I’m not trying to pick a fight or anything, just doing my part to prevent the spread of disinformation and ignorance on the internet. The second paragraph in your comment shows you don’t understand these technologies at all, and I feel compelled to point it out for the benefit of people reading it, so they don’t come away misinformed.

There are no abstractions here. Containers use kernel features called “namespaces” and “cgroups” to isolate system resources and implement sand boxing. There’s no abstraction layer in the software engineering sense. You might be confused because containers look like virtual machines (which is by design), but they’re not that at all, they’re regular native system processes that just aren’t allowed to see each other. There’s nothing about this that is precluded by “cobbled together e-waste”, except maybe if you can’t install a modern-ish Linux kernel for some reason.

For some perspective, the exact same containerization technology is deployed in production on millions of Linux servers around the world every day. Every wasted second in those environment costs money, and they wouldn’t be used if they were “wasteful” or inefficient.

There’s a lot of misinfo online about Flatpaks and their disk usage. Yes, they include all their dependencies, but so do a lot of other devs who ship software on Linux (and some don’t even bother to statically link them) outside of a system package manager. The name for that is “vendored” libraries. Flatpaks however implement deduplication.

For anyone on the fence who is reading this, some important perspective to have is that, like many old communities, Linux has people who are stubborn/resistant to change. Sometimes that’s a good polocy, sometimes it’s not. In this case, it certainly is not. Look at the growing success of immutable distros (like Steam OS) for proof of that. Android and iOS have successfully deployed a similar model since day one. Linux can’t offer a stable API like win32 for various reasons, but it can do Flatpaks, which comes with the added benefit of secure sandboxing (which win32 lacks). It makes life easier for users, and makes it easier for devs to port their software to Linux.

It is the future.

Don’t knock it till you’ve tried it. History has shown that a system package manager is a very poor solution for distributing software. Anyone who disagrees has never been involved in shipping and/or supporting software on Linux. Nix tries to solve this one way, immutable distros solve it another (IMO much simpler) way.

You can still install software using a traditional package manager via podman or docker. Toolbox and Distrobox streamline this for the common shell use-case by automatically doing things like mounting your home directory, using host networking, etc so it looks/acts like a regular shell. Anything you install in the container works exactly as it would on the host, except you can completely wreck it without breaking your host (just don’t rm -rf your home directory, or anything shared)

Immutability is the future of the Linux desktop.

If any platform actually needs age verification, it’s Roblox. Fuck this “estimation” bullshit.

(I’m not the guy you original replied to btw)

I think I don’t need to be overly concerned with security like that, right?

There’s no way to know for sure, as each vulnerability is different. There could be bug that allows remote code execution, or something crazy like that. If you have ssh keys on your phone for accessing your personal infrastructure, I wouldn’t risk it. Even if you’re not someone worth targeting individually, bad actors try to exploit vulns en-mass to see what sticks. I’m sure you’re no stranger to random bots hitting your webservers looking for wp-admin endpoints 24/7.

I’m a software dev, not a security researcher, but my perspective gives me insight into how sloppy and irresponsibly most software is written these days. I sure as hell don’t trust <random-OEM>'s throwaway code written for yearly e-waste device #15

lmao this is a targeted campaign to fuck with you. Look at people in your circle of family/friends/acquaintances/enemies and you’ll find your suspect. Real viruses don’t do anything as remotely entertaining as this, they just steal your passwords/crypto/etc, ransomware your files, or turn your PC into a botnet for internet spam or mining.

Download a fresh install of debian, flash it onto a usb, and do a reinstall. Use different root/user passwords that you’re certain nobody knows, and ensure you lock the computer whenever you step away. Also, obviously, be careful with what software you’re installing.

Lol imagine getting filtered this hard, and publicly posting it. Some people have a humiliation fetish I guess.

