wanting bare metal feel IMO

Not sure what that means. Typically I would also question people who think containers are “expensive” in the sense of wasting resources. IMHO it’s a great compromise to have very weird services while the server itself is very stable.

if you need new things before it’s ready for a new version it’ll be pain

Like what?

Also if you need something before Debian is ready for it… you’re weird. I don’t mean this in a derogatory fashion, solely that you are doing something our of the ordinary. Consequently you should first question WHY you do that in the first place.

Finally if you do need something very specific, containers are there to … contain that. Running Debian as the host distribution doesn’t mean you’re limited to it for your applications, servers included.

parents being the ones responsible.

Pretty much.

Damn 1month ago.

Funnily enough I just read “A third of children (32%) say they have bypassed age checks, including by entering a fake birthdate (13%) or using someone else’s login (9%), while others used more creative methods like drawing on facial hair” from https://www.internetmatters.org/hub/research/online-safety-act-report-2026/ this morning, so they clearly don’t have to be the “smart” or dedicated.

Indeed, I think vulgarization of CVEs for a broader audience should start with requirements.

Few seem to address the issue here : it does not work 100% of the time for you.

It might work for everybody else but that doesn’t help you much. You have your setup, no theirs.

So… you need to investigate. When it works, great, nothing to learn from. When it fails though… can you find a pattern? Does it always fail after you have use something specific? Check https://lemmy.ml/post/46800646/25494455 which gives examples of potential failure point and journalctl logs. You can then check what failed and if not you can at least know when then backtrack to others logs, e.g. dmesg.

They key take away is that when things do not behave as expected you need to put a detective hat on and you investigate :

• what’s your crime scene? Your laptop and it’s log files
• what’s the crime? It didn’t suspend properly
• where are the traces? In the logs
• where are the logs? Using journalctl or dmesg and typically in /var/log/
• what would a good detective do? Search for specific clues, e.g. places where fingerprints do stick, e.g metal or glass, which here would be error messages. That can be found using grep and other tools

You also have limited times because the logs will, just like on a real crime scene, get contaminated or rotated or deleted. So… if you do encounter the problem do not rush to the next tasks at hand because you are wasting an opportunity to learn and there is vanishing window.

TL;DR : grep logs

what about just using Debian? It’s a bit hassle

What hassle? Genuinely curious.

You don’t have to share your personal situation and I’m sorry to read that you are struggling. My point isn’t to argue that you must do like everyone else or that consumerism is good, rather than in the typical case (not a lot of time, hardware getting cheaper of the year, game assets being compressed already) switching to newer hardware is a much much more convenient solution. That’s why I warned about it.

running games on old storage devices that hold less than 32 GB and have terrible read and write speeds.

I’m confused. How about copying that to newer storage devices?

Also typically game assets are VERY well compressed so I would suggest doing a comparison with/without compression before a full on migration. Compression tools help but aren’t magical. If your assets are e.g. .jpg or .mp4 or .mp3 or a combination of that (as typically game assets are, including 3D models with their textures) then you can test yourself to .zip them (or bzip2 or whatever you prefer) and you will seem some gains but they’ll be nearly negligible, e.g. < 10% reduction.

related https://discuss.grapheneos.org/d/10397-digital-minimalism-on-graphene-os-deleting-browser-disable-installing-apps/29

It’s a pragmatic compromise. The assumption is that Google is not literally evil, solely a very large advertisement company which subsidize very cool hardware in order to sell more ads. It’s the same principle as using a rooted Meta Quest when one doesn’t even have a Facebook or WhatsApp account.

I imagine than everybody who is into that situation will move to Motorola or Valve Frame when those will become available. Until then the bet is that the hardware does not have hardware backdoors because so far nobody disclosed any.

If you really are into trusting hardware I recommend checking https://precursor.dev/ and similar initiatives.

I did mention Linux phones too but again that’s not for everyone.

IMHO it’s much better to use a GrapheneOS deGoogle Android device today, knowing the limitation, than using a Googled Android device today, Pixel or not, and complaining about all the limitations about it while waiting for a theoretical better solution that is simply not yet available.

