> make sure not to sign into your Microsoft account or link it to Windows again
That's not so easy. Microsoft tries really hard to get you to use a Microsoft account. For example, logging into MS Teams will automatically link your local account with the Microsoft account, thus starting the automatic upload of all kinds of stuff unrelated to MS Teams.
In the past I also had Edge importing Firefox data (including stored passwords) without me agreeing to do so, and then uploading those into the Cloud.
Nowadays you just need to assume that all data on Windows computers is available to Microsoft; even if you temporarily find a way to keep your data out of their hands, an update will certainly change that.
Yes, they push the MS account stuff very hard. I've found Windows so actively hostile to the user that I basically only use Linux now.
I used to be a windows user, it has really devolved to the point where it's easier for me to use Linux (though I'm technical). I really feel for the people who aren't technical and are forced to endure the crap that windows pushes on users now.
That’s the real problem MS has. It’s becoming a meme how bad the relationship between the user and windows is. It’s going to cause generational damage to their company just so they can put ads in the start menu.
I switched from Windows to Mac 15 years ago. It was a revelation when the terrible habits of verbally abusing my computer and anxiety saving files every 22 seconds just evaporated.
Those old habits have been creeping back lately through all the various *OS 26 updates. I too now have Linux on Framework. Not perfect, but so much better for my wellbeing.
I bought and returned an AMD Framework. I knew what I was getting into, but the build quality + firmware quality were lacking, sleep was bad and I'm not new to fixing Linux sleep issues. Take a look at the Linux related support threads on their forum.
I've been using AMD EliteBooks, the firmware has Linux happy paths, the hardware is supported by the kernel and Modern Standby actually works well. Getting one with a QHD to UHD screen is mandatory, though, and I wouldn't buy a brand new model without confirming it has working hardware on linux-hardware.org.
If you look online, HP has a YouTube channel with instructional videos for replacing and repairing every part of their laptops. They are made to make memory, storage and WiFi/5G card replacements easy, parts are cheap and the after market for them is healthy.
I've also had good luck with their support, they literally overnight'd a new laptop with a return box for the broken one in a day.
We have Elitebooks at work and can confirm that the 8x0 series, at least until G8, has superb Linux support out of the box (and I run Arch, by the way). IME it's actually better than Windows, since both my AMD and Intel models have had things not working on Windows (the AMD still often hangs during sleep).
> Getting one with a QHD to UHD screen is mandatory
But I have to ask: are those screens actually any good? Ours have FHD panels, and I have not seen a single one with a decent screen.
There are roughly two categories: either the el-cheapo screens, with washed-out colors (6 bpp panels on a 1500 EUR laptop!) and dimmer than the moonlight through closed shades, but they have usable angles; or the "sure view" version with very bright backlight, usable outside (not in direct sunlight, of course) with, on paper, ok colors (specs say 100% sRGB) but laughably bad viewing angles (with the sureview off, of course) and, in practice, questionable color fidelity.
These are also fairly expensive, around 1500 EUR, and the components are of questionable quality. The SSDs in particular are dog-slow (but they're very easy to replace).
I have two 5-year-old 840 G8s (one Intel, one AMD), and they have both held up fine, but I usually don't abuse my laptops (my 2013 MBP still looks brand new aside from some scratches). However, looking around at my colleagues' laptops, they tend to fall apart, and I can count on one hand the ones still in good shape. The usual suspects seem to be the barrel power connector and the keyboard. Newer models only have USB-C AFAIK (mine have both, but came with a USB-C power adapter in the box). But they tend to look pretty bad in general, with very misaligned panels and fragile USB ports.
> But I have to ask: are those screens actually any good? Ours have FHD panels, and I have not seen a single one with a decent screen.
Yeah, I brought up the screens because the FHD screens are not good and there's a chance you might end up with a SureView screen. The QHD screens suit my needs, they support HDR and higher refresh rates. I'm not a designer or someone who can speak to color quality/contrast/etc, though.
