I suspect as people start realising that the majority of these security patches are for bugs in things they never wanted nor needed on their system[1] or outside their threat model and thus present only to make their lives worse, thirdparty services like these will become more popular. Especially when they see what Win11 has become.
There have long been communities providing unofficial contributions (including drivers for newer hardware) for MS OSes going back to DOS, and their existence has always seemed to puzzle the FOSS advocates.
"Especially when they see what Win11 has become." Windows 11 works great. In fact, it works as well as Windows 10, Windows 7, etc. One thing I always find amusing is people are constantly claiming the latest version of windows is "bad", and the last version of Windows is soooo much better. This has been happening at least since Windows XP was released.
Windows 11 has so much bloatware, ads, unwanted ai “features”, constant resetting of defaults, and forced use of an MS account that I reinstalled win10 a few months ago.
Very happy with my decision (as happy as one can be with Windows). I am missing absolutely nothing from the latest windows. I can’t say the general performance is much different between the two, but the rest of the complaints hold true
Tried moving the taskbar, getting it to show more than uninformative icons, or getting rid of all the fucking adverts and other hostility? Or anything else from this list, for that matter:
It's generally a mix between the so-called "baby ducks" (people who fixate on the first OS they ever used), and Linux evangelists who announce every change to Windows as the surefire catalyst of the year of the Linux desktop.
I'm sorry but a dumbed down interface, built in ads and propaganda, and odious privacy destruction like Recall is order of magnitudes worse. Stop astroturfing.
Ok, maybe 11 has some features (like AI trash, privacy invading trash, Microsoft Edge hawking trash, et cetera). But if Microsoft is willing to pull the plug on the most popular OS in the world just four years after introducing Windows 11, it doesn't exactly build confidence in the long-term support for Windows 11, 12, 13, and so on.
If anyone is exploring options, Windows 10 IoT LTSC has official support till 2032. Added benefit is that it doesnt come with preloaded bloatware from MS.
I have recently installed W11 IoT LTSC on a 3rd gen Intel, the TPM requirement in this version is optional.
The problem with LTSC is that it is very hard/impossible to get it legally as an individual. You can do it in unofficial way but that has its own problems.
It's not that hard. Give CDW a call. You'll need to setup a volume licensing agreement, which means buying at least 5 licenses, but there's some $10 licenses you won't use if you need filler. Also, this is an upgrade license, you need an underlying windows license on each PC to upgrade it.
That is a different product. LSTC != IoT LSTC, it is so confusing. To get the IoT you have to sign lots of contracts, Microsoft sends you stickers to put on each stuff, stuff like that.
When is the release date for Windows 11 Enterprise LTSC?
It will be officially released in 2nd half of 2024, more info. Download links will
be shared here. Insider build ISO for Windows 11 LTSC has been leaked but we
recommend not installing it for general use because its authenticity can not be
verified.
Update - 24-May-2024
Windows 11 IoT Enterprise LTSC 24H2 is released to OEMs. We got the official links
from OEM portal, and it's added [here].
You can probably download it if you have a Visual Studio Professional or Enterprise subscription. VS Professional costs about $1,100 for the first year, and about $750/year after that. You get access to all MS software BUT you can only use it to develop software. You cannot use it in production.
I do have the Enterprise subscription, which is how I know that this product wasn't launched yet. There is a "Windows 11 IoT Enterprise, Version 23H2" and the usual "Windows 11 business/consumer editions, version 23H2", but nothing with LTSC.
As one of the other comments mentioned W11 IoT LTSC was released quite recently, 24H2 I belive. It is a legit general availability release obtained from the same website.
It probably involves some level of reverse engineering. Which last I checked violates the windows license.
Regardless of my feelings on whether such reverse engineering should be legal (I think it should), this line of business seems like it is inviting a lawsuit from MS, unless they have some kind of agreement with MS (which is possible).
Ironic, because MS are now saying that anything on the Internet can be used to train AI, and their ISO's are available.
Perhaps using AI in the process of making these patches will make it OK ;-)
It’s possible reverse engineering is potentially fair use if Microsoft is no longer offering security patches, although a court case would be the ultimate test.
I’d be willing to donate a payment to the EFF for an attorney opinion on the topic to add to my citation (their FAQ) to cover the professional time expense.
RE has always been "fair use" since the very early days. Look at the books and other work published by Andrew Schulman, Matt Pietrek, Mark Russinovich, etc. AFAIK no one has gotten unwanted legal attention from MS from it (and look at what happened to that last person...), and it's only when you want to be a competitor, like ReactOS/WINE, that they start paying attention.
Also notable is that Ilfak Guilfanov (IDA author) published a free patch for the infamous WMF RCE before MS did.
This will sound pedantic, but it’s not intended to - you say ‘illegal’ - is that in the context of the licence or is some actual law broken outside the scope of that licence agreement?
