Yes, but there is something important to remember.

By default, most Linux installs put there kernels in /boot, which is not on the btrfs partition. This is not an issue on distros that keep multiple kernel versions, but it can cause issues on distros that only provide one kernel version (Arch and Arch based distros).

Because the kernels are not stored on the btrfs partition, they are not restored by btrfs snapshots. And if the rest of the system, including kernel modules, are a mismatched version due to restoration, then it means your system is unbootable.

A simpler fix is to install ArchLinux’s linux-tls package, which is the stable version of Linux that doesn’t update constantly.

But what I do to get around this, I put /boot on the btrfs partition, and /boot/efi is the seperate efi partition where grub is installed. Then, kernels are restored when I restore a snapshot.

https://training.play-with-docker.com/

This is an interactive, guided docker course in your browser.

Of course, docker is easy to install and use on a Linux system.

I would say the big thing that might give you trouble is not the init system, but NetworkManager. NetworkManager is the… network management software (wow who woulda guessed?) used on desktop linux distros.

People have many criticisms of it, that are similar to criticisms applied to systemd (it’s also Red Hat software), so I see my friends switching to iwd, wpa_supplicant, or other alternatives when trying something other than systemd as well.

It gives them a lot of pain. None of the other alternatives are as reliable as NetworkManager when it comes to connecting to Wifi. Switching away from Systemd shouldn’t be too hard, but NetworkManager is much tougher to give up. Thankfully, you can run NetworkManager on non-systemd setups.

Debian repos are basically guaranteed safe: https://programming.dev/comment/22863237

Flathub is much, much safer than say, the google play store, but it ultimately does follow a model of app developers submitting packages which get reviewed and approved. In theory, someone could sneak malware past that, although there haven’t been any incidents (perhaps flathub’s review is very effective?). But the snap store, which follows a similar model has had malware. But canonical hasn’t been the best steward of that one.

In addition to this, not all stuff on flathub is open source, which is definitely concerning.

Thankfully, flatpak has a built in sandboxing system, which lets you limit what the appps have access to. KDE has a UI for it, and there is also the GUI app flatseal.

malicious code does occasionally sneak into Debian distributed apps

Do you have an example of this? The xz utils backdoor did not make it into debian stable, only unstable.

Debian stable essentially forks every package, maintaining a custom codebase. They then cherry pick security updates only (ignoring feature updates or minor bugfixes), and applying those. This makes it extraordinarily resilient to any form of supply chain attack.

Flatpak’s show up in discover, and aren’t by the distro. Usually it’s flathub.

https://en.wikipedia.org/wiki/Shadow_IT

If you use kde, you can search for “profile manager”, and it will show up, and can be launched from the app menu.

At least works for me. Before this was added, the KDE search/app menu also lets you run commands directly, so I would just run firefox -p in there. No need for a terminal.

It’s codeberg pages… It is generated directly from codeberg, which has doesn’t allow private repos.

Source code: https://codeberg.org/purpleweb/Riddles_0-385_App

Seems to be the case:

https://github.com/anyproto/anytype-ts?tab=License-1-ov-file#readme

https://github.com/anyproto/anytype-kotlin?tab=License-1-ov-file#readme

The sync server is MIT though: https://github.com/anyproto/any-sync?tab=MIT-1-ov-file#readme

Interesting.

Surely everyone not using cloud hosting sticks some sort of router/firewall at the edge and runs the VPS inside with port forwarding?

I would really like to see a setup guide for this. Because if you are throwing a VPS up, they usually just give you a public ip address. I don’t really know how you would put a router/firewall in front.

I spun up a test, and it doesn’t let you edit encrypted notes :(. It’s so nice though, I might be willing to give it up e2ee for less sensitive data.

Mindustry (open source)

No, because proton is not Windows. Wine only works on Linux, so it’s actually a Linux platform. I consider every developer/publisher who targets proton to actually be targeting Linux, rather than windows. Every single time a windows update breaks something that continues to work on proton I laugh

See also: https://steamcommunity.com/app/221410/discussions/8/1734336452576620754/?l=czech

Yes but the steam runtime is basically an entire Linux installation (that never gets updated) that valve drags onto your system. I found it greatly annoying when I wanted to use Steam Input (because that would make Nintendo Switch pro controllers work) on a laptop with 32 gb of storage and steam dragged along 4 gb of ubuntu that I was never going to touch (since I was playing games outside of steam using wine directly).

