Linux

Has there been any mention of time management tools getting built in into GNOME? I thought I read something a short while ago that would land in one of the next versions, but I can't seem to find anything about it anymore. It had some sort of pomodoro timer as part of it and I thought it was a neat feature to look out for. Can't seem to find it anymore though. Perhaps it was a GNOME Circle post?

cross-posted from: https://lemmy.world/post/23071801

Considering a lot of people here are self-hosting both private stuff, like a NAS and also some other is public like websites and whatnot, how do you approach segmentation in the context of virtual machines versus dedicated machines?

This is generally how I see the community action on this:

Scenario 1: Fully Isolated Machine for Public Stuff

Two servers one for the internal stuff (NAS) and another for the public stuff totally isolated from your LAN (websites, email etc). Preferably with a public IP that is not the same as your LAN and the traffic to that machines doesn't go through your main router. Eg. a switch between the ISP ONT and your router that also has a cable connected for the isolated machine. This way the machine is completely isolated from your network and not dependent on it.

Scenario 2: Single server with VM exposed

A single server hosting two VMs, one to host a NAS along with a few internal services running in containers, and another to host publicly exposed websites. Each website could have its own container inside the VM for added isolation, with a reverse proxy container managing traffic.

For networking, I typically see two main options:

• Option A: Completely isolate the "public-facing" VM from the internal network by using a dedicated NIC in passthrough mode for the VM;
• Option B: Use a switch to deliver two VLANs to the host—one for the internal network and one for public internet access. In this scenario, the host would have two VLAN-tagged interfaces (e.g., eth0.X) and bridge one of them with the "public" VM’s network interface. Here’s a diagram for reference: https://ibb.co/PTkQVBF

In the second option, a firewall would run inside the "public" VM to drop all inbound except for http traffic. The host would simply act as a bridge and would not participate in the network in any way.

Scenario 3: Exposed VM on a Windows/Linux Desktop Host

Windows/Linux desktop machine that runs KVM/VirtualBox/VMware to host a VM that is directly exposed to the internet with its own public IP assigned by the ISP. In this setup, a dedicated NIC would be passed through to the VM for isolation.

The host OS would be used as a personal desktop and contain sensitive information.

Scenario 4: Dual-Boot Between Desktop and Server

A dual-boot setup where the user switches between a OS for daily usage and another for hosting stuff when needed (with a public IP assigned by the ISP). The machine would have a single Ethernet interface and the user would manually switch network cables between: a) the router (NAT/internal network) when running the "personal" OS and b) a direct connection to the switch (and ISP) when running the "public/hosting" OS.

For increased security, each OS would be installed on a separate NVMe drive, and the "personal" one would use TPM with full disk encryption to protect sensitive data. If the "public/hosting" system were compromised.

The theory here is that, if properly done, the TPM doesn't release the keys to decrypt the "personal" disk OS when the user is booted into the "public/hosting" OS.

People also seem to combine both scenarios with Cloudflare tunnels or reverse proxies on cheap VPS.

---

What's your approach / paranoia level :D

Do you think using separate physical machines is really the only sensible way to go? How likely do you think VM escape attacks and VLAN hopping or other networking-based attacks are?

Let's discuss how secure these setups are, what pitfalls one should watch out for on each one, and what considerations need to be addressed.

The case for Linux and openSUSE is clear. Linux provides viable, cost-effective and sustainable alternatives. Users can enjoy a free, open-source operating system that doesn’t require costly upgrades or restrictive hardware requirements with installing openSUSE. Here are a few things users that want to transition can consider:

• Complete Transparency: Linux distributions like openSUSE are governed by open-source principles, ensuring clear and consistent development.
• No Forced Obsolescence: openSUSE supports a wide range of hardware like modern machines to older PCs that allow users to extend the life of their devices.
• Cost Savings: openSUSE is free to use, with no licensing fees or hidden subscription costs for extended support.

