Waiting some weeks for uncaught bugs to be ironed out might be advisable if you still have limited debugging capabilities.

Otherwise, you can always nixos-rebuild build-vm using the new release channel and see whether it breaks anything you depend on.
My experience is that it probably won’t. My past few years of updating my server from one stable release to the next were, in one word, boring. Some renames, deprecations etc. with clear errors/warnings to fix at eval time but nothing that actually broke once it was built and deployed.

https://blog.kagi.com/small-web is the closest I’ve seen but it is indeed quite small and often not useful.

Kagi is generally a tool that can be made to clean your search results of poorly incentivised content. It already categorises “top 10” click farms as such OOTB and lets you disable them entirely.

The ability to block websites from appearing in your results is the most useful though IME. If I stumble upon a poorly incentivised website, I can simply block it and it will never appear again.

It’s not all you’re asking for but it gets you the closest that I know of.

There’s also the option of just leaving an offline disk at someone’s and visiting them regularly to update the backup.

Having an entirely offline copy also protects you/mitigates against a few additional hazards.

If you don’t process any user data beyond what is technologically required to make the website work, you don’t need to inform the user about it.

He

I hate to be that guy but OP gave no indication of their gender. English has the luxury of having a “natural” neutral pronoun; please just use that.

which these suggested Fedora Spins are designed to integrate with as tightly as possible

Could you explain what exactly this “tight integration” pertains? AFAIK these are just regular old global-state distros but with read-only snapshotting for said global state (RPM-ostree, “immutable”).
Read-only global system configuration state in pretty much requires usage of Flatpak and the like for user-level package application management because you aren’t supposed to modify the global system state to do so but that’s about the extent that I know such distros interact with Flatpak etc.

Bazzite is completely the opposite of an OS designed to run one app at once, which means you haven’t tried it before rubbishing it as a suggestion.

That is their one and only stated goal: Run games.

I don’t know about you but I typically only run one game at a time and have a hard time imagining how any gaming-focused distro would do it any other way besides running basic utilities in the background (i.e. comms software.).

Obviously you can use it to do non-gaming stuff too but at that point it’s just a regular old distro with read-only system state. You can install Flatpak, distrobox etc. on distros that have mutable system state too for that matter.

Could you point out the specific concrete things Bazzite does to improve separation between applications beyond the sandboxing tools that are available to any distribution?

It’s true that I haven’t used Bazzite; I have no use for imperative global state distributions and am capable of applying modifications useful for gaming on my own. It’s not like I haven’t done my research though.

There is no distribution that does what you’re looking for. All the ones recommended by others in this thread are just generic distributions that do nothing special to separate user applications and I have no idea why they saw fit to mention them at all.

The best recommendation here is Qubes but that’s arguably not a distro but rather its own operating system that can then run some instances of distros inside of it with strong separation between those units.

The only thing that somewhat goes the direction you want is Flatpak but it’s not anywhere close to Androids really quite solid app separation scheme.

The reality of it is that most Linux desktop apps are made with the assumption that they are permitted to access every resource the user has access to with no differentiation; your SSH or GPG private keys are in the same category as the app’s config file.

Standard APIs to manage permissions in a more fine-grained manner are slowly being worked on (primarily by the flatpak community IME) but it’s slow and mostly focused on container stuff which I’m not convinced is the way forward. There does not appear to be any strong effort towards creating a resource access control design that’s anywhere near as good as Android’s in any case though.

The closest thing we have is systemd hardening for system components but that’s obviously not relevant for desktop apps. It’s also (IMHO) inherently flawed due to using a blocklist approach rather than an allow-list one. It’s also quite rigid in what resources it controls.

I’m not convinced any of the existing technologies we have right now is fit for a modern user-facing system.

