Minimal delay between a program releasing new features or bugfixes and you getting to use them. Even as an avid Debian user, sometimes I get bummed out when they freeze a package for release right before a feature I would have really liked makes it in.

As for security, there’s not a huge difference I’m aware of. On Debian, features stay where they are, but maintainers will backport just the security fixes of each package to the current stable release.

Saw the followup post, glad to hear its all running well. I created my VM using virt-manager with a raw disk image and UEFI firmware rather than the default qcow2 format with BIOS. I keep the image size down to 32 GB to save time when imaging. Install proceeds as usual, make sure fstab mounts disks by UUID, Debian does by default in my case. When everything is configured, dd the raw disk image over to the target disk, do the rituals to make it bootable, and consider configuring new partition UUIDs.

Linux: no, but not necessarily plug-and-play. My daily-driver install is literally pre-configured on a VM and cloned to all of my machines with various motherboards. Nvidia complications aside, a default Linux install will contain nearly every driver you could ever need to get up and running. However, some motherboards do need you to chroot from a live environment and make it “aware” of the existing GRUB bootloader.

Windows: At best, you’ll need to reactivate. More often, it’ll be missing a driver or just not work as well as it did on the old motherboard. It’s better to reinstall Windows.

Will admit that I’m very biased against reinstalling Linux anew except as a last resort since it’s a painstaking days-long process to configure things just right for my picky tastes.

If you have SMR drives, it is normal for them to rearrange their contents during periods of user inactivity. The way Shingled Magnetic Recording crams more bytes into the same platter necessitates its own kind of “defragmenting”. Unless it’s host-managed SMR, it’s done by the drive’s onboard controller, so the OS won’t be aware.

No, the more the merrier, even if it’s pure publicity.

Probably not without LVM or an external drive to restore from. Depending on which partition comes first, you’ll either have to extend the OS partition “leftward” or lop off the front of the data partition, and there isn’t a good way to do either nondestructively.

If you have LVM set up, you could reduce the storage partition, make a partition in the new free space, and lump it into the volume group for the OS partition.

Sorry about that, you are right. The way I originally envisioned would have disrupted the partitioning of the original ISO. Tried it myself and ran into the same issue, then finally recalled how I actually did it. See my edited comment above. Unfortunately, changing out the ISO non-destructively might be harder than I originally thought.

Looks amazing. I was just thinking about my friend who keeps Windows around for iTunes syncing yesterday, one more thing I can suggest to people moving to Linux.

The only time I find myself in line with CLI purists is when I need to SSH into a machine without X forwarding. Had no idea that there were terminal PDF viewers, but now I know if I ever need to consult a document remotely.

My friend

• loves making and sharing home videos, but his entire workflow is tied to Windows Movie Maker
• his wife insists on using an iPhone and is tech-illiterate, so depends on him having iTunes for syncing stuff
• has bad memories of Linux from the 2000s and has grown comfortable with a copy of Windows that I’ve debloated

If you don’t want Ventoy:

1. Wipe the USB: wipefs -a /dev/sdb
2. Copy the ISO image to the USB: dd of=/dev/sdb if=/path/to/image/linux.ISO bs=1M status=progress
3. Make the data partition in the free space: cfdisk /dev/sdb, don’t remove the iso9660 signature, create partition in the free space, and Write.
4. Format the partition with filesystem of your choice: mkfs, cryptsetup, etc.

(everything as root, replace /dev/sdb with the location of your USB)

As is, this only leaves exactly enough for the ISO you are currently working with, sealing the fate of the data partition if you need to swap out the ISO. I suspect there is a workaround in theory, but I haven’t gotten around to that yet.

Also see https://github.com/thias/glim, a GRUB-based alternative to Ventoy, albeit with less compatibility.

Edit: this will not work with Windows ISOs and the data partition won’t show up in certain versions of Windows, in case anyone is wondering

You’ve survived and perhaps thrived booting off the HDD for a while, so I would wipe the SSD and install Linux there if you intend to switch over at some point. That’s what I did for my test bench, my last personal machine with Windows; Linux on an SSD and Windows on an old HDD, where the slow speeds don’t really bother my infrequent use.

As someone who did use this guide as an exercise in making my setup as secure as it could be without changing distros or hampering productivity, a few words of advice:

• Make a threat model for yourself before diving in and apply the mitigations judiciously. It’s not exactly a checklist, just use something secureblue or Qubes if you are really paranoid about your computer.
• The majority of the mitigations ‘just work’ and have no noticeable impact on performance, battery life, or compatibility.
• If your CPU/Memory performance widget breaks, dial back on the ptrace options
• If Flatpaks fail to launch, dial back on the namespace options
• Check back every so often because some of the options end up having unwanted side-effects with updates. See the preamble in boot parameters, where a change in Linux made in 2021 (which finally made it into Debian Stable this year) made the slub_debug mitigation actually worsen security.

It’s there to protect you from crimes of opportunity. Like if your car is locked, a thief could decide to pick the lock, smash the windows in, or find another victim, but they would have no second thoughts if your car were already unlocked. The password deters a casual hacker and buys you some time to notice and deal with anyone seriously trying to break in.

In an ideal case of disk encryption and a well-designed lock screen, the password forces a would-be intruder to either spend lots of time guessing it or shut down the computer, thereby discarding the encryption key from memory and thwarting the attack.

As a perfectionist myself, perfect is the enemy of the good. It’s good that you’re still learning and finding possible improvements. If you haven’t already, may I suggest organizing a copy of your customizations and dotfiles in one neat location? Saves a lot of mental anguish when you need to track down that edit to a config file you made some months ago.

I daily drive Debian now, but several years ago when a couple of my computers were still very new, I used Arch since it has bleeding-edge support for new hardware while being still thoroughly documented in the Arch Wiki.

The sheer volume of packages on the official repo and the AUR made it great for discovering which desktop environment I wanted to use and for software-hopping in general too. You can have as much or as little on your system as you want and nothing is forced on you.

I think ROCm is fine with more recent cards, but getting it to work on my RX 480, for which ROCm dropped official support a while ago, was a real pain.

As yet another modifier key. I use XFCE, so if I bind it to the applications menu, the applications menu will also pop up every time I use any other keybinding involving the Super key, which is less than ideal.

I don’t know how controversial this would be, I wouldn’t mind making it like the command key in MacOS either.

If you can get your hands on the LTSC edition, that should have you covered until 2032

Mint is a very good option for this purpose. In my case, it’s Debian, but with a much more involved process.

The only ones who ask me to help with installing Linux are either very close friends or people in my family with whom I spend more time, and they tend to be curious about the exact setup that I’m using. I just so happen to have a fully-configured system image in a VM that I duplicate onto my machines, so I work with my friend or family to figure out what they need and how they want it to look, then I clone that VM, customize it to taste, and let them try it out. If they like it, I image it to their machine, make sure it’s bootable, work out any machine-specific issues, set a new password and encryption key, and make sure that unattended-upgrades is working.

Everyone else just asks me to help install Windows. I have a penchant for LTSC, with an obligatory trick up my sleeve.