On Windows, KDE Plasma, and likely many other Desktops, if a window is fullscreen maximized and you push the mouse to the top edge and click, it will close....
Yes I thought about that exact argument. They oversize their panels on purpose, there is tons of other space to click on, which is also way less risky, that next to the close button.
And this expansion is about all decoration buttons of course.
You can use xlsclients -l to detect apps using XWayland.
Some may even want to run apps through XWayland on purpose, like KeepassXC for Clipboard access or autotype. Lets see how long it takes to implement all the needed protocols.
I mean I already reported 2 issues, but it still works. I can use it without big problems, I use the beta Flatpak (as explained in my flatpak remotes list).
Using Wayland too, Idk about any problems but if it wouldnt work I would just disable Wayland for the Flatpak and the app automatically runs through XWayland
Burner phones are a strange concept. If you want to store sensitive data on it, you shouldnt use some cheap android phone or even a dumbphone without encryption support.
All Android phones have Google malware installed by default, as system apps, which means those apps can do whatever they want.
So every piece of data you put on there is possibly tracked and collected.
Then there are 2 more problems
the software is proprietary and cannot be externally wiped clean
the software is outdated
This makes it vulnerable to Pegasus attacks and others. There are tons of secure practices to avoid getting it, like LTE-only, HTTPS only, encrypted and trustworthy DNS, sandboxed processes, blocked javascript execution from unknown websites...
But still if the phone is outdated there are unpatched and publicly known security issues. Just spamming them at all phones is likely to succeed as so many people run vulnerable versions, as vendors suck.
Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.
The firmware is protected and signed by the vendors, so it is likely clean.
But Pegasus installs itself to the phone storage.
If you A cant obtain factory images or B cant flash the phone at all, you cannot wipe it clean.
So a good activism phone needs
trustworthy and minimal system apps / stock software
modern software updates
possible to reflash whole device externally
nice to have: ability to verify checksum of system partition, like GrapheneOS Attestation
This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.
Yes I know, and I want to try DivestOS one time. But they do incomplete patches.
They cannot update the kernel themselves or even worse the firmware. The kernel needs to be built and patched for the specific hardware, GrapheneOS relies completely on Google here. And the firmware needs to be signed by the vendors, so no chance either.
And especially baseband, cellular stuff has extremely many vulnerabilities in the code.
Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.
Sandboxing, javascript
Vanadium has sandboxing but its javascript blocking is useless (no granular control)
Mull has no process isolation at all, but support for UBO and Noscript. Bad situation
it's a walk in the park for it to modify any of the partitions
These cannot be written without TPM verification or stuff, ask GrapheneOS devs about that, I dont know. The firmware signing is required, the verification will not be done inside the OS, that would be totally flawed.
If they have the firmware signing keys, they can fuck you. If they dont, they can only write to the system partition, and Attestation can see that.
Reading data has nothing to do with that. They likely can, but that doesnt matter.
My 6 years old phone still receives LOS updates
This will not include firmware and likely even the kernel.
Not sure but GrapheneOS has an "LTE only" mode, stock Android only has preferred Network afaik.
visiting only known websites is not a scaleable option, a browser needs to be secure. Kiwix is the browser that basically runs desktop Chromium on Android, so it has Addon support. But that is also soon manifest v3 restricted, and likely pretty insecure.
of course the user data partition is not checked, but every other important one. I have not tested what would happen when it is modified though.
I dont know what magisk did, but I think that is only about Google Play adding their "safety" scanning to the OS. Nothing regarding boot. But yes, likely there could, can or should be OS components scanning things too.
Googles stuff is pretty insecure, for example the latest SafetyNetFix simply disabled hardware cryptography, as they still support insecure phones.
For sure this is very complex and there are always vulnerabilities found in Android and GrapheneOS.
Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the...
Xscreensaver has apparently been checking for updates and is disappointed that it hasn't had one for 14 months because Debian is too stable. Can anyone recommend a linux screensaver which would work with xfce and can be trusted to never do that?
Good that only you do this, as a whole company setup is complex
Pop_OS is currently not that well maintained afaik, their GNOME desktop is quite outdated.
Just using their OS for the hybrid graphics support is a valid point, but should not be the only one.
Having a well managed OS is crucial, but I disagree that Ubuntu base is the best here.
For stability, a centrally managed Fedora Atomic would be better I think. Way more stable, image-based, all peolple would have exactly what they need.
You could build images locally and take care of the exact updates like that. Or you just share specific configs for each role, like preinstalling different software.
But having things like specific policies, any files, hardening etc. is totally possible during image creation.
I use Proton. But I continue to run into more and more websites and services that detect my VPN and refuse my connection, or just run literally 40 captchas in a row until I just give up....
VPNs are not meant for privacy. The concept is clunky, as is the concept of our internet.
Tor or I2P are made for privacy, but the interactions with the clearnet have the same problems, you need a legal entity hosting the server, IPs are known and can be blocked etc.
Hosting your own VPN does not anonymize you anymore but is very unlikely to get blocked.
Just got a steam deck and immediately checked out the desktop mode, and I was somewhat surprised to see KDE and pacman as opposed to GNOME and apt, I have nothing against the former though a strong preference for the latter, anyone know why Volvo went in this direction?
They only support Ubuntu as downstream Distro, while they preinstall it on their number 1 supported platform, SteamOS. They control the complete software stack and even hardware.
They dont support Arch on whatever hardware, they support SteamOS on the Steamdeck.
I am not using Mint and it is also in the Fedora repos, but there is no reason for it to not be on Flathub. Maybe when I find the time I try to package it.
