Unless “read-only” is being enforced by hardware (reading from optical media, etc), a compromised sudo user can circumvent anything, and write anywhere. A read-only flag or the root filesystem being mounted from somehwere else are just trivial extra steps in the way.

Improved security != extremely secure, is all I’m saying. There are a lot of things that go into making a system extremely secure, and while an immutable root filesystem may be one of them, it doesn’t do the job all on its own as advertised in this post.

The root filesystem is being read from somewhere, and if it’s being read from, it can be written to. Having an extra step or two in the way doesn’t make it “extremely secure”.

Training and familiarization helped me a lot with that exact feeling. I had the same feeling about circular/table saws. My dad was a carpenter, and those things freaked me the hell out - one tiny mistake could have devastating consequences, and that was all I could think about when I was around them. But with careful instruction and exposure, learing to use and be more comfortable with them, that feeling was gradually replaced by calm and confidence, and they changed in my mind from these objects of terror into valuable tools. There was still fear, but it was a healthy, respectful fear.

I went through the exact same process with guns as well. Some classes with a good instructor, giving you a chance to get more comfortable and familiar before you bring a gun into your home, could help a lot.

I have a 43-inch Insignia N10 that works great in exactly that role. Dumb TV with HDMI inputs, audio outputs, and that’s about it. Best Buy’s in-house brand, it was like 120 bucks about a year ago, when my Vizio TV from 2003 finally died in a way I couldn’t fix :(

The built-in speakers aren’t great, definitely recommend hooking it up to something else.