I have been daily driving Linux for over two years now and I have switched distros many times. So, when my friend bought a new laptop, I convinced him to install Linux Mint on it. I asked him if he wanted to dual boot, he said no because it would fill up all his storage. We installed Linux Mint. The other day, he wanted to play...
I wondered, Browsers work really well, are already there anyways, have all the GPU stuff etc already dealt with. They also have portal support so Wayland works great....
Ah yes, hard dependencies that are not actually hard dependencies.
That package may just be protected.
@OP to actually help you it would be really smart to record the issue you had when installing. Maybe SDDM setting up alongside GNOME or something?
KDE on Fedora works really well, but mixing the apps was a pain in the past, may not be anymore as the KDE Devs deal with GNOME being GNOME by just packing the needed icons into every app.
Hello everybody! I can say I’m a newbie at Linux. Wanted to ask about Linux’ task viewers. On the famous task viewers such as bpytop, htop etc., can viruses hide from them? Excluding the injected codes, can virus & tracker/logger softwares hide from classic task viewers of Linux? Do they show all kinds of services and...
I’ve been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I’ve read on the internet how people prefer AUR over Flatpaks. Why? And...
Flatpaks can be built pretty messy, use outdated runtimes or even entirely outdated dependencies.
It is pretty creepy, I digged down the pyramid of dependencies of OnionShare once and that thing is huge, some projects are archived, some had new releases but it still uses the old versions.
Native packages might not bundle all that in, which means more effort but especially more updated packages.
The sandbox is determined by the packagers, and a mix between “dont make it too loose” and “dont break use cases”. For example many big projects without portal support have host permission to access your theoretical SMB shares or external media.
But yes, the bubblewrap sandbox is there, it prevents apps from manipulating the system, the syscalls are a bit restricted via a “badness enumerating” and pretty loose seccomp filter.
This prevents all apps from creating user namespaces, which are like chroots and create a small virtual filesystem for processes. They are used in FF and Chromium for sandboxing. But Firefox also uses seccomp-bpf which works within a flatpak.
If you want a Chromium browser, it should be native. Firefox arguably too, as it gets another layer of sandboxing. But Flatpaks are isolated from the system.
Have a look at bubblejail, which allows to sandbox programs from the OS with bubblewrap, but with a custom filter that can allow user namespaces.
I’m currently learning how to code (currently Python, then maybe JavaScript), but I’m not always around my desktop, and learning on my phone is not always an option (also, it can be quite cumbersome at times). Therefore, I’m looking into purchasing a laptop just for learning how to code and stuff....
Yes normally once the battery is fully charged, it should run from the charger. Probably runs from the charger directly but also charges the battery.
The OS can limit the battery charging start and stop point. COSMIC desktop has such a feature. It may need interaction with the EC though.
Yes, if the laptop is just running off the AC, charge it to 50% and keep it there. If not, then cycling between 20/80 is best. But that is unlikely, my 2012 thinkpad also runs direclty off the charging brick.
my 23.10 now boots to single user mode (the tty1 log in page), After logging in with username and password (not as root, but regular me) I get this message:...
I’ve been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I’m reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don’t mind doing...
Then for the apps, good luck running a Browser at that low.
You will need only system packages, nothing else. Might try Bubblejail for sandboxing without using Flatpak (disk space, RAM). But that is in pretty early stages.
For your apps
you mean Mullvad Browser not Mull. Screw that, use Librewolf
you will not run a VM on that hardware. These are VM guest specs, not host. You can run Carburetor flatpak, or maybe a minimalist podman container with tor for proxying. User namespaces, bubblejail and seccomp are also secure.
VLC is not small. Use Celluloid or just MPV or even better just ffplay. Celluloid/Haruna/Dragon is minimal and has wayland support
rustdesk? Client or server? There is wayVNC and KDE and GNOME have their suites. But they need static IPs. Rustdesk Server has no wayland support
deluge, ktorrent, qbittorrent doesnt matter, all light. But stick to one GUI toolkit.
I think Qt can work, pcmanfm-qt is nice.
LXQt 6.1 will have “full” Wayland support, but you need to configure stuff in config files of course.
I dont know a modern Wayland ready GTK alternative to GNOME.
If you want a secure system you need Wayland. X11 is extremely insecure, search on the internet and you find why.
But if you just need the VNC client no problem.
If you want a server, have a look at KRFB. But yes, needing static IPs suck. You could use a free DynDNS service like NoIP for that.
Trim down FF, like compile it yourself? That is for sure possible, you might want to use the ESR release to do that. You can leave out some things I suppose.
Just start with Alpine, which uses busybox and musl and is thus security focused and smaller.
Try a DE like LXQt, I will give it another go.
You can use it with X11 for now and replace the compositor in the future.
