I agree that cybersecurity features should be included. In fact I think they should be included for free. The problem is that Microsoft wanted to charge the Department of Defense and it sounds like they used politics to make sure they could, and if true then they (and maybe also the DoD?) may have violated some federal laws around government procurement and “gifts” from contractors to the government.

this here is the real issue.

The update was meant to fix a situation where an attacker would somehow get grub onto a machine that was SINGLE booting windows and use grub to tamper with secureboot. this fix was meant to only apply in single boot situations where it should be entirely unexpected to see grub. as they said, something went seriously wrong.

Docker takes a lot of the management work out of the equation as many of the containers automatically update. Manual updates are as simple as recreating a container with a new image instead of your local one. I would like to add try running Portainer (a graphical management interface for Docker). Breaking out the various options into a GUI helped me learn the ins and outs of Docker better, plus if you end up expanding to multiple docker hosts you can manage them all from one console. I have a desktop, a laptop, and a RPi 4b all running various dockers and having a single pane for management is such a convenience.