https://forums.debian.net/ exists for Debian

Yeah it is a bit of a pain. I currently only have a few users. Tooling-wise there are ways to tail the journals (if you’re using journalctl) and collate them but I haven’t gotten around to doing this myself yet.

That’s probably a fair point. I can’t say too much as I haven’t touched Windows desktop or server too much.

Could be apples vs oranges here though as we’re talking about getting started versus well established setup, but my current employer is looking at adopting Ansible + Packer for imaging and partially Ansible-managing Windows servers where it makes sense because of limitations in SCCM and GPO. As far as I can see across the divide Windows Server isn’t all smooth sailing.

I can’t say I’ve managed Linux desktops at scale (so technically I should leave it there) but I do manage several hundred Linux VMs with Ansible, and I manage all of my PCs with Ansible. Desktops are a different ballgame to servers, dealing with end users and all, but I still don’t think it would be that hard once it’s been set up.

That sucks :( I’m pretty much in the same boat. I get to use a Linux desktop at work on the proviso that I don’t raise support requests. We use Microsoft for nearly everything so naturally it’s an uphill battle. The web UI is quite buggy and “not recommended” by my org. Teams doesn’t support Firefox so I have to run a separate browser especially for it.

But aside from interfacing with Microsoft everything just works, and really nicely.

That’s awesome - great to hear about Linux desktops bring used by non-techies especially in a company.

How was it received out of interest?

At work we use separate clusters for various things. We built an Ansible collection to manage the lot so it’s not too much overhead.

For home use I skipped K8s and went to rootless Quadlet manifests. Each quadlet is in a separate non-root user with lingering enabled to reduce exposure from a container breakout.

Securing proprietary hardware against peeps installing alt OSes

Technically XFS is also a CoW filesystem, but it doesn’t have the vast array of features that ZFS does like volume management, snapshots, send/recv etc. It does have reflink support which I guess is a kind of snapshot for a file.

OpenZFS is under a completely FOSS license but it’s incompatible with the GPL and can’t really ever be merged into the Linux kernel. The workaroundids to provide it as source code which gets compiled as a module every time there’s a new kernel via dkms.

More controversially, Canonical ship OpenZFS pre-compiled in Ubuntu which some lawyers believe to be infringing on ZFS’ codebase.

Honestly the OpenZFS situation on Linux is probably the biggest single reason for the growing interest in btrfs and bcachefs, the former slowly becoming default on more Linux distros over time and lots of investment from SUSE and Facebook AFAIK.

ext3 had journaling, but not ext2. Also ext3 doesn’t really exist anymore as it was merged into the ext4 driver which can read the old format.

Lineage is kinda bad privacy and security wise, from the little I know its not fully degoogled

My understanding is kinda the opposite:

• GrapheneOS ships with a sandboxed, FOSS Google Play Services which can optionally do a bunch of Google things (use their APIs, login to Google etc.) plus they have some hosted services that can substitute Google services (like geolocation).
• LineageOS basically doesn’t ship with any Google Play style API/frameworks at all. It’s a pure AOSP experience. Any apps on F-Droid work but third party apps (like ones found on Google Play) are hit and miss. If you can just use F-Droid for all of your apps then LineageOS is probably a much more private and secure offering.
• LineageOS for microG is an unofficial fork of LineageOS which includes a FOSS Google Play Services compatibility layer, a bit like GrapheneOS. As far as I know it doesn’t have the same level of sandboxing as Sandboxed Google Play on GrapheneOS.

Both GrapheneOS and LineageOS publish monthly updates with upstream security patches for all supported devices.

Both GrapheneOS use network-provided DNS by default.

Apparently both GrapheneOS and LineageOS connect to connectivitytest.gstatic.com via http as a Captive Portal test by default,althoughh this was as of 2019-2020 and both might have changed since then.