Navidrome’s web player is actually pretty good and I could totally live with it if third party clients weren’t an option. Supersonic is more performant when loading 1800+ song playlists though, and infinite scrolling instead of the paginated web library is really nice.
Yes, very. This is not specific to Firefox, but anything running as root gets access to everything. Only one thing has to go wrong for the whole system to get busted.
usually logged into KDE Plasma as root.
Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.
Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.
I don’t know the specifics on Fedora’s installer, but normally that question is about disabling root account, not logging into a DE.
Not sure what else to elaborate here. There’s a bunch of code that is not tested to be run as root. A whole class of exploits becomes unavailable, if you stick to an unprivileged user.
Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.
This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?
Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?
You never log in as root. On every new VM/LXC I create, I delete the root password after setting it up so that my regular user can use sudo.
Run as your regular user and sudo the commands that need privileges.
Also if these are servers, run them headless. There’s no need for a GUI or a browser (use wget or curl for downloads, use your local browser for browsing)
You keep your files safe by having backups. Multiple copies. Set up the backups to gets copied to another server or other system your regular user doesn’t have access to. Ideally, you follow the 3-2-1 backup standard if the files are important. That is 3 copies, on 2 different media, and 1 offsite. There are many ways of accomplishing that and its up to you to figure out what works best.
How do you get dark mode in Strawberry under KDE? I remember trying to follow some guides and not having much luck. But that was a long time ago at this point. Does this “just work” now?
Thanks! I checked and actually, dark mode was already on. Huh. I guess I haven’t tried since…I don’t even know. Maybe I didn’t have qt6 installed last time?
I’m one of the converts. Didn’t like Windows 11 at all, decided to try Ubuntu/Zorin before going back to 10 and ended up staying. I’ve tried various distros many times over the past ~15 years but it never felt “ready” to me until now.
The last few years have had great improvements. For any average user (like a kid or adult that just browses web, streams video, zoom calls, etc) there is no reason a Linux desktop can’t be their main system.
I settled with Navidrome. It solves 2 use cases for me. Due to being web based it can be used by any PC or mobile device with access to my server. Additionally it supports subsonic which allows me to use a native android app (ultrasonic) and have music on the go. I don’t use services like Spotify.
Thanks for the tip but I’m not sure why I would choose a desktop client over Navidrome itself. I usually have the browser open anyway. But maybe I’m missing something useful by using an actual app?
Yes. I’m genuinely unsure how it could be any easier. It’s just add the repo and install.
But I suppose it’s a lot if you don’t know what anything means, so I’ll try to explain it at a super basic level. Sorry if this is patronising, I can’t ascertain your experience level so I have to make an assumption.
Hm. Okay so I guess before even deciphering the command, you have to know how Linux works. So on Linux, the first word is the name of the application you want to use, and everything afterwards is stuff that you pass along to the application. It’s up to the application to program in the behaviour for interpreting the words that come after the first word. So “sudo” is the name of the application you’re using, and all that other stuff is stuff you’re telling Linux to tell that other application.
Okay, so what is sudo? sudo is short for Super User Do. It’s an application that does something (sudo) as the super user (sudo). Super User is like admin on Windows. So it’s for when you want to make system level changes or want to override permission limitations. In the past, or at a basic level, you would switch user, make the change, then switch back to your personal user. But with sudo you can borrow the permissions of the super user for the purposes of that one command and everything works smoother that way.
The way you use sudo is you run the application by typing sudo, then you type in a second application and what you want that application to do, then sudo starts that other application and gives it the instructions you asked to be passed on. The second application in this case is curl.
For example, on Windows you might do sudo photoshop open C:userswinuserdocumentsrestrictedfile.psd to open a file in Photoshop that the Windows admin decided you aren’t allowed to open.
Sudo is to get super permissions and doesn’t actually tell you what the command does. The application that is actually being run in this command is curl. curl goes to a url and sees it. So it basically just means download whatever is at this URL. Here the URL is https://repository.mullvad.net/deb/mullvad-keyring.ascAll that other stuff in this command is technically curl specific, so you have to check how curl works to know what it does. But it does follow Linux conventions very closely, therefore a normal Linux user who has never used curl could still guess what it does with 100% accuracy and would probably use it correctly for the first time without checking how to use it. If you want to learn how to use it, you can use the included manual program man, by typing man curl, and as a convention, almost every Linux application will tell you how to use it if you use the -h or --help flags by typing curl -h or curl --help.
