All else being equal, less code and less dependencies is safer. The bigger the application and the more it tries to do, the larger its attack surface.
(Again, all else being equal. DWM is probably smaller than Weston, but Weston doesn’t let just any old process log keypresses or take screenshots, so probably at least arguable to say that Weston is (qualifier, handwave, condition, clarification) “safer.”)
Wayland is Wayland. If you use a Wayland compositor, you’re getting a lot of security by virtue of design alone. Things like keyloggers and screenrecorders will not be able to intrude on your session barring vulnerability exploits. I’m not going to touch on the relative vulnerability risk of each environment since a) they’re all relatively new & b) I’ve never implemented Wayland myself
With that being said, here’s what’s not protected by Wayland regardless of the chosen compositor: microphones, webcams, keyrings, and files.
For microphones & webcams, any distro which rolls Pipewire in combination with Wayland will be sufficient to secure these. Pretty much all Wayland environments roll Pipewire so this is only important to consider if you’re running your own customized environment (be sure to disable any pre-existing PulseAudio daemon after setting up Pipewire to close this security hole)
For keyrings, these are handled by your environment’s polkit implementation. Much like Wayland, there are several implementations of polkit and they’re all just about equally secure barring any potential vulnerabilities… Just make sure that you’re using an encrypted database (usually on by default) and that you have it configured to always relock & properly prompt for the unlock key.
For file access, this is actually a core probelm with Linux as a whole – any unsandboxed application you run will be able to read any file that you can read. The solution is to use sandboxed applications whenever possible. The easiest way to achieve this is through using flathub/flatpak applications, since they will always list out and enforce their required permissions on a per-application basis. For non-flatkpak applications, you’ll need to use “jail” environments (e.g.: bubblejail, firejail) in order to artificially restrict application permissions by hand.
Well I’m hopping around… again. I thought I had a good stable setup going but then something happens upstream that goes against what I want/believe in (looking at you RedHat) and I’m back on the hunt again....
I’ll do you one better: I’m using Debian Stable for gaming and there’s nothing bad to report. Based on my experience I’d recommend that you use Stable first, unless you feel you really need Sid. I previously ran Arch Linux, but after switching to Stable and manually sourcing a few critical cutting-edge applications through e.g. Flatpak, it feels the exact same. I don’t feel like running the entire system as bleeding edge is a good idea when you can just run a couple dozen things as cutting-edge instead.
If you plan on using Sid instead of Stable, most of the following will not apply:
If you use Flatpak Lutris and want to use MangoHud, you’ll need to install the Flatpak version with flatpak install flathub org.freedesktop.Platform.VulkanLayer.MangoHud (I don’t think it shows up in the normal store)
The one gotcha I’ve found regarding Debian Stable and gaming is that Mesa will fall out of date as the release cycle goes on and probably won’t be backported. The solution is that running games via Flatpak (Lutris, Steam, etc.) uses Flatpak’s Mesa instead, which is cutting-edge. You can also try to compile a local Mesa version with this script, and you can manually trigger games to use this version instead of the system version. It does work, but it’s more complicated and a little bit more messy.
I use the Xanmod “Main” kernel for a more recent kernel that isn’t too bleeding-edge - it stays on the previous Linux kernel version until a few point releases have come out.
CoreCtrl is available as a bookworm-backport. I manually backported it myself but it looks like it’s official now.
I’m running Wayland and KDE, with no issues to report (even with gaming)
I’ve manually compiled Libstrangle for FPS limiting, but I’ve found that I can use MangoHud to transparently limit FPS as well, by using the following environment variable: MANGOHUD_CONFIG=fps_limit=YOURFPSHERE,fps=0,frame_timing=0,cpu_stats=0,gpu_stats=0,background_alpha=0. When I want MangoHud to act as normal, I switch it to MANGOHUD_CONFIG=readcfg which uses my normal config instead. Notably, Libstrangle cannot be used with Flatpak Lutris, so FPS limiting will need to be done with MangoHud if you want to limit Linux games. DXVK games can be limited with DXVK_FRAME_RATE as well, if that’s all you need.
I make heavy use of Flatpaks for any user applications that I need to keep more modern
If it’s not available as a Flatpak, I tend to use Homebrew to keep any other critical applications up-to-date (usually some CLI tools)
I use cargo through rustup to keep some rust programs updated
I use deb-get with a couple programs that aren’t on any real repos in order to get updates
I’ve compiled a couple backports by following this guide in a stock Debian Stable VM, then copying the .deb files back out to my main system. So far this has been super easy, but I don’t want to do this unless I have to.
