device. You get a UUID or something as your user id. Share that with a QR code or send a link over an existing channel to connect to someone.
To me this seems way ahead of Signal. I'm not affiliated with Session and haven't actually persuaded anyone to start using it just yet, so I don't really know how it is in practice. But the UX of creating an account made me weep tears of joy and hope <3
[0]: https://getsession.org/
Except for the fact that the security of Session is drastically worse than Signal.
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ https://soatok.blog/2025/01/20/session-round-2/
Ah that's too bad then!
At least you should admit it's conceptually much nicer than Signal, even if they got the details wrong and/or intentionally backdoored.
I'll continue using Facebook messenger then, until someone figures out secure messaging without requiring me to hand over my phone number and/or email...
>It's terrible: phone numbers are easy to lose
At least in the US they're nearly impossible to lose because of phone number portability.
>and not everyone has a phone number
Most people do, not least because plenty of other services (eg. banks) require a phone number.
> At least in the US
I'm not in the US. My current phone number is from a different country than the one I'm currently residing in. Endless headaches. Could I get a local phone number? Sure, but different kinds of headaches: updating all those asshole services who required me to give them a phone number.
> phone number portability
Portability? That makes me think "possible to hijack", ie "easy to lose".
Are you immune to SIM swap? If so, how have you achieved that?
> At least in the US they're nearly impossible to lose because of phone number portability.
If you miss a few payments, you'll be at risk of losing your phone number.
Is this a socioeconomic status thing? Cellphone plans are dirt cheap, on the order of $20-30 for a modest plan. I guess it's theoretically easier to lose than a free email plan, but I don't see either actually occurring.
This requires planning ahead for a disconnection though. Porting out your number requires the source number still be active.
It's just so weird to require a paid service to access a free service. Why not just a free service like email that can be accessed via free wifi.
> To me this seems way ahead of Signal. I'm not affiliated with Session and haven't actually persuaded anyone to start using it just yet, so I don't really know how it is in practice.
Begone, fed.