Proton with a domain you control and use their Simplelogin which you can self host down the line should there be a rug-pull event. I think you need to manually export this so make it a habit as you add them!

You can put your eggs in one basket, just make sure you have a plan B if the basket catches on fire, using their domain in my eyes you’re going down with the ship, if you control it you’re just repointing records to a new host and getting simplelogin going.

This is part of the reason I like to keep ALL of my emails on disk still as well, if you can’t decrypt your mailbox for some reason they’re about as good as gone.

I switched off of BSD about a decade ago so I can’t weigh in on it’s current state at all. I generally avoid Flatpaks at least in Qubes. I do have a template that supports it but it’s only running on my Music VM currently which is offlined, the rest follow the traditional template+AppVM approach which I keep updated on a schedule.

I have never operated under the assumption that flatpaks are sandboxed or secure because they really aren’t. It’s a system to bundle packages with your software without contaminating the host environment. The big issue really is in the package maintainers shipping outdated packages, containers were never a security measure in my eyes due to the shared kernel and especially not with the default share of the homedir for flatpaks. If you need that kind of isolation you really need a VM. I treat them as a standard install personally without any expectations of isolation, and really with Silverblue I’m leaning more towards installing apps directly in Distrobox and exporting them to the host, it still has the shared homedir issue but you’re getting up to date packages in a desired environment that you fully control (this is both good and bad since maintenance is on you).

I think it’s a good idea if there were stricter requirements, maybe vulnerability scanning as a requirement to releasing and pulling stale flatpaks after a period of no releases to start. It’s difficult to appease everyone in this situation and breaking changes would be inevitable so it is difficult to fully solve now that it already exists as it does. I do think supply chain attacks will only get more common though so they definitely need work.

As someone who does a lot of infrastructure work on AWS, Azure, GCP etc, it’s just about the only operating system I’ll use at this point for that kind of work. The isolation I get per-client and per-environment is unmatched. There’s a little more upfront work to get everything the way you like (putting ZSH configs on /etc/skel of your templates for example) but once it’s set up it’s really solid. Having the windows named and color coded really helps me keep from crossing wires when stuff gets chaotic and I’m jumping around a lot.

It’s obviously MUCH worse at certain things such as CAD, but they’re still workable in it. HVMs can remedy this pretty easily but it’s not quite as seamless as the standard Qubes unfortunately but it’s progressed a LOT in a short amount of time so we’ll see what the future holds!

If you’ve used it in the past it’s MUCH better now but there are still hiccups and certain apps you have to force to use X but they do typically run well still, at least the ones I’ve encountered

Immutable was the only thing that got me to switch back from QubesOS on my desktop. I was doing Qubes with a win10 HVM with my 3070 passed through and it was a couple frames off from native performance. Still keep Qubes on my T480 for infra specific work but my “dev” machine with no creds is the desktop now.

Couldn’t get the performance quite right for a Linux based HVM and was wanting the HW accel for some of my work (CAD, figma) so I loaded Bazzite with KDE which runs Fedora Atomic and it’s been amazing for both gaming and work.

Distrobox with boxbuddy and rootful containers where needed has been extremely pleasant and they all live as a subdirectory of my home with a ZSH install script I have to load the terminal styles I want into any new containers. Any apps you install in the container you can export to your start menu and launch seamlessly without tainting your host with any weird dependencies you might need for a project.

We use ddev a lot so needed a rootful container for Docker but other projects I just treat like a VM almost (R projects for instance), install whats needed to get an env going real quick and fire up the IDE in the container and get to work.

EVERYTING I care about is in /var, including my home which makes backups and snapshots stupid simple which I love coming from a traditional Linux distro

Best part is it’s $5000 because they get to name their price. These sensors, headlights, etc, cost nowhere near that, but where else are you gonna go get em?

So in a few years when your new car has depreciated to somewhere around 10k and you get a massive repair bill? Well most people are scrapping it and getting another car, convenient for them…

Same here, saw the writing on the wall after 7 and tried Linux gaming a few times but it was rough back then so I always came back. I did however start at least dual booting with 7 onwards so apart from gaming I was a convert at that time.

