If you want to talk about breakage we can, as long as you understand that’s not what people mean when they say stable. About breakages Arch doesn’t break that often, or at all, I can’t recall a single time my system broke for an update or for something that was not entirely my fault.

No, you’re still not understanding, say libX current version is 1.2.3 and we have two distros A (a stable distro) and B (an unstable distro). libX now releases 2.0.0, A remains on 1.2.3 B moves to 2.0.0. libX now releases 1.2.4 which despite being just a patch breaks everything. A update and breaks, B does not.

Stable just means stable API, it says nothing about system breakage. System breakage can happen regardless of stable API, and it’s up to distro managers to not release a package that breaks their diatro, and the Arch ones are excellent at their job. An update breaking Arch is as likely to happen as on Ubuntu, but an upgrade on Arch can break other stuff which on Ubuntu can only happen when doing a version upgrade.

Again, stable doesn’t mean what you think it means. An unstable system is not one that breaks, but one that doesn’t keep a stable base. For example, Debian will not update a major version of almost anything, since that could potentially break dependencies, so it is stable even if it released patches as fast as Arch. On the other hand Arch is unstable, even if upgrading your system never broke anything because it can at any point change the version of any library you have installed.

it’s a good beginner distro because getting thrown into deep water is how one learns to swim.

It’s exactly like getting thrown into the deep end, if you don’t know how to swim you’ll drown. No one learns to swim by getting thrown to the deep end, and you’re more likely to have a bad experience and be discouraged from trying it again.

every one of the Linux users that wants to be elitist about their distro runs arch based on how hard it is.

Which always makes me laugh because I use Arch mainly because I’m a lazy ass and want something easy to maintain.

Counter-counterpoint: Newcomers have enough things to learn and worry about without having to worry about unfucking a broken Arch installation.

Unfortunately it’s not, on Reddit and now on Lemmy I see lots of people recommending it, they think the installer is the problem so they recommend something that has a GUI installer but is Arch afterwards, without realizing that creates more problem than it solves. And when pressed they even say stuff like “I started with Arch and was fine”.

He’s exaggerating, Arch has never broken the system with an update, but it has broken some components in the past. Most of the time you just rollback the package for a couple of days and you’re fine to update again, but you can’t expect a newbie in Linux to know that. For someone who’s already having to adapt and learn a lot of stuff just to get their daily use adding instability to the system is a recipe for disaster.

Normal enough procedure for you and me, not for someone who’s learning Linux and has no idea what any of that means and needs proton VPN for work.

This is what people need to get through their heads, you’re an expert in the field, this comic applies https://xkcd.com/2501/

You’re focusing too much on the installation process, if installing Arch was the whole of the problem things like Endeavor would be a good recommendation for newbies, but they’re not. Arch has one giant flaw when it comes to being beginner friendly, and it’s part of what makes it desirable for lots of us, and that is the bleeding edge rolling release model. As a newcomer you probably want something that works and is stable. Arch is not, and will never be, that, because the core philosophy is to be bleeding edge rolling release. If you’re a newcomer who WANTS to have that and doesn’t mind the learning curve then go ahead, but Linux has enough of a learning curve already, so it’s better to get people started with something they can rely on and afterwards they can move to other stuff that might have different advantages/disadvantages.

We’re talking about the general case here, I’ve recommend Arch to a newcomer in the past, he was very keen on learning and was happy with reading wikis to get there stuff sorted, but realistically most people who’re learning a whole new OS don’t want to ask questions and be told RTFM, and RTFM is core to the Arch philosophy.

He’s exaggerating a little bit, but he’s not entirely wrong. Arch does have bleeding edge packages, and if you haven’t ran into an issue because of that you probably haven’t been using it for long. Now, it almost never is system breaking bad, but it might be GUI breaking bad, or it might require editing configs by hand, and I’ve lost count of the amount of times I’ve seen people complain that an update broke something only to be a pacsave/pacnew file. Arch philosophy is incompatible with people who’re learning the system now and just want stuff to work. Just because it worked for you doesn’t mean it will for others.

Arch can be forked into a beginner distro, just look at SteamOS, but one of the major advantages of Arch is the AUR and to be able to use it you have to have packages in the same (or similar) enough version to Arch, and THAT is not beginner friendly. But having an Arch fork that can’t access the AUR loses most of the reason people would want to use Arch, so you end up with distros aimed at beginners that are also running bleeding edge packages which is a recipe for disaster.

Stable doesn’t mean what you think it means. Stable means not updated.

I’ll answer point by point, but the short answer is pick one and use it, if you have issues with it or want to try something different, switch, otherwise stick with it.

