Hello good people.

Is no one afraid of Bazzites auto updating nature (in regard to privacy/malware)?

I am myself worried about the potential for well timed supply chain attacks from wherever they build their OS images, which somehow build malicious images or just gets itself into the normal image builds and we auto update to.

Is this an unfounded worry? Does anyone know of the security measures in place to prevent attacks?

Auto update just feels weird to me, especially for something like my OS. I'm asking because I went and installed it and realised auto updating seems to be their philosophy... which is scary?

p.s. i couldnt find anyone online discussing this

Thonks

I have and old laptop with some good screen but awful audio. What i want is to stream the audio on my decent tablet to use it as a speaker. This is not a server cloud or anything similar, just a pc with some linux distro installed.

Brodie Robertson highlights key feature updates in the latest Plasma desktop environment. This walkthrough covers improved virtual workspace management, refined accessibility tools, enhanced remote desktop security, and various UI adjustments aimed at streamlining the user experience.

Just released GeoTag Photos, a Nextcloud Files plugin to add, read, or remove geolocation metadata from photos in one click.

This tool works both ways: inspect or add location metadata during investigations, visualize where photos were taken via Nextcloud Maps/Memories, or scrub it before sharing sensitive files, all self-hosted, without third parties.

cross-posted from: https://lemmy.ml/post/48812123

KDE Plasma is a popular desktop (and mobile too) environment for GNU/Linux and other UNIX-like operating systems. In addition to other hardware, it also powers the desktop mode of the Steam Deck gaming handheld. The KDE community today announced the latest release: Plasma 6.7.

This new major release brings back the Oxygen and Air themes from the KDE 4 era, including the Horos wallpaper. The ability to switch virtual desktops independently for each output/display was added. It is now easier to toggle between light and dark mode directly from the Brightness & Color widget. You can now test microphones from the audio settings, and assign a custom global keyboard shortcut for "push-to-talk" microphone un-mute. If you have Plasma keyboard enabled and a physical keyboard key is long-pressed a selection of related special characters is presented to choose from. When it comes to printing it is now much easier to connect to shared printers on Windows networks, and a new print queue management tool offers more power than ever before. Vietnamese lunar calendar was added, and you can now select the default system calendar application. It is now possible to set mouse and tablet stylus pointers to be synced. ICC color profile can now be applied when HDR mode is active. Graphical performance has been improved and power usage lowered for CPU-rendered applications, some full-screen applications and on Intel graphics hardware. This release also features an experimental preview of the Union theming engine, which is based on web-like CSS definitions and will make creating and using new themes easier in the future.

For complete list of new features and changes check out the KDE Plasma 6.7 release announcement and the complete changelog.

All credit to Cscs https://discuss.cachyos.org/u/cscs/summary

cross-posted from: https://feddit.org/post/23120439

Here, my summary of key features and decisions of Guix:

1. Guix is a package manager that can (optionally) run on top of Linux distributions or other POSIX systems, like cargo, pip, conda or Conan. In difference to the pip and cargo package managers, it is language-agnostic, supports many different build systems and languages, and features around 29000 packages now.

2. Guix allows to define a fully reproducible system. This works by using a declarative language for immutable version-controlled package descriptions, and by deriving any software from package definitions and a fixed version (commit hash) of the source code. In that, it is similar but much stricter than Nix and NixOS. The key point is that any software built, and all its dependencies, go back to unambigously, immutable versions of source code and build recipes - and all inputs to the system are open source and can be reviewed.

3. Important for programming, this can also define isolated build and development environments, like Python's venv, but also Docker containers. This means that Guix can be used to develop, build, package, and deploy software, very much like Snap packages. And that's independent from the distribution you work in, very much like pip or cargo are independent from the system you work in. (And yes, it supports Rust!).

4. This allows it, and also makes it technically possible, that any software package can be re-built and run years later. To make this legally possible, the official distribution of Guix also demands all components to be open source (FOSS). This is also a key difference to NixOS and non-free forks of Guix, which allow non-free binary packages, but sacrifice reproducibility. (To illustrate: If you have a binary, proprietary scanner driver in NixOS, and the owning company practices planned obselescence and decides that you should buy their new hardware, and pulls that driver, you are out of luck. In Guix, this can't happen.) (Note that as your own private conponents, you can define any package you like, you can also distribute your definitions as a complement to GNU Guix. Non-free packages for Guix do exist, in the same way as you can buy and run Steam Games software for Linux. Such non-free software just can't become part of the official Guix distribution, just like Amazon or Apple can't sell their non-free software via Debian or the Linux kernel project (or, for that matter, Apple has no obligation to market and distribute, say, Oracle products).

5. All inputs being open source also means that any software component can be reviewed, that mis-features such as privacy-invasive behaviour can be removed, and that it is hardly possible to hide malware in the system. Because this also applies recursively to all compilers and build tools, this solves also Thompson's "Trusting Trust" problem. In fact, the whole system can be build from a 512 byte binary root (called MER). (Interestingly, that level of user control gets a lot of hate online -- certain companies don't seem to like it).

