when technical folks act like everyone and their grandma should run arch

As an Arch user, man I hate when people are like that. Arch certainly has a specific target audience. If you (the individual) are comfortable with a distro, and it works well for you, it’s a good option. If Arch isn’t that, then it’s not a good option for you. Some people don’t understand that even the “once a year single command” maintenance is too technical for most.

Having run Arch only the last few years, I don’t know how much it’s improved compared to say 10 years ago. I do know on most of my systems I don’t spend that much time updating or maintaining my Arch installations, usually just a yay, select which AUR packages not to update (the ones I have can have issues updating sometimes), wait for 15-ish minutes (depends how much I have to compile from AUR), and that’s it. From server to desktop, some weekly, others once every couple months. Although I would say it’s more than average, as I have a custom repository with some nightly compiled packages, which has its own issues.

The difference is rolling vs stable release.

Debian 13 is out, and it will stay exactly the same Debian 13 that it was when it released, even 5 years from now. The only changes are bugfixes, security patches, etc. No new features. This means you can basically do unattended sudo apt update && sudo apt upgrade with no problems. By the time Debian 14 comes out, there will have been a ton of changes to upstream software, Updating from 13 to 14 might be a one-click fix, or it might take effort fixing configs and ensuring the new software works.

Arch Linux is rolling release, it does not have version numbers, and does not hold back a major package update just “because it changes things”. This means basically every update might change things, and that can require intervention. If the Arch Linux team is aware of required intervention, it will be put on the Arch News. This is often just one or two commands. The possibility of intervention being required means unattended upgrades are a no-go on Arch, but that’s pretty much it.

If you don’t update your system for say, a year, everything that’s changed in that time will change all at once. This is often still a few commands to fix, but could be more depending on what updated exactly. Updating regularly is reccomended, because it’s easier to tell what exactly changed between updates, and thus easier to track down where a problem originates from.

Depends entirely on the device. On most desktops, you should be able to. On a lot of laptops, this may leave them in an unbootable state (due to GPU option ROMs).

Check for your specific hardware before removing factory default secure boot keys.

This is heavily sensationalized. UEFI “secure boot” has never been “secure” if you (the end user) trust vendor or Microsoft signatures. Alongside that, this ““backdoor”” (diagnostic/troubleshooting tool) requires physical access, at which point there are plenty of other things you can do with the same result.

Yes, the impact is theoretically high, but it’s the same for all the other vulnerable EFI applications MS and vendors sign willy-nilly. In order to get a properly locked-down secure boot, you need to trust only yourself.

When you trust Microsoft’s secure boot keys, all it takes is one signed EFI application with an exploit to make your machine vulnerable to this type of attack.

Another important part is persistence, especially for UEFI malware. The only reason it’s so easy is because Windows built-in “factory reset” is so terrible. Fresh installing from a USB drive can easily avoid that.

I’m running on postmarketOS, SailfishOS includes significant proprietary components, besides firmware. Like the user-interface. My Android daily driver is already running strict FOSS-only ROM and apps (with an exception in firmware), there’s no reason for me to switch to sometbing proprietary.

Nobody is helping Google do anything, phone OEMs develop their own private spin on Android (for example, Samsungs OneUI). They make sure their device works in their OS, nothing else.

Depending on your bank, you may be able to use their website.

The “no apps” isn’t “that big of an issue” (at least for me), as there’s Waydroid available, and it’s just standard Linux with all the desktop apps right from Flathub. There’s also plenty of webapps available.

There’s tons of other issues with Linux mobile, like general usability, battery life, responsiveness (especially when receiving calls or notifications), and hardware support.

The biggest one I’m running into is sleep states. I can either have 4-ish hours of battery life, but if my phone is charged, I get notifications, alarms go off, and calls come in immediately. Or I can have about a day idle battery life, but have to check my phone before any of that stuff comes in.

There’s also the fact I use my phone for media a lot (Jellyfin, Lemmy), and the experience isn’t great on Linux mobile. “Apps” integtate less with each other, and video playback is kind of a mess. (For example, I can’t “share” on a photo from Lemmy to send it to a friend on Matrix).

While Mint is an Ubuntu-based distro, it tries to un-fuck the worst of Canonical. Other Ubuntu spins with a different desktop environment don’t do this, like Xubuntu, Kubuntu, etc. They end up as just Ubuntu on a different DE, with all the decisions made by canonical.

Base Debian might work, but afaik, is “not as beginner friendly” compared to Mint.

Firefox is able to do this for basic PDF annotations. It’s not very extensive, but it’s very simple to use (and you probably already have it installed).