In this case, curl takes flags, these are -fsSLo, that’s 5 different flags. A flag is like a mode switch for an application, it’s specified with adding a hyphen and the trigger word. The hyphen is useful because an application like curl might want a file path /usr/share/keyrings/mullvad-keyring.asc and a URL https://repository.mullvad.net/deb/mullvad-keyring.asc, so by adding the hyphen, the application knows that fsSLO is not part of the file path, but is instead specific instructions you’re giving the application. This is a normal convention on Linux, similar to how Windows applications normally program the X button in the corner to close the window.
For curl specifically, by default curl doesn’t save the file, it just displays it in the terminal. So the most basic version of the command would be curl https://repository.mullvad.net/deb/mullvad-keyring.asc and nothing else. Let’s look at what the flags do.
-f is for fail.
-s is for silent. Both of these just change the behaviour of curl to give you less feedback and information. Mullvad probably chose to do this to make it more beginner friendly, ironically.
-S is for show error. There’s a difference between lower and upper case. Show error means that even though curl was asked to be quiet and not show what it’s doing, it should still let you know if there’s an error.
-L is for location, it’s to allow redirects. Mullvad chose to include this option so that the old instructions still work if the URL changes in the future or perhaps if you have a common typo in your command.
-o (output) writes the downloaded file to disk at the specific location. /usr/share/keyrings/mullvad-keyring.asc. The -o flag is the only one in this list that actually matters and changes what the application does. The rest is just there to be beginner friendly, but I think Mullvad made a mistake in including them personally, as I think they add to the confusion instead.
As a standard Linux convention, flags can either be a single hyphen and a letter or two hyphens and a word or a hyphenated sentence. These are conventions and up to the application, but for curl and most applications you’ll use, both work. Similarly, curl and most applications let you use a single hyphen and then all your flags in a row, or separate them with spaces and new starting-hyphens. curl -f --silent -S -L --output file.txt https://lemmy.ml for example.
Okay, so hopefully now you can read it a bit better. Let’s look at it again.
Wtf is that file and why do you need it in that folder? It’s downloading their encryption key to the folder where apt (a different application we haven’t encountered yet) looks for encryption keys. You need this for cryptographic verification. It’s a safety measure, and more important for security software like Mullvad. It’s not mandatory for adding repositories.
So with this command, you borrow the super user’s permissions and you download a file and put it in a folder.
Okay, this one is actually pretty complicated! Similar to above, how they added all those superfluous flags that make curl quieter, this is another case of the mullvad help-article-writers choosing to make the experience of copy/pasting the commands more seamless by sacrificing legibility.
But let’s go through it anyway. It’ll be a super quick crash course in how to use Linux.
Echo is an application that repeats whatever you type at it. If you run echo hi it’ll output hi into the terminal. Deb is an application that installs .deb packages. These are like .msi files on Windows. It’s specific to Ubuntu and certain other Linux distros. The stuff that follows echo is a command. deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main, if you run it on its own, it does something. But because you wrote echo first, it’s only words that are being printed in the terminal. We’ll look at what it’s supposed to do in a minute. After that part, comes a pipe |, this is very important, then a second command. sudo tee /etc/apt/sources.list.d/mullvad.list.
Okay, we’ll break this down backwards. sudo you already know. It’s just an application that starts another application. In this case tee. tee is an application that takes whatever you give it and writes it to a file. It’s called tee because it’s like a t-split, it both writes to a file and to the terminal at the same time, so you can monitor what’s being written. It’s specifically designed to be used with a pipe.
