> Edit: On second thought, how long before they just start hard coding IP addresses?
I think it’ll eventually go to DoH with hard to block IPs (ex: Cloudflare IPs are tough to block because you break too much stuff).
I’ve always believed a large part of the push for TLS, DoH, eSNI, etc. is to eliminate our ability to filter network traffic. It’s sold as a freedom thing, but I’m sceptical.
If Windows will hard-code IPs, there will be tools to patch them out. And simply not using Windows is a very real possibility too, even if there are obvious inconveniences with going down that route (either OSX or Linux).
That said TLS and other network security features are fundamental building blocks, but obviously in oppressive regimes where they stand out they have also the potential to bring the most value. And in parts of the world where network censorship is not a problem, there the features might benefit greedy corporations in a quasi-oligopoly a lot more than the users. But that's not necessarily an argument against these features.
Patching Windows code will break updates and will definitely be flagged as risk. You would have to black hole the IPs on the router, as even Windows Firewall might not have the authority.
The risk thing will be patched out too, naturally, I assume, just as with game cracks. And yes, the updates will just restore everything, scream and scold the user. So there will be users that don't update ...
Well, I see compattelrunner.exe blocked in Windows Firewall (I use Malwarebytes Firewall Control in interactive mode and block/allow stuff manually), so it's likely working :D
>I can see the argument for disallowing remapping Microsoft domains in the hosts file as a security precaution [0], but this seems a bit heavy handed.
This is a crucial point here. I would be curious to see a list of Microsoft sites that you are allowed to redirect in the HOSTS file. Having a more complete list of protected/unprotected domains would give us a better indication if this is an overly aggressive attempt to protect users from legitimate threats or a malicious attempt to protect Microsoft's access to users’ data. Because blocking redirects on microsoft.com certainly seems smart, but blocking redirect of telemetry.remoteapp.windowsazure.com seems suspicious.
I'm sure there's plenty of hackers, government agencies, etc that would just love to redirect telemetry from specific targets' Windows computers to servers they control.
Not to say that it going to Microsoft is necessarily that much better, or that they may have deliberately also sabotaged people trying to redirect it to localhost, but still, it's a thing.
But could they? Verifying the host on the other end is the real deal doesn't appear to be too hard. I would be surprised if Microsoft relied solely on plain DNS for that.
Considering how Windows 10 until very recently pitched an absolute fit when the user tried to change the default browser away from Edge, I'm gonna go with the latter.
> Edit: On second thought, how long before they just start hard coding IP addresses?
What would be the benefit of it? IP addresses are as easy to block as domain names, but the number of IP adresses available to them is much smaller than the number of possible domain names.
> IP addresses are as easy to block as domain names, but the number of IP adresses available to them is much smaller than the number of possible domain names.
Is it? If they wanted to be toxic they could mix the telemetry IPs around with the windows update IPs inside a fairly significant block of IPv6 addresses. It would be hard to block the entire range because you'd hit the update servers.
Telemetry isn't even the nasty one. Look for "activity" in your DNS logs. Just try to block that... All the Windows 10 machines (home and pro) on your network will freeze up and hang for extended periods of time. Microsoft wants to know every time you spawn an application, what it was, who launched it. It doesn't matter how you block it, NXDOMAIN, REFUSE, fake IP, null route, all of those will cause machines to hang. A tcp-reset will reduce the impact a little.
[Edit] MS may have wised up and consolidated the activity endpoints / vips into another endpoint. You may have to clear cache on the PC and your router, reboot and watch DNS requests as you launch applications to see where they moved.
To stop this behavior requires registry changes unless you are on Enterprise or LTSC in which case you can use GPO. There are some free programs that will do the registry tweaks for you.
Here is a video talking about manually changing some things [1] and they link to free tools that can do the changes as well [2].
I just tried this, and wasn't able to reproduce freezing (I blocked both domains on my network's resolver). nslookup replies "Non-existent domain" for both (although the first one didn't exist before I blocked it, but blocked it anyway).
My "Diagnostic Data" is set to "Basic" in the normal Settings UI. I'm on the "2004" release of Windows 10.
Anything I have to do to experience this? What kind of applications/apps are causing the freeze?
Clear the DNS cache on your windows machines and home router first perhaps. Block it, then reboot after clearing cache.
They may have even further consolidated these endpoints into something else. I went through this exercise last year after network debugging a family members game that was hanging, only to find Akamai was down in my area for the activity endpoint. It is a never-ending arms race of whack-a-mole.
