The antivirus: Used to be good, decent free (in price) tool if you're in a situation where you need one. Otherwise, Windows Defender is good enough for your needs. (And just don't install goofy ahh apps on Android, you also don't need one there).
The VPN: Same as any other VPN company. Chances are you don't need one, and all of them are based fully on trust. "Least bad" VPN award goes to Mullvad.
NordVPN (and their entire service stack) is not trustworthy at all.
The extra y just forces a database update. The mechanism to detect when not to update the database is a simple timestamp compare, and shouldn't break. archlinux-keyring might need a "manual" update if an Arch Linux system is left without updates for a longer period of time. That's the only situation doing pacman -Sy, then pacman -S archlinux-keyring is recommended, and it needs to be followed with pacman -Syu to avoid a partial upgrade.
Easily set up, and easily attached to other things. Simple notifications about whatever is needed, like service health or updates, new posts on public platforms, etc. A simple curl is plenty to send and receive notifications, and it works on Android without requiring FCM (Google infrastructure).
I use mautrix/discord, it can work in both puppeting (sign into your account) mode and relay (bot account with webhooks) mode.
I use mine for a single channel in a "medium-size" server (~2k people), a friend group server, DMs, and a few channels that follow a bunch of announcement channels on other servers.
""compromised device"" in this scenario is any device with a chat app installed, push notifications on, and the chat service uses Cloudflare CDN. This is a very common setup, Discord and Signal were mentioned as examples. Many others are vulnerable for the same thing. With read receipts on the chat platform (like Signal), no push notifications are required.
The headline is sensationalist, but it isn't something to be ignored. Especially for more privacy focused platforms like Signal, even leaking the country someone is in can be considered a risk. That's effectively what this attack allows.
If you notice things are missing, feel free to contribute to OpenStreetMap. For example, by using StreetComplete. If you add the map details that are missing, it makes the map more useful for everyone.
virt-manager only requires access to the libvirtd socket, as long as the flatpak.has that as default configuration (which I imagine would be the case), there's zero difference beteween flatpak and native.
Sorry, posted that on mobile without checking that it's not the mobile link.
share/
This person does not understand open source or Android whatsoever. They talk a decent bit about "default installed apps", without properly understanding what most of them even are. They complain about some apps "being out of date" when installing CalyxOS, calling it "concerning" that they're not on the latest version out of the box, as if they couldn't update the apps themselves. The whole "review" feels more like an iPhone user trying to switch to Android for the first time, being confused because it's different, and complaining about it because they don't understand it.
The main benefits of CalyxOS lie under the hood. It's built to be more secure out of the box, and doesn't connect everywhere without consent like most other Android ROMs. If you're fine with the privacy and security of using something like LineageOS, CalyxOS doesn't have much extra to offer.