Tell one thing that you miss after switching from another OS to Linux.
Max-P @ Max_P @lemmy.max-p.me Posts 2Comments 1,625Joined 2 yr. ago
Max-P @ Max_P @lemmy.max-p.me
Posts
2
Comments
1,625
Joined
2 yr. ago
Did you set the DPI in your RDP client? I had this too with my Windows VM, and it would just reset whenever I'd change it in Windows. Changed it in the FreeRDP flags and now the scale is correct, Windows applies 150% whenever I RDP in.
EDIT: My exact command
wlfreerdp /u:Max-P /v:192.168.1.149 +fonts -aero +clipboard +decorations +window-drag +async-channels +async-input +async-update -compression /dynamic-resolution /rfx /t:"Windows 10" /w:2560 /h:1440 /sound /scale-desktop:150 /scale:100
/scale-desktop is the one that controls the Windows side, whereas /scale controls the local side, so in this case Windows scales and I display it as-is, but you can also do the reverse and save some bandwith if the legacy app would just bitmap scale anyway.
Central package management.
When you install a package, it keeps track of all the files so when you uninstall it, it removes them all. There's various ways to scan and remove untracked files, but on a Linux system you can basically be ask it "where does this file comes from?" and it'll just tell you "oh, that's from mpg123, and you have it installed because VLC and Firefox need it to decode some AVIs". And if you really don't want it for some reason, it can also go uninstall everything that needs it too.
It makes it pretty hard to corrupt a system or uninstall important stuff. In the reverse, it also knows what is needed, so if you install VLC, it will also install all the codecs with it, and those are also automatically available to other apps too usually.
Been on Linux since 2007, so for me it's kind of the opposite. You just get settled with your OS after a while, you're used to how it works.
For me the immediately missing features is customizability in window management. I'm not a tiling fan, but I still miss basic convenience features like middle click paste, press alt and drag windows around or press alt and right click to resize windows from whichever side is the closest to the cursor. The different way it arranges windows (Linux tries hard to make them fit in unused space whereas Windows just opens it in the middle of the screen). Another big one is if you have a window focused and try to scroll another window in the background with your mouse cursor over it, it'll still scroll the focused window even though the mouse cursor isn't on it. Focus steal prevention is non-existent so if you're typing and another window pops open, it steals your keyboard input. The search bar is like, utterly useless, so is the Microsoft Store. The start menu doesn't open instantly like it has to load it every time. When you uninstall something there's still leftover crap of it everywhere.
Thankfully when it comes to Linux apps, their open nature means the majority of them just have Windows builds anyway, and what doesn't would work in WSL. So really all I can miss is the inherent flexibility and openness Linux gives me.
The key there is the check for compliance. They probably have an MDM or enterprise thing that ensures only approved apps are installed and all, and only then it issues a short lived certificate used to log into stuff.
The protocol itself is likely supported by OpenConnect but you'd have to actively circumvent IT's systems to make it work and thus a very bad idea.
Pretty "swapping" VRAM to system RAM has been supported for a very long time too. My GPUs can use up to 16GB each of system memory (AMD), and I'd be really shocked if NVIDIA's proprietary driver doesn't either because I'm sure the AI workloads need it.
Of course the Steam Deck is a prime example of dynamic CPU/GPU memory allocation as well.
They do sometimes end up used as agree/disagree buttons, but they're intended to be more about whether it's good content that provides some value, and downvotes are when you don't provide any value. This leave room for disagreement without downvoting a well written post that does add to the discussion.
I use downvotes for spam, and posts/comments what are just plainly wrong, incorrect, misleading or dangerous. Stuff I think is good gets upvoted, and stuff I disagree with but there's otherwise nothing wrong with it, I don't vote.
Using a third-party boot manager like rEFInd helps to bridge the gap with dubious motherboards that don't implement the UEFI spec right. Just make sure all the installed distros have their own ESP, then you can get into whatever distro's GRUB via rEFInd. And it's pretty.
The issue is usually around fighting for the same ESP, and not all distro's GRUB finding the other distros, and made worse by some UEFI firmwares not offering all available EFI applications as bootable so you end up stuck with the wrong GRUB.
Yes, you just boot a live USB and use GParted to delete what you don't want anymore and grow the rest.
You can always slap LVM or btrfs or ZFS on top to get more. But even with something more basic like ext4 you can still install multiple distros as long as they're in their own folder, and when you pivot root you pivot to a folder of it, it doesn't have to be the root of any filesystem. If you have a BIOS system technically you don't even need a partition table as syslinux fits the ext4 header and can boot from ext4.
I'd probably just do btrfs subvolumes or ZFS datasets though, more reliable and more manageable. And you don't waste space with individual partitions either.
You can install as many as will fit on the drive, there's no limit other than your own sanity
No, that's why signed kernel+initramfs+LUKS+dm-verity: protect the boot process all the way into userspace where you do have network access. From there you can request the TPM signs messages with a preloaded key it will only allow using it if you went through the whole secure boot process. It's exactly what Android does with Play Integrity and the strong integrity flag.
That way you can prove to the server that the computer is still secured and untampered with up to that point, which means the script that deals with the periodic checkin should be running untampered as well. If you've secured down the Linux install appropriately, it should be impossible for the user to gain enough privileges to request the key again from the TPM or extract the data key out of the mounted filesystem. That also means you can trust the system to block mounting any drives, force VPN on, make sure your MDM runs, all that stuff.
You can reset the BIOS, boot from USB, all that stuff still, but then it would also wipe the TPM and so the OS no longer bootable, and obviously no signed TPM messages either so even if you find the script and how it works, at that point you don't have the ability to sign the messages so the server won't give you the data partition's key either. The moment you tamper with it, it breaks the trust chain and the keys are gone. Can't flip a single bit on the system and boot partitions without the checks failing.
