d3Xt3r

d3Xt3r, 5 months ago

Give Zorin a try. It’s based on Ubuntu but even more user friendly - so much so that my elderly mother has no issues using it, she even prints and scans (a Brother MFD) and has no issues.

d3Xt3r, 6 months ago

As long as it doesn’t break I would take this over any alternative minipc

May I ask why though? One of the biggest advantages of using a MacBook is the performance-battery efficiency. If you’re going to get a Mac mini and loading Linux, you lose that advantage.

Unless you’re looking specifically for an ARM64 machine for whatever reason, I think an AMD mini PC, say something like the Minisforum EliteMini UM780 XTX would be technically a better option - you get dual NVMe, dual 2.5G network ports, USB 4.0, Oculink for even more b/w than Thunderbolt, and far more I/O options in general. Not to mention, excellent Linux support.

d3Xt3r, 6 months ago

For a macOS-like environment I’d also recommend Elementary OS.

d3Xt3r, 6 months ago

You can see the results for this here: openbenchmarking.org/…/x265&eval=3361398242e5…

d3Xt3r, 6 months ago

TIL about PostWatchBot, that seems handy. Thanks!

d3Xt3r, 6 months ago (edited 6 months ago)

I haven’t tested it myself but apparently it’s supported now. areweanticheatyet.com/game/planetside-2

Anti-cheat support in general has been a thing in Linux since the past couple of years, thanks to the efforts of Valve and the Steam Deck’s popularity. But not every game works though, depending on the anti-cheat system used and it’s implementation, some effort from the dev might be needed to make it compatible. areweanticheatyet.com tracks the current status of these games, and www.protondb.com is also a good reference in general to check Linux game compatibility.

d3Xt3r, 7 months ago (edited 6 months ago)

If you’re talking about the Storage Sense feature - it sucks. It only clears a handful of well-known locations, but it doesn’t touch any of the orphaned content in C:\Windows\Installer, or the CSC or the old Panther folders from upgrades, not to mention several other files and folders in AppData. As I’ve said before, I’ve been a Windows sysadmin (until last year infact) managing over 20,000 devices, we’ve had Storage Sense on, but it’s been mostly useless - to the point that I ended up writing own cleanup script and set it to run before we pushed out a new Windows feature update, because otherwise we’d get several devices which failed to update due to the disk being full.

d3Xt3r, 7 months ago (edited 7 months ago)

None of the comments here explain how WINE works, so allow me to elaborate a bit.

WINE is like a translator or a compatibility layer. When a Windows program tries to perform a function that would normally require Windows, WINE steps in and translates that request into something the Linux system can understand and process.

As you may know, Windows programs work by making API calls (eg using Win32 APIs) to operate and perform basic tasks. WINE takes these API calls and translates them to their Linux equivalents (POSIX calls, to be specific, which means Wine can run on several Unix-like systems). This way, when a program asks to say, open a file, or display something on the screen, WINE converts these requests into a form that Linux can execute.

WINE’s approach is about providing compatibility for user-level applications rather than replicating the internal workings of the Windows kernel. It includes various libraries and components that mimic the behavior of those in Windows. This helps in executing the Windows applications as if they are running in their native environment.

• The core of it is NTDLL. NTDLL.dll is a core Windows library that provides low-level system functions to interact with the Windows NT kernel. In WINE, ntdll.dll is adapted to work with the Linux kernel instead.
• Then you have the Win32 API libraries, providing the basic APIs that Windows applications use for functions like window management, text rendering, and system calls. Examples include user32.dll (for user-interface functions), gdi32.dll (for graphics device interface functions), and kernel32.dll (for basic system functions).
• Shell32.dll for handling Windows Shell API functions related to file operations and the user interface.
• DirectX Support, for running games and multimedia applications. WINE implements parts of DirectX, like Direct3D for 3D graphics, DirectDraw for 2D graphics, and DirectSound for sound processing. Note that WINE’s implementation converse Direct3D calls to OpenGL, whereas there are community projects like DXVK and VKD3D which translates these calls to Vulkan.
• Finally there’s a Registry Implementation, so that applications that need to read or write to the registry can function correctly.

Of course, there’s a LOT more to it, the above is just an example of some key components. Basically Wine has reimplemented (coded from scratch) various libraries and executables that, on the outside, look like standard Windows dlls/exes, but internally they use POSIX APIs to talk to the Linux kernel and other POSIX components. This, along with the Syscall translations, bridges the gap between Windows programs and Linux.

Now naturally, this is neither a perfect, nor a complete implementation of Windows APIs; plus there are some things which Wine will never implement (such as ntoskrnl.exe), so not every program will work as expected - so check out the Wine AppDB for compatibility reports with various Windows apps.

d3Xt3r, 7 months ago (edited 7 months ago)

Well you don’t have to buy them brand new. If you guys have a used goods market there, you could look around for some good deals on used drives there. Or even used PCs, sometime people sell entire PCs for the same cost as a hard drive, so look out for those and take the drives out, sell the rest of parts.

And if things are really desperate money wise, it doesn’t even have to be a hard drive, you could even store your music on CDs/DVDs - not the most convenient option I know, but it’s an option - you could move the music that you don’t listen to often (or music that you’re tired of playing constantly), and keep your more frequently played music on the HDDs.

d3Xt3r, 7 months ago (edited 7 months ago)

Well it’s Black Friday and HDDs are going for cheap. 6TB is nothing these days, when you could get a 16TB external drive for only $200, or a internal SATA one for $185. Or you could replace/supplement your entire NAS with a single 6TB drive for only $50.

