Necessary pre-empt: I’m literally u/pheusie. But I got no clue how I can convince you of that beyond “Trust me bro.” as I’ve changed the password of u/pheusie in hopes of never returning to it; kind of my way of dealing with this unhealthy habit of mine 😅.
Anyhow, without further ado…
Microsoft Surface
Hehe 😅, I hope you’ll not be met with any problems. But, if you’re concerned, consider checking this link out. Perhaps some distros take this into account and install the kernel for you (or at least provide a streamlined way of doing so), but I’m simply unaware of any.
I do prefer free software but I only hate giving corporations more money than I have to. I don’t mind paying extra to shop local, I donate to the fedi instances I use, gog’s preservation fund, Wikipedia, and a few other similar things. If the money is primarily going to the people who are actually doing the work or to the cost of equipment and maintenance then I feel a lot better about paying for something so I’m willing to consider paid software if it’s better and will probably make some kind of donation to any FOSS projects I get software from if it’s free.
That’s great to hear. Unfortunately, I can’t vouch on the effectiveness and reliability of any commercial product used for securing desktop Linux devices.
I’m not worried about keeping up with feature updates or always having the absolute newest version. I want it to be stable and functional so once I have it set up security updates will be the thing I’m most concerned about. I’m fine just setting an alarm and checking for updates every Friday or something like that. Background updates are nice but it’s not a big deal to keep up with it manually if it’s centralized into a repository.
I suppose this should have sealed the deal; i.e. we should have been able to logically arrive at a (set of) distro(s). But…, I’m clearly hesitant because the options aren’t as great as I’d wish. To give you some insight:
- Logical choice would be: Debian (LTS) or Ubuntu (LTS), because they seem to offer (at least) decent~ish support for the linux-surface kernel AND both are slow-moving distros. But…,
- Debian is only an excellent choice as long as you don’t do a major release upgrade. Like, that page is SO MUCH MORE involved that it has any right to be. By contrast, the distro I’m on does automatic major release upgrades in the background. It doesn’t even notify me 🤣🤣🤣. Like, that’s how smooth it can (and perhaps should) be. Without receiving a major release upgrade, Debian is at best usable for three years. Which, ain’t bad, I suppose. But it’s definitely not great.
- Debian LTS grants Debian some much needed longevity; 5 years instead of 3 years. But, they don’t receive direct security updates and support by Debian’s Security team. Hence, if you’re concerned about security, then this is definitely concerning.
- Note: There’s also a Debian ELTS, that extends this further to 10 years. But it’s commercial. Unsure if that’s a desired solution.
- Ubuntu’s documentation suggests that upgrades are handled a lot more gracefully compared to Debian. But, the discourse will inform you that Ubuntu is plagued by Snaps. As that’s a can of worms I’m not willing to open, I’ll leave it at that 😅.
- Unfortunately, Ubuntu LTS doesn’t fare better in that regard.
So…, you might ask: “What about downstream?” The response would be that I’m unaware of any that are both popular AND known to have a dedicated security team.
I suppose it depends mostly on what you intend to do.
FWIW, Wine makes you potentially vulnerable to malware that targets M$ otherwise. As such, I prefer sandboxed solutions. This used to be Bottles for me. However, currently, I don’t have any need for it; I play my games through the Heroic flatpak and don’t need Wine outside of that.