I think part of what you’re missing may be a set of very old assumptions about where the danger is coming from.

Linux was modeled after UNIX, and much of its core software was ported from other UNIX versions, or at least written in imitation of their utilities. UNIX was designed to be installed on large pre-Internet multi-user mainframe+dumb terminal systems in industry or post-secondary education. So there’s an underlying assumption that a system is likely to have multiple human users, most of whom are not involved in maintaining the system, some of whom may be hostile to each other or to the owner of the system (think student pranks or disgruntled employees), and they all log in at once. Under those circumstances, users need to be protected from each other, and the system needs to be protected from malicious users. That’s where the system of user and root passwords is coming from: it’s trying to deal with an internal threat model, although separating some software into its own accounts also allows the system to be deployed against external threats. Over the years, other things have been layered on top of the base model, but if you scratch the paint off, you’ll find it there underneath.

Windows, on the other hand, was built for PCs, and more or less assumes that only one user can be logged in to a machine at a time. Windows security is concerned almost entirely with external threats: viruses and other malware, remote access, etc. User-versus-user situations are a very minor concern. It’s also a much more recent creation—Windows had essentially no security until the Internet had become well-established and Microsoft’s poor early choices about macros and scripts came back to bite them on the buttocks.

So it isn’t so much that one is more secure than the other as that they started with different threat models and come from different periods of computing history.

Gentoo normally keeps arches for as long as the kernel still supports them, although package testing for some of the rarer ones may be limited. 32-bit Intel is still treated as a major arch and receives the full set of tests and package stabilizations.

Your worst problem is going to be web browsers. Chrome and derivatives don’t run on 32-bit, and Firefox is supposed to be dropping support. If Seamonkey follows Firefox, that leaves you with Pale Moon as the only reasonably maintained option.

Well, Apple hardware is a bit of a footgun in general. It isn’t in their best interests for people to repurpose their old hardware (they want you to buy shiny new hardware and make them money), so they don’t exactly go out of their way to make it easy. Driver availability outside their software ecosystem simply doesn’t enter into consideration when they’re designing a product. Nor does the ability to swap out a component for something with a different chipset. They’ve been that way since the mid-1980s.

I think you’re using obsolete closed-source drivers that require external patches for each new kernel version. So the situation is entirely Broadcom’s fault.

From the Gentoo ebuild for broadcom-sta:

If you are stuck using this unmaintained driver (likely in a MacBook), you may be interested to know that a newer compatible wireless card is supported by the in-tree brcmfmac driver. It has a model number BCM943602CS and is for sale on the second hand market for less than 20 USD.

So would I. I once ran a kernel a couple of years in arrears for a while, with everything else up-to-date, and had no userspace issues whatsoever. Granted, this was not on a Macbook, and I was using Gentoo.

It looks like the simplest method is to use rEFInd + shim or PreLoader—see The rEFInd Boot Manager: Managing Secure Boot.

If you need a last-ditch option or want to get your hands dirty, the Gentoo wiki has recipes for enrolling new EFI keys by hand. This is a rather tedious procedure, but should work for any distro that comes with efitools, sbsigntools (for signing the kernel and modules, if not already signed), and openssl (for key generation).

Any halfway decent desktop email client will do the job—people have already listed several. I use claws-mail, but getting it to work with GMail involves the computer equivalent of doing a triple backflip through a hoop, so you may want to go with something more common.

Github is only used to mirror the main repo (which is on gitweb.gentoo.org). I assume that was done to attract driveby patches and reduce load from Portage git syncs on the Gentoo servers.

It broke a bash script that’s going to be gone within a month. The continuous integration stack in Gentoo (which probably doesn’t do quite what you think it does) is basically a stack of bash hacks that causes as many problems as it solves, so it’s being retired. ( relevant gentoo-dev ML thread )

When I first installed Gentoo, it was because it was one of only around three distros that supported x86_64 at the time. Yes, that was a long time ago.

I’ve kept it as a daily driver for a number of reasons. First, because I’m a control freak, and Gentoo goes out of its way to allow me to select exactly the packages I want, and gives me access to all the knobs and switches that other distros may hide in the name of user-friendliness.

