usually monitors can be freely rotated. if yours can't, the back usually has a square vesa mount on the back and you can just take out the four screws and reattach it the way you like.
This is why X11 is better. I’d rather have settings like this in a text file that I can copy over to my next machine than have to navigate a UI that will change on a different DE or the next upgrade.
Backwards compatibility, portability, and text-based interfaces are a virtue.
X config files aren’t “hacky scripts”, they are fundamentally more powerful, customizable, usable, and future-proof. Xrandr is a powerful and capable interface with applications across the system.
When Wayland adopts these kinds of powerful interfaces with decades of refinement I’ll switch to it. I don’t want to keep track of whether my DE uses wlroots or gnome or plasma and their independent/redundant/feature-lacking randr alternatives. Randrs should be more fundamental to the display operation than the DE. Wayland is fundamentally hacky and broken.
Edit: thank you all for the discussion. I’d like to clarify a point. I don’t just want a text file with configuration settings that implement features that I need to beg/bother the de
... show more
This is why X11 is better. I’d rather have settings like this in a text file that I can copy over to my next machine than have to navigate a UI that will change on a different DE or the next upgrade.
Backwards compatibility, portability, and text-based interfaces are a virtue.
X config files aren’t “hacky scripts”, they are fundamentally more powerful, customizable, usable, and future-proof. Xrandr is a powerful and capable interface with applications across the system.
When Wayland adopts these kinds of powerful interfaces with decades of refinement I’ll switch to it. I don’t want to keep track of whether my DE uses wlroots or gnome or plasma and their independent/redundant/feature-lacking randr alternatives. Randrs should be more fundamental to the display operation than the DE. Wayland is fundamentally hacky and broken.
Edit: thank you all for the discussion. I’d like to clarify a point. I don’t just want a text file with configuration settings that implement features that I need to beg/bother the devs for. They are likely to have better things to do and it might not be a priority for them. I want access to powerful tools via the configuration files that I can make do pretty much anything if I read the documentation. Xrandr is such a tool. I don’t want setting for a feature that has to be baked into the DE which I have to beg to have implemented and which will be implemented differently across different DEs. I want flexible, dynamic, modular tools.
I have no problem with questions on forums, sometimes I ask them myself, but I think that if you expect people to try to answer your question, people should be able to expect you to have tried looking for an answer yourself.
I've just been logging in upside down for a couple years. My monitor's vesa Mount is like 3 inches from the top for some reason so having it upside down is the only way I can get a reasonable ergonomic height
I am serious, and I’ll tell you exactly what will change my mind. I need real tools instead of “upgrades” that have less functionality and are less usable. If Wayland (or whatever comes next) can deliver on functionality, I’ll sing its praises. For now I’m on X.
How do you think the OP is supposed to know that "SDDM" is the issue to look up? You don't get to enforce another person's effort. If all you want to provide is "you're looking for 'SDDM,' that would provide help and empower them without sounding like you're biting the newbie for not knowing everything.
I don't know about other people, but it's way easier to google something than to ask a question and then wait for the answer. I'm not OP, but if I've asked a question, it's only because I've exhausted my ability to find the answer on its own.
Changes to your display configuration made in a Plasma Wayland session (e.g. monitor layout, resolution, etc) will not persist to SDDM. To make them persist open Plasma's System Settings and navigate to Startup and Shutdown> Login Screen (SDDM) and click "Apply Plasma Settings...". You will need to have permission to perform this action.
Sometimes people like community conversation; it often gets to the heart of the issue better than parsing a semi-related post from 12 years ago, and it allows back-and-forth discussion to get details and drill down issues.
On top of that, redundancy for technical issues is never something we should reject.
Well, there was zero effort documented in the post.
You're not their teacher. It's not your job to decide how much effort they've put forth, or to grade whether or not that is sufficient.
Take a look at Ubuntu trying to teach newcomers how to ask a question.
And if they documented their research process, you'd say "tldr just ask the question." Stop trying to be paternalistic and gatekeepy. Just answer or don't.
Yeah that difference in configuration definitely makes it so much better, it completely outweighs the fact that Wayland does proper multi-monitor VRR, fractional scaling, HDR and much more.
Yes. I would assume that the problem is in X11 or Wayland before thinking it could be SDDM, frankly. But even then, googling "Linux login screen" doesn't immediately reveal SDDM to be the point of concern.
Ah, you made an edit. Yeah, "kde login rotation" does, but "EndeavourOS login rotation" gives you no results mentioning SDDM. Giving people the benefit of the doubt costs you nothing over assuming that they're lazy, and the added bonus is that you don't sound like a jerk.
I'm not moving any goalposts at all. I'm expressing how inexperience and bad assumptions can make one's searching unfruitful through no fault of their own. That's all I've ever been saying.
I once had an old TV that I used as a monitor that had 1027p worth of pixels instead of 1080p. Auto detection tools said it was 1080p. With xrandr I was able to modify the output to 1027p so I didn’t lose the edges of the display to the TV’s broken forced overscan design. Could you do that with Wayland?
I never configured anything on X with a DE, let it be KDE, Gnome or Cosmic, but configure everything with config files I can just copy on sway. It has nothing to do with X or Wayland, but the DE/WM you use.
You can't be this stupid, Wayland also uses a config file, you just have a GUI button to copy the configs from inside your session to the login screen. Or do you think the button recompiles the login screen with a different configuration?
Literally yes. And you don't even need to know the exact pixel resolution of the TV.
Edit: Here are the problems with you "Wayland isn't good enough" people.
First, you don't use Wayland, so you don't even know if it's fixed whatever weird issue you encountered with it before or if it supports a niche use case, for example.
Second, Wayland won't get good enough for you until you start using it and reporting bugs. You think X11 was a bed of roses when it first started? Or do you think they bumped the version number 11 times for fun?
That’s kind of my point. Something like randr is more fundamental than the DE, and its configuration shouldn’t be fractured by being DE-dependent. I personally don’t like DEs at all, and like the ability to control a more minimal system.
Good to know that this has been implemented in your favorite DE! Considering how Wayland often implements things, it’s probably implemented on the DE-level, leading to a fractured configuration ecosystem. Being implemented in Wayland is different from being implemented in some of the DEs that use Wayland.
edit: if I’m wrong about that, and it is implemented in Wayland itself, please continue to correct me!
What is the harm, to you or anyone else, when someone makes a forum their first resort, instead of last? If having people ask questions here that aren't "good questions" according to you is bothering you, perhaps you are the problem.
If you think this is very witty and a gotcha, you're wrong. This argument doesn't work in reverse because whoever is using Linux already knows all about Windows, since, y'know, it has most of the Desktop market in its grip
The goal of Ubuntu's help forum is to solve users' problems efficiently and effectively. That goal is better achieved if questions are posed in certain optimal ways.
The goal of Lemmy is for people to have discussions (like this one! ;). That goal is not better achieved with well posed questions.
In Wayland, the compositor is the window server ( the equivalent of Xserver ). What you are looking for has to be a feature of the compositor and it is.
As others have said below, wlroots based compositors offer wlr-randr. There is also gnome-randr. For KDE, there is Kscreen-doctor. For X ( the window server being used by SDDM here ), there is xramdr.
Now, some people may see it as a problem that we have multiple Wayland implementations. I am mostly not fighting that battle. I will say that I hope these are not the same people that winge about systemd though and push for alternate init systems. I hope nobody that thinks MUSL is cool Is clinging to X11.
I would prefer that there was a common configuration standard for this stuff on Wayland. It will probably come eventually. Maybe as part of the freedesktop.org stuff.
Generally, I believe the Linux ecosystem has been stronger in areas where there has been competition between implementations ( even compilers ). I hope that Wayland will be one of those areas. As the core problems get fixed, the pace of innov
... show more
In Wayland, the compositor is the window server ( the equivalent of Xserver ). What you are looking for has to be a feature of the compositor and it is.
As others have said below, wlroots based compositors offer wlr-randr. There is also gnome-randr. For KDE, there is Kscreen-doctor. For X ( the window server being used by SDDM here ), there is xramdr.
Now, some people may see it as a problem that we have multiple Wayland implementations. I am mostly not fighting that battle. I will say that I hope these are not the same people that winge about systemd though and push for alternate init systems. I hope nobody that thinks MUSL is cool Is clinging to X11.
I would prefer that there was a common configuration standard for this stuff on Wayland. It will probably come eventually. Maybe as part of the freedesktop.org stuff.
Generally, I believe the Linux ecosystem has been stronger in areas where there has been competition between implementations ( even compilers ). I hope that Wayland will be one of those areas. As the core problems get fixed, the pace of innovation will increase. I believe we are already seeing that. There are more examples every day of things Wayland can do that X11 cannot. Let’s hope for more of that.