Some apps if you stick to just Qt (not that useful as Firefox will load in GTK stuff)
qBittorrent / Deluge
Haruna or Dragon
podman container with tor, try torvirt (and just skip the virt-manager profile stuff) (it seems unmaintained though)
SimpleX Appimage? Or instead of Alpine use Debian and then you can use the deb package but it was broken for me
clean install: you make a backup, nuke the computer, install a fresh upgraded copy of the distro you want from a live usb, copy your data again to the computer....
My favourite DE has got to be Cinnamon, as much as I like KDE and XFCE, I prefer the simplicity of cinnamon where as in KDE has a bit too much of everything in the customization scene and XFCE I find a little tricky to get tiling working right....
it doesnt sacrifice usability or waste screen space like GNOMEs minimalism. I especially like the buttons etc. of Qt apps, where GIMP is already struggling with the huge hugeness of GTK3.
it runs 100% on Wayland
it runs GNOME apps without modifying them a bit. There is an issue where Fedora doesnt want to use Adwaita icons, but a short autostart entry solves that. KDE Breeze dark/light can sync to adwaita dark/light
it is modular and can be pretty minimal (I would like a more barebones version, without all the floating stuff etc)
all the settings are in the same app! This is a huge issue with all the small ones, where nontechnical users need to know the difference between “GTK settings” “lightDM settings”, etc.
Systemsettings are searchable, all settings pages are accessible from the global search, some pages are even shown when you use an alternative word, you can always search in english and your local language
it is very actively developed
it has tons of unique features.
it has the biggest most complex apps situated in a DE on Linux. Period. KDEnlive, digiKam, Krita, Kate, Dolphin, …
System Settings’ Printers page now guides you through the process of installing the system-config-printer package to improve printer detection, if it wasn’t pre-installed by your distro (Mike Noe, Plasma 6.1. Link)
This is really good! It may still be needed for stuff like plasma-workspace-extras, the sddm kcm, the flatpak kcm etc?
System Settings’ Background Services page is no longer actually visible in System Settings by default; everything here is an implementation detail
Sooo… will Plasma convert all these services to systemd services that can actually be disabled in a normal way?
That settings page was always only semi useful as the most important ones were missing. But disabling stuff like Orca, KDEConnect, accessibility, legacy adapters etc. should be possible.
github.com/boredsquirrel/kde-systemd-services
This doesnt work currently as KDE has multiple mechanisms to launch these (and maybe I dont really know how to do systemd stuff)
Update 1: Thanks for all the responses! I’ve gotten a lot of very good comments saying I should stick with Mint, and that’s sitting comfortably in my top two picks right now. Between new distros, I’m most interested in Arch’s rolling release model, as it provides some benefits for me for reasons I didn’t really get...
If you want gaming, use Bazzite which is based on Kinoite.
Read my comments on previous posts where I mention the reasons.
Atomic Fedora is just way better than everything else in the categories I need. (It is very stable, while not actually shipping “stable” i.e. randomly frozen packages. The packages are tested but up to date, and the distro packaging mechanism is rock solid and near unbreakable).
Used all the Ubuntu and Debian variants but they always broke.
But I simply sticked with Fedora Kinoite because the KDE packages are normally up to date, not like on Kubuntu. So the 103 bugs I reported that are still open will possibly get fixed and I actually get the fixes, and the already closed issues will also arrive at my system.
But at the same time if I have an issue it is very like an upstream KDE one.
I will never need to reinstall or unbreak my system again.
That is not hopping, its just “finding something that works (with KDE)”.
Arch with enforced full snapper snapshots may be okay but I dont think it is good. Same with OpenSUSE tumbleweed which is similar. Both are worse for stability than rpm-ostree Fedora.
If I used GNOME I guess many more distros would work.
GNOME is NOT GUI friendly. They limit the things you can do through the GUI a lot.
If you want a “normal persons desktop” then it works.
The problem is, random things are missing and fixing them requires tons of work
changing the mouse cursor
adding right click “create new” entries (afaik)
custom application launchers
GNOME just works if everything is perfect. For example apps, if you want to edit a .desktop entry of an app you need to go straight to the text files.
They just present you with “app icons” and you can only display the app in Software. Which is very fine but not friendly to people that need a little more.
Or when entering a manual path in Nautilus, you need a keyboard shortcut. Or when doing more advanced settings.
Yes but GNOME breaks extension compatibility nearly every 6 months. Maybe not from now on, as they switched for a different model.
But still, this is not GUI friendly if you need random peoples unmonitored code.
I was not referring to a single KDE Extension here. Extensions are a big security issue. Literally nobody is monitoring them. You can be happy if there are people doing badness-enumeration and flagging bad ones.
I’ve looked at a lot of other immutable distros and I might just end up using one of those, but I feel like taking on a bit of a challenge and there’s a few things I’m not very keen on with existing solutions (last paragraph is my idea if you want to skip the context)....
