The point is also to minimize potential damages caused by a bug in the software. Just this year there have been multiple data-destroying bugs in publicly released software. If the app runs as a server it’s usually trivial to have it run as a dedicated user, with just enough permissions to do its job.

It’s just good practice, even though the risks might be low why risk it at all?

I know “security experts” from a top French bank who insisted on using telegram instead of signal. So even people who were supposed to stay informed about this stuff fell for the hype and marketing.

Telemetry is not bad in itself. It can be used for bug/crash reports, or usage statistics, without tracking or personal data collection.

That’s because he planted a backdoor into GIT, and now he reviews your bad commits every night.

Same as Windows and MacOS, really. You can follow best practices and conventions, or just install your software wherever you want.

I guess it could, as we have to take meta’s word for it, and a quick google search hasn’t turned up any independent security audit.

They don’t want to ban encryption, they want to block encrypted chat apps, precisely so they don’t have to build backdoors. AFAIK it’s not possible to break signal/WhatsApp encryption without access to the targeted device, and once you have access you can get the messages directly without having to break the encryption.

Yes the Steam deck FS is ext4.

Why ext2 on Void?

Yes that’s the case under GNOME, KDE and sway.

Wireguard, like all VPNs, definitely does E2E encryption. What would be the point of an unencrypted VPN?

It’s not new, it started when they released GNOME 3.

I haven’t tried it but the website lists ydotool as an alternative.

From NVIDIA, really. AMD and Intel GPUs work out of the box.

BoringSSL is not a drop-in replacement for openssl though:

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Do you know if blacklisting nouveau actually disables the dGPU? It’s a work laptop so the iGPU is more than enough so I figured I wouldn’t bother with bumblebee or whatnot, but the battery life is removed :'(

You could try manually configuring a native VPN client.

Because modern Java is an OK language with a great ecosystem to quickly build web backends. And there are lots of java devs which means more potential contributors.

Input Leap (fork of a fork of synergy) supports Wayland under gnome, although it seems there are a few bugs remaining.

I’ve been using GNOME for like a decade, and recently switched to hyprland, but KDE 6 looks really promising, looking forward to trying it out.