If the drive is mounted and data accessible, in case your computer is compromised by some kind of malware, well, the data will be easy to exfiltrate. Now, if the computer is turned off or the drive unmounted, that’s what encryption comes in to protect it.
So, basically, encryption will protect the data in case of physical theft of the drive or in case of remote hacking if the drive is un-mounted.
I had the expection that Linux is already set up as a multi-user environment and has that feature built in.
Of course that “isolation” of data, as I had it in my mind, wouldn’t be really secure, but it doesn’t have to be that for me. I just don’t want anyone to access it easily.
Perhaps it’s useful to provide some clarification here. As the other user stated, Linux is set up for multi-user setups and provides logical protection, but you seem to misunderstand how operating systems and file permissions work.
If someone steals your unencrypted hard drive and boots into their own operating system, they are able to circumvent all access control and permissions on your hard drive. This is because when they mount your hard drive your operating system isn’t running; they’re simply reading the stored data, so the access control and permissions set up by your operating system don’t mean anything. This happens with ALL operating systems (Linux, BSD, Windows, MacOS, etc.). Logical protection like access control is only useful while the OS is running, and it cannot help otherwise.
This is why encryption is important, because it prevents unauthorized access when the OS isn’t running. If you’d like to see just how easy it is to access unencrypted data, make a live USB and boot into it on any unencrypted computer (assuming you have permission to do so if you don’t own the computer). You don’t even need to extract the hard drive in most cases to read file contents, you can simply boot into a live USB. The only situation where this isn’t the case is when USB booting is disabled in the BIOS and the BIOS is password protected, but you could always just remove the CMOS battery to clear the settings to bypass the BIOS password anyway.
Unencrypted data will always be trivial to retrieve when the attacker is allowed physical access to your computer.
Simplified, there’s two layers to data protection, physical and logical. Linux or basically any correctly configured modern operating system provides logical protection, i.e. access under the running OS is only granted to authorized users. Granted you can still put holes in here, e.g. a webserver is misconfigured and allows access to any user to all files it can read. However, from the OS perspective, everything is fine, as the webserver can still only read what it’s allowed to.
Data encryption protects data at rest, i.e. when no operating system enforcing the logical protection is running. The case has already been described so I’m not gonna repeat that here.
It’s important to understand that in general, these two measures are completely seperate from each other. Device encryption won’t help against logical attacks, and logical protection won’t help against offline attacks. You need both if you can’t rule out an attack vector completely (i.e. your server sits in a secure safe that can’t be opened by anyone not authorized to, then encryption might not be necessary).
No poorly not. Just as Windows by default. Systemd-homed is a solution for that but afaik its questionable if its ready. Would be great if Distros like Fedora shipped it by default.
An encrypted system rather than an encrypted user partition is still necessary, because attackers could replace system files or simply add a service that uploads your stuff somewhere, or manipulate sudo, or log your password etc.
Yeah I kind of realised that the instructions assumed I had already upgraded, will try to keep track of new updates better in the future. So for sake of completion here’s how I solved it in the end:
Ran into conflicts: file /usr/lib64/libopenh264.so.2.3.1 conflicts between attempted installs of openh264-2.3.1-2.fc38.x86_64 and noopenh264-0.1.0~openh264_2.3.1-2.fc38.x86_64
Solved it with exclusion: sudo dnf -v system-upgrade download --releasever=38 --allowerasing --exclude=openh264.x86_64
Fonts and glitches are gone, got some broken deps instead. So if anyone got a suggestion for that instead let me know. Otherwise I’ll do as it suggest –best --allowerasing’ and see what else breaks:
<span style="color:#323232;">Problem: The operation would result in removing the following protected packages: plasma-desktop
</span><span style="color:#323232;">================================================================================
</span><span style="color:#323232;"> Package Arch Version Repository Size
</span><span style="color:#323232;">================================================================================