1. Your understanding is mostly correct. There’s the difference that each distro has a family tree which determines which package manager they use, Red hat based distros like Fedora use rpm, Debian based distros like Mint, Pop or Kubuntu use apt, etc. So it would be easier to switch from Mint to Kubuntu than from Fedora to Pop although not by much. The main difference between distros is philosophy, which honestly you shouldn’t care too much currently as long as you aim at something beginner friendly.
2. Probably not something to worry about, and if it comes to that you can just jump to another distro, trust me once you’re familiar with Linux the distro matters less and less.
3. Any of them (except for tuxedo which might be a good option but I don’t know it) would be a good option. Personally I would recommend Mint, or at least a Debian based one since 3 of the ones you suggested are Debian based it would give you more options to switch easily if needed.
4. It should, but your mileage might vary
5. Any of them should be good for that, KDE/Plasma is a bit similar to Windows while also being very eye candy, so it’s a good choice. Also it’s the one used on the Steam Deck so you might be somewhat familiar with it already.

Extra: Nvidia should be fine as long as you use the official proprietary drivers (named nvidia, NOT nouveau). Photoshop doesn’t work on Linux, so you might need to jump through hoops there, if it’s not a hard requirement I suggest looking at Gimp for photo manipulation or Krista for drawing, good luck either way since it’s uphill battle either way, one against Adobe anti-piracy measures and the other against an unfamiliar software.

But then it’s not Ctrl+y, so we both agree that Ctrl+y is not redo. For you it’s U to undo and Ctrl+r for redo, for me it is all C+_ with a history of modifications. But in all truth I’m a heathen as well since I’ve partially converted to vi for most small text edition because of pinky strain, I was just referencing terminal shortcuts which are based on GNU standard, so Ctrl+y is paste in most terminals.

Ctrl+y is not redo, Ctrl+y is for Yank, i.e. paste. Undo is not Ctrl+z either, that’s appealing to proprietary companies, Undo is Ctrl+_

Standardization of shortcuts is a good thing, you yourself recognize that with your pro Ctrl+z for undo. Redo as Ctrl+Shift+z makes sense and is the standard in many, many places, not just proprietary software.

I don’t want any proprietary drivers (so I am talking about Nouveau or any other FOSS Nvidia driver if it exists)

In that case AMD, no doubt about it.

If you were considering proprietary drivers it would still be AMD but there would be some discussion about it.

First of all let me make this absolutely clear, docker is not expected to be secure to that level. While they try to make it hard for someone to escape a container, it’s not their main concern so expect that there are vulnerabilities that would allow an attacker to escape.

Now the second thing, the Overseer login screen might be secure enough for your case, the problem is that login is hard to do right, and Overseer are doing several other stuff as well, so they might not give it enough emphasis, and even if they do, maybe Immich devs don’t, or any one of the dozens of other services, so there are dozen of possible points of failure. Things like Authelia or Google OAuth are focused on authentication, so they do that absolutely right, and then they become the only point of failure for authentication.

To be fair, if you keep things updated it’s unlikely not having auth would be a problem. Mostly because most hackers won’t even know of your server to begin with. And most systems are secure enough for most casual hacks. But it’s an investment worth the time if you plan on making something available to the internet.

O have a very similar setup but have a couple of questions if you don’t mind me asking, what did you used for OAuth? and where is it running? I tried athelia on the VPS but had some problems I can’t remember now and decided it wasn’t worth the time at the time, but probably should set it up.

I’ll try to ELI5, if there’s something you don’t understand ask me.

Op has a home server where he’s running immich, that’s only accessible when he’s at home via the IP, so something like http://192.168.0.3:3000/, so he installed Tailscale on that server. Tailscale is a VPN (Virtual Private Network) that allows you to connect to your stuff remotely, it’s a nice way to do it because it is P2P (peer-to-peer) which means that in theory only he can access that network, whereas if he were using one of the many VPNs people use for other reasons, other people on the same VPN could access his server.

Ok, so now he can access his immich instance away from home, all he has to do is connect to the VPN on his phone or laptop and he’ll be able to access it with something like http://my_server:3000 since Tailscale adds a DNS (Domain Name System) which resolves the hostnames to whatever IP they have on the Tailscale network.

But if you want to give your family access it’s hard to explain to them that they need to connect to this VPN, so he rented a VPS (Virtual Private Server) on some company like DigitalOcean or Vultr and connected that machine to the Tailscale network. He probably also got a domain name from somewhere like namecheap, and pointed that domain name to his VPS. Só now he can access his VPS by using ssh user@myserver.com. Now all he needs to do is have something on the VPS which redirects everything that comes to a certain address into the Tailscale machine, Caddy is a nice way to do this, but the more traditional approach is ngnix, so if he puts Caddy on that VPS a config like this:

immich.myserver.com {
    handle {
        reverse_proxy my_server.tailscale.network.name:3000
    }
}

Then any requests that come to https://immich.myserver.com/ will get redirected to the home server via Tailscale.

It is a really nice setup, plus OP also added authentication and some other stuff to make it a bit more secure against attacks directly on immich.