I support this idea, and based on the things I read here, it seems to me that different cultures have different norms for asking a question, and that's a good thing, but can create not so pleasant social situations here in the internet
Thanks for pointing out that in this case the DM is using X regardless of whatever graphical environment gets loaded when the user logs in. This really is a moot point/discussion. I’m still glad I raised it to get perspectives like yours.
You’re right that I should play around with wlroots a bit more. It’s been a while, personally. Mostly because it’s been a while since I’ve had time to just play around with my system. My life is at a point that it looks like I’ll have that free time soon, for better or for worse.
I’ll note that I do like alternative init systems for diversity and competition and because systemd was very hungry and rigid. An init system is also a bit more fundamental to system stability than a display server, so I think it’s reasonable to be critical of systemd and Wayland for contradictory reasons. Systemd has also come a very long way in the past decade plus. I have also seen it learn from the other ideas implemented in its competition, mirroring your argument. Diversity and unification are not at odds
... show more
Thanks for pointing out that in this case the DM is using X regardless of whatever graphical environment gets loaded when the user logs in. This really is a moot point/discussion. I’m still glad I raised it to get perspectives like yours.
You’re right that I should play around with wlroots a bit more. It’s been a while, personally. Mostly because it’s been a while since I’ve had time to just play around with my system. My life is at a point that it looks like I’ll have that free time soon, for better or for worse.
I’ll note that I do like alternative init systems for diversity and competition and because systemd was very hungry and rigid. An init system is also a bit more fundamental to system stability than a display server, so I think it’s reasonable to be critical of systemd and Wayland for contradictory reasons. Systemd has also come a very long way in the past decade plus. I have also seen it learn from the other ideas implemented in its competition, mirroring your argument. Diversity and unification are not at odds with each other, but are different parts of the same cycle of improvement.
Correct. Unfortunately, it's something that each desktop environment or window manager has to implement themselves. But all the button is doing is moving some config files around, so you can probably do some digging to figure out what it's copying to where.
XDG_SESSION_THEME=KDE got my hyprland config to work on everything except the cursor (other than in Firefox/steam for some reason). Took me way too long to find the old reddit post that had this tip, so I hope it helps!
You left a very gracious reply so let’s not fight.
I see a certain amount of irony in the overlap between the group of people ranting that Wayland has too many implementations and the group demanding more implementations of everything else. So that was my point.
Certainly we can agree though that there is nothing wrong with demanding more of both.
One my favourite new distros, Chimera, uses both Wayland and dinit (and Turnstile ).
I am interested to see where the diversity that Wayland provides goes actually. Have you seen this?
First, you don't use Wayland, so you don't even know if it's fixed whatever weird issue you encountered with it before or if it supports a niche use case, for example.
Bingo. So many complaints I’ve seen about Wayland have been from Nvidia users who tried it three years ago when the driver support was beyond fucked. I get Linux development moves slow sometimes but holy shit…
It's true though, every thread about Windows is full of Linux users saying how you should just use Linux, and others saying they still can't because it still doesn't work properly after all this time. Then you get the Linux users saying "iT jUSt wORks", then posting shit like this demonstrating that it clearly still doesn't
If you think this is very witty and a gotcha, you're wrong. This argument doesn't work in reverse because whoever is using Linux already knows all about Windows, since, y'know, it has most of the Desktop market in its grip
If you think this is very witty and a gotcha, you're wrong. This argument doesn't work in reverse because whoever is using iOS already knows all about Android, since, y'know, it has most of the mobile market in its grip
Thanks for the leads and the good conversation. I have found that being an idiot in public and then deescalating is one of the fastest ways to gather information.
Tip: Both GDM and SDDM have startup scripts that are executed when X is initiated. For GDM, these are in /etc/gdm/, while for SDDM this is done at /usr/share/sddm/scripts/Xsetup. This method requires root access and mucking around in system configuration files, but will take effect earlier in the startup process than using xprofile.
Yeah, I’ve largely figured out how to change all these settings from configs for myself, just always on the lookout for a nice gui. I’m slowly working to make a Linux experience I can install for my relatives that makes the transition from crapware Windows relatively painless.
I am very sorry but the question "it is okay that my above message gets published" cannot reasonably be respected, as the text is just dumped into a single block
Lag caused some empty questions to appear, removed
A question about disk encryption and "why do you use other OS" got mixed up
i changed the wording of some questions or added more options, so there may be duplicate old answers or too little new ones. You can edit your submission and update your answers.
So aside for a few wording and technical issues, something stuck out to me. Using "special" to refer to neurodivergence is a bit problematic and potentially dogwhistley because of the historical contexts it's been used in to dismiss and look down on people. And even if it wasn't, it's a bit ambiguous; can someone who feels that they are in touch with their "spiritual side" consider themselves to have a "special brain"?
If you're wondering about neurodivergence, probably better to just ask "Are you neurodivergent?" rather than using euphemisms.
The word is complicated but for sure, I may rephrase that. Not sure if this will mess up the results though, it may create a second question out of it.
I dunno, I don't wanna take part in any survey, it feels wrong to me. But filled it halfway, just to see my own thoughts on linux. BTW you shouldve added " for fun" as a option to the question "why'd you use linux", thats the first thing that came to my mind
Why did you start using linux? it was the 80s/90s, windows didn't exist, I used un*x at uni, of course I couldn't install HPUX, AIX, Solaris or IRIX on my 386, so I installed Linux. There was minix but it was not free. Also BSD was tempting.
Origin? A couple of floppy images downloaded from usenet :) there was no distro really.
Wow, that's a pretty narrow gap. The 80386 started mass production in 1986 and Windows 3.0 (the first actually usable one) came out in 1990.
I refused to use Windows until Win95 and even then I was experimenting with OS/2. In 1997 I installed Slack 3.4 and have been around every since. I'm currently running Linux Mint but I sorta miss SuSe and may go back to it.
Sorry, but how are a lot of the questions relevant for this community?
Especially concerning the (family) income, age, being neurodivergent etc. These are sensitive information and seem more fitting for a market survey/selling ads.
What is your goal with the answers? What are your research questions? How will the answers help this community?
Just to note, Kali is a downstream release of Debian Testing, not Ubuntu. Also for question 55 you didn’t include “git clone and build binary from src”.
Some of the questions about distros don't take into account those of us who have been using Linux since the mid-90s. Your scope here seems to be directed at the last decade or so.
So there are 43+ NixOS users and noone switched away for another OS?
Woot!
I keep pondering switching back to Debbie and every time I get in a fight with ... well everything I try to install ... And I look at my configuration.nix and sunk cost fallacy sits in.
I don't really need Splashtop, NinjaRMM, Parsec Server right?
I didn't see these questions at all. - Do you feel represented in the community? - How do you feel, how could the community improve? - Do you modify your install in these areas?
I couldn't find an answer for this question - Why did you start using Linux? (My answer would be, found it on a magazine)
This question is not distinctive - Do you use other Operating Systems? (Yes I do use Android but not on a PC)
I would expect "independent" as an answer for these questions - Where does the distro you use originate from? - What origin was your FIRST distro from?
because it was my only option for newer software, my pc is too old for newer windows (also because of it having no internet so all my browsing was mobile)
does your hardware meet win11 requirements
nope
do you use an immutable distro
yes on mobile (android); nope on pc (puppylinux isnt immutable, it even autologins you as root at boot)
do you use propietary software
dude i literally use windows and msdos its pretty clear i do (even if lately my daily driver is linux and im starting to go more and more into the open stuff)
From Roots to Resilience: Investigating the Vital Role of Microbes in Coastal #PlantHealth
Biologists uncovered crucial microbial processes in Georgia's saltwater marshes. Their study reveals that bacteria in cordgrass roots detoxify sulfides and fix nitrogen, boosting plant health and resilience. These findings, facilitated by advanced genomic technology, underscore the vital role of microbes in coastal ecosystems globally.
“It’s been amazing just getting to see nature take it back over,” Stevenot said.
“When you go out to a commercially farmed orchard or field, and you stand there and listen, it’s sterile. You don’t hear anything. But you come out here on that same day, you hear insects, songbirds. It’s that lower part of the ecosystem starting up.”
We're thrilled to republish this fantastic story from @grist
Restored floodplains in the state’s agricultural heartland are fighting both flooding and drought. But their fate rests with California’s powerful farmers.
You might be scrolling through your morning news, checking email, or any other routine online moment when suddenly you notice a small winged beast slowly glide across your screen. It’s ...
