[-] jamesbunagna@discuss.online 1 points 2 hours ago* (last edited 2 hours ago)

Isn’t Bazzite an immutable OS with very limited package availability outside of gaming?

Nope. It's basically Fedora Atomic with a lot of special sauce to make onboarding as pleasant as possible. Especially if you want to use it for gaming; be it as a HTPC/console or on desktop. Thus, like Fedora Atomic, you've got access to many different package managers to get your needs covered. Heck, Bazzite and its uBlue siblings actually improve upon Fedora Atomic in this regard (at least by default). Refer to this entry in its documentation for the finer details.

but I’m not sure it would be a good experience for someone just getting into Linux, since most of the help he will get online

We've all been faulty of this (read: searching on the internet), but we should instead consolidate Bazzite's documentation first. Only after it isn't found there, should one consider going to their discussion platforms; be it their own forums or their Discord server. Searching on the internet is IMO a no-go, especially if one isn't well-versed yet.

will direct him to edit config files which would get overwritten on update.

This doesn't apply to Fedora Atomic. Perhaps you're conflating this with SteamOS.

[-] jamesbunagna@discuss.online 1 points 3 hours ago

Aight, got it.

For now, I'm exclusively on Wayland. Though, hopefully Openbox (or something inspired by it) will make the jump so that I can see for myself what all this goodness is about.

Anyhow, it was a lovely conversation. I enjoyed it to bits. I wish ya tha best. Cya, out there. Bye!

[-] jamesbunagna@discuss.online 1 points 3 hours ago

Do you have a link for these instructions?

In addition to the template linked by dustyData, there's also BlueBuild if you prefer YAML over containerfiles.

[-] jamesbunagna@discuss.online 1 points 6 hours ago

Very enlightening! Thank you so much!

mouse-centric

This is actually unfortunate for me. I seem to be prone to RSI related aches. Keyboard is fine~ish. But mouse can be pretty troublesome. Do you happen to know if it plays nice with trackballs and/or trackpads?

[-] jamesbunagna@discuss.online 1 points 6 hours ago

enabling a lot of the privacy features like resist fingerprinting often breaks login flows

True. Though, in this case, it's only enabled on hardened. So, the default config doesn't enable it.

and breaks dark mode detection on site

Yeah, that's really unfortunate. I suppose there's Dark Reader. But, I believe Arkenfox' maintainers held the opinion that a bandaid solution as such did more harm then worth it. At least for those that enable RFP for the sake of fingerprint protection.

[-] jamesbunagna@discuss.online 1 points 6 hours ago

Thanks for sharing.

Thanks for the appreciation!

Our goal is to continue the legacy of Mull by providing a free and open source, privacy and security-oriented web browser for daily use.

Do you work on IronFox?

[-] jamesbunagna@discuss.online 1 points 1 day ago

Do you think I could run secure blue from a USB drive?

I'm not sure if it's exactly the same, but Jorge Castro (one of uBlue's maintainers) showed how some uBlue projects (perhaps this also applies to secureblue) can be installed on an external drive. Perhaps it's worth a look: https://www.youtube.com/watch?v=5DRaYQ6hKU0

[-] jamesbunagna@discuss.online 12 points 1 day ago

I didn't downvote myself, but did consider it.

For one, it felt a bit out of place; Fedora isn't defined by systemd, nor Red Hat or IBM. One clear example would be how Fedora has chosen to stick with Btrfs; contrary to Red Hat's demands. Don't get me wrong, I don't deny any partnership or whatsoever. But it's not like Fedora's community has no agency.

Secondly, corsicanguppy's comment seems to imply that Fedora only sticks to systemd out of some obligation towards IBM/RedHat or something. As if the overwhelming majority of distros don't default to systemd.

