I wondered, Browsers work really well, are already there anyways, have all the GPU stuff etc already dealt with. They also have portal support so Wayland works great....
Ah yes, hard dependencies that are not actually hard dependencies.
That package may just be protected.
@OP to actually help you it would be really smart to record the issue you had when installing. Maybe SDDM setting up alongside GNOME or something?
KDE on Fedora works really well, but mixing the apps was a pain in the past, may not be anymore as the KDE Devs deal with GNOME being GNOME by just packing the needed icons into every app.
Hello everybody! I can say I’m a newbie at Linux. Wanted to ask about Linux’ task viewers. On the famous task viewers such as bpytop, htop etc., can viruses hide from them? Excluding the injected codes, can virus & tracker/logger softwares hide from classic task viewers of Linux? Do they show all kinds of services and...
I would love to try a more KDE 3 like style on Plasma 6.
Unlike Windows 11, Plasma just got better. But I may prefer the style of Windows 7, it is just more beautiful.
The modern stuff makes a lot of usability sense, and is way simpler. Also theming between GUI Toolkits is easier, for me only GTK, Qt, Electron and a bit libcosmic.
I’ve been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I’ve read on the internet how people prefer AUR over Flatpaks. Why? And...
Flatpaks can be built pretty messy, use outdated runtimes or even entirely outdated dependencies.
It is pretty creepy, I digged down the pyramid of dependencies of OnionShare once and that thing is huge, some projects are archived, some had new releases but it still uses the old versions.
Native packages might not bundle all that in, which means more effort but especially more updated packages.
The sandbox is determined by the packagers, and a mix between “dont make it too loose” and “dont break use cases”. For example many big projects without portal support have host permission to access your theoretical SMB shares or external media.
But yes, the bubblewrap sandbox is there, it prevents apps from manipulating the system, the syscalls are a bit restricted via a “badness enumerating” and pretty loose seccomp filter.
This prevents all apps from creating user namespaces, which are like chroots and create a small virtual filesystem for processes. They are used in FF and Chromium for sandboxing. But Firefox also uses seccomp-bpf which works within a flatpak.
If you want a Chromium browser, it should be native. Firefox arguably too, as it gets another layer of sandboxing. But Flatpaks are isolated from the system.
Have a look at bubblejail, which allows to sandbox programs from the OS with bubblewrap, but with a custom filter that can allow user namespaces.
Cool and all but I have no idea how to test this. My hardened Firefox blocks autoplaying media, NoScript requires me to opt-in to all Javascript origins, meaning I dont even get 90% of 3rd party bloat, and UBlockOrigin also does its part.
I’m currently learning how to code (currently Python, then maybe JavaScript), but I’m not always around my desktop, and learning on my phone is not always an option (also, it can be quite cumbersome at times). Therefore, I’m looking into purchasing a laptop just for learning how to code and stuff....
Yes normally once the battery is fully charged, it should run from the charger. Probably runs from the charger directly but also charges the battery.
The OS can limit the battery charging start and stop point. COSMIC desktop has such a feature. It may need interaction with the EC though.
Yes, if the laptop is just running off the AC, charge it to 50% and keep it there. If not, then cycling between 20/80 is best. But that is unlikely, my 2012 thinkpad also runs direclty off the charging brick.
my 23.10 now boots to single user mode (the tty1 log in page), After logging in with username and password (not as root, but regular me) I get this message:...
I’ve been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I’m reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don’t mind doing...
If you want a secure system you need Wayland. X11 is extremely insecure, search on the internet and you find why.
But if you just need the VNC client no problem.
If you want a server, have a look at KRFB. But yes, needing static IPs suck. You could use a free DynDNS service like NoIP for that.
Trim down FF, like compile it yourself? That is for sure possible, you might want to use the ESR release to do that. You can leave out some things I suppose.
Just start with Alpine, which uses busybox and musl and is thus security focused and smaller.
Try a DE like LXQt, I will give it another go.
You can use it with X11 for now and replace the compositor in the future.
Some apps if you stick to just Qt (not that useful as Firefox will load in GTK stuff)
qBittorrent / Deluge
Haruna or Dragon
podman container with tor, try torvirt (and just skip the virt-manager profile stuff) (it seems unmaintained though)
SimpleX Appimage? Or instead of Alpine use Debian and then you can use the deb package but it was broken for me
I’ve been seeing a lot of bazzite recommendations recently, and it sure sounds great. An atomic fedora, gaming optimisations out of the box. It just works....