Interesting; it reminds me a little of an addon from maybe a dozen years ago that would do the same kind of thing but with fiction. So you'd be reading a post on Slashdot or whatever, and the addon would find a sequence of words that matched the start of one of the stories it had, and it would add a few words of that story. If you noticed, you could click on them to get more of the story, and if you kept clicking it would eventually replace the text of the whole page with the story. It was a really neat way of just stumbling across fiction. Wish I could remember the name of the addon. For some reason I think it was Australian, maybe put together by a university or an arts council or something?
I swapped over to KDE Plasma 6 when it first dropped on Arch Linux and Plasma 6.1 is coming out very shortly so I thought let's talk about some of what'll be...
He also seems to make a video almost every day. That really doesn't help with the quality of the video's. I doubt there is a lot of time to do additional research on the topic, so often it seems to just stick to the basic information from some kind of article and comments (and maybe a few related articles). And is often just related to the drama of the day.
Although he does sometimes have video's that do require more research, but a lot of people won't see those as they assume low quality because of many other video's.
Widely considered? Surprised to hear that, whenever someone posts him on Lemmy most of the comments act like he's the best thing since sliced bread in video form
Sometimes I do like his videos, but this one was positioned so bad. The video does go over the changes in Plasma 6.1 and they are good, but this is not a huge change that would change anybodies live.
I know he is probably inspired by channels like Linus Tech Tips, but even they don't got that far anymore. I think he probably intended this in a comedic way, as most of his audience knows that he makes his videos like this, but it really makes the videos worse.
CachyOS maintains its own repositories with optimized packages, especially for your hardware. There are x86-64-v3 and x86-64-v4 optimized repository, that exists to enhance your experience by: reducing latency, improving performance, applying special fixes, etc. Also, the system automatically selects repositories that are the fastest and optimized specially for your cpu.
Advanced Scheduler Support
Firstly let’s understand what scheduler is. In the Linux kernel, the scheduler is a crucial component that manages how tasks (or processes) are executed on the system. It decides which task should run next, ensuring efficient use of system resources to allow multiple tasks to run simultaneously. By default CachyOS provides BORE Scheduler (Burst-Oriented Response Enhancer) in our default kernel. It provides better performance and interactivity according to our test. But we also provide other schedulers, like: EEVDF, sched-ext (Framework to load userspace scheduler’s),
... show more
What makes CachyOS not just Arch based distro.
Optimized Packages and Repositories
CachyOS maintains its own repositories with optimized packages, especially for your hardware. There are x86-64-v3 and x86-64-v4 optimized repository, that exists to enhance your experience by: reducing latency, improving performance, applying special fixes, etc. Also, the system automatically selects repositories that are the fastest and optimized specially for your cpu.
Advanced Scheduler Support
Firstly let’s understand what scheduler is. In the Linux kernel, the scheduler is a crucial component that manages how tasks (or processes) are executed on the system. It decides which task should run next, ensuring efficient use of system resources to allow multiple tasks to run simultaneously. By default CachyOS provides BORE Scheduler (Burst-Oriented Response Enhancer) in our default kernel. It provides better performance and interactivity according to our test. But we also provide other schedulers, like: EEVDF, sched-ext (Framework to load userspace scheduler’s), ECHO, and RT. And you can choose any you prefer the most via the kernel manager.
Customizable Installation Process
When you have loaded to live iso (from usb). You automatically meet our installer. But what if you don’t want some components to install or let’s go deeper you don’t like this bootloader or kernel. You may want to change Desktop environment or window manager. Our installer provides much more choice than other distributions. You can and should to choose what you want to have and what not. And we provide to you this abilities. Your system your home.
User Friendly OS
By default, we provide our applications, like CachyOS Hello or CachyOS Package Installer and others. In order to simplify and make better for your experience. For example, CachyOS Hello provides options to update your system, enable services and rank the mirrors. Package Installer will help you to install packages. CachyOS also has a really good and friendly community, which helps each other very well.
I was on CachyOS until I realized that I can't handle non-systemd init systems as I couldn't figure out how to start newly installed services. I liked it in principle but it was too involved for me. And I'm a software dev, I should have been able to figure it out
x86-64-v3: This level is optimized for CPUs from around 2013 (Intel Haswell or AMD Excavator and newer). It uses advanced instructions like AVX, AVX2, BMI1, BMI2, F16C, FMA, LZCNT, MOVBE, and XSAVE. These instructions allow the CPU to perform more tasks efficiently, resulting in a 10-30% performance increase compared to the standard x86-64 architecture.
x86-64-v4: This is the highest level and requires support for AVX-512 instructions. It is compatible with newer CPUs like Intel Skylake and AMD Zen 4. This level provides even more advanced optimizations, particularly for modern Intel Xeon and AMD EPYC/AMD Ryzen systems, leading to further performance enhancements.
By using these optimized packages, you can take advantage of the advanced instructions available on newer CPUs, which can lead to faster execution of tasks and improved overall system performance.
In the forum you can find the full dev post ( " In 2020 and 2021 I tested and participated with Hamad and his cacULE scheduler. When we read about the RFC regarding x86-64-v3 optimized packages, we thought that we should make an optimized Linux system. The name “CachyOS” originally came from the “Cachy” scheduler, which was the old name of the cacULE scheduler. ")
I use VLC,Keepass,Kdenlive and few other QT Apps on my sway setup. So, wanted to configure their themes from Sway. I installed qt5ct and qt6ct and did export QT_QPA_PLATFORMTHEME=qt5ct in bashrc and .profile. While runnin echo $QT_QPA_PLATFORMTHEME it is showing qt5ct but it is not working showing that error message that QT_QPA_PLATFORMTHEME need to be set as qt5ct or qt6ct when launching from .desktop But when launching from terminal they start and function properly but do not change any theming.
In my experience setting environment variables is pretty inconsistent. The easiest way would be using /etc/environment. This sets stuff globally for all users and definitely works.
PAM also used to support a per-user environment file, but that's deprecated or removed even. The best you can do for per-user config is setting variables both in your login shell and the systemd user environments file.
A really common issue with sway is that it doesn't run as a login shell, so none of your .profile or other environment settings get sourced when you login. I think that might be the problem here.
Try closing your sway session, then login to a tty and run sway. If the qt themes work properly then it's definitely an environment issue.
Depending on the launcher and launch method you may need to set systemd variables. Look at the way 50-systemd-user.conf works wiki.archlinux.org/title/Sway#…
I use the following fragment to make sure the cursor theme propagates to applications launched with wofi: github.com/StaticRocket/dotfil…
Valve released the latest update to SteamVR bringing with it a good few fixes, although most of it is for Steam Link. This follows on from a few recent Beta releases.
Im confused with Steam VR for linux. I cant seem to get it to work, and the FAQs page says vr streaming for linux isn't ready yet. So are these updates just in preparation for a future working capability?
It definitely works if you are willing to tinker but we are a low priority and anything that breaks takes a long time to fix. There’s even another project called Envision which runs better than SteamVR but isn’t as easy to use yet.
I'm excited to share with you an instant messaging application I've been working on that might interest you. This is a chat app designed to work within your browser, with a focus on browser-based security and decentralization.
What makes this app unique is that it doesn't rely on messaging servers to function. Instead, it works based on your browser's javascript capabilities, so even low-end devices should work.
Here are some features of the app:
Encrypted messaging: Your messages are encrypted, making them more secure.
File sharing: Easily share files using WebRTC technology and QR codes.
Voice and video calls: Connect with others through voice and video calls.
Shared virtual space: Explore a shared mixed-reality space.
Image board: Browse and share images in a scrollable format.
Your security is a top priority. Here's how the app keeps
I'm excited to share with you an instant messaging application I've been working on that might interest you. This is a chat app designed to work within your browser, with a focus on browser-based security and decentralization.
What makes this app unique is that it doesn't rely on messaging servers to function. Instead, it works based on your browser's javascript capabilities, so even low-end devices should work.
Here are some features of the app:
Encrypted messaging: Your messages are encrypted, making them more secure.
File sharing: Easily share files using WebRTC technology and QR codes.
Voice and video calls: Connect with others through voice and video calls.
Shared virtual space: Explore a shared mixed-reality space.
Image board: Browse and share images in a scrollable format.
Your security is a top priority. Here's how the app keeps you safe:
Decentralized authentication: No central server is required for login, making it harder for anyone to gain unauthorized access.
Unique IDs: Your ID is cryptographically random, adding an extra layer of security.
End-to-end encryption: Your messages are encrypted from your device to the recipient's device, ensuring only you and the recipient can read them.
Local data storage: Your data is stored only on your device, not on any external servers.
