boredsquirrel

@boredsquirrel@slrpnk.net

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Smallest Security/Privacy Focused Distro Help?

I’ve been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I’m reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don’t mind doing...

boredsquirrel, (edited )

Have a look at alpine.

For the DE, something very light is needed and I would use Wayland for security AND performance.

Problem: apart from RaspberryPiOS I know no dedicated lightweight wayland DE.

They use Wayfire, but one of these will work too.

Then for the apps, good luck running a Browser at that low.

You will need only system packages, nothing else. Might try Bubblejail for sandboxing without using Flatpak (disk space, RAM). But that is in pretty early stages.

For your apps

  • you mean Mullvad Browser not Mull. Screw that, use Librewolf
  • you will not run a VM on that hardware. These are VM guest specs, not host. You can run Carburetor flatpak, or maybe a minimalist podman container with tor for proxying. User namespaces, bubblejail and seccomp are also secure.
  • VLC is not small. Use Celluloid or just MPV or even better just ffplay. Celluloid/Haruna/Dragon is minimal and has wayland support
  • rustdesk? Client or server? There is wayVNC and KDE and GNOME have their suites. But they need static IPs. Rustdesk Server has no wayland support
  • deluge, ktorrent, qbittorrent doesnt matter, all light. But stick to one GUI toolkit.

I think Qt can work, pcmanfm-qt is nice.

LXQt 6.1 will have “full” Wayland support, but you need to configure stuff in config files of course.

I dont know a modern Wayland ready GTK alternative to GNOME.

boredsquirrel,

rpm-ostree upgrade

is enough on uBlue, as system release upgrades are automatically staged and just like normal updates.

rpm-ostree rebase may be needed on Fedora Atomic

Use a well versioned package manager guys.

boredsquirrel,

Auch Du kannft jetzt reifen!

boredsquirrel, (edited )

I prefer KDE a lot, because:

  • the UI is simple, material-ish and beautiful
  • it doesnt sacrifice usability or waste screen space like GNOMEs minimalism. I especially like the buttons etc. of Qt apps, where GIMP is already struggling with the huge hugeness of GTK3.
  • it runs 100% on Wayland
  • it runs GNOME apps without modifying them a bit. There is an issue where Fedora doesnt want to use Adwaita icons, but a short autostart entry solves that. KDE Breeze dark/light can sync to adwaita dark/light
  • KDE has tons of legacy support features, have a look at my experiment where I explored many of them
  • it is modular and can be pretty minimal (I would like a more barebones version, without all the floating stuff etc)
  • all the settings are in the same app! This is a huge issue with all the small ones, where nontechnical users need to know the difference between “GTK settings” “lightDM settings”, etc.
  • Systemsettings are searchable, all settings pages are accessible from the global search, some pages are even shown when you use an alternative word, you can always search in english and your local language
  • it is very actively developed
  • it has tons of unique features.
  • it has the biggest most complex apps situated in a DE on Linux. Period. KDEnlive, digiKam, Krita, Kate, Dolphin, …
boredsquirrel,

I like COSMIC too as a work in progress. It is damn elegant, minimalist, perfectionist.

But I dont like the general desktop UI style, the overview, the menu.

They are also just starting, but it has a big future I think.

I am always testing it and it is pretty cool. Already better than many alternatives I would say, at least if you replace some apps.

pcmanfm-qt from LXQt is actually the best filemanager next to KDE Dolphin, and has very few dependencies.

Qt apps on COSMIC are currently pretty broken, but there may be some KDE people stepping up and this is likely also fixed. Different from… some other big desktop… where KDE apps are all broken.

boredsquirrel,

Yes a lot.

The network stuff sounds like some big issues.

To my knowledge GNOME is better here?

You should absolutely report these issues with good detail.

boredsquirrel,

No. Likely just a broken package.

I highly recommend doing a system snapshot before an upgrade to prevent stuff like that.

