I currently use Fedora Kinoite and until Plasma 6 some major bugs will simply not be fixed. “Solved in Plasma 6” is a very common phrase now and that is okay....
Thanks! Yes its a shame that Debian (and Leap?) Will not have Plasma6 in like 6 months where stable release would fit perfectly.
My experience is the same, on Manjaro Plasma was way better than on Kubuntu and Manjaro convinced me of Plasma. Fedora is a sweet spot and staying with F39 for a while (even though I will probably switch to F40 right away as Plasma6 has sooo many bug fixes I personally reported) could work.
You mean a rootful Distrobox with a DE in it? I have to try that out, sounds crazy. Would need a seperate home if that is possible, as I dont want to have messed up dotfiles.
No shit I believe FOSS projects investing in PR and corporate Design like that are on a very good path. Things need to look shiny today, KDE & Opensuse icons, wallpaper contests, this is so nontechnical but attrackts lots of attention.
My main browser is Librewolf but I keep a chromium browser just in case. Previously used brave but their flatpak is shit. Ungoogled chromium seems ok but it looks like they don’t change much from upstream chromium. Any good chromium browsers which harden their browsers like librewolf does for more privacy?
I mean sandboxes are just pretty complex. Chromium relies on user namespaces for process isolation. Flatpak browsers are isolated but have no internal isolation of processes (one tab could attack another tab). At the same time the Flatpak sandbox itself relies on user namespaces, while the flatpakked browser cannot use the namespaces internally.
Then there is the hardened kernel which disables user namespaces for security reasons, on the other hand people say running the Sandbox as suid means if there is a vulnerability processes get root access.
Flatpak browsers put less trust in the code, but more in the maintainer that has to keep them as updated as possible.
Just so you know, Chromium Browsers are more secure if you use the native package. But just for privacy reasons I would not run Chrome unrestricted in my system.
They will work on ungoogled chromium too though, I guess.
In theory there is even the ability to store a chrome:flags override and use it like a user.js. So you could use upstream chromium and not rely on outdated stuff.
Even though pretty old and probably outdated, some points are for sure true. Some apps like Onionshare are horribly outdated, and unless every app has at least one packager responsible for it, best official and paid, its a total mess.
These where not the sources I refer to, and it is pretty complex. Secureblue disables user namespaces and uses bubblewrap-suid for security, but after madaidans statement that would mean a hole in bubblewrap allows the app root privileges.
Flatpaks are more and less secure. Their Sandbox improves 99% of apps security as other sandboxes are hard to setup and thus nearly nonexistent.
Browsers have their own, so just dont use Flatpaks there.
I am not sure about microcode, but processes running as root are maybe more critical, but it sounds like any process could have exploits if microcode is a problem. Also, RiscV or even ARM will be waaay better here, as their instruction set is not dozens of years old and extremely bloated.
As we get our apps from secure repos, with projects keeping track of every Git commit etc, we just had no malware really.
The only problem is that Flatpaks, like appimages, “just work” and dont have to evolve like the rest of the OS will. Their main goal is to work everywhere, and Devs always choose convenience over security.
For example Portals are not implemented in most old big projects like Libreoffice, Gimp, Inkscape etc. Scribus is even X11 only. But developers will not remove the filesystem=host permission and replace it with “just all the media locations”. This will still be a problem, but at least apps could not read Kernel logs etc anymore.
Also as they “just work” its easy to abandon them and dont update. The “outdated Runtime” Warning is a veeery good indicator of a project using old and probably insecure libraries. But afaik there is no automatic CVE patching in flatpak-builder which is a huge problem.
I imagine if Darling gets as well supported it would be better. But it will not be optimized as much, even though the core architecture may be way more similar
I am using Konsole currently, as it works best in KDE. Should I switch to Alacritty? I like to have one window and the rest in tabs, its pretty great. I guess alacritty doesnt have that right? What all does fit in the config? Konsole has tabs with special descriptors using path, host, program etc. You can change the color scheme, its pretty nice.
If you want to game, stick to regular Fedora. A project that is actually secure is ublue with dedicated NVIDIA images that should just work and never break, and they even have Bazzite, an Image specifically for the Steamdeck but also for Desktop.
These images are only ½ day behind upstream, apply minimal additions and patches (like drivers, codecs, packages, udev rules for controllers) and Nick from the video above found out that the Nobara patches with their weird less supported Kernel arent really worth the hassle.
Same, I could not get a single game to run normally on Fedora Kinoite, AMD GPU, Wayland. Idk maybe amdgpu pro and x11? But xwayland should also work normally…
CentOS Stream for a private KDE Desktop?
I currently use Fedora Kinoite and until Plasma 6 some major bugs will simply not be fixed. “Solved in Plasma 6” is a very common phrase now and that is okay....
Just received my Torproject Donation Merch! (feddit.de)
donate.torproject.org...
Vote on the new KDE Plasma 6 Logo (discuss.kde.org)
DISCLAIMER:...
Librewolf but like... for chromium?
My main browser is Librewolf but I keep a chromium browser just in case. Previously used brave but their flatpak is shit. Ungoogled chromium seems ok but it looks like they don’t change much from upstream chromium. Any good chromium browsers which harden their browsers like librewolf does for more privacy?
What's with all these hip filesystems and how are they different?
You know, ZFS, ButterFS (btrfs…its actually “better” right?), and I’m sure more....
Darling runs macOS software directly without using a hardware emulator (www.darlinghq.org)
Darling is a translation layer that lets you run macOS software on Linux, not an emulator, it’s like wine but for MacOS apps.
An open-source, cross-platform terminal for seamless workflows (waveterm.dev)
Render anything inline. Save sessions and history. Powered by open web standards....
Windows 11 scores dead last in gaming performance tests against 3 Linux gaming distros (www.notebookcheck.net)