Sorry to say, but there’s a lot questionable stuff found within your comment. But I will try to limit the discussion around some of the more egregious ones.

Hate to keep litigating this around here, but the shift alone is enough. Explaining to people WTF an immutable filesystem is, is a sure way to frustrate them into giving up, despite whatever comms finesse you might THINK you have.

I don’t understand what’s so hard to understand about (some) core system files being read-only, i.e. you can’t change/modify it. Can you help me understand why that would cause so much frustration?

Counterpoint: STOP SUGGESTING IMMUTABLE DISTROS TO NEW USERS

Countering the counterpoint with an anecdote: I cold turkey switched from Windows to Fedora Silverblue almost 4 years ago. Beginner-friendly derivatives like Bazzite (or other uBlue images) weren’t even around back then. And, somehow, I managed. And there are many other testimonials that point out something similar, especially with many^[1] newbies appreciating Bazzite. Are you ignoring this empirical evidence? If so, on what basis?

there is ZERO benefit

Come on, you know that’s not true. Perhaps you intended to write: “I suppose there is ZERO benefit to me (and others like me)”. Though, if you genuinely don’t know any, then please consider going over this (lengthy) blog post by Colin Walters, a key figure in the past and current development of Fedora Atomic and Fedora CoreOS. It’s not a very efficient writing for educating oneself on this topic, but it’s the best I know.

I agree with this in general. But, I’d like to add that well-supported hardware (like a ThinkPad) may do equally well on Linux and perhaps even better.

Yet another very lengthy comment. I hope you will find it worth reading.

Wow, that’s very insightful. Thank you for the effort!

If you allow me, I wish to provide some feedback and -if applicable- give pointers on how some of that translates to Linux.

I’m closer to the average user than someone who has built a fortress.

That’s probably true, but you’re definitely upholding excellent practices. Most people I know don’t even practice a fraction of that 😅. So mad props for that!

FWIW, I will assume for now that you haven’t delved into Windows Registry (or stuff like HotCakeX) for the sake of hardening. Which, to be clear, is absolutely fine. But is worth noting for the eventual mapping to a suitable distro.

I use Firefox with ublock, ghostery, and privacy badger. I use the free tier of proton vpn.

You can just continue doing these.

I run avast daily and malwarebytes weekly.

Unfortunately, I’m not aware on how we would translate this responsibly. This could be on me, though. Granted, the situation on Linux is different from how it is at Windows. Anyhow, as a non-expert, the furthest I came would boil down to:

• ClamAV as the first layer of reactive anti-malware. AFAIK, this is your only free^[1] option for real time protection^[2].
• Unfortunately, ClamAV is plagued by a tendency to output many false positives. Perhaps even moreso than most of its kind^[3]. So, you’d naturally want a second opinion to verify its claims. Which, often comes in the form of relegating it to something more accurate. Enter VirusTotal. If this only happens occasionally, then the web app might suffice. But feel free to look into Lenspect for a dedicated app with a GUI, that functionally does the same. Or, if you’re more interested in ease^[4] of use and/or function, the more powerful VirusTotal CLI.
• As for your weekly Malwarebytes, a couple of options do exist, but it’s questionable to what degree they’re effective. Though, there’s somewhat of an exception: Kaspersky’s Virus Removal Tool for Linux (KVRT) is pretty legit. But I would only recommend that if you trust Kaspersky (or, rather, trust that they’re not compromised due to politics).

I think that I should already be close to best practices but I’m not sure how changing OS will affect that.

It will 😜. Look into the others comments for a healthy amount of pointers on this.

I’m not really worried about being targeted for anything.

I’m glad to hear that. It would otherwise complicate things a lot.

I don’t think that I really do much risky beyond the occasional torrent or downloading a patch for a game.

You should be fine as long as they’re from trusted sources.

I get games primarily from gog

Unrelated to the rest of my commentary, but this is an excellent choice! You got great taste.

don’t open strange emails or click strange links, and use a password manager to generate secure passwords

Keep this up 👍.

One of the things that I’m most unsure about is keeping everything updated. Microsoft manages keeping everything updated for the most part on Windows

So, the gist is that as long as you’re installing stuff from a repository, then upgrading your whole system should be a pretty straightforward, streamlined and seamless experience. Heck, it can even be automated if you want. The following is worth pointing out, though:

• If your notion of “updated” means that the latest (‘stable’^[5]) release is found on your system, then this will affect your choice of distro. By contrast, there are distros that update in leaps. So, instead of going from versions 1 -> 2 -> 3 -> 4 -> 5 -> 6 -> 7 -> 8 (and so on, and so forth) , it does 1 (long pause^[6]) -> 3 (long pause) -> 6 (long pause) (and so on, and so forth).
• Automated background updates do exist, but I’d only recommend those on systems that do that OOTB. If however, you’re fine with (or perhaps even prefer) pressing a button after a prompt for updates, then note that that’s more widely available.

and the last time I needed to find a driver anywhere except from Microsoft it came on a 3.5" floppy.