Second, because once installed it’s surprisingly solid and trouble-free—Portage is an excellent (if slow) package manager that, judging from what I’ve heard from people running other distros, is better than the average at preventing breakage, and since it’s rolling-release there are no whole-distro upgrades to complicate things. I ran one system on rolling updates for 17 years without reinstalling, and it was still pretty much up-to-date on all packages when I retired it back in March—try that with Ubuntu. (The replacement system also runs Gentoo.)

Thirdly, I’ve been with Gentoo for so long that I know how to create packages, unbork a system that I’ve messed up by doing something really stupid, and various other tricks. If I went to another distro, I’d have to relearn much of that from scratch.

(A fourth reason for some might be that it supports a wider range of CPU architectures than any other distro except possibly Debian.)

Writing a custom GTK3 theme for my own use a couple of years back was an extremely painful process. There’s no list anywhere of the possible themable element types (I had to go through the actual source code to compile one) or the possible nonstandard options (never did manage to compile that list). I haven’t had to look at GTK4 yet, but I doubt it’s any better.

(As for how people use dark themes: put borders on things if you need to, and/or use hover options to distinguish what the active element is.)

The X3D CPUs are very sensitive to overvolting, and some mobo manufacturers had their boards set to overvolt out of the box before this was discovered. Result: fried CPUs.

There is only one X server implementation

That isn’t quite true. There have been several proprietary implementations for non-Linux systems—Apple’s XQuartz was still being maintained as of a couple of years ago, although I don’t know about its current status. Standards documents exist, and anyone can code to them.

Isn’t systemd that open standard though?

No. It doesn’t support BSD, just for starters, even though most of the established desktop environments originally ran there as well as on Linux. So by definition, anything that relies on systemd can’t “support as many systems and platforms as possible”. And to my knowledge, no actual standards document defining protocols and interfaces has ever been published (although I admit, as an OpenRC user, I don’t pay much attention), meaning that the interface can change without warning. If systemd works for you, that’s fine, but don’t try to build it up into something it isn’t.

I expect that would be the problem. Gentoo very noticeably is still only offering up to 48 in the main repo—not sure whether that’s just normal maintainer lag or someone’s trying to patch it.

If I cared that much, I could have bought a blank keycap for an extra buck when I bought my keyboard and banished that thing forever. (I own a Unicomp New Model M 103-key, which only has one Windows key to begin with, and the manufacturer will happily sell you blank or custom-text keycaps. Unfortunately, while they do sell a set that includes Tux keycaps, they’re sized for a 104-key.)

probably uses Discourse… I don’t get why people like that forum software :/

I don’t either. It hates minority browsers even more than Cloudflare does, doubles down on this by using unnecessary bleeding-edge Javascript constructs, and every instance of it I’ve ever seen looks ugly as hell.

I’m not sure what happened to the old Redmond widget theme, which was essentially a transplant of the Windows 9X widget style, but if you’re not picky, the .Net theme in the tdeartwork package will probably be Good Enough (or you could go for the different-but-equally-retro CDE/Motif experience). TDE itself, as KDE3, was originally expected to run on an average PC made 20+ years ago—I ran it for years on a single-core Athlon64 with 1GB RAM (and those were pretty good specs for a machine of that era). I don’t know what else Q4OS might be carrying along with it, though.

If you want to go even lighter, look for something offering Fluxbox or Openbox as the GUI—they have enough stuff in them to be useful launchers out of the box, but don’t have the overhead of the true DEs (configuring them may require you to mess around in text files, but you only have to do it once).

Anyway, your main issue is going to be getting any modern browser to work on a machine that constrained. (If your interest is only in looking at Wikipedia, Konqueror, which ships with TDE, can be made to mostly work if you force the use of Wikipedia’s “vector” skin, but the current default skin breaks search and looks like ass. Konqueror’s browser code is way out of date and not recommended for general Internet use.)

Sort of? In my experience, the people working on WINE have always been more interested in game compatibility. Sometimes other software will work, but it’s a crapshoot.

Gentoo will work if you have the time to work through the install, and stick with provided binaries for large packages (or have a lot of patience with updates).