If a program needs to be manually compiled, I try to install it using checkinstall. checkinstall basically fake-runs an installation and notes where everything goes, then stuffs it all into a .deb for you for a proper installation that can be uninstalled later. It’s a little buggy and doesn’t always work, but if it does it’s preferable. I rarely am forced to compile something that actually needs to be installed to system, but I’ve used it a few times with good success.
I can’t think of anything else regarding Debian Stable that I’ve done at the moment. Anything else has just worked as I’m used to on a bleeding-edge distro like Arch Linux. Debian’s large package base has really helped me with obscure programs that I used to need to compile manually with Arch Linux.
The rebrand is great! I’m loving the icon, and am looking forward to seeing how this project progresses. I just have a few questions.
Even beyond a Linux client, how about a Linux server package? I understand the client situation. Microsoft dominates in the desktop space, but it’s the complete opposite in the server space. Windows server is a super niche option. This severely limits the amount of people who can host this service imo.
I get there’s a piracy disclaimer, but I do think it would just be better to change the “alternatively sourced” phrase all together. I feel that phrasing makes Gamevault a lot easier to attack for those who may not be fond of such a service existing. Maybe just say DRM-Free? It seems like the easiest way to dodge that sort of thing. Perhaps there’s a better way to phrase it that I’m not thinking of.
Overall, an awesome project! I know a lot of friends who can’t afford to buy a lot of games, and I’ve always wanted to share my library with them. It also made me think a lot more about how centralized PC gaming is nowadays. Nearly every seller distributes through Steam or Epic, and has some form of DRM. If Steam/Epic wanted to, your entire library or any game they chose could be deleted from the marketplace. Even if you have it downloaded locally, sadly a ton of games rely on the connection to Steam servers to function. Even if the games themselves are completely offline, or single player. Gog, Itch, and any other similar platforms are a rarity nowadays, and lot of the bigger publishers and developers don’t use them.
Apologies for the text wall, it was not originally supposed to be this long. I hope you got something out of my rambling. I look forward to when I can run this when Linux is (hopefully) better supported and the project matures to a point where I can transfer over. Maybe I’ll repurchase some games on Gog in that time. I do wonder how this’ll affect my experience with the Steam Deck…
I’m starting this off by saying that I’m looking for any type of reasonably advanced photo manipulation tool, that runs natively under Linux. It doesn’t have to be FOSS....
Years ago I tried modding Fallout New Vegas and I think 4 on Fedora ages (I was running Fedora 28 at the time) ago using Mod Organizer 2 and it wouldn’t work for reasons I didn’t understand, possibly file system related. I’m thinking of switching to Pop! OS full time but I’d still like to play either modded Skyrim or FO4...
Like most people, I entered COVID as a normal hobby geek with a Linux server I played around with and a healthy hardware habit with a side of home automation and DD-WRT. I emerged from COVID enrolled in college, now with two servers (one new build, one rebuilt from my first one), two Pi, multiple instances of Home Assistant (one...
Considering my threat model is just preventing my ISP to know which websites I am visiting and to prevent my government (India) from tracking me, do I need to use a VPN?...
A couple of weeks ago, @shazbot made this post about a project that they were working on. Since then, @shazbot, @ori, @minnieo and I have been hard at work, and we are excited to finally announce the official release of kbin Enhancement Suite (KES)!...
Even though BG1 isn't as "grand" feeling as 2, I think it provides a better introduction to the admittedly not very intuitive D&D 2 mechanics. The entire intro area of BG1 is a tutorial. Additionally, you start BG2 around level 10 instead of 1, and I found this to be a bit overwhelming to begin the game with.
Something that was difficult for me to wrap my head around when it originally came out was that you will die over and over again if you treat it like an ARPG. You will need to constantly be pausing, issuing orders, unpausing, repeat. I've played the remastered versions and they include programmable AI for your characters that is worth tweaking. Also remember you can manually set auto-pause conditions - they will come in handy.
Last, I'd echo what other people have suggested in that you should try to have at least a handful of ranged characters backing up your front line fighters. Mages are extremely underpowered at low levels so they can fill this role nicely while they build up spells as the game goes on. Clerics are indispensable powerhouses. Also, keep in mind that in the D&D 2 ruleset, you will receive an attack penalty for using a weapon you're not trained in, so check what proficiencies each character has when you first get them.
Otherwise, experiment and have fun! There's a very good reason why these classics have hung around for so long. They are still very good games to experience. Yell if you get stuck, I've been playing the Infinity Engine games for decades at this point, and I'm sure others here would be happy to chime in.
