As a moderately technical person with an extremely good understanding of computers AND an extremely good understanding of the things that nontechnical people find frustrating about computers, it is always just a little exhausting to finish making a specific recommendation to a nontechnical person only to have people who are extremely technical and extremely bad at understanding the things that nontechnical people find frustrating about computers come in and make a recommendation that will require more effort and expense on the part of the nontechnical person or are literally exactly the opposite of what the nontechnical person is asking for because the technical respondent didn't understand what the nontechnical person was saying.
"My sister has had an expensive gaming machine and didn't use it and doesn't use it now but might do some light gaming stuff at an indeterminate point in the future and is currently using my personal laptop to do basic web browsing, I'm trying to ensure that my sister can keep doing web browsing but whenever I ask my friends for advice they start at a high price point and the people I know who have purchased used equipment have bad experiences with it that I'm not interested in duplicating; is it possible to get an inexpensive computer that will accomplish what I'm looking for here without it turning into a time suck because I'm not particularly good at computers?" is not what someone says when they want you to start speccing out a machine that requires a graphics card that costs as much as the machine that they actually need. The question was not "can you find me a less expensive gaming machine?" it was "is there such a thing as an affordable non-garbage machine my sister can use to look at Ao3 or are my choices 'used office machine old enough to have a driver's license,' 'cheap-but-trash machine that will have to be replaced annually,' or 'gaming rig that costs as much as a car'?"
It's like when people ask me for advice on improving their online security and privacy because their data was revealed in a breach and I talk about using bitwarden and protonmail and basic degoogling and then other people pop into the comments to recommend installing linux, buying a burner phone, and self-hosting an encrypted server.
I get where you're coming from here, almost everybody CAN become technical if they want to, but most people who are not CURRENTLY technical can't generally become technical in the timeframe that they would need to in order to manage whatever problem they're having.
If someone is saying "My friends insist the only bread I can eat is fresh-made croissants from a boutique patisserie, and my dad only eats stale wonderbread, is there something other than that out there that I can have for lunch?" the answer isn't "you should start making sourdough, everyone can learn to bake."
One of the things that happened with my start-to-failure linux stream the other day is I was looking up the steps for how to verify the checksum for an ISO file in Windows (because I always forget how to) so that I could trust the file that I downloaded was safe to install. The file that was the download of Ubuntu Studio. Which is, to be clear, linux.
So I search for information about how to do checksum bullshit in Windows and the instructions I come to from the Ubuntu site say "If you aren't using linux on windows, why on earth not? You should do this by installing linux."
THAT IS THE THING THAT I AM TRYING TO DO I NEED AN INSTRUCTION FOR HOW TO DO A STEP IN THE OS THAT I AM CURRENTLY USING SO THAT I CAN INSTALL LINUX.
Seriously, follow some links with me. From the link above to this:
From that to releases:
From the release download you can get info on how to burn the images to disk:
Which tells you that you need to verify the image:
and then links you for info on how to do that in Linux!!!!!
THIS CHASES NON-TECHNICAL PEOPLE AWAY. THIS IS WHY NON-TECHNICAL PEOPLE THINK LINUX IS SCARY. BECAUSE WE GO 'OH NO YOU HAVE TO VERIFY YOUR DOWNLOAD IT'S A VITAL SECURITY STEP' and then the non-technical people go "Okay how do I do that" and the instructions say "Why aren't you already using linux, dipshit?"
THIS IS POOR TECH COMMUNICATION. NERDS, I LOVE YOU BUT THIS IS WHY PEOPLE USE FUCKING WINDOWS WINDOWS SUCKS BUT IT DOESN'T MAKE FUN OF THEM FOR USING WINDOWS.
Ok, I'm having a bit of a conniption. LINUX NERDS WHAT ARE WE DOING?
I read this and was like... I'm sure there is a way to do this in windows, its been a while since I've used windows, but I'm sure that its a pretty straight forward thing...
And yeah, it is. There is a microsoft learn article about how to do it in powershell
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-7.5
This is not a friendly article for the non-technically literate, but instead of making some snarky joke the ubuntu documentation should have step by step instructions for how to do the process in that article!!!
Oh my god.
There's actually an even easier way to do it that I'm going to document on the linux install page of my site, but yeah the whole reason I'm doing this is because I do want people to use Linux and i want to provide tools and instructions that are written for people who get stressed out setting up windows profiles, not people who are confident while navigating github.
Oi, that is awful documentation there, particularly since it’s Ubuntu, who bill themselves as a good introduction to Linux.
But also, I’m wondering if advising people to verify signatures in general is necessary at this point? I mean:
- The download is going to be over HTTPS, so your browser and OS are verifying the authenticity of who you’re communicating with (so a man-in-the-middle is unlikely unless you or they are already compromised) and performing checks on data integrity so data corruption is unlikely.
- If an attacker can make your download click on ubuntu.com serve up a compromised file, what’s to stop them from making your “verify” click serve up a compromised checksum that matches the file?
- …Actually, holy shit, the how-to-verify tutorial links specifically to “http://releases.ubuntu.com”, which has an HTML redirect to “https://”, but a MitM attacker would likely serve up a page without that redirect, negating point 1. Holy shit, why
