rollingflower

@rollingflower@lemmy.kde.social

This profile is from a federated server and may be incomplete. Browse more on the original instance.

rollingflower,

Yup, Wayland is so old it already has old concepts. But it is also changing a lot

rollingflower,
  • TPM encryption or LUKS in general
  • general distro architecture like ostree
rollingflower, (edited )

Here is my template


<span style="color:#323232;">sudo cat > /etc/systemd/user/rsync-backup.service <<EOF
</span><span style="color:#323232;">[Unit]
</span><span style="color:#323232;">Description=do rsync backups with some conditions
</span><span style="color:#323232;"># After=network-online.target
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Service]
</span><span style="color:#323232;">Type=oneshot
</span><span style="color:#323232;"># require a power connection (optional)
</span><span style="color:#323232;"># ExecStartPre=sh -c '[ $(cat /sys/class/power_supply/AC/online) = 1 ]'
</span><span style="color:#323232;">
</span><span style="color:#323232;"># require battery over 40%
</span><span style="color:#323232;"># ExecStartPre=sh -c '[ $(cat /sys/class/power_supply/BAT0/capacity) -ge 40 ]'
</span><span style="color:#323232;">
</span><span style="color:#323232;"># require the connected network to NOT be "metered"
</span><span style="color:#323232;"># ExecStartPre=sh -c '! $(nmcli -t -f GENERAL.METERED dev show | grep -q 'yes')'
</span><span style="color:#323232;">
</span><span style="color:#323232;">ExecStart=/home/user/.local/bin/rsync-backup
</span><span style="color:#323232;"># you might add everything you need
</span><span style="color:#323232;"># ExecStart=/path/to/something/else
</span><span style="color:#323232;">
</span><span style="color:#323232;"># delete old logs (disabled for testing)
</span><span style="color:#323232;"># ExecStartPost=rm -f /var/log/rsync-backups.log
</span><span style="color:#323232;"># log the updates
</span><span style="color:#323232;"># ExecStartPost=sh -c 'echo "Last backup: $(date)" > /var/log/rsync-backup.log'
</span><span style="color:#323232;"># write errors to log
</span><span style="color:#323232;">StandardError=file:/var/log/rsync-backups.log
</span><span style="color:#323232;">
</span><span style="color:#323232;"># GUI message
</span><span style="color:#323232;">#ExecStartPost=/usr/bin/notify-send -t 0 -a "Backup" "rsync backup finished." "$(output of some command if you want infos about the backup)"
</span><span style="color:#323232;">
</span><span style="color:#323232;"># run with low priority, when idling
</span><span style="color:#323232;"># Nice=15
</span><span style="color:#323232;">IOSchedulingClass=idle
</span><span style="color:#323232;">
</span><span style="color:#323232;"># when conditions were not met, try again after 15 minutes
</span><span style="color:#323232;"># Restart=on-failure
</span><span style="color:#323232;"># RestartSec=900
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Install]
</span><span style="color:#323232;">WantedBy=multi-user.target
</span><span style="color:#323232;">EOF
</span>

Timer file:


<span style="color:#323232;">sudo cat > /etc/systemd/user/rsync-backup.timer <<EOF
</span><span style="color:#323232;">[Unit]
</span><span style="color:#323232;">Description=do rsync backups with some conditions
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Timer]
</span><span style="color:#323232;">OnCalendar=daily
</span><span style="color:#323232;">Persistent=true
</span><span style="color:#323232;">EOF
</span>

(I think the unit is needed)

That is a slightly modified variant of my automatic rpm-ostree system updates which took an hour or so with the help of ChatGPT and a lot of testing around.

Systemd services are lit.

If you add a “repeat when conditions are not met” you need another timer to start it. Like 2 loops, one big loop to start the process, and one small loop to keep trying until conditions are met. I do that with my system updates to prevent them being done

  • with low battery (or even using an AC requirement)
  • over a metered network
  • when the system is busy
rollingflower,

Okay good notice. You should put that in a deparate .timer file then

Anyone know exactly what info Youtube captures from you from its browser version (and by what means)?

