Full disk encryption is non standard and a PITA without a secure boot chain where the disk can be unlocked by the OS itself. If you have fun tinkering with your OS go nuts, but I want something that works every time even if install it for my mom. The current distro offerings aren’t that.

No. You can edit the Kernel command line directly from GRUB before booting into anything else. That is the default behavior (with Debian).

Yes, it is more aimed towards “casual” users that want something that just works. But auto-updating policy is not really the point of the blog. Every distro is deciding that by themselves and will always be able to.

The default GRUB setup basically provides no security, even with UEFI secure boot enabled. On my default Debian install I can just edit the Kernel command line and get root without any password required. But beyond that, check out design goal 2 in this article https://0pointer.net/blog/fitting-everything-together.html

Depends firstly what you are building. For a Node backend, it of course matters a lot. For a JS frontend you always only ship a fraction of the dependency code, so the meme doesn’t really apply. Modern JS frameworks are alright as long as you know what you are doing 🙂

Frankly, the only respectable way to do it!