But at the same time, they do offer increased security when they work correctly. It’s like saying we shouldn’t use virtualization anymore because historically some virtual devices have been exploitable in a way that you could escape the VM. Or lately, Spectre/Meltdown. Or a bit of an older one, Rowhammer.
Sometimes, security measures open a hole while closing many others. That’s how software works unfortunately, especially in something as complex as the Linux kernel.
Using namespaces and keeping your system up to date is the best you can do as a user. Or maybe add a layer of VM. But no solution is foolproof, if you really need that much security use multiple devices, ideally airgapped ones whenever possible.
The main difference between Ubuntu and Fedora is the package manager. Most of the rest is just selected default values for configuration and cosmetics, and what helper scripts are or aren’t present on the system. They’re both mainstream distributions aimed at the general user, and they’re shaped by their goals.
To see how different distributions can be, you need to compare the mainstream distributions to stuff that’s decidedly not mainstream, like Gentoo, Alpine, and Nix.
Just as a trivia note: Gentoo does package a couple of other distros’ package managers (app-arch/rpm and app-arch/dpkg), for use in installing otherwise-unavailable commercial binaries, although I suspect app-arch/rpm2targz sees more use than either of them.
NixOS, Alpine and Gentoo are also pretty popular, but yeah, Fedora and Ubuntu it is the distros the regular person is associating linux with. Or doesnt know what is linux at all :)
You should delete the contents of the cache folder instead of the folder itself as sadly some apps will break pretty spectacularly if they can’t find the folder itself. Otherwise you’re entirely correct
General trick for unknowns like this, you can rename a folder, open the applications. If they work, it is likely safe to delete that folder. If not, you rename that folder back. A simple way to test removing something non-destructively.
Because the seemingly great choice of Webbrowsers in reality boils down to a risky monoculture of chromium (/its webengine). The only real alternative is Firefox/Blink. Risky, because the main driver behind Chrome-/ium (Google) is not acting on behalf of the public interest towards a free, open and privacy preserving internet. Instead they’re working on a privacy exploiting one that gets locked down using DRM technologies. Them being a vendor of major parts of the internet as well as the browser to use it makes this a lethal combination. Firefox will definitely exist for as long as Google exists, because its their tool to defy claims of a monopoly, but they will do everything to keep it the small and mostly irrelevant “competitor” it is currently. Therefore, stand against Googles evil play and help Mozilla to gain some actual indipendence and leverage for keeping the internet free (as in freedom), open and privacy preserving.
Yep. In fact my comment seemed so clear to me that I assumed it was some kind of joke, but looking at the votes, maybe swapfiles aren't as well known as I thought.
Um, you really need to read the entire phrase and not pick out only what you want from it. 😃
Swap can make a system slower to OOM kill, since it provides another, slower source of memory to thrash on in out of memory situations
It means that if you try to use it as a source of memory, when you run out of actual RAM it will make your system almost completely unresponsive due to disk thrash, instead of allowing the kernel to just kill the process that’s eating your RAM. So you’ll just end up hard-booting system.
Yes, and that’s a good thing if you don’t want it to start killing processes. You have that extra time/space to deal with the out-of-memory condition yourself.
Or you can ignore that condition and continue using the system in a degraded state, with swap as “disk RAM”.
Like I said, the system will be almost completely unresponsive due to disk access being several orders of magnitude lower than RAM and allocation thrashing… you won’t be able to do much, the mouse, keyboard and display will react extremely slowly. There may be situations where you’d prefer this to an OOM kill, for example if you’re running a test or experiment where you’d rather have it finish even if it takes a very long time rather than lose the data. But if you’re a regular desktop user or server admin you’ll probably just reboot.
This latest UKI work for Fedora will lead to better UEFI Secure Boot support, better supporting TPM measurements and confidential computing, and a more robust boot process.
and HOPEFULLY lead to a less jerky-flashy-switchy boot xperience, looks like a Vegas light show at present. switched to systemd-boot, but it’s only a tiny bit better, still switches modes/blanks screen like five times.
