In a First, AlmaLinux Patches a Security Hole That Remains Unpatched in Upstream RHEL - FOSS Force
TMP_NKcYUEoM7kXg4qYe @ TMP_NKcYUEoM7kXg4qYe @lemmy.world Posts 7Comments 192Joined 2 yr. ago
TMP_NKcYUEoM7kXg4qYe @ TMP_NKcYUEoM7kXg4qYe @lemmy.world
Posts
7
Comments
192
Joined
2 yr. ago
I haven't compared it myself but xbps is supposedly much faster than portage for binary packages. I know it ain't really an important metric but still.
I think void has better binary package support though. I don't have the statistics but it seems that still not all gentoo packages are offered in binary form, especially on arm or legacy x86. I also think GURU is source only which is sometimes an issue when installing some obscure software.
I see. I honestly don't know how to do the multi monitor thing. The lazy part of me would avoid it if possible. A simple alternative could be something like a real RDP session on one monitor and a virtual monitor on the other. Obviously the issue would be that you would have 2 sessions opened at the same time instead of a single desktop. Another simple hack would be to expand the spice client over both of your monitors and set the VM's resolution equal to the size of your 2 monitors combined.
But yeah I highly recommend Quickemu. It basically looks just like Windows on full screen if familiarity is your main issue. It also has alternative spice viewers in settings if you dislike the stock one.
With winapps you mean the tool that lets you use RDP to control a Virtual Machine as if it were a regular linux window? (edit: stupid question - you even specified the repo you got it from) If that's slow, that wouldn't be a winapps problem but rather virtualization problem since you should not feel the difference between an app running in a VM and a native app if it's set up properly.
Have you tried Quickemu? It should setup your windows VM for optimal performance automagically. There is even a graphical interface for it called Quickgui and both are available by running a single command on Ubuntu/Mint. Another thing might be not enough cores/RAM given to the VM.
Someone mentioned looking glass, which is imo an overkill for you, unless you're doing some graphically intensive stuff like gaming in the VM.
They are similar but one is mainly a source based distro which can also install binary packages while void is the other way around. Each has its advantages and downsides.
Because the vast majority of people don’t know how to google
My mother is like that. Every now and then she asks me whether I'm skilled with Excel and how to do x thing in Excel. x is usually some pretty basic thing that I don't know how to do but I'm sure it is googlable. I wonder whether this is the norm for people who use a computer for work daily but aren't "tech guys".
If you need MS office compatibility, don't use Libreoffice. If you just want to use the software for your own documents, Libreoffice is (imo) better* once you get used to it. If you need Basic Excel macros, Libreoffice won't work unfortunately.
(*) the thing I hate about excel is that everything works "like magic" which is fine as long as it works. When something doesn't work, you are screwed because you cannot explicitly tell Excel what to do. It wants to do its own magic instead of obeying your will.
In reality it's gonna be something like:
M$ charges 5M €. Libreoffice might be 1M € so they will give 1M € to OSS and waste the remaining 3M € on some overly expensive one-time crap like car infrastructure. Later they will realize that they had understaffed their IT department and will need extra 5M € paid by more state debt.
Well that's why I'm asking here. You can "map
<Mouse1>
some_function" but there is no "pan" function. Mapping<Mouse1>
to scroll (down) does not enable panning by dragging while holding down the button but just in moving the page one step down.So it seems to me that it either requires multiple lines in the config or it isn't supported at all. I wanted to ask here first before bothering the devs on github.
Let me know if you get any progress
Sunshine does have tutorial on how to do this for xorg in their docs. Haven't tried it though, I'm too lazy to spend time setting up my configs for xorg when I already have a wayland setup.
I've tried it and it went horribly. By default it doesn't stream your desktop, just some apps so I tried to change the config file according to their docs but made a mistake, now it's brokie. I deleted the config file and the entire /etc/wolf directory but it's still fricced. (I am on Mint and used podman-docker instead of real docker)
Before I broke it, I could open up a black screen which should in theory be a sign that it's still installing stuff in the container but I was too inpatient to find out.
I suppose the bottom line is that it's still in alpha. I might try it again with the help of their discord or something when I get time for it but idk when that will happen lol.
Lol I've just came on this sub to ask about this. Sunshine has a tutorial in their docs on how to do this on X11 but I'm using sway so I'm kinda fricced. If I start sunshine from ssh, it correctly uses the headless wayland display but it doesn't have rights to access the encoder for some reason.
You can achieve similar (it's gonna be slow though) results with wayvnc. You need export 3 variables in order to set it up according to their FAQ: https://github.com/any1/wayvnc/blob/master/FAQ.md
Edit: noticed your crosspost with answers: https://lemmy.world/post/12888914, thanks for creating this post.
Edit 2: WayVNC can be more usable if you use mosh instead of SSH. It makes VNC less laggy. The downside is that you have to start sway in normal SSH and then start wayvnc in the mosh session, which is kinda inconvenient.
