boredsquirrel

boredsquirrel, 15 hours ago

Use their forum…

universal-blue.discourse.group

boredsquirrel, 1 hour ago

Their forum is okay

boredsquirrel, 1 day ago

btrbk

boredsquirrel, 1 day ago

Crazy, how our “free world” is centralized

boredsquirrel, 3 days ago

Thanks. Maybe ask ublue people to implement the amd settings in ujust?

boredsquirrel, 4 days ago

Dont. uBlue also switched away from it.

My question is, how do I remove it again?

boredsquirrel, 4 days ago

Homebrew for CLI. Distrobox needs to be used with Arch, at least the Fedora boxes are literally not possible to system upgrade.

boredsquirrel, 4 days ago

/nix doesnt work on Fedora Atomic, thats the thing. So it has to be somewhere else.

I still have dozens of strange Nix users left

boredsquirrel, 4 days ago

disabling SELinux

I hope this is not a serious suggestion?

This needs correct SELinux labels, and not just disabling it.

Dan Walsh is very sad.

boredsquirrel, 4 days ago

Dont know how they solve it, but /nix is not possible.

Maybe in /var/nix and symlinked or mounted to /nix

boredsquirrel, 4 days ago

I would love Slowroll or Leap, the tested packages of OpenSUSE using rpm-ostree. OpenSUSEs “immutable” model is worthless. It is not better than what Tumbleweed does with BTRFS snapshots

boredsquirrel, 4 days ago

Lemmy is not suited for discussions that should not be on the internet forever.

boredsquirrel, 5 days ago

TLDR: Easy installation of something like Termux, GUI, Kwin and KDE, and a graphical display.

This is really good!

boredsquirrel, 5 days ago

A better alternative would be spice, but just a guess

boredsquirrel, 5 days ago

Btw here is their Feed

blogs.gnome.org/a11y/feed/

boredsquirrel, 5 days ago

Btw, here is their RSS Feed

blogs.gnome.org/a11y/feed/

boredsquirrel, 6 days ago

Its faster and more minimal.

For desktop use poorly it doesnt have the ability to use custom home dirs so dotfiles will conflict

boredsquirrel, 6 days ago

Well doesnt work on Silverblue but

<span style="color:#323232;">flatpak list --app
</span>

If you have configured Flatpaks, you may want to copy the ~/.var/app/ directories.

boredsquirrel, 6 days ago

Well that doesnt work for RPM distros, but just for dnf distros XD

boredsquirrel, 6 days ago

No not everything is installed in a Distrobox.

• the core system contains base stuff
• you can layer needed apps that need to be on the base system
• GUI apps are preferred as Flatpaks
• some random stuff may be in a Toolbox or Distrobox
• you can use pip, cargo and others on the base OS to install binaries there.

boredsquirrel, 6 days ago

Export the wanted ~/.var/app/ folder to keep flatpak data

boredsquirrel, 6 days ago

T/2 SDE!

It supports everything

boredsquirrel, 7 days ago

No idea but uBlue Aurora may be cool, try to rebase to it and see if you like it. It has a key input remapper included, and maybe a few more like sonaar for LG stuff

boredsquirrel, 7 days ago

I tried it and switched back because they remove Firefox and the terminal is annoying haha

boredsquirrel, 7 days ago

I mean of course it is strange to not have that feature.

But guys please dont install apps from random .deb files! It is extremely insecure, may never be updated and is just bad

boredsquirrel, 7 days ago

If the hash and the binary come from the same download location, how does this improve anything?

Also always nice is when there is a PGP signature but the key cannot be found anywhere.

boredsquirrel, 7 days ago

You are on Plasma 6 and seemingly all SDDM themes are currently broken.

Use the default theme and try to find ones that work.

boredsquirrel, 7 days ago

Debian has XFCE so yes.

But the “Linux mint” part really just is their preset configs.

Just install Debian with XFCE if you want

boredsquirrel, 8 days ago

Try GIMP, XNViewMP, GwenView and see if some program works?

boredsquirrel, 8 days ago

False information. Flatpaks integrate normally and are downloaded normally

boredsquirrel, 7 days ago

Yes the wallpaper stuff could be problematic.

But desktop integration works without issues. App stores also use flatpak install directly instead of packagekit, at least on cross-distro desktops like KDE and GNOME. Which works way better.

Regarding “they dont work well for system related stuff”, on Unix stuff everything is a file, and especially dedicated apps like a wallpaper switcher can have very specific static filesystem permissions, allowing them to do exactly what they need.

