Depends a bit on what features you want to have. I use LibreELEC to run Kodi (and nothing else). Previously I used OSMC to run Kodi and some other things (steam link among others). You can use an app (kore) control kodi, which is very conveniant. RF remotes work well too, apparently.
Yup. I think I needed to manually install the touch keyboard. But once installed, it works as expected. Touch the screen or remove the physical keyboard, and touch mode gets activated. Whenever touching a text field, the soft keyboard pops out. It’s massive, though (well, about the same size as the one for Windows).
I have a Surface Laptop 5 as my work laptop. I hate it with passion, it’s one of the worst laptops I ever used.
Beyond the lack of IO (not even a fucking hdmi port) and the piss poor cooling, the USB C display isn’t connected to the integrated GPU, it uses a different display adapter that is so bad the mouse stutters on high res displays.
The built-in display has a 3:2 aspect ratio. I wanted to use a lower resolution so I could disable scaling (having different scaled monitors is annoying to use), none of the “supported” lower resolutions are 3:2 and they all have ugly black bars.
It has a touch screen, but the lid only opens about 120 degrees, making it completely useless.
And it uses “special” locked down hardware that is very hostile to other operating systems like Linux.
I don’t think surface would make for a good work laptop, but I have amazing experience so far with using it for the ocassional traveling, or just as a carry-on.
I just Parsec into my desktop at home, and can comfortably work without having to deal with performance, and Surface is amazing for that.
I also really like the pen support, so I can make notes or draw bascially anywhere.
And I also use it for DJing, where it works pretty well and is compact enough to not be a bother carrying it around.
It doesn’t. If you’re running a laptop with a local web server for development, you wouldn’t want other devices in i.e. the coffee shop WiFi to be able to connect to your (likely insecure) local web server, would you?
If one is hosting a webserver on port 80, for example, they are going to poke a hole in their router’s NAT at port 80 to open that server’s port to the public. What difference does it make to then have another firewall that needs to be port forwarded?
Who is “they”? What about all the other ports?
Imagine a family member visits you and wants internet access in their Windows laptop, so you give them the WiFi password. Do you want that possibly malware infected thing poking around at ports other than 80 running on your server?
Obviously you shouldn’t have insecure things listening there in the fist place but you don’t always get to choose whether some thing you’re hosting is currently secure or not or may not care too much because it’s just on the local network and you didn’t expose it to the internet.
This is what defense in depth is about; making it less likely for something to happen or the attack less potent even if your primary protections have failed.
#3 is a strange one – what sort of malicious behaviour could even be done to a device with no firewall? If you have no applications listening on any port, then there’s nothing to access
Mostly addressed by the above but also note that you likely do have applications listening on ports you didn’t know about. Take a look at sudo ss -utpnl.
#5 is the only one that makes some sense; if you install a program that you do not trust (you don’t know how it works), you don’t want it to be able to readily communicate with the outside world unless you explicitly grant it permission to do so. Such an unknown program could be the door to get into your device, or a spy on your device’s actions.
It’s rather the other way around; you don’t want the outside world to be able to talk to untrusted software on your computer. To be a classical “door”, the application must be able to listen to connections.
OTOH, smarter malware can of course be something like a door by requesting intrusion by itself, so outbound filtering is also something you should do with untrusted applications.
People seem to treat it as if it’s acting like the front door to a house, but this analogy doesn’t make much sense to me – without a house (a service listening on a port), what good is a door?
I’d rather liken it to a razor fence around your house, protecting you from thieves even getting near it. Your windows are likely safe from intrusion but they’re known to be fragile. Razor fence can also be cut through but not everyone will have the skill or patience to do so.
If it turned out your window could easily be opened from the outside, you’d rather have razor fence in front until you can replace the window, would you?
If you’re running a laptop with a local web server for development, you wouldn’t want other devices in i.e. the coffee shop WiFi to be able to connect to your (likely insecure) local web server, would you?
This is a fair point that I hadn’t considered for the mobile use-case.
Imagine a family member visits you and wants internet access in their Windows laptop, so you give them the WiFi password. Do you want that possibly malware infected thing poking around at ports other than 80 running on your server?
Fair point!
note that you likely do have applications listening on ports you didn’t know about. Take a look at sudo ss -utpnl.
Interesting! In my case I have a number of sockets from spotify, and steam listening on port 0.0.0.0. I would assume, that these are only available to connections from the LAN?
It’s rather the other way around; you don’t want the outside world to be able to talk to untrusted software on your computer. To be a classical “door”, the application must be able to listen to connections.
OTOH, smarter malware can of course be something like a door by requesting intrusion by itself, so outbound filtering is also something you should do with untrusted applications.
