Thanks, I’ve been trying to get a Tumbleweed installation running today but a few critical cross platform programs made for Ubuntu/Fedora won’t run. I don’t like the ad/telemetry direction Canonical has taken Ubuntu into, I may try Debian.

Oh that makes sense, thanks.

Thanks, I found this but there doesn’t appear to be much activity. Is there anything you would recommend? It seems like OpenSUSE updates so much that a hardened kernel would break a lot.

I’d say about half of what I do is command-line (VMs, host OS being Windows). I am liking tumbleweed but I need to actually install it to see how it plays with my graphics card.

Since they’re new to me, how easy can/how often are malicious flatpaks introduced to the ecosystem and are they vetted somehow? It’s my understanding (at least for docker) that they aren’t virtualized so they share kernel functionality meaning any image is just a priv esc away from moving outside the container.

Thank you, I’ll read up on this more. My main concern is long-term usability (I ended up switching back to windows because an update would completely break the system and no amount of searching could fix it in an afternoon). This would happen every 6 months at least. So that sounds nice.

Thanks for the reply. Why no Debian stable with KDE… which part doesn’t play nicely with nvidia (Debian or KDE?)

I already use VPNs/for for 99% of my daily browsing/activities on my personal PCs, is there a higher chance of account lockout with VPNs on linux besides a few services like Netflix?

Thanks for the reply. Unfortunately it seems things haven’t changed much in the last decade as far as hardening is concerned, seems like you have to come from an infosec background and constantly read log files or set up new yara rules (or have some software do it which comes with its own set of concerns). I was recently under the impression that docker images were virtualized until I learned they’re free to break out at any time with kernel vulnerabilities which are much more numerous than hypervisor escapes, so it doesn’t surprise me there are issues with flatpaks/bubblewrap/firejail. Sandboxing solutions seem much more mature on Windows unfortunately, with both Sandboxie/Windows Sandbox and Kaspersky (I know) having their own versions of scope-specific apps and limits. But I think I have a lot more reading to do before assuming.