Who uses pure GNOME (no extensions)
I've tried to combat this a bit with a global Flatpak override that takes unnecessarily broad permissions away by default, like filesystem=home, but apps could easily circumvent it by requesting permissions for specific subdirectories. This cat-and-mouse game could be fixed by allowing a recursive override, such as nofilesystem=home/*.
But even then, there is still the issue with D-Bus access, which is even more difficult to control ...
I think it is sad that Flatpak finally provides the tool to restrict desktop apps in the same way that mobile apps have been restricted for a decade, but the implementation chooses to be insecure by default and only provides limited options to make it secure by default.
Deleted
Permanently Deleted
Jump
I was in a similar situation not too long ago.
My criteria for another scripting language included that it should be preinstalled on all target systems (i. e. Debian and Fedora), it should be an interpreted language and it needs to have type safety.
Afterall I settled with Python due to its popularity, its syntax and features (type safety since v3.6, etc.) and the fact that it is preinstalled on many Linux distributions. System components often use Python as well, which means that libraries to interact with the system tend to be included by default.
Actually that's one of the main reasons I use Syncthing: It doesn't need a server, as it is a peer-to-peer architecture. Unlike a centralised solution (cloud storage, Nextcloud, etc.) devices sync directly with each other. If they are on the same local network, you get to enjoy the full bandwidth of your local network. If they need to sync over a long distance over the internet, you are limited by the upload and download speeds of your internet provider, just like with centralised storage.
I have a server that serves as an introducer, so I don't have to connect each device with every other device manually. But the server doesn't need to be available once all devices are connected with each other.
Syncing continues to work without it for as long as I don't reinstall any of the other devices. And even if I'd reinstall a device, I could delegate any other device to be the introducer or connect the devices manually with each other. It really is quite robust and fail-safe.
Nowadays switching to Windows isn't really an option for me anymore, as I am just too invested into the Linux ecosystem.
It's always funny hearing about how difficult it is to switch from Windows to Linux, because you have to relearn how to use a computer and all your favourite software isn't available.
But for me it's the same, but the other way around! I would have to relearn how to document my installation (scripts, etc.), what program to use for which task or how to force a game onto a certain monitor (the last time I looked into this, the only way on Windows was switching the primary monitor before starting said game; on Linux I can just tell KWin how to make the program behave).
It would be a lot of work with little or no benefit to me and I'm not even sure if all my hardware is compatible with Windows, as I did all my software and hardware purchases in the last decade with only Linux in mind and I usually didn't purchase something if the manufacturer offered no support for Linux (money talks).
When I was still new to Linux I also had these phases from time to time where I went back to Windows, used mainstream software, like Microsoft Office, etc.. I was still undecided if Linux was really worth all the hassle and I wasn't quite settled on either side.
But I always returned to Linux for whatever reason. Probably because using Windows just didn't feel right ... The times where I returned to Windows got rarer and shorter the older I got. The last time I used Windows for an extensive amount of time was during the Windows 10 beta period. I even had a Windows Phone for a year! I returned to Linux roughly once Windows 10 was released as stable (funnily enough).
I believe that you are likely in a very similar situation at the moment as I was. I think you might just need some time to settle with something and get comfortable. ;)
Haha, that's what I was thinking as well when I first discovered it. Glad you found it through my post!
I took my handwritten notes with PDF Annotator in a Windows VM for over three years ...
For me the issue is "importing and exporting". I just don't want to have a note-taking software anymore where I can't just read or edit plain text files with any text editor I happen to have.
I know I can export my notes from Joplin into markdown, but when I last tried it, I wasn't satisfied with the result. I don't remember it anymore, but exporting either didn't preserve the file hierarchy, caused issues with linked images or I had to do something else with the markdown files.
I also didn't like that Joplin had to sync with a local folder instead of just using the files directly. Overall it was just too complex for what I need (i. e. a glorified text editor).
