Linux

I haven't used this yet, but the design described in the readme makes it look very convenient compared to the usual array of tools required.

Behold, a Linux maintainer openly admitting to attempting to sabotage the entire Rust for Linux project:

https://lwn.net/ml/all/20250131075751.GA16720@lst.de/

The good news is this doesn't affect drm/asahi, our GPU driver. The bad news is it does affect all the other drivers we're (re)writing in Rust, two so far with a third one coming.

Another choice quote, calling R4L "cancer": https://lore.kernel.org/lkml/20250128092334.GA28548@lst.de/

Personally, I would consider this grounds for removal of Christoph from the Linux project on Code of Conduct violation grounds, but sadly I doubt much will happen other than draining a lot of people's energy and will to continue the project until Linus says "fuck you" or something.

As for how to move forward, if I were one of the Rust maintainers, I would just merge the patch (which does not touch code formally maintained by the dissenter). Either Linus takes the pull, and whatever Christoph says is irrelevant, or he doesn't, and R4L dies. Everything else is a waste of everyone's time and energy.

Edit: Sent in my 2 cents: https://lore.kernel.org/rust-for-linux/2b9b75d1-eb8e-494a-b05f-59f75c92e6ae@marcan.st/T/#m1944b6d485070970e359bbc7baa71b04c86a30af

Hello Linux Gurus,

I am seeking divine inspiration.

I don’t understand the apparent lack of hypervisor-based kernel protections in desktop Linux. It seems there is a significant opportunity for improvement beyond the basics of KASLR, stack canaries, and shadow stacks. However, I don’t see much work in this area on Linux desktop, and people who are much smarter than me develop for the kernel every day yet have not seen fit to produce some specific advanced protections at this time that I get into below. Where is the gap in my understanding? Is this task so difficult or costly that the open source community cannot afford it?

Windows PCs, recent Macs, iPhones, and a few Android vendors such as Samsung run their kernels atop a hypervisor. This design permits introspection and enforcement of security invariants from outside or underneath the kernel. Common mitigations include protection of critical data structures such as page table entries, function pointers, or SELinux decisions to raise the bar on injecting kernel code. Hypervisor-enforced kernel integrity appears to be a popular and at least somewhat effective mitigation although it doesn't appear to be common on desktop Linux despite its popularity with other OSs.

Meanwhile, in the desktop Linux world, users are lucky if a distribution even implements secure boot and offers signed kernels. Popular software packages often require short-circuiting this mechanism so the user can build and install kernel modules, such as NVidia and VirtualBox drivers. SELinux is uncommon, ergo root access is more or less equivalent to the kernel privileges including introduction of arbitrary code into the kernel on most installations. TPM-based disk encryption is only officially supported experimentally by Ubuntu and is usually linked to secure boot, while users are largely on their own elsewhere. Taken together, this feels like a missed opportunity to implement additional defense-in-depth.

It’s easy to put code in the kernel. I can do it in a couple of minutes for a "hello world" module. It’s really cool that I can do this, but is it a good idea? Shouldn’t somebody try and stop me?

Please insert your unsigned modules into my brain-kernel. What have I failed to understand, or why is this the design of the kernel today? Is it an intentional omission? Is it somehow contrary to the desktop Linux ethos?

Another interesting observation is that linux marketshare in India has been falling in the last months since the peak above 17% in last September no 8,79% in January. Does anyone know something about what happened in there?

cross-posted from: https://lemmy.ca/post/38277245

I am looking to switch to a different Linux distribution (or BSD). I currently use openSUSE Tumbleweed, which is quite nice, but I'm having issues with my USB ports and it takes a hot second to boot up.

However, the reason I'm asking here instead of going straight to DistroWatch is that my laptop has a problem. When I turn it on, it bootloops unless it's connected to power when I press the button. As such, this distribution would need to be able to handle running for weeks on end without a reboot.

I could get this repaired or replaced, but I have neither the time nor the money to spare.

So, does anyone have any suggestions? Or should I just slap Fedora Kinoite on it and call it a day?

