I know nothing of PAM, but could it be used with something like LDAP? or ActiveDirectory?
If the machine is joined to a domain you'd need to use Hello for Business. It's more involved to set up, but if you've got enough Windows computers to have an AD domain you should definitely do it.
At first I was skeptical about the usefulness of such a feature given my password doesn't take long to type, but it turned it to be a feature I really enjoyed.
My Dell Vostro has pretty instantaneous fingerprint recognition, much faster than a password (my previous Acer has a less convenient location for the sensor, and was much slower, and was much less reliable.)
And now windows comes with openssh server too, which is a little more sane than opening up access to network managing windows machines directly via WMI...
I've used RDP to work remotely and also to play some games inside Hyper-V VM and I didn't felt big difference between native
Admittedly, it's been almost a decade since Windows 8 (!?!), so this is a very dated experience.
Rdpwrap by stascrop (GitHub) https://github.com/stascorp/rdpwrap/releases
Obviously it has far more restrictions than enabling RDP on Pro systems, but that's because it's clearly designed with Home users (average consumers) in mind.
Using Windows compared to using XFCE is like pulling a stubborn donkey. No, I don't want to update, I don't want a voice assistant, I don't want absurd UIs, I don't want telemetry, I just want a goddamn menu and desktop icons.
>No, I don't want to update
Why don't you want to update? You really should.
> I don't want a voice assistant
It takes less than 5 minutes to disable and hide it.
> I don't want absurd UIs
How do you define absurd UIs? Do you think 1 billion people using Windows are all absurd? If so, that's highly arrogant of you.
> I don't want telemetry
It's a bit annoying and philosophically not a great thing, but you can disable 99% of their telemetry in about 15 minutes.
> I just want a goddamn menu and desktop icons
Windows offers this and more.
I've used Xfce for a long time, it's nice. But the whole "it's faster and lower memory footprint" doesn't matter much these days, especially since Windows is really well optimized now. How many people are using Xfce on systems with 1GB of RAM anymore? Plus Windows obviously offers much more than just Xfce and Xfce is also under-resourced, developer-wise, and on the brink of becoming abandonware. Linux desktops really are not in a good place today.
Yes, tomorrow evening when I have time, not literally right now in the middle of a 2-day 3D render that my computer has been running for a 24 hours now.
> It takes less than 5 minutes to disable and hide it.
Until an update re-enables it or pops an un-hidable fullscreen popup with misleading questions that tricks you into enabling it again.
> [absurd UIs]
You can't possibly be defending the shitshow that is the Win10 setting menu! Everyone hates it, from techies, developers, gamers, grandmas... I could probably write an essay just about the actual bugs and missing features, not even counting stupid design.
See the Cortana reply above
Few people are running <1GB of RAM, true, but very many are still running 4GB. That means you can basically open a Word document and two Chrome tabs before your system becomes unusable. This isn't an exaggeration - if the two tabs are heavy (like FB and Gmail, for example), the system will aready start swapping.
For another datapoint, I can no longer play certain games (heavily modded) on Win, because they actually need at least 6GB or RAM and that's enough to crash my 8GB system. On Linux, I can run the game, Spotify and like 3 Firefox tabs on the same machine, and I'm using a DE that notorious for high RAM usage (KDE Plasma).
It's a humongous engineering project and I can see what they're doing. It's a super painful and long transition, but where they've finished the transition, I like it. Very nicely organized, searchable, it makes a lot of sense, it's consistent. It's a great UI, we're just in the middle of the construction site.
I imagine they didn't have any other way to do it.
If they don't do it, everyone complains that the Control Panel is getting antiquated, if they do it, people complain why they're changing it like this.
We have to be realistic here.
My favorite example of this is the sound output setting. Windows has two output "streams" - communication and media. The old menu used to have a "set default" button that set a device to default for both, but you could also set each default manually. The new menu doesn't make that distinction at all, but the new default device switcher only switches the playback default. This results in things like Skype, Zoom, Discord... seemingly not respecting the output device setting. The only way to fix this is through the old menu, but they have removed every trace of it, so you have to trick Windows by searching for "sounds" to get to the place where you change things like the error message sound, which pops up a window where you can then switch the tab to the old sound control panel.
I don't think there's been a single month since this change was pushed out where I didn't have to help someone with this. It's clearly broken, clearly
Just use pavucontrol (Pulseaudio volume control) which comes included with most distros.
The new UI seems to be very forward facing, I suspect that they're targeting everything with it: desktop, mobile, even AR/VR.
Most of those 1 billion people didn't choose Windows 10 because they looked at it and thought, "yeah, this user interface is so much better than Windows 7". Most of those people didn't look at the latest update to Windows 10 and think, "yeah, these changes to the UI are major improvements, my life will be so much easier than on the previous version of Windows 10".
For most of the non-programmers I know, it's more of a boiling-frog situation. Microsoft blackmails them into "upgrading" using security patches, and every "upgrade" makes the UI less intuitive, slower to use, or worse in some other way.
