Windows 11 has irked me on my main laptop. I still use it due to various applications (not just games) that require Windows, but the slowness of the OS and the tracking drive me away from it. I installed Linux on another drive on the laptop.
Additionally, I purchased a desktop from my friend, and completely wiped Windows from it to install Linux (KDE Neon). I realized there is nothing that I’d want from that desktop, possibly aside from a couple of games my more powerful laptop can run, that Linux cannot run.
I just wanted to add that you can run gui applications through ssh with x11 forwarding, options -X or -Y (untrusted/trusted but at least in Debian back in the day they behaved the same). So if you wanted a gui file manager you run it in the ssh session on the remote server, sudo if you need but NEVER logged as root, and the window will pop on your local DE instead of having to run an entire desktop on each server
At that price range, be sure to carefully check compatibility for your favorite distribution and for any hardware that you intend to use.
For what it’s worth, I have an old HP Stream 7 that currently runs Debian Bookworm. I think that it cost about $100 new. I can use it as a pdf reader and to sync files, but there are plenty of tradeoffs due to the 1gb of RAM, the weak Atom processor, the small amount of built-in storage, the mediocre touchscreen, and the general poor quality of touchscreen interfaces among low-resource window managers. Neither camera works and several distributions can’t support the built-in audio. Screen rotation is a crapshoot. Forget about low-power standby. Some of these issues are unique to my tablet, but some of them are problems that people tend to run into when they try to shoehorn linux into a tablet that wasn’t built with linux in mind. Something like a Pinetab would be a better bet.
I saw another person suggest an aftermarket Surface. If you go this route, carefully research the exact model number to verify that the hardware supports linux and that there is a clean way of installing your preferred distribution.
Another thing worth mentioning. Installing linux can be a special kind of hell. Most distributions don’t have a touchscreen-friendly installer. For my cheap tablet, this meant cobbling together a flash drive, a powered USB hub, a USB keyboard, a USB ethernet adapter, and a USB-OTG cable for the single micro-usb port on the tablet. Then, I had to race the decade-old tablet battery to the finish line during the install process. Plus something about a 32-bit EFI bootloader combined with a 64-bit processor.
Depending on if you wrote the kernel cmdline yourself I imagine this might happen using /dev/sdN style device paths? BIOS might change things up every now and then for fun, so using partition UUIDs would be a better way if so.
Basically just look for things like root=/dev/sda2 in the kernel command line. You can get it at runtime by running “cat /proc/cmdline” having /dev/sda etc in your fstab might also be a problem
Yes if you have multiple drives some buggy BIOS may not enumerate them in the same order every time. Most modern distros do UUIDs by default but when manually setting up a bootloader it is easy to succumb to such temptations to use the much simpler device paths as the UUIDs are a pain. If you’re not sure how to change the kernel parameters most likely you’re good on that front actually, its in your grub config as others have mentioned. I’ll leave this comment around in case some poor soul who did it manually comes across the thread.
On a typical home user desktop linux setup, there’s virtually no difference between your regular user and root.
Access to your data, emails, passwords, installing software (in /home), access to LAN and so on are already possible without root permissions, so there really is not a whole lot that an attacker cannot do even without root.
And then, if you use sudo or su (or whatever) to switch to root with a password, escalating to root privileges is basically trivial for an attacker. An attacker can divert your PATH to compromised binaries. They could just replace “sudo” with their own little script that steals your password.
Yes. Running anything as root is potentially dangerous. And a browser is a complex and big piece of software with many security issues that can be (potentially) triggered remotely. So it’s bad because of two reasons.
Btw a desktop environment also is a complex and big piece of software with potential issues. Running the whole desktop as root is another thing you wouldn’t do for extra security.
The proper way is to just create a user account and run the desktop and browser as a user. Open a terminal and ‘su’ or ‘sudo’ to limit root rights to the operations that actually need those permissions.
Just running everything as root certainly works. But you do away with all the extra layers of security and end up with something as secure as MS-DOS or a Windows in the 90s or early 2000s.
That’s a link to the most recent release of Firefox and the security vulnerabilities that were fixed.
You’ll notice the first one listed says, “This issue could allow an attacker to perform remote code execution and sandbox escape.”
So if you visited a site that exploited that bug, it escaped the sandbox and ran whatever code it wanted to. Since you were running as root it could do anything it wants. Your device is now the property of someone else. Potentially all your data has been stolen. You probably didn’t even notice.
Now. Realistically. You probably didn’t get exploited. Your device may not be vulnerable to that particular bug. But new bugs are found, and fixed, and created every day. Can you be sure you weren’t exploited?
Let’s look at it a different way. Think of it like driving a car with no seatbelt or airbags. As long as you don’t crash, you’re fine. The car still works fine without seatbelts and you have more freedom to move your arms around.
Let’s look at it a different way. Do you ever lock the door to your home/apartment? Heck do you even close the door? Why not leave it wide open?
At the end of the day security is about layers and the trade offs for convenience. You can run KDE as root, and you can run Firefox as root. You’ll probably be fine. It’s like driving without a seatbelt or leaving your front door wide open, but you can do it. If you do drive with a seatbelt and at least close your front door, you can probably run KDE and Firefox as a regular user.
You will never be a real display server. You have no hardware cursors, you have no xrandr, you have no setxkbmap. You are a toy project twisted by Red Hat and GNOME into a crude mockery of X11’s perfection.
All the “validation” you get is two-faced and half-hearted. Behind your back people mock you. Your developers are disgusted and ashamed of you, your “users” laugh at your lack of features behind closed doors.
Linux users are utterly repulsed by you. Thousands of years of evolution have allowed them to sniff out defective software with incredible efficiency. Even Wayland sessions that “work” look uncanny and unnatural to a seasoned sysadmin. Your bizarre render loop is a dead giveaway. And even if you manage to get a drunk Arch user home with you, he’ll turn tail and bolt the second he gets a whiff of your high latency due to forced VSync.
You will never be happy. You wrench out a fake smile every single morning and tell yourself it’s going to be ok, but deep inside you feel the technical debt creeping up like a weed, ready to crush you under the unbearable weight.
Eventually it’ll be too much to bear - you’ll log into the GitLab instance, select the project, press Delete, and plunge it into the cold abyss. Your users will find the deletion notice, heartbroken but relieved that they no longer have to live with the unbearable shame and disappointment. They’ll remember you as the biggest failure of open source development, and every passerby for the rest of eternity will know a badly run project has failed there. Your code will decay and go to historical archives, and all that will remain of your legacy is a codebase that is unmistakably poorly written.
This is your fate. This is what you chose. There is no turning back.
I don’t get it anyway, if you login remotely, why don’t you just open firefox locally but on the remote servers? This makes not much sense.
But If you absolutely have to. … At least be careful with your surf-targets. A search-engine and wiki would most likely be fine. Some pron-, stream- or warez-sites? Nah. Surely not.
but no one seems to be discussing how risky it actually is.
That is because people stopped doing it ages ago.
But shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system?
Security is always a matter of layers. Any given layer can fail some of the time but you want to set up your security so situations where all the layers fail together are rare.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.