EDIT: I went for ~~Debian~~ FreeBSD, as well as running fwupd, and it's all working now. Thanks!

Edit 2: Fixed! Thanks to @just_another_person@lemmy.world for this github issue link.

The solution is in the last comment suggesting to set ManageForeignRoutingPolicyRules=no in /etc/systemd/networkd.conf

Original post is below...

So I've got something I don't quite know how to find a solution for and I'm hoping this lovely community can help!

I've been experimenting with Arch (btw) with Hyprland to learn more about the install process, and linux in general, and to see if I like tiling window managers (I do).

I've installed this on a thinkpad I use for tinkering/learning, and the problem I'm encountering is that when I open up the laptop and the system resumes from suspend, the VPN connection is active, but broken, or maybe leaky.

What I mean by that is prior to suspending, with the vpn connection active, if I run curl ip.me, the result is the vpn server ip, Which is the expected behavior.

After resuming from suspend, when I run curl ip.me, I get my naked home ip instead of the vpn ip.

At first I thought I was losing the vpn connection, but when I check the status with sudo wg, it will show the vpn connection is still active, like so:

interface: wg0
  public key: pubkeyhere
  private key: (hidden)
  listening port: 38014
  fwmark: 0xca6c

peer: peer here
  endpoint: ip.endpoint.here:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 7 seconds ago
  transfer: 8.07 KiB received, 3.77 KiB sent

I've tried searching for this to figure out what's happening, and I'm not finding anything, likely because I don't know how to properly query for results.

What I've been doing is just manually running an alias on resume that brings the vpn connection down, and then back up again with:

sudo wg-quick down wg0 && sleep 2 && sudo wg-quick up wg0

I've tried different variations on a script placed in /usr/lib/systemd/system-sleep to no avail. I have verified that that the script is running properly. I tested first with echo "sometext" > ~/somefile for both pre and post and the script is executed on suspend and again on resume.

Script example:

#! /usr/bin/bash

case $1/$2 in
	pre/*)
		;;
	post/*)
		sleep 2
		/usr/bin/wg-quick down wg0
		sleep 2
		/usr/bin/wg-quick up wg0
		;;
esac

Despite this script executing what is essentially the same command as my alias on resume, my home ip is what results from running curl ip.me.

Other details that may or may not be relevant.

I've got a wg-quick@wg0.service systemd service that runs on startup to connect to the vpn.

System is Arch with Hyprland, iwctl to manage the wifi connection. I'm not using hyprlock. When I close the laptop it suspends the session, and when I open it back up it just resumes it, no lock screen or password needed.

I don't really understand what's going on here, and I haven't been able to find any information that helps me figure out what's happening or how to address it. Any help would be greatly appreciated!

Edit: just wanted to add that I've also looked through journalctl and I haven't found anything useful (to me) there.

In short, my question is "Is there a way to prevent a non-malicious but unknowledgable and clumsy user to ruin their own home directory?"

Say my grandma opens a file browser looking for a picture, finds those dot files or those mysteriously-named directories distracting, sets her mind to deleting them. And assume she somehow finds a way to do so. While I understand that dot files or mysteriously-named directories of a non-privileged user are of no ultimate importance, it is a maintenance nightmare.

Plus, it's not only mysterious files that are prone to be targetted. She might well delete by accident the picture she was looking for.

Two kinds of solutions that come to mind are: -Restrict file permissions in an adequate way -Implement an easily operable, fool-proof, back-in-time scheme

Is there a mainstream, well-supported distro of GNU/Linux that has figured this use-case out?

I figure it might come in handy when Window 10 is no longer supported and the reports of hacks keep coming in.

I don't think he should have included the starting frame-- if the cursor were theoretically instant, his method records it with a 1 frame delay, and this +1 frame error happens on every test. Correcting this actually makes Wayland more laggy proportionally, although it makes both less laggy absolutely.

cross-posted from: https://lemmy.zip/post/30849791

Starting on January 19, 2025 Facebook's internal policy makers decided that Linux is malware and labelled groups associated with Linux as being "cybersecurity threats". Any posts mentioning DistroWatch and multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed.

