Not OP.

getting downvotes etc

That was mostly on the first day. OP was probably very frustrated and disappointed after their initial impression. The way the rant that followed afterwards was written didn't do them any favors 😅 and the downvotes that followed afterwards were therefore not very surprising...

I allredy forgot which distro worked for you

Pop!_OS

I hope to read more about OP's experiences with Linux and if they decide to stick with it. Let's hope we get updates on those soon 😉.

Thanks for the explanation!

I didn’t like Runit

Unfortunate, but not very surprising 😭. I hope it (or another init) will one day be more than a viable alternative to systemd, so that the hegemony will cease to exist.

the package selection wasn’t great

While not applicable in all cases, I've had great success with relying on Distrobox in case I had to rely on the repos of another distro to get my software.

As for siduction, it was just a touch too buggy (i.e. XScreensaver caused the laptop to freeze when I closed the lid) and too preconfigured to be able to resolve easily. It also played havoc with my school’s BYOD internet.

Interesting! I didn't know that siduction is relatively unpolished.

I’ll probably go back to it at some point, though.

I wonder if perhaps SpiralLinux does a better job.

Of course, the main reason for this new install is that I just bought an SSD, and I’d rather start fresh than try to flash my old hard disk across.

Relatable 😜.

Looks good!

Are you just exploring the waters? Or were you discontent with Void and siduction?

Thanks a lot for this excellent write-up! I believe it has successfully fulfilled its purpose.

To make myself absolutely clear: I believe that we agree on our general sentiment towards systemd; I don't like how it has almost ostracized other inits, nor do I like how ever-impactful it has become across the board so much so that even the most established DE (read: GNOME) has had hard dependencies to systemd in the past^[1]^.

And this is where i think you’ve contradicted yourself. IMO, the only reason opponents use it is not because it’s so great but because it’s so entrenched in whichever distro they’re using.

Got it! I see now why you might have perceived that as a contradiction. And honestly, you might be correct! I assumed that systemd is used for how it might enable the full system AppArmor policy^[2]^ and other features that Kicksecure has become known for. Honestly, I'm not an expert on Kicksecure myself. I just like the project and even try to import some of their systemd-related features and/or configs on my daily driver.

Based on past readings, the idea that systemd was (ironically) still preferred on Kicksecure for security-related features stuck with me. But, honestly, it could have been my misunderstanding and instead they might have chosen to make the best out of it as not using systemd would have increased the maintenance burden tremendously.

This conversation has opened the possibility to me that Kicksecure's maintainers might have stuck to systemd for non-security reasons. Ultimately, your contribution by addressing that point has been immense. Thank you so much for the insight and for being patient with me 😊!

1. I believe this has since been resolved.
2. Based on the following statement: "AppArmor can do this by loading a profile for systemd in the initramfs." found here

Thanks for the answer! I got some pointers 😉.

Thank you for your feedback! I am learning a lot.

Glad to be of use 😜!

This is the first time I have run into issues where I was not tempted to abandon ship and go back to what works. I actually care about this system and want it to succeed. I think this is a super cool path forward.

I wholeheartedly agree!

GoboLinux

Wow, I almost forgot about that. Thanks for reminding me!

One problem I had is that I was trying to download an image for linux mint, because it gives me access to PPAs without needing to use SNAP due to Ubuntu, but I could not get an image to download, no matter what combination of linux + mint + version I used. I finally realized I could search podman, now I can go forward!

Good job learning about podman search! I'm sure you'll manage 😉!

Are there arguments against immutability?

Initially I was typing out a very long answer, but it quickly got unwieldy 😅. So instead, this one will be oversimplified 😜.

Currently:

• Package management on native system just takes considerably longer on most atomic^[1]^ distros. The exceptions would be Guix and NixOS, but unfortunately their associated learning curves are (very) steep compared to the other atomic distros.
• The learning curve in general is steeper.
• Documentation is lacking.
• Big shifts occur more frequently^[2]^.
• Some things simply don't work (yet).

