And technically you can whitelist other certificates, too, but I have no idea how you might do that.

When you enter the UEFI somewhere there will be a Secure Boot section, there there is usually a way to either disable Secure Boot or to change it into "Setup Mode". This "Setup Mode" allows enrolling new keys, I don't know of any programs on Windows that can do it, but sbctl can do it and the systemd-boot bootloader both can enroll your own custom keys.

Accent colors are coming with GNOME 47.

It's been a thing I personally have been wondering why this is how it is for a while. Personally I like most of the GNOME stuff, but this decision has always stood out as odd.

But then again I almost always use ctrl+w or alt-f4 to close apps, so I am mostly unaffected.

Just a minor clarification/correction: the "or later" part also depends on the license per se. There is a GPL-3.0-only and a GPL-3.0-or-later. Usually you'll find something like "or at your option any later version." if that is the case, but by default you should expect the GPL-3.0-only to apply.

doas is relativly simple (a few hundred LOC), especially compared to sudo. The main benefit of run0 over doas is that it isn't a SUID binary, they are similary complex.

it does its authorization with polkit (which IIRC defaults to allow all wheel group members) and giving users that shouldn't be allowed root access, root access, is not something you ever want. This is usually referred to as unauthorized privilege escalation. Also, it isn't like sudo doesn't need configuration.

I genuinly hate NV as a company and their propriatary software, but I can say that the software they provide is decent/good. Like... good cards and software, terrible company and philosophy/moral

The actual reason is to hide the fact they’re probably not gonna have much if any pve content soonish

They literally out right said multiple times that PvE content is mostly shelved and to not expect anything. This isn't some sort of secret they are keeping

I don't really bother with AV on my linux system. What I do is just use trusted software from my repos and run containerized applications.

What I am currently working on is using secure boot with a Unified Kernel Image (already doing that) that boot into a read-only /usr/ partition with verity + signature (one UKI only loads a certain partition with a specific signature, or nothing at all). Any other things I need I create a systemd sysext that gets overlayed ontop of /usr/ (also read-only) or they get installed as flatpak. For development I would just be using nspawn containers and podman/OCI containers for services that are outside of the other scopes.

This is all based on https://0pointer.net/blog/fitting-everything-together.html which is a nice write down of what I am doing/following.

That already covers a lot of different attack vectors by just not having my system be modifyable outside of my control or apps just being containerized.

Generally the only groups I would maybe sign such a CLA in regard to the GPL is: the FSF and the Linux Foundation. Anybody else (especially individuals I don't know) I wouldn't sign any CLA unless my contribution is like a 1 off, trivial patch.

1. Hasn't been happening on my Firefox
2. There have been reports on other browsers as well, so this isn't a firefox specific issue (p sure I've seen some people that use chrome claim they had this issue)

They arent suitable for gaming laptops while gaming. They are fine enough to just charge during light/no usage at somewhat reduced speeds.