The issue with gear lever is that not many people know that it exists. I only started using it a few months ago and I’ve been on Linux for the better part of the last decade.
If the drive is mounted and data accessible, in case your computer is compromised by some kind of malware, well, the data will be easy to exfiltrate. Now, if the computer is turned off or the drive unmounted, that’s what encryption comes in to protect it.
So, basically, encryption will protect the data in case of physical theft of the drive or in case of remote hacking if the drive is un-mounted.
I had the expection that Linux is already set up as a multi-user environment and has that feature built in.
Of course that “isolation” of data, as I had it in my mind, wouldn’t be really secure, but it doesn’t have to be that for me. I just don’t want anyone to access it easily.
Perhaps it’s useful to provide some clarification here. As the other user stated, Linux is set up for multi-user setups and provides logical protection, but you seem to misunderstand how operating systems and file permissions work.
If someone steals your unencrypted hard drive and boots into their own operating system, they are able to circumvent all access control and permissions on your hard drive. This is because when they mount your hard drive your operating system isn’t running; they’re simply reading the stored data, so the access control and permissions set up by your operating system don’t mean anything. This happens with ALL operating systems (Linux, BSD, Windows, MacOS, etc.). Logical protection like access control is only useful while the OS is running, and it cannot help otherwise.
This is why encryption is important, because it prevents unauthorized access when the OS isn’t running. If you’d like to see just how easy it is to access unencrypted data, make a live USB and boot into it on any unencrypted computer (assuming you have permission to do so if you don’t own the computer). You don’t even need to extract the hard drive in most cases to read file contents, you can simply boot into a live USB. The only situation where this isn’t the case is when USB booting is disabled in the BIOS and the BIOS is password protected, but you could always just remove the CMOS battery to clear the settings to bypass the BIOS password anyway.
Unencrypted data will always be trivial to retrieve when the attacker is allowed physical access to your computer.
Simplified, there’s two layers to data protection, physical and logical. Linux or basically any correctly configured modern operating system provides logical protection, i.e. access under the running OS is only granted to authorized users. Granted you can still put holes in here, e.g. a webserver is misconfigured and allows access to any user to all files it can read. However, from the OS perspective, everything is fine, as the webserver can still only read what it’s allowed to.
Data encryption protects data at rest, i.e. when no operating system enforcing the logical protection is running. The case has already been described so I’m not gonna repeat that here.
It’s important to understand that in general, these two measures are completely seperate from each other. Device encryption won’t help against logical attacks, and logical protection won’t help against offline attacks. You need both if you can’t rule out an attack vector completely (i.e. your server sits in a secure safe that can’t be opened by anyone not authorized to, then encryption might not be necessary).
No poorly not. Just as Windows by default. Systemd-homed is a solution for that but afaik its questionable if its ready. Would be great if Distros like Fedora shipped it by default.
An encrypted system rather than an encrypted user partition is still necessary, because attackers could replace system files or simply add a service that uploads your stuff somewhere, or manipulate sudo, or log your password etc.
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
Great thanks! So Fedora+Nix (maybe some hacky way to symlink it to /var/nix on every boot and it can run on Atomic too)+bubblejail (there is a COPR now for use in secureblue) could be a great setup!
Any info about namespaces? Hardened kernels block these for valid reasons. Flatpaks can use bubblewrap-suid, Podman is supposedly not compatible (not sure about that)
I started using Plasma 5 a smidge before devs were saying it was ready for primetime. That was my conversion from Gnome (which I was very happy to leave by then) and it's been nothing but positive.
I will wait for the full release of Plasma 6, but I'm super excited for it. I still <3 Plasma 5.
I haven’t done this in years but I’ve always found open source solutions to this to be quite clunky and usually barely worked. What always just worked fine for me was Teamviewer. Yeah it’s proprietary and has crappy licensing but it’s mostly a smooth ride.
Do try the open source options first tho, it’s quite possible they got way better in the last few years since I’ve done this.
Is that nvidia card old, do you need very fast performance? You could use the nouveau drivers which are mostly FOSS.