</span><span style="color:#323232;">Skipping packages with conflicts:
</span><span style="color:#323232;">(add '--best --allowerasing' to command line to force their upgrade):
</span><span style="color:#323232;"> kde-settings noarch 38.2-5.fc38 nobara-baseos-38 33 k
</span><span style="color:#323232;"> libkworkspace5 x86_64 5.27.8-1.fc38 nobara-baseos-38 115 k
</span><span style="color:#323232;"> libkworkspace5 x86_64 5.27.9.1-3.fc38 nobara-baseos-38 115 k
</span><span style="color:#323232;"> plasma-workspace-common x86_64 5.27.8-1.fc38 nobara-baseos-38 41 k
</span><span style="color:#323232;"> plasma-workspace-common x86_64 5.27.9.1-3.fc38 nobara-baseos-38 40 k
</span><span style="color:#323232;"> plasma-workspace-libs x86_64 5.27.8-1.fc38 nobara-baseos-38 2.2 M
</span><span style="color:#323232;"> plasma-workspace-libs x86_64 5.27.9.1-3.fc38 nobara-baseos-38 2.2 M
</span><span style="color:#323232;"> plasma-workspace-wayland
</span><span style="color:#323232;"> x86_64 5.27.8-1.fc38 nobara-baseos-38 70 k
</span><span style="color:#323232;"> plasma-workspace-wayland
</span><span style="color:#323232;"> x86_64 5.27.9.1-3.fc38 nobara-baseos-38 70 k
</span><span style="color:#323232;">Skipping packages with broken dependencies:
</span><span style="color:#323232;"> kde-settings-plasma noarch 38.2-5.fc38 nobara-baseos-38 13 k
</span><span style="color:#323232;"> plasma-lookandfeel-fedora
</span><span style="color:#323232;"> noarch 5.27.8-1.fc38 nobara-baseos-38 403 k
</span><span style="color:#323232;"> plasma-workspace i686 5.27.8-1.fc38 nobara-baseos-multilib-38 15 M
</span><span style="color:#323232;"> plasma-workspace x86_64 5.27.8-1.fc38 nobara-baseos-38 15 M
</span><span style="color:#323232;"> plasma-workspace i686 5.27.9.1-2.fc38 nobara-baseos-multilib-38 15 M
</span><span style="color:#323232;"> plasma-workspace i686 5.27.9.1-3.fc38 nobara-baseos-multilib-38 15 M
</span><span style="color:#323232;"> plasma-workspace x86_64 5.27.9.1-3.fc38 nobara-baseos-38 15 M
</span><span style="color:#323232;"> plasma-workspace-x11 x86_64 5.27.9.1-3.fc38 nobara-baseos-38 68 k
</span><span style="color:#323232;"> sddm-breeze noarch 5.27.9.1-3.fc38 nobara-baseos-38 440 k
</span><span style="color:#323232;">
</span><span style="color:#323232;">Transaction Summary
</span><span style="color:#323232;">================================================================================
</span><span style="color:#323232;">Skip 18 Packages
</span>
Yeah I forgot to mention that I’ll not be using dnf manually but rely on nobara-sync. But I must stress that I already did that before this issue, BUT I followed advice on nobaras own website where the solution was to use dnfand I still ended up with this problem. The real issue was still my own though, I should have upgraded to Nobara 38 before trying the workarounds, since 37 isn’t supported any more.
It un-fucked itself thankfully, I haven’t done anything to resolve that issue. But when I ran the update today it went well with several new packages. Which means Nobara or Fedora pushed some changes to packages in the repos.
Every time you’re excluding something you’re excluding updating a package, while updating all the others. Then if the new packages depend on the newer version of the package you didn’t upgrade by excluding it, things break. That’s what’s happened here. Every time you use exclude to upgrade something you’re essentially breaking your system worse. That’s what the other person means by “partial upgrading”
And now that message says it’s going to completely remove your desktop environment so you’re gonna have no desktop, just a cli shell.
At this point the easiest thing would probably be to back up your home directory and whatever else you want to keep and just reinstall the system. Any other process to try and fix it is going to require more trouble and time than it would take to just reinstall unfortunately. There may not even be a way to successfully unbreak your system.
In my town’s school classes during Covid lockdown were held in Microsoft Teams. But there was a severe lack of IT knowledge. In the beginning, for some reason all participants ended up with moderator rights, so kids kept kicking the teacher out of their lecture.
You dont even need a separate partition, just dont format and dont delete the /home folder. You can even keep the /etc folder as well to keep system wide settings.
I just copied my whole root partition to a new Laptop over netcat. It still has close hardware (Intel CPU, no extra GPU, etc.), but some differences in interfaces etc.
Things one might have to consider:
/etc/fstab will need to be redone
All interfaces changed, so network configs may need to be updated
Other programs relying on hardware or paths that don’t exist anymore need to be updated (eg. conky did not work due to i8k being not supported, other interface ids etc.)