Appimages are totally different, a flawed concept by design and have no installer by default so they often have no integration at all. They are also not sandboxed at all and thus just as unrestricted as system apps, while they have no repo, no updating mechanism, no shared libs and are basically a security nightmare.

I dont know about snaps. Their sandboxing needs Apparmor so it is not cross platform.

boredsquirrel, 8 days ago

Bottles or Lutris, and dont forget ProtonPlus or ProtonUpQt

boredsquirrel, 8 days ago

HDMI should work out of the box.

GPU info needed

boredsquirrel, 8 days ago

If this is firefox specific, in about:config set the value of something portal to 1.

boredsquirrel, 9 days ago

Have a look at /etc/sddm.conf

boredsquirrel, 8 days ago

Do you have a /etc/sddm.conf.d/ then? You need to have an SDDM config XD

But for sure may ne that you cant set it there.

Fedora uses SDDM on Plasma 6 with Wayland now, not sure if EndeavorOS does too. So no xrandr

boredsquirrel, 8 days ago

I dont know, why do you want that?

I would of course say try Fedora Kinoite and give rock solidly packaged but modern software a try. KDE is also really cool.

boredsquirrel, 7 days ago

Cool video, but sometimes… people should wait a bit before giving advice.

Really cool experience report, but advising stuff like hunting for .deb’s on the Internet is just not good.

boredsquirrel, 8 days ago

I have not checked this, but as far as I know

• performance: apps are running on a subset of XOrg and xWayland translates it to Wayland
• RAM: if you have no XWayland apps anymore you save RAM
• features: some apps may have more features on XOrg, some may have more on Wayland. OBS on XWayland can record keystrokes, QGis on XWayland has not broken dockable toolbars.

boredsquirrel, 8 days ago

Strong words here.

I couldnt find what is the correct definition of “reimplementation” but we can assume it either means “taking the binaries and bundling them in a different bundle” or “writing different code to do the same thing”.

The whole point of a sandbox

What sandbox? Not the Android app sandbox, as microG (when I used it) needed to be installed as system app i.e. flashed to the system partition.

microG may isolate the binaries or whatever code it runs in some way, but not via the Android App sandbox.

Now GrapheneOS uses a privileged app that channels the calls of the unprivileged to the OS. This is also possible for microG, so it can run unprivileged too. DivestOS does that.

---

The concept of signature spoofing and more is poorly pretty flawed.

I would really like if a fully open source rewrite of the core services could just work, but these apps are written for Google, contain the official proprietary code anyways, and signature spoofing only works if you dont use many hardware security features.

GrapheneOS can be extremely secure when degoogled, but it cannot securely fake to be a Google Android. And neither can microG Android.

You would need to change the apps to do that.

boredsquirrel, 8 days ago

Haha yeah for sure I underestimated this community

boredsquirrel, 8 days ago

Yes this is crazy

boredsquirrel, 8 days ago

Its encrypted on the server and decrypted in your browser. Not useful for this survey though

boredsquirrel, 8 days ago

Yay my answer was deleted…

before the developer touches it doesn’t matter

It matters as the security rating is based on that, apps like KDE Systemsettings or Flatseal show that etc.

I agree that asking for permissions is better.

Placing an override in ~/.local/share/flatpak/overrides/global would be an easy workaround.

Desktops could implement dialogs that use the currently preset permissions.

Having a sandbox that is optional for the developer rather goes against the point of a sandbox, don’t you think?

No, these are defined, enumerated holes in a sandbox. Without a sandbox you need to monitor the behaviour yourself or other things.

This is the only good working GUI sandbox I know.

half of the apps on Flathub right now just wouldn’t work because they don’t support the filesystem portal.

Important point here:

• the portal should allow static permissions too
• apps that dont support portals would also not support asking for permissions, natively. A workaround could be done, using dbus, and asking for everything when the app is launched first time, BUT
• Linux has a tiny marketshare
• flatpaks are not the only ones
• people dont care about security that much (look at my survey, I will post an evaluation soon)
• permissions on Linux are more complex than on the actively restricted Android. External media, devices, filesystems etc

HTTPS-only mode (which I think should be the default)

I should open a bug about this. It cant be that this is not default, it works well and I agree on the style of implementation.

But this would also need apps to have that mechanism. A Libreoffice will just say “file doesnt exist” currently.

let them focus on the really important packages

Thats why I like Fedora Atomic. The core is as small as possible, the apps are just base stuff or upstream stuff like the Desktop. Everything else is a Flatpak.