OpenSUSE microOS/ microOS Desktop (Aeon, Kalpa) does this.
They use a complete “changes go to the next system” thing also using BTRFS.
But they dont use OSTree so the system is fundamentally flawed.
Advantages of ostree are
complete transparency over package changes rpm-ostree db diff
complete transparency over /etc changes (the upstream is in /usr/etc and can be reset, see here
the OS is always based on a complete upstream remote, your local system does not matter at all. You can rebase, reset etc without being dependent on anything on the local OS.
Example: I could rebase from Fedora OSTree to CentOS OSTree. They are working on bootc images, which are bootable OCI images and in theory only one step away from uBlue-like distribution.
If you do anything relying on local package management like OpenSUSE does, you can snapshot between changes but still mess up.
So I would always base off OSTree.
What I dont get though is the reliance on reboots and images. OSTree works on all filesystems and doesnt need images, it is simply like a Git repo.
So what I would change is, to enable random local changes with a flag –direct and simply apply the changes live. I mean, that is what DNF and all the distros do too.
Only if you need a kernel upgrade you do stuff with a reboot. Version upgrades are also WAY better than the unstable mess on standard Fedora or other distros.
So track everything with OSTree, allow resets, rebases etc, but dont force all the image stuff. This is the reason why rpm-ostree takes so long and is so inefficient compared no DNF.
Just using OSTree you could only install RPMs, use a nonwheel user, SELinux confined users and have a secure and slim system.
I dont know if I miss something here. Android is rootless but the base OS is still immutable and uses A/B root, so writing only happens to the inactive partition. I dont know if immutability is some core security feature.
Rpm-ostree is really good as an allrounder, but I think a bit overkill. It does support installing packages live, but this does the same action afaik and just swaps the OS image without a reboot.
I can use BTRFS to hold data for the rootfs in three different subvolumes (at minimum): root-A, root-B, root-Z.
That is basically rpm-ostree or BTRFS snapshots, I dont see the point yet
root-Z is my golden image and it represents what I want root to look like after reboot.
So like the upstream ostree remote or OCI image? I think you have a big thought flaw here
root-A and root-B are the active and passive instances of rootfs, but which one is active will flip-flop after every reboot.
On every reboot they flip flop? Why??
So if I boot with A, B gets replaced with the contents of Z. This means all changes you do are removed after a reboot. rpm-ostree and ostree admin both have this feature for testing but the use case is small.
If you have an imahe Z, this is like the uBlue main image, or the Fedora OSTree remote. It is the updated vanilla thing.
Not like on OpenSUSE microOS where you at most have some vanilla BTRFS snapshot from directly after the install, but the vanilla, tested, stable base set of packages.
If you replace the stuff with that always, it is like an rpm-ostree reset but always, and with a local image.
I see the benefit of having a local reset image, as internet is not always available.
But a reset really is only needed when an update breaks things, as the base is immutanle. So no.
In the meantime I can do whatever I want with A.
So you have one testing persistent image? Or is this only temporary?
Not sure how I’ll update Z (chroot or “promote” the active subvol to be Z) but without an update every reboot is an automatic rollback.
This has little sense and honestly rpm-ostree has ephemeral changes only on the live system that will vanish when rebooting.
I dont know the use case really. We are currently working on a change proposal to fix the permissions so changing the OS is pretty privileged.
The software stores handle the system updates but dont show RPMs for installation anymore. Most people will never touch the system.
Or if they do, the system is reset to the base on every update and the changeset is permanently reapplied, every time anew. You are always rebasing off upstream, your installed OS is literally not important.
Its just the diffs that are calculated and changed.
I’ve been seeing a lot of bazzite recommendations recently, and it sure sounds great. An atomic fedora, gaming optimisations out of the box. It just works....
I dont know about the security difference between nested seccomp filters and user namespaces. I dont know how good the achieved process isolation is.
But I can imagine that the Firefox approach is better.
chromium
Also note that Chromium has a setuid sandbox mode which is kept as fallback. Found that through secureblue.
I know that bubblejail is currently broken for me, I will uninstall it, remove the configs and reinstall it again.
I think running FF with userns enabled AND isolated with bubblejail is best, and it is possible.
flatpak and seccomp
Flatpak has a real issue with their loose and kinda random badness-enumerating seccomp filter. See this issue
The problem is, app devs dont know shit about seccomp, some other project (was it GNOME?) just uses the Flatpak filter because they also dont know enough about it.
It would be best to have a modular approach, with “security building blocks”.
Browsers have the “base” set of rules, which is the most unrestricted there is, allowing user namespaces.
All apps by default get the “standard” set which is base, without userns.
