Pantherina

@Pantherina@feddit.de

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Pantherina,

Cool project! Do you know Captive portals? Because there you need to use DHCP DNS a lot, and turn off dnssec and dot afaik

Pantherina,

Of course it does. Firefoxes new ClearURL copy feature is great

Pantherina,

You can use what you want. I just say X11 is not developed anymore really, since years. It is decades old and insecure by design. Wayland just works, if not supported XWayland is chosen automatically.

If you use MacOS or Windows today, you will see that Linux has no permission system at all. This is simply insecure.

Pantherina,

So basically all laptop users can safely use it.

Crazy how PC users rely on such a steady power supply. Arent there small UPS devices for a few seconds with auto shutdown?

Pantherina,

Thanks. Bcachefs is for SSD-HDDs isnt it?

Why I need extra kernel modules to be able to run Wayland on nvidia?

If i run X.org i dont need to modify my kernel or its configs, it just works well (well, well for X.org) out of box. With wayland its the other story. I need to enable nvidia-dkms module and much other stuff to should be configured. There is a whole page about enabling hyprland on nvidia....

Pantherina,

Nouveau got way better I heard

What are the differences between linux distributions?

Hey guys! Trying to understand what developers actually do to create a yet another distro, or what are the differences between existing distros. Lets say we have ubuntu and fedora. What are the differences? Excluding DE, Installer, theme, installed packages/libs and package manager. They both are FHS compliant, both running...

Pantherina, (edited )

Distros

  • are putting together a set of packages in repos.
  • the repos are either close to upstream, or they backport security fixes. Everything else is not secure
  • make working, secure, sometimes branded bundles including Desktop, some apps, some specific software
  • the bundles get updated and if it is a point release, upgraded to a new set of packages. That is called a "Distro version"
  • This ensures new features and security fixes
  • the Distros care about bug reports, work with upstream, getting new contributors, packaging (bundling the packages, presets, libraries into a set with a name, handling dependencies etc.)
  • Distros also often package and build their own Kernel or multiple ones. These kernels are general purpose most often, even though there is the kernel-hardened or Oracles “unbreakable kernel” (whatever that is). Also there is a lts Kernel that has backported security fixes, as well as other releases of the kernel like git (latest of everything)
  • Distros take care of the versioning, so not every package is always the latest but tested to work with other packages.
  • Distros also implement security systems like SELinux and Apparmor with matching configurations

So you see that is highly complex. So stay as close to upstream as possible to get the best experience. I think of the main distros as

  • Debian + Ubuntu
  • Fedora + the RHEL stuff or clones (Oracle, Alma, Rocky etc)
  • Opensuse, SEL
  • Arch
  • Gentoo
  • Alpine (busybox and musl, not real Gnu+Linux)
  • NixOS
  • GUIX
  • ClearLinux
  • Coreboot (yes that is a Linux distro)
  • Slackware and other probably outdated projects
  • small ones with different focus

All the others are either downstream modifications of these, or less known. Some Line ublue, EndeavorOS etc. also just take an upstream distro and change very little.

Librewolf but like... for chromium?

My main browser is Librewolf but I keep a chromium browser just in case. Previously used brave but their flatpak is shit. Ungoogled chromium seems ok but it looks like they don’t change much from upstream chromium. Any good chromium browsers which harden their browsers like librewolf does for more privacy?

Pantherina,

Cool! Brave is best for fingerprinting protection, the pretty much plain Chromiums dont really have that.

Pantherina, (edited )

No default browser works normally but no idea how to set that in Hyprland.

I highly advise against Appimages. Flatpak is only useful if you dont trust the app which is a valid opinion, but poorly then the browser cant sandbox websites on its own. So native packages are the best option for security it you trust the browser.

Perfect would be to have the browser isolated and also using its sandbox to isolate websites from each other. I dont know if this works though, on Android it does (not with Firefox poorly as they didnt implement it)

Pantherina,

Automatic openings? Like default Webbrowser? Also dont use Appimages, just dont.

Depending on the Distro I recommend using Firefox or Brave, add their signed repo and call it a day.

Pantherina,

They load google Javascript right? Does that proof “your account data” is sent to Google or Facebook (hate these hide-away company names)

I think this is not true. Mozilla doesnt send user accounts to these sites.

Even though the plain existence of these javascript tracking scripts is absurd. But dont spread fake news please

Pantherina,

You havent looked at the repo. And we are talking about different sandboxes here.

The browsers sandbox websites, this is broken if the entire browser is sandboxed as you need to remove that capability to do so.

My bash script pulls in the official brave repo and gpg key, fix the access permissions and that is it. Brave has no documentation on how to use their repo without dnf so this is needed.

The repo has gpg verification enabled and the system will update the browser.

Please dont spread misinformation if you havent even looked at the “random bash script” that does not handle the updatingô

Pantherina,

If it should be corporation stuff with central accounts and all I think GNOME is really good. Fedora GNOME could for sure be an option and I would recommend Silverblue from ublue.it in that case, as it has all the drivers and codecs

Pantherina,

Proprietary UEFI BIOS is, but for a secure system with local manipulation prevention it can be needed. Also secureboot is a security measurement against malware so no, its simply the best we have.

Look at Coreboot if you want a secure modern system

  • novacustom
  • 3mdeb
  • starlabs
  • system76
Pantherina,

Okay I went more the ProtonUpQt + Bottles + oversea way

Pantherina, (edited )

Then disable the updates lol. This is done in the background and includes all the security patches so you dont even see any of it, not a single popup.

We are not talking about backported security fixes, but literally no updates for an entire month.

Pantherina,

If you need word suggestions use OpenBoard. If you dont, Florisboard is king.

I always turned off these “you cant type and I know it better anyways” suggestions. Also bilingual + colloquial is not great

Pantherina,

Aosp keyboard is the worst keyboard in existence.

"We are looking for Text-To-Speak (TTS) expertise to help or advise us on improving the default voice of the Linux desktop." (floss.social)

Hello Fediverse, We are looking for Text-To-Speak (TTS) expertise to help or advise us on improving the default voice of the Linux desktop. :linux: 📣 Please reach out or boost :boost_love: Thanks! #Linux #tts #accessibility #a11y #GNOME #KDE #FreeSoftware #freedesktop #ml...

Pantherina,

This! Good tts (piper for example) is key.

  • apps supporting modern screen reader stack, including wayland
  • good stable screenreaders
  • the entire OS supporting the screenreader not only as a GUI-level service
  • very good voices especially when set very fast

Switching to Debian on my gaming pc

Hello everyone - I have been wanting to ditch windows on my gaming pc for a while now, and since I have recently finished a large project, I now have the free time to switch. I am relatively comfortable with Debian having used it for a while on my web server as well as school laptop, but I am concerned about using it on my...

Pantherina,

But Debian for servers is also a pain.

  • no hardened ssh config
  • apparmor by default?
  • no automatic updates which is bogus
Pantherina,

Debian is very manual in like everything. But Linux Mint uses Cinnamon which uses X11 for a loong time and that is pretty bad for anything modern with Graphics Cards

Pantherina,

What does Linux mint have what debian doesnt? I can only think of the deb firefox and the timeshift backups which are both really neat

Pantherina,

Thanks. But is not using user namespaces just as bad as having no isolation, or can bubblewrap-suid or even Browsers isolate anyways?

Because thats what makes me curious, does removing them for security make the system less secure?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #