shadowintheday2

shadowintheday2 , 10 days ago

Thank you for summarizing it up

I've been using network namespaces in Linux where each one also use a different user; this way you can have multiple profiles of apps separated not only by permissions but also by the VPN connection that is the only route out

So you can have a connection that will supply your favorite iso sharer, a VPN connection to work, all unaware of each ot

I still haven't figured how to make GUI media applications work on them though

shadowintheday2 , 9 days ago (edited 9 days ago)

Sure, someone helped me setting up a script to share the wl socket between namespaces so I can run GUI programs in isolated namespaces, and if you look at this post you can check the namespaced-openvpn; also check vole's answer if you want to run GUI programs

shadowintheday2 OP , 26 days ago

It seems that a namespace only has access to process that originates inside itself

systemctl --user list-units 
Failed to connect to bus: No medium found             

as we can see, the same user doesn't have access to other processes
so we would need to duplicate every process above the namespace until we could acess the media

would duplicate of everything - pulsewire, dbus, etc - even work ?

shadowintheday2 , 1 month ago

Relevant

shadowintheday2 , 1 month ago

Timeshift, make sure to "include hidden files" to recover any configuration for desktop environments

After a few mess ups, you may find yourself not needing to backup everything, only the file(s) that messed up, and that's still a good thing to have Timeshift for

shadowintheday2 , 1 month ago

You can configure this behavior for CLI, and by proxy could run GUI programs that require elevation through the CLI:

https://wiki.archlinux.org/title/Sudo#Using_visudo

Defaults passwd_timeout=0(avoids long running process/updates to timeout waiting for sudo password)

Defaults timestamp_type=global
(This makes password typing and it's expiry valid for ALL terminals, so you don't need to type sudo's password for everything you open after)

Defaults timestamp_timeout=10(change to any amount of minutes you wish)

The last one may be the difference between having to type the password every 5 minutes versus 1-2 times a day. Make sure you take security implications into account.

shadowintheday2 , 1 month ago

You can freely manipulate NTFS in Linux. Just make sure your distribution has, after kernel >=5.15, enabled it, otherwise you may need to install the ntfs-eg driver. Other than that, Ach Wiki has info that may help you on any distro:

https://wiki.archlinux.org/title/NTFS

I have done something similar to what you want to do, just needed the ntfs-3g driver installed and "Disks" (gnome disks) application would mount/read/write the disks as usual

shadowintheday2 , 1 month ago

you install program A, it needs and installs libpotato
then later you install program B that depends on libfries, and libfries depends on libpotato, however since you already have libpotato installed, only program B and libfries are installed
The intelligence behind this is called a package manager

In windows when you install something, it usually installs itself as a standalone thing and complains/reaks when dependencies are not met - e.g having to install Visual C++ 2005-202x for games, JRE for java programs etc

instead of making you install everything that you need to run something complex, the package manager does this for you and keep tracks of where files are

and each package manager/distribution has an idea of where some files be stored

shadowintheday2 , 1 month ago

After the initial learning curve when starting in Linux to solving advanced problemas that may or may not occur (will depend on Nvidia/exotic hardware/DE updates), you find it's easier to solve these because there are questions and answers in the internet, than finding another way to remove Edge, Cortana and restore the look and feel of windows 7 after every major update in windows

shadowintheday2 , 1 month ago (edited 1 month ago)

These updates land on testing quickly, however due to the several packages updated at once, they all need to be tested by volunteers, and only when all of them are signed it's pushed out of testing

shadowintheday2 OP , 1 month ago

Mind sharing whhich situations would a timecard be useful ?
Probably something that requires enhanced time precision, I just can't figure it out

shadowintheday2 , 2 months ago

Already switched to AMD to enjoy it

shadowintheday2 OP , 2 months ago

I figured the root cause of the problem and a workaround. Journalctl shows this info when starting SVP:

• Video: 0 GPU OpenCL device(s) on rusticl [OpenCL 3.0] (Mesa/X.org)*

this thread says rusticl is broken

https://www.svp-team.com/forum/viewtopic.php?id=3167&p=17

therefore disabling hardware acceleration, for now, makes svp work again

shadowintheday2 , 2 months ago

3rd gen i7 is outdated

Even a 8th gen i7 struggles to keep cool and quiet compared to Ryzens from 2019 onwards running the same stack

shadowintheday2 OP , 2 months ago

Yeah, it's advertised as 160hz and even amdgpu_top (which uses xrandr or something like it) says 159.96hz is the first preferred mode, the second being 100hz