It is only a partial upgrade if you update your databases, without upgrading the rest of your system. If you try to pacman -S firefox, and it gives you a 404, you have to both update your pacman databases, and upgrade your packages. This will only give you a 404 if you cleaned your package cache, and your package is out of date. Usually, -S on an already installed package will reinstall it from cache. This does not cause a partial upgrade.

If you run pacman -Sy, everything you install is now considered a partial upgrade, and will break if you don’t know exactly what you’re doing. In order to avoid a partial upgrade, you should never update databases (-Sy) without upgrading packages (-Su). This is usually combined in pacman -Syu.

and had to delete, update, and then rebuild half my system just to update the OS because the libraries were out of sync.

This does not just happen with proper use of pacman. The most common situation where this does happen is called a “partial upgrade”, which is avoidable by simply not running pacman -Sy. (The one exception is for archlinux-keyring, though that requires you run pacman -Syu afterwards).

Arch is definitely intended for a certain audience. If you don’t intend on configuring your system on the level Arch allows you to, then a different distro might be a better option. That does not mean it’s a requirement, you can install KDE, update once a month, and almost never have to worry about system maintenance (besides stuff that is posted on Archlinux news, once or twice a year, usually a single command).

If you want to learn, go for it! Although if you’re running anything important, be sure you’ve got backups, and can restore your system if needed. I wouldn’t personally worry about the future of NixOS. If the project “goes the wrong way”, it’s FOSS, someone will fork it.

I’ve considered Proxmox, but immediately dismissed it (after light testing) due to the lack of control over the host OS. It’s just Debian with a bunch of convenience scripts and config for an easy libvirt experience. That’s amazing for a “click install and have it work” solution, but can be annoying when doing something not supported by the project, as you have to work around Proxmox tooling.

After that, I checked my options again, keeping in mind the only thing the host OS needs is KVM/libvirt, and a relatively modern kernel. Since it’s not intended to run any actual software besides libvirt, stability over quick releases is way more important. I ended up going with Alpine Linux for this, as it’s extremely light-weight (no systemd, intended for IoT), and has both stable and rolling release channels.

It is significantly more setup to use libvirt directly. After installation, Proxmox immediately allows you to get going. Setting up libvirt yourself requires effort. I personally use “Virtual Machine Manager” as a GUI to manage my VMs, though frequently use the included “virsh” too.

it seems a bit pointless

Quite the opposite. Linux is currently frequently matching Windows in performance when running games through Wine/Proton. Targeting Linux native avoids this translation layer, and can result in better performance or less CPU overhead for the same performance (which is noticable especially on devices like the Steam Deck).

making games for Linux is ironically difficult

Yes, because of the tooling. If you make a game in Unity, and build for Windows, ““things just work””. If you then build for Linux, you can face any number of random engine issues, like bad controller support, broken mouse grabbing, etc.

as they can break as libraries change over time

Valve has thought about this, and designed the Steam Linux Runtime. This does effectively the same thing as Flatpak, except it pulls in the system native graphics drivers. Steam Linux Runtime provides effectively a full (minimal) Linux distribution that game developers can target, ensuring their games keep running, even on more modern systems.

Gaming on Linux has always been a chicken and egg problem. Gamers see there’s no games on Linux, so they stick to Windows. Developers see there’s no Linux gaming market, so they stick to Windows. With Valve’s Proton, they interrupted this cycle. Most games now work on Linux, but game developers haven’t switched yet. For them to switch, there needs to be a market of Linux users, and the tooling needs to be sufficiently developed for Linux, ensuring the same (or better) quality as the Windows versions of games. This includes game engines, common libraries (like online multiplayer frameworks or voicechat), and possibly development software, 3D modeling software like Blender, the Adobe suite, etc.

“jellyfin isn’t immune to security incidents”

Well, no software is. The difference is that Plex just leaked data of all their users, where Jellyfin can’t, because they don’t have this data.

No, it’d still be a problem; every diff between commits is expensive to render to web, even if “only one company” is scraping it, “only one time”. Many of these applications are designed for humans, not scrapers.

Someone making an argument like that clearly does not understand the situation. Just 4 years ago, a robots.txt was enough to keep most bots away, and hosting personal git on the web required very little resources. With AI companies actively profiting off stealing everything, a robots.txt doesn’t mean anything. Now, even a relatively small git web host takes an insane amount of resources. I’d know - I host a Forgejo instance. Caching doesn’t matter, because diffs berween two random commits are likely unique. Ratelimiting doesn’t matter, they will use different IP (ranges) and user agents. It would also heavily impact actual users “because the site is busy”.

A proof-of-work solution like Anubis is the best we have currently. The least possible impact to end users, while keeping most (if not all) AI scrapers off the site.