Because of that I highly recommend atomic Fedora where this is fully automated. Or at least OpenSUSE tumbleweed. Also Ubuntu will be able to do this.

boredsquirrel,

Ehrenkarl

boredsquirrel,

Kontext

https://infosec.pub/pictrs/image/2998698f-cda2-4194-8639-a8246ca1eda6.jpeg

boredsquirrel,

Nice thing: Cosmic Terminal just embeds Alacritty but adds the stuff like tiling and tabs. Match in heaven.

boredsquirrel,

LXQt: continuation of LXDE with Qt

Hyprland: tiling/floating wayland-only window manager

Sway: same but slower and not controversial

Wayfire: floating/stacking window manager, used in RasperryPiOS

Alacritty: a terminal, in Rust, that lacks all the stuff that Desktop Terminals have, but it is aaaaaacccellerated

boredsquirrel,

KDE has crazy complex apps like Krita, digiKam, KDEnlive, Kate, Konqueror, etc etc.

They went more minimal and dedicated over time

Amarok -> Elisa, Kasts

Konqueror -> Dolphin, Falkon/“just use Firefox”

I dont get why we have Gwenview, Kolourpaint, Spectacle edit and digiKam though, this feels absurd

boredsquirrel,

Do you know if Elisa is related?

Crazy that we can use 3 forks alongside each other, feels wrong.

boredsquirrel,

Yes and no. They should really separate the fancy stuff from the base stuff. Like have a kwin-wayland-base and kwin-wayland-extras.

I guess some other features are not easy to rip out, but having only simple animations etc would really make sense.

I will try Plasma 6 on an Intel core Duo in some time though, exited.

They have an issue with disabling not needed stuff. XWaylandVideoBridge, legacy app tray support, GTK global menu adapter, and other cool but edge case stuff is just always running in the background.

Same for accessibility, GUI keyboard and Orca, even though they will be somehow dynamically loaded, they are not controllable transparently by the user.

boredsquirrel,

Yes baloo is a hog. Note that the background services systemsettings page will be hidden in the future but accessible from the global search.

boredsquirrel,

I tried LXQt and damn that is ugly. Maybe with theming?

LXQt 6.1 will have wayland support and as compositor you can use sway, hyprland, river, niri, labwc, dwl, …

boredsquirrel, (edited )

Yeah Fedora KDE is very bloated.

But no, changing the default browser under “default apps” in the settings works very reliable.

NetworkManager should default to randomized MAC since F40.

Have a look at my debloat guide

boredsquirrel,

Well thats not Plasma 6, but it likely didnt get worse.

boredsquirrel, (edited )

What is a SABnzbd ?

the MAC is randomized but static, so you are somebody else for every network, but then stay the same.

Full MAC randomization causes major breakages though, and should be avoided.

The default hostname is also really unprivate, change it to PC with sudo hostnamectl set-hostname PC.

boredsquirrel,

xdg-open will open the default browser. This is likely an issue with that app having firefox hardcoded, or detecting it and using it when detected or some stuff.

I’ve had mac rando on on fedora in the past and am running Graphene with it on by default, no breakages so far in about 2-2.5yr

People that dont have problems dont have a lot to add in terms or arguments :D

There are 2 types of MAC rando, and GrapheneOS uses full per-connection rando by default.

If you are in networks where access is controlled via the MAC, this will break. Static randomized (in grapheneOS “per network”) like on Fedora dont have this issue at all, this should really be default always.

But it does not protect against certain levels of tracking.

Also randomized MACs may fill up certain router softwares and cause DHCP to fail because it tries to remember every connected device “for security” (FritzBox in my case).

boredsquirrel, (edited )

Strange. Make sure to contact the devs though, as KDEs settings always worked for me reliably.

boredsquirrel,

You can now breathe nitrogen! Aaand, you will get instant cancer and die at age 3.

boredsquirrel,

Ich bin mir sicher dass das nicht reicht, um eine Stimme hinzuzufügen.

Oder… ihr System ist schrott.

boredsquirrel,

True. But I pay them via Monero

boredsquirrel,

Yup. Also their VPN app on Linux is better than what KDE and GNOME have. Poorly. They hook into it very intensely, early boot blocking via a systemd service and all.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • thenastyranch
  • ethstaker
  • everett
  • Durango
  • rosin
  • InstantRegret
  • DreamBathrooms
  • magazineikmin
  • Youngstown
  • mdbf
  • slotface
  • tacticalgear
  • anitta
  • kavyap
  • tester
  • cubers
  • cisconetworking
  • ngwrru68w68
  • khanakhh
  • normalnudes
  • provamag3
  • Leos
  • modclub
  • osvaldo12
  • megavids
  • lostlight
  • All magazines
    •