We've been hearing all week from readers who say they can no longer post about Linux on Facebook or share links to DistroWatch. Some people have reported their accounts have been locked or limited for posting about Linux.

The sad irony here is that Facebook runs much of its infrastructure on Linux and often posts job ads looking for Linux developers.

Unfortunately, there isn't anything we can do about this, apart from advising people to get their Linux-related information from sources other than Facebook. I've tried to appeal the ban and was told the next day that Linux-related material is staying on the cybersecurity filter. My Facebook account was also locked for my efforts.

We went through a similar experience when Twitter changed its name to X - suddenly accounts which had been re-posting news from our RSS feeds were no longer able to share links. This sort of censorship is an unpleasant side-effect of centralized communication platforms such as X, Facebook, Google+, and so on.

In an effort to continue to make it possible for people to talk about Linux (and DistroWatch), as well as share their views and links, we are providing two options. We have RSS news feeds which get updates whenever we post new announcements, stories, and our weekly newsletters. We also now have a Mastodon account where I will start to post updates - at least for new distributions and notice of our weekly newsletter. Over time we may also add news stories and updates about releases. Links for the feeds and the Mastodon account can be found on our contact page.

cross-posted from: https://lemmy.zip/post/30837895

New year, new Hyprland release brought to you by Yours Truly. This update is quite large, so you might want to read these patch notes.

There have been quite a bunch of internal rewrites, mostly around memory safety, the renderer, and animation system. Although performance shouldn't change much, it should improve stability in edge cases. Please do report any regressions you might find, if they aren't reported already.

Notes for packagers

• new dependency: glaze
• I've dropped binary releases. Please use the source to build.

Breaking changes

• master:always_center_master has been replaced with a more flexible master:slave_count_for_center_master

New features

• CMake, Meson: add option controlling hyprpm building
• config: add exec(-onec) with rules and execr(-once) (#8953)
• core/renderer: Add GPU hotplug support (#8980)
• core: Add a periodic donation request (#8981)
• core: Add render:allow_early_buffer_release to make buffer release configurable (#9019)
• core: Add support for HDR and color management protocols (#8715)
• core: add --verify-config to verify the config with Hyprland
• ctm: add an internal fade animation to ctm transitions
• debug: add debug:pass for debugging the render pass
• hyprpm: add an option to force reload all plugins (#8883)
• hyprpm: add glaze dependency FetchContent fallback (#8899)
• keybinds: add new window destruction dispatchers (#8962)
• keybinds: add visible arg for cyclenext (#9045)
• master: add option to show slaves on left in center orientation (#8940)
• pluginAPI: add register dispatcher v2
• protocols: add hyprland_lock_notify_v1 implementation (#9092)
• protocols: add hyprland_surface_v1 implementation (#8877)
• protocols: add hyprland_surface_v1.set_visible_region implementation (#9120)
• renderer: Add supercircular window corners (#8943)
• selectors: add a tag: to for matching window tag(s) by regex (#8985)
• socket2: add focusedmonv2 event (#8921)
• windowrules: add negative: prefix for negating a regex