It’s a fair question, and I didn’t find it pedantic. My understanding from earlier comments is that it required a legally binding contract that wasn’t practical to offer to individuals due to all the clerical work required basically. I may have misunderstood though.
Thank you for pointing this out. I doubt that their patches always (or even frequently) fix the underlying security issue. It is a lot harder to patch something when you don't have access to the source code, and to a test team which can verify the fix.
I suspect that these patches frequently do not fix the security bug. Basically, if you care about security, you should use software supported by the vender, or open-source team which produces the software.
I don't think he's spreading FUD. It's a lot of trust you're placing in a 3rd party who doesn't have the source code to patch your system. Independent reviews and A B testing would help sway a lot of people, IMO.
You can find vulnerabilities using a variety of techniques, but to properly patch them you do need access to the source code. These "updates" don't even modify the executables, so would have to be applied every time you turned on your P.C.
Guarantee that's going to void your support contract with MS if you have one (or worse).
I also cant imagine any win 10 software not working on 11. It's not that different under the hood. You've also had plenty of time to test with your vendors. And yes, legacy niche software blah blah, been there done that, but win 10 -> 11 isn't like XP -> vista. It's like win 10 to 10.5.
Terrible idea on a number of levels. Best of luck to anyone who tries it.
Except Big Business is exactly the type that does drop the MS Suite. Using Microsoft products becomes a liability on a certain level.
It's SMB's that are stuck with MS products...
If you think about it, most of us just tolerate Microsoft products. They're often not amazing to use (Teams, Sharepoint, etc), but we put up with them because they're mostly sufficient and/or you just already know how to deal with the warts. That's not a glowing review of MS stuff.
GSuite (or whatever they call it these days) is popular with many smaller companies and startups because they don't need traditional locally-installed office apps.
This is 100% backwards. Big business loves MS, they don't tolerate it. It's one simple ecosystem that every sysadmin and IT helpdesk person knows.
Let's consider a 1000 person org with 5 offices.
Here's their stack:
1 (or 2) DC's at each site
Active directory with 30 OU's and 100 security groups
A datacenter
A dozen LAN file shares with spaghetti permissions
1000 workstations (with paid licenses)
1000 email accounts (with paid licenses)
25 Sharepoint sites
100 Teams
20 Shared mailboxes
30 Distribution groups
100 GPO's defining server and workstation behavior/logon scripts/etc
AAD controlling user licensing, SSO, auth, dynamic groups, one way sync to local AD
7+ years of M365 and server backups (prob in the 100TB+ range)
40 TB of active data across the org
15 Hardware servers
50 Windows server VMs
20 Windows 10/11 VMs
15 Different industry specific softwares that REQUIRE Windows
Switches/routers/firewalls/VPNs using LDAP to auth
Dozens of automations using email/sharepoint/PowerApps/Flow/ToDo
And 40 years of inertia.
Tell the CTO/CIO that you think they should move to Linux and Gsuite and find open source programs to replace literally everything they do. Tell them they need to retrain their entire IT staff. They also need to redo every single workflow and SOP they have. You'll never be taken seriously again if you don't immediately start laughing and say "Just kidding, that would be insane!".
That's not even a "big" business. I don't mean to be rude but you have no idea what you're talking about.
Yes I do. I would never want to try it though and transitioning to it would be an insanely complex project taking years. I would quit.
The Microsoft world runs the vast majority of businesses with more than 20-50 people. MS world is tiny... You know what's tiny? The dev/startup world. MS is overwhelmingly dominant. Not even close.
Your 12 person startup? Yeah, who cares, Linux/Mac all the way. Roll your own everything. Have a NAS that everyone has permissions to, sure, whatever. Backups? Copy it to another NAS every other week, ok. 1000 people who have been using Windows their entire life, half of which are over 50? Managing dozens of levels of permissions? Decades worth of backups?
Go try managing fleets of computers, permissions, file shares, etc for users that require... Windows software. M365 and the MS platform is the shit.
I've used Linux since the 90s. It's my daily driver at home. I was an anti M$ leet haxor. Then I joined the mature business world and saw what MS provides to businesses. The idea of gutting the entire infra "to save money from the bad M$" is greenhorn shit. I know because that was me 20 years ago. You can't just roll your own whatever cobbling together multiple 3rd party stuff and then somehow find people to support it for years to come. It is going to break and it's going to cost money.
This site loves to talk about tech debt. I can't tell you how many systems I've had to migrate from some lone wolf admin that loves writing custom scripts glueing together multiple applications and processes, building a tower of shit which no one knows how it worked after he left so he could have job security. It's very common.
MS admins are a dime a dozen. Easy to find. Reliably experienced. There's a ton of value in that alone.
You will never save money migrating a large org that's already on MS away from it. Completely rediculous.
> Yes I do. I would never want to try it though and transitioning to it would be an insanely complex project taking years. I would quit.
