I personally like flatpak and its build system. Flatpak applications are sandboxed by default and don’t require root during any part of installation, reducing the risk of malicious/broken software damaging the host. They also are available for basically any base distro, meaning i can use the same apps if a ever distrohop and i can even just copy over the config folders as if nothing happened.

Which would that be *pulls out the deathray which terminates fun places on the internet*?

It wont be a problem because from the Live USB you can mount the encrypted drive in the file explorer app (Dolphin on KDE) after supplying the encryption password.

This made me immediately think of how old American homes in the back of the mirror cabinet of the bathroom just had a slot that fed into the space between the drywall so you could through your razerblades away. Good luck to the renovators in 50 years when they need to remove that drywall and pick up a thousand rusty butterfly-style razerblades. Can’t throw those suckers in a plastic trashbag either cus it’ll cut right through.

To a slightly lesser extent, Id also suggest avoiding noscript for the same reason. uBlock Origin can do everything that NoScript can and NoScript contributes as a metric to create your overall fingerprint. If need strong protection against fingerprinting, use Mullvad or Tor Browser. Use Librewolf if you need to customize, or want to change the defaults.

No, because the Mozilla’s new policy doesnt apply to forks.

The fingerprint protections in Librewolf already protect against canvas fingerprinting. You actually make ourself stand out even mkre by using it. Even with RFP disable, ETP still protects against canvas fingerprinting.

Fedora offers a KDE version.

Mostly because Fedora is more popular. I like both.

openSUSE Tumbleweed gives you much more control of what gets installed by default (you can customize every package during the GUI installer). It has been the most stable distro ive used. It is a “rolling-release” distro, meaning that packages usually get updates quicker from upstream. If you dont like getting frequent updates it may not be for you. A key feature of openSUSE distros is the system management apl Yast, which allows you to manage a lot of stuff from a GUI.

Fedora is also quite stable. I think it’s more user-friendly in my experience. After Debian/Ubuntu based distros, Fedora is the most likely to have packages built for it by developers (I’m talking 1st-party builds, not repacks). Fedora is a semi-rolling release, meaning updates are frequent but not constant.

Fedora is currently my distro off choice, but I may soon use Tumbleweed again. I daily drove Tumbleweed for a year on both my general PC and my admin computer.

Bazzite is great Fedora-Atomic-based distro, especially for nvidia users. I had a friend move to Linux and that was the distro that worked. But in general, if someone is a programmer/Dev, they want to learn how to use Linux, or just install a lot of packages, I’d avoid Atomic.

Don’t get me wrong, I use Atomic. But it isn’t as straight forward as a traditional distro.

The equivalent of Bazzite but traditional Fedora is Nobara

For a distro, I recommend Fedora KDE Spin. Fedora is beginner friendly, is widely supported, frequent updates (so less outdated packages), rock solid stable, works with gaming or anything else.

People recommend Linux Mint often, but I am just not a fan of how outdated the system is and its reliance on X11 (deprecated and insecure display server). I’ve daily driven mint before for like a year and it was good but I’m not a fan of cinnamon DE.

When you mention Visual Studio, do you mean VSCode or Visual Studio. Cus VSCode is supported on Linux but Visual Studio is not. Confusing right?

It also has a Flatpak release, which I prefer for the ability to restrict permissions like internet.

Actually, in the case of a web browser, Flatpak weakens both Firefox’s and Chromium’s internal sandboxing, possibly allowing for breaking of cross-site or site-host boundaries. Firefox is even weaker then Chromium as a Flatpak because it can’t use the zypak fork server. Both are weakened, best to avoid.

For basically any other app, Flatpak can be beneficial as a sandbox.

Basically, don’t sandbox browsers because its like wearing 2 condoms. The only sandboxing tool I know that doesn’t interfere with the browser’s sandbox (and also doesnt allow for the possibility of privilege escalation, like Firejail) is Bubblejail

PS: Since you mentioned you are on Fedora, Bubblejail is offered through this COPR repo from the Secureblue team. It provides a sandbox without interfering with the browser’s sandbox. It comes with profiles for Firefox and Chromium. Only issue ive experienced is that the sandbox works, aka it means I can’t access files from my home directory unless explicitly given permission to a folder.

OP mentioned that it was the Flatpak version, which doesnt add anything to root owned parts of the filesystem.

Yes. I dont remember the word exactly but it might have the word “performance” or “hardware”

While I haven’t had to deal with much of the bad .ml users, I had a long comment thread with some conservative guy who got so mad he changed his bio to say “after the last experience, proudly homophobic”. I reported it to the admins of the instance and they didnt ban even after all that shit.

Check this out: https://github.com/wayland-transpositor/wprs

It depends on the fstab mount flags, specifically nofail.

It was the KDE version.