I know the prevailing sentiment for a long time in the privacy community has been “DAE Youtube bad?” though I have always thought that it is kinda overblown. Besides, I am using Firefox which is supposed to isolate tabs so they can’t speak to each other, so I felt a small amount safer using Youtube....

rollingflower,

Adblock doesnt help privacy.

You need to use a hardened browser with as little unique identifiers as possible. Then you need to delete cookies and use different or unified IP addresses, obviously.

rollingflower,

If you use dnf you are not affected, yes

rollingflower,

Use 40 and not rawhide and you are good. But be aware that the upgrade to Plasma 6 might break small things.

I tested Plasma 6 on Fedora Kinoite months ago and it was already in a really good state. Really, the release of Fedora 40 will have a pretty much just working new Desktop!

rollingflower,

This, I would honestly not recommend regular Fedora, but Kinoite always.

I dont feel safe on traditional distros that just break and literally have no mechanism to just reset everything to default.


<span style="color:#323232;">rpm-ostree reset --reboot
</span>

Done.

rollingflower,

Gentoo is moving the non-technical organization overhead to Software in the Public Interest (SPI). As noted above, SPI is already now recognized at US federal level as a full-fleged non-profit 501©(3). It also handles several projects of similar type and size (e.g., Arch and Debian) and as such has exactly the experience and background that Gentoo needs. What are the advantages of becoming an SPI Associated Project in detail?

Financial benefits to donors:


<span style="color:#323232;">tax deductions [1]
</span>

Financial benefits to Gentoo:


<span style="color:#323232;">matching fund programs [2]
</span><span style="color:#323232;">reduced organizational complexity
</span><span style="color:#323232;">reduced administration costs [3]
</span><span style="color:#323232;">reduced taxes [4]
</span><span style="color:#323232;">reduced fees [5]
</span><span style="color:#323232;">increased access to non-profit-only sponsorship [6]
</span>

Non-financial benefits to Gentoo:


<span style="color:#323232;">reduced organizational complexity, no “double-headed beast” any more
</span><span style="color:#323232;">less non-technical work required
</span>

[1] Presently, almost no donations to the Gentoo Foundation provide a tax benefit for donors anywhere in the world. Becoming a SPI Associated Project enables tax benefits for donors located in the USA. Some other countries do recognize donations made to non-profits in other jurisdictions and provide similar tax credits.

[2] This also depends on jurisdictions and local tax laws of the donor, and is often tied to tax deductions.

[3] The Gentoo Foundation currently pays $1500/year in tax preparation costs.

[4] In recent fiscal years, through careful budgetary planning on the part of the Treasurer and advice of tax professionals, the Gentoo Foundation has used depreciation expenses to offset taxes owing; however, this is not a sustainable strategy.

[5] Non-profits are eligible for reduced fees, e.g., of Paypal (savings of 0.9-1.29% per donation) and other services.

[6] Some sponsorship programs are only available to verified 501©(3) organizations


You can still donate to the SIP and the Förderverein in Germany.

rollingflower,

To my knowledge they did some horrible “performance” fixes like disabling Windows Defender.

Windows requires you to install random software. If you are really careful, you could live without antivirus, but honestly just dont.

If your PC doesnt tolerate the overcomplicated Windows 11, any Linux distro is lighter.

I recommend to give Fedora Kinoite a shot. It is a very modern distribution model.

Fedora Discussion is a good resource for help, and I am always down to fix the small Kinoite issues like video codecs or flatpaks.

rollingflower,

Okay then that was the “extreme” mode and maybe was already removed.

rollingflower,

RIP Jia Tan

rollingflower,

This!!!

This!!

People, stop celebrating “freeing” software of maintainers that want to prevent being exploited.

rollingflower,

Can we stop calling a good software dev autistic or stuff?

rollingflower,

Why… is Canonical so good with business connections and spreading desktop Linux around the world? While they use fu**ing Snaps and break GNOME as “their desktop”?

rollingflower,

I think their concept is just as flawed as “dash to dock”. Desperately trying to “not be Windows” (while mimicking mac lol)…

You have a huge top bar that is mainly unused space. You have no hitbox at the top right edge, because of the bad GNOME decorations (also in Firefox) and because of that stupid top bar.

