Surface Laptop 3 running Kubuntu, such an improvement over what it was “designed” for.
I’m sure it is an improvement until… you’ve to use Wine to run something Windows only or a VM and end up on the exact same spot as initially but with extra steps and less performance. 😂 😂 😂
Except battery lasts more on Linux. Not to mention suspend ACTUALLY works, and won’t wake at random times while in your backpack and kill your battery before you can actually use it when you need it. Which Windows does. And yeah, most people do NOT need anything specific from Microsoft to be productive.
If every day is 1 min faster and 1 day a week is 5 min slower, that’s still a net gain. And that’s assuming that they need to run a windows-only app which a surprising amount of people don’t.
Like what, what format would this be? Regardless every company I have ever worked for issue me a laptop with windows anyway, so why would the OS I choose to use on hardware I own be a factor for work? Even then, if they didn’t I don’t know of any format that I would need that would be an issue.
Not sure about your life, but I don’t count things I enjoy as “work” especially when its not work. I enjoy using Linux, I enjoy my home lab why should I need to justify it when it brings me joy? Linux works for me and my workflow, just because it doesn’t work for yours, don’t try to shit on other people.
No no, no justification required :). It isn’t also about working or not for me. It is just that there’s a bunch of people arguing around here that Linux (desktop) is great for every use case be it work or play under any circumstance, while it isn’t.
I never made such a comment. Gaming, for me is a big reason why I only have windows installed on my PC (and adobe) there are games which work on Linux (either natively or with Proton) but some games I play, don’t. Theres no point in me dual booting as, let’s be honest, dual booting just adds more steps and overcomplicates things. I use Linux on my laptop as the alternatives I use (Darktable and Kdenlive) are more than good enough for when I’m on my laptop (its not exactly a powerhouse) but when I’m on my desktop I want to use Lightroom, Photoshop and DaVinci Resolve as they are more refined and fit my workflow better.
Unraid on my server is just because its exactly what I need.
You’re in a Linux community here man, you’re going to be outnumbered. I think people here genuinely don’t rely on Windows stuff as much as you think.
Last time I needed Windows was a few years ago when I wanted to do a firmware upgrade to my guitar processor. In the meantime I upgraded to one that itself runs Linux :)
I think lots of people exaggerate their need for certain apps. I understand if you need Photoshop for work because it may be the best tool for the job and an industry standard, but some people swear they “need” it when all they do is apply blur or red eye reduction to a picture once every 3 years. Nowadays you can probably do that in dozens of other ways.
I’ve been Linux only since late 2015 and in this time I “needed” a Windows VM ~ 2 times, but ofc personal experiences can vary greatly.
I don’t need it for windows applications, its basically something I can use for light photo and video editing and uploading to my server, all the heavy lifting is done on my PC which has windows because of adobe and better support for X264 and X265 when video editing.
Well in that case; My windows PC falls back to a server running Linux as that’s where all my files are, where my docker containers and VMs all run off… I can spin up a new PC in minutes (windows or Linux) as everything is done off the server, including staging my devices.
…yes, but that’s a minority of the time. Cumalitively the slightly bad experience averages out with the 99% of the time better experience to be solidly superior
He didn’t give up his fortune directly, because today he is a rich man. He just enriched with a different approach like opting to not lock the source code of his work like another guy we know well…
He would’ve definitely made more even as a senior employee in early Microsoft, IBM or any of the big Corps. Linux exists solely because he made it a collaborative endeavour from the start.
Linux exists solely because he made it a collaborative endeavour from the start.
That is the important part. If Linux had tried to compete with Microsoft as a closed-source operating system, no one would have used it. What makes Linux popular is that it is collectively owned, that is as much a feature of the operating system as any technology or algorithm written into the source code itself. That feature is what set it apart from Windows or Mac OS.
The laptop’s battery during these days would discharge and charge, slowly degrading the battery because only the last ~ 20% would be charged and discharged.
How, tho? Sounds like what we had for e.g. NiCd batteries (memory effect) but do not have for li-{ion,poly} ones.
Also, why would the laptop discharge the battery with ac attached? Sounds weird to me
Lithium-ion batteries these days do not have a memory effect, but will degrade when kept at 100% charge because the internal composition of chemicals will change, destroying the battery in the process. The ideal charge is between 20% and 80%. With (better) battery charge control you can extend the design capacity (the maximum charge the battery can hold when new) and lifespan. With AC attached, the battery will discharge but it will be charged when the minimum charge level is reached.