But I don't want to discourage anyone from using Joplin. Different people simply have different needs and Joplin is free to use so one should try it out and see for themselves. ;)
For text-based notes I use Obsidian.
It isn't open source, but it writes standard markdown files to disk, so I can switch programs whenever I like and I am not locked into the Obsidian ecosystem with my notes. That was the main reason why I decided against using Joplin, especially after my experience with converting recipes from Nextcloud Cookbook to markdown ...
In general I am always trying to find a simple file-based solution for whatever I need to do. I want to be able to sync it with Syncthing instead of something fancier that requires a centralised web server or even relies on a cloud service.
I am surprised that no one has mentioned Rnote yet.
It is my favourite newly-created program for Linux. It is a relatively new app which supports annotating files and taking handwritten notes. You can import PDFs, set the page size to infinite or a fixed size (something OneNote can't do), adjust the background to display grids or lines or dots or nothing with any spacing you like, input text with your keyboard, .... It is available on Flathub for easy installation.
The only major downside is the following: Disclaimer: The file format is still unstable. It might change and break compatibility between versions.
Have you considered a fixed release in combination with rolling applications (i. e. Flatpak, Snap)?
If you choose Fedora (preferably one of the atomic variants, like Silverblue), you would also get a rolling kernel and rolling KDE Plasma desktop, so overall the experience can be quite close to a rolling release distribution if you install the desktop applications via Flatpak.
Ubuntu "interim" (non-LTS) releases are usually also fairly current and could be a good choice if you don't mind Snap. There's also the option of following the Ubuntu "devel" branch, which always refers to the current pre-release version of Ubuntu (e. g. 24.04 at the moment) and is rolling.
Just wanted to give you a different direction to think about. ;)
For servers there's Docker/Kubernetes/Podman, which is well-established and serves a similar purpose as Flatpak on the desktop. Servers were actually first with the increase in popularity of containers.
90 % or more of my desktop (Fedora Kinoite and Silverblue) apps are Flatpaks already. I only have four rpm-ostree overlays (native packages) left: android-tools, brasero/k3b, syncthing (I could switch to SyncThingy for a Flatpak) and virt-manager/virtualbox
With Flatpak there is "flatpak override" which gives you the ability to grant additional permissions or restrict them even further. E. g. I use it to connect KeePassXC with Firefox or to disallow access to the X server to force almost all apps to use Wayland instead of X. It also allows me to prevent apps from creating and writing into arbitrary directories in my home.
Once I reinstall my home server, all its server software will be containerised as well (five years ago I didn't see the necessity yet). I am tired of having to manage dependencies with every (Nextcloud) upgrade. I want something that can auto update itself completely with minimal or no breakage, just like my desktops.
Any source for that claim?
At least the Fairphone 3 and 4 use public test keys in production:
- https://twitter.com/GrapheneOS/status/1546224158769659904
- https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11
- https://web.archive.org/web/2if_/https://www.reddit.com/r/GrapheneOS/comments/10b5x4n/comment/j67pbny/
Seems like at least the Fairphone 5 finally uses production keys: https://forum.fairphone.com/t/avb-keys-used-in-roms-for-fairphone-5/100314
(Hopefully) obviously /s
Thanks for fixing this issue! I didn't even know until today that it affected non-Linux systems as well.
Because it takes manpower to develop and maintain these features?
Especially desktop icons are difficult to get right (see workarounds like "ReIcon" on Windows). E. g. keeping icon positions across multiple monitors and varying resolutions and displays (which can be unplugged at any time). They can also be a privacy-issue, e. g. when doing a presentation.
But most importantly: GNOME doesn't want to be a traditional (Windows-like) desktop, so why would they implement features that don't align with their ideas for a desktop experience?
There are lots of other desktops, like Cinnamon, that offer a traditional desktop experience within the GTK ecosystem. There is also plenty of room for desktops, like GNOME, that have a different philosophy and feature set.
In my opinion it would be boring, if every desktop tried to do the same thing. And there wouldn't be any innovation, if no one tried to do things differently.