Omg yes, I hate those. I’m sitting here thinking it’s probably one of those simple things that scares people away from Linux…“Oh god, I see black text on white background. Abort, abort, ABORT!!”
yeah, if you don’t have an encrypted drive (which I’m gonna do on a laptop NEVER) on some OEMs this can look semi-seamless.
here’s what it looks like on a laptop:
OEM logo
screen goes blank, backlight off
light on, OEM logo
blank screen
decrypt password
blank screen
loading spinner with OEM logo
gdm/sddm login screen
blank screen
9a. (sddm) loading animation
9b. (sddm) jerk when fractional scaling kicks in
and finally there’s the desktop
with additional mode switching interjected and occasionally the horror that is GRUB inserts a ‘Loading blah blah’ text message; thankfully we’re getting rid of that.
My HP crapbook doesn’t have this OEM logo bullshit. Only the windows bootloader shows it, and the logo file is stored in the BGRT. So I don’t think I’m affected unless the WBM or systemd-boot have this vuln.
Mine:
<span style="color:#323232;">1. Screen turns on
</span><span style="color:#323232;">2. I pick EndeavorOS in systemd-boot
</span><span style="color:#323232;">3. It starts spitting out logs (I love this behavior)
</span><span style="color:#323232;">4. It switches modes once the backlight is loaded
</span><span style="color:#323232;">5. I log in
</span><span style="color:#323232;">6. KDE loads
</span>
I will never understand people who install Plymouth, it just adds complexity in the boot process. If your distro installs this then I understand why: so it doesn’t look like you’re “hacking the government”. If your distro doesn’t install it and you install it then you probably picked the wrong distro.
KDE5 is great and does everything I need it to. I feel like upgrading is just going to introduce issues while bringing nothing new to the table.
The only thing I would like to change are bigger scrollbars or have the ability to easily resize them. Something tells me this isn’t going to be included in KDE6, though.
related question, although i don’t think it’s big enough for a post of its own.
if i use btrfs subvolumes, does it mean that i can have one EFI partition and one root partition, and then subdivide the root partition using subvolumes? how would that work during the installation process? or is it done after installation?
Pretty much, yeah. At some point I remember the recommendation being having a separate /boot as well due to incompatibilities with GRUB’s save default option iirc, not sure that’s a thing anymore.
Anyway, you usually set that up during the install process, although I’m not sure graphical installers let you handcraft btrfs subvolume mount points or even select them as such these days. Last I checked at least they either just used a default layout (@ and @home with Ubuntu, for instance) or treated it as a single volume with no further options.
One EFI + one ROOT partition is what I do on both my laptop and desktop for years, /home is a subvolume to my root partition. This setup suits my needs as I don’t have to worry about how big should my root or home (gaming) partition should be.
I use Arch on my desktop and Opensuse on my laptop. They both have options to set up subvolumes from their installer, Debian does not, and I’m not sure about other distros, but you can always set that up after installation, just make your home partition the last one (after the root partition) so you can easily delete it after and grow the root partition without much blocks relocation.
if i use btrfs subvolumes, does it mean that i can have one EFI partition and one root partition, and then subdivide the root partition using subvolumes?
Yes.
how would that work during the installation process? or is it done after installation?
That depends on your distro. What do you plan to achieve with the separate subvolumes?
I already have a partition layout in btrfs where I have a /home and a /root partition, since when I installed I didn’t know about btrfs subvolumes. I use Void Linux and I think it’s after installation, since I don’t remeber having a subvolumes step during the installation.
I’ll make sure to remind about btrfs subvolumes in case I reinstall. There’s a btrfs program that has a subvolume argument, so I’m guessing that’s what I could use.
I can use Fish’s history to jog my brain on actions I don’t quite remember. Remembering a sequence of screen menus to click thru is often much more tedious & error-prone. And when you have a commonly repeated process, it’s trivial to script because shell scripts are, well, scripts for that terminal shell.
Also the terminals applications are hella portable. I can use ssh/mosh over the network & have a similar or exact environment as my main PC on a remote box. vi was always a good enough editor.