Huh, apparently some vendors kinda do it themselves (not sure if always, tho) at least for the lower bound: cat /sys/class/power_supply/BAT1/voltage_min_design reports 10.8v for a 3s battery which is about 3.6v per cell instead of 3.2. Also the upper limit is uncertain so far
I don’t really understand that argument, and I want someone to correct me:
If you were keeping your battery at the ideal charge (i.e. 20% to 80%) that means you are really only using 60% of your battery during its lifetime. I’ve been using my phone since July of 2021, always changing it to 100%, preferably only charging when it gets close to 0%. Using AccuBattery I get the battery stats and after 2 years and a half, the battery capacity is at 85%.
I still have 85% of usable battery, this is more than the 60% I’d get if I was using the battery ideally. So I don’t really get this argument about taking care of the battery cause it appears it would take a while before the battery is degraded enough to hold less charge than the recommended rate.
Stopping charge at 80% (and still going down near 0%) should give you roughly 4x the cycle life. So in theory doing that it would take about 8 years to hit the same 85% usable level.
85% left after 2.5 years is a high rate of wear, due to phones really pushing as much as they can into the battery to have longer run times.
85% after 2.5 years is not good. My car battery has guarante of 80% capacity after 6 years. 20% of range is a significant difference so I take car of my battery and don’t charge it above 80% if not needed. It’s the same with laptops. Current models can easily last 5-10 years but having only 50% of capacity after that time would be a problem. Sure, if you’re intending to throw it out after 3 years it doesn’t really matter but if you want to use it for as long as possible you definitely should take care of the battery. It’s pretty much the only part that degrades (except maybe keyboard).
To keep your system secure no matter what, you open up only the ports you absolutely need.
People will always make a mistake while configuring software, a firewall is there to make sure that error is caught. With more advanced firewall’ you can even make sure only certain app’s have access to the internet to make sure only what you absolutely need toconnect to the internet does.
In general it’s for security, but can also be privacy related depending on how deep you want to get into it.
EDIT: It isnt about not trusting other devices on your netork,or software you run, or whether you are runni g a server. It’s about general security of your system.
I have a framework laptop and endeavour os with gnome de. I’ve had no problems with it. I mainly use it for dev work and web browsing. I enabled gnome muli-gesture (basically the same gestures on a Mac trackpad). I’ve had no problems with that either.
By memory it had a Firefox extension it installed and relied on to make a few things slightly smoother like h264 video, but that was a good decade ago and Mint today doesn’t like you said
This question reads a bit to me like someone asking, “Why do trapeze artists perform above nets? If they were good at what they did they shouldn’t fall off and need to be caught.”
Do you really need a firewall? Well, are you intimately familiar with every smidgeon of software on your machine, not just userland ones but also system ones, and you understand perfectly under which and only which circumstances any of them open any ports, and have declared that only the specific ports you want open actually are at every moment in time? Yes? You’re that much of a sysadmin god? Then no, I guess you don’t need a firewall.
If instead you happen to be mortal like the rest of us who don’t read and internalize the behaviors of every piddly program that runs or will ever possibly run on our systems, you can always do what we do for every other problem that is too intensive to do manually: script that shit. Tell the computer explicitly which ports it can and cannot open.
Luckily, you don’t even have to start from scratch with a solution like that. There are prefab programs that are ready to do this for you. They’re called firewalls.
Tell the computer explicitly which ports it can and cannot open.
Isn’t this all rather moot if there is even one open port, though? Say, for example, that you want to mitigate outgoing connections from potential malware that gets installed onto your device. You set a policy to drop all outgoing packets in your firewall; however, you want to still use your device for browsing the web, so you then allow outgoing connections to DNS (UDP, and TCP port 53), HTTP (TCP port 80), and HTTPS (TCP port 443). What if the malware on your device simply pipes its connections through one of those open ports? Is there anything stopping it from siphoning data from your PC to a remote server over HTTP?
The point of the firewall is not to make your computer an impenetrable fortress. It’s to block any implicit port openings you didn’t explicitly ask for.
Say you install a piece of software that, without your knowledge, decides to spin up an SSH server and start listening on port 22. Now you have that port open as a vector for malware to get in, and you are implicitly relying on that software to fend it off. If you instead have a firewall, and port 22 is not one of your allowed ports, the rogue software will hopefully take the hint and not spin up that server.
Generally you only want to open ports for specific processes that you want to transmit or listen on them. Once a port is bound to a process, it’s taken. Malware can’t just latch on without hijacking the program that already has it bound. And if that’s your fear, then you probably have a lot of way scarier theoretical attack vectors to sweat over in addition to this.
Yes, if you just leave a port wide open with nothing bound to it, either via actually having the port reserved or by linking the process to the port with a firewall rule, and you happened to get a piece of actual malware that scanned every port looking for an opening to sneak through, sure, it could. To my understanding, that’s not typically what you’re trying to stop with a firewall.
