I've run over 100 Linux servers, and the number of issues that weren't my incredible incompetence, not zero, not very low. I'll be fair, I've run a couple of dozen Windows server, and it's not 100% for issues, but it's most of them. Furthermore, I've seen a server change its own group policy settings, a few times. I've never seen a Linux server, change it's sysctl, ever.

Remember when you could, in System 6.0.7, and still in System 7, copy a file to a floppy (in MultiFinder), then from the floppy, then back to the floppy, and so on for a few minutes, and your Mac would hard crash. Remember?

As a tech I had a few tricks to crash Macs without any software. Just stupid Mac tricks. Not overflowing a disk, either, that was a stupid Windows trick.

Macs were not and are not yet infallible. They enjoy a huge advantage over Windows - control of the hardware. Windows suffers a multitude of hardware drivers, written by who-knows, and every significant attempt by Microsoft to insulate the kernel from bad driver behavior failed up to Windows 8. Mostly.

But it's sport to bash Windows. Has been since about Linux kernel 2.0, which if you were around then, you know was the pot calling the kettle black.

Windows has many flaws to hang your beanie on, but considering the requirements, it's remarkable. Not as remarkable as Linux, which somehow has become so despite (virtually) no paid developers. And I've used Linux since Slackware something like 0.9, which was not 'officially' distributed, and sort of worked. But it hooked me on Linux. Using Windows since the Mach 20 board and Windows 2.0, I've suffered but persisted. Felt bad for WordStar, WordPerfect for Windows, and some other software that never quite made it. Anyone remember Jazz?

Still, bashing Windows is easy. Anyone care to be similarly honest about X11?

Care to share actual metrics with us?

That's hilarious and true, like what does enabling a "Don't allow" for "Block and Restrict" do? Every single option I had to copy into DuckDuckGO and read what it actually did, and what the settings meant. It's not a case where the setting is confusing because I'm an idiot, it's confusing because it's written poorly. Contrast group policy to sysctl config, it's night and day.

The bigger issue I have with group policy, if so many of the options should be enabled by default, why aren't they? Policy for security and auditing should be opt-out, not opt-in, and even if they did want it opt-in, make it easy and clear to enable. How many hundreds of options could be enabled by default? I've turned a metric crap load of option on since November 2025, and no one has complained, so clearly they should be on, so why aren't they?

Intune and Defender for Endpoint will tell you dozens of options that should be enabled... WHAT?! Wait so Microsoft knows they should be on, but didn't turn them on, but want you to turn them on, but don't tell you to turn them on, unless you pay, and run a complex system of enrolment? At least when it's complaining about Linux setting in sysctl, they're dealing with outlier extra tinfoil accent style setting, not fundamental the system is a screen door slamming against a broken jam at the slightest gust of wind setting.

I can't support that, let's assume Windows is a quality OS, if they want to show off that quality, you need to show it off, not leave it to some end user to configure, tweak, adjust, enforce, and then see the hidden quality. The options are baked in, and clearly they know what should be enabled, just enrol with Intune or Defender for Endpoint, and it will tell you that those setting should be enabled. If they know they should be, why aren't they?

That's not my concern, if hardware problems are causing OS level problems, the OS just isn't ready for mainstream deployment. Maybe Microsoft has to call out certain companies, publicly, like Linus did / does, but that's Microsoft's job.

Ya, it's a difficult question, but in any case the girls get a say in how their likeness is used.

Yes, yes it is, Windows is a terrible operating system, and we need to keep reinforcing that, so we don't normalize crap.

Funny thing, I did, it's on a Raspberry Pi, but my mother doesn't like it because the touch controls are different, and she has to use a SD card.

I've posted many times about the issue I constantly face on Windows, not only on my machine, but fleet wide.

I was configuring group policy yesterday, all day, and the number of things that are either active or not restricted, is mind-blowing. Page after page of options that should be "Block - Enabled", or, "Security Enabled", by default, that you need to go in and set enabled, why? The number of options of protocols, encryption, caching, temping files, and so on, that should be blocked by default, again, head shaking. There are a few policies to prevent exposing your user details and notification on a lock screen, WTF? Why aren't those off by default?

I can understand that you might want those settings on, so, turn them on. Why not start with a reasonably secure baseline, and allow the user to pick what they want? Don't go full on bunker isolation mode, you'd already be running Qubes OS if you wanted that, just sensible, reasonable, medium security.

After all the stuff I've changed since November 2025, zero users have complained, which means all the settings should have been restrictive by default.

I can kind of support the cost argument Windows Server is expensive, but it's also bloated, and slow. I can count on zero hands the number of times I've wanted a GUI on a server, zero. I want my servers to serve things, not spend resources on the server OS, and I really can't afford for the servers to update, and become unresponsive, which is a known and accepted issue on Windows. The other reality most servers run a Unix or Linux variant, if Windows was ready for the server room, it would have the server room, and it's failed.

