Bazzite comes ready to rock with Steam and Lutris pre-installed, HDR support, BORE CPU scheduler for smooth and responsive gameplay, and numerous community-developed tools for your gaming needs.
Stable is not equivalent to “works well”. It is randomly frozen at some point, mostly not in contact with upstream devs, so you just have outdated packages.
OpenSUSE slowroll sounds like a way better model. Or maybe CentOS stream.
It is randomly frozen as not all developers follow Ubuntus release schedule. They just release when it is ready.
Stability means backporting tons of bugfixes to tons of small packages and libraries. I dont think Ubuntu does that for enough packages, best example Plasma 5.27 on Kubuntu. I have reported over 200 bugs I guess and most of the newer ones are just fixed in Plasma 6.
Flatpak for sure is a good way, and if a distro is stable, they should only install Flatpaks.
Yes I think you mentioned the relevant points here. Ubuntu tests their preinstalled software, while there is tons more in the repos that is not as tested. Same with Mint.
And they backport only stuff they think is necessary. For example Plasma 5 is based on the EOL Qt5 and backporting things to Plasma 5 is nearly impossible as you need real Plasma devs and nobody really wants to do that.
Plasma 6 is really stable, 6.1 not so much, but the timing was not perfect. Simply because they do their release schedule as fixed as that.
It is a total pain if you simply want working software, as they may backport some stuff, but all the stuff not preinstalled, or that is very complex, will not get fixes.
This is the same with all stable distros, if the maintainers dont literally maintain all the software there is.
For those wanting to build a Wayland-only Linux desktop experience without carrying any aging X11 baggage, GNOME 47 will be able to optionally offer Wayland-only support without carrying X11/X.Org support. This Mutter merge request landed today that allows compiling Mutter with X11 support disabled. That landed today along with...
I use the ublue kinoite-main base image, not one of their very opinionated variants. It is best as a base, better than Fedoras (even though you need to trust Github 100%)
Local stuff in your home is persistent, and /etc is also persistent.
But we are working on that.
Bazzite has a ton of WINE stuff on the system, not really the “immutable small core” principle. At the same time they uninstall Firefox, while Flatpak Firefox does not support all things.
So I recommend to install Fedora Kinoite from the official website and follow the rebase guideline here at the bottom
I was wondering if anyone could tell me where the location for the icons-only task manager settings file is for plasma? I have a number of custom icons I’ve made, and it appears that the default mouseover/hover effect does not work with them. For icons I have not changed, the icon “lights up” or gets a wash over itself...
i didnt care about how i wrote my bash scripts, coz i know theyd ultimately be used just by myself. but for the past few day, i’ve been working on this project, mk-blog which uses some bash scripts, there are chances that others might look at them. besides in work they’re asking me maintain a server. so why not learn the...
I have tried Linux as a DD on and off for years but about a year ago I decided to commit to it no matter the cost. First with Mint, then Ubuntu and a few others sprinkled in briefly. Both are “mainstream” “beginner friendly” distros, right? I don’t want anything too advanced, right?...
I find it pretty problematic how Ubuntu is messed up and still used as default distro.
Fedora has issues with always being a bit early. I prefer it a lot over buggy Kubuntu, as I use KDE, but for example now 6.1 is too early and still has bugs, while Plasma 6 was really well tested (with Rawhide, Kinoite beta and Kinoite nightly being available)
Fedora has tons of variants and packages, and COPR is full of stuff. The forums are nice, Discourse is a great tool.
It uses Flatpak, but adds its legally restricted repo by default.
The traditional variants… I think apt is better. I did one dnf system upgrade to F40 and it was pretty messy.
The rpm-ostree atomic desktops are really good, but not complete. For example GRUB is simply not updated at all. This is hopefully fixed with F41.
Or the NVIDIA stuff, or nonfree codecs, which are all issues even more on atomic.
So the product is not really ready to use, while rpmfusion sync issues happen multiple times a year. This is no issue on the atomic variants, but there you need to layer many packages, which causes very slow updates.
I am also not a fan of their “GUI only” way, so you will for example never have useful common CLI tools on the atomic variants, for no reason.