This year finally got tired of all the crap, them trying to railroad AI junk in, ruining the control panel, absolutely BURYING settings, turning ones back on with updates, the entire operating system is a dark pattern when it used to be so much more streamlined. Switched to Bazzite and it feels like I’m almost back to Windows 7 except I don’t have to install drivers or anything, just install it, add any apps through the store and you’re off. What they’ve done to windows is ridiculous to me and I’ll never come back.

WPEngine has been trash for a few years now but this felt like a weird way to handle it, I don’t love that they gobbled up ACF and DeliciousBrains and slowly began enshittifying their products which do feel almost necessary to core

My brother needed the driver installed in debian on Qubes but has been flawless beyond that. When I was still running arch it just worked out of the box

I did this with Qubes a year ago and haven’t had any issues apart from figuring out the right flags to get the full performance, otherwise the GPU would cap around 30% under load with low CPU load.

Kind of at the mercy of what your motherboard and bios will allow, mine I had to cheese a little and disable the PCI device on boot so I get to decrypt my disk with no screen lol but it works!

Not op but I do a lot of architecture and infrastructure work on top of my normal dev work so keeping everything separated and per-client has become a pretty important advantage for me personally

Fwiw I had to tinker a bit to get good video playback, Fedora was always choppy for me for some reason but debian is typically smooth with hw accel disabled.

As for the gaming, depending on your setup (I have a desktop and T480 I keep in sync) you can absolutely run two video cards and do PCI passthrough on one to a gaming VM. I have mine set up with a dedicated NIC and USB card and just use a KVM to swap between Qubes and Windows (for now) and it’s worked really well. Had to play around a ton to get the full speed out of the GPU though and it only seemed to work in windows so hopefully get that going for a Linux hvm one day.

Absolutely agree there is no going back, I have all of my work stuff entirely hardware agnostic and a full on replica of my work desktop ready to go in a moment should the desktop die. Apart from that keeping client work isolated has been such a game changer.

Fwiw I used to daily an x210 and then an x230 in IT and pretty frequently typed with one hand while carrying with another without the weight bugging me but your mileage may vary.

You can definitely send them flying and not damage them my coworker launched theirs across the office and the bezel just snapped back together.

I have a T480 now since I do more dev work and needed a slightly bigger keyboard/screen and it’s phenomenal with Qubes and 48gb of memory on the quad core i5. Love the ease to repair I just swapped a motherboard on it in around 30 minutes and was back up and running

Just research ahead and don’t buy one with a known hardware defect such as the 5As which are notorious for frying motherboards and screens. Went through 5 of them with the extended warranty over my phones life and they all died while in my hand abruptly. Less than a year or life per device almost always failing around 8 months for me.

If grapheneOS wasn’t so damn good I would’ve left pixels after that, Pixel XL abruptly died, 2XL had both cameras and the fingerprint sensor die out of nowhere, then the 4 5As. On an 8a right now and love it so fingers crossed it lasts!

If they had a user repairable device that ran it I’d buy it in a heartbeat

Definitely keeping me far away from upgrading, newest vehicle is an early 2000s Corolla and still does 40mpg.

Honestly with how cheap and easy it is to fix at home, barring safety improvements I really don’t see a point in upgrading. Infotainment is just another component that will eventually go obsolete like the ones from ~2010 that are dog slow and a pain to go aftermarket on.

Adding to this, automatic plate flippers exist and are pretty popular for show cars to display something else when parked. Typically wired to ignition so it shows your plate only when the cars running.

Issue is if you street park dependent on the state, if the vehicle registration is hidden by the plate being flipped they can likely tow it. Would work great for at work/in your driveway though. Could maybe just have a bypass switch for if you need to park somewhere and display the plate.

Still a pain in the ass that it’s this bad though.

They used to dominate the consumer market prior to Ryzen so might have something to do with it but I got no evidence lol

Me after getting those dumbass Canary cameras that cost $200 a piece then they completely wrecked the free tier then started giving them away for free to get more subscribers.

Wyze cams with wz_mini_hacks firmware offline in a VLAN with Frigate and Home assistant from here on out!

I would never go back from qubes. VirtualGL seems promising for the hardware accelerated apps and GPU passthrough for a gaming VM is insane

You probably unknowingly break multiple laws a day settle down