And there we have it. Some people drink so much Microsoft Kool-Aide and cannot possibly fathom ever using anything else but Microsoft software. Every possible problem looks like a Microsoft solution. If the solution isn't obvious, call the Microsoft Rep and find one!
Then the predictable "what are you going to do, roll your own?!" remark... failing to realize there's more than just one SaaS company in the world.
How do you wager all the big businesses around the world accomplish all of these things you mentioned? What about all the big businesses in Russia, China, India and more? Hint - they're not all using Microsoft products and Azure...
Do you believe Microsoft is the only SaaS offering inboxes, storage, automation and more? Do you believe nothing else can use open protocols such as LDAP?
Microsoft's moat is deep, but it's not necessary. Most people eventually figure this out for themselves.
Every giant business I've been around also has a huge number of Macs floating around. I'm not saying that they'd be willing to turn of their PCs in favor of Macs. I am saying that they also already know how to manage Macs, and if Microsoft went further off the deep end, a fair number of CTOs might say huh, you know, this is starting to become more of a hassle than it's worth.
No, they didn't. I work in a government funded institute and personally know people serving in government agencies.
I would prefer they use Linux and OSS but they don't. The inertia and energy required to get anything to change is immense. Many are still working on digitalizing processes though COVID has provided a bit of a push there.
They are for the most part on Windows with the MS Suite. There are some exceptions but in >90% of offices you will find a Windows PC with the MS Office suite. Most of them have migrated to Windows 10 but I have encountered multiple Windows 7 machines in active use recently.
Is there a reason not to adopt chromebooks and iPads for end users; and implement a walled off (IP restricted) government version of Office and Gsuite?
Likely license/ device cost, complexity and migration costs.
Most systems are desktop PC's with "Mobiles Arbeiten" still being a scarce resource in some agencies. (Constraints on laptops etc.).
They chug along for 5-8 and sometimes longer if there's no requirement to upgrade. I wouldn't expect a laptop/ Tablet to have the same durability because it has consumable components like a battery.
There's also complexity in such a one-off setup that makes hiring for admin people harder, places strong constraints on new systems and would enforce a strong dependence on Google and their cloud. While having a NAS or SharePoint is not fancy, it works and keeps pii local and not shared with your vendor.
You might also have to look at integrating existing software (systems) into such an environment. This is likely not easy given that some systems are purpose built for government agencies environments.
Yep, as if we don't have a rapidly heating planet, Microsoft wants to add to that by adding several gigatons of e-waste (measurement is pulled out of my butt, just like Apple claiming it extracted 2204 lb of gold from recycled iPhones(1), a number which is basically 1000kg in lbs(2). How much do you want to bet this is a number someone made up, converted to lbs, put in its official report(3), and the stupid copy-pasting "journalists" are too dumb to notice or challenge?)
I think you're giving them too little credit. It doesn't seem too implausible that Apple keeps track of how many phones they recycle using their recycling program, and with that number they multiply that by how much recoverable gold is in each phone to get a total amount?
The zdnet article and the PDF also says 189,544lb of cobalt, 39,672lb of nickel, 44,080lb of lead, 130,036lb of zinc, 4,408lb of tin, and 6,612lb of silver. Divided by 2.204 they're 86000kg, 18000kg, 20000kg, 59000kg, 2000kg and 3000kg. How conveniently round in metric, but looking like they're giving you the precise weight to the nearest lb (and numbers not seemingly pulled out of thin air) in American...
The more obnoxious thing is they're not even dividing by the precise divider, as seen on the DDG link in my original reply.
If all you have is win 10, and not using Azure or AD, fair point.
But they may then not want to service server/AAD/AD issues "well your win 10 clients are no longer supported, the behavior between these systems is then also not supported, we can't help. Closing ticket."
I'd say, if you are big enough to have a Microsoft Support Contract then you're probably going to pay Microsoft for extended Win10 support anyway.
If you're looking to pay for 3rd Party Win10 updates, you might not be running AD in Azure either. Local AD is still a thing, and it should still support several versions of joined workstations.
e.g. you've got a problem with MS Office, on an OS that would be supported under an extended service agreement, but you're getting it 'patched' from some unofficial source instead.
Who are these people with support contracts that get problems fixed?
I work for a company with 20,000 employees and I can assure you, when we report bugs to vendors we have support contracts with, they get acknowledged then disappear into the same black hole as bug reports from home users.
As a Windows 10 user who hates the idea of installing Windows 11 and its AI and Microsoft-Edge bullshit, I like the idea, but what I'm worried about is the existence of a free and paid tier. What if the company (which seems to be for-profit) starts pressuring users to upgrade to the paid tier by limiting what sorts of updates they provide, e.g., only doing the 'most important' ones, leaving users who can't afford to pay in the lurch?
There have long been communities providing unofficial contributions (including drivers for newer hardware) for MS OSes going back to DOS, and their existence has always seemed to puzzle the FOSS advocates.
[1]https://news.ycombinator.com/item?id=28449607