It is pretty completely vanilla, which is very nice.
Yes probably agree on PopOS, even though never used it. Also their DE will need a lot of time, I hipenthey dont ship it too early. I dual boot it, actually the Fedora Atomic image.
Yes, Silverblue is the GNOME Atomic desktop but as I said it is not finished. There are many things not done.
There is a workaround for updating the bootloader, but I often use “how well does it scale” as a measurement.
Atomic should replace traditional distros, and apart from the need for improved tooling everywhere (like easily converting random files to RPMs) it has the big issue that currently GRUB is not updated.
This means the system is not possible to keep installed over many versions, without tweaks. This will hopefully be fixed with bootupd integration in F41.
This means users with secureboot get issues on newer Kernels, if they installed Atomic a few versions back.
If you mean downloading random stuff from random websites, yes.
But they dont have installers, so no verification, no moving to locations where executing is allowed (on Linux the entire home is executable which is a huge security issue) no desktop integration, no context menu, no file associations.
Just downloading anything from anywhere sets one up for failure/malware.
Reducing the size of the OS helps a ton here.
And mounting home read-only. I think Android and ChromeOS do that. I will experiment with that too, it is really interesting. You mainly need a different place to store user scripts, and appimages are broken (how sad), the rest should be fine.
Then a few more core concepts help too:
KISS (keep it stupid simple)
Unix philosophy (everything does one thing and stays transparent)
and the concept of least privilege (seccomp, MAC (mandatory access control, SELinux/Apparmor, sandboxes, jails, etc).
Flatpak helps a ton centralizing the packaging efforts. And it works. There are tons of officially supported packages. And I guess many of them will be maintained upstream.
But you still have a secure system, sandboxing, verification and packagers that keep an eye on it, kind of.
On a secure system you would need to pay a lot of people, like the typical 3-5 people that package most apps. For doing security analyses, opting-in to every new update etc.
You still have to give the exec permission to the appimage.
True, but this only prevents against stuff executing itself.
Mandatory access controls and sandboxes only protect the core system. Like installing packages with root.
You put things there privileged, so you know what you run comes from a protected area.
Running things from random directories (like ~/Applications which AppimagePool uses) destroys that.
Suddenly you rely on an executable home dir, which means any regular software (including appimages which are nearly impossible to sandbox) can write to the area where your programs are.
That concept is so broken that it needs to go.
I am against flatpak install --user for that reason, because no program should come from an unprivileged directory.
The issue especially is if it doesnt follow standards. ~/.local/bin is a standard, and with SELinux confined users you may be able to protect that directory. But random ones like ~/Applications that dont follow any standards, will not work.
Maybe no context menu depending on what you mean exactly
The “open with” and “create new” things. Actually,
Flatpaks cannot create “create new” entries too. I am currently experimenting with these, as it sucks to not be able to “create new Libreoffice writer document”. And the xdg-templates directory doesnt do anything lol, you still need desktop entries.
but the rest are fully possible and I do it on a regular basics
The concept of an installer is that the app does that on its own. That is pretty bad and the kind of Windows crap we absolutely dont want.
But on good operating systems, a privileged package manager does all that. Puts the stuff where it belongs. Flatpak for example links the desktop entry that the app itself contains in a sandboxed directory, to the export directory where the OS sees it.
And some portal or whatever deals with the “standard apps” stuff, like that Okular Flatpak will be shown to support opening PDFs.
If apps do this on their own that means a single app can mess up your entire system, also malicious.
Appimage may have tools, I only tried AppimagePool for curiosity and the experience was pretty bad and incomplete.
But the issue is that they were just thrown out there, “here devs, do the same shit you do on Windows, it is totally normal for people to double click an executable, not have any sandboxing, deal with updates on their own, dont have any cryptographic verification, …”.
And only afterwards came the managers, the daemons, which cover a part of it.
