I switched off of BSD about a decade ago so I can’t weigh in on it’s current state at all. I generally avoid Flatpaks at least in Qubes. I do have a template that supports it but it’s only running on my Music VM currently which is offlined, the rest follow the traditional template+AppVM approach which I keep updated on a schedule.

I have never operated under the assumption that flatpaks are sandboxed or secure because they really aren’t. It’s a system to bundle packages with your software without contaminating the host environment. The big issue really is in the package maintainers shipping outdated packages, containers were never a security measure in my eyes due to the shared kernel and especially not with the default share of the homedir for flatpaks. If you need that kind of isolation you really need a VM. I treat them as a standard install personally without any expectations of isolation, and really with Silverblue I’m leaning more towards installing apps directly in Distrobox and exporting them to the host, it still has the shared homedir issue but you’re getting up to date packages in a desired environment that you fully control (this is both good and bad since maintenance is on you).

I think it’s a good idea if there were stricter requirements, maybe vulnerability scanning as a requirement to releasing and pulling stale flatpaks after a period of no releases to start. It’s difficult to appease everyone in this situation and breaking changes would be inevitable so it is difficult to fully solve now that it already exists as it does. I do think supply chain attacks will only get more common though so they definitely need work.

As someone who does a lot of infrastructure work on AWS, Azure, GCP etc, it’s just about the only operating system I’ll use at this point for that kind of work. The isolation I get per-client and per-environment is unmatched. There’s a little more upfront work to get everything the way you like (putting ZSH configs on /etc/skel of your templates for example) but once it’s set up it’s really solid. Having the windows named and color coded really helps me keep from crossing wires when stuff gets chaotic and I’m jumping around a lot.

It’s obviously MUCH worse at certain things such as CAD, but they’re still workable in it. HVMs can remedy this pretty easily but it’s not quite as seamless as the standard Qubes unfortunately but it’s progressed a LOT in a short amount of time so we’ll see what the future holds!

If you’ve used it in the past it’s MUCH better now but there are still hiccups and certain apps you have to force to use X but they do typically run well still, at least the ones I’ve encountered

Immutable was the only thing that got me to switch back from QubesOS on my desktop. I was doing Qubes with a win10 HVM with my 3070 passed through and it was a couple frames off from native performance. Still keep Qubes on my T480 for infra specific work but my “dev” machine with no creds is the desktop now.

Couldn’t get the performance quite right for a Linux based HVM and was wanting the HW accel for some of my work (CAD, figma) so I loaded Bazzite with KDE which runs Fedora Atomic and it’s been amazing for both gaming and work.

Distrobox with boxbuddy and rootful containers where needed has been extremely pleasant and they all live as a subdirectory of my home with a ZSH install script I have to load the terminal styles I want into any new containers. Any apps you install in the container you can export to your start menu and launch seamlessly without tainting your host with any weird dependencies you might need for a project.

We use ddev a lot so needed a rootful container for Docker but other projects I just treat like a VM almost (R projects for instance), install whats needed to get an env going real quick and fire up the IDE in the container and get to work.

EVERYTING I care about is in /var, including my home which makes backups and snapshots stupid simple which I love coming from a traditional Linux distro

Same here, saw the writing on the wall after 7 and tried Linux gaming a few times but it was rough back then so I always came back. I did however start at least dual booting with 7 onwards so apart from gaming I was a convert at that time.

This year finally got tired of all the crap, them trying to railroad AI junk in, ruining the control panel, absolutely BURYING settings, turning ones back on with updates, the entire operating system is a dark pattern when it used to be so much more streamlined. Switched to Bazzite and it feels like I’m almost back to Windows 7 except I don’t have to install drivers or anything, just install it, add any apps through the store and you’re off. What they’ve done to windows is ridiculous to me and I’ll never come back.

My brother needed the driver installed in debian on Qubes but has been flawless beyond that. When I was still running arch it just worked out of the box

I did this with Qubes a year ago and haven’t had any issues apart from figuring out the right flags to get the full performance, otherwise the GPU would cap around 30% under load with low CPU load.

Kind of at the mercy of what your motherboard and bios will allow, mine I had to cheese a little and disable the PCI device on boot so I get to decrypt my disk with no screen lol but it works!

Not op but I do a lot of architecture and infrastructure work on top of my normal dev work so keeping everything separated and per-client has become a pretty important advantage for me personally

Fwiw I had to tinker a bit to get good video playback, Fedora was always choppy for me for some reason but debian is typically smooth with hw accel disabled.

As for the gaming, depending on your setup (I have a desktop and T480 I keep in sync) you can absolutely run two video cards and do PCI passthrough on one to a gaming VM. I have mine set up with a dedicated NIC and USB card and just use a KVM to swap between Qubes and Windows (for now) and it’s worked really well. Had to play around a ton to get the full speed out of the GPU though and it only seemed to work in windows so hopefully get that going for a Linux hvm one day.

Absolutely agree there is no going back, I have all of my work stuff entirely hardware agnostic and a full on replica of my work desktop ready to go in a moment should the desktop die. Apart from that keeping client work isolated has been such a game changer.

Fwiw I used to daily an x210 and then an x230 in IT and pretty frequently typed with one hand while carrying with another without the weight bugging me but your mileage may vary.

You can definitely send them flying and not damage them my coworker launched theirs across the office and the bezel just snapped back together.

I have a T480 now since I do more dev work and needed a slightly bigger keyboard/screen and it’s phenomenal with Qubes and 48gb of memory on the quad core i5. Love the ease to repair I just swapped a motherboard on it in around 30 minutes and was back up and running

I just use nextcloud as a target for backups (Aegis, Signal, QkSMS). Apps such as KeePassDX I have load the file via nextcloud. My contacts and calendar go through it as well, photos are just set to auto upload along with a few other directories.

As for the home screen layouts, I just take screenshots once I have it how I like and try to remember to take them again if I change stuff.

It’s not a full backup but I’m back up and running fairly quickly (Pixel 5A died on me 3 times in under a one year lifespan per device).

I would never go back from qubes. VirtualGL seems promising for the hardware accelerated apps and GPU passthrough for a gaming VM is insane

I remember watching the trailer for that game over and over and over, the first one you could go outside

You’ve insulted my entire existence I challenge you to a duel

I started with openscad and moved to freecad. Freecad is powerful but definitely not perfect but it has suited my needs fairly well.

I’m still a holdout for superslicer but I did migrate my profiles to PrusaSlicer for those sweet organic supports.

Using sonixd for desktop and finamp for mobile through my Jellyfin server and really liking it.

I did have to make a separate Jellyfin account for my music since I didn’t want music showing up on the Jellyfin TV apps cluttering it up but not bad overall!

Finamp doesn’t track new items in a playlist marked for offline play which is my main gripe atm.

When was the last time you ran a distro and how awful was the hardware to have this experience? In the past 10 years all of them have been fairly “hit the ground running” for me unless it had something weird like Nvidia Optimus

Yeah and they have no top end

I used to think people who downloaded videos on YouTube, forum posts with guides or useful info and other data were weird.

They were right.

With archive.org under threat some of it will be gone for good unfortunately. Save what you can when you can it might not be there later.

I’m patiently waiting for my 4th Pixel 5A RMA since they love frying motherboards outta nowhere but damn once you get grapheneos going it really is something else