You’re a good man.

So…

What’s your spaghetti policy here?

Typical first world citizen.

Everyone: let’s standardize all the plugs so that we don’t keep hoarding cables!

Apple: heh, plebs…

Lemme guess, they’re gonna launch a private Mastodon server.

Got 403 Forbidden

Mint: consistency, versatility, having all the Ubuntu’s benefits (being industry standard, somewhat) without the drawbacks (Canonical’s opinionated bullshit like snap)

Debian: stability, predictability, leanness

Gentoo: customizability down to compile-time level

Of course they are!

That narrows it down a lot. To be honest, I’m not familiar with that. However, with that specific of a topic, it shouldn’t be that hard to look up for articles to follow and come up with a course of action.

The reason why OSes aren’t ‘hardened’ by default is because it would be a real pain for users trying to set things up or use it for daily operation. If you take it to an extreme, they wouldn’t be able to access anything they want. If you’re a sysadmin, you’d be faced with your whole office pissed off because they wouldn’t be able to do their work.

Last but not least, what does ‘hardened’ mean anyway? You can have something as ‘hardened’ as an airgapped workstation in a faraday cage with an off-grid power supply. Are you running away from a government agency? I wouldn’t think so. So a firewall blocking unused ports and mindful practice should suffice.

Oh hell no!

What does that even mean? What kind of exploitation are you talking about?

Every use case comes with its own risk, and every risk needs to be handled differently. People jokingly said that if you wanna be sure, don’t connect your computer to the network at all; and if you wanna be surer, don’t use a computer. While that was a joke, there’s truth in that.

If you’re just going to use it as a workstation, then firewall to make sure some randos don’t ping you should suffice. If you’re sharing this workstation with your tech illiterate mates, then perhaps something to prevent executing random stuff like SELinux or AppArmor would do. If executing random stuff is just what you do, then set up VMs or some other ways to isolate that execution environment.

If you’re sharing files directly from your computer to the internet (e.g. with SMB or NFS), then you’d need to make sure only the right people have the access, and the auth can’t be brute-forced (i.e. with rate-limiting and lock-out policy). Same goes if you allow remote login (i.e. thru SSH). Some people use custom port number to obscure their stuff, and you can do it too, but do keep in mind it could make your life (or your mates’ lives) harder.

If you’re running other outward facing services like SQL database or HTTP, that would require different ways to address. If you’re on such level, you’d want do some serious readings.

What do you want to achieve exactly?

Different requirement can lead to different approach.

Honestly, I picked it because I was lazy. It’s such a low maintainance machine. As for the codec, the flatpak version of VLC does it.

I got openSUSE Leap. It’s stable and reliable. My complaint is that I needed to go thru all the hoops to get all the media codecs I need to play what I want.

People seem to be unaware that python has bindings for lower-level languages like C. In fact, people have been heavily using resource intensive libraries implemented in C (e.g. numpy, scipy, pandas, uwsgi).

Also, Python interpreter performance has come a long way.

This is my two cents as someone in the industry.

Because, while you don’t want to nitpick on each instruction cycle, sometimes the code runs millions of times and each microsecond adds up.

Keep in mind that people use this kind of things for work, serving real world customers who are doing their work.

Yes, the language itself is not optimal even by design, but its easy to work with, so they are making it worth a while. There’s no shortage of people who can work with it. It is easy to develop and maintain stuff with it, cutting development cost. Yes, we’re talking real businesses with real resource constraints.

How about if we split you instead!

Because you are born into this world.

I’ve said this many times, and will continue saying this again and again:

When in doubt: Linux Mint will provide everything you’ll need. You can distrohop once you understand the basics, customizations and optimizations can come later.

Gulp that thing and you’ll shit it right out!