The problem is that real dumb phones are hard to find. Many modern “dumb phones” are actually full android devices, complete with a boatload of spyware that helps keep the cost of the device itself low.

KaiOS is better but that’s a whole linux distro, with similar issues.

Since you mentioned tethering, do you have an example of a non android (or at least one that’s not preloaded with a ton of spyware) dumbphone that supports usb tethering? I am skeptical that a real dumbphone would have this feature.

Syncthing has encryption as well. You can have a device be “untrusted” so you put in an encryption password, and data sent to and stored on that device will be encrypted.

Although this does encrypt file (and directory) names, the caveats about folder structure and modification time still apply.

Openbsd is definitely more secure than secureblue. There is only so much you can do to handle the massive monolithic architecture of the Linux kernel. Further down the stack, many parts of Linux, like sudo, dbus, or systemd are regularly hit by zero days. The SELinux domain architecture that Secureblue is interesting, but SELinux is extremely complex and difficult to get right, compared to the much more simpler pledge and unveil sandboxing that openbsd offers.

In addition to that, there are further issues like the problematic way that user namespaces interact with browsers. (And user namespaces are frustrating in general, secureblue actually has a short article on their problems). For maximum security, you want to sandbox tabs from eachother using user namespaces (only works on chromium btw, firefox can’t do this so it doesn’t matter) — BUT, if you run your browser in a sanbox created by user namespaces, then you can’t nest them, disallowing you from using that powerful tool to isolate tabs. So you are forced to make a choice: You can either sandbox the browser itself, in exchange for weakening the isolation between tabs, or you can strengthen the isolation between tabs, in exchange for weaking the sandbox around the browser itself. Giving the browser access to user namespaces is questionable though, because see above, user namespaces have led to a lot of vulnerabilities.

OpenBSD’s pledge + unveil (but only on chromium again), does not really make such tradeoffs. It can sandbox tabs from eachother, while also sandboxing the browser itself. In addition to that, pledge + unveil do not present a massive kernel attack surface that people have had to restrict for having too many 0days. And this is just one of the many, many examples, where OpenBSD presents a better security posture than Linux.

Qubes is technically Xen, a different kernel than Linux. The Xen kernel virtualizes Linux distros, from which you can manage Qubes/Xen, or do normal Linux app stuff. But nothing stops you from using a BSD virtualized by Xen for management or usage. Qubes talks about why they use Xen here — but the short version is that they did not consider the Linux kernel’s kvm secure enough for their usecase.

FreeBSD, OpenBSD and NetBSD are behind Linux.

Look, I dislike permissive licenses too, but you need a source to back this claim up.

Right now, each BSD does something special, that Linux (distro’s) can’t trivially replace, even if the usecase is more niche. NetBSD Dev’s make efforts to get it running on many devices as they can. OpenBSD (and it’s subprojects) are highly secure, moreso than Linux. Who do you think makes our beloved OpenSSH? OpenSSH noted for having very few vulnerabilities over it’s two decade long existence, and OpenBSD itself is similar, which is insane because there are products with multiple bad vulnerabilities every year (Linux being one of them…). This is due to a highly security minded architecture - one that Linux lacks.

FreeBSD is like Linux before systemd. I like systemd, but systemd is really trying to be kubernetes on a single node. I like systemd because I like kubernetes, but I understand why someone wouldn’t like it, and I question if “single node k8s” is the best architecture for a single server or personal desktop. The ports system results in freebsd packaging many server services that aren’t packaged on Linux. Being able to manage those through the system package manager, and the conviniences that provides, is nice.

Different, and not popular don’t mean bad.

This is technically yaml I think, a list (with one entry) of lists that contains mostly single items but also one other list. You should be able to parse this with a yaml parser like pythons built in one.

Note that yaml is picky abiut the syntax though, so it wouldn’t be able to handle deviations.