6. Because it would take too long to build every user package from source every time, the produced packages are normally cached (while their correct binary content can be easily verified).

7. The declarative description language for the packages is a well-defined, established, minimalist language called Scheme. This is a member of the Lisp family of languages. That Lisp is very well suited for declaratively building and configuring large systems has been proven with GNU Emacs, whose software, but more importantly, whole user configuration, is written in Emacs Lisp.

8. The Scheme implementation used is called Guile. It has especially good support for the POSIX environment and has also much better-than-average interactive debugging capabilities compared to other Scheme implementations.

9. Also worth noting is that the Guix project has superb online documentation. This is a practical advantage compared to Nix.

As example: you are on Debian stable and quickly want to try a recent version of the kakoune editor (as kakoune is in ongoing development): They are available under the Guix package manager. Just

guix install kakoune

and bang you have it!

How it works:

https://codeberg.org/guix/guix#headline-4

Manual:

https://guix.gnu.org/manual/en/html_node/Installation.html

Also informative for using Guix just as a package manager:

https://wiki.archlinux.org/title/Guix

I've been running AMD ThinkPads for a while and always felt like the stock kernel carries a lot of dead weight, like Intel CPU/GPU drivers, NVIDIA, Dell/HP/Asus vendor blobs, server SCSI controllers, legacy filesystems, ancient WiFi drivers from 2003. None of that belongs on a ThinkPad.

So I built detkernel (yeah, I know), a custom kernel that strips all of that out and keeps only what AMD ThinkPads actually need.

What's removed:

• Intel CPU/GPU (i915, xe, microcode)
• NVIDIA (nouveau)
• All non-ThinkPad vendor drivers (Dell, HP, Asus, Sony, Apple...)
• Server SCSI controllers (Adaptec, LSI, HP SmartArray...)
• Legacy WiFi (Prism, ZyDAS, old Ralink, IPW2100/2200...)
• Dead filesystems (ReiserFS, HFS, UFS, JFFS2...)
• Legacy network protocols (AppleTalk, ATM, X.25...)

What stays:

• Full AMD support (Zen1–Zen5, RDNA GPU, ACP audio, PMC, P-state)
• All ThinkPad WiFi chips (Intel AX, Qualcomm WCN, MediaTek MT7921/MT7925, Realtek RTW89)
• Realtek LAN (it's in every ThinkPad)
• HDA Realtek audio + USB audio
• ThinkPad ACPI, HID Lenovo
• KVM/AMD, VFIO

Two variants:

• detkernel-universal — x86-64-v3, works on all AMD ThinkPads (T495 and newer)
• detkernel-zen5 — znver5, for Ryzen AI 300 series (T14 G5-G6, T16 G3, P14s G5-G6), includes 500Hz tick, BBRv3 TCP, NTSYNC for Wine/Proton

Distributed as UKI (.efi) for systemd-boot users — just drop it in /boot/EFI/Linux/ and reboot. vmlinuz + initramfs also available for GRUB/rEFInd.

Currently based on Linux 7.0.12-zen1.

GitHub: https://github.com/Detcom-GH/detkernel

Looking for testers, especially on older models (T495, T14 G1-G2, L14/L15). Would love to hear how it runs on your machine.

I am planning to use this as a lightweight travel machine, smaller than my ThinkPad P15v and better than the Chrome-Tab I frankensteined into a linux tablet. I got the Macbook (in great physical condition), a new battery, and a USB-C to magsafe2 adapter for about USD 85. I'm currently calibrating the new battery, which I'm doing in EoL MacOS Monterey, but right now the plan is to replace it with MX Linux, which on the Live USB already had the Broadcom Wifi drivers. I also like Snapless distros using apt and KDE Plasma. Then, finally, I used to daily Mepis Linux years and years ago, so part of me was pleased it sort of lives on. I run Tuxedo OS on a couple of other machines, so if there's some very good reason to, I would be willing to take my chances that getting the Wifi up and running would go smoothly. Any very strong thoughts about distros on this hardware?

Beyond that, from what I've been reading, Gnome and KDE aren't really the hogs they used to be, and at 8GB this laptop should be okayish for browsing, text editing, Youtube at 720p or maybe 1080p (1440x900 screen), and the most casual of games. You know, basic stuff when you aren't doing "serious" work. Still, what would y'all recommend for making KDE itself slip into the background and use as less CPU, RAM, and GPU (particularly concerned here, given the weak onboard and shared VRAM). I don't think I need to drop down to XFCE, Fluxbox, etc., but I would like to turn off eye candy and other non-essentials.

Beyond distro, optimization, and managing expectations, is there anything I'm missing? I have a cricut and basic Inkscape skills, so I'm also open to decals. After all, what is the point of buying a decade-old laptop if I can't make it look slightly stupid?

Hello guys, I have been annoyed at this pop-up as I have to exit it every time I open any Electron (chromium based apps). Does anyone here know how to disable it?

Thanks in advance.