Fixes

• animation: fixup adding animvars during ::tick (#9030)
• animations: fix XWayland cursor glitch and refactor skill issues (#9033)
• animations: fix borderangle once (#9149)
• ci: fix "Resource not accessible by integration" for cf workflow (#9144)
• compositor: fix incorrect cast, use lambda capture instead (#9161)
• config: fix animations requiring all args
• config: fix float animation speeds < 0 (#9123)
• config/ConfigWatcher.cpp: add missing include needed for clang (#9166)
• configmgr: fix crash on very early plugin loads
• core/compositor: fix too early buffer release (#8966)
• core: fix custom resolutions (#8897)
• core: fix possible crash on null active workspace
• data-device: fix edge case crash on null xwm
• debug: fix ISDEBUG checking (#8823)
• debug: fix overlay not rendering
• desktop/DesktopTypes.hpp: fix include (#9104)
• dwindle: fix possible crash on null ws
• functionHooks: wait for hyprland pages before returning addr for trampo
• helpers/Monitor.cpp: fix include path (#9039)
• hyprctl: Fix hyprctl batch JSON command (#8749)
• hyprctl: fix hyprctl --batch not working with exec rules (#8952)
• hyprpm: fix hyrpm sometimes returning 0 despite errors occuring (#8761)
• keybinds: fix movefocus fallback for special workspaces (#9040)
• keybinds: fix nullptr deref in forcekillactive (#9021)
• keybinds: fix previous_per_monitor logic (#9010)
• logging: fix Gpu info (#8764)
• pass: fixup debug mode rendering of input boxes
• protocols: fix alpha-modifier noncompliance (#8929)
• protocols: fix compilation error (#8988)
• renderer: fix CRendererHintsPassElement reset duplication issue (#8928)
• renderer: fix fullscreen hdr check (#9076)
• renderer: fix oversized blur precalcs not blurring at all
• renderer: fix rare case when a tiled window would be rendered over fs
• shaders: fix blank windows when using corner rounding (#8969) (#8971)
• window: fixup fade out animation on silent moves
• xwayland: fix clipboard mime name and atom mismatch (#9137)
• xwayland: fix compile with no xwayland
• xwayland: fix crash when trying to initialize without Xwayland installed (#9077)
• xwayland: fix dnd including xwayland
• xwayland: fix pointer mismatches with multiple monitors (#9179)
• xwayland: fix sending large clipboard data (#9134)
• xwayland: various window handling fixes
• xwm: fixup targets in selection requests

Other

• Meson: properly install 'hyprland' symlink (#9091)
• Renderer: rewrite render scheduling (#8683)
• animation: avoid crashes in ::tick() on mutations
• animationmgr: don't warp based on POINTY value (#9000)
• binds: cycle within group on single monitor if no window found in the argument direction. (#8714)
• ci(clang-format): directly do the clang-format instead of error (#8955)
• config: avoid querying the fs every tick
• config: disable borderangle by default (#9165)
• config: update animation even if disabled
• config/ConfigManager.cpp: add instruction to edit config (#9130)
• core: add LIKELY and UNLIKELY macros
• core: Unbreak build on FreeBSD (#8762)
• core: always use goal size to send to clients
• core: avoid activating toplevel-less surfaces
• core: cleanup header includes (#9088)
• core: fade in windows when they are brought from invisible workspaces
• core: guard workspace and monitor in moveWorkspaceToMonitor
• core: make persistent workspaces always follow the config
• core: move all shared_ptrs from the STL to hyprutils (#9143)
• core: move parts of the animation system to hyprutils (#8868)
• core: move sendWindowSize off of xwaylandmgr
• core: move to inotify for monitoring the config files
• core: refactor/improve monitor mode selection (#8804)
• core: reserve vector sizes as much as we can (#9118)
• core: update groups on movewindow (#9183)
• core: use cpu-buffer hw cursors on nvidia by default
• core: use readFileAsString instead of cat for os-release
• ctm: disable fade animation by default on nvidia
• datadevice: do the unfocus surface stuff before dndActive is true (#9157)
• datadevice: guard XWayland server against crashes
• desktop: move desktop types to memory-safe pointers
• dnd/seat: avoid sending button events during a dnd op
• foreign-toplevel: update active on null window focus (#8860)
• fractional-scale: avoid redundant and duplicate scale events
• github: bug issue template improvements (#8894)
• groupbar: unify title rendering
• groups: honor group lock window rule (#8782)
• hooksystem: avoid huge include for HANDLE
• hyprpm: use glaze to parse hyprctl plugin list (#8812)
• input: abord dnd op on escape pressed
• input: pass touch events to lock screens (#9129)
• internal: Make static analysis more happy (#8767)
• internal: added reference to CTimer class in KeybindManager (#8836)
• internal: few small monitor improvements (#8890)
• internal: remove dead code (#8748)
• internal: removed Herobrine
• internal: update window position/size after changing fullscreenstate (#8865)
• keybinds: attempt to wrap around if fallback is allowed in movefocus
• layershell: check if layer is valid (#9156)
• layershell: return focus to a valid ls on close if possible
• layout: apply group rules after window creation (#8779)
• layout: damage window properly on float mode changes
• layout: force full damage on toggling floating mode
• layout: set window size after toggling floating
• logging: get broader GPUINFO (#8753)
• master: make loop around optional when cycling (#8926)
• master: replace always_center_master with slave_count_for_center_master (#8871)
• monitor: avoid crashes on no good modes
• monitor: bring back old description behavior
• nix/module.nix: expand nixos module for configuring hyprland
• opengl: only allocate offMainFB on demand
• opengl: use uv to avoid rendering the entire blurbox
• pass: allow removing all pass elements of a given type
• pass: ignore empty rectangles queued
• pass: improve blur region detection
• pass: improve pass debug mode
• pass: improve pass debugging
• pass: mark crucial elements as undiscardable
• pass: scale blur region in ::render
• pass: scale blur regions properly
• pointer: always scale the cpu cursor to the right size
• protocols: allow hyprland-toplevel-export to capture hidden windows (#9041)
• protocols: do not capture cursor in toplevel without pointer focus (#9042)
• protocols: do not destroy screencopy resources before client request (#9048)
• protocols: immediately copy toplevel content when ignoreDamage set (#9049)
• regex: log an error if regex parsing fails
• renderer/internal: stop using box pointers
• renderer: Auto enable wide color gamut in HDR mode (#9090)
• renderer: Do not set hdr metadata unless needed (#9014)
• renderer: allow plugins to know what window was rendered in post
• renderer: don't access hdrMetadata optional if it has no value (#8987)
• renderer: unload background texture if it's disabled
• renderer: use a render pass for render modif in client render
• renderer: use cairo for cpu buffer rendering (#9071)
• shadow: avoid drawing empty shadows
• snap: don't snap to any windows if workspace has a fullscreen window (#8870)
• snap: give edge snapping precedence over corner snapping (#8873)
• snap: revert #8659, use bounds checking instead of bit mask (#8872)
• subsurface: damage the entire parent on size change
• tablet: send motions on tip events (#9132)
• window: only set m_iMonitorMovedFrom, when moving to a different monitor (#9160)
• windowrules: precompute regexes for window/layer rules
• windows: honor xdg_toplevel_set_fullscreen output hint (#8965)
• windows: minor initial workspace improvements
• xwayland: avoid sending value of real size to xwayland
• xwayland: don't create an abstract unix domain socket on linux (#8874)
• xwayland: don't define atoms on no_xwayland builds
• xwayland: support sending clipboard change notification on focus (#9111)