I had this problem before with a Nvidia card which reset to 144hz after an update and I could never enable it again. However it's a mystery as to why it boots up at 160hz in systemd-boot console, and goes back to 144hz when entering KDE or turning the display off

shadowintheday2 , 2 months ago

AMD is the gold standard for general user PCs in the last 5+ years. Intel simply cannot compete at the same energy expenditure/performance. At the same/close price/performance, Intel either burn a small thermonuclear power plant to deliver comparable performance, or simply is worse compared to similar Ryzens

Ryzens are like aliens compared to what AMD used to be before them

So I'd go with them

As for the GPU, if you want to use Linux forget Nvidia

shadowintheday2 OP , 3 months ago

ctrl isn't stuck because entering and subsequently exiting plasma edit mode makes the default left click behavior work again, at least for some time

shadowintheday2 , 3 months ago

Just wish obsidian had better encryption support

shadowintheday2 , 3 months ago

My most paranoid config is disabling Ipv4

That's it. If someone wants to attack me, they will need to adopt IPv6!

shadowintheday2 , 3 months ago

How does it differ from arch install + choosing the DE?

shadowintheday2 , 3 months ago (edited 3 months ago)

...no ?
years ago I couln't even dream of using bluetooth in linux; few weeks ago I found an old bluetooth dongle and now my usb speakers work just fine - even better than connecting via smartphone because plasma has sbc-xq codec easily selectable. It auto connects everytime I boot the pc, I just had to add btusb.enable_autosuspend=0 to kernel cmdline parameters

make sure you follow these guides, whicever distro you use

if it crashes, try sudo systemctl stop bluetooth.service and sudo systemctl start bluetooth.service

remember, bluetooth is a very cursed embrace-it-all protocol and may randomly crash/refuse to pair/connect unless you reset the devices manually, and this may happen with any hardware/software

shadowintheday2 , 3 months ago

"A qsort vulnerability is due to a missing bounds check and can lead to memory corruption. It has been present in all versions of glibc since 1992. "

This one amazes me. Imagine how many vulnerabilities future researchers will discover in ancient software that persisted/persist for decades.

shadowintheday2 , 3 months ago

Just don't upgrade for a while and you become debian

It's not like windows forcing you to reboot every Tuesday so Edge can come back

shadowintheday2 , 3 months ago

I thoroughly backup up my slow nvme before installing a new faster one. I actually didn't even want to reuse the installation, just the files at /home.

So I mounted it at /mnt/backupnvme0n1, 2, etc and rsynced

The first few dry runs showed a lot of data was redundant, so I geniously thought "wow I should delete some of these". And that's when I did a classic sudo rm -rf in the /mnt root folder instead of /mnt/dirthathadthoseredundantfiles

shadowintheday2 OP , 4 months ago

Another thing to solve: XWayland apps as a different user

Giving access to the wayland socket makes other users able to use wayland; however programs that rely on XWayland to work don't seem to get it:

Start Failed
Failed to initialize graphics environment

java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.
        at java.desktop/sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)

Wine

0120:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFA, 0ECAFF08
0128:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.
0128:err:winediag:nodrv_CreateWindow L"The explorer process failed to start."
0128:err:systray:initialize_systray Could not create tray window
0114:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.
0114:err:winediag:nodrv_CreateWindow L"Make sure that your X server is running and that $DISPLAY is set correctly."
0114:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFFFFFA, 0DE4FB40

env | grep -i display
WAYLAND_DISPLAY=wayland-0
DISPLAY=:0

shadowintheday2 OP , 4 months ago

Does waypipe also work with XWayland apps?

shadowintheday2 OP , 4 months ago

Sir, you're awesome! Thank you a lot for taking your time and explaining what you have found
I will try these steps when I have some free time to tinker, and the info and script you have provided has cleared a lot of questions that I had

shadowintheday2 , 4 months ago

::1 for the IPv6 enjoyers

shadowintheday2 OP , 4 months ago

I know this is possible, but it makes switching different windows a chore. Since I have GUI programs running under different users, I would want the screensharing program to not even be aware that other user's GUI programs are in the screen

shadowintheday2 OP , 4 months ago

Thank you for the explanation

So wayland fixes most of these. Is it possible to run GUI programs as another user just like in X with xhost though ?
I'm asking not only from a security point, but as a practical one since I need to run the same program under different namespaces/users

shadowintheday2 OP , 4 months ago

I don't think VLC alone could handle auth/permissions/encryption

shadowintheday2 OP , 4 months ago

Thanks, I will look into setting up Home Assist

shadowintheday2 OP , 4 months ago

Thank you, I managed to get it working with MediaMTX and DockoVPN
I still don't know how I would manage dynamic IP changes during the days I'm away, that would break the VPN

shadowintheday2 , 3 months ago

Tyvm for this very well structured guide, I didn't even realize I was on lemmy until I hit the bottom of it