Then having a dock with empty space around it, where you could easily fit clock, quicksettings and menu, why??

Dash to panel fixes most, just not the bad hitboxes to the top edge. And luckily it is very actively maintained.

Ubuntu meanwhile keeps that useless top bar and also places a bar at the edge. This is good for regular screens. But it is annoying when tiling in half.

And they dont fix it, as they still keep the silly top bar.

And the main issue is their theming, which breaks apps.

rollingflower,

This is so damn needed

rollingflower,

It is also a lie as the installer doesnt know any percentages.

But afaik Debian installer, Calamares, Fedora Anaconda and more all have loading bars

rollingflower,

github.com/Jguer/yay

Doesnt look like that, many translations but also normal maintenance

rollingflower,

Fedora Pantheon or something. But really, GNOME, KDE, LXQt, Cinnamon, Mate, soom COSMIC are all in a better state.

What apps would you love to have open-source alternatives for?

It seems like the FOSS community is continuing to grow, and FOSS apps keep getting better (Immich reallh blew my mind recently), which is a big win 😎 but there are still many apps I use that I would kill for an open source alternative. I am curious what you guys think? Are there any apps you’d love alternatives for?

rollingflower,

Passwords are meant to protect against using privileged processes as the user. This comes from a very traditional multi-user system, where users should not touch the system.

If the actions that require authentication are supported by polkit (kde shows the ID when expanding the message) you can add a policy file in /etc/polkit-1/rules.d/

Take this file as an example

rollingflower,

What is system32? Outdated 32bit binaries?

rollingflower,

Would probably be /usr and /bin, while some apps get installed to /opt or even /local or /var

rollingflower,

Futo voice input got damn good for german and english at least. They use whisper afaik

[SOLVED!] On an Android phone is there an open source method of compressing files?

I have to submit a document for employment and they want my passport but my passport photo is 5.49 MB and they say you can’t upload anything more than 5 MB. How can I shrink that file on my android phone without paying some service?

rollingflower,
  • Image toolbox
  • imagepipe
  • bunny media editor

All better alternatives than uploading your stuff to a proprietary server (as if that would matter when you have no idea whats running in the backend)

rollingflower,

Yes and I did a similar script but “just create a script” is a really bad solution.

Apps should need to declare a shortname and flatpak should have a shortcut for those with a separated command like flatrun.

rollingflower,

Fedora Atomic Desktop, mainly KDE.

  • Fedora adds their pretty useless Fedora Flatpak repo, that is more secure but has unofficial packages, an additional runtime in RAM and a very small set of apps (they need it due to “legal problems” when preinstalling apps. Like… just dont preinstall them but add a startup page to install them manually?)
  • There is no good way to use NVIDIA as it needs proprietary drivers and some tweaks. Ublue fixes that. Same with other out-of-tree stuff. Not really their fault, but be aware that atomic Fedora has basically no proprietary NVIDIA driver support.
  • i think their kernel is extremely bloated, I would prefer having separate ones for only intel, amd, nouveau and also removing all the legacy hardware drivers nobody uses
  • an x86_64-v4 (or at least v3) variant would be really necessary (my 2012 Thinkpad is v3)
  • they will likely prefer to use flatpak firefox, just like ublue does, ignoring the inability to sandbox processes at all. This is the list of issues that need solving until Firefox "can be shipped as flatpak"
  • they use toolbx (with that silly rename from “toolbox”) instead of distrobox. Distrobox has way more critical features like a separate home, which prevents breakages through conflicting dotfiles. Toolbx is the worse product.

Also, their traditional KDE variant is very bloated, which is why I updated this guide

But overall its still my favourite distro. Has a nice community, all the desktops you want, SELinux (which is btw required to make Waydroid somewhat secure) and their atomic stuff is an awesome base thanks to ublue.

rollingflower,

Repeating, apps should need to declare a shortname. I think my script currently has no mechanism for detecting duplicates

rollingflower,

That would mean the app has access to the path, which was explained as insecure in another place

rollingflower,

Yes thar is the direction I am going to. But they just disable kernel modules from running, I dont know if that is as complete as simply not building them.