The biggest problem with kbin is honestly quite simple, but I don't people is talking about is the fact that finding the magazines that I'm subscribed to is in Settings > Subscribed, on Reddit, it's literally in the top bar, I don't get why it's buried in settings. Another thing is why is my home page full of posts from...
There is something called kbin-it which will allow you to have it up top. https://userstyles.world/style/10288/kbin-it download styles and then install the script. Only works on desktop afaik
This extension helps users subscribed to Lemmy communities by adding an icon before mentions or URLs related to other communities. These mentions can be in the format "!communityname" or through URLs like "https://lemmy.ml/c/memes"....
I just saw an email from Buy Me a Coffee. Not just one. I went in, and I'm truly shocked. Thank you all for the support; I would like to thank each and every one of you individually someday. Honestly, I don't know what to say. The account balance is $350, which will definitely allow me to develop kbin faster or at least not...
[cross-post] A guide to a longer lasting Smartphone.
A thread by @Reddit_refugee7834 (cross-posted from: lemmy.today/post/3507919 )...
Which Desktop / Window Manager is most secure?
I use KDE. Some use GNOME. Most other options are probably to be left out as X11 is unsafe....
Is anyone using Debian Sid for gaming?
Well I’m hopping around… again. I thought I had a good stable setup going but then something happens upstream that goes against what I want/believe in (looking at you RedHat) and I’m back on the hunt again....
Android phones can now tell you if there’s an AirTag following you (arstechnica.com)
cross-posted from: lemmy.zip/post/795697...
Better understanding and mitigating the risks of using a phone that no longer receives system updates
Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date....
[Cinnamon] Modern, Debloated, Original, and easy on the eyes. 8 words to describe someone else's work (lemmy.world)
(Re-)Introducing GameVault: The Self-Hosted Gaming Platform
Hi guys,...
Is there really no viable alternative for Photoshop on Linux?
I’m starting this off by saying that I’m looking for any type of reasonably advanced photo manipulation tool, that runs natively under Linux. It doesn’t have to be FOSS....
What CLI apps you use to do common tasks like editing (pdf, audio, video, image) files.
Here is my list:...
How is modding Bethesda games on Linux nowadays?
Years ago I tried modding Fallout New Vegas and I think 4 on Fedora ages (I was running Fedora 28 at the time) ago using Mod Organizer 2 and it wouldn’t work for reasons I didn’t understand, possibly file system related. I’m thinking of switching to Pop! OS full time but I’d still like to play either modded Skyrim or FO4...
What Are Your Favorite SBCs (Single Board Computers), Why, and How Did You Get Into Them?
Like most people, I entered COVID as a normal hobby geek with a Linux server I played around with and a healthy hardware habit with a side of home automation and DD-WRT. I emerged from COVID enrolled in college, now with two servers (one new build, one rebuilt from my first one), two Pi, multiple instances of Home Assistant (one...
Is Coreboot necessary or a issue?
Hello fellows...
Do I really need a VPN or does DNS over HTTPS does the trick?
Considering my threat model is just preventing my ISP to know which websites I am visiting and to prevent my government (India) from tracking me, do I need to use a VPN?...
kbin Enhancement Suite: a community-curated script manager that lets you customize your kbin experience
A couple of weeks ago, @shazbot made this post about a project that they were working on. Since then, @shazbot, @ori, @minnieo and I have been hard at work, and we are excited to finally announce the official release of kbin Enhancement Suite (KES)!...
[DWM] Simple and cozy (lemmy.world)
Any advice for playing Baldur's Gate for the first time in 2023?
Hey, Patient Gamers!...
My biggest problem with kbin
The biggest problem with kbin is honestly quite simple, but I don't people is talking about is the fact that finding the magazines that I'm subscribed to is in Settings > Subscribed, on Reddit, it's literally in the top bar, I don't get why it's buried in settings. Another thing is why is my home page full of posts from...
Hi /kbin! I'm currently working on a small browser extension for /kbin users.
This extension helps users subscribed to Lemmy communities by adding an icon before mentions or URLs related to other communities. These mentions can be in the format "!communityname" or through URLs like "https://lemmy.ml/c/memes"....
Thank you so much for your support! 😍
I just saw an email from Buy Me a Coffee. Not just one. I went in, and I'm truly shocked. Thank you all for the support; I would like to thank each and every one of you individually someday. Honestly, I don't know what to say. The account balance is $350, which will definitely allow me to develop kbin faster or at least not...
Android FOSS Apps List (brainfucksec.github.io)
Just posting a quick and easy reference...
Debian Linux 13 aiming to ship with RISC-V 64-bit support (lists.debian.org)
cross-posted from: https://lemmy.ml/post/1197575...
Useful links
Self hosted software awesome list...