Self-hostable: You have the option to host the app on your own server if you prefer.
The app is still in the early stages and I'm exploring what's possible with this technology. I'd love to hear your feedback on the idea and the current state of the app. If you have any feature requests or ideas, I'm all ears in the comments below!
Where is the crypto documented? I'm immediately dubious of messengers that do not provide LENGTHY documentation about the crypto. Did you roll your own? Are you using libraries? Which ones? Etc... It's not s good start to see that you have the self signed certs hard-coded in the repo...
An understandable view. Not sure what you mean by lengthy, but I can confirm my app is not well documented. If the MDN docs count, its a fairly thin wrapper around the functionality provided by the browser of your choice.
I'm using webpack 5 module federation to import that file at runtime. Perhaps over-engineered, but it's so I can keep the crypto functionality maintained separately. That repo is in need of more attention for things like unit tests, but the crypto implementation there is pretty basic.
This doesn't really explain how the whole protocol works. Are the keys exchanged for example? Are they rotated? If so when and how? From a quick glance at this bit of code this is just RSA? So no forward secrecy?
The app is a active work in progress. I try to make this clear in my post. Any "protocol" being used, is subject to change as I make improvements.
You raise some good points about rotating keys and forward secrecy. These are things I will be including, but the app is far from finished.
Maybe this helps a bit (I know it's not what you want, but it's the best I got at the moment without diving into the code): positive-intentions.com/docs/r…
At positive-intentions, our focus is on creating a secure, seamless, and user-friendly communication environment. Here's a deeper dive into how we achieve this with our unique authentication process.
You'll probably want to layer in a quantum resistant crypto too. E.g. encrypt the plaintext with old school encryption like you are, then encrypt the cyphertext with quantum resistant encryption. This is essentially one part of what signal does
Tldr; there are several approaches to this issue. In the case of webapps, relying on the offering from the browser should be enough.
I'm also investigating if wasm could also be a way to introduce real-world-entropy to key generation (because I noticed it isn't possible to seed the browser key generation)
It's similar to matrix in many ways. The key difference is with mine it's is purely browser based. Unlike traditional solutions like matrix where you have a (self)hosted server, mine does not require things like registration or installation.
It's an interesting idea. If it can make it easier to share files with friends then I'd be in. Voice and video have always been challenging as I understand it, so I'm expecting that to come later. Very ambitious, but cool if you can pull it off!
All right I tried out the live app, to connect my phone to my desktop. Couldn't get it to work. Tried the link method both ways, once normal and once animals. Tried the QR code too. All it does is bring me to a "contacts" page, which is essentially the same screen, or to a "new peer" one. Tried looking at the docs but didn't see what I might be doing wrong there. Do certain plug ins mess it up like ublock origin? Anything else?
Sorry. It's quite buggy. - Its best to start off by clearing all site data from the browser settings. - Do not have multiple tabs of the app on the same device. - It doesnt hurt to refresh to page.
What you're describing might be related to there being 2 tabs of the app running. This results in both reacting to the new-connection-event, but ultimately resulting in a data conflict.
Plugins shouldn't be an issue. For stronger security, i have CSP headers to try to prevent browser plugins reading data.
If nothing works then the egg is squarely on my face and my buggy app is too buggy.
What encryption protocol u using? I wpuld strongly recommend using signal protocol but i dont exactly know how the implementation of that in js would work
The project it's in its early stages. There isn't anything as formal as a protocol yet. That is also why there isn't good documentation about it... The best I have for your question is:
At positive-intentions, our focus is on creating a secure, seamless, and user-friendly communication environment. Here's a deeper dive into how we achieve this with our unique authentication process.
First, go to [three dots] -> Preferences -> Runners -> Proton, click the button next to the newest available version of Proton GE (currently ge-proton-9-7), and wait for it to download.
Then, go to your bottle -> Settings -> Runner, set the runner to ge-proton-[version], and wait for Bottles to configure the new runner.
Thanks; it runs now. It runs at 3–5 fps, and the CPU is maxed. I have played Ape Out on linux with bottles before, and it ran fine. I used Pop-Os Gnome; now I use Fedora Sway.
Assuming when you created the bottle, you chose "gaming", it will use "soda" as it's default runner, which is based off of proton. Maybe try going into preferences, runners, then click on "Soda", and try messing around with different versions.
According to the latest ProtonDB reports of Ape Out, Proton 8.0-5 was being used. Looking at my available "Soda" runners in bottles, I see soda-8.0-2,soda-9.0-1, and soda-experimental_8.0 as the latest runners available. I would try using those runners as a start.
Also, (I only now just noticed it), under preferences, in General, there is an "Integrations" section. Under that there's "Steam Proton Prefixes", which (I assume) allows you to use Proton prefixes.
Here are the following commands, depending on your installation method of Steam to give permissions to Steam's path if it doesn't have it already.
Assuming when you created the bottle, you chose "gaming", it will use "soda" as it's default runner, which is based off of proton. Maybe try going into preferences, runners, then click on "Soda", and try messing around with different versions.
According to the latest ProtonDB reports of Ape Out, Proton 8.0-5 was being used. Looking at my available "Soda" runners in bottles, I see soda-8.0-2,soda-9.0-1, and soda-experimental_8.0 as the latest runners available. I would try using those runners as a start.
Also, (I only now just noticed it), under preferences, in General, there is an "Integrations" section. Under that there's "Steam Proton Prefixes", which (I assume) allows you to use Proton prefixes.
Here are the following commands, depending on your installation method of Steam to give permissions to Steam's path if it doesn't have it already.
Thanks; it runs now. It runs at 3–5 fps, and the CPU is maxed. I have played Ape Out on linux with bottles before, and it ran fine. I used Pop-Os Gnome; now I use Fedora Sway.
Do you have a GPU or are you running the game on integrated graphics? Running on integrated graphics can definitely be the issue here but It's more likely that it's shader compilation however.
I have a GPU and CPU with integrated graphics; is there any way to check if it's using the GPU or CPU? If it is a shader problem, is there a way to fix it?
You can check if it's using the Discrete GPU by going into "Details" in your game's bottle, then go into "settings", and make sure that the toggle for "Discrete Graphics" is turned on. You can also set an environment variable; DRI_PRIME=1. Also might want to check your HDMI or DP cable is plugged into your GPU. You could also try checking GPU usage while the game is running, and seeing if it's using your GPU at all.
You said you moved to Fedora from Pop_OS; If you are using an Nvidia GPU, you might want to check if you've got the Nvidia Proprietary drivers installed or the Nouveau drivers. You can check this by running lsmod | grep nvidia in a terminal. If you get any output whatsoever then you're using the Nvidia Proprietary drivers, which is what you want for gaming.
If it is a shader issue; in the same "settings" in bottles make sure DXVK and VKD3D aren't disabled. There's no real way to bypass shader compiling. All your games need to compile shaders.
The only times I've encountered a game or program not launching via Bottles, it had to do with missing dependencies and/or other issues with the installer.
SteamDB has a list of dependencies that are used for Ape Out, of which you can try adding to your Bottle.
However, I would try running the game in Lutris; In Lutris, if you encounter issues with the game, you can click on "show logs" which will (hopefully) help you out a great deal. Lutris uses their own runtime which is primarily pulled from Valve's Steam runtime (IIRC), saving you from having to hunt for dependencies (if missing dependencies are the issue).
It somehow just works with lutris thanks a lot, Sorry for the trouble. I should just have tried lutris. Do lutris always download user-made scripts, or is it just if you select it?
Took a bit to figure out what it was even claiming to do
When enabled your phone constantly sends e2e encrypted your location to the server where you can than access it from a webbrowser.
God no. Just take a hatchet to my battery and be done with it.
Also: Until a month or two ago, sure. But google finally got their shit together-ish and set up a tracking network the same as apple and samsung. And that is what you are sacrificing your privacy for. Yes, you give Big Tech tracking information... that they already have. In exchange you can actually have peace of mind of knowing your luggage is in the same airport or even where you parked. And you can't really self-host a crowd-sourced network.
I guess. But it is really going to depend on where you live and just how frequently it does dial home.
My personal use for these networks is luggage tags. But a friend lost her phone on a hike a few years back and the find my phone stuff was more or less useless due to poor reception and ever dwindling battery.
The real benefit is the low energy bluetooth magic and OTHER devices to do the phoning home. Because maybe I have shit reception but someone hiking a hundred feet away has good reception and updates the ping.
"Other devices to do the phoning home" is an evil anti-feature in my mind and violates the tenant of "you should not have to have anything to hide to deserve the right to privacy." Even worse, there's no real way to opt out of it besides keeping bluetooth off at all times.