It's not bulletproof, some laptops you can sniff the TPM bus in minutes due to design flaws, but in theory as long as the hardware holds it's pretty secure. And obviously you can always just take a picture of the screen, no avoiding that. But it puts enough hurdles it'll stop most opportunistic exfiltration. One bad move and you wipe the keys, so you better know exactly what you're dealing with or you have one embarassing and incriminating email to write to IT to have them reprovision the keys.
That's why I focused on platform security. You can't fully eliminate the possibility, but you can make it as hard as possible to pull off. TPM+dm-verity is to make it hard for the user to even look at how it works and prevent filesystem modifications that would give them root access to intercept the key loading mechanism.
The part where the laptop continuously check and refreshes the key is to address the second part about just turning off WiFi: make it so if you do that, you have N hours to break the system open before it reboots itself and you've lost access to the key for good. This can also depend on hardware-backed checks like TPM measurements and signature, to make sure the data key is only handed over to the expected environment.
It's the same fundamental principles as Android and Play Integrity: use the security processor to attest the state of the device before the server agrees to send you stuff over. It's been worked around via leaked keys mostly because Google is lenient for older devices, but the actual secure enclave hasn't been broken yet.
The point is for the security to hold long enough the key's gone before they can get it, and without the key the laptop is effectively wiped. That's plenty for the overwhelming majority of "employee got fired and is pissed off and wants to retaliate", and the best that can be done without going remote desktop/VDI.
You'll first want to lock down the laptop with using the TPM so it only boots kernels signed by you, and also encrypt the drive using the TPM as the locking key so the key is only ever available to a kernel you signed. From there you'll probably want to use dm-verity to also verify the integrity of the system or at least during the boot process.
Then, on top of that, once online and the machine is still authorized to access that data, you download a key from a server under your control to unlock the rest of the drive (as another partition). And log those accesses of course.
Then, when you want to revoke access to it, all you have to do is stop replying with the key whenever requested. That just puts a ton of hurdles to overcome to access the data once the server stops handing the key. They would have to pry out the key from the TPM to unlock the first stage and even be able to see how it works and how to potentially obtain the key. They could still manage to copy the data out while the system is fully unlocked and still trusted, which you can make a lot harder by preventing access to external drives or network shares. But they have physical access so they kind of have the last word if they really really really want to exfiltrate data.
This is the best you can do because it's a passive: you stop supplying the unlock key so it's stuck locked encrypted with no key, so the best they can do is format the laptop and sell it or use it for themselves. Any sort of active command system can be pretty easy to counter: just don't get it online if you suspect the kill signal is coming, and it will never come, and therefore never get wiped. You want that system to be wiped by default unless your server decides it's not.
Nothing, it doesn't log properly most of the time. Somehow, especially on AskLemmy, reply to thread, come back later to check discussion, and it's gone without a trace apart from my instance's cached copy of it.
I think it's not as much as we expect everyone to host theirs themselves, but that it's possible at all so multiple companies can compete without having to start from scratch.
Sure there will be hobbyists that do it, but already just on Lemmy users already have the freedom of going with lemmy.ml, lemmy.world, SJW, lemm.ee and plenty more.
It's about spreading the risk and having alternatives to run to.
The Chromebooks were meant to be cheap computers to give you an Internet browser. They mainly target schools because kids destroy them fast, and older people that really just want to go to Facebook, YouTube and the likes. Their whole thing is basically they're cloud based and kinda disposable. They even ran this ad about it.
It's like the MacBook experience for cheap and the only thing it runs is Chome and Android apps.
They're kind of slowly becoming the new thinkpads thanks to good coreboot support for them. People have really been unleashing them and doing all sorts of crazy things like eGPUs and stuff since they're so easy to mod the BIOS.
I had to download like 60GB worth of blocks over about 2 weeks a couple months ago, just to confirm I'm indeed broke and nobody takes Zcash anymore anyway.
The only thing it scales well at is needlessly sucking a stupid amount of power. The chains are huge and full of spam. Nobody can afford the gear to mine anymore so we're back to the rich elites making more money.
If you can handle it, it's quite liberating honestly. I feel like it brings me and my wife closer because we can just be honest with eachother and talk openly about things.
We watch movies together and gossip about who's hot. She's done things I'm not into, I've done things she's not into, and we can talk about it without feeling threatened we might not be good enough. I'm not worried the slightest even when she go hang out with exes. I trust she loves me and will always come back home. None of this has to take away anything from me. If there's something I can't provide, she can get it elsewhere, it makes her happy, she's more happy with me, we're all happy. I have nothing to gain from her being unhappy and unfulfilled, it would just make her miserable and tension build up in our relationship.
We make it get us closer rather than drive us apart, and we get to be there for all the people we care about.
And by extension, you can have all sorts of atypical relationships. Maybe there's someone you care about intimately but would never be able to live with. Maybe you have a bestie you get spicy with once in a while. Maybe there's someone important to you that travels a lot but you like to snuggle up with when they're in town. Maybe your primary partner has a different libido than you do. Maybe you just like flirting a lot, or enjoy receiving the attention. Maybe you swing both ways and enjoy some variety. I've even seen sometimes the boyfriend just likes to jack off with his buddy. I had a roommate I was very cuddly with but never slept with.
It's not even always about sex but just being more intimate with someone than would be normal for a monogamous relationship. And it doesn't have to take away from a potential bigger commitment with a primary partner, like a house and kids. It can even be extra support, I'd babysit for a partner to give the parents time together. It comes in all shapes and forms that works for you. As long as it's done safely and it makes everyone happy in the end, it's not so bad.
Audacious can still load Winamp themes and is native!