By switching to Linux, users can help combat e-waste as every PC saved from a landfill is a win for the environment.

Hi all, I want to do some screen recording on my linux desktop. And like a normal-functioning member of society, I decided to do it the hardest way and learn ffmpeg CLI to do it. Why? well, something about using underlying tools and customizing their usage excites me.

I have already started doing this, and I am finding I have to do a lot of trial and error to get things right. Before I dive deeper, I want to ask: Am I limiting myself in doing this? Is there anything I could be missing out on taking this route, or something that ffmpeg could not do on its own that a dedicated solution can?

What will I use this for exactly? well, things like recording a video game as I play it (which I suppose will require hardware acceleration to be of viable quality), or recording a tutorial (requiring voice input from mic), things like that.

cross-posted from: https://lemm.ee/post/49620916

Now that 2024 is coming to the end and Christmas around the corner, have you considered any donations to be given? If yes where?

Ethernet plugged in but there is no internet. I have no idea what happened. I just took a normal update like I always do and after that it was all gone. WiFi connects no problem, but there is no internet. Unplugged Ethernet and replugged it back in. Nothing. I dualboot with windows, internet works fine there, so there is no hardware issue. Went into a live environment and chrooted into it and reinstalled network manager and still not a fucking thing. Not sure what these are now. I know about the lo one, but never seen the second wired connection or the virbr0. Any idea how to get my Internet back? I really don't want to reinstall the system because of this. And btw, I even tried a hotspot from my phone and a wire tether from it and still no internet.
System is endeavour OS with KDE on Wayland.

If you need to convert files from one markup format into another, pandoc is your swiss-army knife

Important

• NVIDIA Kepler (600 and 700 series) GPUs are no longer supported for NVENC.
• NVIDIA users may need to update their GPU drivers to 551.76 (Windows) / 550.54.14 (Linux) or newer.

Important

• The code signing certificate for OBS has been updated. This may impact game capture compatibility with some anti-cheat solutions with this OBS update. If you are a game or anti-cheat developer please see https://obsproject.com/kb/capture-hook-certificate-update for more information.

New Features

• Added NVIDIA Blur Filter and Background Blur [pkviet]
• Added preview scrollbars and zoom/scale indicator [cg2121/Warchamp7]
• Added v210 format support for AJA device capture [paulh-aja]
• Added Amazon IVS service integration [palana]
• Added QSV AV1 Screen Content Coding [thyintel]
• Enabled first-party YouTube Chat features [msuman-google]

Other Changes

see link

Today KDE community are releasing KDE ⚙️ Gear 24.12 with new versions of classics such as Dolphin, our feature-rich file manager and explorer; Kate, the developer-friendly text editor; Itinerary, a travel assistant that will get you safely to your destination. …and much, much more!

These apps exist thanks to KDE's volunteers and donors. You too can contribute and express support for your favorite apps by adopting them!

Let's take a look at just a few of the applications — some updated and some brand new — which will be landing on your desktop in just a few days.

BootSelector is a tiny GUI utility for setting any grub menu entry as default.

It also allows you to reboot into any OS/kernel in your grub menu.

The initial version has been tested on the latest Ubuntu 24.10 and should work on other Debian-based distributions as well.

An RPM for fedora will be released soon after more testing is done.

So, if you've never heard of ReactOS, it's an alternative to Windows, except it's open source, and reverse engineered.

The end result is, if it works on Windows, it works on ReactOS natively.

Now, as you might imagine, there are some issues with this. The most glaring one being that they're currently in the year 2003. That's the level they're at with software. It's not even emulation. It's running the software natively, and it's written from scratch.

But my takeaway is that Linux running windows apps natively would improve people's hesitation to running linux.

Now since ReactOS is FOSS, any improvements made upon it could then be forked over to Linux. And if someone made a ReactOS fork, that isn't linux, that's good too (as long as it stays open source). Any advancements made by this new theoretical fork of ReactOS could ALSO be forked into linux.