Bug Fixes:

• Fix permission check for host system apps in the Camera portal.
• Do not expose the Settings portal if there are no backends available.
• Disable sounds-related notification tests if the project is built without wavparse.

Enhancements:

• Start porting the test suite to Python tests. Once finished, this should break the cyclic dependency between xdg-desktop-portal and libportal.
• Install Python-based tests. This is mostly useful for distributions to run tests as part of their packaging process.

I renamed one of my partitions and now Mint won't boot up. I go into recovery mode, run a file check and get the following:

Any help would be appreciated.

TIA!

I need some advice regarding which distro to choose. I tried installing fedora workstation on my laptop as test and it seemed quite annoying to get the user interface right.

I dont mind the technical differences, in fact i'm looking forward to them as linux is more secure and better designed.

The problem i'm having is that i want the good things from windows desktop. for example; tray icons, being able to control filesystem easily with gui, shortcuts on desktop.

Every distro i have tried or seen has been really basic regarding this out of the box with very little customization options. I prefer not having to download million extensions for every little feature that might stop working at every major update or if developer doesnt feel like continuing.

I also would like to be able to easily backup customization settings so i dont have to do everything again if i need to reinstall. I like being able to easily customize everything so having a lot of settings is good thing for me.

I read somewhere about kde plasma and screenshots seemed promising and downloaded kde fedora. Haven't installed it yet but am I on the right track for what i'm looking for? Are there other even better choices? I'd like to nail this from the start so I dont have to reinstall later. I really dont want to wade through every possible distro.

Thank you all, you have been big help