So, if that was your experience on Windows, then I’m somewhat optimistic that you’d be more than fine on Linux. FWIW, drivers and whatnot are mostly found within the Linux kernel itself. Thus, making Linux a very smooth experience; your drivers simply receive the updates whenever an update to the kernel has been applied. Though, while rare, exceptions do exist. And they’re quite notorious:

• Nvidia used to be pretty bad in this regard, probably the result of a bad relationship. But, it has become a lot better in recent years. Still, I would recommend a distro that specifically handles Nvidia updates (about) as gracefully as they come. So, please mention it if you’re on Nvidia.
• Broadcom’s wireless drivers. Tough luck. Thankfully, some distros have put in significant efforts to make this work. So, again, the specific distro could matter.
• There are perhaps others, but these were the first that came to my mind.

I use my computer primarily for single player gaming, discord, and fediverse sites. I need a spreadsheet and word processer, I use open office for that right now.

Nothing out of the ordinary. Most of those translate pretty easily to Linux:

• single player gaming -> For GOG specifically, there’s Minigalaxy. But Heroic Games Launcher also supports GOG very well and can do more beyond that.
• discord -> If you’re fine with how it works within a browser, then you’re all set. If you desire an official app, then the one provided on Flathub is your best option. However, the Flatpak format is known to have the capacity to cause ‘issues’^[7] with otherwise well-functioning software. So, alternatively, you may install it from your distro’s repository.
• fediverse sites -> Firefox is included in many distros, so you should be good to go OOTB.
• open office -> I wasn’t expecting this, but only some Linux distros have continued to include it within their respective repos. The absence of Debian, Fedora and openSUSE is quite telling. Granted, Apache has continued to create .deb and .rpm install files, so nothing’s actually preventing you from installing it. FWIW, if you’re not necessarily tied to OpenOffice, then perhaps the likes of LibreOffice (and many others) are worth mentioning.

I do financial and work related things on a different device.

Good job on compartmentalizing your activities across multiple devices!

Fam, as this has become an absolute unit of a comment, please feel free to dismiss as you feel like and only engage with the parts you want. If you’ve come this far, then I’d like to express my appreciation: Thank you!

Aight. I’ll give you some more then 😜:

• Don’t expect real-time protection (à la Windows Defender) on Linux. While decent options do exist^[1], the better ones come at a premium.
• Though, related to the previous point, that’s not necessarily a bad thing. The epitome of secure OSes, GrapheneOS (for mobile) and Qubes OS (for desktop), don’t come pre-installed with one either. And I wouldn’t be surprised if their respective maintainers would justify it by stating that proactive security is simply better than reactive security.
• FWIW, Lynis is a battle-tested security tool used to audit the system. It doesn’t work on Windows, but does on macOS, Linux and some other systems. It even goes as far as granting a numerical rating that represents how well the system performs on security and notes (point-by-point) what could be improved (and sometimes even how). While I would definitely not argue that it’s the be-all and end-all, the numeral rating definitely makes it easy to compare distros at a glance.

There’s perhaps more to go through, but I believe we should address the elephant in the room:

How much hardening did you even apply on your current/previous OS?

Like, if you’ve built a literal fortress, chances are that you’ll have a hard time finding a suitable distro that provides similar protection OOTB. But, if you’re just your average Joe and you just ran with how it came OOTB and at least didn’t try to actively sabotage/compromise their system, then… chances are that a decent amount of mainstream distros will suit you fine. I kinda hinted at it in my previous comment, but a mainstream distro could be fine if you uphold best practices. So, in that scenario, the query shifts to:

Are you willing to adopt best practices?

If you’re unsure whether you’ll manage given your wants/needs out of the system, then that would (again) shift the question. This time we’d have to discuss the activities you engage in and ‘decide’ whether there are any distros out there that can handle those gracefully and responsibly.

Etc. Etc.

Warning: as you should be aware by now, and if you haven’t yet, see the security entry on the (excellent) ArchWiki and the (infamous^[2]) Linux entry on Madaidan’s Insecurities, this can be a pretty ugly rabbit hole. I hope this doesn’t discourage you, though.

Finally, consider giving answers to the bold and cursive questions 😉.

what software do people pirate in linux?

It’s a great piece of software. As such, I wouldn’t want to harm them. Hence, I won’t give you any pointers. Sorry not sorry.

I’m obviously not an expert. But, from what I can tell, the scene seems quite healthy. And I don’t see a reason why it wouldn’t thrive further. Especially as the Linux market share is in the lift. Anti-cheat shenanigans are a lot more concerning. Though, I’m optimistic that Valve is actively making progress on that front.

Btw, just as an FYI: I know people that were more interested in software piracy. But I digress…

Vague statement. Please, fam; either be more explicit from the get-go. Or, engage with the comment section.

