all chromium based browsers are now inherently more vulnerable to malware thanks to google.
Could you explain why? While at it, would you be so kind to mention why security-focused projects like GrapheneOS and secureblue stick to Chromium-based browsers despite that?
should i switch to linux?
So, as this is a Linux community, do you expect anything but an astounding “Yes!”?
Going through the rest of your post, you’d have to be cautious with the Nvidia GPU. It can go anywhere from working almost seamlessly without any tinkering to causing nigh-unsolvable problems you (regretfully) might have to work around.
But, aside from that, you should be pretty much good to go.
Thank you very much for the elaborate answer!
If I’d have to distill your points, they mostly seem related to documention. Which is unfortunate. Would you say that’s a fair take?
I found the following on their Discord:
- try going to neverssl.com
- try
ujust dns-selector reset, then try neverssl.com again- try a non-Trivalent browser (e.g. Epiphany), then try neverssl.com again
I think the main problem is that immutable distros haven’t thought things through from the beginning.
I think I understand why you might have that feeling, but I think it’s more complex than that.
Say, we look at Fedora Atomic, as that’s the atomic distro I’m most familiar with. At inception, it offered the following (‘staggered’) three-way:
rpm-ostree, if the above didn’t work. Basically your fail-safe.So AFAIU, as long as you didn’t rpm-ostree your whole system, it was a ‘win’ for the atomic model.
You might argue that their priority should have been the development of an all-encompassing package manager that works (almost) as sleek any other one. And only after that’s been (somewhat) completed, should they have shipped a system built around it. However, the trouble it has been taking Ubuntu to launch its Core Desktop since its announcement, definitely suggests that building an OS around a more complete (and complex) package manager poses its own set of challenges[1]. Contrast that to Fedora and openSUSE, both of which were able to launch their respective atomic distros for Desktop Linux in a more timely fashion.
If snap has a limitation, they just update snap to not have the limitation rather than brining in another package manager.
I think you’re making a category error. If Snap chooses to replace your complete OS, then it makes sense to get rid of any limitations. Because that’s in scope of its intended design. Flatpak, from my understanding, simply tries to become for Desktop Linux what the App Store and Google Play are for iOS and Android respectively. Hence, it doesn’t make much sense to blame it for what is out of its scope. Similarly to how it wouldn’t make any sense to scold VLC because it doesn’t play your Windows games. Here, I explicitly named Flatpak, but note that this principle applies to basically any other alternative package manager we (tend to) find on atomic distros.
Consequently, therefore, perhaps the distros are to be blamed for shipping lackluster package managers instead of introducing one-to-one replacements of the traditional ones. But I think this is just a very complex problem 😅. And I suppose you knew that already…
See NixOS 😜. ↩︎
Hmm…, I didn’t get that from your first response. But thank you for clarifying!
Once you start getting into the territory of layering new tools/drivers/whatever on top, you’re reintroducing the statefulness that the atomicity was supposed to eliminate.
I agree with your sentiment overall, but with a lot of nuance. I’d rather formulate it purposely ambiguous as follows: Once you start getting into the territory of modifying stuff, you might reintroduce some of the statefulness that the paradigm was supposed to eliminate.
I am aware that this ambiguity invites clarity and elaboration. And therefore I’d like to offer my genuine apologies for not responding to said invitation. However, I hope that this excellently written blogpost suffices in conveying how systems can be both stateless and ever-mutable.
The answer is indeed by going declarative.
But to me the whole sysext thing is actually a compelling argument for why Linux power users (i.e. most Linux users on lemmy) aren’t suited to immutable distros.
Sorry, but I don’t see why. Btw, I’m pretty well-versed in immutable atomic distros. So, please don’t feel the need to explain how it works.
When something as fundamental as git requires multiple obscure commands to install
I think you’re overstating the bold part.
Instead of <package-manager> install <package>, it becomes sysextmgrcli install <package> and systemd-sysext merge. I understand that going from a single command to two commands is effectively doubling the effort. But, as systextmgrcli is a horribly long name to invoke (and why I suspect it will change eventually), you might want to alias that anyways. At which point, creating a function within your .bashrc to streamline that to a single command shouldn’t be too much to ask for a power user.
As for the obscure part, sysextmgrcli is the tool that’s being introduced. Hence, it would be rather oxymoronic to expect that it’s anything but obscure. Beyond that, its usage seems reasonably sane and relatively standard. Very common arguments like list, install and update that are found on basically every other package manager work as expected. So, honestly, I don’t see the problem.
As for the second command, while systemd-sysext has been a part of systemd since its v248 release over five years ago, Desktop Linux users haven’t had much use for it yet. Though, thankfully, learning that systemd-sysext merge is done after installing a system extension and systemd-sysext unmerge is done for uninstalling a system extension shouldn’t be too much to ask.
Flatpak, docker, and nix cover a lot of things but have their annoying edge cases and paper cuts, especially in comparison to snap in some ways for some apps.
I’m still pretty new to nix - I’ve only recently started experimenting within a NixOS-loaded VM. So, please pardon me for my ignorance. But would you be so kind to point me towards its “annoying edge cases and paper cuts especially in comparison to snap in some ways for some apps”? Thank you in advance :) !
Very cool to see that System Extensions are being adopted and that the tooling is improving to reflect that!
This reminds me of the sysexts-manager project, which is worked on by a Fedora Atomic maintainer.
I’m pretty sure the MNT Reform is the closest thing we got to a laptop built on open hardware.
Unfortunately, it is pretty chunky 😅. Thankfully, their upcoming MNT Reform Next has become production-ready recently. So, that’s pretty lovely if you’re willing to be patient.
As noted by others, I’m pretty sure many different solutions exist. But, FWIW, I’ve had good results with DwarFS.
I’m pretty sure it does; as secureblue, an immutable atomic distro that’s hardened by default, required this commit to mitigate it once and for all.
While Bazzite and its atomic brethren do provide some additional protection against attacks, it’s often very overstated 😅. Hence, it’s unsurprising that it doesn’t provide any defense against this assault.
It just so happens to be that Linux is the easiest to make secure
Could you back that up? Thanks in advance!
Unfortunately, I can’t really comment about that specific device. Regardless, I’d reckon the following is worth noting:
Anecdotally, I’ve moved from HP to ThinkPad and there’s a very clear difference. To name one of my many frustrations with HP, my battery died every year or so on Linux. That’s just ridiculous. By contrast, the experience on ThinkPad has been absolutely glorious. It’s clearly meant to offer a first-class Linux experience.
Thanks! Your comment prompted me to check out this entry in uBlock Origin’s documentation that also underlines why Firefox(-based browsers) work better for the purposes of content-blocking.
Can’t agree more.