Another thing you can do is clear cache on your windows machine and router, then reboot and watch DNS requests as you launch applications. If they merged activity into a common endpoint, you should still see the requests.
Done and done. Still, haven't experienced freezing.
"activity.windows.com" was previously cached at the network resolver (before block/cache clear), but hasn't re-appeared and there's nothing obvious that replaces it during app or application launch.
The machine has been both cleared and rebooked just for good measure (as it could be cached inside the telemetry service itself).
Essentially same here; I've been Pi-Hole blocking telemetry for well over a year across three Windows 10 machines and haven't seen any freezes of the variety being described.
Blocking telemetry does not cause problems. It's only if you have not disabled the activity history and block the activity endpoint. It looks like they moved it away from activity.windows.com but I would need someone else here to clear cache on everything, launch apps and watch DNS to see where it moved.
You might have just explained some mysterious freezing I’ve been having. Usually a slow, gradual lock up and the first sign is chrome struggling with cache...
No idea then. They have been moving things around and in likelihood may have merged the activity endpoint into another endpoint. You may have to watch DNS activity as you launch applications. I've helped a handful of gamers debug this one but I do not have a windows 10 machine to test with. I'm sure engineers at MS are watching this thread and will adapt again. Or maybe someone at MS can use a throw-away account here to say what changes they have made recently.
That would imply I am not telling the truth? I have helped multiple people debug the activity logging to Akamai and each time we just disabled it in the registry and their problems went away. Is this still a problem? Maybe not. I don't work at Microsoft, so I have no way to know what they have changed. I do know that people with Pro and Home editions can not simply disable these things. We disabled it enterprise wide at work using GPO, but that is on the enterprise version.
Since both the video and Shutup10 cover lots of different settings, I'm guessing you are referring to sending "activity history"[1] to Microsoft specifically? Was disabling it via Settings[2] not sufficient? Is there another registry change that is required? Or was DNS filtering the only solution you found workable?
Disabling it in Windows on Pro and Home is not sufficient. Registry changes are the only way to completely turn off activity history. It is really disingenuous of MS to suggest you have the option to disable any of the telemetry. The wording they should use is "reduce". Turning everything off via the privacy controls in Windows will significantly reduce how chatty the box is.
DNS filtering does not work any more as far as I can see. It appears they have wised up and are consolidating endpoints so that you can't block it that way any more.
So, I've been pretty aggressive in all the Windows 10 settings, and I have a PiHole set up for my DNS. What I've noticed is that my PiHole barely lights up for Windows 10, especially compared to how loud it lit up for Windows 8, after all of those privacy violating features from Windows 10 were shoved into Windows 8.
It seems, at least from my experimentation, that Windows 10 is actually quieter when you put all the privacy stuff up - either that, or the other ones are so inactive that they don't show up in my PiHole.
Current statistics show least popular top permitted domain on my computer to be hit 258 times a day and nothing above it is Microsoft.
Top Blocked Domains from Microsoft include:
settings-win.data.microsoft.com ( > 100 )
v10.events.data.microsoft.com ( > 80 )
It's pretty darn quiet. I think Windows 8, after the telemetry updates, was was many times that.
edit: small disclosure: I did work for Microsoft around 7 years ago. I did work in the Windows org, though. These thoughts are my own and I very much hate the tracking that Microsoft does, even at the bare minimum without a toggle switch to turn it all of.
What if you don't provide NATed internet to Windows machines at all and only let specific apps to connect to it through manually specified local proxies and maybe some whitelisted routes. Because shutting down internet access doesn't seem to cause any freezes for me.
Yes if you disable the internet it won't try to talk to the activity endpoint. You could probably trick windows into thinking the internet is always down. I don't know what else this might break, but the cleaner way is to do the registry changes.
Ah, LTSC ... never has one of my hunch-based technical decisions kept paying off again and again. if only I knew the right people instead of having to get licenses in very sketchy ways.
Crazy that this information is so ... obscured. I had actually contacted Microsoft a year ago trying to do things the up-and-up way, only to get crickets in return. And still, bafflingly, what you found? That's an upgrade license.
It's as if the idea of people putting together their own PCs just never occurs to Microsoft.
The target demo of those buying licenses wouldn’t be building workstations, they are buying prebuilt whatever and upgrading the entitlements from there.
MS very explicitly doesn’t target these releases to consumers, it’s entirely possible to do it by adding the 4 x useless products to get over the 5 x volume requirement. It’s sad, but not shocking they didn’t cover the edge case of a custom builder. If you were a firm building machines, you’d again get a special setup and do provisioning and key burning into bios etc.
