Security is an insanely broad topic. As an average desktop user, keep your system up to date, and don’t run random programs from untrusted sources (most of the internet). This will cover almost everyones needs. For laptops, I’d recommend enabling drive encryption during installation, though note that data recovery is harder with it enabled.

“jellyfin isn’t immune to security incidents”

Well, no software is. The difference is that Plex just leaked data of all their users, where Jellyfin can’t, because they don’t have this data.

IRC does not have any federation, and XMPP does it in a completely different way from Matrix that has unique pros and cons.

IRC is designed for you to connect to a specific server, with an account on that server, to talk to other people on that server. There is no federation, you cannot talk to oftc from libera.chat. Alongside that, with mobile devices being so common, you’d need to get people to host their own bouncer, or host one for nearly everyone on your network.

XMPP federation conceptually has one major difference compared to Matrix: XMPP rooms are owned by the server that created them, whereas Matrix rooms are equally “owned” by everyone participating in it, with the only deciding factor being which users have administrator permissions.

This makes for better (and easier) scaling on XMPP, so rooms with 50k people isn’t that big of an issue for any users in that room. However, if the server owning the room goes down, the whole room is down, and nobody can chat. See Google Talk dropping XMPP federation after making a mess of most client and server implementations.

On Matrix, scaling is a much bigger issue, as everyone connects with everyone else. Your single-person homeserver has to talk with every other homeserver you interact with. If you join a lot of big rooms, this adds up, and takes a lot of resources. However, when a homeserver goes down, only the people on that homeserver are affected, not the rooms. Just recently, matrix.org had some trouble with their database going down. Although it was a bit quieter than usual, I only properly noticed when it was explicitly mentioned in chat by someone else. My service was not interrupted, as I host my own homeserver.

The Matrix method of federation definitely comes with some issues, some conceptually, and some from the implementation. However, a single entity cannot take down the federated Matrix network, even when taking down the most used homeservers. XMPP is effectively killed off by doing the same.

GNOME devs simply can’t “tolerate” SSD, and force CSD in every scenario for GTK4. My machines running Wayland only have CSD for fully custom apps (like Steam) and every GTK4 app.

To answer the question in the title: No, because these systems inherently have different architecture. Something like OpenBSD (the OS) is relatively self-contained. Linux distributions have system components that are externally developed, but a user might rely upon.

What exactly is the “problem” you have with Linux package managers? It’s specifically extra complexity to separate “system” and “packages”. This works well for *BSDs that often develop the entire OS themselves, but would pose extra challenges for Linux distributions, where the line between “OS” and “user installed package” is much more blurred.

This type of shit happens if you intentionally mess up your own system (or use Manjaro). pacman requires extra confirmation (instructions only found in its man page) before even allowing you to delete bash (base requires it). bash has also never been replaced, and even if you deleted it, it would still be loaded in RAM. Even still, if you deleted it and immediately rebooted, it would be a quick fix for anyone familiar with the distribution they’re using, and would not require reinstalling the whole thing.

Since lowercase y as an option to uppercase S already exists to update the database, --noconfirm exists to continue without user confirmation.

Yes. -Syyu is for “Sync (repository action), database update (forced), upgrade packages”, in that order (though the flags don’t have to be). Doubling a lowercase character like yy or uu is to force the operation. yy in particular shouldn’t be needed, as it only overrides the “is your database recent” check. Unless you’re updating more than every 5 minutes, using a single y is perfectly fine.

Being able to choose the OS and kernel is also important. I would not want my hypervisor machine to load GPU kernel modules, especially not on an older LTS kernel (which often don’t support the latest hardware). Passing the GPU to a VM ensures stability of the host machine, with the flexibility to choose whatever kernel I need for specific hardware. This alongside running entirely different OSes (like *BSD, Windows :(, etc) is pretty useful for some services.

Same here, though more out of lack of control over the host. Libvirt works on basically any distro, and you can easily configure whatever Linux distro you like best for running it. I can’t configure my boot process the way I want on Proxmox (at least not without learning/sidestepping its “convenience” tools/setup).

Looking at this, I’d personally delete both EFI and boot partitions, then remake them with the EFI partition significantly smaller (it should not exceed >100MB used). I have no idea what issues this would cause on Debian, and what specific configuration needs to be changed/updated. I’d guess you need to change the fstab entries, remake the initrds, and reinstall/reconfigure the bootloader.

Any manual messing with partitions, especially rootfs/boot/efi, can easily lead to a broken system. The fix will not be a simple procedure.

As you’re considering messing with your rootfs, I’m going to assume you have a backup. It’ll be significantly easier for you to wipe everything, install fresh new Debian, and copy your personal files over to the new installation.

sudo systemctl status shows you what services are running, sudo systemctl list-units lists everything, including the services that failed. sudo systemctl status gdm.service shows you the status of one service in particular, and sudo journalctl -u gdm.service shows the output/logs of that service.

