Given the Linux initramfs targets a block device as a file that then gets mounted as the persistent root filesystem, I don’t think it would really be possible to unmount / and replace the location with a file. Root isn’t represented as a file or directory in any filesystem structure and is a construct of many Unix and Unix-like kernels.

Under what means? The target is public sector and the OS to replace (Windows 10, Windows 11) would be a relatively compatible release target. Fedora is a competent leading edge (Wayland, Pipewire, BTRFS) distro that runs as a 6 month point release. I wouldn’t see many reasons to not go with Fedora Workstation as a base unless going for an immutable base or a different core distro (OpenSUSE or Debian mainly).

EDIT: Missed that this is going to be immutabe, so it is likely being based on Fedora Kinoite, meaning there really aren’t many alternatives besides OpenSUSE’s offerings.

Authentik has blueprints, which while not as simple as Authelia’s config, do provide a functional way to have version-controlled configuration.

As far as KDE vs. GNOME is concerned: KDE contains a lot of customizable features as an expectation and thus has great support for a wide array of customization. Both KDE and GNOME are extensible, with third-party extensions to extend or change functionality available. What makes GNOME less customizable, albeit supporting stylesheets and extensions, both are not expected to be used in any form (outside of defaults provided via Adwaita), and neither do many independent apps written in GTK3, GTK4. GNOME offers fairly minimal customization options without resorting to GNOME Tweaks, third-party extensions, and unsupported customized themes: all things that can break GNOME as while the customization does exist, the developers don’t embrace it and have no expectation to not break it with any update.

Certainly a failure but at least it wouldn’t actually be as harmful as it reads, given / is a directory and the assumption you’re not root.

You’re not referring to this satire article by chance?

From my experience with a modern Thinkpad (A485); nothing if not outright inferior. The trackpoints on them are pretty terrible compared to classic IBM-era thinkpads (10-20hz polling rate, abysmal velocity curve). The physical durability of the machine might be above-average for business laptops, but the chance of the hardware failing in some major way within warranty seems to be quite high (among other replacement parts, I had 4-5 mainboard replacements done under warranty). The cooling solution on the Thinkpad I used to use was also a fair bit inadequate, and would lead to severe thermal throttling of the mid-range APU. Honestly between the reliability and torturous process to even buy a new Thinkpad from Lenovo, I just wouldn’t bother.

For what it’s worth, I do think OCIS is worthy of switching to if you don’t make use of all of the various apps Nextcloud can do. OCIS can hook into an online office provider, but doesn’t do much more than just the cloud storage as of right now.

That said, the cloud storage and UX performance is night and day between Nextcloud/Owncloud and OCIS. If you’re using a S3 provider as a storage backend, then you only need to ensure backups for the S3 objects and the small metadata volume the OCIS container needs in order to ensure file integrity.

Another thing to note about OCIS: it provides no at-rest encryption module unlike Nextcloud. If that’s important to your use case, either stick with Nextcloud or you will need to figure out how to roll your own.

I know that OCIS does intend to bring more features into the stack eventually (CalDAV, CardDAV, etc.). As it stands currently though, OCIS isn’t a behemoth that Nextcloud/Owncloud are, and the architecture, maintenance is more straightforward overall.

As for open-source: OCIS released and has still remained under Apache 2.0 for its entire lifespan thus far. If you don’t trust Owncloud over the drama that created Nextcloud, then I guess remain wary? Otherwise OCIS looks fine to use.

Persistent keep alive is configured per connection by all peers (server and client typically). As I understand it, Wireguard’s peer-based architecture will let both client and server peers define an optional persistent keep alive timer in order to send heartbeat packets on interval. Otherwise Wireguard on either peer may keep opening and closing connections for inactivity (or get its connections forcefully closed externally) if traffic isn’t being regularly sent. This can occur even though the network interfaces for Wireguard on both communicating peers remain up.

I do agree that running some kind of health-check handshake service over the Wireguard tunnel is an easy enough way to periodically check the state of the connection between peers.

Depending on how your connection is negotiated, it may partially not be possible due to the architecture of Wireguard. There is likely some way to hook into capturing handshakes between clients (initial handshake, key rotations). To determine disconnects and reconnects however is a challenge. There are no explicit states in the connection. The closest thing to disconnect monitoring is utilizing a keep alive timeout on the connections. There are some caveats to using a keep alive timer, however. Additionally, not every connection may use a keep alive timeout, making this a full solution infeasible.

Detailed information about Wireguard session handling can be found in section 6 of this PDF.

You use Steam for games on Linux primarily. Independent native games exist as well. Many Windows-only titles will be best run through Proton: Valve’s modified WINE bundle. Other store titles can be configured to run through WINE or Proton via apps like Lutris or Heroic (GOG, Itch.io, Epic Games, etc.).

An aside to the technical question of how to migrate profiles to older versions:

DO NOT DOWNGRADE FIREFOX BELOW 131.0.2 OR ESR 128.3.1, 115.16.1

I feel that given this recent vulnerability, it is important to make this notice.

Otherwise:

For migrating profiles between the same major version, Mozilla provides a guide for full profile migration. This also works with forwards compatibility. I generally wouldn’t try to go backwards however as many new major versions change the data format and contents of your profiles, which older versions have no idea how to interpret.

For downgrading, it’s best to export bookmarks, go through your important addons and backup the settings for each one that needs configuration, and take note of anything you’re previously modified in about:config to your preference. Perhaps take screenshots of your tab bar and overflow menu as well so you can recustomize them to your liking easily on the downgraded version.

For multi-monitor: use Wayland. For 2.5Gbps Ethernet NICs, they never work properly on any system in regard to performance, but I presume you are referencing the subpar Realtek NICs not connecting? Depending on the distro, you likely won’t have the driver and/or firmware package preinstalled to make it work.

The question that I have to ask: what category of CLI apps (or even some examples) exist that are too complex to maintain a few versions simultaneously as native packages but are not complex enough to just use an OCI container for them instead?

https://librewolf.net/

A summary from its site and known technical details:

• no telemetry by default
• includes uBlock Origin
• has sane privacy-respecting defaults
• prepackages arkenfox user.js
• relatively well-maintained fork of Firefox that keeps up with upstream
• No major controversies AFAIK

As for Windows 7, nobody should really need to install Librewolf anyway on such a device. No device running Windows 7 should have access to the internet at this point. If you are asking about compatibility intending this use case, you have bigger problems to worry about than your choice of browser. If you just need to view HTML files graphically, even Internet Explorer or an older firefox ESR will do.

We are well beyond the point of a majority of common hardware having built-in kernel drivers and userland software for extra stuff like RGB control that the best advice is rather avoiding Linux, to instead avoid the trash hardware (NVidia for the time being, GoXLR, Broadcom, etc.). My GPU, audio hardware, network interfaces are both popular products and have worked out of the box for years now.

2-2-1 still insinuates having a remote backup. I don’t see how this particular threat destroys a 2-2-1 setup.

What makes Nextcloud unreliable for your use case? I’ve used the calendar (caldav) functionality for years without issue in sync.

Tbf to cloud sync, nothing is stopping you from using your own backup/restore service with your drm-free titles compared to the other features that Galaxy offers.

GOG has DRM for many titles: see Galaxy. As I understand it, it isn’t as pervasive as Steam, but is necessary if you want multiplayer on many titles or care about extras like achievements.