It is a shame. I maintain my own PCs and the computers for a handful of people who are not technically ept (a friend who is rubbish with computers, my mother, and an eighty-seven year old woman who reacts poorly to the random UX changes Microsoft likes to push out).
I cannot help but think that there are a lot of "dark matter" sysadmins plunking away like me, just maintaining machines for friends or tiny businesses, and that we're underserved as a market segment.
Just get yourself a volume license and talk to a distributor.
You do not need any crazy volume. I was able to get it in place, legitimately, for a metal fabricator that has maybe 20 computers total not including their operational technology (CNC devices) that they wanted LTSC for.
"Just", as if it were so easy. What kind of suggestion is this? None of us are trying to provide an operating system for a whole company. We need exactly one license.
It looks like CDW, at least, sells by the individual license, to judge from the search results at that link. Top one is "Windows 10 Enterprise LTSC 2019 - upgrade license - 1 license".
That link is for an Open License. The MS Open License program allows you to purchase volume licenses individually, but the initial MS Open License order must be for at least 5 licenses (of something).
CDW will happily sell you once license of LTSC and 4 of the cheapest SKU in the catalog (I don't know what that is, currently-- in the past it has been stuff like $5 DVD playback licenses) to get you over the minimum purchase qty.
I did exactly this with PC Connection and got into the Open license program. What's great is that you get 50 activations out of the box, so while it's a bit of money up front, it effectively allows you to use a bunch of systems and VMs internally without worry. No one is going to say anything about this especially if it's for personal use.
If you were supporting multiple users in a small business environment definitely make sure you buy as many Windows SKUs as you have end users to be compliant, however.
All of this becomes moot once you have >25 clients; then you can transition to using volume licensing and it's essentially unlimited. It still tracks it though and Microsoft can ask to look at it, especially if you change from Open to Select or some other volume pricing agreement, so keep that in mind.
I've had a sharp increase in the number of license compliance audits coming from Microsoft in the last couple years. A couple of my Customers have been targeted annually 3 years in a row. The most recent round of audits included probing questions that were clearly looking for SaaS sales opportunities.
MSFS? The flight sim? Will it really not work with an older Windows version? I kinda remember running newer games on XP or Vista with some simple tweaks. It's not like Win10 changed that much for the past year or so.
I'm sure the EU is perfectly free to block use of Windows if this is a GDPR violation, given that blocking use of Windows is the only way to ensure the GDPR violations are not continuing, as this is closed-source software.
I've been noticing this "meme" recently on HN: that since company X (any one of the FAANGs) is American, it is not subject to European law. If it operated in Europe, it absolutely is. Believe it or not, the EU is also a sovereign territory with its own laws.
Can you imagine arguing that American law does not apply to some company operating in the US, because said company was founded in some other country?
> Can you imagine arguing that American law does not apply to some company operating in the US, because said company was founded in some other country?
I can imagine countries ceasing to operate in the US, yes. Can you?
That still doesn’t give them immunity from GDPR. The EU considers the GDPR to apply to any entity globally. If the EU wanted to go after them, they likely wouldn’t even be able to transact any business in the EU. But Microsoft is never going to become a fugitive from EU law anyway.
And its hilarious because when I install Win 10 few days ago the voice says this: "you have to read and agree on Microsoft terms of service. You don't have to agree on these terms but then... you know - no Windows". The female voice literally said that!
>But I'm sure all that tracking is explain in the middle of 100 pages long agreement that you have to agree to install and use Windows.
The GDPR is intentionally written so that you can't just waive your rights based on a paragraph buried in the TOS. Otherwise it would be completely meaningless.
> GDPR does not apply whether a company is in E.U. or not, but if a user/consumer of a service is in the E.U.
Whether a law applies is dependent on whether the country or countries with that law can enforce it. China recently made it illegal for me to wish Hong Kong was independent. Does that mean I'm going to Chinese prison for saying I wish Hong Kong were independent?
That's not all. Starting in Windows 8, Windows silently ignores entries in the hosts file for popular domains (ex: facebook.com). The only way to stop this is to add a file exception for C:\Windows\system32\drivers\etc\hosts in Windows Defender. As far as I know, there was no documentation explaining this.
Also, I don't know what threat model they're using to make these decisions. If you can edit the hosts file with administrative privileges, you can also add registry entry that adds a file exception in Windows Defender with the same permissions...
The article's title is misleading and clickbait. Windows is not flagging telemetry. It's flagging remapping of Microsoft domains, which is a very big no-no for every vendor.