I mean... bluetooth is literally broadcasting your position (sort of/it depends on the implementation). It is not at all a stretch that you should turn that off if you care about privacy. Same with not scanning for what wifi networks are available or even pinging GPS satellites (because that leaves a log). Hell... cell tower logs are a treat for cops/TLAs for a reason.
Aside from that? Good for you. If you actually follow through on that I can respect it. My point is more that this particular solution seems like the worst of all worlds.
Either you are demolishing your battery with regular phone homes to a server you hopefully control or you are relying on a push via SMS and the hope that you lose your phone somewhere you havea reception. And you still only have YOUR phone and YOUR network to track it which has significant drawbacks if you travel.
Chiming in to note that GNSS communications are actually receive only. A typical phone can't physically broadcast a strong enough signal into mid-earth orbit (where most of those satellites typically are) to achieve the "pinging GPS satellites" issue.
Note this only refers to how that signal physically hits your phone. Once your position is deduced and digitized there's an entirely different attack surface.
The other concerns (especially cell tower data tracking) are valid though.
Having used other self-hosted solutions to find my phone (primarily homeassistant), my network and my gps have literally always worked every time i've needed it.
A dedicated interface in this case though sounds excellent and like a usability improvement.
or even pinging GPS satellites (because that leaves a log)
What logs does it leave and where? Satellite is a one way communication system, the devices just receive the satellites signal and calculate the position by themselves.
God no. Just take a hatchet to my battery and be done with it.
You'd be surprised what little impact on battery it actually has. I find this type of swift casting aside of something you've not even tried to be rather disingenuous.
Also, if your device has a cellular modem with an active connection, your provider is already tracking your location constantly and selling your personal information to the highest bidder anyways (including law enforcement and governments), so IMO it's a bit pointless to worry so much about that.
How does googles network work I assumed every phone know its own location and can relay location of nearby devices combined with multiple devices and some triangulation and maybe WiFi ssid tracking u can locate almost anything. Now that raises the major concern mainly google will know the location of every single device I'm sure its doing Bluetooth scanning so I doubt even I on graphene will be getting tracked. Surly there is a better decentralised anonymous solution here.
Vast majority of people do, and on iOS and Android these days turning it "off" really just keeps it from connecting to peripherals. It's still scanning even when "off".
Turning off your bluetooth doesn't mean it's off until you turn it on ~~Bluetooth is on at all times~~ on modern androids/iOS, as of android 13 due to location services features.
Hmm the article I read about it previously seems to be eluding me, I'm going to keep looking for it. From what I remember of the other article, the short of it is, in android, location services can turn on your bluetooth at any point and does every time it gets pinged by google without you turning it on, and they are rolling out a new feature to automatically turn it back on next version. Here's an adjacent article that talks about one of the future android features, where you can have your phone found even when powered off, and that is using location services, which does involve bluetooth.
Yeah i dont have the band with to toggle it for my headphones/car every time i use them. Idk if graphene has a better implementation tho if anyone knows pls let me know.
Not sure if google is particularly different but the way this works for the other services is basically low energy bluetooth scanning coupled with the phones providing their location*. So basically all the devices on that scanning/spy network periodically ping/listen for nearby devices/trackers. When it finds one, it sends a quick message to the servers with that phone's location and the ID of the tracker. Get enough of those pings and you can triangulate the position of the tracker pretty precisely.
Which... is why this fundamentally does not work with "hacker" solutions that allegedly emphasize privacy. Because you just don't have enough devices listening. This was painfully obvious with tile back in the day and is still an issue with Samsung in some countries.
*: Via a combination of gps, cell tower, and wifi network scanning. The less obvious part of that being wifi networks which is the majority of how interior positioning works.
I've been sending my position to my server (with Traccar and GPSlogger) for years and I haven't had any problems with the battery. It sends out the position every 5 seconds (excessive, I know!!! 🙈) and every 69 seconds when the battery is below 25% and only when it's not connected to a WiFi network.
But I'm with you about the new Google tracking system. I haven't had the chance to check: does it work like Apple and can track devices that have been turned off?
If people truly change their lives and focus on it, you can do a lot. But it does not take much, at all, to become compromised to one degree or another and people vastly underestimate the amount of redundancy. Or even the impact of a sibling or partner or even friend.
Instead, the common case is people will tweak one small aspect and think that does anything other than inconvenience them. Or, worse, they'll watch a youtube and decide to put EVERYTHING through their vpn which... defeats the purpose because they are still one easily collated set of profiles/cookies that can trivially reveal that "Fred Smith in Afghanistan" is really "Fred Smith in North Carolina"
Which is why my approach is that there is data I very much want to protect and data I know I can't. So I focus on understanding the former while doing what I can with the latter.
And something like this? There are probably specific niche use cases for this. But it is a product/service that fundamentally requires aggregated data. And, depending on the implementation, it is going to fuck with your battery hard.
I wouldn't use it, but always appreciate Open Source solutions that can be self hosted if you want.
If you really care about your privacy, think about to not use stock Android. Instead consider an alternative that is based on Android, but stipping out all the Google and tracking from the operating system, such as "/e/" operating system (bad name): en.wikipedia.org/wiki//e/_(ope… and https://e.foundation/e-os/
ECOSYSTEMKEY FEATURESGET /E/OSNEED HELP /e/OS is a complete, fully “deGoogled”, mobile ecosystem /e/OS is an open-source mobile operating system paired with carefully selected applications.
Tldnr: it's alright but but grapheme, divestos or calyxos should be preferred if those are available on your device.
Problematic seems the unique device id /e os generates and sends on every update and also security updates for the integrated webview browser have been severely out of date in the past.
Looks like a good and careful analysis. While I speak German, its a lot to take here, so cannot say much about the articles content (besides some of the concepts are way above my head and understanding).
But the article/analysis doesn't seem to support your claim "not very degoogled"? (Edit: I changed this phrase, it was wrongly phrased.)
The /e/os ID you mentioned, has nothing to do with Google, as the update information is sent to /e/os servers I guess (which in itself is concerning, I'm not saying otherwise). I personally don't see a need to switch to any of the other services (they pretty much also support microG and I can't install them anyway I guess).
Ok, yeah, you've got a point I think. But one could argue if microg is enabled by default, at least some info might leak to google as their push servers are contacted and a device id is created (even if the data is anonymized to some extend.). (Depending on if these settings are enabled by default in microg which I am not sure of).
The 'Google device registration' and 'Google SafetyNet' options WILL make microG connect to Google servers.
The 'Cloud Messaging' option WILL make microG maintain a persistent connection to Google servers.
The 'Cloud Messaging' option does NOT require a Google account.
The 'Google SafetyNet' option WILL download and execute proprietary obfuscated code from Google and is strongly NOT recommended.
While microG itself is open source, any apps talking to it will do so using the proprietary Google Play
... show more
Ok, yeah, you've got a point I think. But one could argue if microg is enabled by default, at least some info might leak to google as their push servers are contacted and a device id is created (even if the data is anonymized to some extend.). (Depending on if these settings are enabled by default in microg which I am not sure of).
The 'Google device registration' and 'Google SafetyNet' options WILL make microG connect to Google servers.
The 'Cloud Messaging' option WILL make microG maintain a persistent connection to Google servers.
The 'Cloud Messaging' option does NOT require a Google account.
The 'Google SafetyNet' option WILL download and execute proprietary obfuscated code from Google and is strongly NOT recommended.
While microG itself is open source, any apps talking to it will do so using the proprietary Google Play Services library."
It goes on to provide some guidelines if you want to use microg:
How should I configure microG?¶
"Depending on the apps you want to use there are a few different ways you can use microG.
Some apps don't need microG but check that they were installed via Play, in this case you only need microG Companion/FakeStore and to install the app via `Aurora Store` (via session installer) or `Obtainium`. This mechanism only works on 18.1+ currently, adb workaround still necessary on older versions.
Some apps will work with microG simply installed without any Google connections, in this case it is strongly recommended to revoke Network permission from the microG app.
Some apps need push notifications via Google, for them you must let microG maintain a persistent identifiable connection to Google. Enable 'Google device registration' and 'Cloud Messaging' in microG.
Some apps require a captcha to be performed by the user, for them you can enable the 'Google SafetyNet' option.
Some apps require SafetyNet to work, while the option to enable it currently exists it will not work in the unprivileged mode that DivestOS uses and will be removed in a future update."
So depending on your thread model, you still would want to disable some of the options in microg to have absolutely no leakage of data to google. For example I am not comfortable any more with using push notifications since it was revealed that state actors use this info to tail users communications.
