Opinion: Wasn't 2025 the year it happened? Yes. No. Answers on a Christmas card

As Torvalds pointed out in 2019, is that while some major hardware vendors do sell Linux PCs – Dell, for example, with Ubuntu – none of them make it easy. There are also great specialist Linux PC vendors, such as System76, Germany’s TUXEDO Computers, and the UK-based Star Labs, but they tend to market to people who are already into Linux, not disgruntled Windows users. No, one big reason why Linux hasn’t taken off is that there are no major PC OEMs strongly backing it. To Torvalds, Chromebooks “are the path toward the desktop.”

    • realitista@lemmus.orgEnglish
      201·
      12 hours ago

      For gaming and home use I think Windows will slowly die off. But I see precious few enterprise customers who are willing to consider Linux desktops for anyone other than sysadmins or programmers. Some will allow Macs for general users but I’ve never seen one that allows Linux.

      • Em Adespoton@lemmy.caEnglish
        10·
        10 hours ago

        Hard to enforce a GPO on Linux, unless it’s locked down like ChromeOS.

        That’s really the limiting factor: liability and support costs.

        • vacuumflower@lemmy.sdf.orgEnglish
          21·
          5 hours ago

          I think you can:

          1. set up something like Fedora Silverblue,
          2. disallow root,
          3. disallow sysrq and such,
          4. allow sudo only for select few things,
          5. refresh configuration centrally.

          I’m not sure it’s much more work than what I’ve seen in corporate environments with Windows.

          • enumerator4829@sh.itjust.worksEnglish
            4·
            3 hours ago

            I’ve managed Linux desktop fleets in enterprise-like environments. I’ll modify your list a bit:

            1. Use Rocky or RHEL (because the commercial software you want to use only has support for RHEL and/or Ubuntu)
            2. disallow root completely without exception
            3. do additional hardening
            4. don’t allow sudo for fucking anything
            5. run centrally controlled configuration management (most likely Puppet)
            6. Ironically - disallow any use of Flatpak, Snap and AppImage. They don’t play that well with Kerberized NFS-mounted home directories, which you absofuckinglutely will be required to use. (Might have improved since I tried last time, but probably not. Kerberos and network mounted directories,home or otherwise, are usually a hard requirement.)
            7. Install and manage all software via configuration management (again, somewhat ironically, this works very well with RPMs and DEBs, but not with Flatpak/Snap/Appimage). Update religiously, but controlled (i.e. Snap is out).
            8. A full reprovision of everything fairly regularly.
            9. You most likely want TPM-based unlocking of your LUKS encrypted drives, with SecureBoot turned on. This is very fun to get working properly in a Linux environment, but super simple to do on Windows.

            And as you have guessed, on Windows this requires a bit of point and click in SCCM to do decently.

            On Linux, you’ll wanna start by getting a few really good sysadmins to write a bunch of Puppet for a year or so.

            (If we include remote desktop capabilities in the discussion, I’ll do my yearly Wayland-rant.)

            • VirtuePacket@lemmy.zipEnglish
              1·
              40 minutes ago

              The other thing you’ll need is for compliance and risk management frameworks (e.g. CMMC, ISO27001, CIS, etc.) to fully embrace Linux controls and environments. As of right now, it’s a patchwork full of holes and if you need to demonstrate compliance, it’s likely to be a lot more challenging running Linux workstations.

            • vacuumflower@lemmy.sdf.orgEnglish
              11·
              2 hours ago
              1. OK. I agree, but personally hate RHEL.
              2. Yes.
              3. Suppose so.
              4. Brightness and sound controls too?..
              5. Yep, meant that.
              6. I thought of something like company-issued laptops, which might be good to have functional without Internet connectivity sometimes, if it’s remote work.
              7. Dependent on the role some users might need to regularly install software you haven’t thought about.
              8. Yes.
              9. Well, disagree about SecureBoot, there’s nothing secure about MS signing your binaries. It’s just proof they are signed by MS. Setting TPM under Linux is, eh, something I’ve never done.