There’s a decent chance something is not starting due to misconfiguration. I’m guessing GDM based on previous comments. You can also check /var/log/pacman.log (make sure to save a copy, just in case), to see what packages changed/updated.

If you think it’s a pacman issue somehow, you can reinstall your entire system (excluding AUR or self-made PKGBUILDs). Note that this is almost never required to fix an issue. In a properly working system this “shouldn’t harm anything”, but nothing can be guaranteed on a broken system. The command for that is sudo pacman -S $(pacman -Qqn)

had to find and get the dependencies by myself

Luckily, Linux has evolved in the past 30 years. A package manager (one usually comes with your system, like apt, dnf, pacman) will handle almost all direct dependencies for you. When installing Steam, you may be asked which 32-bit Vulkan library you want to install, but aside from that it should get everything automatically. (Hint: vulkan-radeon on AMD, otherwise pick the one for your GPU brand)

Managing and “maintaining” (updating, sometimes cleaning) an Arch Linux installation is definitely more involved than what you are used to on Windows or the Steam Deck. Some people prefer this workflow, as it offers more control over their system. Others prefer an already set up and maintained environment.

Bazzite is a very SteamOS-like experience. You click update once in a while, and shouldn’t have to touch anything else internal to the system. You get Steam and Flatpaks out of the box.

Since Linux gives everyone the freedom to do things the way they want, there will always be people shitting on a specific way to do things. There are definitely good reasons to dislike certain software, but generally you should be just fine. Just because someone thinks their way of doing things is better doesn’t mean you should immediately switch to that.

That being said, the main downside of Steam in a flatpak is the sandboxing possibly getting in the way of modding your games, or games that use unique hardware (like steering wheels or so). steam (pacman package) does not have those specific issues, but it lacks sandboxing (aside from Steam’s pressure vessel for games).

You can continue with Arch if you want, and there’s certainly good resources to learn (like the wiki) or get help (like the IRC or Matrix rooms). It will require you to learn about how to actually set up and configure your Linux installation the way you prefer. Other distros (usually marketed as “user friendly”), like Fedora, Bazzite, Mint, will automatically perform or set up some of the maintenance you’d have to do manually on Arch.

Yeah but that’s not limited to physical DVD size constraints.

No, it’d still be a problem; every diff between commits is expensive to render to web, even if “only one company” is scraping it, “only one time”. Many of these applications are designed for humans, not scrapers.

The main issue is UX imo. On Windows 11, it’s “5 clicks”, but you have to open the settings app and find the setting two submenus deep. On KDE, it’s right click > configure application launcher > toggle setting > apply.

I was very annoyed when I got this, but remembered that it’s KDE, and turning it off is 4 clicks. Proprietary software often doesn’t allow you to turn this off (easily). Windows has this “feature”, where is the setting?

I don’t think it’s a productive “feature”, but considering it can be turned off so easily I don’t consider it a complete showstopper.

Scrapers can send these challenges off to dedicated GPU farms or even FPGAs, which are an order of magnitude faster and more efficient.

Lets assume for the sake of argument, an AI scraper company actually attempted this. They don’t, but lets assume it anyway.

The next Anubis release could include (for example), SHA256 instead of SHA1. This would be a simple, and basically transparent update for admins and end users. The AI company that invested into offloading the PoW to somewhere more efficient now has to spend significantly more resources changing their implementation than what it took for the devs and users of Anubis.

Yes, it technically remains a game of “cat and mouse”, but heavily stacked against the cat. One step for Anubis is 2000 steps for a company reimplementing its client in more efficient hardware. Most of the Anubis changes can even be done without impacting the end users at all. That’s a game AI companies aren’t willing to play, because they’ve basically already lost. It doesn’t really matter how “efficient” the implementation is, if it can be rendered unusable by a small Anubis update.

Someone making an argument like that clearly does not understand the situation. Just 4 years ago, a robots.txt was enough to keep most bots away, and hosting personal git on the web required very little resources. With AI companies actively profiting off stealing everything, a robots.txt doesn’t mean anything. Now, even a relatively small git web host takes an insane amount of resources. I’d know - I host a Forgejo instance. Caching doesn’t matter, because diffs berween two random commits are likely unique. Ratelimiting doesn’t matter, they will use different IP (ranges) and user agents. It would also heavily impact actual users “because the site is busy”.

A proof-of-work solution like Anubis is the best we have currently. The least possible impact to end users, while keeping most (if not all) AI scrapers off the site.

“Yes”, for any bits the user sees. The frontend UI can be behind Anubis without issues. The API, including both user and federation, cannot. We expect “bots” to use an API, so you can’t put human verification in front of it. These "bots* also include applications that aren’t aware of Anubis, or unable to pass it, like all third party Lemmy apps.

That does stop almost all generic AI scraping, though it does not prevent targeted abuse.