> The article's title is misleading and clickbait. Windows is not flagging telemetry. It's flagging remapping of Microsoft domains, which is a very big no-no for every vendor.
The title is:
> Windows 10: HOSTS file blocking telemetry is now flagged as a risk
That seems clear to me about what is being flagged. I don't see any implication that telemetry is being flagged, and I'm not quite sure why anyone would think it would be—although I'd love it if Windows were to start reporting that its own telemetry was a risk, I don't see that in the cards.
Want to Jailbreak your iPhone with unc0ver? You're probably going to go to unc0ver.dev and download unc0ver.ipa for sideloading. However, if you're on Windows 10, you may find that the the ipa file suddenly disappears from your PC as soon as it has finished downloading.
Surprise! Windows Defender detected the Jailbreak and helpfully removed the file to keep you safe! This is not a false positive, Windows Defender literally lists "Jailbreak" as the reason the file is dangerous. Never mind that it's a user-initiated jailbreak for an entirely different, non-Microsoft Operating System!
Repeat the same process on macOS—y'know, the OS from a company that actually has an interest in stopping this stuff. Does unc0ver.ipa get deleted by XProtect? Nope! Apple understands that these systems should only ever be used for actual viruses. To do anything else is a severe betrayal of user trust.
IMO, Windows Defender has jumped the shark, and sadly, I've now resorted to disabling it on all personal Windows machines.
I downloaded the unc0ver IPA just now. Still there. Ran a scan on my downloads folder to see if it gets picked up. Still there. Don't know what the heck is going on with your system shrug
Apologies for the double reply, but I was curious as to what was going on, so I fired up a VM. It's running Windows 10 Enterprise 1809, because that's what I happened to have lying around.
Downloading the latest version of unc0ver (v5.3.1) does indeed not receive any trouble from Windows Defender.
Then I decided to try an older version of unc0ver, specifically v3.6.3, because it was released around the time I remembered running into this. Sure enough, Windows Defender deleted it for being a "Jailbreak".
(It wasn't even quarantined, just deleted outright, leaving me with no way to restore the file!)
> The fact that it happened at all, however, seriously doesn't sit right with me.
It probably detected some of the techniques they used in the file as things used in exploits (since there's little difference in a jailbreak/security exploit from a technical perspective). The fact that it catches is in that case a good thing. That it doesn't catch it anymore might point towards them getting a report that it's a false positive of their automated binary matching, and making an exception to allow it. Apple not catching it could then indicate that either Apple already allowed it, or Apple's exploit detection is less sophisticated and wasn't able to see the problem.
I don't know if that situation is correct, but it seems just as plausible to me, and in that case, Defender is doing exactly what I would want, responded to a report exactly as I would want and expect, and has multiple mechanisms to bypass the initial problem (add folder that's not scanned, disable entirely, etc), and your experience with Apple points towards them either being a little quicker with the exception or just worse at doing what I would want.
If it was a mistake due to overall techniques, why did Windows Defender mark it as a "Jailbreak" as opposed to a trojan or some such? That was the thing that made me really upset, once I saw it.
Possibly because windows offers sandbox capabilities as well, and breaking out of that would be classified as a jailbreak.
Even if someone at Microsoft got overzealous (or a third party reported it), the software is literally designed to find and quarantine exploits (which a jailbreak is), and there are ways to bypass it even if it wasn't apparently reversed later. The item detected is an exploit, just for a different system. It's exactly the sort of false positive I would expect, and the fact that you can work around it without major issues (whether through a special download folder you create and mark as not scanned immediately or temporarily disabling it) is exactly what I would expect.
It's sort of like if you owned a furniture store, and have a security guard to watch it. One night after hours, some guys in street clothes show up in a truck and loiter for a bit before going in the back and starting to take some furniture to the truck. Sure, these guys are your cousins, and are doing stuff on your behalf, but does the guard know that? Did you tell the guard? Would you rather the security guard go stop everything immediately and call you to confirm what's going on, or just shrug and say "eh, it's probably fine"? You're paying them to stop bad stuff, you should expect them to stop bad stuff, and when they find false positives that look like the real thing, that should be reassuring that they're doing their job, not grounds for dismissal.
Skip the Windows HOSTS file and use something like Acrylic DNS[0], works great for me and supports wildcards.
I even use it together with the router to have my phone use the DNS and you can see which hosts get connected and so on as you use the phone. It ain't pretty.
