What magical company do you work in that gives you UEFI access on your work computer? Mine’s so locked down.

Seconding Fedora.

I wish there were more M.2 cards beyond just SSDs and wireless NICs. The idea of a small form factor PICe interface is underutilized and things like hardware codec accelerators can keep laptops with older processors usable with new standards for longer. It’s sad how PCMCIA had an entire ecosystem of expansion cards yet we somehow decided that the much higher bandwidth M.2 is only for storage and networking. Hell, do what sound cards in the 90s/00s did and have M.2 SSDs specifically designed for upgrading older laptops that also have built in accelerators for the latest media standards. Hardware acceleration is energy efficient and can probably just be bundled into the flash controller like they’re bundled into the processor, and unless you have a top of the line SSD you’re probably not saturating the M.2 interface anyway.

Pre-installed distro needs to support one-click installation (like .app or .exe).

This defeats a lot of what makes Linux secure. The main reason you don’t get malware is because you never run untrusted binaries from the internet and you install everything from trusted sources like your package manager. A non tech savvy person doing this will inevitably hit one of the super rare Linux malware in the wild. Clueless person downloads the wrong installer is the model malware entry case. I also don’t see a benefit of just having an app store, you can even show proprietary software by default as long as they can be turned off (I suspect the main reason for one click installation is for downloading proprietary software).

AFAIK it’s a bad idea to use dd or another wiping tool that just overwrites the logical partitions on flash based media, and is also not that effective for security. SSDs have wear leveling and what the computer sees does not map 1 to 1 to what’s actually on the flash chips. They also have extra overprovisioned space inaccessible to your computer specifically for shuffling data around when wear leveling. So not only are you wasting write cycles, it’s not guaranteed to actually overwrite all your data on the flash chips themselves.

If you want to wipe an SSD, use secure erase from a tool like nvme-cli which will directly tell the controller to erase all the data. How well the controller implements that is anyone’s guess though.

I’d say if you’re going to the effort of fully encrypting your new install, doing a secure erase will be in that spirit and won’t hurt. There won’t be any performance benefit but it will (probably) ensure that none of your previous unencrypted data is still there, though even if you don’t do this, just writing to the drive in normal use will eventually fill up the free space and make it less and less likely that sensitive information is recoverable, but how long this happens depends on how you use the computer.

Did the Ventoy binary blob thing ever get resolved?

so the web browser will play nicer out-of-the-box with Wayland

Anything really polarizing can end up with a cult following. Just look at Rust.

People would be less mad if you straight up used a stock image with a watermark so I don’t understand why people go out of their way to use AI when they know people will comment on it and it will detract from the point of the article.

Also, using AI in the thumbnail makes people automatically assume you’re using AI in the text as well. And if you’re not doing that, why would you lessen the perceived value of your writing by making it seem like you are?

It just seems pointless and actively harms your actual goals because people will get hung up on the fact that you used AI and ignore your actual valid points. Especially when you’re writing about open source projects when most people interested in open source are vehemently anti-AI, it really just shows you don’t know your target audience.

TLDR: While Linux is less susceptible to malware in some ways, it mostly boils down to Linux having a more technically minded userbase whereas Windows is a “mainstream” operating system.

Most Windows malware nowadays come from social engineering scams (complete this “captcha” by pressing Windows+R and pasting in this powershell script we conveniently put in your clipboard) or untrusted third party installers because Windows doesn’t natively have a package manager. Like others have said, the old school self-propagating worms and drive by downloads that activate just by clicking on a link aren’t really possible anymore (outside of state actors with unlimited budgets to buy zero days) unless your system or browser is horrifically outdated.

In terms of social engineering, Linux is not necessarily better at preventing it than Windows. In fact, sudo in Linux will unquestioningly delete the kernel and system software or make unlimited changes to them. Windows, for better or for worse (tbh more worse than better), uses TrustedInstaller to limit access to system files. Windows 11 won’t easily let you delete or modify System32 for example, even if you’re an admin. So it’s in theory easier to do more damage to your system on Linux if you don’t know what you’re doing. But if someone is using Linux full time, they’re most likely technical enough to not be fooled into running random untrusted bash commands.

The biggest thing is to be careful with those Linux terminal tutorial sites that have a “add to clipboard” button, they can put literally anything into your clipboard, including an enter key to run the script as soon as you put it in your terminal (though this may or may not be possible depending on your terminal app). Actually, they don’t even need you to use their copy button. They can just set an event listener for control-C anywhere on their site and automatically replace the clipboard content. Just double check everything you copy before running it, especially since there’s a lot of times where Linux users have to rely on obsecue tutorials hosted on untrusted websites.

You also don’t really need to run untrusted installers on Linux because almost everything you need is in a properly moderated software repository, be it your native package manager, Flatpak, or Snap. Everything is signed by the authors and has a ton of eyes from the open source community on it. The only things to look out for is compiling something from GitHub, random AppImages, Elf binaries, scripts, and last but not least third party repositories that can be added as an installation source to your package manager/Flatpak/Snap. Basically, Linux gets most of its “doesn’t get malware” reputation from the same place Mac does: you rarely have to manually download and run an executable from a random website, which is the norm on Windows. Add to the fact that even when that’s needed, the Linux userbase is more technical and is more able to discern which sources are reputable and which are suspicious.

Another major source of malware is pirated versions of Windows or untrusted “license activators” from the internet. This just isn’t a problem on Linux because there’s no license to activate and it’s free to begin with so there’s nothing to pirate. And again, if someone is running Linux, they’re probably technical enough to know not to run random pirated versions of paid software to begin with, helped by the fact that the vast majority of paid software is Windows only.

If it’s a work computer, tell your IT department it’s getting in the way of your job.

Embrace <-- You are here

Extend

Extinguish

Fuck Apple

As someone with a Thinkpad, that weird thing Lenovo does where they switch the control and function keys gets me every time I switch between Thinkpad and non-Thinkpad laptops. Usually when I use a non-Thinkpad, it’s someone else’s laptop and I look like an idiot in front of them wondering why their copy and paste is broken.

I get that the function key isn’t technically a standard key on the keyboard (I’ve only seen them on laptops) and Thinkpads always had that layout dating back the IBM days, but it’s still annoying.

Ideally the entire system.

Centre click is a godsend though. I recently had to start using Windows again and I keep instinctively hitting it.

When I heard about schools using Chromebooks literally the first thing I said was “Linux can do more than a Chromebook can and is free, why the hell aren’t they using that?!” Linux running on the cheapest OEM laptop (make sure you get ones without the prepaid Windows license so you don’t spend more than you need to) is a better experience than the most expensive Chromebook.

Can Linux run programs that rely on frameworks like .NET or other Windows-specific libraries?

Isn’t .NET open source and cross platform now? Isn’t there an official Linux runtime? Or is it just the most basic subset of .NET without any of the GUI libraries or other things Windows .NET apps routinely depend on?

Why not just use and support fully open source alternatives like Krita, Inkscape, Kdenlive, etc instead of giving money to Adobe?

A door with the best lock possible is still not as secure as no door at all