Right now, development is slow, because it's a community driven effort without much of a community. If it had a large and engaged community, all legally reverse engeneering the ways of windows? That would allow basically EVERY OS to have FOSS unofficial native windows support.

So I guess my question is, for an OS that's been in development since 1998, why doesn't the linux community embrace ReactOS?

I recently found a very overpowered for the price mini-PC and I plan to use it to replace my Android TV box that is really starting to show its age.

I think I want something bazzite-like and probably immutable but more media focused than gaming, with already working and set up waydroid and remote control support.

Thanks in advance

cross-posted from: https://lemmy.world/post/23017061

https://gitlab.com/christosangel/stackabrix

stackabrix is a simple terminal game, written in Bash, where the user, against the clock and with the least moves possible, must sort the blocks according to their color, and stack them in the respective stack.

During the game, the user can move left and right, pick blocks and drop them in other stacks.

The aim is to sort the blocks, and stack them in the respectively named stacks, fast as possible, and with the least moves possible.

The play's score is the sum of the time achieved in seconds and of the moves made.

If the score is among the 10 best scores achived, it makes it in the Top Ten Highscores.

Any feedback is welcome.

cross-posted from: https://lemmy.world/post/23016073

• The --purge switch of systemd-tmpfiles (which was added in v256) has been reworked: it will now only apply to tmpfiles.d/ lines marked with the new "$" flag. This is an incompatible change, and means any tmpfiles.d/ files which shall be used together with --purge need to be updated accordingly. This change has been made to make it harder to accidentally delete too many files when using --purge incorrectly.
• The systemd-creds 'cat' verb now expects base64-encoded encrypted credentials as input, for consistency with the 'decrypt' verb and the LoadCredentialEncrypted= service setting. Previously it could only read raw, unencoded binary data.
• Support for automatic flushing of the nscd user/group database caches has been dropped.
• The FileDescriptorName= setting for socket units is now honored by Accept=yes sockets too, where it was previously silently ignored and "connection" was used unconditionally.
• systemd-logind now always obeys block inhibitor locks, where previously it ignored locks taken by the caller or when the caller was root. A privileged caller can always close the other sessions, remove the inhibitor locks, or use --force or --check-inhibitors=no to ignore the inhibitors. This change thus doesn't affect security, since everything that was possible before at a given privilege level is still possible, but it should make the inhibitor logic easier to use and understand, and also help avoiding accidental reboots and shutdowns. New 'block-weak' inhibitor modes were added, if taken they will make the inhibitor lock work as in the previous versions. Inhibitor locks can also be taken by remote users (subject to polkit policy).
• systemd-nspawn will now mount the unified cgroup hierarchy into a container if no systemd installation is found in a container's root filesystem. $SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=0 can be used to override this behavior.
• /dev/disk/by-id/nvme-* block device symlinks without an NVMe namespace identifier are now fixed to namespace 1 of the device. If no namespace 1 exists for a device no such symlink is created. Previously, these symlinks would point to an unspecified namespace, and thus not be strictly stable references to multi-namespace NVMe devices. These un-namespaced symlinks are mostly obsolete, users and applications should always use the ones with encoded namespace information instead. This change should not affect too many systems, because most NVMe devices only know a namespace 1 by default.
• Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now considered obsolete and systemd by default will ignore configuration that enables them. To forcibly reenable cgroup v1 support, SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must additionally be set on the kernel command line.

I have an unused Windows tablet from 2021 running some Core M processor or other that I want to put Linux on and start using again. It doesn't have a keyboard so I would have to actually use it as a tablet and not a laptop. Is there a distro built around one of the mobile desktop environments that also runs well on x86? (Last time I tried Linux mobile it was pretty much only for ARM and I never got it to work well on even an x86 virtual machine.) Or is regular GNOME deskrop still my best bet for a tablet?