And there can be a more secure one for strong and verystrong isolation.
browser updates
Firefox has a builtin updater, Distros just remove that. So the Mullvad Tarball and also an official Firefox or Thunderbird tarball will autoupdate.
But as the app lies in an insecure location, its source could be modified. So it is always best to have apps somewhere only root can change.
Same for flatpaks actually, –user flatpaks are installed to the user homedir without any permissions and could be tampered with by any process.
Yup. Also their VPN app on Linux is better than what KDE and GNOME have. Poorly. They hook into it very intensely, early boot blocking via a systemd service and all.
My friend didn't have a great experience with Linux
I have been daily driving Linux for over two years now and I have switched distros many times. So, when my friend bought a new laptop, I convinced him to install Linux Mint on it. I asked him if he wanted to dual boot, he said no because it would fill up all his storage. We installed Linux Mint. The other day, he wanted to play...
A screen recorder in the Browser?
I wondered, Browsers work really well, are already there anyways, have all the GPU stuff etc already dealt with. They also have portal support so Wayland works great....
Chrome 127 Should Provide PipeWire Camera Capture Support (www.phoronix.com)
Can't remove program on Gnome software center on Fedora (sh.itjust.works)
Hi everyone!...
Viruses & Task Viewers
Hello everybody! I can say I’m a newbie at Linux. Wanted to ask about Linux’ task viewers. On the famous task viewers such as bpytop, htop etc., can viruses hide from them? Excluding the injected codes, can virus & tracker/logger softwares hide from classic task viewers of Linux? Do they show all kinds of services and...
[SOLVED] in ubuntu's recovery mode logged in as me on tty1, how do I copy the output of dpkg -l and history to a usb stick?
upgrading xubuntu to 24.04, fresh install, but I’d like to copy the output of both dpkg -l and history to a usb stick....
AsahiLina: ✨ We got a bunch of Steam games to run on Asahi Linux!!! ✨ (vt.social)
Update : more games!
Minimal CentOS-Stream 9 KDE Plasma install with latest LTS Kernel (discussion.fedoraproject.org)
[QUESTION] Flatpak or AUR?
I’ve been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I’ve read on the internet how people prefer AUR over Flatpaks. Why? And...
deleted_by_moderator
Any suggestions for cheap but decent laptops for coding?
I’m currently learning how to code (currently Python, then maybe JavaScript), but I’m not always around my desktop, and learning on my phone is not always an option (also, it can be quite cumbersome at times). Therefore, I’m looking into purchasing a laptop just for learning how to code and stuff....
am I depleting my embedded notebook's battery by leaving the power cord constantly plugged in?
notebook is a 10 year old macbook pro without macos I installed xubuntu 24.04 in. It comes with an embedded battery....
upgrading to xubuntu 24.04, another update
my 23.10 now boots to single user mode (the tty1 log in page), After logging in with username and password (not as root, but regular me) I get this message:...
Smallest Security/Privacy Focused Distro Help?
I’ve been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I’m reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don’t mind doing...
when you upgrade an OS, do you clean install or upgrade?
clean install: you make a backup, nuke the computer, install a fresh upgraded copy of the distro you want from a live usb, copy your data again to the computer....
Favourite DE
My favourite DE has got to be Cinnamon, as much as I like KDE and XFCE, I prefer the simplicity of cinnamon where as in KDE has a bit too much of everything in the customization scene and XFCE I find a little tricky to get tiling working right....
Does this error exit status 127 (libfreerdp2-2) happen because my system (xubuntu 23.10) is not writable?
broken upgrade to xubuntu 24.04 from xubuntu 23.10, can access initramfs as root in recovery mode:...
This week in KDE: Triple buffering and other sources of amazingness (pointieststick.com)
New Linux user, here is my use case. Distro recommendations?
Update 1: Thanks for all the responses! I’ve gotten a lot of very good comments saying I should stick with Mint, and that’s sitting comfortably in my top two picks right now. Between new distros, I’m most interested in Arch’s rolling release model, as it provides some benefits for me for reasons I didn’t really get...
Rolling my own immutable distro
I’ve looked at a lot of other immutable distros and I might just end up using one of those, but I feel like taking on a bit of a challenge and there’s a few things I’m not very keen on with existing solutions (last paragraph is my idea if you want to skip the context)....
NOTE: GIMP 3 users: "arithmetic coding" JPG is not supported by many programs, instead displays blank page
I just had extreme pain with this....
(Solved) Signature-Error when updating OpenSuse Tw (discuss.tchncs.de)
Since this evening I have some problems with my OpenSuse Tumbleweed installation. I’m kind of a noob and everything I tried didn’t work out....
Bazzite ? maybe not for V-rising.
I’ve been seeing a lot of bazzite recommendations recently, and it sure sounds great. An atomic fedora, gaming optimisations out of the box. It just works....
find a file containing some text (www.youtube.com)
TL;DW...