I eventually had an issue with the keyboard on a G8 model, a key popped off 3 years into using it, but I've also had that same issue with the keyboard of every laptop I've owned including every MacBook from 2006-2018, so the problem is likely me.
> These are also fairly expensive, around 1500 EUR, and the components are of questionable quality. The SSDs in particular are dog-slow (but they're very easy to replace).
I buy them on the consumer side when there's a >60% off sale, I would not pay the sticker price for them, and get them with the intention of replacing the innards so I spec them out with the least I can.
If you don't care about new, if you buy Ebay open box/refurbished Elitebooks, you can find recent ones for a few hundred bucks with HP support for a year or more. The overnight laptop replacement I got was for a refurbed Elitebook I bought on Ebay and HP replaced it without question.
> Yeah, I brought up the screens because the FHD screens are not good and there's a chance you might end up with a SureView screen.
I actually prefer the SureView to the regular one for code / office work because it's much brighter and usable outside in the summer if there's shade. The other one needs to be at least at 80% brightness inside to be usable. Then again, it's OK in the dark, so YMMV.
> I'm not a designer or someone who can speak to color quality/contrast/etc, though.
Right, but those panels are quite bad, so I think it's good you've advised people to steer clear of them. Then again, some people don't care, so they could save a buck or two. Lower resolution is also easier to deal with for people still running X11 and multiple screens.
> I buy them on the consumer side when there's a >60% off sale [...] you can find recent ones for a few hundred bucks with HP support for a year or more.
Huh, I dind't know they got so low even relatively new. I was looking for some sff desktops on ebay the other day, and previous-gen ones weren't much cheaper than brand new current gens (I was looking in the EU).
I think for people who don't care about "great" screens but do care about Linux support these are a really great deal, especially if you don't expect to abuse them.
I'm generally very happy with my 845 G8, I only ever hear its fan when compiling. The only thing it's missing is thunderbolt, but AFAIK this wasn't available on AMD CPUs at all at the time.
Lenovo T and X series are excellent and cheap as dirt used. There is also System 76. Or you could get a MacBook and boot Linux on that. Some older ones work well, I hear.
> Or you could get a MacBook and boot Linux on that. Some older ones work well, I hear.
Is linux support on the M1/M2 models as good as linux support on x86 laptops? My understanding was that there's still a fair bit of hardware that isn't fully supported. Like, external displays and Bluetooth.
I use an old Lenovo AIO PC to dual boot Linux Mint and Windows 10. It works well from a hardware and firmware perspective, but I've deliberately avoided Windows 11 as it is crapware.
I have done triple booting of MacOS, Linux and Windows on an old Mac Mini, and it was a nightmare to get them working, but worked well once set up.
I think well known brands and models of PCs are better for such alternative setups, rather than obscure PCs.
They don't. I don't know what they're talking about, but I've had fewer problems with linux on my framework than weird stuff on my OSX work machine. And I'm running Alpine on my framework, so if anything should be wonky it's this one.
I've used Dell Inspiron laptops in the past, never had a problem. WiFi, multimonitor output, bluetooth, etc all work out of the box with Debian or Ubuntu.
I've had very few issues with Lenovo and Toshiba. They're generally somewhat repairable. EliteBook and Z Book from HP seems fine for Linux too, but I've never had to fiddle with hardware except that I once removed a battery from an EliteBook.
It’s funny because I started with Windows 3.1 and it was actively user hostile then. From 3.1 to XP it was awful. Then it got slightly better with 7, and went downhill from there.
Realistically, a major Linux distro is the most user-beneficial thing you can do and today it is easier than ever. If my 12 year old can figure out how to use it productively, so can anyone. Switch today and enjoy.
Maoboro cigarettes uaed to be for women, including red tipped filters to hide lipstick marks. Sales waned, so they actually rebranded the cigarette for men, and even succeeded in making it a definition of manliness.
Advertising stories like that, make sure M$ execs could care less about damage to their image.
You just have to look at who buys Windows to understand this. It's OEM's and enterprises. Almost nobody buys an individual license. That's why they don't care. As an individual you get what your employer or hardware supplier says, like it or lump it.