Running Acrylic DNS (or any other local DNS server) wont do you any good because Windows firewall (or any software firewall for that matter?) cant/wont filter localhost (127.0.0.1), meaning you cant whitelist programs for DNS access :(. I want to not only be in control of what my DNS returns, but also who can access it in the first place. I want a popup the second something other than on my whitelist queries DNS. This works in windows as long as you kill DNSCache service.
I havent investigated yet the possibility of using virtual lan adapter with separate subnet dedicated to DNS and if that can be filtered using Windows firewall.
For DNS blocking, I've switched my home devices to NextDNS and it works great. It has DoH/DoT, bundles a lot of blocking lists and has no logs option which are all I need. And I can manually add these domain names to blocklist if they're not added in any one yet.
I have Win10 Enterprise from a corporate MSDN license. So, I just used gpedit to disable telemetry. What else should I be doing to my install to get rid of all the "leakiness"?
I set up my own Windows 2019 domain for this same reason and ended up having to go over basically every available GP over the course of a weekend. There are just too many, and a lot of them require careful reading to know what they actually do since MS options tend to be in the form of "Enable the disabling of something" lol. Even the telemetry option itself is like that, since turning it "On" and to Enterprise-only level 0 leaks less data than turning it "Off" https://i.imgur.com/0Iplagu.png
These blocks may also prevent Microsoft from getting updates, including new virus scanning profiles. I'd say that blocking access to them could be a risk.
And use what instead? I generally use linux on my desktop but have to reboot fairly often to do something windows-related. Libreoffice botches document formatting every time I use it on something above "hello, world." Lots of stuff still only works on windows, though wine compatibility is getting better.
I've used linux on my desktop for 20 years, I don't understand this "have to reboot to do something windows related", I guess I just use computers for very different things to you.
Fair point but some things you mentioned really do have non-Windows alternatives ("game programming" and "embedded development" aren't limited to Windows-only stacks. I don't know about CAD so I'll give you the benefit of the doubt.)
My point is, people who say their work is only doable on Windows tend to just be scared to move away from the specific tools they know.
>("game programming" and "embedded development" aren't limited to Windows-only stacks
If you're not developing a mobile or console game, windows is 95%+ of your market. At some point your going to need to do some development/QA on windows regardless of what hoops you're willing to jump through to develop on Linux.
>"embedded development"
There is a plenty of proprietary windows only software for which there is no viable alternative on Linux. And there are a lot of embedded systems out there in the world running on Windows. Sure if you are a one man shop, you can choose your own stack, and Linux support is one of your top priorities, then you don't need Windows. But many people in the embedded world are on Windows whether they like it or not.
>My point is, people who say their work is only doable on Windows tend to just be scared to move away from the specific tools they know.
And people who say "just use X on Linux instead of Y on Windows or Z on OS X" tend to overestimate the Linux alternative because they don't use it professionally. There are many professional software tools that do not have viable alternatives on Linux, and many more for which the Windows alternative is just much better than their what's available on Linux.
I often have to deal with CAD files from various vendors (people insist in sending them in proprietary formats instead of proper interchange formats, for example "DWG" instead of DXF)
And also I use Win, Linux and OSX.
Windows is basically mandatory for CAD, not only a lot of CAD is not available at all outside windows, often they fail to run on Wine and whatnot, I suspect sometimes this is on purpose.
And a unrelated big offender is Roblox, they consider Linux a "hacking tool" and ban you if it detects you are somehow running it on Linux, no matter what method you used.
That is sometimes true, However, in many cases I find the Linux-based software is better, actually, and in many other cases, they are just as good. In some cases, it is the DOS-based software which is better. Also, some programmers who write for Windows will also ensure and advertise working on Linux too, so you can still use it even if you are on Linux, if you install Wine. (In some cases, no existing software seems suitable to me, so I write my own.) Sometimes the software is available for multiple operating systems, such as SQLite, which at least I find it better than what I have used before on Windows. I find TeX for typesetting much better than using Microsoft Word, too. And, there are more things too.
Sometimes I'm forced to use OS X as well - not just forced to use Windows - because that's the only thing the iOS toolchains work on and debug with properly. And if I'm targeting mobile, I'm targeting iOS, not just Android - because I'm getting paid too much to ignore that much of the target market.
Console SDKs come in the form of windows-only tooling that tightly integrates with Visual Studio - which last I checked, attempts to verify you're using a geniuine licensed Windows installation. And the platform vendors verify what compilers you're using before they allow you to ship, to make sure you're not using ancient builds filled with codegen bugs. And of course you're firing up Windows to actually test your Windows builds for the PC market, right? Especially to root cause weird configuration, architecture, or driver specific bugs?
