Thanks for the reassurance, I always make sure nobody has physical access to any of my devices unless I'm there with them. I'll look into the linux hardening tips as well

This is super cool, thanks for the link!! I'll def look into this

In short, unless the attacker has physical access to your box, you don't have much to worry about.

More info:

• https://eclypsium.com/blog/bootkitty-linux-bootkit/
• https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/

For some hints on hardening Linux, try installing lynis and following the advice.

I'm involved in a project with the goal of improving security of Linux systems. The project is called: The Sovereign Project (http://sovereign.i2p)

The project's scope is to secure digital and physical resources accessible from Linux based computers. It uses elliptic curve digital signatures (Monero protocol) for authentication and supports Monero Proof-of-Payment in authentication policies. The Monero Proof-of-Payment provides for securing resources with the electrical power (watts) consumed by Monero miners globally (estimated at about 80 megawatt hours).

The project recently developed a Linux Pluggable Authentication Module that authenticates using monero digital signatures and optionally authenticates via Monero Proof-of-Payment to secure Linux systems. There is a bounty (currently 17 XMR) for anyone able to compromise a Linux system via SSH (Attack Bounty #1). The secured system for the bounty is addressable only from an I2P destination:

e5xemz5wfdbq4ujm6vvlvhtpjn3hp55a6pk5noo4jouigkd7de4q.b32.i2p

The Sovereign protocol is a message passing protocol (JSON messages) over the I2P network or SSH Tunnels on private networks and I2P and SSH Tunnel connections are interoperable.

The project was started in 2024 and its still in its early days and is targeted for highly secure systems.

Sovereign Project - Approach to effective cyber security: http://sovereign.i2p/steps-to-effective-cyber-security.html

The project is for those serious about security with technical competencies. It may or may not be suited to your needs.

Browse the eepsite to investigate: http://sovereign.i2p

I watched Mental Outlaw's video on it. It fucking pisses me off, anything that benefits everyone such as science or open source software needs to be kept away from politics. If the Russian government really wants to backdoor the Linux kernel pose as an American or something.

nice

Looks like they'll finally add Wayland support in 4.20

As already stated, that'll have not much impact to an average user but for me, working with video analysis and interpretation in real-time it will definitely make sense. All the headache with self-compiling preempt_rt into current kernels will be over (I hope so) but we will have to wait for wider feedback from RT community. Thank you very much to the devs.

You can have whatever opinion you want about trans people (I am wholly in support of the entire LGBTQ community), but this is just stupid.

The NixOS devs are just shooting themselves in the foot by doing this, because by targeting average people with no opinion regarding the topic, they're just making themselves look bad. After all, it'd make for great propaganda from those politically opposed to the stance of the NixOS devs.

"tHe WoKe LiBeRaLs ArE pErSeCuTiNg NoRmAl PeOpLe!!1!one!!1!"

At the end of the day, the NixOS devs aren't doing anything productive with this endeavor, and are just turning themselves into cannon fodder for the opposing side. Let's just let each other exist, trans or not.

This might be me not knowing much about Arch Linux distributions, but I think it would be interesting to see it ship a wayland compositor such as River or DWL as default. If I recall correctly most of the wayland distros mainly ship either Sway or Hyprland as defaults.

Does it mean for us to put aside dual-boot Windows-Linux eventually and get ourselves on the Linux-only configurations?

what kind of bull-shittery is this?

It sounds wonderful! Does anyone know other package managers suitable for Debian or Gentoo that allow handling packages on the 'per-user' basis? I'm really tired of sudo-ing every time I want to install a package for non-sudo user... This seems obsolete, redundant, and simply ugly. GUIX is definitely better in this regard, but what might be an alternative?

I would 1st (of course) take a look at what's already out there, and done in Arch-land, as a point of reference.

Find out what many users desire, (ex: search social media / forums for popular questions. Not only app-wise, but configuration, features.

I'm just guessing here - really depends what you hope to achieve out of your project.

Most users outside the hardcore Archians, will opt for Arch based, easy guided usage / install.

Maybe you want something more easy to work with - or you could keep closer to traditional Arch, and enhance that?

If security is the idea, usability can take some balance. Kicksecure project for Debian serves as a nice example of usable / hardened, if security is one of your goals (might not be the goal if seeking new to Linux users).

Ask yourself what kind of users are you trying to attract out there. Anything from a distro you always wanted to see on a distro, that you felt partly missing?..

That is where I would start.

This is a very complex question. The Arch people were to NOT able to get a decent Qubes template even though they CAN kick Qubes developer ass blinded and one hand tied behind their backs. Arch has the best software people and documentation. Did I kiss your ass enough?

One of the problems is the update/installation networks. Arch handles most hardware like a champ. At this point torrents are your best bet.

Maintenace screen time is another problem. If it is more than 5 hours a week, you lost me. I hate screen time even TV and sometimes cinema.

The level of skill of the user is also a factor (audience). Arch requires a very knowledgeable user. The Austrian Arch-Crap is just unsecured crap with my rating being toxic.

The rest is standard: reproducible builds, snapshots and the rest of the buzzwords that do mean something.

Let me know if you have a decent Qubes template that I can install the easy way. I did use Arch for a few month and some hardware wizards use it all the time, but they need a truck load of equipment to make it safe and anonymous.

Interesting and a bit dangerous.

I use KDE Plasma and by my experience it works pretty great with two monitors.

Super cool looking as well. Always appreciate the practical SIGINT / radio based ones.

Things that make you love technology again.

That's cool and all, but I'm going to stick with fvwm2. I like a window manager that uses less than 200k of ram.

Damn... 30 YEARS OLD???

I have currently installed cinnamon, xfce, gnome, lxde, lxqt, mate and plasma on my Debian PC. Most often, I find myself using lxde and plasma. I admire plasma's looks! I primarily use lxde because it is so lightweight, and my computer is 15 years old. However, it does struggle a bit when running plasma...

I used XFCE from 2006 until around 2011 and it was pretty nice and lightweight. Then I switched to a laptop running Gnome for a few years, but noticed later versions became a bit sluggish. On my current machine (a laptop based on Ryzen 7 with 40 GB of RAM) I switched to KDE Plasma because its performance is pretty good, it's compatible with Wayland and it has a lot of built-in applets and stuff. And it didn't have the frequent CPU activity spikes I was seeing with Gnome.

Despite the lack of Wayland support, XFCE is really nice, although I'd consider LXDE or Enlightenment on a low RAM machine. Enlightenment looked amazing last time I tried it on an old laptop.

You can try to strip some part of Plasma to make it less heavy on resources. Still, if your hardware's shit, there's nothing doing. I've got a laptop which barely runs bspwm xd.

What you are looking for is baloo and PIM shit, which is almost useless. if you take a look at htop, you can see what is chugging RAM and other resources.

Anyway, what hardware do you have to not run Plasma?

Update: Tried running in on my workstation. It's performs like dog shit.

Back to XFCE fulltime.

you can install linux on a btrfs subvolume.

during the installation you have to manually mount it on /target and skip the partitioning process. after continuing you'll probably get an error message where you hit 2xback and suddenly it continues. i could expand on this. is there (still) demand ?