I know 100℅ of the world top 500 supercomputers use linux, and around 65℅ of world servers. I want more info like this to help me campaign towards GNU/Linux use. Thanks.
They had this on their homepage, advertizing QKSMS and Bromite as if they were project apps. Which they are not.
So either A: they preinstall apps as system apps or B: they have some form of installer that installs them as normal user apps.
You should have as many apps as user apps as possible.
Maybe they changes this idk. But QKSMS is not a simple SMS app like the one that GrapheneOS implements (the old and hardly maintained AOSP one) and Bromite is an unmaintained Browser which is a huge problem. Cromite and Quik are maintained forks.
I am pretty happy with GrapheneOS. Things like separate toggles for internet, or long powerbutton press foe torch are missing.
But you cannot imagine how much effort it is to maintain such a project, and their base is stable, the updates are damn fast.
First stability and security, then features.
Their core OS is minimal on purpose. I use the phone, vanadium (hardened chromium, with JIT toggle, now with adblock, completely degoogled), their attestation app, etc.
Most of the other stuff are random FOSS projects, I dont even use sandboxed play, but if I wanted to I could create a separate user profile and install it just in there.
DivestOS is doing sandboxed microG which is way more secure than unsandboxed, but still tons of effort and will break a lot.
But since apparently PulseAudio is the GNome / Microsoft approved way
I think I understand your point.
Pulseaudio is outdated, Pipewire AND Pulseaudio are now needed. Maybe also just Pipewire, and you can somehow fake Pulseaudio?
I never used a system without Pulseaudio, and Fedora has both (?) Or just Pipewire.
Pulseaudio is the old stuff that apps want to use, pipewire is the new cool stuff (I recommend qpwgraph) which allows like everything.
Aaand it is not overcomplicated, it isolated apps and introduces a permission system. Privileged programs that channel the requests and permissions, and sometimes need user interaction. Its actually less chaotic, the problem simply is that Flatpak ALSO tries to run all apps everywhere. And apps are mostly not up to date, so Flatpaks have randomly poked holes everywhere.
Today I worked on hardening configs for my apps. I maintain a list of recommended ones here. I will just put my overrides in my (currently still private) dotfiles, will upload them some day.
I am for example now Wayland only. Not all apps want to, but with the correct env vars (which I just globally set for all flatpaks, hoping it will not mess with anything), all apps use it.
This makes the system way faster, and applying different vars on the apps is very easy with Flatpak.
Literally no downsides!
Not true. It still has no updating mechanism, the binary may be official, but the rest are random libraries that may not be well versioned or controlled, etc etc.
The post is specifically about upstream supported Appimages, while Flathub is mainly maintained by the same 4 peolple (it is crazy). The request is for upstream devs to maintain Flatpaks.
But for sure not everything is nice. Runtimes are too huge, outdated apps cause huge library garbage, downloads are inefficient, ...
The history of LibreOffice ( www.libreoffice.org )
Issue for GTK to make their window decorarions clickable at the corner ( gitlab.gnome.org )
On Windows, KDE Plasma, and likely many other Desktops, if a window is fullscreen maximized and you push the mouse to the top edge and click, it will close....
Are right wingers creating FUD around Signal? ( hachyderm.io )
Wayland usage has overtaken X11 ( lemmy.world )
Source: https://linux-hardware.org/?view=os_display_server...
GIMP 2.10.38 Released ( www.gimp.org )
New features and improvements...
Daily driving Plasma Mobile ( fam-ribbers.com )
I wrote a blog post about my experiences on daily driving Plasma Mobile
How Do I Prepare My Phone for a Protest? ( themarkup.org )
Simple steps to take before hitting the streets
The Best Secure Email Providers in 2024 ( blog.thenewoil.org )
Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the...
4 Tools to Share Large Files Over the Internet Securely ( itsfoss.com )
Switching from win 11
After convincing my employer to move away from MS office I can finally make the permanent switch away from windows....
"just got doxxed to within 15 miles by a vision model, from only a single photo of some random trees. the implications for privacy are terrifying. i had no idea we would get here so soon. holy shit" ( twitter.com )
What VPN are you using?
I use Proton. But I continue to run into more and more websites and services that detect my VPN and refuse my connection, or just run literally 40 captchas in a row until I just give up....
Which of the among is the best exif remover app?
Scrambled Exif vs Metadata Remover
Does anyone know why SteamOS is based on arch rather than Debian?
Just got a steam deck and immediately checked out the desktop mode, and I was somewhat surprised to see KDE and pacman as opposed to GNOME and apt, I have nothing against the former though a strong preference for the latter, anyone know why Volvo went in this direction?
Linux Mint looks to fork more GNOME Apps because of libAdwaita ( blog.linuxmint.com )
DNS traffic can leak outside the VPN tunnel on Android ( mullvad.net )
Microsoft Just Released MS-DOS Source Code! ( github.com )
Is there a news app that could replace BBC News?
I was wondering if there are any FOSS UK focused news app (Android)?
What distro he uses? 🐧💻 ( lemmy.ml )
looking for examples of countries whose governments, school system,health system, wjatever, use mostly GNU/Linux
I know 100℅ of the world top 500 supercomputers use linux, and around 65℅ of world servers. I want more info like this to help me campaign towards GNU/Linux use. Thanks.
Pixel 8a gets more expensive: Colors, prices, memory of the new Google phone ( winfuture.de )
Don't use Appimages (a writeup about all the reasons they are a pain for users) ( github.com )
Appimages totally suck, because many developers think they were a real packaging format and support them exclusively....