I suppose you meant the piracy that involves games and/or software. FWIW, I’d be more than happy to elaborate if you could clarify.

OP, I’ll keep it short as you might have already moved on. Security on desktop Linux isn’t great. The lack of widespread sandboxing is one of the main culprits. Good ‘hygiene’ should keep you safe. But, if you’re (rightfully) more concerned, then I’d suggest looking into secureblue^[1].

The way you present “immutable distros” make them look like state-of-the-art stateless systems (a la NixOS with the impermanence module).

As much as I’d wish (so-called) immutable distros were like that, almost none of them actually are^[1].

Fedora Atomic, which may or may not have surpassed NixOS in popularity by now, practically just locks down /usr. That’s cute, but it means that the immutability doesn’t prevent persistence of hardware in most of the filesystem.

Similarly, I could go over the other popular immutables to point out how their immutability doesn’t do much to combat persistence. But I digress…

Ah…, the conundrums of subjective morality.

programs

Consider being more explicit about what you want/need. Some programs work great with wine and others have never.

Thanks for the quick rely!

Maybe this is relevant for some

That is very tangible, indeed. And kudos for providing the only browser that aced the ‘test’!

Also, pull requests attempting to improve the documentation are very much welcome. Would be great to get more contributors involved and one doesn’t have to be deeply technical to write good docs.

Hehe 😜. I do admire your work, but don’t get your hopes up 😅.

Anyhow, I will add it to the list of Firefox(-based) browsers worth looking into. To be clear, I’m not a primary consumer of the product category. FWIW, I would install it on my system if I were*.

In the now up-to-date README.md we find the following line:

A couple of privacy-related patches not built elsewhere

Cool. But…, could you name those explicitly?

Mullvad Browser is also based on Firefox ESR and is the product of a joint development involving both Mullvad and the Tor Project. Could you please explain why anyone should consider Konform Browser over it?

My priorities:

• Secure. Unlike popular belief, the fact that the worlds infrastructure basically runs on Linux does not imply that your average Desktop Linux distro enjoys the same level of scrutiny when it comes to its security. Hence, the security-conscious should carefully pick a distro that can handle their threat model. Or, at least harden it to their liking.
• Stateless. Conventionally, you will be met with a (relatively) minimal system after installation. After which you’re expected to configure it to your liking and go smooth sailing afterwards. Occasionally, you might (un)install stuff and/or modify settings; but nothing out of the ordinary, really. While applying some of these changes might seem trivial, they (kinda) lead your system to accumulate cruft. This cruft might seem innocuous, but it’s exactly why your system seems so fresh after a reinstall. Foregoing this altogether is referred to as going stateless. This is done by declaring a desired state and ‘flushing’ all changes that have not been declared. Many other benefits are associated with this, but I digress…

The above^[1] already dictates the use of NixOS with the impermanence and nix-mineral modules.

I was actually seriously considering to just write “Freedom” and call it a day. Apologies for making it more wordy than it has to be.

They do not have centralized configuration as far as I am aware so they do not go as far as Nix.

Which is why it’s (only) their ambition 😜. But thanks for prompting me to clarify!

Furthermore, their wording would suggest that configuration is not part of what’s declared. Which -at best- would make it relatively light on how declarative it is.

Domain-Specific Language. In the context of NixOS, that would be the Nix language.

Freedom, it’s that simple. Any other reason is a derivative of said freedom.

The article unfortunately does a horrendous job at highlighting AerynOS’ unique features by only giving vague descriptions without going into any technicality that matters.

FWIW, my two cents on AerynOS:

• It offers (yet) a(nother) novel approach to atomic distros. The gist for its ambition (or, at least, my understanding of it) would be NixOS, but with FHS intact and without a DSL.

Not the one you asked, but here’s my two cents.

Arch, by virtue of its DIY nature, has little to no defaults. As such, common security measures are not pre-configured either. Thankfully, it makes up for that with its excellent wiki entry on security. Unfortunately, I don’t think most users ever seriously implement what’s found within.

As for Debian, it actually does come with plenty of relatively sane defaults, including security. And Debian has shown to take security rather seriously. However, (most) Debian repositories are not great at providing up-to-date versions of the software they package:

• The stable branch has outdated packages for the sake of providing a ‘boring’ (but reliable) experience. While security updates are backported, it is not the preferred way of keeping software safe and secure.
• The testing branch is in a disturbing condition in which it holds software that is a bit more stable than the unstable branch. However, it does not enjoy the security updates backported to the stable branch. Nor does it immediately receive the security updates as they come to the unstable branch. A rather unsettling middle ground, if you will. Definitely not recommended for the security-conscious.
• Finally, the unstable branch. Intuitively, this should provide the fix for the above problems. It should provide current software, which should mean that it receives updates as they’re released, security included. But, anecdotally, the likes of Arch, Fedora and openSUSE seem to be doing a better job at offering a (semi-)rolling release distro. But, please be my guest, and prove them wrong.