Hell, I've helped develop a UWP app at the behest of Microsoft - they were our publisher - targeting Windows 8 before it was even released. What "non-Windows-only alternatives" do you think I had, exactly, for that?
> My point is, people who say their work is only doable on Windows tend to just be scared to move away from the specific tools they know.
Bullshit. Even when you have non-Windows alternatives that are compatible with the Windows alternatives, convincing IT to let you do your weird nonstandard thing, and dealing with the interop bugs for all the external people using Windows software is often a headache that will cost far more than just paying the Windows licensing fees and booting it. That's not fear, that's just practicality.
People who say there are non-Windows alternatives tend to not realize just how miserable an experience that can be, on the occasions where they're actually technically right, when they're not working alone in an isolated silo with all the free time in the world.
Like, sure, I could try and debug msbuild issues my coworkers are having by trying to run it via wine on linux. Or I could ship windows PC games by cross compiling to windows with clang and praying there are no OS specific bugs. OpenGL drivers on windows aren't as bad as they once were, I suppose. But I challenge you to find a single professional gamedev foolish enough to go through that pain in the ass, just to avoid firing up Windows. Surely you can find at least one?
For some it may not be true that it’s only doable but still best done. Sure there is CAD software for Linux, but nowhere near the quality of Autodesk on Windows.
> Which is why I find it absurd for someone to say they don’t understand why someone would need to use Windows.
I can't find anyone in the thread saying that. I see people suggesting, perhaps disingenuously or based on anecdata, that it's no big deal not to use Windows, but I don't see anyone questioning why someone would use it.
> I've used linux on my desktop for 20 years, I don't understand this "have to reboot to do something windows related", I guess I just use computers for very different things to you.
I read this more charitably, not as saying "why would someone need to use Windows?" but more "I don't need to use Windows, so I don't regard it as a universal need". (That, in turn, came from mmm_grayons's post https://news.ycombinator.com/item?id=24050677 :
> And use what instead? I generally use linux on my desktop but have to reboot fairly often to do something windows-related. Libreoffice botches document formatting every time I use it on something above "hello, world." Lots of stuff still only works on windows, though wine compatibility is getting better.
which I read, again perhaps unfairly, as suggesting that it is unrealistic for people to consider a computer workflow that doesn't involve Windows.)
Perhaps still more charity (or clarity) would have been appropriate, but the explicit acknowledgement that there are different purposes for which different people need computers seems to me to defuse much of what one might perceive as hostility or dismissiveness there.
> I read this more charitably, [...] "I don't need to use Windows, so I don't regard it as a universal need"
That's extremely charitable, because the comment implies they cannot at all understand how someone would need to use Windows, and they offer 20 years of personal experience to reinforce that. Even in the most charitable case it denies the existence of Windows-only software simply by not ever personally having a need for it.
> which I read, again perhaps unfairly, as suggesting that it is unrealistic for people to consider a computer workflow that doesn't involve Windows.)
I think so too that your read is a bit unfair, as the OP even says they're desktop Linux users but need Windows in some cases. Myself I've used Linux as my main desktop OS for 15+ years, and I still had times I needed to use Windows. I've definitely run into issues with e.g. LibreOffice myself, as they mentioned.
> Perhaps still more charity (or clarity) would have been appropriate, but the explicit acknowledgement that there are different purposes for which different people need computers seems to me to defuse much of what one might perceive as hostility or dismissiveness there.
Even if "I don't understand..." and "I guess I just use computers for very different things to you" isn't intended to be snarky, the commenter doesn't even attempt to understand why anyone would need Windows to do something. They couldn't think of a single thing? Visual Studio development or use? DirectX? Working on drivers for Windows? Some appliance that comes with software not supported by wine? Adobe software? AutoCAD?
I've switched to Linux 12 years ago, it requires sacrifices. I had to switch profession from Symbian Developer to Web Developer, desktop experience was not great, Wine has not helped. I've ended with light DM, shell, browser and vim.
And it was worth it.
There are so many wonderful aspects, the most relevant here is "for open source community I am not a product". It is blessing and curse - a lot of applications are not that polished, but they are sincere, they do what their authors want for themselves.
It'll be much easier to do this on host machine. And much more reliable. However, in my home network raspberry pi with pihole handles filtering among many other things.
For single-player gaming it's OK to disable network on guest windows completely. ISO images with games can be just mounted via virt-manager GUI.
