The beauty of Fedora Atomic is that anyone effected by the recent update (including me) could simply rollback to the previous image and boot as normal in order to troubleshoot. This is exactly why nearly all of my devices are running Silverblue or Kinoite now.

I think it's worth mentioning that significant bugs happen across all major OS platforms.

Recently, Microsoft pushed a patch requiring effected users to manually resize their EFI recovery partition. Shortly after that, it was announced that all Apple Silicon Macs suffered from an unpatchable vulnerability which can defeat encryption. These are just a couple of examples from recent memory...there are many others.

To truly avoid serious software vulnerabilities or bugs is to avoid software entirely. Operating systems are highly complex, multilayered software, and shit happens.

As a fellow Atomic user, my completely biased opinion is that you've made a good choice of distro for switching from Windows.

Don't sweat the need or desire to layer a few packages. I see a lot of folks stress over this as if it's a hard rule they are breaking. It's a general recommendation and little more. I would be surprised if most users don't layer at least one package (or even a few).

On my main workstation, running Kinoite at the moment, some of the layered packages include:

• distrobox
• gdm (sddm refuses to respect autologin)
• kate
• ksystemlog
• syncthing
• vim-enhanced
• virt-manager
• virt-viewer

If your hobby is technology and you enjoy spending time learning this stuff, then go for it. You'll probably have a good time, and you likely won't stop at Void.

If this is more of a grass is greener over there thing, then consider that constantly switching your software environment is just time taken from something else, and it's time you'll never get back. Ever. The pursuit of minimalism can often bring the opposite of its desire effect.

Right, here's an enlightening synopsis by Evan Boehs:

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

Ptyxis, formerly Prompt. I used urxvt for many years but eventually settled on GNOME Terminal after transitioning to the GNOME environment for most of my devices. Ptyxis is a slick and quick container-centric GTK 4 terminal that fits well with my Fedora Silverblue container-based workflow.

I appreciate the writeup and that you've taken the time to post about it here, however I am 100% leery of managing remote access or credentials using closed source software. I'll definitely keep an eye on the project, but it's a hard pass for me until the app is fully open source.

Relevant topics also missing from the survey:

• Choice of desktop operating system
• Choice of mobile platform and OS
• Use of email encryption
• Use of cloud storage
• Use and method of disk encryption

As long as you don't need audiobooks on it, you can essentially erase your wifi credentials, turn off wifi, and manage your ebooks through USB and something like Calibre.

The Kindle OS will continue to collect and store all sorts of telemetry, and will upload it later if you ever reconnect the device to the internet. Just something to consider.

Normally, I would just suggest avoiding Kindles but, like me, you already have the device so might as well use it.

For what it's worth, I use F-Droid and the Play Store via the Aurora store frontend, all without a Google account.

I don't install the Google Play Store bundle, as I feel it defeats the purpose. I do install Google Services Framework though as most apps rely on it and it doesn't require network access.

I generally don't use any apps that compromise user privacy, so apps like Facebook, Instagram, TikTok, Spotify, YouTube, and Google Maps are all a no-go for me. If and when I need to access their services, I use an alternative front end or simply use a browser.

Even if you do need to use the above apps though, you'll find GrapheneOS a much more secure and privacy-respecting way of doing so.

I treat all guests on the network as potentially hostile, so I enable firewalls on all of my hosts.

I believe that Fedora's firewall is enabled by default, but it leaves open ports 1025-65535/tcp and 1025-65535/udp.

To lock down some sane defaults:

sudo firewall-cmd --permanent --remove-port=1025-65535/tcp
sudo firewall-cmd --permanent --remove-port=1025-65535/udp
sudo firewall-cmd --reload

Verify allowed ports with:

sudo firewall-cmd --list-ports

See also:

• https://firewalld.org/
• https://docs.fedoraproject.org/en-US/quick-docs/firewalld/

PS: if you have a Steam Link, you'll want to open these ports for connectivity:

sudo firewall-cmd --permanent --add-port=27031/udp  # steam remote play
sudo firewall-cmd --permanent --add-port=27036/udp  # steam remote play
sudo firewall-cmd --permanent --add-port=27036/tcp  # steam remote play
sudo firewall-cmd --permanent --add-port=27037/tcp  # steam remote play

Still waiting for my refund for what I suspect was a switcharoo return of a PC. Ordered a renewed Optiplex 7040 with an i7-6700 for a family member, but received someone's old and dusty 3020 with an i3-4150 instead, and the refurb sticker for the right product had been slapped on it.

Figured it was a one-off scam, reordered another one right away, and thankfully the second was legit...but they've had the returned PC for 2 weeks now and still no refund. And course no way to follow up about it within the return status itself, so I'll be wasting even more time trying to chase it down. Something has to change.

I'm glad to see you've gotten a ton of feedback here, and I just wanted to add another comment in support of flatpaks and image-based computing. I've been using Linux extensively for about 15 years now, mostly Arch and Debian Sid. I've been a distro packager, and I've compiled plenty of my own apps over the years.

This past year I took Fedora Silverblue for a spin after following the project for quite some time, and I am convinced that the image-based system approach, coupled with containerized and sandboxed userspace applications, is the future of Linux for most users. It makes so much sense from nearly all perspectives; whether security, reliability, or flexibility.

Integral parts of the system are mounted read-only by default. Simple commands can rollback unwanted changes, upgrade to a new distro release, or even sideload an entirely different OS. System updates are automated, as are flatpak updates, and there is little-to-no risk to stability due to the very nature of the essentials-only system images. And if something catastrophic did happen, you're just a reboot away from rolling it back.

Consider for a moment the collective energy and time that distro package maintainers must undertake on a weekly basis. Much of it simply repeated by each distro, building the same applications over and over again. Flatpaks are built once and deployed everywhere. Think of the collective potential that could be directed elsewhere.

Couple this with containers and the choice of distro matters even less. Arch, Debian, Ubuntu and Fedora are just a keystroke away. Yes, you can run containers on any distro of course, but you don't gain any of the other ostree benefits mentioned above.

I have since moved all of my workstations to Silverblue and I don't see myself ever going back to a traditional system again. If anything, I may start automating my own image deployments, similar to Universal Blue.

Yes, flatpak as a platform still needs some work, and so does ostree, but both are evolving quickly and will only get better with time.

To others who complain about needing Flatseal...in my opinion, this is a feature to be embraced, not loathed. Sane defaults are rarely sane for everyone, and Flatseal exists to give you complete control over what an app can or cannot see and do.