It could also be malicious software that simply makes a request to a remote server – perhaps even siphoning your local data.
If it turned out your window could easily be opened from the outside, you’d rather have razor fence in front until you can replace the window, would you?
In my case I have a number of sockets from spotify, and steam listening on port 0.0.0.0. I would assume, that these are only available to connections from the LAN?
That’s exactly the kind of thing I meant :)
These are likely for things like in-house streaming, LAN game downloads and remote music playing, so you may even want to consider explicitly allowing them through the firewall but they’re also potential security holes of applications running under your user that you have largely no control over.
You need to understand the mindset behind running a firewall, and that mindset is that you define with mathematical precision what’s possible within the network connectivity of a device, you leave nothing to chance or circumstance, because doing so would be sloppy.
Provided you want to subscribe to this mindset, and that the circumstances of that device warrant it, and that you have the networking knowledge to pull it off, you should in theory start with a DENY policy on everything and open up specific ports for specific users and related connections only. But it’s not trivial and if you’re a beginner it’s best done directly on the server console, because you WILL break your SSH connection doing this. And of course maybe not persist the firewall rules permanently until you’ve learned more and can verify you can get in.
Now obviously this is an extreme mindset and yes you should use it in a professional setting. As a hobbyist? Up to you. In theory you don’t need a firewall if your server only exposes the services you want to expose and you were gonna expose them through the firewall anyway. In practice, keeping track on what’s running on a box and what’s using what connections can be a bit harder than that.
If you’re a beginner my recommendation is to use a dedicated router running OpenWRT with LUCI, which comes with a sensible firewall out of the box, an easy to use UI, and other goodies like an easy to use DNS+DHCP server combo and the ability to install plugins for DoH, DDNS etc.
You’re not missing out on anything. Mint lets you install various desktop environments, they are all very well-configured and stable by default. You can just install the appropriate desktop environment meta-package using Apt:
apt install 'task-gnome-desktop’
apt install 'kde-plasma-desktop’
apt install 'cinnamon-desktop-environment’
apt install ‘task-xfce-desktop’
Then you can “hop” from one GUI experience to another by just logging out and logging in with a different session. You might have to add some additional Ubuntu repositories to your Apt config to get all of these meta-packages though.
Besides the desktop environment, the only other big difference between distros is how you use their package managers, which all do the same thing anyways, just with different CLI commands.
Probably the most important thing to consider in a distro is which versions of the latest stable releases of the big Linux apps are available in their distros. Arch-based distros (Garuda, Manjaro, ArcoLinux, EndeavorOS) are the most bleeding-edge but these operating systems tend to break after a software update if you fail to update often enough. Ubuntu and Fedora are the most bleeding-edge non-rolling release distros that I know of, and in my experience they never break after a software update.
Since you want a just works deal, I’d go with a ublue based immutable distro, my favorite is Bazzite. You can pick between KDE and Gnome, and change between them cleanly at any point. User apps auto update in the background, your system also updates while it’s running and you only need to reboot to apply. If anything ever goes wrong, you have painless rollbacks. All that with up-to-date fedora packages and kernel.
I’ve been running it on my deck for a while now and it’s never let me down so far, really pleasant experience. It generally keeps out of your way and takes care of the chores while still allowing you to mess around if you want.
I second bazzite. Been running it on my gaming laptop for a few months now and loving it. My main desktop is running Garuda Linux, which I also absolutely love but I was weary of a rolling release arch based distro on my laptop which isn’t on and running 24/7 - tried manjaro on my laptop previously and it was broken more often than not. (although I am learning that is likely more a manjaro problem than an “arch-based” problem, it gave me a reason to try bazzite)
I guess it’s worth confirming if it’s been a logout or a reboot as well. If you open a terminal and type “uptime” does the time match when you booted up or after you left it alone for a while?
Check the output of: dmesg -Tand have a look through: /var/log/messages
I would be focussing on errors, warnings and/or terms like “reboot, shutdown, logout, timeout, idle, etc.” to try to narrow it down what is happening and when.
How I interpret OP’s message is that it isn’t specific to Linux, but seeing as we are the Linux community, we might be more inclined to advocate for Linux features? 🤷♂️
One day on my main Arch installation I created a container inside a directory, and “booted” into it by using systemd-nspawn. When I was done with it I decided to do a rm -rf / inside the container just to be funny. Then I noticed that my DE on the host froze and I couldn’t do anything. Then I realized that systemd-nspawn mounts some important host’s directories on the container, and I deleted those when I did the rm -rf /. I didn’t lose anything, but it was scary.
linux
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.