I think one puzzle piece of improvement is flatpak:

• It has a verification system, such that users can see which apps are packaged by their developers. For those apps, this eliminates the need to trust a separate maintainer entirely
• It targets almost all linux distributions with a single package. This cuts down the packaging effort for covering the majority of the linux landscape so much, that the number of package maintainers required to be trusted collapses - in the ideal case to just the developers themselves as in the first bullet point
• It makes use of sandboxing, so in case of a malicious app it (in theory) only has access to the stuff the user gave it permission to.

In reality there’s a plethora of problems obviously:

• verified apps are the minority
• some people don’t like the additional storage needed for runtimes (although the more flatpaks you use the more runtimes can be shared and its overall impact gets smaller)
• A lot of apps do not yet use all the portals, and require the classical full access to the system to work properly (in some cases the user can still remove some permission if certain features of the application are not needed by them though). This is just a question of ongoing development work, and hopefully we reach a point in the near future where a flatpak app without tied down permissions raises eyebrows

I wholeheartedly agree, yet this is the same for stuff like the AUR, every PPA, or even just blindly copy & pasting inductions from some blog - all of which are very popular. (Just to name some examples that are closer to what op wants to do).

I still wouldn’t use scripts from a random dump site because they are just likely to mess up the os with junk and cruft that will be there forever. But fundamentally from a security point of few its not necessarily worse than what many are doing - simply because it doesn’t get worse than blindly executing stuff from sources missing the reputation to justify trusting them.

Because the seemingly great choice of Webbrowsers in reality boils down to a risky monoculture of chromium (/its webengine). The only real alternative is Firefox/Blink. Risky, because the main driver behind Chrome-/ium (Google) is not acting on behalf of the public interest towards a free, open and privacy preserving internet. Instead they’re working on a privacy exploiting one that gets locked down using DRM technologies. Them being a vendor of major parts of the internet as well as the browser to use it makes this a lethal combination. Firefox will definitely exist for as long as Google exists, because its their tool to defy claims of a monopoly, but they will do everything to keep it the small and mostly irrelevant “competitor” it is currently. Therefore, stand against Googles evil play and help Mozilla to gain some actual indipendence and leverage for keeping the internet free (as in freedom), open and privacy preserving.

There’s softmaker office, it’s from a german company: https://www.softmaker.com/en/products/softmaker-office

Have you taken care about the calendar in flatpak having access to the evolution data server in the distrobox?

You can install silverblue, and then rebase to ublue ( https://universal-blue.org/ ). Specifically to the “silverblue-nvidia” variant, and you should get a nice silverblue experience without any of the nvidia struggles, as people at the ublue project take care of that stuff for you.

And yes, distrobox is the goto solution to run stuff that is basically ubuntu-only, or by extension bound to any distro variant / version and not flatpak. This includes graphical applications. Distrobox works great, I do all my work in it.

For me it would be open-ness and through that privacy. The dream device would be some mobile convertible with the repairibility of framework, that is completely free and open source hardware and software. Like powered by risc-v, with some future open gpu, and every (storage-/keyboard-/touchpad-/touchscreen-/battery-/network-/wifi-/ etc) controller on it being risc-v and running open firmware as well. Just such that for every byte being processed in this device you could pin down the piece of circuit and line of code that makes it so. In terms of linux some future version of gnome on a immutable distro with flatpaks that have very tied down permissions would be a nice future to me.

And I think overall many aspects of this are moving in that direction. The biggest roadblock is probably a truly open gpu, and then highly integrated controllers like for storage.

It takes time, as it all is under heavy development. Just since very recently there are risc v sbc available that can run linux - before it was pretty much microcontrollers only. Be patient :)

Choose a font and size, then do screenshots of the same word on kde and gnome. Then open gimp, put each screenshot in a layer, align them and make it show the difference. Then you objectively know if and how they’re different

The most unfortunate of which for me is remote development. So convenient, nothing compares :(

Haha are you serious? In that case nothing short of full disk encryption and secure boot with your own keys is remotely adequate. Do you realize, that just encrypting your /home is at most a mild obscurity measure? If an attacker has potentially access to your computer and parts of it are unencrypted or unsigned, they could easily install a keylogger that sends out your data and/or password the next time you use your computer?!

If your situation is not just a psychological case of paranoia, but a real threat, then you absolutely need to work on your security knowledge a good amount!