Linux is so much better than it used to be. You really don't need to be technical.
I have been recommending Kubuntu to Windows people. I find it's an easier bet than Linux Mint. You get the stability of Ubuntu, plus the guarantee of a Windows-like environment.
Yes, I know, Linux Mint supports Plasma, but I honestly think the "choose your desktop" part of the setup process is more confusing to a newbie than just recommending a distro with the most Windows-like UI and a straightforward installation.
Generally I recommend people use PopOS. It's well suited for laptops, as that's what System76 is focused on a they're shipping laptops with Nvidia GPUs. I personally prefer Arch based distorts like endeavor but even with wide community support it's just more likely a noob will face an error. Fwiw I've only faced one meaningful error in the last 3 years in endeavor but I've also been daily driving Linux for 15 years now
I’ve been using PopOS for the last five years and while I generally agree… the latest release using Cosmic by default has a lot to be desired. Cosmic will eventually be good but right now it’s far from it and I had to install Gnome as a stop gap just to have a functional desktop environment. I’ll probably ditch PopOS for Arch + KDE but I haven’t had the time to do so yet for my workstation.
Truly, and to really drive it home, I’ve loved PopOS but this latest release is just too half baked. I think anyone considering it should either wait a year or use something else, and Kubuntu seems like a reasonable alternative for people coming from Windows or MacOS.
I'd give kde a shot. It's been my preferred DE for years. But check out the below wiki and poke around for what your style is. The beauty of linux is adapting to you and switching DEs is a quick change (you do not need to change your DM to change your DE).
If you're interested on Arch then give something like EndeavourOS a shot. Cachy is getting popular these days too but I haven't used it. But I feel its going to be as easy as using Endeavour or Manjaro and those are very convenient distros for Arch with direct Nvidia GPU support. Though if you want you learn Linux I suggest going Vanilla Arch. You'll learn a lot from the install process (it isn't uncommon to mess up. You won't brick anything and learning about the chroot environment will help you in the future of you do mess things up)
Eh, not for laptops - I say as someone who switched to Linux from windows in past year.
I have spent a decent few days to get long battery life on Linux (fedora), with sleep hibernate + encryption. And I am still thinking that the Linux scheduler is not correctly using Intel's pcore/ecore on 13th gen correctly.
If you have an Nvidia GPU you're generally going to need to edit the systemd services and change some kernel settings. This is a real pain point to be honest and it should be easier than it is (usually not too bad tbh)
If you want I can try to help you debug it. I don't have a fedora system but I can spin up a VM or nspawn to try to match your environment if you want
I just got a lunar lake laptop and in CachyOS you can just enable either scx_lavd or scx_bpfland from the kernel settings. I use them both: bpfland guarantees that the active application runs smoothly even if you compile code in the background, and lavd focuses on energy saving a bit more. They both understand how to use the P and E cores: especially the lavd scheduler puts the active app to a P core and all the background apps to the E cores.
Do we have confirmation that it’s a must to upload the key if you use an MS account with Windows? Is it proven that it's not possible to configure Windows to have an MS account linked, maybe even to use OneDrive, while not uploading the BitLocker key?
Btw - my definition of “possible” would include anything possible in the UI - but if you have to edit the registry or do shenanigans in the filesystem to disable the upload from happening, I would admit that it’s basically mandatory.
I just checked on my personal desktop, which has Windows 11 installed using a local user account and is signed into my MS account for OneDrive and my account is listed as having no recovery codes in the cloud. I don’t recall editing anything in the registry to accomplish this it was the default behavior for having a local user account. I copied my recovery codes when I built the machine and pasted them into an E2EE iPhone note which should allow me to recover my machine if disaster strikes (also everything is backed up to Backblaze using their client side encryption).
>Nowadays you just need to assume that all data on Windows computers is available to Microsoft; even if you temporarily find a way to keep your data out of their hands, an update will certainly change that.
I get why the US would not, but I really wish the rest of the world looked at this like the security and sovereignty issue that it is.