Wtf is a pipe? A pipe | is a built in Linux function that let’s you take the output from one application and feed it to another. In this case, the stuff you had before the pipe was a echo command. So the output is what you asked echo to echo back to you. deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main". That means that tee is writing this command (without the echo part in front of it, because that’s your command, not the output from an application) into the file located at /etc/apt/sources.list.d/mullvad.list. Tee by default overwrites whatever was already in the file, and in this case, a mode-switch flag wasn’t used to ask it to not do that. So if that file already existed (which it doesn’t), it would now be deleted and replaced with what you echo’d into it. deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main".
What is /etc/apt/sources.list.d/mullvad.list? That’s a file that belongs to apt. apt is your package manager, we’ll loop back to that. The /etc folder is somewhere applications put their files, rather than where the user is supposed to put their files. Having the user’s files separately like that helps with knowing which files you care about when it comes to backups and system migrations and things like that. So inside /etc, apt gets it’s own folder, and inside that folder it created sources.list.d, and inside that folder, you’re now creating a file for mullvad. In this file is the definition of the new repository you’re adding.
So echo just means “repeat what you’re given”. Then deb is the Ubuntu equivalent to msi. Then you’re telling the deb application where to find the encryption key you installed earlier, and you’re telling it which arch (short for architecture, it’s the hardware configuration of your computer) you’re interested in. When it says $ and then stuff in parenthesis like that, that stuff gets computed and substituted. So you’re not literally asking for the architecture $( dpkg --print-architecture ), but instead something like arch=amd64. dpkg is an application that keeps track of what .deb packages you have installed. With the flag --print-architecture, it’s switched to a different mode where instead of it’s primary purpose, it’s telling you what system architecture you’re using. Then it’s the URL for the repository. The URL is also variable, part of the URL will get replaced later. $(lsb_release -cs). lsb stands for linux standard base, and lsb_release is just an application that says which Linux distro you’re using. The reason this ‘standard base’ is used rather than the specific distro and version, is because it’s meant to simplify the very large diversity of Linux distributions and versions down to the minimal number of possible versions that actually have some level of incompatibility with each other. So it would say your specific major version of Ubuntu, but it wouldn’t say exactly which patch you’re on. Someone who’s not using Ubuntu, but using something that from a compatibility standpoint is fully Ubuntu compatible, might also report as a Ubuntu version when using this application. The output from this program is added to the URL. The computed result is something like https://repository.mullvad.net/deb/stable mantic minotaur main. Main just means the main branch of the application, as opposed to a special branch, like a beta-branch.
If you notice, you’re not computing these things first and then putting the result into the file, but instead you’re inserting it with variables. This will allow your system configuration to change without the need to update the repository definition.
All in all, this is a very complicated way to add a repository. On most systems, and indeed on Ubuntu, you can do this with a single application or a flag for the package manager and then a single URL. For Ubuntu it would be apt-add-repository https://repository.mullvad.net/deb/stable mantic minotaur main. But they chose to do it like this to make it easier to do once and forget.
And then finally, what is a repository? What is apt? A repository is a place that hosts software. It’s like the Play store on Android. You can use the Ubuntu repository that is standard for your Linux distribution and guaranteed to work, guaranteed to be safe, guaranteed to be respectful towards you as the user, but you can also add third party repositories. Third party developers can add their applications to the official repository, but doing so means they have to go through a quality assurance step, and that they are limited in the ways they are allowed to abuse you. For security software, this might add too much delay between when it’s critical that they provide an update, and when that update is approved for distribution to Ubuntu users. Instead they have opted to host their application on their own repository.
Apt is your package manager. It keeps track of everything you have installed, every library and component used and required by every application, and for some package managers, every file created by every application. It checks all repositories you’ve specified for updates and automatically updates all your applications. It also deals with requirements and conflicts, ensuring that you don’t have superfluous old libraries taking space, and that when you want to install something with requirements, you don’t need to manually hunt down all the prerequisites. Some package managers available on other systems will even compile applications and deal with build files for you.
A library is a set of application features that doesn’t necessarily belong to a specific application. They do common things and are used my many applications. For a Windows equivalent, you can think of the Microsoft Visual C++ Redistributable or Direct X.
