boredsquirrel

@boredsquirrel@slrpnk.net

This profile is from a federated server and may be incomplete. Browse more on the original instance.

boredsquirrel,

OBS is extremely bloated for simple screen recording.

There is GPU Screen recorder which I currently use, and it is fine. But that is pretty much the only one.

boredsquirrel,

I mean I already use a browser all the time.

boredsquirrel,

Does Firefox though? The Flatpak needs device access for whatever reason

boredsquirrel,

Ah yes, hard dependencies that are not actually hard dependencies.

That package may just be protected.

@OP to actually help you it would be really smart to record the issue you had when installing. Maybe SDDM setting up alongside GNOME or something?

KDE on Fedora works really well, but mixing the apps was a pain in the past, may not be anymore as the KDE Devs deal with GNOME being GNOME by just packing the needed icons into every app.

boredsquirrel,

Getting the sudo password is pretty trivial.

Just alias the sudo command to catch it and pipe it to the wanted tool.

With the sudo password you can recompile the kernel and add a random kernel module to it.

Only secureboot and verified boot make problems there. These are actually useful!

boredsquirrel,

udisksctl for mounting.

boredsquirrel,

Very very cool!

I would love to try a more KDE 3 like style on Plasma 6.

Unlike Windows 11, Plasma just got better. But I may prefer the style of Windows 7, it is just more beautiful.

The modern stuff makes a lot of usability sense, and is way simpler. Also theming between GUI Toolkits is easier, for me only GTK, Qt, Electron and a bit libcosmic.

boredsquirrel,

Virtualization actually, dont know why though

boredsquirrel,

Btw the “official COPR” on Fedora seems unmaintained, but there is a new one with recent builds.

boredsquirrel,

For me its more “who are you” “I am on every system but you never use me”

vi, tac, less, more, …

[QUESTION] Flatpak or AUR?

I’ve been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I’ve read on the internet how people prefer AUR over Flatpaks. Why? And...

boredsquirrel,

I am on Fedora so the equivalent is COPR.

Flatpaks can be built pretty messy, use outdated runtimes or even entirely outdated dependencies.

It is pretty creepy, I digged down the pyramid of dependencies of OnionShare once and that thing is huge, some projects are archived, some had new releases but it still uses the old versions.

Native packages might not bundle all that in, which means more effort but especially more updated packages.

The sandbox is determined by the packagers, and a mix between “dont make it too loose” and “dont break use cases”. For example many big projects without portal support have host permission to access your theoretical SMB shares or external media.

But yes, the bubblewrap sandbox is there, it prevents apps from manipulating the system, the syscalls are a bit restricted via a “badness enumerating” and pretty loose seccomp filter.

This prevents all apps from creating user namespaces, which are like chroots and create a small virtual filesystem for processes. They are used in FF and Chromium for sandboxing. But Firefox also uses seccomp-bpf which works within a flatpak.

If you want a Chromium browser, it should be native. Firefox arguably too, as it gets another layer of sandboxing. But Flatpaks are isolated from the system.

Have a look at bubblejail, which allows to sandbox programs from the OS with bubblewrap, but with a custom filter that can allow user namespaces.

boredsquirrel,

Cool and all but I have no idea how to test this. My hardened Firefox blocks autoplaying media, NoScript requires me to opt-in to all Javascript origins, meaning I dont even get 90% of 3rd party bloat, and UBlockOrigin also does its part.

boredsquirrel,

Well even Vanadium has Adblock now :D

I agree that we need to protect “normal” people with “normal” browsers. But on the other hand we have Mull & Librewolf so no real problem?

boredsquirrel,

TLDR:

  • turn off
  • open up
  • remove battery
  • soak in 90%+ isopropyl alcolol
  • use a toothbrush and wipe clean
  • dry

Any suggestions for cheap but decent laptops for coding?

I’m currently learning how to code (currently Python, then maybe JavaScript), but I’m not always around my desktop, and learning on my phone is not always an option (also, it can be quite cumbersome at times). Therefore, I’m looking into purchasing a laptop just for learning how to code and stuff....

boredsquirrel,

Thinkpads are not cheap as they have that reputation.

But they have good Linux support

Btw that link has tons of tracking BS in it

www.ebay.com/itm/134956529143

boredsquirrel,

Yeah get a used laptop. Anything used in good condition is way better than new at the same or often twice the price.

