As many people mentioned backups before, I would only add this: Maybe check -in your favourite search engine- if the very same model of computer that you use doesn’t have know quirks (hardware needing some tweaking, not being fully recognized, etc.) with gnu/linux, like for instance searching “$model linux” or “$model $distro” (with the distros you plan on trying, etc.
Also maybe if you connect only via Wifi, check that wifi chip for compatibility first, and maybe get as a backup a USB wifi dongle that is know to work on gnu/linux… juuuust in case ;)
Is that nvidia card old, do you need very fast performance? You could use the nouveau drivers which are mostly FOSS.
If you need the proprietary drivers though, I advise against updated Distros except ublue.it
Debian might be an exception as it upgrages so slowly, but I also wouldnt recommend Debian really. Debian + GNOME is probably very fine, even though also here you will miss a lot of cool new updates, but Debian + KDE is simply not ready and all those bugs are now only fixed in Plasma 6.
So my recommendation is a ublue-nvidia image, no matter what desktop you like
A GPU is used for a lot more than just gaming these days. It’s used to render videos, accelerate normal 2D programs (like some terminal emulators), accelerate some websites/webapps (those which use WebGL for eg); also modern DEs like Gnome and KDE also make use of it very heavily, for instance for animations and window transitions. Those smooth animations that you see when you activate the workspace switcher or window overview? That’s your GPU at work there. Are your animations jittery/laggy? That means your setup is less than ideal. Of course, you could ignore all that and just go for a simple DE like XFCE or Mate which is fully CPU-driven, but then the issue of video acceleration still remains (unless you don’t plan on watching HD videos).
Without the right drivers (typically NOT nouveau, unless you’re on a very old card), you may find your overall experience less than ideal. As you can see in their official feature matrix , only the NV40 series card fully supports video acceleration - these are cards which were launched between 2004-2006 - that’s practically ancient in computer terms and I highly doubt your PC uses one of those. Now recent-ish cards do support video acceleration, but you’ll need to extract the firmware blobs from the proprietary drivers (which can be a PITA on normal Debian as it’s a manual process), plus, even after that, the drivers won’t support some features that may be required by normal programs, as you can see from the matrix.
The natural solution of course would be to install the proprietary nVidia drivers, but you do NOT want to do that (unless you’re a desperate gamer) as there’s a high possibility of running into issues like not being about to use Wayland properly, or breaking your system when you update it - just Google “Linux update black screen nVidia” and you’ll see what I mean.
You’ll be avoiding a lot of headache if you just went with AMD; or even just onboard graphics like Intel iGPUs (if your CPU has it) would be a much better option - because in either case, you’ll be using fully capable and stable opensource drivers and you won’t face any issues with that.
I haven’t done this in years but I’ve always found open source solutions to this to be quite clunky and usually barely worked. What always just worked fine for me was Teamviewer. Yeah it’s proprietary and has crappy licensing but it’s mostly a smooth ride.
Do try the open source options first tho, it’s quite possible they got way better in the last few years since I’ve done this.
I started using Plasma 5 a smidge before devs were saying it was ready for primetime. That was my conversion from Gnome (which I was very happy to leave by then) and it's been nothing but positive.
I will wait for the full release of Plasma 6, but I'm super excited for it. I still <3 Plasma 5.
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
Great thanks! So Fedora+Nix (maybe some hacky way to symlink it to /var/nix on every boot and it can run on Atomic too)+bubblejail (there is a COPR now for use in secureblue) could be a great setup!
Any info about namespaces? Hardened kernels block these for valid reasons. Flatpaks can use bubblewrap-suid, Podman is supposedly not compatible (not sure about that)
If the drive is mounted and data accessible, in case your computer is compromised by some kind of malware, well, the data will be easy to exfiltrate. Now, if the computer is turned off or the drive unmounted, that’s what encryption comes in to protect it.
So, basically, encryption will protect the data in case of physical theft of the drive or in case of remote hacking if the drive is un-mounted.
I had the expection that Linux is already set up as a multi-user environment and has that feature built in.
Of course that “isolation” of data, as I had it in my mind, wouldn’t be really secure, but it doesn’t have to be that for me. I just don’t want anyone to access it easily.
Perhaps it’s useful to provide some clarification here. As the other user stated, Linux is set up for multi-user setups and provides logical protection, but you seem to misunderstand how operating systems and file permissions work.
If someone steals your unencrypted hard drive and boots into their own operating system, they are able to circumvent all access control and permissions on your hard drive. This is because when they mount your hard drive your operating system isn’t running; they’re simply reading the stored data, so the access control and permissions set up by your operating system don’t mean anything. This happens with ALL operating systems (Linux, BSD, Windows, MacOS, etc.). Logical protection like access control is only useful while the OS is running, and it cannot help otherwise.