In some regards a firewall is like a padlock. It keeps out honest criminals. A determined criminal who really wants in will probably circumvent it. But many opportunistic criminals just looking for stuff not nailed down will probably leave it alone. Is the fact that people who know how to pick locks exist an excuse to stop locking things because “it’s all pointless anyway”?
Those are both things that a window manager doesnt really do. I havent used i3 much but ill try to point you in the right directions.
For caffeine, depending on your bar, i believe most of them have modules for that.
Then for locking/shutting down, you’d want to look at i3lock, xautolock, xidlehook, and probably many others. Can’t guide you to the right commands, but this forum thread seems to have a lot of the info you’re looking for: bbs.archlinux.org/viewtopic.php?id=208699
Thankyou. For locking i have i3lock but i havent got round to customising it yet so i still have the defaults and my bar is polybar which has a has some customisation. Ill see if i can find a caffeine moduke to add to it
It doesn’t. If you’re running a laptop with a local web server for development, you wouldn’t want other devices in i.e. the coffee shop WiFi to be able to connect to your (likely insecure) local web server, would you?
If one is hosting a webserver on port 80, for example, they are going to poke a hole in their router’s NAT at port 80 to open that server’s port to the public. What difference does it make to then have another firewall that needs to be port forwarded?
Who is “they”? What about all the other ports?
Imagine a family member visits you and wants internet access in their Windows laptop, so you give them the WiFi password. Do you want that possibly malware infected thing poking around at ports other than 80 running on your server?
Obviously you shouldn’t have insecure things listening there in the fist place but you don’t always get to choose whether some thing you’re hosting is currently secure or not or may not care too much because it’s just on the local network and you didn’t expose it to the internet.
This is what defense in depth is about; making it less likely for something to happen or the attack less potent even if your primary protections have failed.
#3 is a strange one – what sort of malicious behaviour could even be done to a device with no firewall? If you have no applications listening on any port, then there’s nothing to access
Mostly addressed by the above but also note that you likely do have applications listening on ports you didn’t know about. Take a look at sudo ss -utpnl.
#5 is the only one that makes some sense; if you install a program that you do not trust (you don’t know how it works), you don’t want it to be able to readily communicate with the outside world unless you explicitly grant it permission to do so. Such an unknown program could be the door to get into your device, or a spy on your device’s actions.
It’s rather the other way around; you don’t want the outside world to be able to talk to untrusted software on your computer. To be a classical “door”, the application must be able to listen to connections.
OTOH, smarter malware can of course be something like a door by requesting intrusion by itself, so outbound filtering is also something you should do with untrusted applications.
People seem to treat it as if it’s acting like the front door to a house, but this analogy doesn’t make much sense to me – without a house (a service listening on a port), what good is a door?
I’d rather liken it to a razor fence around your house, protecting you from thieves even getting near it. Your windows are likely safe from intrusion but they’re known to be fragile. Razor fence can also be cut through but not everyone will have the skill or patience to do so.
If it turned out your window could easily be opened from the outside, you’d rather have razor fence in front until you can replace the window, would you?
If you’re running a laptop with a local web server for development, you wouldn’t want other devices in i.e. the coffee shop WiFi to be able to connect to your (likely insecure) local web server, would you?
This is a fair point that I hadn’t considered for the mobile use-case.
Imagine a family member visits you and wants internet access in their Windows laptop, so you give them the WiFi password. Do you want that possibly malware infected thing poking around at ports other than 80 running on your server?
Fair point!
note that you likely do have applications listening on ports you didn’t know about. Take a look at sudo ss -utpnl.
Interesting! In my case I have a number of sockets from spotify, and steam listening on port 0.0.0.0. I would assume, that these are only available to connections from the LAN?
It’s rather the other way around; you don’t want the outside world to be able to talk to untrusted software on your computer. To be a classical “door”, the application must be able to listen to connections.
OTOH, smarter malware can of course be something like a door by requesting intrusion by itself, so outbound filtering is also something you should do with untrusted applications.
It could also be malicious software that simply makes a request to a remote server – perhaps even siphoning your local data.
If it turned out your window could easily be opened from the outside, you’d rather have razor fence in front until you can replace the window, would you?
In my case I have a number of sockets from spotify, and steam listening on port 0.0.0.0. I would assume, that these are only available to connections from the LAN?
That’s exactly the kind of thing I meant :)
These are likely for things like in-house streaming, LAN game downloads and remote music playing, so you may even want to consider explicitly allowing them through the firewall but they’re also potential security holes of applications running under your user that you have largely no control over.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.