There has been a steady uptick of people stating that they will migrate (or already have) to Debian – seeking refuge from what they see as greedy corporate influence. I understand the sentiment fully. However, there’s a problem here that I want to talk about: security.

The ugly truth is that security is hard. It’s tedious. Unpleasant. And requires a lot of work to get right.

Debian does not do enough here to protect users.

Long ago, Red Hat embraced the usage of SELinux. And they took it beyond just enabling the feature in their kernel. They put in the arduous work of crafting default SELinux policies for their distribution.

...

However, its default security framework leaves much to be desired. Debian’s decision to enable AppArmor by default starting with version 10 signifies a positive step towards improved security, yet it falls short due to the half-baked implementation across the system.

...

The fundamental difference between AppArmor and SELinux lies in their approach to Mandatory Access Control (MAC). AppArmor operates on a path-based model, while SELinux employs a significantly more complex type enforcement system. This distinction becomes particularly evident in container environments.

...

The practical implications of these differences are significant. In a SELinux environment, a compromised container faces substantial hurdles in accessing or affecting the host system or other containers, thanks to the dual barriers of type enforcement and MCS labels.

TLDR: According to the author, Debian's use of AppArmour is not as effective as RedHat's use of SELinux when it comes to security.

Situation: we live in europe, there's PRISM and Privacy Shield and all that, to which selfhosting is the solution. Now, my sister, mostly on Apple, got concerned with all the hacks and privacy violations over the years. She's a tech noob, so i can't really recommend her prism-break.org

There's a bunch of hosted solutions geared towards small to medium business, like Univention Corporate Server, NethServer, etc.

Are there similiar bundles for private use, basically Apple cloud alternative? With services like cloud storage, cloud office, media share, maybe chat, videocall?

Or should i let her wait until i got my box up, VPN her over? I'm only semi-professional tho.

Today I just learned that systemctl --force --force reboot is a command. We had a computer we remotely connected to which got permission errors and bus errors when we tried to reboot it normally. For some reason the mentioned command did actually manage to shutdown the computer bit did not manage to reboot it correctly.

I wonder what the double --force flag actually accomplishes and what possibly could hinder a regular reboot in this scenario.

SUSE just open-sourced a typeface :)

Linux people doing Linux things, it seems.

I have an old Mac Pro that has been collecting dust for years. Today I bought an SSD and install Debian on the machine. It works flawlessly.

Further reading revealed that there is an active community around the classic mac pros and thanks to their modular nature they can be fully upgraded. People even upgrade the CPUs in this thing.

So if you like playing around with a PC like the old days, that is also Linux compatible, a Mac Pro 5,1 seems a good choice. AFAIK you can get it for cheap and a decent upgrade won't break the bank.

Ever had a question about Linux but felt too afraid to ask? Well now's your chance, ask any question about Linux, no matter how noob or repeated it is, and I and others will help answer them.

Previous noob question thread: https://lemmy.ml/post/14261893

Obviously, a bit of clickbait. Sorry.

I just got to work and plugged my surface pro into my external monitor. It didn't switch inputs immediately, and I thought "Linux would have done that". But would it?

I find myself far more patient using Linux and De-googled Android than I do with windows or anything else. After all, Linux is mine. I care for it. Grow it like a garden.

And that's a good thing; I get less frustrated with my tech, and I have something that is important to me outside its technical utility. Unlike windows, which I'm perpetually pissed at. (Very often with good reason)

But that aside, do we give Linux too much benefit of the doubt relative to the "things that just work". Often they do "just work", and well, with a broad feature set by default.

Most of us are willing to forgo that for the privacy and shear customizability of Linux, but do we assume too much of the tech we use and the tech we don't?

Thoughts?

Original Post: https://startrek.website/post/13283869

Update: Nope, I'm still having the problem. It seems to be an ACPI problem. I found a potential solution, which I will test soon. The issue seems to only occur when using the charger and Bricklink Studio. These seems to be a common issue on Lenovo.

Another update: I fixed it, but I can't remember what I did. I'm having a great experience again. I'll see if I can find the fix for other owners of this laptop.

Update: I remember what I did, and have detailed it and where I found the fix here: https://startrek.website/post/14342770 . You should probably update the firmware for the sake of a clean journalctl, though.

After using this laptop a few weeks, I have one important note. I was having a problem for a while where, usually after waking from sleep, in some rooms my Wi-Fi card would disconnect and I'd have to reboot to get my network connection back. Based on journalctl, it seemed to be some sort of weird firmware error.

I found the fix was to install updated firmware, specifically the version of firmware-realtek from testing, upon which the problem has stopped ocurring. As firmware packages tend to not have a lot of dependencies, I do want to see if I can get a bookwork-backports package uploaded so it's easier to install.

The operating system for Hackers, Security Specialists, Sysadmins, Network Engineers, and Political Dissidents. The ultimate framework for your Cyber Security operations

I wanna share /mnt so I can download stuff to my hard drives

Edit: it went away after I finshed the t2linux setup

Hi everyone,

I’m excited to share that I’ve started working on a new project called Journal Helper. Its a journal viewer built from scratch using Qt6 and C++. The goal is to provide a fast, visually integrated journal viewer for Linux, particularly for KDE/Plasma users.