There is no android ROM that is fully degoogled without losing out on much of base Android's functionality. See the table I link under the other person's comment. I have also heard that /e/ OS falls behind on package updates from its forks of other projects, many of its default apps.
/e/ does quite a good job removing Google's presence from Android. It's been awhile since I watched it, but does a good breakdown of it.
Edit: actually that's not the one I was thinking of, I'll keep trying to find it, but it broke down the actually network connections that different degoogled ROMs were making and /e/ did very well.
Edit 2: couldn't find the video, it's lost somewhere in my watch history from 2+ years ago. In any case, even jumping to lineage from stock android is a great move, and /e/ makes many improvements on Lineage in removing further dependence on google code. Better to use a phone you already have than to purchase a new device just to run software that has security features you likely don't need. It makes me think of buying a car for it's top speed of 160 mph when you're only ever going to be driving the speed limit.
Can Google spy on Custom ROMs like LineageOS & CalyxOS? If so, is it on the software level the hardware level, or something else. Tune in to see if degooglin...
I've seen that page before, it's helpful for getting your bearings with the different android ROMs, but take a look down towards the bottom at the "Supported Devices" section, and also compare the /e/ section to the "Stock Android" section.
It still has much of the google proprietary blobs still included and relies on google services, also without significant effort to harden Android. I have also heard that sometimes they fall behind on updates to their apps by weeks at a time (correct me if I'm wrong I am still looking for the source I found this info from). It may be moderately degoogled, but their security just ain't there. In some cases (like OEM EOSL for older devices) having a 3rd party ROM may improve security with more up to date patches. Unless the bootloader is relockable and secure boot is possible, you will be compromising your device's security (and privacy along with it) and destroying the Android security model in general.
Like you say, it is moderately de-googled, which is a fantastic improvement over stock android any way you spin it. I believe that was the point of the original commenter, as it is mine. However there are those blobs that do get left in (in every ROM, including even DivestOS which is the most aggresive in this regard). Install a firewall or network monitor on a device that's only been somewhat deblobbed and you'll find that they are not little black boxes sending all your data to Google, but instead are there to do things locally like software interaction with hardware in the phone that is from another company like Broadcom.
Any ROM on a Samsung phone probably lags on security updates due to Samsung itself being slow to release them, though they do seem to be doing better lately. If the ROM itself is slow to push updates, the most you'll wait is 2-3 months. That's pretty much not a problem unless you're being threatened by state level actors, and is the state that the majority of stock android users are in. In fact, stock android can often be years out of date because their
... show more
Like you say, it is moderately de-googled, which is a fantastic improvement over stock android any way you spin it. I believe that was the point of the original commenter, as it is mine. However there are those blobs that do get left in (in every ROM, including even DivestOS which is the most aggresive in this regard). Install a firewall or network monitor on a device that's only been somewhat deblobbed and you'll find that they are not little black boxes sending all your data to Google, but instead are there to do things locally like software interaction with hardware in the phone that is from another company like Broadcom.
Any ROM on a Samsung phone probably lags on security updates due to Samsung itself being slow to release them, though they do seem to be doing better lately. If the ROM itself is slow to push updates, the most you'll wait is 2-3 months. That's pretty much not a problem unless you're being threatened by state level actors, and is the state that the majority of stock android users are in. In fact, stock android can often be years out of date because their manufacturer just doesn't put them out.
Regarding dependence on Google services (play store of otherwise), let's be honest, GrapheneOS users almost always install sandboxed play services, work profile or not. I don't blame them, it's how I have Graphene installed on my phone. However, this not a privacy oriented thing to do, it releases a flood of information to Google, much more that a simple connectivity check or SUPL ping. It's not as much as fully integrated play services though, which is good. MicroG may be theoretically less secure, but it is certainly more private. It simply asks for less information from you than play services do.
The relockable bootloader subject is bit of a pet peeve of mine. Personally, I do choose to use a pixel so that I can have that added security, as it does have value. However, to say that without a lockable bootloader you are compromising your security and by extension privacy is what i would consider an overstatement that creates fear and uncertainty. Your security and privacy only become compromised if a thief steals your physical device then also has the know how to execute a sophisticated software based attack on the phone using adb. This just isn't something that happens. In the many years I've been around the android ROM community, privacy/security focused or otherwise, I've not heard of this happening even once. To tie it back in to the OP, this scenario is actually a perfect use case for the app mentioned in this post, it offers you the ability to remotely wipe the device if it's been stolen.
It can be an issue from a software angle though too, but then you would have to download and install a piece of malicious software that is specifically targeting phones without verified boot. At that point there is a greater issue though, because you can download and install malicious software that is targeting phones that DO have verified boot active just as easily. All that's necessary is to be well informed and have good security habits and behaviors, it's how desktop competant windows and Linux users have gotten along just fine all these decades.
It's easy to get swept up in the security dogma of the android ROM community. In my opinion, some of it is helpful, but some is not practical or useful for every day users.
Related to relockable bootloaders and the security they provide, I was under the impression that if a malicious bit of software were to make use of some privilege escalating vulnerability and modify the kernel, the phone would fail to run in some way (ignore the rest of this if that isn't the case). I dont think security should be dependent on the user behavior in basically any case.
For example, a FOSS developer in our communities could suddenly lose it and modify an existing app of theirs to inject malicious code making use of a vulnerability in android and we'd have know what of knowing until the damage is reported. Good user behavior is very important for security, but we can't all be auditing our apps for each new release, even though its quite unlikely to happen.
Yes that's the benefit of verified boot, and it is a helpful security feature. However, if you've used or are using Windows or Linux as an operating system, then you are comfortable with using a device that does not have verified boot (not sure about iOS and Mac, I'm not familiar with them). The risk you're talking about with malicious code being injected in to an app you've chosen to trust is a threat to any device, verified boot or not. Modification of the kernel is an attack vector, but it certainly isn't the only way for an app to cause mischief on your phone and devices are all relatively as vulnerable to developer or supply chain attacks.
Using software someone else developed always comes down to trust, unless you are auditing the code for every app you use, which I don't think either you or I are. Having features that increase security in some technical way feels good but may lull us a sense of security. For instance, here's a quote from a security researcher that I ran across in the past. It's regarding the reputation for security that iOS has:
... show more
Yes that's the benefit of verified boot, and it is a helpful security feature. However, if you've used or are using Windows or Linux as an operating system, then you are comfortable with using a device that does not have verified boot (not sure about iOS and Mac, I'm not familiar with them). The risk you're talking about with malicious code being injected in to an app you've chosen to trust is a threat to any device, verified boot or not. Modification of the kernel is an attack vector, but it certainly isn't the only way for an app to cause mischief on your phone and devices are all relatively as vulnerable to developer or supply chain attacks.
Using software someone else developed always comes down to trust, unless you are auditing the code for every app you use, which I don't think either you or I are. Having features that increase security in some technical way feels good but may lull us a sense of security. For instance, here's a quote from a security researcher that I ran across in the past. It's regarding the reputation for security that iOS has:
Erez Metula, founder of a a security and penetration testing firm called AppSec labs: “There’s a myth that iOS apps are more secure than Android. But the truth is, iOS apps are even worse in terms of security. When we do penetration testing for our customers, we’re often asked to test their Android and iOS versions of the same app. We have realized that since iOS developers incorrectly assume that iOS is ‘more secure,’ they allow themselves to make bad security decisions that open up vulnerabilities in their app.” He added, “Interestingly, since Android developers think that Android security is worse, it pressures them to follow better security practices.”
The same is true for us users. Security features are important, but user education and awareness is the most important element of keeping ourselves from 'making bad decisions and opening up security vulnerabilities' in our device usage.
Thankfully like you said, there are thousands of highly qualified individuals vetting the code of mainstream open source projects, which saves us regular users in the case we face an xz situation. A few principles that outway security features like verified boot in my book are:
Use open source software whenever possible, and make sure that it is widely used and visible to others.
Check the "issues" section of the documentation frequently. Even widely used software can be riddled with unpatched security holes (I'm looking at you Nginx Proxy Manager 😄)
I may get some hate for this one, but use a trusted middleman like F-droid as your app vendor for apps that do not have wide circulation or visibility. They run basic checks of the code for safety before uploading to their repos, checks that regular users are not able to do.
Unless you are being targeted by a stalker, a malicious state actor or are downloading disreputable software, the average user (with a little bit of knowledge) would be just fine on /e/ or lineageOS. Tens of thousands of people are right now without any problems.
Here are all the details about the XZ Utils Backdoor (CVE-2024-3094): timeline of events, technical specs, who's been impacted, and how you can achieve RCE.