But literally nothing that would break anything. Because Arch is usually installed manually, one knows what needs to be cared for, what could break or could cause certain issues.
Analyzing your comment in a different light. What your saying is if I copy my /home (someone said /etc too) over to my laptop, and back it up as well, I’m golden?
would different hostnames and usernames make a problem? As far as my knowledge goes it won’t as long as I also bring /etc over, but I have no Idea if /etc is connected to something deeper or not.
And also also, might seem like a dumb question but I had to edit a file to automount my other disks at startup, won’t it like break everything if my system only gets /home after boot or something? Caz I have enought free space to copy over my existing /home, delete it, partition, and mount it back. What’d the benefits and dangers be?
if I copy my /home (someone said /etc too) over to my laptop, and back it up as well, I’m golden?
/home yes., but ideally only files and dirs starting with a dot (so called “dotfiles” under your home dir. tar cvfa homedots.tar.gz /home/username/.??* should take care of it.
Please note it will include some large stuff that’s probably not needed, like .cache, or some individual caches for other apps that don’t use .cache, like the browsers.
Don’t copy /etc, it’s usually machine-specific.
would different hostnames and usernames make a problem?
Hostname no (if you don’t bring etc). Username technically yes, you may want to rename the home dir. The user id and group id are important too but usually off it’s the first user on the same distro it will receive the same ids (typically 1000 nowadays). If not, you can change that manually and recursively chown 1000:1000 -r /home/username.
To clarify, /etc can have things that are relevant for the machine so you may want to back it up, but it’s not usually transferrable directly to another machine because it probably doesn’t play the exact same role. It has things like service configs, network configs etc.
Even if you’re trying to migrate a machine to new hardware and the machine will play the same role it’s best to pick and choose files from /etc/ on a case by case basis. What I do is grab a tarball of /etc and set it aside, then if I need to redo something the same way it was on the old machine I can dig through the tarball and only use the relevant files.
Like I said it’s extremely specific. For example if I want to reconfigure the SSH daemon that’s usually a couple of lines which I know by heart (turn root login and password logins off) which I can do by hand; if I want to reconfigure CUPS printing it’s best to use the CUPS admin interface to autodetect the printer, you don’t usually want to mess with its config files; for some things like /etc/fstab or NFS or RAID I may want to copy some stuff but edit the disk UUIDs; for some things like Samba I could in theory copy the config straight over. It varies.
The list of installed packages may also be relevant when you migrate to a new machine. Different distros have different commands for obtaining a list of installed packages, and different ways of using that on the new machine to restore the same package selection. This is useful and typically can get you started much faster on the new machine.
It’s just clickbait like most of his videos, I never really liked Chriss’ videos, the tip of the iceberg was when he told people to disable kernel mitigation for a presumable performance boost (I tested it with disconnected network, it was like 2% on my machine), which is just plain dumb.
Use whatever distro you like, just know that you don’t have to distrohop for some program (DE or WM or whatever). I personally use endeavour, simply because I’ve used arch (and derivatives) for a while now and endeavour is just arch with sensible defaults and a lot of the configuration one would do anyway already done.
yeah i guess this one didnt scream clickbait as much as the other videos of his. I got some in my feed afterwards and quickly realised that this guy doesnt shy away from using clickbait titles.
What is DE or WM? Is it actually that easy to change distro? Dont you have to basically install everything again from scratch? I read somewhere that you can seperate your directories on your SSD so that you can just change the kernel but i dont know how easy or true that is
DE is desktop environment (like gnome, kde, xfce,…) And WM is window manager (like i3, sway, xmonad,…) Which is just a slim version of a de, they usually don’t include things like guis for settings, file managers, … and you just pick what you like and use that. The window manager is responsible for placing the windows in your workspace and most standalone wms are tiling, so they use your monitor space efficiently instead of putting floating windows all over the place. Basically the DE (or WM) is what you interact with most on your PC and a lot of beginners distrohop just to use a different DE when in reality you can just install the other de on your existing system, log out and select the new DE in your login screen.
The biggest differences between distros nowadays are their release cycles and their package managers (and the tepos they’re using, like Ubuntu and Debian both use apt, but have separate repos)
And no you can’t really change distro without reinstalling, you can change kernels tho, every distro will update their kernels from time to time and it’s just a matter of install the new package and reboot into the new kernel.
