I always thought this would make more sense to implement client side in the media player. But its probably easier to implement this way.
Regarding the specific issues mentioned: Nvidia support is subpar on Linux. There’s many distros that are specifically designed to handle all the graphics support for gaming and Ubuntu isn’t one of them.
Little bit of lore here: When I first started using Linux Nvidia support was better than ATI because they actually bothered to maintain a proprietary Linux driver. There were open source drivers for both but they weren’t performant. The proprietary ATI driver existed but it was maintained by one dude and required a goat sacrifice to install correctly. Since then, however, maybe after AMD bought ATI, they started investing in the open source driver. After that the open source driver just works and competes with the proprietary Nvidia driver. After that I’ve been brand loyal to AMD.
LibreWolf chewing up 3.2Gb is regrettably just normal for a modern browser. Firefox and Chrome will do this too. I’d be genuinely impressed though if Vivaldi has avoided that.
How is limited wayland support security issue?
I’m mostly just lost at the concept of “provided Dotfiles”.
Also “No paid features,” but somehow premium customization options.
Free desktop experience: Dotfiles provided by us, with one-click installs and updates.
Premium desktop experience: Same as above, but with more customization options. (dotfile customizations, e.g. “bar on what side”, “what button where”, etc, not Hyprland features)
What the fuck am I reading
The standard route is to decrypt on boot. It happens after GRUB but before your display manager starts. IDK if there even is a setup that has you “decrypt on login”. Thats sounds like your display manager (sddm for KDE) is decrypting system which is not possible IMO.
Unless your laptop somehow has multiple drives you’ll want to use the “LVM on LUKS” configuration. 1 small partition for /boot. The rest gets LUKS encrypted, and an LVM group is put on the LUKS container. Or you could replace LVM with btrfs.
This will require wiping your system and reinstalling so you have some reading to do.
The arch-install script in the live iso has options for full disk encryption.
If you suspend to RAM your system will stay unencrypted, because your ram is not encrypted. if you suspend to disk (aka hibernate) your system will be encrypted. You go through the boot loader when waking from hibernation but it just drops you off where you left off.
You need a swapfile for hibernation so make sure its inside the LUKS container.
Really should audit the implementation of that feature. So when you first log in it automatically sends you’re credentials to every connected server?