One might (perhaps correctly) point out that most of these are actually more related to the technology lacking maturity. And that atomic distros would actually (already) net positively otherwise. Therefore, I'd argue, the transition to atomic distros is perhaps more akin to a natural evolution. I believe (at least) Fedora has already mentioned the possibility to sunset the non-atomic variant in favor of the atomic one when the time is there (or at least switch focus). Which is why I believe that atomicity will probably leave a lasting impact to the Linux landscape, similarly to what systemd has done in years prior.

Besides that it’s probably a challenge to maintain…

If your use-case is supported and you've acquired the associated knowledge for setup/configuration and maintenance, then I'd argue it's probably even easier than a non-atomic distro; simply by virtue of atomicity, increased stability and rollback-functionality. But, as has already been established previously, the learning curve is steeper in general, so getting there is probably harder. With the exception being those whose needs are satisfied easily by the accessible software found in the main package-'storefront'. Which makes distros like Endless OS very suitable for people whose primary interaction with 'computers' has been mobile phones and tablets, as the transition is -perhaps surprising to some- near flawless.

1. Yes, that's how I'll be referring to them.
2. Fedora Silverblue switching to OCI container images for delivery of installations and upgrades. openSUSE's offerings switching to image-based. Vanilla OS switching from Ubuntu to Debian and to a model that's a lot more similar to where Silverblue is headed towards. NixOS switching to flakes. etc

I personally agree with your assessments regarding Debian Sid and Manjaro. However, I didn't want to force my (potential) 'bias' in a comment that tries to be otherwise neutral. Thank you for bringing up the 'asterisks' associated with both of these!

as from Firefox RPM for example I can open any file and save anywhere. But its process isolation right?

For Firefox, the verdict on its native sandbox vs Flatpak's native sandbox doesn't seem conclusive. With -assumingly- knowledgeable peeps on both sides of the argument, which indeed does raise the question how knowledgeable they actually are. Nonetheless, for myself, I've accepted Flatpak's sandbox to not be inferior to Firefox' native one. Thus, I don't see any problem with using its flatpak.

doesn’t do anything better than Firefox or Librewolf.

Besides the fact that some sites misbehave on Firefox(-based browsers), it does if you're actually security sensitive; Chromium's sandbox is simply superior to Firefox'.

I didn’t even mention the CEO, you must have confused my reply. It’s the product being X and doing Y which I don’t like.

It's true that you didn't mention anything regarding its CEO, but I assumed your comment might be related to it. It seems not to be the case; my bad for assuming and mentioning it and thank you for clearing yourself from that 'allegation'!

Would it be fair to assume that your primary gripe with Brave is its (at best) controversial stance regarding the 'open' source nature of their product?

I have multiple LibreWolf profiles with different uses and therefore different extensions tied to each one of them. For example, I've got one in which I exclusively watch the Youtube content I'm interested; through Invidious of course*. Therefore, extensions like SponsorBlock and Video DownloadHelper are only found on that profile to improve the experience thereof without negatively affecting the other profiles. This is mostly done to protect the profile I use for regular browsing, which is somewhat alluded to by the team behind Arkenfox with "We recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you stand out, and weaken site isolation.".

As for the extensions I have on my profile that I use for regular/random browsing; those would only consist of uBlock Origin, Redirector and Skip Redirect. All of which are -to some degree- endorsed by the Arkenfox-team. Though, from time to time, I am guilty of using Dark Reader as well; it's just too good to miss out on at times.

While it doesn't satisfy the "under $400"-condition, I couldn't withhold myself from mentioning the likes of NovaCustom and Tuxedo. For the fact that both have been absent from the conversation while they otherwise satisfy the requirement of coreboot on a modern device. With the former, NovaCustom, being arguably the best vendor to buy 'privacy&security'-first devices with modern hardware from. Not for their entire line -mind you- but specifically their NV41 Series; which is -to my knowledge- the only Qubes-certified computer with modern specs and Heads. However (with Qubes and Heads pre-installed) it starts at $1224, which makes it considerably more expensive that your stated target (read: under $400).