Same setup here. Best of both worlds IMO. Only drawback is to use the GPU on the linux host for e.g. Blender, I need to reboot (GPU can't rebind to PCIe root otherwise or something... thanks Nvidia)
I do it the other way around because 1) I "only" have one GPU, 2) it entirely solves driver-caused instability or other pain in Linux, since Virtualbox Linux drivers are really stable, and 3) it lets me easily suspend-to-disk, resume, and point-backup my running work sessions, which is really nice.
I set out building this thing as a Linux workstation, but I guess 1-1.5 generations old hardware was still too cutting-edge. Drivers exist, but X & Wayland (tried both) crashing or permanently artifacting multiple times a day was no fun. Zero crashes since wrapping Linux in Win10 with Virtualbox. Frankly, I should have just paid double for a worse MacOS machine, given the time I've sunk into this. Win10 is spy/adware garbage but it's what I'm stuck with now to have a usable machine.
[EDIT] Oh and, surprisingly, RDP to Windows then fullscreening Virtualbox Linux is less painful, better performing, and easier to configure (as in, was no work) than similar on Linux, aside from X-forwarding.
When I need to use GPU on Linux, I just start Linux guest VM and run what I need (some native Linux game or hashcat usually). It may seem little bit inconvenient, but I'm happy with such isolation: main system kernel runs not tainted, and Nvidia drivers not always stable - I've seen panics caused by nvidia kernel module.
to you and parent, what's your experience running games in a VM? i prefer to run linux, but there are a few games that are windows only that i'd like to play.
which VM software are you using? can you recommend any resources?
It's very close to native performance. Only major issue I had is crackling sound, but it's resolvable. In my setup I have second set of controls (keyboard + mouse) to be forwarded to guest and HDMI output of guest GPU is connected to HDMI switch. Once everything set up, it looks and feels like you have second PC under your desk.
I use conventional Linux KVM virtualization ("libvirtd" + "virt-manager" GUI) on Fedora 32 (previously used Debian).
When I need Windows, I boot up that machine and RDP into it.
Over time, I need to do that less and less.
I’m still a gamer though, and I refuse to pay exorbitant console prices for games and online play in a walled garden, so I keep one Windows machine around just for that. But I only take it out of sleep when I need it.
If you use QEMU plus KVM (Kernel Virtual Machine), you can say goodbye to dual boot as the virtual machine is run with near native performance. For playing windows-only games, the solution is GPU passthrough, which allows allocating a GPU for the virtual machine providing the maximum gaming performance.
Does that work on all hardware? I've got laptops, and could maybe use hybrid graphics. I'll look into it, thanks!
Edit: so this doesn't work for muxless laptops (I've looked into it before and forgot). The discrete card runs through the Intel iGPU regardless if hybrid graphics is enabled or disabled.
The vBIOS can't be accessed directly, so it will result in an error. Some people got this working anyway, but it seems that it's unstable and/or results in low performance.
probably an issue with windows document formats. had that last week. a form, where the exact alignment for every bit mattered had checkboxes totally misaligned.
It's exactly this sort of thing. I'm not even going to call it libreoffice's fault; it's possible microsoft is the one doing weird, janky stuff. But neither co-workers nor clients care; they only get pissed that every time I edit something the formatting breaks.
There are alternatives, you just have to accept that not every operating system is exactly like Windows and that it takes time to learn something new. But you can multi-boot while doing that and gradually move your workflow away from Windows. Maybe there's still something that actually doesn't work outside of Windows at the end but the majority of your life will probably be spent on an OS that you (hopefully) don't have to fight.
There are lots of games that run on linux these days. Personally, my wishlist has a deep enough backlog of linux-supporting games that there's very little risk I'll ever be "forced" to dip into the windows-only portion of the list.
For those times when I really just want to play a specific game that's Windows-only, dual-boot works great. I couldn't care less if telemetry tells Microsoft I start my PC every few months to play a few games ;)
I'm pretty skeptical that there are many real cases where eliminating Windows as a primary OS is a matter of "can't" and not "don't care enough to tolerate an occasional minor inconvenience". The latter case gets little sympathy when they complain about Microsoft's bad behavior.
Unfortunately, many modern shooters use anti-cheat software that stops you from running them in Linux. They're my biggest barrier to being full Linux all the time.
We are not talking about just a few games as in the pre-steam days, but ~30% of all games on steam have native ports for linux now and over 70% can be played with proton by now.
