Starfish
Debian Stable as base OS, then activate unstable repos in a sandbox/container. Maybe even Distrobox for newer Apps.
How about miniPaint? Its mostly in JS.
https://github.com/viliusle/miniPaint
Maybe Piwigo: https://github.com/Piwigo/Piwigo
Not Fedora, but MX Linux and Antix are good for persistent installation on usb-sticks. See here: https://antixlinux.com/the-most-extensive-live-usb-on-the-planet/
Some people use carbon foil for cars to customize their thinkpads.
see here: https://thinkwiki.de/Geh%C3%A4useteile_mit_Schutzfolie_versehen
A german magazine just made a video on that topic. You can activate english subtitles.
https://www.youtube.com/watch?v=hBSEHpU-pyI
They tested a bunch of smart tvs and tv-sticks and their network activites.
They say that roku devices were the most privacy friendly tv-sticks.
And if you dont care about warranty voiding, open the tv and tape the things you dont want. Mic, cam, etc. Its probably the cheapest option
His stance on desktop security may be very hard. But his views are not far off from that of other known security researchers like Micay (Copperhead/GrapheneOS), Rutkowska (QubesOS), Matthew Garrett (Red Hat, Canonical), Solar Designer (Openwall) and others. They heavily criticize Linux and *BSDs to make us aware of all its shortcomings.
Systemd is hated by hobbyists mainly because it invalidates a lot of their hacked together wisdom …
Maybe these people dont hate systemd but want choices for a more minimal/barebones OS. Not to gatekeep Linux but to install a more energy-efficient, lightweight Linux OS for themselves like many Alpine, Debian and Arch users do. They believe in the KISS principle. The concept that less complexity equals better security (“less is more”).
not sure about the other ones, but “madaidan” (Kicksecure/Linux Hardening Guide) and Daniel Micay (Copperhead/GrapheneOS) are well known security researchers. See Daniel Micays take on Systemd:
https://old.reddit.com/r/GrapheneOS/comments/bddq5u/os_security_ios_vs_grapheneos_vs_stock_android/ekzo6c0/
https://forums.whonix.org/t/fixing-the-desktop-linux-security-model/9172/2
Suckless.org’s take on systemd is pretty well researched. All sources inside.
Some other critics are Ted Tso, Torvalds, Volkerding (Slackware), … See https://en.wikipedia.org/wiki/Systemd#Reception
https://www.zdnet.com/article/linus-torvalds-and-others-on-linuxs-systemd/
There are some security, privacy and stability advantages of other init systems over systemd. But for most people systemd should be fine.
See here for further info:
https://madaidans-insecurities.github.io/guides/linux-hardening.html#choosing-the-right-distro
https://forums.whonix.org/t/fixing-the-desktop-linux-security-model/9172/2
https://www.unixsheikh.com/articles/systemd-isnt-safe-to-run-anywhere.html
https://unixsheikh.com/articles/the-real-motivation-behind-systemd.html
https://suckless.org/sucks/systemd/
https://without-systemd.org/wiki/index_php/Arguments_against_systemd/
https://nosystemd.org/
Also getting encrypted dns to work with systemd is pretty tough and unreliable in my experience (with debian and opensuse). See here https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
Looks like there are some security, privacy and stability advantages. But for most people systemd should be fine.
See here for further info:
https://madaidans-insecurities.github.io/guides/linux-hardening.html#choosing-the-right-distro
https://forums.whonix.org/t/fixing-the-desktop-linux-security-model/9172/2
https://www.unixsheikh.com/articles/systemd-isnt-safe-to-run-anywhere.html
https://unixsheikh.com/articles/the-real-motivation-behind-systemd.html
https://suckless.org/sucks/systemd/
https://without-systemd.org/wiki/index_php/Arguments_against_systemd/
https://nosystemd.org/
Edit: also getting dnscrypt to work with systemd is pretty tough and unreliable in my experience (debian and opensuse). See here https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
This could be a problem if you are planning to use encrypted dns.
The closest thing to clean install is Ameliorated AME or Atlas OS. Check that out if you really need windows.