I dont know about the security difference between nested seccomp filters and user namespaces. I dont know how good the achieved process isolation is.
But I can imagine that the Firefox approach is better.
chromium
Also note that Chromium has a setuid sandbox mode which is kept as fallback. Found that through secureblue.
I know that bubblejail is currently broken for me, I will uninstall it, remove the configs and reinstall it again.
I think running FF with userns enabled AND isolated with bubblejail is best, and it is possible.
flatpak and seccomp
Flatpak has a real issue with their loose and kinda random badness-enumerating seccomp filter. See this issue
The problem is, app devs dont know shit about seccomp, some other project (was it GNOME?) just uses the Flatpak filter because they also dont know enough about it.
It would be best to have a modular approach, with “security building blocks”.
Browsers have the “base” set of rules, which is the most unrestricted there is, allowing user namespaces.
All apps by default get the “standard” set which is base, without userns.
And there can be a more secure one for strong and verystrong isolation.
browser updates
Firefox has a builtin updater, Distros just remove that. So the Mullvad Tarball and also an official Firefox or Thunderbird tarball will autoupdate.
But as the app lies in an insecure location, its source could be modified. So it is always best to have apps somewhere only root can change.
Same for flatpaks actually, –user flatpaks are installed to the user homedir without any permissions and could be tampered with by any process.
A screen recorder in the Browser?
I wondered, Browsers work really well, are already there anyways, have all the GPU stuff etc already dealt with. They also have portal support so Wayland works great....
Chrome 127 Should Provide PipeWire Camera Capture Support (www.phoronix.com)
Can't remove program on Gnome software center on Fedora (sh.itjust.works)
Hi everyone!...
Viruses & Task Viewers
Hello everybody! I can say I’m a newbie at Linux. Wanted to ask about Linux’ task viewers. On the famous task viewers such as bpytop, htop etc., can viruses hide from them? Excluding the injected codes, can virus & tracker/logger softwares hide from classic task viewers of Linux? Do they show all kinds of services and...
in ubuntu's recovery mode logged in as tty1, how do I copy the output of dpkg -l and history to a usb stick?
upgrading xubuntu to 24.04, fresh install, but I’d like to copy the output of both dpkg -l and history to a usb stick....
Crystal Dock v2.0 and Crystal Remix icon theme v2.1 released! (lemmy.kde.social)
Hi,...
AsahiLina: ✨ We got a bunch of Steam games to run on Asahi Linux!!! ✨ (vt.social)
Minimal CentOS-Stream 9 KDE Plasma install with latest LTS Kernel (discussion.fedoraproject.org)
How did you get out of Vim before you knew its hotkeys and commands? (lemmy.world)
Minimal CentOS-Stream 9 KDE Plasma install with latest LTS Kernel (discussion.fedoraproject.org)
[QUESTION] Flatpak or AUR?
I’ve been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I’ve read on the internet how people prefer AUR over Flatpaks. Why? And...
OC Fun fact: Autoplaying animation on websites that you can't stop is disability discrimination in the US
It's time to know your rights!...
deleted_by_moderator
Any suggestions for cheap but decent laptops for coding?
I’m currently learning how to code (currently Python, then maybe JavaScript), but I’m not always around my desktop, and learning on my phone is not always an option (also, it can be quite cumbersome at times). Therefore, I’m looking into purchasing a laptop just for learning how to code and stuff....
am I depleting my embedded notebook's battery by leaving the power cord constantly plugged in?
notebook is a 10 year old macbook pro without macos I installed xubuntu 24.04 in. It comes with an embedded battery....
upgrading to xubuntu 24.04, another update
my 23.10 now boots to single user mode (the tty1 log in page), After logging in with username and password (not as root, but regular me) I get this message:...
Smallest Security/Privacy Focused Distro Help?
I’ve been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I’m reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don’t mind doing...
Using any DE be like: (graph.org)
Bazzite ? maybe not for V-rising.
I’ve been seeing a lot of bazzite recommendations recently, and it sure sounds great. An atomic fedora, gaming optimisations out of the box. It just works....