Well, the majority still seems to be unhappy. I think it is mainly because I chose Linux as an example and it reads like I think that Linux is not secure software which is not at all what I intended to say and also (obviously?) not what I think is true.

I agree because it is exactly what my claim is. It would still be foolish to say that open source software is by design more secure than proprietary. I know that this is not what you said and you most likely also don’t mean that, but there are enough people who think that way because they read everywhere that OSS=secure software.

Your example with xz however does not really hold imo. The xz bug was not found because xz is open source but because someone realized, that their ssh session build up took longer than usual and they then used valgrind to check for issues and not because they looked in the source code. It wasn’t even really an easy to spot backdoor because it was a malicious compressed file that changed the build process while running the tests and injecting the actual backdoor in the compiled file. Therfore this would have been found with proprietary software with the same likelyhood.

And regarding my analogy: I also like it more when things are recyclable, that is also why I like open source software more and have more trust in it. But now that I think about it, that wasn’t the best analogy I could’ve chosen but it was the first thing that came to my mind.

Could we please stop associating open source with security? Don’t get me wrong, I love open source software and it is easier to trust open source software than proprietary, because it is highly unlikely, that they hide stuff like trackers in there. It is also most of the time highly configurable and sometimes even hackable and as a software developer you are able to look into the mechanisms behind the APIs which is sometimes really helpful.

But events like the lzma incident last year and predictable openssl RNG in Debian some time ago (https://lists.debian.org/debian-security-announce/2008/msg00152.html) should tell us, that open source doesn’t mean secure software. And the argument, that there are many people looking at the code is not really true. E.g. many maintainers of the linux kernel only look at specific parts/drivers in it and maybe into some other things they need for that. There are probably only a few people if any (apart from governments), that have read, understood and analyzed the linux kernel in its entirety with all the (open source) drivers built into it and all the possible combinations of configurations. And I don’t want to know how many have done all that for less popular projects. And even if that is done at some point for an upstream project, you would have to check the patches from your distro and if there are any do it all for yourself again. And when the next release arrives you would have to do all that in its entirety again (although with some head start) if a new version arrives (that has, say, at least a thousand lines of code changed, removed or added). And now think about how many big releases come with some software per year. And don’t forget to also include all the dependencies you have to check including the compiler and standard library of the language(s) used.

Of course it is easier to do all that for OSS as an outside party because you don’t have to decompile it, but it is still increadibly hard. And only to be easier to analyze for security risks doesn’t mean to be more secure just like packaging being recyclable doesn’t mean that it will be recycled.

Yeah, it really is more like google play store or shopping websites and similiar apps/websites (although there are some that have a better design I guess). I’m not really a fan of it either, but I guess people being used to those (which is probably the majority of the userbase of flatpak) feel more comfortable with it.

My guess with the difference between “trending” and “popular” is that the former means lots of recent downloads and the latter a lot of downloads in a longer timespan (e.g. a year or so)

What about the search bar at the top? It has category filters as well.

Just recently I have skill issue’d myself by doing git clean -rf in my home directory where my dotfiles live and therefore deleted all of my home files. I was tired and looked for a quick way to resolve my conflicts and made the stupidest mistake one can do: execute a command you do not really understand.

At least I know what it does now and now I also do hourly local backups of my files with cron and borg.

A very important one besides backing up your files is that you should more or less stop searching the web for applications to download and install. You should first try to use your package manager (read the wiki of your distribution to know which one it is and how to search for and install software with it). If you miss some applications from Windows, you could have a good chance to look for alternatives at sites like https://www.opensourcealternative.to/

Do not fear the terminal too much. I know, Windows tried to make it as dreadful as possible to use, but if you do not run sudo rm -rf / (deletes your whole filesystem), there is not much that can go awfully wrong. And you should only execute commands you understand. If something does go wrong however, it is a good thing to have a backup ready (I would recommend Pika Backup or Vorta, both based on the great CLI application borg)

For things that are not explained in the wiki of your distro, you have a pretty good chance to find a good explanation and even troubleshooting tips at the Arch Wiki (e.g. I use Void Linux and still search for most things at the Arch Wiki). It is also good to read some parts of the manual pages if you did not find enough information at the Arch Wiki (the command man is your friend) and the software’s wiki page if it exists.

If you ever find yourself in the editor vi or vim, type :q and press enter to quit until you feel the need to potentially invest a lot of time in learning vim movements to increase your editing speed and you never want to go back. Use nano, micro or a graphical app at first instead and keep using it if you are not someone who edits text a lot.

Yeah ok, I understand that.

Yes, sorry, wasn’t well written.

The criticism itself is not. Throwing assumptions like “you are an addict if you continue to use this platform no matter what your reason is” (which is what I read out of this person’s comment) around is also not preventing anyone from enjoying things. I just thought that specifically this assumption was overshot and it read like a straight up insult. I do get it now at least a bit although especially because they just insulted me without any arguments, I still guess that they just insulted people and not gave them a diagnosis of an addiction.

Sad that you don’t even try to defend your view but rather resort to straight up insult me instead. That’s how we discuss in the internet nowadays.

I do go with you, that nobody is stopping them using it. I was just pissed from the statement of the author of the comment, saying, if you don’t stop using it, you are just an addict. That is simply not true, because of the bullshit DRM, one is bound to the platform. I aswell try to get away from DRM as much as possible but I of course reject ditching Steam completely. I won’t throw away all the games I bought just to get rid of “spyware” or rather not-perfectly-privacy-friendly-marketplace-software using the horror DRM is.

And before you say: but it is open source!: Doesn’t hold the administrators back from still selling your data using software analyzing the database. And to give more examples what would be spyware with their definition:

• Any kind of online shop (credit card, address, mail etc)
• Any kind of forum that doesn’t somehow encrypt everything while still working as a forum
• Using the internet at all because your ISP has access to your IP at least

How about letting people enjoy things? If you don’t want to play games or have access to the biggest gaming library there is currently, then it’s fine, won’t blame you. People have the freedom to decide if they want to limit their privacy a bit (while things stated on that website like credit card, address, browsing history, chat logs and forum posts are like: no shit, they sell games, have an internal browser and chats and forums, of course they do that. And with that defenition, you are currently as well on a spyware platform, because your posts are saved unencrypted on your homeserver) to have access to their games where some have invested A LOT of money in, before knowing about such things.

I have installed Ubuntu in I think at the beginning of 2020 at the end of my first semester as dual boot, because I wanted to learn it a bit while studying engineering informatics. Later I have installed it as my only distro on my Laptop to have more reasons to learn it since I use my PC mostly for gaming. After some time I was so confident with it that I wanted to try something new and installed Garuda on my PC and learned about proton. Then I learned about how many games I can actually play with it and used it as my daily driver for about half a year. Then I was distro hopping frequently, trying pure Arch, Gentoo and Void, wiped Windows completely at the beginning of 2022 because I didn’t use it anyways if I remember correctly and sticked with Void since about mid 2022 until today for my Laptop, PC and Server.