While there are existing tools like journal-viewer (https://github.com/mingue/journal-viewer), which uses WebKit, I found that its GUI doesn’t integrate well with the Qt/Plasma ecosystem. I also wanted to improve performance and create a more seamless visual experience. Therefore, I decided to create a new viewer from scratch that should be quicker and more efficient.

The project is still in its early stages, but I’d love to get more people involved, especially those who are interested in Qt development. As a beginner myself, I’m eager to learn from others and collaborate on making this tool as good as it can be.

How to Get Involved

GitHub Repo: https://github.com/rughinnit/journal-helper-qt

AUR Package: https://aur.archlinux.org/packages/journal-helper-qt

Any contributions, whether it’s in the form of code, design ideas, or feedback, would be incredibly valuable. If you’re experienced with Qt, C++, or even just interested in contributing, please feel free to fork the repo or reach out.

I’m aware of tools like KJournalDBrowser (https://apps.kde.org/kjournaldbrowser/), but I had some trouble with installation without using Snap. My goal is to create something simple and accessible for all users.

Looking forward to any thoughts, contributions, or advice you might have!

I know you can build a Debian system with debootstrap. Using debootstrap it should be possible to create a custom image. The main partition could be read only with separate mounts for anything that need to be read write.

Using containers it should be possible to create a filesystem image. I think the tricky part it testing the image and then updating the existing partition. Maybe some custom ostree tool could do the trick. If not there is always rsync and btrfs snapshots.

And Linux isn't minimal effort. It's an operating system that demands more of you than does the commercial offerings from Microsoft and Apple. Thus, it serves as a dojo for understanding computers better. With a sensei who keeps demanding you figure problems out on your own in order to learn and level up.

...

That's why I'd love to see more developers take another look at Linux. Such that they may develop better proficiency in the basic katas of the internet. Such that they aren't scared to connect a computer to the internet without the cover of a cloud.

Related: Omakub

I have a Dell Latitude 5420 laptop with LMDE, running kernel 6.1.0-12. This laptop has a builtin I219-LM ethernet controller that I can see via lspci. Some research indicates that this needs the e1000e kernel module, so I grabbed it from Intel, compiled it, and installed it. There were some complaints during the compilation, but nothing more than the average compilation process. Plus, it shows up in lsmod. Afterwards, lspci -vv displays it with the e1000e driver:

0000:00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (13) I219-LM (rev 20)
        Subsystem: Dell Ethernet Connection (13) I219-LM
        Control: I/O- Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
        Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
        Interrupt: pin A routed to IRQ 16
        IOMMU group: 15
        Region 0: Memory at a6100000 (32-bit, non-prefetchable) [size=128K]
        Capabilities: [c8] Power Management version 3
                Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
                Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=1 PME-
        Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
                Address: 0000000000000000  Data: 0000
        Kernel modules: e1000e

However, when I do lshw, it is listed as unclaimed:

  *-network:1 UNCLAIMED  
       description: Ethernet controller  
       product: Ethernet Connection (13) I219-LM  
       vendor: Intel Corporation  
       physical id: 1f.6  
       bus info: pci@0000:00:1f.6  
       version: 20  
       width: 32 bits  
       clock: 33MHz  
       capabilities: pm msi cap_list  
       configuration: latency=0  
       resources: memory:a6100000-a611ffff  

...and of course, it's still not showing in ifconfig. So, where do I go from here? Did I miss anything obvious?

And just for the record, I know that the ethernet port is working. It worked fine in Win11 before wiped the PC completely.

Does anyone know how I can select my audio output via the command line? I'm frequently switching between using my monitors inbuilt speakers and a USB audio interface and I'm finding it laborious to navigiggerate graphically through the settings in GNOME to do so.

What I'd like to do is set up a couple of bash aliases and do it in my terminal.

What's the best way for me to do that?

Many thanks

Apparently I installed that thing in 2006 and I last updated it in 2016, then I quit updating it for some reason that I totally forgot. Probably laziness...

It's been running for quite some time and we kind of forgot about it in the closet, until the SSH tunnel we use to get our mail outside our home stopped working because modern openssh clients refuse to use the antiquated key cipher I setup client machines with way back when any longer.

I just generated new keys with a more modern cipher that it understands (ecdsa-sha2-nistp256) and left it running. Because why not 🙂

Ubuntu Core Desktop is an immutable distro, takes a different path than most other immutable distros.

• The entire OS is built using snaps, including the kernel and bootloader
• Uses snaps instead of flatpak
• Prefers LXD over distrobox and other projects that use podman

My laptop isn't under my supervision most of the time. And I'd hate it if someone were to steal my SSD, or whole laptop even, when I'm not around. Is there a way to encrypt everything, but still keep the device in sleep, and unclock it without much delay. It's a very slow laptop. So decryption on login isn't viable, takes too long. While booting up also takes forever, so it needs to be in a "safe" state when simply logged out. Maybe a way that's decrypt-on-demand?

I'm on Arch with KDE.