But if its possible, then everyone with amd or intel should block nouveau, and vice versa. Just keep it small.

rollingflower,

It would be a problem because of how it is currently done.

I imagine an install ISO to have a monokernel, build the kernel-building-system and detect the needed drivers. Save the config and build the matching kernel from that.

Now if you want to swap hardware, there is a transition tool within the OS that allows to state the wanted hardware component and remove the old driver from the config.

Or you switch to a monokernel and run the hardware detection and config change again.

Or you use the install USB stick (which you already have) which already uses a monokernel and has a feature to detect hardware, change the config on the OS, build and install the kernel to the OS.

This is a bit more complex than for example what fedora plans with their new WebUI installer. Poorly such a system also doesnt work that well with so many kernel updates.

rollingflower,

What I really like about stuff like RedoxOS, COSMIC, typst, simpleX, Wayland and others is having stuff built from a modern perspective with modern practices.

Linux is ancient now, and its a miracle that it is thriving like this.

If dynamic loading really is that robust, it probably doesnt matter. But I dont know how big the performance increases are and I really need to do benchmarks before and after.

There are btw also some experiments on making tbe CentOS-Stream LTS kernel run on Fedora. Which would be another great way of getting a more stable system.

rollingflower,

Fedoras kernel doesnt run well on surface and to my knowledge phosh is not well maintained

rollingflower,

Ublue has variants with the surface kernel by default. Really, just use their hacky stuff instead of getting all the errors on your device.

I am sure their gaming focused bazzite variant has a surface version. Ublue fedora is way more secure than Nobara. Fedora doesnt support Apparmor by default, so SELinux will be more secure. There are tons of things wrong with nobara, and the performance increase is really not important (TheLinuxExp tested it and its like 5%)

rollingflower,

Try ublue silverblue surface images

Here are all the images

rollingflower,

Having a device just for fun stuff… is interesting. The threat is not big but it is always possible. And in my honest opinion, after having broken every other distro model, rpm-ostree is just awesome.

rollingflower,

I was not even able to test onscreen keyboards on KDE as there seems to be no way to force it. didnt try on GNOME. It may be able to work as an ipad replacement, but not always.

rollingflower,

It is a smaller project, but good to hear its actively developed!

rollingflower,

New Clock

Downloaded with Obtainium.

It is new, elegant and supports direct boot, meaning it will wake me even if the device auto updated from an update over night.

rollingflower,

On Fedora you should use the Google binaries, as Fedoras Fastboot is broken for some reason.

You will also need the android-udev package and symlink it. That process is damn overcomplex, for “security”.

Managed to install GrapheneOS after replacing fastboot with the path to the fastboot binary downloaded from Google.

See this Fedora discuss post

Reproducing a Microsoft corporate environment on Linux.

Most companies I’ve worked at where employees had a Microsoft work computers. They were under heavy control, even with admin privileges. I was wondering, for a corporate environment, how employees’Linux desktops could be kept under control in a similar way. What would be an open source or Linux based alternative to the...

rollingflower,

If you dont even have a way of running untrusted code on your production environment, how the heck is that worse than badness enumerating AV?

Insurances…

rollingflower,

See above. There are tools for mail servers to strip and sandbox all executable attachements.

MSOffice btw doesnt allow macros anymore afaik

rollingflower,

Excel sheets can be used without macros, i.e. executable code. Macros can be disabled in Libreoffice afaik, and this is likely possible via some sort of policy.

These are great things to try out and I want to experiment with it when I have time. For example not sure if policies work with flatpak, as users could be able to change them.

Antivirus is a joke, for sure you could run it, but it just doesnt work. It would be just there for the compliance, while you simply dont run any code, not even trusted code, that doesnt come from trusted repos like Fedora, Ubuntu or flathub-verified

rollingflower,

Damn that is really cool. Good compression algorithms are key.

I also think that flatpaks huge issue is

  • installing the entire runtime instead of just needed components
  • being universal (and Linux has a reputation to support old hardware) thus wasting potential
  • not being good to backup
  • All
  • Subscribed
  • Moderated
  • Favorites
  • fightinggames
  • All magazines