If you are happy with the way things are no need to change, want to Ty something out ? Live CD or VM. Dual boot if you want to keep 2 systems. Mint is pretty good. I like peppermint myself. A halfway stop between mint and arch. Shit works out of the box but runs on 1 GB ram. Worth checking out if you want to get some extra out of you computer
You most likely don’t need on device firewall if your in your home network behind a router that has a firewall. If you‘d disable that firewall as well and one of your devices has e.g. SSH activated using username and password, than there is nothing stopping a “hacker” or “script kiddy” from penetrating/spamming your SSH port and brute force your password. The person than can take over your PC and can e.g. install software for his botnet or install keylogger or can overtake your browser session including all authentication cookies or many other bad stuff.
If you are using puplic WiFi, I’d recommend a good on device firewall, or better just use a VPN to get an encrypted tunnel to your home (where you would need to open a port for that tho) and go into the internet from there.
#1 leaves a lot to be desired, as it advocates for doing something without thinking about why you’re doing it – it is essentially a non-answer.
Agreed. That’s mostly BS from people who make commissions from some vendor.
#2 is strange – why does it matter? If one is hosting a webserver on port 80, for example, they are going to poke a hole in their router’s NAT at port 80 to open that server’s port to the public. What difference does it make to then have another firewall that needs to be port forwarded?
A Firewall might be more advanced than just NAT/poking a hole, it may do intrusion detection (whatever that means) and DDoS protection
#3 is a strange one – what sort of malicious behaviour could even be done to a device with no firewall? If you have no applications listening on any port, then there’s nothing to access.
Maybe you’ve a bunch of IoT devices in your network that are sold by a Chinese company or any IoT device (lol) and you don’t want them to be able to access the internet because they’ll establish connections to shady places and might be used to access your network and other devices inside it.
#5 is the only one that makes some sense;
Essentially the same answer and in #3
If we’re talking about your home setup and/or homelab just don’t get a hardware firewall, those are overpriced and won’t add much value. You’re better off by buying an OpenWRT compatible router and ditching your ISP router. OpenWRT does NAT and has a firewall that is easy to manage and setup whatever policies you might need to restrict specific devices. You’ll also be able to setup things such as DoH / DoT for your entire network, setup a quick Wireguard VPN to access your local services from the outside in a safe way and maybe use it to setup a couple of network shares. Much more value for most people, way cheaper.
You always need it and you actually use it. The smarter question is when you need to customize its settings. Defaults are robust enough, so unless you know what and why you need to change, you don’t.
Even if you do trust the software running on your computer, did you actually fuzz it for vulnerabilities? Heartbleed could steal your passwords even if you ran ostensibly trustworthy software.
So unless you harden the software and prove it’s completely exploit-free, then you can’t trust it.
I’ve got two services on my computer. One is for email, I want that this port to be open to the public WAN and one is for immich which hosts all my private pictures, I don’t want this port to be public but reachable on LAN. In my router I open the port for email but not for immich. Emal can communicate on LAN and WAN and immich only on LAN. On a foreign, untrusted LAN, like an airport I don’t want other people being able to sniff my immich traffic which is why I have another firewall setting for an untrusted LAN.
You need to understand the mindset behind running a firewall, and that mindset is that you define with mathematical precision what’s possible within the network connectivity of a device, you leave nothing to chance or circumstance, because doing so would be sloppy.
Provided you want to subscribe to this mindset, and that the circumstances of that device warrant it, and that you have the networking knowledge to pull it off, you should in theory start with a DENY policy on everything and open up specific ports for specific users and related connections only. But it’s not trivial and if you’re a beginner it’s best done directly on the server console, because you WILL break your SSH connection doing this. And of course maybe not persist the firewall rules permanently until you’ve learned more and can verify you can get in.
Now obviously this is an extreme mindset and yes you should use it in a professional setting. As a hobbyist? Up to you. In theory you don’t need a firewall if your server only exposes the services you want to expose and you were gonna expose them through the firewall anyway. In practice, keeping track on what’s running on a box and what’s using what connections can be a bit harder than that.
If you’re a beginner my recommendation is to use a dedicated router running OpenWRT with LUCI, which comes with a sensible firewall out of the box, an easy to use UI, and other goodies like an easy to use DNS+DHCP server combo and the ability to install plugins for DoH, DDNS etc.
Your GPU has a dedicated ASIC that can do the encoding simultaneously. On NVIDIA (not relevant in this case) that would be your NVENC encoder.
AMD and Intel have their own ASIC IP blocks that do encode/decode that’s part of the GPU “SoC” but wouldn’t consume GPU compute resources (eg CUs). That’s how you see people already using GPU encode with obs (non-AV1 codecs) while gaming, and really that’s how people like me using Sunshine/Parsec for the host PC for “remote” gaming (mostly for remoting into a Windows machine for the 1 game that cannot be run on Linux nor a VM due to anti-cheat). The only GPU resources you’re using are PCIe bandwidth and perhaps some VRAM usage? But I wouldn’t call it just dumping it from the CPU to the GPU, you have an ASIC that mitigates the brunt of the workload and AV1 with Sunshine has been amazing, can’t imagine now using it for recording my gameplay vids will hopefully be better than H264 (due to lower bitrates and hence smaller file sizes).
This article seems to be written by ChatGPT. Confirmed human author.
If you are indeed a real human, I am sorry. May I ask why you think Cinnamon is better for tech-savvy moms than something like KDE Plasma or Gnome? Do you think desktop environments more similar to Microsoft Windows are better for moms?
Don’t get me wrong, I love Cinnamon DE, it is my second favorite DE (Xfce is my favorite). But I would think something like KDE Plasma is probably a bit closer to the Microsoft Windows user experience.
I am a real human but I read my post again and I can see why. I made some changes based on the feedback because it does seem like an ad (but I can assure everyone that it is not).
Gnome needs a bunch of extensions to make it look like Windows. I know KDE does a better job, and that Windows 11 might just be a rip off of KDE. However, most of the best apps are based on GTK and not QT. So for myself, I’ve been using Cinnamon for years.
I let my daughter try all three anyway and she actually liked Cinnamon the most.
I added some of this to my blog article so that future readers can get more background.
However, most of the best apps are based on GTK and not QT.
Yes, I couldn’t agree more. Qt is nice, I use it in my professional work. But for me personally, Gtk is the best toolkit, and this is largely because it is programmed in C, not C++. Also, Gtk has the GObject Introspection framework which allows for other programming languages to connect to the Gtk libraries, so you can code Gtk apps in pretty much whatever language you like best.
linux
Newest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.