Starfish

TootSweet, 5 months ago

All else being equal, less code and less dependencies is safer. The bigger the application and the more it tries to do, the larger its attack surface.

(Again, all else being equal. DWM is probably smaller than Weston, but Weston doesn’t let just any old process log keypresses or take screenshots, so probably at least arguable to say that Weston is (qualifier, handwave, condition, clarification) “safer.”)

chaorace, 5 months ago (edited 5 months ago)

Wayland is Wayland. If you use a Wayland compositor, you’re getting a lot of security by virtue of design alone. Things like keyloggers and screenrecorders will not be able to intrude on your session barring vulnerability exploits. I’m not going to touch on the relative vulnerability risk of each environment since a) they’re all relatively new & b) I’ve never implemented Wayland myself

With that being said, here’s what’s not protected by Wayland regardless of the chosen compositor: microphones, webcams, keyrings, and files.

For microphones & webcams, any distro which rolls Pipewire in combination with Wayland will be sufficient to secure these. Pretty much all Wayland environments roll Pipewire so this is only important to consider if you’re running your own customized environment (be sure to disable any pre-existing PulseAudio daemon after setting up Pipewire to close this security hole)

For keyrings, these are handled by your environment’s polkit implementation. Much like Wayland, there are several implementations of polkit and they’re all just about equally secure barring any potential vulnerabilities… Just make sure that you’re using an encrypted database (usually on by default) and that you have it configured to always relock & properly prompt for the unlock key.

For file access, this is actually a core probelm with Linux as a whole – any unsandboxed application you run will be able to read any file that you can read. The solution is to use sandboxed applications whenever possible. The easiest way to achieve this is through using flathub/flatpak applications, since they will always list out and enforce their required permissions on a per-application basis. For non-flatkpak applications, you’ll need to use “jail” environments (e.g.: bubblejail, firejail) in order to artificially restrict application permissions by hand.

yote_zip, 8 months ago (edited 8 months ago)

I’ll do you one better: I’m using Debian Stable for gaming and there’s nothing bad to report. Based on my experience I’d recommend that you use Stable first, unless you feel you really need Sid. I previously ran Arch Linux, but after switching to Stable and manually sourcing a few critical cutting-edge applications through e.g. Flatpak, it feels the exact same. I don’t feel like running the entire system as bleeding edge is a good idea when you can just run a couple dozen things as cutting-edge instead.

If you plan on using Sid instead of Stable, most of the following will not apply:

• Lutris has its own Deb repo if you need the latest updates, or it’s available as a Flatpak.
• If you use Flatpak Lutris and want to use MangoHud, you’ll need to install the Flatpak version with flatpak install flathub org.freedesktop.Platform.VulkanLayer.MangoHud (I don’t think it shows up in the normal store)
• The one gotcha I’ve found regarding Debian Stable and gaming is that Mesa will fall out of date as the release cycle goes on and probably won’t be backported. The solution is that running games via Flatpak (Lutris, Steam, etc.) uses Flatpak’s Mesa instead, which is cutting-edge. You can also try to compile a local Mesa version with this script, and you can manually trigger games to use this version instead of the system version. It does work, but it’s more complicated and a little bit more messy.
• I use the Xanmod “Main” kernel for a more recent kernel that isn’t too bleeding-edge - it stays on the previous Linux kernel version until a few point releases have come out.
• CoreCtrl is available as a bookworm-backport. I manually backported it myself but it looks like it’s official now.
• I’m running Wayland and KDE, with no issues to report (even with gaming)
• I’ve manually compiled Libstrangle for FPS limiting, but I’ve found that I can use MangoHud to transparently limit FPS as well, by using the following environment variable: MANGOHUD_CONFIG=fps_limit=YOURFPSHERE,fps=0,frame_timing=0,cpu_stats=0,gpu_stats=0,background_alpha=0. When I want MangoHud to act as normal, I switch it to MANGOHUD_CONFIG=readcfg which uses my normal config instead. Notably, Libstrangle cannot be used with Flatpak Lutris, so FPS limiting will need to be done with MangoHud if you want to limit Linux games. DXVK games can be limited with DXVK_FRAME_RATE as well, if that’s all you need.
• I make heavy use of Flatpaks for any user applications that I need to keep more modern
• If it’s not available as a Flatpak, I tend to use Homebrew to keep any other critical applications up-to-date (usually some CLI tools)
• I use cargo through rustup to keep some rust programs updated
• I use deb-get with a couple programs that aren’t on any real repos in order to get updates
• I’ve compiled a couple backports by following this guide in a stock Debian Stable VM, then copying the .deb files back out to my main system. So far this has been super easy, but I don’t want to do this unless I have to.
• If a program needs to be manually compiled, I try to install it using checkinstall. checkinstall basically fake-runs an installation and notes where everything goes, then stuffs it all into a .deb for you for a proper installation that can be uninstalled later. It’s a little buggy and doesn’t always work, but if it does it’s preferable. I rarely am forced to compile something that actually needs to be installed to system, but I’ve used it a few times with good success.
• (Do not make a FrankenDebian)