Right, you actually can’t AFAIK but you can disable it.

It’s indeed not the point. GrapheneOS focus is on security. If you want to have complete control you’d better go with a Linux proper phone but AFAICT, unless you are fine with ~4hrs battery and/or can spend 1000€ on a device that very people have, it’s not for most.

Yes, I have a PinePhone and PinePhone Pro both with PostMarketOS so doing this is as easy as few sudo apk add packagename or sudo apk del firefox.

Now… if you want a daily driver then as few others hinted at, it’s much harder. I would instead get a 2nd hand Pixel 8 or above, install GrapheneOS on it, remove the browser and that’s pretty much it already since it doesn’t come with an app store or equivalent. Well, there’s the GrapheneOS equivalent but there are ~10 apps on it at most last time I checked.

I don’t think it actually is. It’s only like that the very first time when you haven’t you this specific distribution itself. Once you know how the few extra step and understand the core principle, it’s trivial.

PS: I did tinker with NixOS, SteamOS and ROCKNIX.

I’m not sure.

I’m a professional tinkerer and I run Debian stable. OK ok it’s not an immutable distro but my point is that I do tinker, just NOT with my main OS.

I’ll tinker in containers, in VMs, in my ~/bin etc but NOT in what hosts all that.

So I would argue that what’s important for tinkerers is to establish clear boundaries on what they want to tinker on and what they do NOT want to tinker on, what can change vs what should never.

I’m aware (unfortunately) of the marketing claims and even if they might be true, as you say it is “for now”. So if it’s only temporary for that arm race, especially if held by a company who leaked its own code just days ago, then I have a hard time understanding why ‘zero-days are numbered’ because this title claims the dynamic itself is gone. That’s now my understanding, especially if other models are just marginally (which is hard to prove with models, finding proper metrics) worst than it.

See comment that shared https://techcrunch.com/2026/04/21/unauthorized-group-has-gained-access-to-anthropics-exclusive-cyber-tool-mythos-report-claims just few hours ago, and that’s not even sophisticated.

Anthropic and OpenAI have multiple times used this arm race rhetoric before and it worked. Their models are supposedly “too dangerous” to be released thus consequently they have to control access.

It might be true but so far what we have witnessed is that roughly equivalent models get released by others merely weeks or maybe months after, sometimes open, but the “moat” never lasted long so I’m questioning why it would be different this time.

That doesn’t make sense. Don’t the attackers have the same tools?

AI tools can find bugs faster than they can be patched

Not a security expert but wasn’t that the case already? It feels like before AI there were already a lot more bugs, security related or not, on backlogs. That’s precisely why there are metrics like severity.

🍾

I think the “trap” is to believe “we” can “win” once and for all.

Under capitalism (and I’m not suggesting there are better systems, only highlight a core mechanism) there will always be competition to capture value, both customers and lawmakers who (should) protect them.

There are countless examples but one of the most obvious on that topic if Microsoft itself with it’s sadly now classic EEE https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish of which we can admire the comtemporary version with Github. Initially Github was acquired and no changed, nowadays a lot of basic functionalities, e.g. search within a repository are locked behind a login, there are more and more advertisements for Microsoft other products, e.g. CoPilot. That last product itself is questioning the foundation of free software and open source with its license washing process making unclear who did what, breaking provenance, etc.

The same happened with Google acquiring Android but not locking it down more and more.

The list could grow longer and longer, overall the point is to showcase a pattern : nothing is just “let” alone to grow on its own. It’s gradually captured and enshittified until there is nothing left but the name of a project because corporations exist only to extract more money. There is no moral, only an imperative for profit or their death.

So… unfortunately we WILL have to keep on both building AND protecting what’s been built so far with newer and more powerful threats. Microsoft, Google, and all large corporations who advertise themselves as allies of free software and open source MUST be judge on what they actually do, not on what they claim.

We have to push back and we will always have to. This year and the next.