They (could) solve:
being privileged, placing apps in not user-writable directories
having access to integration locations, that apps should never touch
downloading from defined, maintained locations (instead of letting people click on random internet malware ads)
running in the background, notifying about updates
centrally managing these updates
verifying signatures before allowing updates
doing the actual update process (instead of deleting a file and placing a new one)
And they often dont even do that. There are no signatures, as devs were never told “either you add a signature, or people will not install your app”. So there is zero verification
But they dont solve the core issues that are:
devs were told they dont need to care about…
creating metadata
creating a real repository
signing their apps
using a standardized build system
transparently declaring used dependencies (i.e. using a given set of them), thus deduplicating them
declaring opt-in permissions, so users know if the app is insecure (appimages are impossible to sandbox with bubblewrap, and hard with firejail (which is a setuid binary and had security issues), dont know about nsjail, crabjail, minijail or others)
Flatpak is similar to Android. On Android you still have a package manager but the APKs are signed individually, updates just allowed if the signatures match. So you can sideload how you want, it is still secure.
And using Obtainium, which is kind of like an AppimagePool, you can get all the apps from independend developers.
But they were told they need to follow all these rules, Appimage developers can do whatever they want.
Appimages came before these tools, and the tools (forgot the name GearLever, AppimagePool is another one) came afterwards.
They are structurally better as they are external.
That verification is interesting. So it is another appimage, used to verify appimages? Are all Appimages using that, if not what percentage of the ones you know? And are tools like Gearlever enforcing or using that signature check?
Interesting, will look into this. The issue is of course that these tools are optional.
But if they work, they may fix nearly many issues. Some will remain, for example many proprietary apps dont use Github releases, while these may be especially targets of fakes.
~/Applications is no a random place, it comes from macos.
Hahaha I would call that VERY random. It is problematic that the default xdg directories are hidden.
And I just learned that you can just source scripts into bash and thus being executable or not doesnt matter. What an incredible design flaw… at least this just works with some binaries, I guess?
You mean appimagetool
No the Flatpak Appimage Pool. But a solution to easily package a bunch of files sounds really awesome. I miss that for RPMs, sddm2rpm did this kind of.
appman
Very interesting tool. So this is for appimages but also binaries?
I am a bit confused, especially as they state to prefer official releases, which for me means tarballs.
But a very good concept.
Interesting set of apps you have there. And ironically I have to agree they are small. Flatpak libraries are too huge and the deduplication doesnt work if it us not used for downloads and if there are dozens of runtimes.
A modular approach would be very much needed, instead of a damn KDE runtime that is nearly the entire desktop.
But I have some questions.
Yes that’s aisap sandbox
Thats not a sandbox, its a nice wrapper for firejail, at least what they write. I only knew some Github issue where they discussed this, and because Appimages require fuse they couldnt be sandboxed with bubblewrap.
Then they say “bubblewrap is used in Flatpak” but no comment if THEY also use it.
Firejail is the setuid binary I talked about, they likely have fixed their security issues but bubblewrap/bubblejail are probably better as they dont need setuid binaries.
If Appimages are possible to sandbox with bubblewrap, that would for sure be cool.
I also found rustysnakes crabjail, dont know the state it is in, but that is a possible candidate for replacing bubblejail.
right now its biggest limitation is that a sandboxed appimage can’t launch another sandboxed appimage.
No idea if Flatpaks can do that. But I would say the biggest issue is that the big vendors just put their appimage on some file server without any data on the sandbox.
Flatpak is way better here, where the sandbox is checked BEFORE apps are successfully submitted. And there are warnings etc.
And, of course, every app is sandboxed, not just a few.
those menus rely on desktop entries in $XDG_DATA_HOME/Applications.
Not the “create new” to my knowledge. That is in $XDG_TEMPLATES_DIR but I am currently struggling to make Flatpaks use that.
AppImage is just a format, same as a deb or rpm
Yes, so is Flatpak. But Appimages were introduced to be Windows-like. Sure there are companies that dont care and publish random rpms on their website too.
But with Appimages that is the only way as there is no real repo. AppMan is a cludge here, bundling together tons of different sources, kind of like Obtainium.
That tool is either completely finished or kind of abandoned.
Interesting, didnt know they have a signature builtin. That would also be useful.
That zsync2 thing explained in AppMan was just like delta updates. If a malicious actor has access to the old appimage and the fileserver, they can produce the correct zsync2 thing and the updates work, until signature verification is enforced.