MSVC redistributable dependencies are also a problem on Windows. If you try to run an app built with a version of the MSVC runtime that’s not installed on Windows, you’ll get an error telling you to install it. Microsoft doesn’t ship all possible versions of that with Windows, so users are on the hook to install it themselves (if it’s a big publisher though, they’ll typically include it as part of a installation wizard, and Steam handles it automatically behind the scenes).

make sure it’s compatible with other software you have

Not sure what you mean by this, as wine software is contained within a wine prefix. If you have dependency conflicts within a wine prefix, you can just create a separate one. Apps like Lutris make this easy to do via a GUI, and they even have community sourced installer scripts for well-known software that automates installing dependencies (like MSVC, fonts, or other bullshit you’d normally have to get through something like wine-tricks).

Lineage OS updates aren’t going to fix firmware vulnerabilities, which would need to be developed for each phone individually. That’s why guaranteed security updates from the OEM are so important, because they’re usually the only ones equipped to provide them. If you don’t care about security that much though, it’s a good way to save money and prevent the device from going to a landfill. At the very least, it could be used for gaming or some other low risk utility. I have an ancient LG G5 with LineageOS connected to a TV, which I only use for streaming video. I even blocked it from accessing the rest of my LAN just in case.

he will become hostile and defend his position until you either leave or he bans you from any community he has control over. I’ve been down that road a couple times.

Just proceed with caution.

So you hold a grudge because they banned you for something, and now you’re passive-aggressively spreading FUD, even as you recognize its superior security. What do you even mean by proceeding with caution? Be careful you don’t get banned from a chat server, or something more vague and nefarious? This kind of petty mud slinging is the bane of open source software’s existence everywhere.

Best secure Android experience. Certainly not the best from a usability standpoint, but I digress

Unrelated to the above, but what do you mean by this? Graphene is by far the most usable custom ROM I have ever used. Everything just works out of the box, including Google Play and banking apps (at least the ones I use) without compromising on privacy or security. The only times I’ve encountered a broken app, I could always fix them by disabling the hardened allocator for that app in the app info dialog, which does technically compromise security a little, but is a low risk trade off in most cases.

Definitely GrapheneOS. It’s the best Android experience you can have right now, hands down. Better than stock Android, and it may not be around forever. Take advantage while you can. $500 is a small price to pay for the peace of mind.

Nah, nobody gave a shit about privacy back then, just like they don’t give a shit about it today. The problem was just that most people “understood” what spy glasses were because they’d seen them in movies, and the media just stoked the flames of controversy because it led to easy clicks.

Walking into a public bathroom with glasses like that on your face seems creepier than walking in with a phone in your hand, even though it’s much easier to discretely record with the phone (and in much higher quality).

Although Meta’s case is different. If I see someone with those glasses on, I may give the individual the benefit of the doubt and trust that they’re not recording me, but I sure as shit am not giving Meta the benefit of the doubt and trusting that they’re not going to record without the user’s knowledge/consent. They wouldn’t let a chance to capture free data pass them by.

With old hardware, beggars can’t be choosers. I get the appeal of the nouveau driver, but if your goal is to save a machine from the landfill, it’s probably the better compromise to use the proprietary driver and keep it actually competitive for as long as possible. Those 900/1000 series cards are still plenty powerful today, even if they can’t quite do AAA gaming anymore.

Bazzite. Every other recommendation is wrong.

Bazzite is “immutable”. What that basically means is that you won’t be able to break it even if you try. And if it does break somehow (for example, because of a bad update), you can fix it by doing a rollback, which is literally a one-line command: sudo rpm-ostree rollback

Sure, there are other immutable distros out there, but Bazzite is probably the most popular right now, and it ships with Nvidia drivers so it’s ready to go for 99% of people with no changes necessary.

As a former glasshole, I’m being retraumatized all over again.

Google Glass did nothing wrong!

Software. It’s a phone that can’t make phone calls, with a camera that can’t take pictures. It doesn’t matter if some coding genius manages to port Crysis to it, if the phone can’t phone, it’s DOA.