Using Btrfs you can do some pretty cool snapshotting: It’s basically like system restore of Windows but MUCH faster and pretty seamless. Even if you annihilate the whole operating system you can restore the snapshot and voila, have fun! It also has compression which can save some wear on SSDs and of course give you some more free™ storage space, which is cool [actual benefits depend on workload*]
There’s no GUI, but following the wiki pages on BTRFS subvolumes you should be able to make a subvolume for those with like 2 simple commands (take a look at the man page for BTRFS subvolumes as well)
I wasn’t cool enough to figure out how to “just boot into a snapshot” when I tried btrfs a while ago. I mean I did figure it out (maybe?) but somehow the read/write rights where messed up and the snapshot couldn’t actually boot/I wasn’t able to log in +___+ Just reinstalled the system eith good old ext4. It sounds really cool, though …
Well, sounds like a setup or distro issue. It should work without problems on Debian/Ubuntu/Mint. Linux Mint even really supports it as a setup-less default with TimeShift
It’s not all “purists” and “tribalism”, Manjaro actually has issues. Besides the well known certificate issues and older packages, I have the following anecdote which made me really dislike it.
A friend has Manjaro and one day his nvidia drivers stopped working after an update. I helped troubleshoot over the phone, while looking over the wiki. For nvidia drivers they have their own wrapper around pacman.
Turns out there’s a different nvidia driver for each kernel version. Already a stupid design. So unlike arch where there’s 1 kernel package (the latest the distro offers) and 1 matching nvidia driver, Manjaro has dozens…
The wiki never mentions how to install or update the drivers manually with pacman or anything like that. It pushes their own tool, a stupid wrapper around pacman, which is supposed to manage this for you.
In my friend’s case, the tool failed. It was trying to run pacman but there was a conflict issue. But the tool didn’t show the pacman output, so we couldn’t figure out what the tool is trying to do, and why it doesn’t work. We tried removing the tool and re-installing, and all kinds of messing around with it. It failed to install the drivers, it failed to remove the drivers, it kept failing whatever we tried.
Eventually we figured out the naming convention they used for the packages (again not mentioned in the wiki), and manage to install the correct kernel - driver pair manually, using pacman.
Tl;dr: poor design, bad documentation, and they push their own crappy tools which hinder instead of helping
there’s a different nvidia driver for each kernel version. Already a stupid design
That’s not a stupid design at all. A nvidia kernel module artifact is only compatible with exactly one kernel ABI. Thus you need one binary nvidia package for each kernel you ship.
Arch also has one package for every kernel ABI they ship: nvidia and nvidia-lts.
Though it should be noted that their design assumes that these two ABIs are the only possible ABIs which isn’t strictly the case as the zen, hardened or RT variants may sometimes lag behind their regular counterpart. That’s a stupid design if anything as it increases the friction of kernel ABI upgrades as a kernel package maintainer.
We at NixOS also ship the nvidia module for each of our ~50 kernel variants; all major versions of the Nvidia module compatible with that kernel in fact.
The only possible way to access these nvidia kernel modules is via a certain kernel’s linuxPackages attribute set that contains all packages that rely on a kernel ABI such as kernel modules or packages like perf. That’s good design if you ask me but I’m obviously biased ;)
I know you need a new nvidia driver every time the kernel updates, but why keep 50 kernel versions? My beef was them offering so many (outdated) versions instead of keeping the latest one which would make things very simple for users (imo).
These aren’t all versions per se but mostly variants, versions and versions of variants. For example, we have packaged the xanmod kernel which is a modified kernel optimised for desktop use but it has two variants: Main and LTS. We have packaged both.
Here are the names of all of our kernels currently to give you an idea (as a JSON list):
This is useful to have because users might have hardware constraints. It’s not hard to imagine a scenario where a user might have a WiFi chip that only works with kernel ABIs < 5.4 and require the 470 nvidia driver for their old GPU. Packaging just the latest kernel and just the latest Nvidia driver would make this user unable to use their system.
Turns out there’s a different nvidia driver for each kernel version
That is literally every version of Linux out there. IDK what you think was different about Manjaro in that respect. Nvidia hates linux and it’s a tough thing to keep it running, especially on a rolling release. Use the DKMS driver if you’re going to update kernels a lot. At least manjaro seperates the kernel installs from the general updates to minimize this disruption.
I know that these packages are “linked”, and for every kernel update you need a new nvidia driver, I don’t understand though why they keep so many kernel versions in the repo (and their respective nvidia drivers ofc). Just makes things confusing, I assume people generally want the latest kernel the distro has to offer, or if they want something else it’s a different kernel “flavor” like lts, zen, rt, etc.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.