I like to keep all the software that I need in my home, because that way I don’t depend on what my distro provides.
As I said, as long as bash script.sh works with nonexecutable stuff, noexec home is pretty worthless. Just another layer of defence.
You mean the APK itself does the signature verification or what?
No, android APKs are like Distro packages, they can be sideloaded however you want and then are forwarded to the “session installer” (on modern android), which is the “package manager” of android.
That installer saves the signature somewhere, and from then on you can only update the APK if the signature was made with the same private key.
Found out you can also not sign APKs, which happened here. I honestly dont know if more developers dont sign their APKs.
I will update my repo text to get to the current state of facts.
Hello guys! sometimes I watch movies with friends over jitsi meet, and in order to share just a single window with just its own audio I use chromium, that has the “share tab” option. However, I’d like a more general solution (I cannot play mkv files on browser, for example). I’d like a compact way that creates a virtual...
You use Jitsi meet, their free service, to watch movies???
You can use OBS to do that, it looks like a lot but it is the best tool for that. Dont know if it has some ffplay/MPV plugin to internally play videos but I think so
Not sure if this is the right place to ask or if anyone can help me, but today, I installed the ubuntu ISO & converted it to a bootable format on an 128GB SD card (All my USBs are too small) I ran the installer as normal & here’s where I think I messed up. I allocated a 27GB partition for linux but that option didnt apper on...
Note that I dont recommend Ubuntu as they got pretty shitty. They theme the desktop environment GNOME a lot, and everybody hates their Snap package system. Instead I highly recommend Fedora, which is a less opinionated distro.
I also dont recommend dual booting with Windows, as you should never update Windows again, which is a security risk. The updater often removes the Linux bootloader and you need to unbreak that.
This has an empty ffmpeg folder but no binary. Same with bottles, guiscrcpy, celluloid, newsflash, interstellar, digikam, haruna, krdc, obs studio,
But searching for “ffmpeg” I found io.github.aandrew_me.ytdn
It has the ffmpeg binary included.
Many projects use libffmpeg.so dont know if that could be used too.
I got a bunch of weird bugs with Distrobox in the beginning
Honestly never had issues. I now use an Arch distrobox too, but I dont really need Distrobox anyways. The Arch repos are too small.
There is a COPR for RStudio-copr-manager and the entire CRAN module list as RPMs. Otherwise you have a hard time getting the R plugins you may need to your distro.
QGis needs some python integration which seems to be missing on Arch too.
With the COPR I know who to trust, unlike the AUR, even though I now also setup yay.
Everything nearly separated from my OS using the different distrobox homedirs which work flawlessly.
Also distrobox upgrade --all works awesome its just a wrapper but really valuable.
I make an exception for Anki and MakeMKV.
I have no idea because I install everything from unverified. Should learn how to swap remotes, then I could swap all the verified apps and when removing the unverified can check what I still use.
But unverified Flatpaks may be way better than distro packages. At least it is very transparent on Github (yeah, sucks) unlike strange distro build systems.
I kind of hate Debian and Ubuntu’s userpsace :)
What, GNU utils? What makes it special, apart from apt? They have nala so that is dealt with.
DNF5 will definitely shake things up. Because rpm-ostree is going away to be replaced by dnf again.
Yeah this will be crazy. dnf has a lot more commands for querying etc, that will be useful.
It also sounded like they would reinvent the wheel a bit? Dont know
Seems you can use all the libraries too as if they were binaries. Updated my Fedora post.
Currently testing how to run the freedesktop.org runtime with home permission, this would allow to not give any app permanent home permission.
But wait, you can run apps with different permissions temporarily, right?
Like flatpak run --filesystem=home org.app.name
but I read the PKGBUILDs and understand them.
That is the best way but not scalable for most users. You need access control and trust. On COPR I add the repo of an individual and only get packages from them.
And programs can bypass it anyway with /home/$USER if they’re feeling vindictive, though I haven’t run into any yet. It’d definitely be nice to have more complete isolation one day.
This is not about isolation, even though this should totally be done. Its just about preventing dotfile mess.