Ok, understandable. I hate mobile devices because of their limited usable life and limited OS compatiblity. Verified boot is nice, libre-android is better. Not worth it for a person of interest to install /e/OS, but neither would stock Android or AOSP without significant hardening. DivestOS is my top pick for degoogled Android, but as I learn more (been reading kicksecure's wiki on mobile device security) maybe Root isn't as bad as I thought for security. I trust Kicksecure's security research because of their significance as the base OS for Whonix and Whonix-qubes.
Comparison of Mobile Phones, Operating Systems that focus on either/and/or security, privacy, anonymity, source-available, Freedom Software, de-googled, un-googled, custom operating system (flash) allowed.
Me too, the mobile device landscape is definitely shaped by consumerist values. Divest has been intriguing me lately as well, I used to think it was a more flexible, less hardened alternative to Graphene, but it seems to have continued on down the road a ways past Graphene now. That wiki looks super interesting, I'm going to check it out. Just a quick look through what they have looks like high quality info.
I very much recommend Kicksecure hardened Debian as a daily driver. Eventually I will test gaming on Kicksecure making use of the steam flatpak, but I currently dont have the time.
IIRC, there is a way to force hardened_malloc for flatpaks, but this breaks many flatpak applications. For another hardened by default OS distromorph (the process of turning one distro into another closely related derivative OS) check out secureblue
I've been using it for a couple of years and am happy with it, it grants an extra layer of security I think, if you can wipe the device when lost/stolen. Also very handy if you misplaced the phone and its set to not ring, as with this it will ring at full volume. You don't need to use their server for the app to function, if that is your concern. I use a secondary device from my household. You can send a text message to your phone to let it ring even when its set to silent mode/get its location/or even wipe it remotely.
Nothing against the project or the concept, I personally don't have a need for. I'm just the kind of person who is organized when it comes to stuff like that (no offense to anyone, I really try to be careful with the wording here!). And if I don't see a need for a software or service, then there is no need to add complexity to the system. I'm still curious enough about these tools to look into. That's all.
I'll have a look at it. In the meanwhile, I've been using Tasker for that: if an SMS from curtains numbers is received with the text "POSITION", it will reply back with an OpenStreetMap link of the smartphone position.
zelifcam
Unknown parent • • •bloodfart
in reply to governorkeagan • • •NaibofTabr
Unknown parent • • •Tenkard
in reply to governorkeagan • • •AnIndefiniteArticle
Unknown parent • • •This is why X11 is better. I’d rather have settings like this in a text file that I can copy over to my next machine than have to navigate a UI that will change on a different DE or the next upgrade.
Backwards compatibility, portability, and text-based interfaces are a virtue.
X config files aren’t “hacky scripts”, they are fundamentally more powerful, customizable, usable, and future-proof. Xrandr is a powerful and capable interface with applications across the system.
When Wayland adopts these kinds of powerful interfaces with decades of refinement I’ll switch to it. I don’t want to keep track of whether my DE uses wlroots or gnome or plasma and their independent/redundant/feature-lacking randr alternatives. Randrs should be more fundamental to the display operation than the DE. Wayland is fundamentally hacky and broken.
Edit: thank you all for the discussion. I’d like to clarify a point. I don’t just want a text file with configuration settings that implement features that I need to beg/bother the de
... show moreThis is why X11 is better. I’d rather have settings like this in a text file that I can copy over to my next machine than have to navigate a UI that will change on a different DE or the next upgrade.
Backwards compatibility, portability, and text-based interfaces are a virtue.
X config files aren’t “hacky scripts”, they are fundamentally more powerful, customizable, usable, and future-proof. Xrandr is a powerful and capable interface with applications across the system.
When Wayland adopts these kinds of powerful interfaces with decades of refinement I’ll switch to it. I don’t want to keep track of whether my DE uses wlroots or gnome or plasma and their independent/redundant/feature-lacking randr alternatives. Randrs should be more fundamental to the display operation than the DE. Wayland is fundamentally hacky and broken.
Edit: thank you all for the discussion. I’d like to clarify a point. I don’t just want a text file with configuration settings that implement features that I need to beg/bother the devs for. They are likely to have better things to do and it might not be a priority for them. I want access to powerful tools via the configuration files that I can make do pretty much anything if I read the documentation. Xrandr is such a tool. I don’t want setting for a feature that has to be baked into the DE which I have to beg to have implemented and which will be implemented differently across different DEs. I want flexible, dynamic, modular tools.
tate
Unknown parent • • •I wouldn't presume to judge this, and I dont think you should.
There is no issue related to a deluge of "invalid" or even redundant forum questions. That's simply not a real problem.
zelifcam
Unknown parent • • •Séra Balázs
Unknown parent • • •KarfiolosHus
in reply to AnIndefiniteArticle • • •AnIndefiniteArticle
in reply to KarfiolosHus • • •frozen
in reply to AnIndefiniteArticle • • •ta00000 [none/use name]
in reply to governorkeagan • • •I've just been logging in upside down for a couple years. My monitor's vesa Mount is like 3 inches from the top for some reason so having it upside down is the only way I can get a reasonable ergonomic height
Which display manager are you using?
AnIndefiniteArticle
in reply to frozen • • •ilinamorato
Unknown parent • • •zelifcam
Unknown parent • • •ilinamorato
in reply to Séra Balázs • • •ta00000 [none/use name]
in reply to governorkeagan • • •On the arch wiki for SSDM I found this:
You should give that a try
Telorand
in reply to Séra Balázs • • •Sometimes people like community conversation; it often gets to the heart of the issue better than parsing a semi-related post from 12 years ago, and it allows back-and-forth discussion to get details and drill down issues.
On top of that, redundancy for technical issues is never something we should reject.
zelifcam
in reply to ilinamorato • • •ilinamorato
in reply to zelifcam • • •You're not their teacher. It's not your job to decide how much effort they've put forth, or to grade whether or not that is sufficient.
And if they documented their research process, you'd say "tldr just ask the question." Stop trying to be paternalistic and gatekeepy. Just answer or don't.
narc0tic_bird
Unknown parent • • •narc0tic_bird
in reply to AnIndefiniteArticle • • •ilinamorato
in reply to zelifcam • • •zelifcam
in reply to ilinamorato • • •zelifcam
in reply to ilinamorato • • •ilinamorato
in reply to zelifcam • • •That's totally the biggest problem with the internet. And definitely deploying self-important moderaptors is the way to fix it.
/s, of course. Get off your high horse.
ilinamorato
in reply to zelifcam • • •ilinamorato
in reply to zelifcam • • •therealjcdenton
in reply to governorkeagan • • •Destide
in reply to therealjcdenton • • •I found the light version i.pinimg.com/originals/c8/7d/3…
boredsquirrel
in reply to therealjcdenton • • •wallpapersden.com/linux-retro-…
Edited the photo and used bing search lol
therealjcdenton
in reply to boredsquirrel • • •zelifcam
in reply to ilinamorato • • •AnIndefiniteArticle
in reply to narc0tic_bird • • •I’ve never needed any of those things.
I do need to change monitor configurations.
I once had an old TV that I used as a monitor that had 1027p worth of pixels instead of 1080p. Auto detection tools said it was 1080p. With xrandr I was able to modify the output to 1027p so I didn’t lose the edges of the display to the TV’s broken forced overscan design. Could you do that with Wayland?
zelifcam
in reply to ilinamorato • • •braindefragger
in reply to ilinamorato • • •30p87
in reply to AnIndefiniteArticle • • •Nibodhika
in reply to AnIndefiniteArticle • • •Björn Tantau
in reply to AnIndefiniteArticle • • •frozen
in reply to AnIndefiniteArticle • • •Literally yes. And you don't even need to know the exact pixel resolution of the TV.
Edit: Here are the problems with you "Wayland isn't good enough" people.
First, you don't use Wayland, so you don't even know if it's fixed whatever weird issue you encountered with it before or if it supports a niche use case, for example.
Second, Wayland won't get good enough for you until you start using it and reporting bugs. You think X11 was a bed of roses when it first started? Or do you think they bumped the version number 11 times for fun?
kurumin
Unknown parent • • •My goodness, people complain that this place lacks content. A person as for help which creates content for the site and you come to bash on them?
Come kiddo! You can do better.
kurumin
Unknown parent • • •AnIndefiniteArticle
in reply to 30p87 • • •AnIndefiniteArticle
in reply to Björn Tantau • • •AnIndefiniteArticle
in reply to frozen • • •Good to know that this has been implemented in your favorite DE! Considering how Wayland often implements things, it’s probably implemented on the DE-level, leading to a fractured configuration ecosystem. Being implemented in Wayland is different from being implemented in some of the DEs that use Wayland.
edit: if I’m wrong about that, and it is implemented in Wayland itself, please continue to correct me!
tate
in reply to zelifcam • • •nehal3m
in reply to governorkeagan • • •Rotate the left display 90 degrees clockwise. Now they're both in landscape. Ta-da!