I can’t think of anything else regarding Debian Stable that I’ve done at the moment. Anything else has just worked as I’m used to on a bleeding-edge distro like Arch Linux. Debian’s large package base has really helped me with obscure programs that I used to need to compile manually with Arch Linux.

shinnoodles, 9 months ago

The rebrand is great! I’m loving the icon, and am looking forward to seeing how this project progresses. I just have a few questions.

1. Even beyond a Linux client, how about a Linux server package? I understand the client situation. Microsoft dominates in the desktop space, but it’s the complete opposite in the server space. Windows server is a super niche option. This severely limits the amount of people who can host this service imo.
2. I get there’s a piracy disclaimer, but I do think it would just be better to change the “alternatively sourced” phrase all together. I feel that phrasing makes Gamevault a lot easier to attack for those who may not be fond of such a service existing. Maybe just say DRM-Free? It seems like the easiest way to dodge that sort of thing. Perhaps there’s a better way to phrase it that I’m not thinking of.

Overall, an awesome project! I know a lot of friends who can’t afford to buy a lot of games, and I’ve always wanted to share my library with them. It also made me think a lot more about how centralized PC gaming is nowadays. Nearly every seller distributes through Steam or Epic, and has some form of DRM. If Steam/Epic wanted to, your entire library or any game they chose could be deleted from the marketplace. Even if you have it downloaded locally, sadly a ton of games rely on the connection to Steam servers to function. Even if the games themselves are completely offline, or single player. Gog, Itch, and any other similar platforms are a rarity nowadays, and lot of the bigger publishers and developers don’t use them.

Apologies for the text wall, it was not originally supposed to be this long. I hope you got something out of my rambling. I look forward to when I can run this when Linux is (hopefully) better supported and the project matures to a point where I can transfer over. Maybe I’ll repurchase some games on Gog in that time. I do wonder how this’ll affect my experience with the Steam Deck…

T4V0, 9 months ago

Photopea-Offline.

embrace_infinity, 10 months ago (edited 10 months ago)

Even though BG1 isn't as "grand" feeling as 2, I think it provides a better introduction to the admittedly not very intuitive D&D 2 mechanics. The entire intro area of BG1 is a tutorial. Additionally, you start BG2 around level 10 instead of 1, and I found this to be a bit overwhelming to begin the game with.

Something that was difficult for me to wrap my head around when it originally came out was that you will die over and over again if you treat it like an ARPG. You will need to constantly be pausing, issuing orders, unpausing, repeat. I've played the remastered versions and they include programmable AI for your characters that is worth tweaking. Also remember you can manually set auto-pause conditions - they will come in handy.

Last, I'd echo what other people have suggested in that you should try to have at least a handful of ranged characters backing up your front line fighters. Mages are extremely underpowered at low levels so they can fill this role nicely while they build up spells as the game goes on. Clerics are indispensable powerhouses. Also, keep in mind that in the D&D 2 ruleset, you will receive an attack penalty for using a weapon you're not trained in, so check what proficiencies each character has when you first get them.

Otherwise, experiment and have fun! There's a very good reason why these classics have hung around for so long. They are still very good games to experience. Yell if you get stuck, I've been playing the Infinity Engine games for decades at this point, and I'm sure others here would be happy to chime in.

https://isthereanydeal.com/game/baldursgateenhancededition/info/

Shortcake, 11 months ago

There is something called kbin-it which will allow you to have it up top. https://userstyles.world/style/10288/kbin-it download styles and then install the script. Only works on desktop afaik

Shortcake, 11 months ago

https://greasyfork.org/en/scripts/468460-kbin-collapsible-comments

Install tampermonkey or another user script extension