My most paranoid config is disabling Ipv4
That's it. If someone wants to attack me, they will need to adopt IPv6!
IP is like an address to a big skyscraper where a company operates. You are the delivery man and must go to 201.154.76.19 and deliver something. When you get at the reception, you tell them you have a package to deliver to Mrs HTTPS, at room (port) 443. Since Mrs HTTPS is well known and has cleared your entry before, you're allowed to enter this room and only this room.
If you were to get at the same address and try to access other rooms you would either get refused because they are closed, or if open, someone would specifically need to be in the room so you can deliver something
Malicious actors that wanted access to the building could try to disguise their deliveries and enter the building, that's why the default policy of most firewalls is "reject" and you specifically need to open a port and have a program listening to it if you want incoming connections.
I didn't know memes could smell like they're old through the screen until I saw this one
Google logo before Corporate Memphis bullshit and the dude using a feet to hold his cup of tea just like the classical antiquity raptor, it's just perfect
I thoroughly backup up my slow nvme before installing a new faster one. I actually didn't even want to reuse the installation, just the files at /home.
So I mounted it at /mnt/backupnvme0n1, 2, etc and rsynced
The first few dry runs showed a lot of data was redundant, so I geniously thought "wow I should delete some of these". And that's when I did a classic sudo rm -rf in the /mnt root folder instead of /mnt/dirthathadthoseredundantfiles
Already switched to AMD to enjoy it
Interception by a third party is highly unlike, as the transport layer of basically everything is encrypted nowadays. What is left unknown is what can Meta do once the file is on their servers, as you'll have to trust Zuckk's word and Zuckk's encryption
Just don't upgrade for a while and you become debian
It's not like windows forcing you to reboot every Tuesday so Edge can come back
AMD is the gold standard for general user PCs in the last 5+ years. Intel simply cannot compete at the same energy expenditure/performance. At the same/close price/performance, Intel either burn a small thermonuclear power plant to deliver comparable performance, or simply is worse compared to similar Ryzens
Ryzens are like aliens compared to what AMD used to be before them
So I'd go with them
As for the GPU, if you want to use Linux forget Nvidia
you install program A, it needs and installs libpotato then later you install program B that depends on libfries, and libfries depends on libpotato, however since you already have libpotato installed, only program B and libfries are installed The intelligence behind this is called a package manager
In windows when you install something, it usually installs itself as a standalone thing and complains/reaks when dependencies are not met - e.g having to install Visual C++ 2005-202x for games, JRE for java programs etc
instead of making you install everything that you need to run something complex, the package manager does this for you and keep tracks of where files are
and each package manager/distribution has an idea of where some files be stored
...no ?
years ago I couln't even dream of using bluetooth in linux; few weeks ago I found an old bluetooth dongle and now my usb speakers work just fine - even better than connecting via smartphone because plasma has sbc-xq codec easily selectable. It auto connects everytime I boot the pc, I just had to add btusb.enable_autosuspend=0
to kernel cmdline parameters
make sure you follow these guides, whicever distro you use
if it crashes, try sudo systemctl stop bluetooth.service
and sudo systemctl start bluetooth.service
remember, bluetooth is a very cursed embrace-it-all protocol and may randomly crash/refuse to pair/connect unless you reset the devices manually, and this may happen with any hardware/software
You can freely manipulate NTFS in Linux. Just make sure your distribution has, after kernel >=5.15, enabled it, otherwise you may need to install the ntfs-eg driver. Other than that, Ach Wiki has info that may help you on any distro:
https://wiki.archlinux.org/title/NTFS
I have done something similar to what you want to do, just needed the ntfs-3g driver installed and "Disks" (gnome disks) application would mount/read/write the disks as usual
You can configure this behavior for CLI, and by proxy could run GUI programs that require elevation through the CLI:
https://wiki.archlinux.org/title/Sudo#Using_visudo
Defaults passwd_timeout=0(avoids long running process/updates to timeout waiting for sudo password)
Defaults timestamp_type=global (This makes password typing and it's expiry valid for ALL terminals, so you don't need to type sudo's password for everything you open after)
Defaults timestamp_timeout=10(change to any amount of minutes you wish)
The last one may be the difference between having to type the password every 5 minutes versus 1-2 times a day. Make sure you take security implications into account.