Scalable, you know. A system should stay vanilla in 20 years, in 40 years.
In the end it would be
core minimal system
/etc has some settings pinned or none at all, the rest is always flushed from /usr/etc (issue)
the immutable rest is always upstream
the bootloader is updated with bootupd
flatpaks have their configs isolated, when they are uninstalled, their data is removed
distroboxes are ephemeral, they are used for tasks, managed through a GUI app with a set of commands (like “add this repo” and packages to install, or even building blocks or checkboxes), they are recreated with OS releases
the distroboxes have their own dotfiles which never overlap
the desktop has figured out a way to cleanup old dotfiles
I mean we are not there yet, but close.
I really hate apt.
Apt is an ugly mess and nala might be python bloat but it looks fancy and automates things. Now that it runs on Debian 12 I installed it everywhere.
I really have no idea what to expect. But if I never need to use rpm for querying or whatever again I’ll be happy.
Yeah or add curl instructions to projects like librewolf, to avoid needing “oh and on atomic distros you dont use ‘dnf blabla’ but download it directly”.
Custom Linux Distribution just for Gaming (bazzite.gg)
Bazzite comes ready to rock with Steam and Lutris pre-installed, HDR support, BORE CPU scheduler for smooth and responsive gameplay, and numerous community-developed tools for your gaming needs.
Bazzite download keeps failing German
I wanted to try Bazzite but for some reason the download from bazzite.gg is very slow (around 1-2MB/sec) and also fails at some point, every time....
People doing the 30 days linux Challenge are having several problems because of Mint's old packages and technology. Why people still recommend it when there is Fedora and Opensuse with KDE and Gnome?
GNOME 47 Can Now Be Built With X11 Support Disabled (www.phoronix.com)
For those wanting to build a Wayland-only Linux desktop experience without carrying any aging X11 baggage, GNOME 47 will be able to optionally offer Wayland-only support without carrying X11/X.Org support. This Mutter merge request landed today that allows compiling Mutter with X11 support disabled. That landed today along with...
Turn tablet into ereader
Just like the title says I want to turn an old tablet of mine into an ereader....
Switch from Ubuntu to something immutable?
Sup penguin people....
Furi Phone FLX1: Debian smartphone debuts • The Register (www.theregister.com)
Location of mouseover/hover effects on icons-only task manager?
I was wondering if anyone could tell me where the location for the icons-only task manager settings file is for plasma? I have a number of custom icons I’ve made, and it appears that the default mouseover/hover effect does not work with them. For icons I have not changed, the icon “lights up” or gets a wash over itself...
bash coding standards?
i didnt care about how i wrote my bash scripts, coz i know theyd ultimately be used just by myself. but for the past few day, i’ve been working on this project, mk-blog which uses some bash scripts, there are chances that others might look at them. besides in work they’re asking me maintain a server. so why not learn the...
Why does nobody here ever recommend Fedora to noobs?
I have tried Linux as a DD on and off for years but about a year ago I decided to commit to it no matter the cost. First with Mint, then Ubuntu and a few others sprinkled in briefly. Both are “mainstream” “beginner friendly” distros, right? I don’t want anything too advanced, right?...
Open-Source Video Editor 'OpenShot' Gets 'Game-Changer' Update (www.omgubuntu.co.uk)
Inkscape Flatpak is looking for a maintainer! (github.com)
The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community....
[help] What is the best way to screenshare a single window with audio?
Hello guys! sometimes I watch movies with friends over jitsi meet, and in order to share just a single window with just its own audio I use chromium, that has the “share tab” option. However, I’d like a more general solution (I cannot play mkv files on browser, for example). I’d like a compact way that creates a virtual...
Tried to dual boot W11 & Ubuntu & bricked my PC
Not sure if this is the right place to ask or if anyone can help me, but today, I installed the ubuntu ISO & converted it to a bootable format on an 128GB SD card (All my USBs are too small) I ran the installer as normal & here’s where I think I messed up. I allocated a 27GB partition for linux but that option didnt apper on...
what are the pros and cons of apt vs flatpak?
target OS is debian or linux mint