I don’t believe that’s the case, according to Aeon. The state of secure boot can be measured, so if you have it enabled/disabled, you have to keep it that way or else the measurement will fail and the TPM will complain.

No, it requires a TPM2 chip. So the requirements for measured boot are to similar to Windows 11.

Poettering has a few blog posts and conference videos on it. And Aeon is a distro that implements measured boot as the default.

For Linux, the protection is weak.

But if properly implemented, it’s good. But it would be a hassle to do and would require users to register new keys and blacklist Microsoft’s.

Measured boot is a better solution for Linux. It’s decentralized and does not rely on Microsoft. It uses the TPM to “measure” various parts of the UEFI, bootloader, and OS to ensure they have not been tampered with.

Discovers talks to PackageKit, a project that attempts to abstract packaging concepts. So rather than Discover supporting dnf, apt, pacman, etc, it talks to PackageKit and that handles the lower level stuff.

But PackageKit is not perfect. It’s better to use dnf directly and use the flag for offline upgrades (for more reliable upgrades).

Maybe. The thing is that Electron is not made by Google. There’s always a chance that downstream they may still default to X11.

Chromium defaults to using X11, even on Wayland. By setting the ozone hint to auto, it will then default Wayland users to using Chromium’s Wayland backend.

It’s resolved now.

Fedora Flatpaks are better in this regard. They are built entirely from Fedora rpms. When an rpm gets updated in the Fedora repos, rebuilding the flatpak will automatically pull in that updated rpm. And with flatpak’s deduplication feature, any reused vendored dependency should be perfectly deduplicated since the input is exactly the same (the rpm).

The problem just is that the repo is small, it’s affected by Fedora’s risk-averseness (so no codecs), and people don’t like them.

Yes

Gnome article on same topic: https://blogs.gnome.org/shell-dev/2024/09/20/understanding-gnome-shells-focus-stealing-prevention/

You can test the more strict focus stealing prevention on Gnome with: gsettings set org.gnome.desktop.wm.preferences focus-new-windows ‘strict’.

And to unset it: gsettings set org.gnome.desktop.wm.preferences focus-new-windows ‘smart’

Firefox should also now have proper support for it in 141, but I think for Gnome you might need to wait for a bug fix in Gnome 49:

Why iodeOS over GrapheneOS?

Edit: oh you said for the FairPhone, not Android in general. GraphenOS is Pixel only at the moment, at least until they launch their own device

Is there a pixel device with a jack port?

None that are still supported by GrapheneOS. But you can buy a USB-C to 3.5mm jack dongle.

My main OS is debian. How easy is to transfer data from GrapheneOS to debian and the other way round?

Pretty easy, either by cable or using an app like LocalSend (they have an apk on their Github).

Overall if you run GrapheneOS on a pixel, how many years running it and what do you think about it?

Haven’t used it in a while. I think it was cool, but was definitely more of a hassle than regular Android. The default apps are pretty barebones and feel old. Though I do still dream about replacing my iPhone with a device with GrapheneOS.

Yeah. I’ve used NixOS and think the idea is cool, but overall I prefer Fedora Atomic. Unlike NixOS, it’s a complete OS out of the box and is less quirky than NixOS. Though I am a proponent of Flatpak, those who don’t like it will have a very different opinion of Fedora Atomic.

I just wish Fedora Atomic was more declarative and that bootc could work a bit closer to how NixOS’s nix.conf worked. I would love if that there was a a container file could be declared and used built similarly to nix.conf is (avoiding the user manually building the and signing the container file).

That kinda exists with NixOS, but you’d have to backup your personal files separately.

You’re not really backing up the OS with NixOS, but the nix configuration file describes how the OS is built in a reproducible way.

Or do you just remember all the config changes you did and type them out from the top of your head? And all the apps you have installed? It’s over 300 apps and 100 config files for me.

Well, kinda. I have have scripts to set up most of my system after an installation. It’s nice so that I don’t have to remember everything I’ve done. It means I can reinstall my system or install on a new system with relative ease.

Doesn’t need to be anything complex. Just having a list of packages I want installed and that I can copy into my terminal makes things so much faster.

Timeshift is completely unnecessary. Fedora Atomic’s rollbacking is more powerful and avoids certain issues.

You should only be backing up personal files, not OS files. The OS is replaceable, your personal files are not.

Switzerland has strong privacy laws, but there are still situations where they legally have to comply. Of course, Proton also collects very little data and keeps things end to end encrypted, so even if they have to provide data, it’s not much.

The only issue I’ve had with LocalSend is that it’s a bit buggy on iOS. If you leave the app open in the background and go back to it, it won’t be able to receive files. I have to force quit it and open it again to fix it.

I don’t think nonfree is enabled by default. Though I guess the repos are still hosted by debian, unlike RPMFusion. Though Fedora does treat it as semi-official given that parts of it can be enabled during first setup.

Fedora and Debian have similar philosophies. FOSS only, packages must be built from source, no vendored dependencies. So they have similar policies regarding security and Fedora Flatpaks align closer to that than Flathub.

I believe Debian also doesn’t ship patented codecs in their main repo.