It is so much more secure.

RHEL / CentOS has different repos for core and extras. More distros will do that

boredsquirrel, 8 days ago

What we have now is good, but I think it could be better.

I maintain a list of recommended Flatpak apps.

I had a damn Librewolf crash some time ago, the RPM is broken, switched back to Firefox… so I lost about 3 hours of overhaul of that list as it is currently very messy.

But if it is fixed, feel free to submit apps to be included, to have a “goodness enumerating” list of apps, rather than a huge mess of random apps.

Lack of H.264 decoding by default

They dont include that? I thought they would…

I use Fedora kinoite-main from uBlue which is very close to upstream but fixes many issues for me.

UBlue focussing on their very opinionated variants is a bit annoying, because it is now pretty hard to find a guide how to install kinoite-main. I just have a bookmark of their archived website.

Give it 5 more years

If this is actually an issue I would like to tackle that. I am currently doing a Change Proposal to make the default rpm-ostree permissions reasonably secure.

So this is an issue with reproducability? I dont think so? Cisco builds the binaries for Fedora and it gets installed. The packages are not from their repos, but the typical sync issues would not occur on Atomic.

but not hardware decoding currently, which is a big one

Yeah for sure, I think for Intel and AMD too, hardware h264 for example. AV1 in OBS will be awesome though.

But thats why I use uBlues base images, it is Fedora and I say I use Fedora and participate in their community, but their base images have a ton of stuff I dont agree with (toolbox, missing random packages, too simplistic installer…)

boredsquirrel, 7 days ago

You keep popping up wherever I go these days.

Funny, I use that name not so long. Currently hyperfocused on Fedora Discuss, Lemmy and Github.

Although I should really change my stuff to some Forgejo instance and just mirror to Github.

I thought a lot about tech resiliance in the last days, I am from germany and the people here are stupid. They literally elect people that will make a neofascist surveillance hell reality.

I wonder how Tor, Tails and others handle their code stuff. Apart from selfhosting their services of course. Like resiliance, I think decentralized code repos are crucial.

I really like how uBlue just used the official Fedora OCI images (that they produce but dont even use) and used all the container tooling to create this awesome project.

But relying on Github is insane, it is owned by Microsoft and they dont give a damn about freedom. It is pretty scary, 90% of my Android apps are also on Github.

I want to build my own variant, KDE and minimal only, maybe GNOME if contributors join. But no more, all the freedom is great but it is huge maintenance.

H.264 is patent-encumbered so they can’t

I thought Ciscos trick could fix that? They are a huge company, pay the max amount of money already and can just share the software with their license to anyone.

inside the Fedora Flatpak

Not sure if that is the best way. Flatpak has runtime extensions, and rpmfusion could build one for the entire ffmpeg and more. This could just be added from an external repo and installed along.

Or they include openh264 in their runtime.

Fedora Flatpaks got quite a boost recently and even have some KDE apps not on Flathub.

the only way to trust it’s built from the same sources is to reproduce the build.

Well… rpmfusion could do that? And act like a “3rd party auditor” ?

doesn’t have support for High 10 Profile video which is fairly common off the web

Interestesting, never heard that. I use Celluloid Flatpak which is pretty great (I wish Haruna would get their basics together like customizable UI, working subtitles, working queue etc).

So the only reason to have ffmpeg is nice terminal stuff, Dolphin extensions or just video previews in Dolphin. Nautilus supports that via a Flatpak right? Thats cool.

we can stop talking about it. I am so sick of talking about H.264.

Fuck patents. I am happy that we now have AV1 and dont really know why VP9 is not more used? It is a pain!

Call it a personal challenge or whatever

I have a command text file with the exact command I need to reproduce my install. One for Fedora Kinoite, one for Kinoite-main.

It is just a few packages and I really only need the things I mentioned.

I also dont like Aurora or others that much, they have too much stuff added.

That’s not true if you’re using Flathub packages.

True, Flatpak is cool. Dolphin is also available as one, I need to test if it works with Flatpak ark and all that, udisks2, mounting stuff, MTP, maybe SMB.

prefer Toolbox to Distrobox

Interesting, why? I need to try it again.

Do you know btw how to upgrade a F39 distrobox to F40? Distrobox has some “assemble” function to rebuild it with a config file. But traditional dnf system-upgrade doesnt work.

It’s probably the same reason you use KDE and I use GNOME (most of the time).

Why? Curious.

