I wanted to write the same thing. have the notes app do the notes thing and handle encryption elsewhere.
as to apps, I suggest QOwnNotes. it’s markdown, highly configurable so you can make it minimalistic AF, stores notes in invidual files and folders. it also has a bunch functionality like syncing to nexctcolud and such, but I’d advise against it, just use it as a notes editor. you don’t have to selfhost anything, make it use the e.g. Documents/Notes folder and you can use syncthing to securely replicate it to other devices.
I’m trying to utilize a couple of core 2 duo macbooks for the same purpose and it’s not going great. I have twice the cores and RAM but they’re stuck at 800 MHz, because of no batteries.
anyhow, very slow and issues with a lot of codecs I throw at them. try mpv without a DE/WM.
goddamn that’s a first! do those even have hard drives? what is the virus infecting, i.e. how does it gain persistence?
if they run hardware that’s not cutting edge, by all means, that’s the best solution as a first distro.
ubuntu is important as a stepping stone. myself and everyone I know that’s on Fedora et al started with Ubuntu. we learned what’s what and how to go about doing things and after hitting the ceiling one too many times, we tried other stuff, found better havens and finally abandoned it forever.
so I’d caution against any action aimed at hurting it. leave it be and know that it’s still the most user-friendly solution out there and the one that’s most likely to “just work” for most people. it’ll convert people over, whether from Windows or MacOS. once they’ve crossed over, they’re more likely to wander further.
a combination; some have swap as a btrfs subvolume, some as a swapfile in root and those are encrypted, when the system boots it requests the encryption passphrase, regardless if it coldboots or restores. restores from swap are way faster than coldboot plus all your stuff is how you left it.
on some systems I have a separate swap partition outside of luks2/btrfs and that one’s unencrypted. when it restores from there, it doesn’t request the passphrase and the boot is even faster. that’s obviously less secure but my threat model is a lost/stolen laptop, I seriously doubt someone’s gonna forensic the shit out of my swap, it’s more likeky it’s gonna get wiped and sold.
to fully utilise this tech, it’s essential to set up suspend-then-hibernate, another awesome feature that’s way too cumbersome to set up. the laptop suspends for like 60 minutes and if it’s not woken up, it hibernates to disk.
I’ve made it work on arch, debian and fedora, on a T420s, T480s, T14 AMD, MBPr 2012, each on luks2 + btrfs with systemd-boot, and it works flawlessly on all of them. the setup is super-involved and cumbersome though but it’s easily accomplished once you get the hang of it.
the links posted here along with the arch wiki is what I used. it helps if it’s not your primary and only device, so you have time to retry until you get it right.
I don’t think any Thinkpads have AMI firmware, which is the source of this fuckup.
that’s radically different. although the serviceability is still nonexistent, that’s a very useable machine. just be prepared to toss the thing if anything breaks.
for me, that would be a deal breaker but I understand the itch to try it out. just make sure it’s not icloud locked.
the whole apple-bad thing aside, you’re getting a non-expandable 8 GB laptop, of which a significant portion goes to graphics. that’s pretty low today, and it’s gonna be worse down the road. speaking of graphics, although Asahi has basic functionality, the driver isn’t 100% yet.
I hope you don’t plan on torrenting a buncha stuff, as the SSD is small and non-replaceable and after years of use has an insane TBW number.
the battery longevity is a solid argument but you are buying a 4 year old battery that will show signs of aging.
I am all for repurpose/reuse/recycle, but unless you get it for free, or close to it, this thing s a bad idea. get a similarly aged business-class laptop (thinkpad, yoga, latitude, elitebook, etc.) that you can cram full of RAM and storage and replace practically every component if it fails.
CZ and dd and other “it’s 1998” tools copy the entire disk. like, you clone a 500 GB SSD with 50 GB used to another disk, guess how much data gets copied? correctomundo, the entire 500 gigs. that’s not super-healthy for the new drive and it recreates the same volume UUIDs on the target disk as the source drive, so you’re left with a mess if you keep both drives in a system.
you have a modern tool at your disposal, the mentioned btrfs send subvol | btrfs receive subvol
that copies only what’s used. GRUB (you can use this opportunity to switch to systemd-boot) won’t pick up shit, you need to install it to the new drive (and remove it from the old one).
eons ago, macOS had the SuperDuper! tool, a free utility that clones the entire disk, resizing the partition in the process and copies only the data and it does that from within the OS, no booting off USB installers and such. sad to say, nothing close exists over here, you’ll just have to get good at doing things manually.
look up btrfs send and receive. you’ll be copying data from the old disk to the new. prior to that you create the same layout on the new disk (efi, boot, btrfs with LUKS, subvolumes root and home). sadly, there aren’t any readymade solutions that do this for you. big time NO on clonezilla and friends.
Vista. Tried to make Ubuntu work for a while but that was a shit show back then… Moved over to OS X and I was home - a beautiful UNIX where everything just worked. Stayed there for close to a decade (Lion-Mavericks-El Capitan-High Sierra-Mojave), mostly on non-Apple hardware.
Sadly, the iOS-ization ramped up so I had to rip tons of iCloud related stuff everytime I did a fresh install and then Catalina killed off 32-bit apps and brought other irritants, so I tried Fedora 35 and escaped with close to no issues.
And here I am, on Fedora 40 five years later.
first off, if you plan to scan the storage for bad “sectors”, that’s gonna take eons if the disk is of any considerable size. what’s more likely is you running the SMART self-test and that will work over any medium.
the cables absolutely can and do cause corruption, whether it’s plain SATA-SATA cables or the USB-SATA with their own controller on it; however, if you don’t have reason to suspect this particular cable/adapter is faulty, it’s not a worry vector per se.
wish they would say what the “old intel CPU” refers to and which ate the modern ones that don’t need the hack.
I have no idea what this challenge is (I automatically assume it’s some cringe when I read “challenge” also that pic is… what?), but you don’t run Mint/Debian/Ubuntu if you have super-fresh hardware, like AMD 7000-series or Intel 14th gen and so on. in that case you have to go with Fedora or one of its derivatives (Nobara, Bazzite, etc.), because they have the newest kernels that allow this hardware to run OOB.
if you have a bit older hardware (like 2-3 years old), Mint or Debian is your best bet; Ubuntu if you have to, and only as a stepping stone. it’s a solid base and if you use flatpak for everything (Firefox, Chrome, Lutris, Steam, etc.) you won’t have issues with old packages and you’ll get the best of both worlds - stability and supported hardware.
weeell you kinda misrepresented the stated point, creating what’s commonly referred to as a strawman.
the subject isn’t a random sandwich that might or might not have contaminates in it; the subject is a shit sandwich. therefore it’s pointless to argue exactly how much shit is in a shit sandwich, as its essence and genesis preclude it from being considered nourishment.
now there’s copious propaganda out there convincing you it isn’t that bad, lotsa people do it, memba the sandwich from decades ago you loved… but we’re in the wrong community for that.
does it matter how bad it is? does it matter how much shit is in a shit sandwich?
I’m not having it however little there is.
I mean, OK, it’s a vulnerability and there are interesting implications, but this is hardly significant in any pracitcal sense of the word.
the potential victim has to run their system without a firewall, has to print to the printer they’ve never interacted with before and then the attacker can run shit with whatever the printing system’s user id is, which shouldn’t be an issue on any reasonably modern distro.
I routinely remove cups and friends from any system I run because I have no need for printing and it bothers me to see it constantly during every system upgrade.