I don't know what the commenter you replied to is talking about, but systemd has it's own firewalling and sandboxing capabilities. They probably mean that they don't use docker for deployment of services at all.
I can understand why someone would like this, but this is a lot to learn and configure, whereas podman/docker deny most capabilities and network permissions by default.
I understand the technical challenges with running x86 apps on arm... but multiple wrappers that do something similar to proton have already been released.
If you follow the r/emulationonandroid subreddit, they have gotten PC games working on android for a while now. One of the wrappers, gamehub, has made it to the playstore. You can just sign in to your steam account (don't do that gamehub is sketchy af, proprietary, and by a company that stole gpl code fro, yuzu and didn't release a derivative product), download games, and play them.
The current concern is performance, but most lower and midrange games run just fine.
Corporations really, really love being admin on everybody elses devices. See kernel level anticheat.
I feel like people have gotten zero trust (I don't need to trust anybody) confused with "I don't trust anybody".
I was listening to a podcast by packet pushers and they were like "So you meet a vendor, and they are like, 'So what do you think zero trust means? We can work with that'".
This is what zip does. It compresses files individually, and then combines them into the archive. This comes with the advantage that you don't have to extract the whole archive to view and edit files, but it comes with a very big disadvantage, which is that there is no compression across files. Redundant data in each file is not deduplicated.
Tar.gz does compress across files, which saves more space. That is to say, the reason why we don't just tar gzed files together, is because people decided that compression savings matter more than not having to extract the whole archive to view/edit files.
7z is the best of both worlds, as it compresses across files, but also lets you view and edit files without extracting the whole archive. But it's important to remember that tar.gz is ubiquitous for it's compatibility, rather than it's performance or features. Even the most smallest, stripped down utilities, or the most oldest, out of date systems, always have gz and tar, whereas even on modern desktop distros 7z may need to be explicitly installed.
Actually, modern kali is a lot more usable than the older kali. Kali used to only have a root user, so chromium and electron apps wouldn't start since they don't run as root.
Despite this, nowadays I generally recommend new people away from kali, because I believe the process of installing the tools that kali provides on other distros is a valuable learning experience.
Kali is great for the professional, but but learners I prefer they get to experience the package manager or other aspects of system management.
UWP is Microsoft's "new" app format, it's what the windows store and the xbox use.
It also isn't compatable with wine, and my pet theory is that this was the entire point of it. Combined with Windows S mode, which doesn't let you install apps other than from the windows store, the goal was to lock down the windows ecosystem by having apps that can't be made to run on linux.
I remember seeing a compatability layer for UWP apps a while ago, and I am pleased to see that it has come this far. Great work!
Edit: wait this uses a windows VM. Still good though and lets people escape the windows ecosystem.
I don't know what the commenter you replied to is talking about, but systemd has it's own firewalling and sandboxing capabilities. They probably mean that they don't use docker for deployment of services at all.
Here is a blogpost about systemd's firewall capabilities: https://www.ctrl.blog/entry/systemd-application-firewall.html
Here is a blogpost about systemd's sandboxing: https://www.redhat.com/en/blog/mastering-systemd
Here is the archwiki's docs about drop in units: https://wiki.archlinux.org/title/Systemd#Drop-in_files
I can understand why someone would like this, but this is a lot to learn and configure, whereas podman/docker deny most capabilities and network permissions by default.