Thirdly, Poettering works for M$ now. Sure. But systemd remains a Linux project. And quite a good one at that. Even if the likes of dinit and s6 are starting to offer some healthy competition, it's undeniable that systemd continues to have the advantage in terms of received man-hours (in development) and adoption. I hope that Fedora eventually gives others the chance to shine. But outright ditching systemd without a perfect replacement is just foolish.

Systemd is bloated

The bloat argument has absolutely no weight as long it's not properly defined. One's bloat is the other's sane default and vice versa. Please, if you're engaging in good faith, come up with a definition by which the likes of dinit and/or s6 are not bloated while systemd is. Please be complete and rigorous in your assessment.

and known to present security risks.

If you're referring to what's addressed in Madaidan's article, you should not forget that Whonix -the very distro Madaidan used to be a security researcher at- employed systemd to enhance security. And while one might say a lot about Poettering, one simply can't deny that they've got a sound understanding of good security standards and how to implement them. It's therefore unsurprising that both Kicksecure and secureblue (i.e. Linux' finest when it comes to hardened distros) heavily rely on systemd for their bidding.

Don’t see why looking at alternatives wouldn’t be seen as positive growth.

At least we can agree on this 😉.

49

Disclaimer: I'm not affiliated to the project.

Aside from the fact that it's relatively new and unknown, does this hold a candle to other Firefox-based projects? They seem to be competent by their own comparison tables.

Has anyone got any first-hand experience?

[-] jamesbunagna@discuss.online 21 points 1 day ago

Yeah, it seems that they even acknowledge that Tor and Mullvad are better for extreme threat models.

"The only browsers that can provide sophisticated fingerprinting protection against advanced scripts are Tor Browser & Mullvad Browser.

If you have an extreme threat model (Ex. Political dissident, journalist, or if you are in some other kind of high risk situation), please use one of those browsers."

I suppose we'd have to commend them for being fair.

[-] jamesbunagna@discuss.online 2 points 1 day ago

Unfortunately, I've yet to experience Qubes OS myself. So I can't help you with that. Wish ya the best of luck though!

80

Disclaimer: I'm not affiliated to the project.

Aside from the fact that it's relatively new and unknown, does this hold a candle to other Firefox-based projects? They seem to be competent by their own comparison tables.

Has anyone got any first-hand experience?

[-] jamesbunagna@discuss.online 2 points 1 day ago

I hope at least the earlier problems with distrobox have been solved.

Is your intention to go in the direction of Qubes OS with extra steps?

[-] jamesbunagna@discuss.online 2 points 1 day ago

Yo OP, did it work out in the end?

34

Hey folks! After using Fedora Atomic for quite a while and really appreciating its approach, I've been eyeing one particular feature from NixOS: its congruent system management. Inspired from Graham Christensen's "Erase your darlings" post, I'd like to explore implementing something similar to NixOS' impermanence module on Fedora Atomic as one step towards better state management.

Why not just switch to NixOS? Well, while NixOS's package management and declarative approach are incredible, I specifically value Fedora's stringent package vetting and security practices. The nixpkgs repository, despite its impressive scope, operates more like a user repository in terms of security standards.

I've already made some progress with the following:

  • Fedora Atomic's shift to bootable OCI containers has helped with base system reproducibility when one creates their own images. This process has thankfully been streamlined by templates offered by either uBlue or BlueBuild
  • Using chezmoi for dotfiles (would've loved home-manager if it played nicer with SELinux)

My current (most likely naive and perhaps even wrong) approach involves tmpfs mounts and bind mounts to /persist, along with systemd-tmpfiles. I'm well aware this won't give me the declarative goodness of NixOS, nor will it make the system truly stateless - there's surely plenty of state I'm missing - but I'm hoping it might be another step in the right direction.

Particularly interested in:

  • Best practices for managing persistent vs temporary state
  • Working with rpm-ostree's (or bootc') assumptions
  • Tools or scripts that might help
  • Alternative approaches that achieve similar goals

Thanks in advance!

view more: next ›

jamesbunagna

joined 2 weeks ago