Opinion: Wasn't 2025 the year it happened? Yes. No. Answers on a Christmas card

As Torvalds pointed out in 2019, is that while some major hardware vendors do sell Linux PCs – Dell, for example, with Ubuntu – none of them make it easy. There are also great specialist Linux PC vendors, such as System76, Germany’s TUXEDO Computers, and the UK-based Star Labs, but they tend to market to people who are already into Linux, not disgruntled Windows users. No, one big reason why Linux hasn’t taken off is that there are no major PC OEMs strongly backing it. To Torvalds, Chromebooks “are the path toward the desktop.”

  • enumerator4829@sh.itjust.worksEnglish
    4·
    3 hours ago

    I’ve managed Linux desktop fleets in enterprise-like environments. I’ll modify your list a bit:

    1. Use Rocky or RHEL (because the commercial software you want to use only has support for RHEL and/or Ubuntu)
    2. disallow root completely without exception
    3. do additional hardening
    4. don’t allow sudo for fucking anything
    5. run centrally controlled configuration management (most likely Puppet)
    6. Ironically - disallow any use of Flatpak, Snap and AppImage. They don’t play that well with Kerberized NFS-mounted home directories, which you absofuckinglutely will be required to use. (Might have improved since I tried last time, but probably not. Kerberos and network mounted directories,home or otherwise, are usually a hard requirement.)
    7. Install and manage all software via configuration management (again, somewhat ironically, this works very well with RPMs and DEBs, but not with Flatpak/Snap/Appimage). Update religiously, but controlled (i.e. Snap is out).
    8. A full reprovision of everything fairly regularly.
    9. You most likely want TPM-based unlocking of your LUKS encrypted drives, with SecureBoot turned on. This is very fun to get working properly in a Linux environment, but super simple to do on Windows.

    And as you have guessed, on Windows this requires a bit of point and click in SCCM to do decently.

    On Linux, you’ll wanna start by getting a few really good sysadmins to write a bunch of Puppet for a year or so.

    (If we include remote desktop capabilities in the discussion, I’ll do my yearly Wayland-rant.)

    • VirtuePacket@lemmy.zipEnglish
      1·
      39 minutes ago

      The other thing you’ll need is for compliance and risk management frameworks (e.g. CMMC, ISO27001, CIS, etc.) to fully embrace Linux controls and environments. As of right now, it’s a patchwork full of holes and if you need to demonstrate compliance, it’s likely to be a lot more challenging running Linux workstations.

    • vacuumflower@lemmy.sdf.orgEnglish
      11·
      2 hours ago
      1. OK. I agree, but personally hate RHEL.
      2. Yes.
      3. Suppose so.
      4. Brightness and sound controls too?..
      5. Yep, meant that.
      6. I thought of something like company-issued laptops, which might be good to have functional without Internet connectivity sometimes, if it’s remote work.
      7. Dependent on the role some users might need to regularly install software you haven’t thought about.
      8. Yes.
      9. Well, disagree about SecureBoot, there’s nothing secure about MS signing your binaries. It’s just proof they are signed by MS. Setting TPM under Linux is, eh, something I’ve never done.