And that’s everything.
sudo apt update
Sudo is to get super user permissions, and then run the application apt, apt is your package manager, and the command you’re giving to the apt application is to update it’s internal knowledge of available packages and versions. It needs to do this because it didn’t previously have the Mullvad repository.
sudo apt install mullvad-vpn
Sudo is to borrow the super user’s permissions, apt is your package manager, and you’re telling it to install, and then the name of the application you want to install is mullvad-vpn. This final step sudo apt install mullvad-vpn, sudo apt install firefox is how you install applications on Ubuntu typically. Everything before this was because you needed to add a third party source.
Phew, that’s a lot of text! So in hind-sight, it could be easier after all lol. Feel free to ask if you have any questions. It’s a lot of text, but I assure you that if I was going to explain anything about how to use Windows at this level of detail, it would be pages upon pages longer! I hope the explanation wasn’t too condescending. Good luck with learning how to use Linux.
_
Pedantic clarifications:
Technically, sudo is a command and not an application, but it’s made to be treated like an application. Also technically it doesn’t stand for superuser do, but all the stuff I told you is assumptions they want you to make to make it easier to use, but because it’s such a core part of Linux, it works differently on a technical level.
| is actually part of bash, not Linux, but most shells have | with identical behaviour.
Yes. I’m genuinely unsure how it could be any easier.
I was gonna laugh, but then you included a lot of information, and thinking back to the days when I would write super long instructions for people with lotsa explaining. This is a good effort to impart knowledge and I commend you for it.
Yes. I’m genuinely unsure how it could be any easier. It’s just add the repo and install.
It can be much easier to install a PPA than using the command line to do so. I think it’s high time it was as easy as clicking on a (verified) “install this repo” type button on a page, and confirming, entering your sudo password from the launchpad website. I’d even be OK with building it into Discover.
I switched from full-time windows to full-time Linux with Pop_OS and haven’t looked back. I’m very happy with it and enjoy finding FOSS alternatives to my former go-to apps. So far so good. I’m also keeping an eye on Vanilla OS as that sounds like a very cool project that is headed to beta by summer.
I’ve heard pretty good things about PopOS aside from the steam deleting desktop environment issue that ended up screwing over LTT.
If you ever want to try a non Ubuntu based distro though, I definitely recommend checking out OpenSuse Tumbeweed. I think I will stick with this for years to come.
On my laptop, I’ve switched to Linux since, despite being built in 2017, doesn’t meet Win 11’s min requirements. This is horseshit, I don’t care how MS explains it or justifies it, there’s nothing wrong with it. I’m sure during development, they realized a 20 year old computer could run Win 11 and decided to make up requirements to force people into buying new PCs.
Anyway, I’m using KDE Neon and I’m loving its ease of use and simplicity. I have barely needed to dive into the terminal to fix anything and KDE Plasma feels very polished and user friendly. To me, it feels like the new “normie-friendly” Linux. And without the horseshit telemetry and Microsoft spying, it’s like a brand new PC.
I’m a sysadmin and we are in the very early stages of rolling out windows 11 to our users. Windows is windows, but I just can’t help but have observations that windows 11 looks like KDE did maybe 10 years ago? It’s like a badly themed linux distro from 2015…
It is arbitrary: my HP Zbook initially offered W11 upgrade, but we use corporate stuff and our software wasn’t certified on W11 yet so I held off. Months later we get a notice that the Zbook no longer meets requirements for W11 LOL
I just installed Linux on a six-year-old budget laptop this morning. My first time using Linux. What was a uselessly slow machine is now just humming along.
Nice. That is what started me into Linux. Wife’s 2011 laptop became useless with W10 upgrade, now it runs linux and she has fast browsing, zoom calls etc, and it is peppy like a new computer.
Just use Waydroid instead: waydro.id, much lower overhead, however you need to mess with ARM emulation. For installing Google Apps and Device not Play certified: github.com/casualsnek/waydroid_script
Yeah I miss the visualizations in clementine, and project M doesn't seem to work for me on my system w strawberry. It loads but it doesn't seem like it's responding to playing music.
I know it’s a joke, but if linux keeps growing steadly, without saturating, it can reach a point in which it breaks the “I don’t use it because no one else does/ I don’t use it because my software isn’t supported” barrier and start to grow exponentially.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.