It's more important to us, they understand the real-world risks, and decide based off that. We still need to discuss things, but ultimately at their age, they'll do what they want, and so the best course is to educate them.

Windows is an unstable, insecure cluster bleep of an operating system, we know this! There's a reason you don't use Windows on servers, or IoT, when things have to work. When it comes to the other points, Windows is a cybersecurity nightmare on steroids, for multiple reasons.

1. It's a general use OS meant for idiots who think there is a literal "any" key.
2. It's backwards compatible, which means it supports sloppy, messy, unprofessional, rush, hacked, amateur crap.
3. The design is functionally a mess, have you tried setting group policy? Have you tried locking down the kernel, or user space?
4. The updates are a gamble, can you risk running them?
5. It lacks a proper firewall subsystem.
6. It lacks proper domain isolation.
7. It's online first, and accept all connection is doomed to cause problems.

Do I have to keep going? I'm going to say this again, professionals don't use Windows. Windows is not a suitable operating system when you have to get work done, care, be production, or competent.

If you ask a Linux / Unix admin to lock down a server, dear lord, that thing will be locked tighter than a nun's nasty. It will be a tinfoil wrapped masterpiece of paranoid rejection, in all its glory and beauty. If you ask a Windows admin to lock down a server, in the best case there's a still a screen door slamming again the jam, and Microsoft has enough backdoors to mitigate any attempt.

Let's assume one of the daughters consented on the spot, they would know they had, and would just tell us, problem solved. There is a problem when you consider if a child should be able to consent, not from a legal standpoint, from an education standpoint. My daughters know the dangers, I live in cybersecurity, they haven't been spared from reality. They know when the picture goes up, it's up, you can't get it back, just assume it gone forever, to be misused by anyone for any reason.

I like the Seinfeld reference :) - Just assume you have no consent, from anyone, and seek it out every time. I know it would be a lot of work, and represent an amount of effort as to not make social media worthwhile, but, it saves you from any risk. If you have a list of emails from parents with a Yes / No, then you can show you had consent, and the issue later on is mitigated.

How's that messed up? The girls don't want their pictures sitting on a digital subscription-based frame, and I can't blame them. They've offered to be a still picture for her, but they don't want to be uploaded into the cloud for no reason. I also don't withhold her being able to come over, or stop us from going to see her, so there just isn't a good reason to submit to digital violation because my mother wants them to.

Fair points, if you know me well enough to know my daughters, you know them. There's a difference between knowing who they are, and being able to actively engage with them via social media through exploitation. Just knowing me isn't enough to know who they are, I don't even introduce them, they have to introduce themselves, I'll just keep them anonymous. You would have no idea if one of the girls here was my daughter or their friend, unless we're close enough you've been introduced, and to me that about the right level of separation.

Did my mom give consent to be ridiculed, no, but you also don't know who she is, and the point of brining that up was to show that I don't mind who you are. No one has the right to exploit another person, just because they want to, and I don't mind if you're my mother, grandmother, or wife, if the kids don't want pictures taken, then no picture gets taken. In the same context, if the girls want a picture taken, that's fine, but it's opt-in, not opt-out.

I'm not exploiting anyone for credibility, I'm simply pointing out that we need to have kids consent to some activities. When they were younger, they didn't get to consent over vaccinations, we made that call, but as teenagers, they do get that choice, and we won't override it because, consent is important. In the same regard, if they don't want to be on social media, that's their choice.

It's not simple, but it's also not complicated, just ask the student, and check with the parents. Our schools and board have Twitter, Instagram, and Facebook, and they actively post pictures of children to them. You could be standing in the hall, and have someone snap your picture, and up it goes. It could be a club, or a sport event, or even the teacher in class (holy bleep, another story). As you pointed out, the expectation of privacy in public is low, and I honestly can't object to having a public picture uploaded, to spite how I feel.

The issue in our case was a picture got taken in school, and uploaded to spite us having "blacklisted" social media. We get a form home every year, and we have the option to allow social media uploads of the children, or not. We always select "No", followed by a note (paraphrased): "Please check with the X, it's her call." Neither of my daughters want to be on social media, and we don't override that. The school has to respect that choice, what's the point of asking consent, teaching about consent, and then ignoring it outright?

Since now I'm thinking about it, there was a case in grade 5 where the teacher snapped a "fun photo" of the class, and the board uploaded it to Facebook. Two of the kids in class had protection orders from one of their parents, I think the mom (don't quote me on that), and the police found the photo accidentally within hours. They had to rush to get it removed, since it clearly identified the kids, and their location (thanks EXIF).