The parties that want or need this kind of long term support are companies for the most part, which could very well crowdfund the personell to carry out these backports.The issue is not the absence of maintainers, it is the absence of awareness for crucial foundations by which these commercial entities live of.

Uhhh typst looks hot, that one I need to give a spin, thanks!

Use a systemd-service + systemd-timer. You can then run “systemctl start myjob.service” to check that it runs as you expect. If it works “systemctl enable --now myjob.timer” to kick it off as scheduled

I think problems that turn up with time are also things like dependencies moving on, people with a slightly different setup which unfortunately breaks the thing or at least surfaces bugs, or that the author doesn’t even use the software anymore because it was hardware specific and they have other hardware now etc… Yes they are not obliged to anything, that’s what I think too. I was more thinking in the direction of taking some precautionary measure that makes the project stay more useful (and maybe more maintained) when the original author has long abandoned it.

Ahhh that looks very interesting! It seems to commit on actuall maintaining the projects that make it in there, hence of course trying to keep the number small and only letting relevant high quality projects in. That’s of course more than gifting ownership of a project to the public for somebody to grab, but a rather nice concept nontheless!

I like your second point, and already started polishing the thing more than I would have for just my own purposes. It’s a good way to make it easier for somebody to take it on in the future. And it’s also a measure that the original creator more likely has the will to implement while focusing on building the thing, i.e. before they moved on to other things. Also for my current project I try to keep it simple. It may not be the prettiest, most configurable or universal tool. But it has a short code and minimal dependencies. Thank you for your comment, that made me think about how traits like this can become very valuable for others.

Your first point I do anyways, and the third I’m not sure about yet. Maybe documenting such things as issues preserves them decently.

The learning curve of NixOS is also what keeps me from trying it out, hence I prefer the “take it or leave it” mantra of the immutable fedoras, and try to keep the amount of packages I have rpm-ostree layer on top minimal.

As for Distrobox, yes there’s ways it can fail, altough that happened rarely to me. What happens mostly is that the distro inside distrobox goes kaput because that’s just what mutable distros beared with a plethora of questionable tooling installed with “curl something | bash” does. But for me that’s the point of distrobox: separate all that shady cruft one may need for work/developing/etc from the host os. It’s a place for messing about without messing up the computer and with it the bits that need to keep working

In my experience, not pushing it makes them want to try it themselves at some point. I guess you need to take care of their computer frequently enough, and are probably annoyed by Windows shitting its pants every time again. Don’t make any drama out of it, just point out how ridiculous it is that Microsoft cannot manage to build something that allows running two simple programs without breaking or nagging the user so often. They know that you use something else with which you’re happy with, and at some point they will become curious and ask wheter they can have it too. At that point do not promise much, say that it works a lot better but is also a lot different and sometimes a bit quirky. Do not rush it now, let them simmer in their curiousity. At a fitting occasion tell them very briefly about foss and how it is not a closed thing pushed by a corporation onto individuals to funnel data. When they ask if they can try it, tell them they can but it takes a bit of getting used to. Buy a new SSD, and safely store the previous storage in a anti static bag, exclaiming that everything is on there and cannot get lost due to linux. Set everything up with a dead easy DE, give clear tour of how stuff works. With this tactic, they want to get it to work by themselves, and are prepared to learn that some things work differently. It becomes an adventure that is totally revertable if it doesn’t work out. In contrast to when you want to force the change and they use everything as a reason to be unhappy about it.

I don’t know to what extent you got molested by the prophets of immutable distros yet, but I can only recommend to join the cult. Install Fedora IoT (or CoreOS) and simply know that you’ll get a working container host (powered by podman) with every update. The whole discussion about which distro might survive whatever massacre the respective package manager commits next becomes superflous: You simply get the next image that was built upstream solely to serve containers. The whole package-udpating-shengiangs is done by other people for you, you only collect the sweet result. The only “downside” is that one has to become familiar with containers, but since you run docker already that should work out. Also for stuff like tinkering with the latest tools, just put those in a distrobox. That way they are indipendent from your solid container host, and you can mess them up in whatevery way you fancy and dispose them without any traces left behind.

Edit: To give one more example why this is awesome: It wouldn’t even matter which one you install, you can just rebase to the other (IoT lives in the fedora-iot remote. silverblue, coreos and the others in the fedora remote. Just for anybody who might be confused by only looking at ostree remote refs fedora)