No uBlue uses Anaconda too, which is a whole set of stuff. They are testing the new UI (a component of Anaconda) for workstation exclusively.

uBlue pioneered in making Anaconda work for installing OCI rpm-ostree btw

boredsquirrel, 6 days ago

Newton stack

Never heard of that, I hope accessibility on Wayland improves.

Neal Gompa mentioned that Flatpaks dont have the permission holes to allow screen readers? Thats crazy and may be possible to fix with a global override.

The idea of booting my entire operating system from a container created on Github’s infrastructure is just…it scares me.

Same here. I think it would be nice to create 2 or so base images on an individual host like Codeberg, but I am completely new to all that container stuff.

I wonder if Sourcehut does container registries…I know people praise their CI.

There are so many alternatives. I even have access to a selfhosted Gitea instance which may also be fine.

I know Tor uses Gitlab.

At the surface, yes. But I wonder about the stuff in the background, like decentralized encrypted backups, maybe not traceable or something.

Interesting, will add that blog to my Feeds :D

I’m thinking about Fedora including the build in their own repositories.

For sure it needs to, to be a usable product.

I only see it as a platform which needs to be tweaked to be usable. Currently doing a bit of work, upstreaming some secureblue things (btw the admin blocked be because they… dont like annoying questions?).

Matrix is also horrible for Dev work. People dont use threads so they just spam stuff in a single chat and it just bad…

Also, these change processes are damn slow, but hey, thats fine I guess?

it’s a crucial part of my workflow because I convert so much media.

I want to start doing some videos, no idea why OBS just has h264 hardware? I mean it doesnt matter but why no VP9? AV1 will come in 30.1 you know when that is stable?

I would just invoke the ffmpeg from some Flatpak, freedesktop.org runtime may have it. Maybe with some flatpak-spawn it could even have access everywhere?

Do you know what flatpaks (that are not VLC) have ffmpeg as a binary included?

I need to add a better app to this guide since I dont use VLC anymore.

But Nautilus works really well as a Flatpak. It even seems faster than non-Flatpak Nautilus

Interesting, I need to try full-Flatpak Kinoite in a VM. I think Flatpak Firefox is also faster, but I need to benchmark that again.

I did quite a big benchmark including Brave, Firefox Tarball (firefox and firefox-bin), Fedora Firefox, Librewolf, Torbrowser, MullvadBrowser.

Need to do that again. I also compiled FF myself for some time to use it on secureblue with hardened malloc. Funny enough, Fedora FF allows to replace the memory allocator now that I opened an issue, but it is very questionable if hardened_malloc is more secure, and if LD_PRELOAD is a secure way to do that.

Toolbox is the right way to solve the problem. It’s using a real programming language (Go) instead of bash, it supports a small set of important container images, and those container images are only provided from quay.io, Red Hat’s own infrastructure, instead of Docker Hub.

I agree on these points. Is it considerably faster? Because bash is slow as hell, I need to start learning some real language as my bash scripts start getting a pain. (Especially the Arkenfox (FF and TB) scripts need to get a big overhaul and I am still bery unhappy with them).

I use Toolbox for Signal and Steam because I don’t want to use Unverified Flatpaks.

Well I hope you use an Ubuntu container because I bet these packages are also not “verified” on Arch ;)

I use 90% verified and just have the verified subset repo around to check if an app is. If it is, I get 2 installation repos.

But these both apps are also Electron apps and supposedly containers dont restrict user namespace creation, so they are the best way to run these apps. According to uBlue devs, Firefox too.

Or Debian containers.

You could use Debian Testing which is rolling afaik.

Fedora rawhide is too unstable, OpenSUSE has some strange package issues (I use QGis and RStudio).

RStudio uses the system package manager to add dependencies, nice concept but annoying on atomic. There is this guy that just builds the entire R libraries as RPMs on COPR, he had to reduce the repos priorities because it prevented all the other projects from building their stuff.

Does Arch have Rstudio stuff? I really think they should just abandon that concept and build the libraries themselves, and install them to the app directory…

Same for QGis but that needs pip.

It really makes me feel at home on Fedora.

Ironic. But I really wonder what to use. Basically its

• Debian Testing
• OpenSUSE Tumbleweed
• Arch
• … ?

These damn package names. Or maybe dnf5 could solve this? I really like Fedora packages, they are often very good.

Also when it comes to deduplicating libraries, I dont need a separate distro in a container, I need a clone of my current system and just a few packages and their specific dependencies on top. Not sure how this could work, especially in RAM, there is a thread somewhere on Discuss.