Here’s what I think we ought to have:

• A method to identify applications at runtime (e.g. to tell apart your browser from your terminal and your editor at runtime)
• A generic extensible way to declare resources to which access should be controlled within a single user context (i.e. some partition of your home filesystem or some device that your user generally has access to such as your camera)
• A user-configurable mapping between resources and applications; enforced by kernel-level generic mechanisms

No need for any containers here for any of this; they’re a crutch for poor legacy distro design that relies on global state. I don’t see a need for breaking the entire UNIX process model by unsharing all resources and then passing in some of them through by overly complex methods either.

Eventhough they’re quite simple and effective, I’m not convinced UNIX users are a good primitive to use for application identification like Android does it because that implies user data file ownership needs to be managed by some separate component rather than the standard IO operations that any Linux apps ever uses for everything.
I think this should instead be achieved using cgroups instead which are the single most important invention in operating systems that you can actually use today since UNIX IMHO.

The missing parts are therefore a standard for resource declaration and a standard and mechanism to assign them to applications (identified via cgroup).
I haven’t done much research into whether these exist or how they could me made to exist.

That is not relevant here in any way. That’s a distro made to easily run one app at a time without really caring about data security w.r.t. that app.

Someone started working on a Vulkan driver for TeraScale GPUs a few years ago:

https://gitlab.freedesktop.org/Triang3l/mesa/-/tree/Terakan

I believe it can run some demos add even works on windows.

Oracle ZFS is so obscure by now that it’s irrelevant.

As usual with Oracle products, it’s just a means to squeeze poorly led companies.

If you’re not going to post what I asked for, nobody can help you.

Or just generally df -h | grep tmpfs and look for any significant usage.

I don’t know what this tool is or how it gets its “memory” metric. If you want to continue to use it, please ascertain that these values correspond to RSS by cross checking with i.e. ps aux. RSS is the memory exclusively held by a given process which is typically what mean by the “memory usage” of any given process. Note however that this does not count anonymous pages of a process that are swapped or shared with other processes.

Going into my task manager (Resources), I can see my using is using roughly 18/32GB of RAM despite closing all apps.

This does not tell you (or us for that matter) anything without defining what “using” means here. My system is “using” 77% of RAM right now but 45% of memory is available for use because it’s cached.

Please post the output of free -h aswell as swapon.

Next, please post the contents of /proc/meminfo.

Do you use ZFS?

That doesn’t make any sort of sense in this scenario.

There cannot be differences between CoreCTRL and LACT; they use the exact same kernel interfaces.

Your issue is therefore also not connected to any of these GUIs but how the kernel applies your policies.

I’d recommend you try to reproduce the issue using just the raw kernel files and report the issue upstream: https://gitlab.freedesktop.org/drm/amd/-/issues/

I doubt most user have any need for great nc performance.

I also doubt those “super performant nextcloud flakes” are actually any faster than a plain old default nc deployment; especially for our use-cases.

Using NixOS is a good recommendation though. Just don’t do flakes unless you actually understand what problem they intend to solve and how catastrophically bad they are at it.

Well then it sounds like it works just fine but your chosen value isn’t stable.

You can also just do the initial import on a NAS. It might take a day perhaps but, honestly, does that matter?

I’d suspect the bots would just try again with a masked user agent when they receive a 403.

I think the best strategy would be to feed the bots shit that looks like real content.

The originals remain untouched.

It is possible to override existing commands with aliases though. This is useful for setting flags by default. I have alias ls='ls --color' for instance such that whenever I run ls, it actually runs ls --color, providing colourful output.

Note that aliases are only a concept within your command line shell though. Any other program running ls internally won’t have the flag added and wouldn’t be able to use any of the other aliases either (not that it would know about them).

It’s very easy to program your own “proper” commands though on Linux. If you had some procedure where you execute multiple commands in some order with some arguments that may depend on the outputs of previous commands, you could write all that as a shell script, give it some custom name, put it in your $PATH and run it like any other command.

You could make aliases that are easier to remember for you.

If you e.g. had trouble remembering that mv does a rename, you could alias rename=mv. Ideally just put whatever you would have googled in “linux command to x” as the alias.

That’s the power of Linux; you can tweak everything to your preferences and needs.