And in the end you will always have to make a choice what games to play, since not everyone owns every console ever (which have exclusive titles) or the latest and greatest hardware to play the very latest AAA titles (quite a few of which have native linux ports by now)
That's what I'm saying, not every operating system is Windows. But what are you trying to do? For Windows-only video games multi-boot is good enough. I guess you won't be switching between gaming and doing something else fast enough that the reboots would get annoying. And for a lot of Windows games Wine and now Valve's Proton are also viable. For Windows-specific development you could also use a VM with shared folders.
Most people aren't your average HN user. Most people wouldn't be able to really figure out dual-boot, much less shared folders, Wine and Valve's Proton. It's still just too complicated compared to Windows. For these people, any use of Windows-only software makes the decision for them. They will use Windows because its easier and it 'just works' as far as they're concerned.
I agree with statement though not because of the arguments.
Dual-boot is scary — it can ruin the only computer user has — but live USB is super simple. Shared folders? Put shared data on FAT USB. Start with browser, that's 99% usage. Windows-only software? There would never be 100% parity. Same story opposite way - a lot of programming languages do not work that well on Windows.
Windows is easier because it is familiar, it has a lot of quirks
* why do I need disks? I'd better put everything in personal folder
* right click on desktop to setup display?
* "my computer" on the desktop of my computer?
* File > Exit?
Most of the Windows users would not switch to Linux even if it was as polished as Mac. We know because they don't switch to Mac.
multi boot is absolutely not good enough. i do multiple things in paralell and switch back and forth frequently. the problem is not only the switching but that a reboot causes me to loose state. i have to close all editors of my work in progress, reposition windows and whatnot. each reboot would cost a few minutes of work.
on one laptop i managed to get hibernation to work such that i could hibernate one OS while i woke up the other. this way i could switch back and forth between linux and windows without loosing state. but it was still annoying that my linux system was not accessible when i needed it. like to check email or respond to messages while the game is running.
I mean If you say so, sure. I'm not forcing you to do anything. In my experience when moving away from Windows it has been fine though, I'd just install what I wanted to do while playing games on Windows as well (such as a web browser, chat software, etc.)
i try to keep personal data away from windows as much as i can. i use windows only for things that don't work any other way.
the only exception is games,some games run on linux or wine too, but all of them run on windows, so i currently have all games on windows just to have them all in one place and keep games away from where i do real work.
apart from that i treat the windows laptop as a replaceable dumb terminal that i don't care about if it gets destroyed or hacked. anything important is on a trusted device running linux.
also, having linux around is what makes using windows bearable. the most important window is the ssh/mosh terminal to my linux machine. the less i have to interact with windows, the better.
finally i switched from dos to linux before win95 came out and i haven't used windows for more than a decade until tax and banking software forced me to. then i added games because the device was already there.
Until enough move over that support for Linux is as good as Windows for certain key applications, that is essentially just moving the fight. And giving up on a few rounds if you are not fighting Windows' tracking while in Windows.
It was chest-thumping. Mark basically moved the goalposts so he could claim victory. The future he had originally envisioned will never come to fruition.
What? There are no alternatives because people don't adopt the alternatives. If a mere 10% of the Microsoft user base moved to Linux you'd see lots of changes from comercial software vendors.
But I suppose it's easier to pirate Windows and cry in online forums.
Users blocking telemetry using .../etc/hosts are presumably power users, and, as such, are informed about this new twist - and this twist may even inform them that Microsoft uses IPs as a fallback in case DNS resolution fails. The outcome of this stunt may thus be worse than before it.
I'm not a lawyer, but I think might depend on what data is being collected here. I believe they'd be fine if it doesn't fall under the "personal data" category.
You might actually be accepting some GDPR processing agreement when setting up Windows nowadays.
And there's a whole thing in GDPR about grandfathering consent. Which they might fall back on.
But like I said, I'm not a lawyer. I'm not qualified enough to know for sure.
But GDPR can be a bit vague, both in definition and enforcement.
I'm not sure how Microsoft implements GDPR agreements. But I'm not sure if you'd have to agree to their policies on a Microsoft account level, or if it's per installation of Windows.
I didn't mean it in the sense that it's invisible.
I haven't done a Windows install in a while, so I just don't know if they do a privacy agreement in the installation.
As I mentioned in another comment. I wonder if they would try to extend Microsoft account privacy agreements to the installation of Windows where that account is logged into.
Oh well, there's always pihole.
Edit: On second thought, how long before they just start hard coding IP addresses?
[0]: https://blog.malwarebytes.com/cybercrime/2016/09/hosts-file-...