Just last month, for example, I got a call from my parents because the Photos app was no longer allowing them to save an edited copy of a photo to a different folder. Turns out, yeah, you just couldn't do that anymore. It's absurd, but my parents certainly aren't the absurd ones.
I think Windows is a probably the least worst desktop (not laptop!) OS right now but I would defend the parent commenter here. Windows has had the slowest and most painful UI transition I've seen in an OS, and it definitely hinders usability. Try to change certain innocuous settings in windows and you will unknowingly embark on a journey through time as you discover layers of settings still preserved in older and older UI frameworks still tucked away in deep corners of the OS.
>How do you define absurd UIs?
have you ever tried using windows 10 control panel?
>It's a bit annoying and philosophically not a great thing, but you can disable 99% of their telemetry in about 15 minutes.
CIA/NSA leader "We kill people based on metadata"
I grew up on windows and dont know how to program, and even I am dumping windows for ubuntu or osx (+ windows running in a vm for legacy software). windows is just trash. its pure trash. it has the worst user interface, the worst controls, lags, power issues, etc.
I would rather run a windows AWS instance accessed via a 4g ipad pro than continue using my pc workstation. its not good when people that dropped out of business degrees and cant program say that!
Many people use computers for entertainment and Windows has more compatibility with games because game developers target Windows. Even though many of the game engines they use support Linux.
With Wine, Proton, Dxvk, etc... the game compatibility gap is closing rapidly, though.
Now, many occupations require software that won't run on Linux (software from Autodesk, Adobe, etc), but the use case for the vast majority of people is well covered.
If they were given the chance to acquire their computer for cheaper without an OS they would have done so.
As for suspend/resume scripts, I've never had to do that and I use Arch (yes, hahah, but you know what I mean).
Windows has a certification process for most hardware and drivers, things still break but any major or wide breaks are caught quite early. I just have less time to tinker with stuff when random flakiness pops up which happened a lot when I used Arch and Ubuntu.
But it has worse performance for accessing native Windows files than WSL1 does.
In any case I think an assertion that WSL2 has no performance issues needs a serious citation (as opposed to no citation which you gave) - you're making a claim about all possible situations. As always, a statement that "no x exists" requires seriously more proof than "at least one x does exist".
What exactly is the point of sudo/UAC these days of single-user machines? I think https://xkcd.com/1200 put it well. Anything running as an unelevated user account can access my browser sessions where it can steal my passwords, emails, other other private info. It can turn on my microphone and camera. It can read all of my documents. Those are the things I care about protecting, not whatever special things root can do like install drivers and create virtual network interfaces.
The best configuration for WSL sudo is probably to just allow all commands without any authentication.
Modern Windows has permission levels and capabilities that segregate background processes and system services. If your browser, running in low integrity mode, gets exploited, there's a whole layer of security that needs to be bypassed to read the keys you type or to install tasks at startup.
On Linux, I think it's mostly an anti-fuckup-thing. You can't accidentally delete system files if you're not root, you can't accidentally restart the wrong service, you can't accidentally edit the system config when you want to edit the user config. Badly-written tools can't mutate something when I ask them to just read. It also works for the same reasons as UAC does for Windows, though the Linux permission model is much simpler than the Windows one for most use cases.
If you run everything as root, the first compromise rootkits your computer. If you use proper user segregation additional steps need to be executed in order to trick you into getting the malware hooked deep into your system.
For WSL, the problem is similar to Linux, because WSL is just a well-integrated Linux VM. Dev tools such as npm download and execute random code from the internet, which can be infected somewhere six levels down the dependency chain. If you run those as root, you're giving that malware full access to your system whereas your local user account can only modify some of the files outside of WSL.
It doesn't protect you from theft of your unlocked laptop. It does protect you from bad software, at least partially.
”UAC is not a security feature. It’s a convenience feature that acts as a forcing function to get software developers to get their act together.” https://devblogs.microsoft.com/oldnewthing/20160816-00/?p=94...
On a single user machine, it does nothing for user security, because all of the things worth protecting, like your data, don’t require elevation anyway.
As for preventing fuckups, it prevents the wrong fuckups. Deleting my user files is a bad fuckup. A program trashing my files and emptying my bank account is a bad fuckup. Trashing my OS install, the only thing root can do that my user account can’t, is an inconvenience.
Permiting everything is no different really to browsing the web as root.
Permitting granular things in sudo and doas isn't easy.
For what it is worth, many of the systems I work on on have many more than just one user and I am sure that other people work on bigger environments too. When you have multiple users, you run the risk of delegating more access than you should and thus compromise content, hence why I think access should simple!
Hacking around at systems you’re interested in is hardly a waste of time, it’s through projects driven by self interest that we learn the most imo.
Extending standards is normal and expected. It’s the extinguishing part that we get in trouble, but a natural risk of any large player “contributing” to OS (their weight is what opens the possibility; but their weight is also what you want to enable larger/comprehensive OS codebases).
That is, you want Microsoft contributing to Linux. The thing to avoid is only Microsoft contributing to Linux.
People really get riled up with some brands, but I think brands are really just people who operate the brand collectively, often with an emphasis on the leadership that gets to guide the sail. Gates and Ballmer are past.