Chromebooks are bad, but they run Coreboot. With MrChromebox and Chrultrabook you can get a normal Coreboot BIOS on there and run any Linux distro.

But they are often not repairable and have extremely limited storage and RAM. Also finding info on many of them is horrible.

boredsquirrel,

That highly depends on your model.

  1. Yes normally once the battery is fully charged, it should run from the charger. Probably runs from the charger directly but also charges the battery.
  2. The OS can limit the battery charging start and stop point. COSMIC desktop has such a feature. It may need interaction with the EC though.
  3. Yes, if the laptop is just running off the AC, charge it to 50% and keep it there. If not, then cycling between 20/80 is best. But that is unlikely, my 2012 thinkpad also runs direclty off the charging brick.
boredsquirrel,

If you disable packages from upgrade they will be outdated…

Smallest Security/Privacy Focused Distro Help?

I’ve been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I’m reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don’t mind doing...

boredsquirrel, (edited )

If you want a secure system you need Wayland. X11 is extremely insecure, search on the internet and you find why.

But if you just need the VNC client no problem.

If you want a server, have a look at KRFB. But yes, needing static IPs suck. You could use a free DynDNS service like NoIP for that.

Trim down FF, like compile it yourself? That is for sure possible, you might want to use the ESR release to do that. You can leave out some things I suppose.

Just start with Alpine, which uses busybox and musl and is thus security focused and smaller.

Try a DE like LXQt, I will give it another go.

You can use it with X11 for now and replace the compositor in the future.

Some apps if you stick to just Qt (not that useful as Firefox will load in GTK stuff)

  • qBittorrent / Deluge
  • Haruna or Dragon
  • podman container with tor, try torvirt (and just skip the virt-manager profile stuff) (it seems unmaintained though)
  • SimpleX Appimage? Or instead of Alpine use Debian and then you can use the deb package but it was broken for me
  • Calligra instead of Libreoffice.
boredsquirrel,

Yes LXQt is simple the only light DE I know that will have Wayland support very soon. There are many others of course.

But you mentioned security, so that is that. Apart from an actual threat model which you didnt yet mention.

Compiling Firefox minimally vs just disabling it (like Librewolf does) is different.

Same with a custom Kernel with only the needed modules.

Forgot about BASIC, no idea never used it.

boredsquirrel,

There is a new Qt app called Vvave, a tiny music player.

I also dont like Elisa, I personally use G4Music but also tried Strawberry.

There also is Qmmp, which is still developed and also pretty minimal

boredsquirrel,

Late reply, had this in my inbox for a while.

Interesting bugzilla thread indeed.

seccomp vs userns

I dont know about the security difference between nested seccomp filters and user namespaces. I dont know how good the achieved process isolation is.

But I can imagine that the Firefox approach is better.

chromium

Also note that Chromium has a setuid sandbox mode which is kept as fallback. Found that through secureblue.

I know that bubblejail is currently broken for me, I will uninstall it, remove the configs and reinstall it again.

I think running FF with userns enabled AND isolated with bubblejail is best, and it is possible.

flatpak and seccomp

Flatpak has a real issue with their loose and kinda random badness-enumerating seccomp filter. See this issue

The problem is, app devs dont know shit about seccomp, some other project (was it GNOME?) just uses the Flatpak filter because they also dont know enough about it.

It would be best to have a modular approach, with “security building blocks”.

Browsers have the “base” set of rules, which is the most unrestricted there is, allowing user namespaces.

All apps by default get the “standard” set which is base, without userns.

And there can be a more secure one for strong and verystrong isolation.

browser updates

Firefox has a builtin updater, Distros just remove that. So the Mullvad Tarball and also an official Firefox or Thunderbird tarball will autoupdate.

But as the app lies in an insecure location, its source could be modified. So it is always best to have apps somewhere only root can change.

Same for flatpaks actually, –user flatpaks are installed to the user homedir without any permissions and could be tampered with by any process.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • thenastyranch
  • ethstaker
  • everett
  • Durango
  • rosin
  • InstantRegret
  • DreamBathrooms
  • magazineikmin
  • Youngstown
  • mdbf
  • slotface
  • tacticalgear
  • anitta
  • kavyap
  • tester
  • cubers
  • cisconetworking
  • ngwrru68w68
  • khanakhh
  • normalnudes
  • provamag3
  • Leos
  • modclub
  • osvaldo12
  • megavids
  • lostlight
  • All magazines
    •