Or: Put all of Windows inside of a VM, within a host that uses disk encryption -- and let it run amok inside of its sandbox.
I did this myself for about 8 years, from 2016-2024. During that time my desktop system at home was running Linux with ZFS and libvirt, with Windows in a VM. That Windows VM was my usual day-to-day interface for the entire system. It was rocky at first, but things did get substantially better as time moved on. I'll do it again if I have a compelling reason to.
With a VM running on an encrypted file system, whatever a warrant for a bitlocker key might normally provide will be hidden behind an additional layer that Microsoft does not hold the keys to.
(Determining whether that is useful or not is an exercise for the person who believes that they have something to hide.)
Sure, the plan you outline does sound very simple. And in an ideal world, that'd be perfectly fine.
Except we don't live in an ideal world.
See, for example, the fuckery alluded to above.
Therein: Linking a Microsoft account to a Windows login is something that appears to happen automatically under some circumstances, and then bitlocker keys are also automatically leaked to the mothership...
The machine is quite clearly designed with the intent that it behaves as a trap. Do you trust it?
If you believe Windows to be so actively malicious that it would go behind your back and enable key backups after you've explicitly disabled them, you should probably assume that it will steal your encrypted information in other ways too.
This continued usage of the word "you," as if directly and specifically targeted at me, that you're using: At first, I thought it was a mistake, but now I'm pretty sure that it is a very deliberate word choice on your part.
Therefore, based on that...
Since this is about me, then: I'd like to ask that you please stop fucking with me.
We can discuss whatever concepts that you'd like to discuss, in generalities, but I, myself, am not on the menu for discussion.
It's not just Teams. You need to be constantly vigilant not to make any change that would let them link your MS account to Windows. And they make it more and more difficult not only to install but also use Windows without a Microsoft account. I think they'll also enforce it on everybody eventually.
You need to just stop using windows and that's it.
The only windows I am using is the one my company makes me use but I don't do anything personal on it. I have my personal computer next to it in my office running on linux.
doing things like that which is completely unrelated should be considered data theft, and microsoft should be punished so severely they wish they never had the idea to begin with
In the startup world, BYOD is/was exceedingly common. All but two jobs of my career were happy to allow me to use my own Linux laptop and eschew whatever they were otherwise going to give me.
Obviously enterprises aren’t commonly BYOD shops, but SMBs and startups certainly can be.
… whether the people who would do such BYOD things are at all likely to be Windows users who care about this Bitlocker issue, is a different debate entirely.
I know BYOD was common (although getting a fully specced MacBook Pro was often one of the “perks”), but typically you did get (some) budget or reimbursement for using your own device. So in a sense the company was paying for your device which allows you to buy a dedicated machine.
I also notice that it helps in segmenting in the brain to use separate devices for private and business use.
I’ve been diving down the BYOD rabbit hole recently. At enterprise scale it’s not “hook in with your vpn, job done”, it’s got to be managed. Remote wipe on exit, prove the security settings, disk encryption, EDR.
What this means for the user is your personal device is rather invasively managed. If you want Linux, your distro choice may be heavily restricted. What you can do with that personal device might be restricted (all the EDR monitoring), and you’ll probably take a performance and reliability hit. Not better than just a second laptop for most people.
teams works fine in website form for me because it IS a website (that uses an extra ~1gb of ram running as a desktop app because its also a separate browser)
That's actually a misunderstanding that blew up to an outright lie:
The Start Menu is fully native. The "Recommended" section (and only it) is powered by a React Native backend, but the frame & controls are native XAML. (I.e. there's a JS runtime but no renderer)
That's not so easy. Microsoft tries really hard to get you to use a Microsoft account. For example, logging into MS Teams will automatically link your local account with the Microsoft account, thus starting the automatic upload of all kinds of stuff unrelated to MS Teams.
In the past I also had Edge importing Firefox data (including stored passwords) without me agreeing to do so, and then uploading those into the Cloud.
Nowadays you just need to assume that all data on Windows computers is available to Microsoft; even if you temporarily find a way to keep your data out of their hands, an update will certainly change that.