Also known as (close) to max signed int32
Ctrl+ shift + M
I figured the root cause of the problem and a workaround. Journalctl shows this info when starting SVP:
this thread says rusticl is broken
https://www.svp-team.com/forum/viewtopic.php?id=3167&p=17
therefore disabling hardware acceleration, for now, makes svp work again
Arch is having internal discussions to increase it. Might be something upstream may adopt if all major distributions end up increasing it.
Timeshift, make sure to "include hidden files" to recover any configuration for desktop environments
After a few mess ups, you may find yourself not needing to backup everything, only the file(s) that messed up, and that's still a good thing to have Timeshift for
ip r
default via 192.168.15.1 dev enp3s0 proto dhcp src 192.168.15.32 metric 100
192.168.15.0/24 dev enp3s0 proto kernel scope link src 192.168.15.32 metric 100
192.168.38.0/24 via 192.168.15.21 dev enp3s0
Thank you, I managed to get it working with MediaMTX and DockoVPN I still don't know how I would manage dynamic IP changes during the days I'm away, that would break the VPN
Another thing to solve: XWayland apps as a different user
Giving access to the wayland socket makes other users able to use wayland; however programs that rely on XWayland to work don't seem to get it:
Start Failed
Failed to initialize graphics environment
java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.
at java.desktop/sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
Wine
0120:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFA, 0ECAFF08
0128:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.
0128:err:winediag:nodrv_CreateWindow L"The explorer process failed to start."
0128:err:systray:initialize_systray Could not create tray window
0114:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.
0114:err:winediag:nodrv_CreateWindow L"Make sure that your X server is running and that $DISPLAY is set correctly."
0114:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFFFFFA, 0DE4FB40
env | grep -i display
WAYLAND_DISPLAY=wayland-0
DISPLAY=:0
Does waypipe also work with XWayland apps?
Sir, you're awesome! Thank you a lot for taking your time and explaining what you have found I will try these steps when I have some free time to tinker, and the info and script you have provided has cleared a lot of questions that I had
Tyvm for this very well structured guide, I didn't even realize I was on lemmy until I hit the bottom of it
Yeah, it's advertised as 160hz and even amdgpu_top (which uses xrandr or something like it) says 159.96hz is the first preferred mode, the second being 100hz
I had this problem before with a Nvidia card which reset to 144hz after an update and I could never enable it again. However it's a mystery as to why it boots up at 160hz in systemd-boot console, and goes back to 144hz when entering KDE or turning the display off
These updates land on testing quickly, however due to the several packages updated at once, they all need to be tested by volunteers, and only when all of them are signed it's pushed out of testing
so it seems that without any config, the traffic passes from wlan1 to wlan0's network flawlessly; but traffic from wlan0 network stops at the Android device, even with iptables -P FORWARD ACCEPT
, so I'm clueless on what to do next
How does it differ from arch install + choosing the DE?
::1 for the IPv6 enjoyers
Thank you for the explanation
So wayland fixes most of these. Is it possible to run GUI programs as another user just like in X with xhost though ? I'm asking not only from a security point, but as a practical one since I need to run the same program under different namespaces/users
I know this is possible, but it makes switching different windows a chore. Since I have GUI programs running under different users, I would want the screensharing program to not even be aware that other user's GUI programs are in the screen
how could I set up NAT like this ? thanks
Thanks, I will look into setting up Home Assist
It seems that a namespace only has access to process that originates inside itself
systemctl --user list-units
Failed to connect to bus: No medium found
as we can see, the same user doesn't have access to other processes so we would need to duplicate every process above the namespace until we could acess the media
would duplicate of everything - pulsewire, dbus, etc - even work ?
I don't think VLC alone could handle auth/permissions/encryption
Mind sharing whhich situations would a timecard be useful ? Probably something that requires enhanced time precision, I just can't figure it out
Just wish obsidian had better encryption support
"A qsort vulnerability is due to a missing bounds check and can lead to memory corruption. It has been present in all versions of glibc since 1992. "
This one amazes me. Imagine how many vulnerabilities future researchers will discover in ancient software that persisted/persist for decades.