Ive always liked Andy. Litterally means masculine but has never felt heavy handed. Also while manly men it is also an accepted unisex name

They are the only dectralized cloud computing platform i know, with BIONIC, pedals.ai, and kobald.ai all being being very application specific and no privacy in them.

That said i also didnt like the UX and so i havent really used them

Waydroid right?

Android certification is a problem though from what I can tell

Android does provide other abstractions for app devs. That could become a flatpak runtime at some point though …

Security should be the default, but instead a lot of security features are optional things we have dig through docs to set.

TPM support is getting more common, using it should be too. Detected during install? Set it up as part of LUKs during install, and enable a password, and provide option for TANG (both usage or deployment).

fscrypt should be enabled by default and keys set by logical differences of file types. (Yes on top of LUKS). Honestly setup following selinux profiles and per user is a reasonable default. Hardware wrapped keys should be default.

Encrypted memory an option for this CPU? Enable it. Features for multiple key memory encryption? Enable it. Encrypt on a per VM and per container level by default.

Each service should be containerized, connections made explicit (ideally with l7 rules, l4 at least). If a user want to tinker with have a dev mode that opens that service up, with expectation that it’s temporary (track and warn user when active). Each service should run as it’s own non root user.

Each application should containerized. Wayland should be default to minimize shared data. Access by apps should be explicit and user approved and user configurable. Application should never run as root and escalations should be temporary and explicitly approved by the user. Application to the network should be explicit per connection and l7 aware.

MACSec WPA3 pki should be available during install. Wireless WPA3 PKI option should be default on wireless setup. IPSec/Wire guard VPN/Tor should be available option by default on setup. Vlan tagging should be available options on setup.

FIPS or equivalents should be enforced by default. Old encryption methods/cipher/etc should require explicit approval by the user.

Selinux should enabled by default and selinux tagging should be exposed in user applications, so users can choose the security levels, privacy tags (medical or tax docs or etc), or pseudonym access they want.

Sudo should be setup by default for least privileged roles and not god mode access. The combination of those into a single user could look indistinguishable but it should be set and ready for adding users that are limited in scope.

Encrypted backups following the 321 rule (at least 3 backups, 2 different types of media, 1 off site) should be the default and configurable on install. Schedule and triggered backups should be frequently (ideally constantly backup, with snapshot ting being periodic).

Multiple factor logins should be the default. Support for smart card, key fob, OTP, biometric, plus password built-in and encouraged on install.

Number of known CVEs for hardware, packages, and configurations should be tracked and obviously available for privileged users. Hardware missing for full best practices (like TPM 2.0, memory encryption support, etc). Software source should be kept easily accessable to users for remove and modifications. Software should adhere to SLSA build practices, exception explicitly choosen the user.

Systems should be immutable with expectations being explicit to the user and triggering snapshot ting.

DNSSEC and DNSoTLS/DNSoHTTPS should be default and configurable on install.

NTS should be default for NTP configuration. Hardware time sources should be configurable on install.

Applications should be privacy preserving by default (not defaulting to Google for example).

These are just off the top of my head stuff, stuff I had to annoyingly learn and set up myself to harden systems instead of it just being part of sane defauls. CIS bench mark has more controls that should be set.

We have awesome distributed systems like Kubernetes (rke2, or k3s as easy distro examples) BUT no desktop usage.

I want a distributed desktop dang it. My phone, my smart tv (media PC), my gaming computer, my SOs gaming computer, my router, my home lab, etc, etc should theoretically all be one computer with multiple users, and multiple interfaces.

I wonder how hard this would be to run as sidecar container in k8s. Like is there a way to capture every process in a system cleanly with it?

It’ll be cool to see some more CI tools for desktop apps.

Cloud native apps have tons of tools.

openSuse build system is really powerful.

The Steam deck devs have built some really cool stools

But none are really desktop user/dev friendly imho

Suse’s open build system does this. It’s just very enterprisy to me, so I haven’t really used it myself

It’s more work to get things to work. You have to be more explicit as a dev.

Personally I really like it, and wish there was more support for MLS features it has in Userland

OpenID is still a supported standard with an active standards body.

Baked in would be nicer. It would kind of cool for any landing page just kind of working to get you into the threadiverse. If I keep going to nomoreuserlemmy.org (or whatever fake one you want) it just redirects on the backend for me when I log in to an instance that actually works for me.

Dang I wish did more with the Mimic3 project. They have SSML support which just seems like an awesome way to address the mono voice issue in tts for books to me.

This groups number is one I’ve seen circulated for calling if you see an arrest happening.

https://arewewaylandyet.com/

I had a systemd unit that ran it weekly after the update one ran. I feel like the default behavior though should be automatic purge old unused runtimes though too. I don’t see why that wouldn’t the case to me.

I’ve even gone so far as wanting to force run time changes underneath the packs because of Caves and such, but thats my niche and puts security over function.

Definitely not a free lunch sys admin wise, but it is still a marked improvement over native apps 98% of the time for me.

But the more apps the more the dedup is saving space

No doubt. Software emulation of different arches is still magic to me. Being able to run qemu to run just one program on the CLI as an arm bin was so neat

If it coukd be baked before rather than at run time it feels like there might be some nuance there

I do it with k3s right now on fedora. I like it personally.

Nice thing if you use k8s settings up persistent net storage with something like longhorn is an option too.