Disk space is cheap now, so upgrade your storage, convert your music to FLAC, problem solved.

d3Xt3r, 7 months ago

Are you talking about for work or home usage? And do they have any specific proprietary application/hardware requirements?

d3Xt3r, 7 months ago (edited 7 months ago)

Apparently there’s still some limitations, according to the Arch Wiki:

• Initial LUKS2 support was added to GRUB 2.06, but with several limitations that are only partially addressed in GRUB 2.12rc1. See GRUB bug #55093.
• Since GRUB 2.12rc1, grub-install can create a core image to unlock LUKS2. However, it only supports PBKDF2, not Argon2.
• Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

d3Xt3r, 8 months ago (edited 8 months ago)

Yes, I do provide a password on boot, as you said, keys can be extracted from the hardware so that’s not secure, which is why I don’t use the TPM to store the keys.

There are no hooks necessary in the bootloader, as it’s the BIOS which prompts you for the password and unlocks the drive.

And yes, there have been implementation problems in the past, but that’s why the Opal 2.0 standard exists - don’t just buy any random self-encrypting drive, do your research on past vulnerabilities for that manufacturer, and check if there are any firmware updates for the drive (don’t just rely on LVFS).

Also, the common hardware attacks rely on either a SATA interface (to unplug the drive while it still has power) or older external ports vulnerable to DMA attacks such as PCMCIA or Thunderbolt 3.x or below; so those attacks only affects older laptops. Of course, someone could theoretically install a hardware keylogger or something, but this is also why you have chassis intrusion detection, and why you should secure and check any external ports and peripherals connected to your machine. Overall physical security is just as important these days.

But ultimately, as always, it comes down to your personal threat model and inconvenience tolerance levels. In my case, I think the measures I’ve taken are reasonably secure, but mostly, I’ve chosen Opal for performance and convenience reasons.

d3Xt3r, 8 months ago (edited 7 months ago)

Foreground targets are where writes initially go. Data is moved from foreground to background targets while idle or as needed. Data which is read from the background targets is moved to promote targets.

If you set your NVMe as a promote target, SSD as foreground and your HDDs as background targets, all writes would first go to your SSD, then get copied to your HDD during idle, and finally the copy of the data on your SSD will then be marked as a cached copy. In case your SSD becomes full, then it’ll store the data on other drives. As for the promote targets, any time you read data from either the SSD or HDD that wasn’t on the NVMe, it would get cached to it, so the next read will be faster.

The main point of the foreground vs promote is to prioritize write vs read speeds. If you value faster writes, then set your NVMe as foreground. If you value faster reads, then set your NVMe as promote. Of course, you can also set your NVMe as both foreground and promote to benefit from both faster reads and writes.

But since you plan to introduce an SSD in the mix, you can create a single group for your NVMe + SSD, and a second group for the HDDs, and set your SSD group to foreground + promote, which will simplify things.

The Arch wiki illustrates this well:

A recommended configuration is to use an ssd group for the foreground and promote, and an hdd group for the background (a writeback cache).

Modified example to your scenario:

<span style="color:#323232;"># bcachefs format 
</span><span style="color:#323232;">    --label=ssd.nvme1 /dev/nvme0n1 
</span><span style="color:#323232;">    --label=ssd.ssd1 /dev/sda 
</span><span style="color:#323232;">    --label=hdd.hdd1 /dev/sdb 
</span><span style="color:#323232;">    --label=hdd.hdd2 /dev/sdc 
</span><span style="color:#323232;">    --replicas=2 
</span><span style="color:#323232;">    --foreground_target=ssd 
</span><span style="color:#323232;">    --promote_target=ssd 
</span><span style="color:#323232;">    --background_target=hdd 
</span>

If you’re concerned about chucking both the SSD and NVMe in the same group, no need to worry cause bcachefs will automatically prioritize reads from drives with lower latency as mentioned in the wiki.

If they are different speeds, reads for replicated data will be sent to the ones with the lowest IO latency.

But regardless of which setup you go for, main thing to remember is to use the NVMe (or the group containing the NVMe) as the promote target, as that will be your primary cache drive.

d3Xt3r, 8 months ago

Yeah, unfortunately it looks like the reader on the X1 is a special case. Thankfully, this isn’t an issue with my Z13 - the reader itself worked out-of-the-box, just had to enroll my fingerprint from the Settings menu and then added fprintd to my pam.d rules.

d3Xt3r, 8 months ago

I thought NixOS was already reproducible, like, isn’t that the whole point? What’s the big deal here, and why is it a “great achievement” - does the Linux world now completely change? Does this revolutionize how Linux ISOs are built?

d3Xt3r, 8 months ago

Seconded, Distrobox is the way to go.

Here’s how you can actually make it work seamlessly @Macaroni9538 :
github.com/…/run_latest_gnome_kde_on_distrobox.md

d3Xt3r, 9 months ago

You’re not breaking the law, you’re breaking a software license agreement. That does not automatically make it a crime, at least, that would depend on your exact local laws, and the lawyer’s interpretation of it - in many cases the actual wording around this is ambiguous and could be argued both ways. A better term for it would be a “legal grey area”, which means if you’re a company then don’t f*** around with it, and if you’re just a random user then no one gives a f***.

In any case, if those scripts were truly illegal, then the Microsoft-owned Github wouldn’t host them in the first place. Clearly Microsoft themselves don’t have an issue with it, so why should anyone else care about it?

d3Xt3r, 10 months ago

No.

No headphone jack, no buy. It’s not a question of whether a headphone jack is useful to you, it’s just the principle of it - there’s no good reason to remove it (especially for the asking price of FP5), and more importantly, it goes against what the Fairphone stands for, IMO. I can understand if it were some other profit-driven company making a shrewd business decision, but for Fairphone to do it, seems very unfair to me.