somewhat logical, but entirely in practice verb-noun command structure.

That’s supposed to be “impractical”, not “in practice”, for others reading along.

For example, the “proper” command to list a directory is: Get-ChildItem
The “proper” command to fetch a webpage is: Invoke-WebRequest https://example.com/

In these particular cases, they do have aliases defined, so you can use ls, dir and curl instead, but …yeah, that’s still generally what the command names are like.

It’s partially more verbose than C#, which is one of the most verbose programming languages out there. I genuinely feel like this kind of defeats the point of having a scripting language in the first place, when it isn’t succinct.
Like, you’re hardly going to use it interactively, because it is so verbose, so you won’t know the commands very well. Which means, if you go to write a script with Powershell, you’ll need to look up how to do everything just as much as with a full-fledged programming language. And I do typically prefer the better tooling of a full-fledged programming language…

I just want to say that you’re probably worrying too much about it. Of course, there is lots of things one can do to improve security (which the others here are listing dutifully) and it is foolish to just assume that one’s computer is entirely secure, because as a user, you will always have the ability to bypass that.

But there’s a pretty firm consensus in the IT industry that Linux is more secure than Windows. And that the popular Linux distributions are more trustworthy organizations than Microsoft.

So, it’s good to inform yourself, but if you survived on Windows, you at least should not worry about the Linux side of things. It’s more than fine.

Mint’s desktop environment, Cinnamon, is technically based on GNOME Shell (i.e. a fork of it), but we’re not just talking “pretty heavily modified”. In many ways, it’s its own thing now and you can’t really assume things to work similarly.

You can uncheck this checkbox:

If you actually need to run some DEB or RPM or such, people seem to be recommending Distrobox a lot these days.

Hmm, you should be able to set a custom command for it to run before suspend like this: https://unix.stackexchange.com/a/526290

And apparently, you can tell light-locker to lock immediately with light-locker-command --lock: https://manpages.debian.org/buster/light-locker/light-locker-command.1.en.html

I guess, you might want to try out, if it works at all, before you start editing files. If it works with this, then I’d expect it work when you put it in into the file, too:

light-locker-command --lock && systemctl suspend

Ah yeah, that didn’t make a ton of sense. To some degree, I wanted to say that it may show up in various config files, which you’re right, I could template with a shell script.

But then I’m using Nix for scripting, which has a concept that everything should be defined in the repo, so you shouldn’t have dependencies on external state like $HOME or $USER.

I’m still working out to what degree that’s actually necessary/useful (and I do have a workaround, so I don’t need to check in my username). But I’m guessing, it comes partially from the ‘proper’ thing being NixOS, where you define the whole OS in your configuration, so you would need to type out at some point anyways, what the user should be called, so that it can create it.

Somewhat of a cheap answer, but I feel what illustrates the difference quite well is that Linux follows the design from UNIX, which was a research project with stupid amounts of money to at least try to get things right. On the other hand, Windows originated from an OS, which was referred to by its developers as “Quick and Dirty Operating System”.

And I do feel like these foundations have informed the design of all the layers built on top.

I believe, Icecast ticks at least some of your criteria. It’s been around since forever, so it’s probably the most stable option and even a Pi1 is likely overkill for it. No idea how it holds up in terms of UI, app and Docker, though.

They do have a mirror on GitHub, but the main repo is on a self-hosted GitLab.

You’d have to rewrite the Git history to pseudonomize the author, which yes, is pretty bad, but I don’t see why you’d need to remove the code, unless they genuinely checked in their home address or such.

Yeah, I’ve been using scripts to set only the parts I actually want to modify, which is already a pretty good step for reducing the amount of information and knowing what you publish without having to review the dotfiles when you back up your latest configuration changes.

But even with that, there’s some info I do not particularly want public.
Like, it starts with the name of my user account showing up in places. On my personal device, I just call it “main” to sidestep this whole problem, but if I want to use those scripts on my work laptop, well, the user name there is a shorthand of my real name, which I do not want to publish.

But there’s also lots of things in between.
Like, I make music as a hobby, which isn’t really something I care to announce to the world, but decided I don’t mind the world knowing either.
On the other hand, I decided against sticking my RSS feeds into there for now, because I want to be able to add any RSS feed without having to think about whether I want that particular interest public.

Git: lazygit Docker management : lazydocker

Well, seeing them in the list like that rubs me the wrong way. 😅

Both of those come with a CLI, called git and docker respectively, which is the official way of using them. These CLIs might not be particularly sexy, depending on who you ask, but they’re decent enough and worth learning, even if you go the lazy* route, since online resources all just explain the official CLIs and you might find yourself one day administering remote systems where you can’t install additional software…

For Firefox, I believe the way you’d usually want to do this is with Policies: https://support.mozilla.org/en-US/kb/enforcing-policies-firefox-enterprise

Side-note: Mozilla is shutting down Pocket, so you might not need to adjust that config.
I’m not sure, how they handle disabling it in browsers, but given that the backend has already been turned off, presumably they would disable it even on ESR with some update…

Sure, I guess, if you’ve got a distro installed on your PC and use the distro-provided packages to install the Rust compiler, then you can’t be subject to such certificate MitM attacks.

Your comment sounded like you were primarily concerned about the shell script piping rather it just being a program which can be downloaded without going through distro packages.

You’re using that to download a program. If they can MitM the shell script, they can just as well MitM the program that you’ll run right after the download…

It’s a Linux concept. Basically, imagine you could have a Windows 11 PC with the Windows XP GUI or with the macOS GUI. In Linux, these kinds of different GUIs are just desktop environments, which you can install as you see fit.
Conversely, you can also have an OS without a desktop environment, which is basically what’s used on Linux server PCs.

KDE Discover and GNOME Software can install from FlatHub (or other Flatpak repos, if you add those).

Yeah, you understood my comment entirely the wrong way around. When I say “dotfiles”, I mean the non-Nix way of managing application configurations. Nix Home-Manager happens to write to these dotfiles, but that means I don’t have to deal with the dotfiles myself.

I feel like setting up a new machine is just the easiest to explain.

Personally, I find dotfiles messy, as you often just want to change one or two settings, but you always carry along the whole file with all kinds of irrelevant other settings. This also makes it impractical to diff two versions of those dotfiles, especially when programs write semi-permanent settings into there.

I guess, your mileage will vary depending on what programs or desktop environment you use.
For example, I love KDE, but they really don’t do a good job keeping the config files clean. Nix Plasma-Manager generally fixes that, and for example allows defining the contents of the panel in a readable form.

Personally, the stepping stone I needed to know about is Nix Home-Manager, which basically allows you to manage your dotfiles independent of the distro. From what I understand, if I do switch to NixOS, I’ll continue using this code with just some minor tweaks.

But yeah, I agree with the verdict in the post. I like it a lot, but I would not have made it past the initial learning curve, if I didn’t happen to be a software engineer. Sysadmins will probably be able to figure out how to put it to use, too. But it’s just not for non-technical Linux users.