you can always either disable secureboot and driver signature verification, or (the better solution) just enroll your own certificate in your TPM and sign the driver with that...
Ah, yes, the [insert super inconvenient and complex thing to do that most people don’t know, want or should do] will solve it! And when that fails, surely the user can just write their own OS, right? Bunch of skill-issued complainers we the users are.
Well, the hope was always that those of us inconvenienced by M$ would all collectively contribute to making Linux distros more convenient for everyone. But we can't ever seem to get inconvenienced enough to actually sufficiently mobilize and/or coordinate such an effort.
It does seem like linux is having its moment right now. there's the money and effort valve is putting into KDE making the steamdeck and steammachine polished for their hardware which helps all users of KDE. cachyos is making having a rolling distro really smooth and snappy on old hardware and making games work mostly ootb. stuff like winboat and wine will let you use the few windows apps you need. you are kinda stuck though if you want to use something like fusion360 or solidworks. freecad has improved quite a bit but it's still like gimp where it's slightly worse UX in a lot of ways.
Now… maybe we could condense the 10,000 pointless distros down to a dozen? Oops, nope. Now 10,001, except this one has the menu bar in the middle of the screen and it moves around.
The distros are not pointless. For every one of them there was a human being that wanted something to work differently and the nature of open source let them do it. That should be celebrated and the day we loose that flexibility would be a very sad day.
This. Not to mention that for the mainstream users there are mainstream distros that are largely the same they have always been: Fedora, Ubuntu, Mint, so I never really understood the issue of having tons of distros out there for enthusiasts.
I think that both perspectives are right. We should celebrate diversity, but there's also power in consensus.
There needs to be some competition between ideas, but if every bit of disagreement about direction ends in "I'm going to build my own distro, with blackjack and hookers", then we as a community won't ever end up building something that can compete with the megacorps.
I mean, the super-easy option would be to just use BitLocker for FDE. No hassles, just works. But I fugured since everyone here on HN hates MS I wouldn't even bring that up. Don't trust MS? Enroll yourown keys
by default, yes. Can be disabled with a single click. That's something that even your Grandma can do, as opposed to installing VeraCrypt (with dozens of options on what to encrypt, and how, and when, ...)
What's easier, and bitlocker doesn't count. I want my FDE to be based on a password or a keyfile, not simply by some code in the motherboard. I want it encrypted until I, the operator, provide some data to unlock.
In my limited experience with bitlocker, the disk is decryptable automatically as long as it's in the original motherboard.
If someone steals my laptop, and there is no factor of decryption requiring something I possess or know, then the only use of that disk being encrypted is that I can throw it out more safely at end of life. Thieves/LEO has the data because they have the motherboard.
If bitlocker has a PIN/passphrase decrypt option, then I missed it.
While a thief or LEO could boot the OS, just having the motherboard doesn’t give them access to the underlying data. They would need to have a valid user account.
It was not made clear to me that my username/password was the decryption method! I was expecting something like Linux where a separate password is needed.
Furthermore it wasn't intuitive to me that my user account would decrypt more than just my home directory.