If you need the proprietary drivers though, I advise against updated Distros except ublue.it
Debian might be an exception as it upgrages so slowly, but I also wouldnt recommend Debian really. Debian + GNOME is probably very fine, even though also here you will miss a lot of cool new updates, but Debian + KDE is simply not ready and all those bugs are now only fixed in Plasma 6.
So my recommendation is a ublue-nvidia image, no matter what desktop you like
A GPU is used for a lot more than just gaming these days. It’s used to render videos, accelerate normal 2D programs (like some terminal emulators), accelerate some websites/webapps (those which use WebGL for eg); also modern DEs like Gnome and KDE also make use of it very heavily, for instance for animations and window transitions. Those smooth animations that you see when you activate the workspace switcher or window overview? That’s your GPU at work there. Are your animations jittery/laggy? That means your setup is less than ideal. Of course, you could ignore all that and just go for a simple DE like XFCE or Mate which is fully CPU-driven, but then the issue of video acceleration still remains (unless you don’t plan on watching HD videos).
Without the right drivers (typically NOT nouveau, unless you’re on a very old card), you may find your overall experience less than ideal. As you can see in their official feature matrix , only the NV40 series card fully supports video acceleration - these are cards which were launched between 2004-2006 - that’s practically ancient in computer terms and I highly doubt your PC uses one of those. Now recent-ish cards do support video acceleration, but you’ll need to extract the firmware blobs from the proprietary drivers (which can be a PITA on normal Debian as it’s a manual process), plus, even after that, the drivers won’t support some features that may be required by normal programs, as you can see from the matrix.
The natural solution of course would be to install the proprietary nVidia drivers, but you do NOT want to do that (unless you’re a desperate gamer) as there’s a high possibility of running into issues like not being about to use Wayland properly, or breaking your system when you update it - just Google “Linux update black screen nVidia” and you’ll see what I mean.
You’ll be avoiding a lot of headache if you just went with AMD; or even just onboard graphics like Intel iGPUs (if your CPU has it) would be a much better option - because in either case, you’ll be using fully capable and stable opensource drivers and you won’t face any issues with that.
As many people mentioned backups before, I would only add this: Maybe check -in your favourite search engine- if the very same model of computer that you use doesn’t have know quirks (hardware needing some tweaking, not being fully recognized, etc.) with gnu/linux, like for instance searching “$model linux” or “$model $distro” (with the distros you plan on trying, etc.
Also maybe if you connect only via Wifi, check that wifi chip for compatibility first, and maybe get as a backup a USB wifi dongle that is know to work on gnu/linux… juuuust in case ;)
Happy to hear if there are glaring problems with this approach, but if you can assume files named with version numbers, you can use a script to always launch the newest…
Not sure if possible but have you checked whether the running user is an application property? If so you could maybe manage it via application or window rules.
Can’t check rn because I’m away from my PC but it’s worth a shot checking imo.
I tried AM some time ago, and I was extremely confused about the documentation and how to use it. I even watched a YouTube video from DistroTube on how to use it, but I still couldn’t figure it out. I don’t exactly remember the issues, though, and I hope it’s better now.
I am using AppMan as it does not require root and it does install the files into my home directory. It uses query parameter instead of search, but the install, update and remove are similar to the apt commands for example. I use AppImages when there is no package in the repository (or only older version) and it is not available as a Flatpak.
Been a few years since I did a Debian install, but IMO it's fairly daunting for a noob unless it's changed a lot. I found Arch easier to install (this is not me suggesting you use Arch, just making a comparison - I currently don't use Arch btw.)
I would disagree with the prior poster urging you to use Debian testing/unstable partially because saying it like that as they did implies they are the same, which they are not.
Suggest if you stick with Debian (which is a fine and foundational distro, I'm just not sure it's a good choice for a noob - but again haven't touched vanilla debian in years), you read this page first (and the page for each of the branches) to decide which release to use. https://wiki.debian.org/DebianReleases
linux
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.