This isn't threatening in a way that Canonical would hack my computer with it. It's threatening the Linux ecosystem. They created a distro agnostic package manager which is solely controlled by them. In other words they want everyone to use Snap and then vendor lock in everyone into it. "embrace, extend, extinguish"
I honestly wouldn't care if snap was both Canonical proprietary and Ubuntu proprietary but this M$ like strategy sucks.
Not really, rewriting the boot sector with your malware can be scripted so even the average burglar could use it. Using a previously stolen laptop without reflashing the firmware or something similar isn't worth the risk imo.
The secure boot vulnerability was shown on a lenovo laptop. I've found https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/, but I'm not sure whether it's the same thing I was talking about. The attack abused the fact that the TPM chip was outside the CPU so it was possible to read the keys in plain text by just putting a clip on the chip. The laptops in the ESET article seem fairly new so I would expect them to have TPM inside the CPU.
I recommend reading "threat model" page on Heads OS' website. Secure boot can be disabled in the UEFI settings which can be accessed by unplugging the CMOS battery to reset the UEFI password. Undoing a few screws takes a few seconds so the bottleneck would be how fast you can upload your fake login screen onto the drive.
Servers can use FDE obviously but using them becomes highly inconvenient if you enable that. In order to boot you need to decrypt the drive but how are going to connect to the server if it hasn't booted yet? One solution is to only boot the server when you have local access. The issue rises when your server crashes. Alternatively you can either start sshd early in the boot process at which point it isn't really FDE or have some kind of KVM which just shifts the issue to a different device.
Thanks for the correction. I would also like to add that /root is probably also something that should be encrypted, you won't have to shred your root account's bash_history after accidentally typing your password into the root shell.
I didn't clarify this in the original comment but imo unless your distro specifically offers the option to partition a drive the way I described it, it's not worth it. (as far as I know, no distro offers this kind of encryption)
If an attacker has physical access to your device, you should not use the device afterwards, ever. There are some mitigations like Secure Boot and Heads OS, but they only slow down the attacker. Given enough time, you cannot stop him. Heads OS is pretty much for giving your laptop to airport security temporary and Secure Boot has been hacked in a minute. Although that was using TMP outside of the CPU, I would not trust Secure Boot with TMP 2.0 for anything other than a quick customs check either.
Using FDE as a protection against physical attacks is just a false sense of security. Veracrypt for example go as far as to say that secure boot is false sense of security.
For maximum paranoia there is a use for FDE, though. If you install a crappy app that saves data outside of RAM, /home, /var and /tmp, the data won't get leaked. Though that would be a massive security issue because most linux computers are servers which cannot use FDE.
From the info I've gathered, it seems that LUKS over LVM is the "proper" way as ideally you'd only want to encrypt swap, /tmp and /var. (/tmp and /var are places for temporary files, ie. opening a .zip archive. Swap is just RAM on your hard drive, so a place where your passwords could be stored) Encrypting the root (equivalent of "program files" in Windows) won't make your system more secure, just slower. (If you live in a place where you need to keep the list of your installed apps private, you'd probably be fricced by using encryption anyways.) Home directory should obviously be encrypted ~~but for the best performance you should use file level encryption instead of block level. ~~ edit: Do your own research on the performance, a reply claims otherwise, though leaving root partition unencrypted obviously increases R/W speed.
The thing is that setting it up this way is pretty hard so distros generally use 2 easier methods to setup encryption. Either encrypt the whole disk (LVM over LUKS) or encrypt only the home directory. I wonder whether the latter is secure enough though. Mint for example does not explicitly state that swap, /var and /tmp are encrypted when you select "encrypt home directory" but on Cinnamon there is not hibernation option so there is a chance that Swap is encrypted, just with a one-time password, which gets generated on boot and deleted after shutdown. <--- citation needed...edit: I've just tried hibernating in Mint without FDE and it didn't work, you just get a new session after resuming, so that's good.
Relevant article: https://www.linuxinsider.com/story/the-case-against-full-disk-encryption-86774.html
- LearnLinuxTV is a pretty good YT channel for noobs
- I recommend getting familiar with the following software:
- Quickemu (and quickgui) - super easy way to setup a Windows (or Linux or Mac) virtual machine
- Distrobox - easily run a different linux distro within your current linux distro. It's useful for running ubuntu containers because of "PPAs" which are unofficial repositories which allow you to install some obscure software with a single command.
- Timeshift - someone else already mentioned it. I actually don't know whether it would be a problem on an atomic distro like Kionite but I had Kubuntu break after a major update. Timeshift would have been useful at that time.
The issue started when Mr. Root Mean Square came up with the term "Free Software". It should have been called "freedom respecting software" and we would not have to deal with people confusing free software with Free Software.