this post was submitted on 26 Dec 2025
303 points (95.0% liked)

Technology

78029 readers
4046 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
303
What the Linux desktop really needs to challenge Windows (www.theregister.com)
submitted 2 days ago by throws_lemy@reddthat.com to c/technology@lemmy.world
173 comments fedilink hide all child comments
 

As Torvalds pointed out in 2019, is that while some major hardware vendors do sell Linux PCs – Dell, for example, with Ubuntu – none of them make it easy. There are also great specialist Linux PC vendors, such as System76, Germany's TUXEDO Computers, and the UK-based Star Labs, but they tend to market to people who are already into Linux, not disgruntled Windows users. No, one big reason why Linux hasn't taken off is that there are no major PC OEMs strongly backing it. To Torvalds, Chromebooks "are the path toward the desktop."

you are viewing a single comment's thread
view the rest of the comments
[–] enumerator4829@sh.itjust.works 2 points 1 day ago

Look, I’m not saying BitLocker isn’t flawed. I’n m saying the alternatives on Linux are shit. All the primitives are there, and you can do it on Linux, with lots of work, testing and QC of all software updates on all your hardware (or else you’ll do manual entry of disaster recovery keys for the next decade). But on Windows it’s a checkbox to encrypt the entire fleet, along with management of recovery keys.

Also, on audits: for people doing checkbox security (i.e. most regulated industries), this is very easy to audit. You just smack in ”Bitlocker” and you are done. For some, the threat isn’t really information loss, it’s loss of compliance (and therefore revenue). Stupid, but here we are. If you mean actual security, then you are probably correct.

A smart cart only authenticates and identifies the user - it can’t do attestation of the boot chain. If we use a smart card for disk encryption, a malicious or compromised user can just pop out the SSD, mount and decrypt (using the smart card) on a separate machine and extract/modify data without a trace. If you use SB, the TPM and disk encryption as intended, you can trust both the user (via smart card) and the machine (probably via a Kerberos machine key). Basically, this method prevents the user from accessing or modifying data on their own machine.

Again, on Windows this is basic shit any Windows sysadmin can roll out easily following a youtube tutorial or something. Providing those same security controls on Linux will yield a world of pain.

We really need to make this easy on Linux. systemd-boot and UKIs are trying, but are not even close to enough.