With separate directories you probably mean partitions, which I’d also say it’s advisable to have your /home partition separated from your / partition. That way if you ever have to reinstall or want to change distro you can just install into the root partition and afterwards add your old/home partition to /etc/fstab and keep all you’re user data and configuration
interesting, so every DE has a WM or are can only one of them at a time be used? And if you use a WM you have to install guis, file managers yourself? I think the only thing i would want is a DE/WM that has tabs for folders. I think its a neat feature to have
The basic GUI experience in X is provided by the window manager. It controls how your windows are placed ( eg. Tiling vs Stacking / Floating ), how they are decorated ( eg. Max / Min / Close buttons ), and how they behave ( eg. Click to focus ). In X, the window manager runs as an application on the X server. You can only use one at a time.
In Wayland, the “window manager” is the display-server too and is called a compositor. For smaller projects, there are compositor libraries that provide similar capabilities to what the X server did so that these projects can concentrate on the “window manager” part. You can think of a Wayland compositor as equivalent to an X window manager ).
A Desktop Environment comes with a window manager ( or compositor ) and adds other tools that run alongside ( or on top of ) the window manager to provide a full user experience. This may include panels ( eg. think Windows start button, icon bar, and status tray ), docks ( like MacOS ), global menus, notification applets, and the desktop surface itself ( eg. are there icons or other features on the desktop ). A DE usually comes with a standard set of basic applications like a file manager, image viewer, document viewer, media player, and the like.
If you start with a basic window manager then yes you have to add all this other stuff yourself. Of course you may not want some of it and so can have a much lighter experience. You can also just choose tools that you like. Of course, they may not match visually or work perfectly together.
If you use a DE, the experience is curated for you and everything is more likely to work well out of the box. That said, nothing stops you from swapping out whatever components you want. You can even use a different window manager than the DE default.
While I admit most of my arch reinstalls are mostly the same,I feel that archinstall script is genuinely good now with most defaults I need. The rest I can just add it in the installer extra packages or chroot post install (which is offered as a choice at the end).
I just could never bring myself to use distros that are technically the same distro with calamares slapped in top and whatnot. I mean ‘pacman -S {packages}’ is straightforward enough for me.
Can confirm, I use an old HP elitebook from work. Battery life is great, beats my wives new lenovo. More than powerful enough to browse the web and play in the terminal. Also only gets hot if I run a game on it; I wouldnt advise that though.
Ram is pretty much your limiting factor. I run the latest version of Debian on a machine from 2008 but it only has 1.8GB of ram so for a desktop it is a little sluggish.
Do y’all know how many times I got wiki.archlinux.org as an answer to my question? Used to piss me off but then I learned how to use the wiki. Lol. Thanks arch iRc!
They intentionally removed this feature years ago. It was possible to reenable via a dconf setting for a while but I believe that was also eventually removed.
So annoying.
What do you mean with “copy path to file”? Do you mean “copy to clipboard”, as in, store the absolute path of a file to the clipboard?
Last time I needed this, all I needed to to was copy a file/folder and paste it in a text editor. Drag and drop also worked for most programs, though some tools weren’t d&d aware and don’t accept input that way.
I don’t use this feature often, though, so it may have changed since I last tried. It also tended to prepend protocols like dav:// or smb:// when copying files from shares rather than copying the path to the place these shares were mounted.
Yes, Gnome is context aware if you ctrl+c a an image file, and you paste it to a text editor it will paste it as a path, if you paste it in an image editor it will be pasted as an image, if the program supports it (e.g. it works in Krita, but not in Pinta)
Drag and drop is not working because of Wayland. Between 2 windows of the same app, e.g. Nautilus it’s working.
Putting the following with executable permissions inside ~/.local/share/nautilus/scripts/SCRIPTNAME adds a right click menu to Nautilus that serves the same purpose:
The ‘notify-send’ bit isn’t necessary; it just puts up a notification.
Mentioning only because it’s a simple demonstration of a pretty easy way to extend Nautilus for all kinds of purposes; w/o messing around with the pygobject interface. (There’s supposed to be an xdg standard for file manager extensions like this, but managers use their own custom folders, syntax, etc. for such extensions. I think pcmanfm adheres to the standard; Dolphin requires a .desktop file somewhere; Thunar, Caja, & Nemo work similar to Nautilus.)
linux
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.