This is why encryption is important, because it prevents unauthorized access when the OS isn’t running. If you’d like to see just how easy it is to access unencrypted data, make a live USB and boot into it on any unencrypted computer (assuming you have permission to do so if you don’t own the computer). You don’t even need to extract the hard drive in most cases to read file contents, you can simply boot into a live USB. The only situation where this isn’t the case is when USB booting is disabled in the BIOS and the BIOS is password protected, but you could always just remove the CMOS battery to clear the settings to bypass the BIOS password anyway.
Unencrypted data will always be trivial to retrieve when the attacker is allowed physical access to your computer.
Simplified, there’s two layers to data protection, physical and logical. Linux or basically any correctly configured modern operating system provides logical protection, i.e. access under the running OS is only granted to authorized users. Granted you can still put holes in here, e.g. a webserver is misconfigured and allows access to any user to all files it can read. However, from the OS perspective, everything is fine, as the webserver can still only read what it’s allowed to.
Data encryption protects data at rest, i.e. when no operating system enforcing the logical protection is running. The case has already been described so I’m not gonna repeat that here.
It’s important to understand that in general, these two measures are completely seperate from each other. Device encryption won’t help against logical attacks, and logical protection won’t help against offline attacks. You need both if you can’t rule out an attack vector completely (i.e. your server sits in a secure safe that can’t be opened by anyone not authorized to, then encryption might not be necessary).
No poorly not. Just as Windows by default. Systemd-homed is a solution for that but afaik its questionable if its ready. Would be great if Distros like Fedora shipped it by default.
An encrypted system rather than an encrypted user partition is still necessary, because attackers could replace system files or simply add a service that uploads your stuff somewhere, or manipulate sudo, or log your password etc.
The issue with gear lever is that not many people know that it exists. I only started using it a few months ago and I’ve been on Linux for the better part of the last decade.
I’ll add to the mix, if it’s Gnome DE, rdp is built in now, it’s under settings > sharing > enable rdp. Then you can use any rdp client, including windows. (Or remmina if from another Linux box)
x forwarding is the way to go, i mean i remember i’ve run NetBeans IDE on linux, forwarded it via ssh to my windows netbook (netbook!!!, it was 2009?) to show my project to my professor at college, i remember i used Xming on Windows
Afaik the problem is solved within the code. I remember having compiled the app myself. It’s just a matter of time that it’s solved.
BUT it’s weird that this is so low priority to all gnome devs. It seems like noone cares about the correct weather. The source of weather is also not really perfect.
Thanks a lot for your answer. How would you encrypt a server? Typing a password every time it boots isn’t possible for me, since I would need a monitor for my headless server.
I use Luks/Tang to unlock the server at boot from another computer that is always on too. If that one is down I’ll need to type it or power the other PC on, but otherwise it auto decrypts for me as long as I’m on the same network.
Is this for your home? If it is, you don’t really have to worry about someone stealing your desktop. If someone breaks into your home, they’re looking for quick cash and jewelry and TVs. They’re not going to bother stealing your server to dig through files for something usable.
I’ve had quite a bad experience with police for example.
30 cops raided my home because of something trivial (I ordered a bit of non-psychoactive CBD-weed, which is, even in the most restrictive country you can imagine, ridiculous).
Of course, I got the whole experience-pack, including strip searches and confiscating all electronics.
Even though I believe them getting hold of any data wouldn’t have changed much, I’m still glad I had my devices encrypted.
Just knowing they didn’t see my cringy pictures of my teeny-me, where I discovered Snapchat filters, is a big relief. 😅
Yeah… that traumatized me a bit and maybe that’s the reason I’m worrying.
Also, you could never know what will happen in the future. Maybe my GF will turn crazy tomorrow and use those embarrassing pictures against me. Who knows?
I believe everyone should use encryption, even if they don’t have much to hide…
If Linux, use LUKS but you need to enter the passphrase at boot, you can securely put the key in TPM2 I think (à la Windows) but it may be complicated to setup, or just seal the phrase in TPM2 but if you boot on grub you can break grub and replace init with a shell in boot option and have access to the system I think :-/ but a simple crackhead thief would not understand that.
You can also have the key on a USB key, but if on the server and the server get stolen, it’s useless. You can setup a “anywhereUSB” and have your USB key in another room/place, etc, there is others possibilities.
I wanted to unlock with bluetooth but having the bluetooth HW driver and stack in initramfs was nightmarish a little bit :-/
linux
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.