Sorry, I'll see myself out.
tate
in reply to zelifcam • • •tate
in reply to Séra Balázs • • •Why though? Seriously, why is it a problem for you if they ask here first, instead of asking somewhere else first? What is the actual harm to you?
Some people would rather interact with other humans. Some prefer to find their answers without interacting with other humans. It's all good.
baatliwala
in reply to governorkeagan • • •Lotarion
in reply to baatliwala • • •If you think this is very witty and a gotcha, you're wrong. This argument doesn't work in reverse because whoever is using Linux already knows all about Windows, since, y'know, it has most of the Desktop market in its grip
This is like yelling about straight pride
baatliwala
in reply to Lotarion • • •Lotarion
in reply to baatliwala • • •braindefragger
in reply to kurumin • • •null
in reply to AnIndefiniteArticle • • •zelifcam
in reply to tate • • •Nilz
Unknown parent • • •xrandr - ArchWiki
wiki.archlinux.orgnarc0tic_bird
in reply to Nibodhika • • •tate
in reply to zelifcam • • •The goal of Ubuntu's help forum is to solve users' problems efficiently and effectively. That goal is better achieved if questions are posed in certain optimal ways.
The goal of Lemmy is for people to have discussions (like this one! ;). That goal is not better achieved with well posed questions.
Arkhive (they/she)
Unknown parent • • •zelifcam
in reply to tate • • •foremanguy
in reply to governorkeagan • • •governorkeagan
in reply to foremanguy • • •linux-wallpapers/Gruvbox/sve.png at main
Codeberg.orgLeFantome
in reply to AnIndefiniteArticle • • •In Wayland, the compositor is the window server ( the equivalent of Xserver ). What you are looking for has to be a feature of the compositor and it is.
As others have said below, wlroots based compositors offer wlr-randr. There is also gnome-randr. For KDE, there is Kscreen-doctor. For X ( the window server being used by SDDM here ), there is xramdr.
Now, some people may see it as a problem that we have multiple Wayland implementations. I am mostly not fighting that battle. I will say that I hope these are not the same people that winge about systemd though and push for alternate init systems. I hope nobody that thinks MUSL is cool
Is clinging to X11.
I would prefer that there was a common configuration standard for this stuff on Wayland. It will probably come eventually. Maybe as part of the freedesktop.org stuff.
Generally, I believe the Linux ecosystem has been stronger in areas where there has been competition between implementations ( even compilers ). I hope that Wayland will be one of those areas. As the core problems get fixed, the pace of innov
... show moreIn Wayland, the compositor is the window server ( the equivalent of Xserver ). What you are looking for has to be a feature of the compositor and it is.
As others have said below, wlroots based compositors offer wlr-randr. There is also gnome-randr. For KDE, there is Kscreen-doctor. For X ( the window server being used by SDDM here ), there is xramdr.
Now, some people may see it as a problem that we have multiple Wayland implementations. I am mostly not fighting that battle. I will say that I hope these are not the same people that winge about systemd though and push for alternate init systems. I hope nobody that thinks MUSL is cool
Is clinging to X11.
I would prefer that there was a common configuration standard for this stuff on Wayland. It will probably come eventually. Maybe as part of the freedesktop.org stuff.
Generally, I believe the Linux ecosystem has been stronger in areas where there has been competition between implementations ( even compilers ). I hope that Wayland will be one of those areas. As the core problems get fixed, the pace of innovation will increase. I believe we are already seeing that. There are more examples every day of things Wayland can do that X11 cannot. Let’s hope for more of that.
frozen
in reply to Arkhive (they/she) • • •Séra Balázs
in reply to zelifcam • • •Possibly linux
in reply to governorkeagan • • •Arkhive (they/she)
in reply to frozen • • •AnIndefiniteArticle
in reply to LeFantome • • •Thanks for pointing out that in this case the DM is using X regardless of whatever graphical environment gets loaded when the user logs in. This really is a moot point/discussion. I’m still glad I raised it to get perspectives like yours.
You’re right that I should play around with wlroots a bit more. It’s been a while, personally. Mostly because it’s been a while since I’ve had time to just play around with my system. My life is at a point that it looks like I’ll have that free time soon, for better or for worse.
I’ll note that I do like alternative init systems for diversity and competition and because systemd was very hungry and rigid. An init system is also a bit more fundamental to system stability than a display server, so I think it’s reasonable to be critical of systemd and Wayland for contradictory reasons. Systemd has also come a very long way in the past decade plus. I have also seen it learn from the other ideas implemented in its competition, mirroring your argument. Diversity and unification are not at odds
... show moreThanks for pointing out that in this case the DM is using X regardless of whatever graphical environment gets loaded when the user logs in. This really is a moot point/discussion. I’m still glad I raised it to get perspectives like yours.
You’re right that I should play around with wlroots a bit more. It’s been a while, personally. Mostly because it’s been a while since I’ve had time to just play around with my system. My life is at a point that it looks like I’ll have that free time soon, for better or for worse.
I’ll note that I do like alternative init systems for diversity and competition and because systemd was very hungry and rigid. An init system is also a bit more fundamental to system stability than a display server, so I think it’s reasonable to be critical of systemd and Wayland for contradictory reasons. Systemd has also come a very long way in the past decade plus. I have also seen it learn from the other ideas implemented in its competition, mirroring your argument. Diversity and unification are not at odds with each other, but are different parts of the same cycle of improvement.
cheezits
in reply to governorkeagan • • •frozen
in reply to Arkhive (they/she) • • •Astongt615
in reply to Arkhive (they/she) • • •/home/pineapplelover
in reply to governorkeagan • • •interdimensionalmeme
in reply to governorkeagan • • •The command is
LeFantome
in reply to AnIndefiniteArticle • • •You left a very gracious reply so let’s not fight.
I see a certain amount of irony in the overlap between the group of people ranting that Wayland has too many implementations and the group demanding more implementations of everything else. So that was my point.
Certainly we can agree though that there is nothing wrong with demanding more of both.
One my favourite new distros, Chimera, uses both Wayland and dinit (and Turnstile ).
I am interested to see where the diversity that Wayland provides goes actually. Have you seen this?
github.com/CuarzoSoftware/Louv…
GitHub - CuarzoSoftware/Louvre: C++ library for building Wayland compositors.
GitHubAnna
in reply to governorkeagan • • •ta00000 [none/use name]
in reply to Anna • • •doona
in reply to frozen • • •Bingo. So many complaints I’ve seen about Wayland have been from Nvidia users who tried it three years ago when the driver support was beyond fucked. I get Linux development moves slow sometimes but holy shit…
UmeU
in reply to governorkeagan • • •sag
in reply to UmeU • • •UmeU
in reply to sag • • •baatliwala
in reply to UmeU • • •Right? I had to do the same
baatliwala
2024-06-14 18:48:58
Hugh_Jeggs
in reply to baatliwala • • •I vow to do the same on each appropriate thread my Liege
It's only right
Hugh_Jeggs
in reply to UmeU • • •Lotarion
in reply to Hugh_Jeggs • • •If you think this is very witty and a gotcha, you're wrong. This argument doesn't work in reverse because whoever is using Linux already knows all about Windows, since, y'know, it has most of the Desktop market in its grip
This is like yelling about straight pride
Hugh_Jeggs
in reply to Lotarion • • •Lotarion
in reply to Hugh_Jeggs • • •Hugh_Jeggs
in reply to Lotarion • • •If you think this is very witty and a gotcha, you're wrong. This argument doesn't work in reverse because whoever is using iOS already knows all about Android, since, y'know, it has most of the mobile market in its grip
This is like yelling about straight pride
ProgrammingSocks
in reply to UmeU • • •Sure.
I could also shoot off both my testicles with an M1911.
UmeU
in reply to ProgrammingSocks • • •AnIndefiniteArticle
in reply to LeFantome • • •ClemaX
in reply to governorkeagan • • •From Archwiki > xrandr:
woodgen
in reply to ClemaX • • •Klara
in reply to woodgen • • •intensely_human
in reply to governorkeagan • • •terminhell
in reply to governorkeagan • • •Arkhive (they/she)
in reply to frozen • • •Akatsuki Levi
in reply to governorkeagan • • •shekau
in reply to LeFantome • • •What are the examples Wayland can do and X11 cannot?
Thorned_Rose
in reply to narc0tic_bird • • •