Linux

Okay, here's a shit story. I was doing a routine scan with ClamAV feb 4th. Out of nowhere it popped for a trojan. Thought it was a bit weird, probably a false positive. Nope. I discovered a weird .DLL in WINE, not in their repos, not something I installed. listed as .BRM for windows 6. I hashed it and ran it against everything I'd pulled from my .DLL files. No match. I went digging and found the schroot under /run/ I took a look at the properties and the env showed 128.7TB of storage. The program I use with WINE requires network access to authenticate and because it was for audio production, it had access to my filesystem for samples.

Broke out wireshark and confirmed they were exfiltrating data. I always have the camera covered and the Mic disabled, but only through a blacklist. As soon as they saw me, they wiped everything from my home folder, everything that wasn't a base part of kde was gone. They got my passport, resumes, had just downloaded all my data from google and deleted my accounts. Wedding photos, contact lists, phone numbers, Everything. Immediately unplugged the router, disconnected the modem.

Found the roommate, he uses windows 10. No security updates, no antivirus. Rooted into his machine as well. 7 foreign IPs routing traffic over privoxy, shut down all the ports, airplane mode, took his important data and burned a windows 10 iso. He's okay now. I'm currently running photorec, foremost and autopsy on an image of my drive trying to get what I can. Reopened a bank account, changed the phone number now I'm paranoid. Network password was stupid easy (not my connection, I don't own it) and he had it set up so everyone with the password was admin. Every machine in the house is potentially compromised. He had a whole host of web 3.0 bullshit, chinese wifi camera,(probably watching through that) old google home assistant, ps4, xbox, light controls.

We ditched the router, the people I share this place with have no idea what a computer even is and I am trying to explain to them why this is a problem. My synthesiser's OS is based on montevista linux, I connect it to the laptop all the time. There's a server farm out there trying to get into insecure connections. I was rooted with 32x linux using a fake .DLL in WINE, he was rooted into by a Windows 10 machine. Of course he uses an admin account for everything. I pulled a shit tonne of persistence off my computer. Cron jobs, Startup scripts for privoxy and schroot, services, grub configuration, SSH keys, User Logins, Key loggers. This is sophisticated enough that they could tailor something on a per machine basis and I never would have found it if I hadn't been actively looking because since they schroot, none of those processes were available to me to view. I just had a funny feeling the last time I used WINE because the configuration kept updating and it normally only does that if you add a library, or make a change to the program and I hadn't done that in a month.

I need some help, fellas because I went to the cops and the cybercrime unit stops at "He posted my nudes on Facebook." This was not intended for me, this is meant to spread across as many machines as possible. ISP in our area recently put in fibre in a bunch of different houses and I'm worried they may be piggy backing our connection off our neighbours. How many people out there are using older versions of android with no security updates? What if they get someone who works in power generation, law enforcement, a nurse on the way to the hospital. It is so bad and I cannot get any one to listen to me. They think I'm a lunatic. Last thing, can you give me some advice on containerising applications in docker, command line docker. I'm not giving a company my personal information to use their stupid GUI and I want to cut this off at the head. No more free access to the file system, every application and all the files I use with them on their own container. How do I build something from source in a leak proof Docker environment? how do I install a web browser with no access to geoclue, date and time or files? Resources, if you can, would be incredibly helpful. I am only doing linux for 2 years as a hobby, this is out of my wheelhouse. Just a blank container with one program, so I can inspect files coming in and out of and decide if something gets access to my home directory or not. stay frosty out there.

Edit: finally figured out how to add pictures to this. You'll notice the tree from home folder that it's basically fucking empty. You'll also see ventoy which I had to have to get my housemate's stupid ASUS laptop to let me burn Microsoft's spyware onto it. You'll also see photorec which is currently digging through all the data left on the disk.img, you'll also see the output of my first attempt using foremost, which failed because the disk was mounted and live. Here is the audit.txt https://files.catbox.moe/picf4y.txt If you scroll down just a little bit, you will see the poisoned .DLL and the .exe that was hidden in it. Listed as created year 2000 and 1998. I don't use social media, like at ALL because it's all poison. Don't you call me a fucking liar. You have ABSOLUTELY no idea what I have been through in the last 3 days. I have talked to local police, state police, had to img my entire drive and send it to them. I have lost copies of all my personal identification documents, immigration documents, I have had law enforcement visit me repeatedly. THIS IS NOT a fucking joke.

Edit: Christ the way this website handles image hosting, I can't. 3 days of chainsmoking, talking to cops, reinstalling OSes and explaining to a 45 year old man that your router password cannot be 1love[name of his cat that he posts about on instagram]

Here all the images in one place. Sorry, incredibly stressful period right now, I use GNUicecat and since all of my user settings are gone I don't know what's working and what isn't because I haven't had 3 hours to sit down and configure it yet:

https://ibb.co/ns66L9WH

https://ibb.co/k6VKWkbn

https://ibb.co/Y7p1SxJK

https://ibb.co/nN0RKhF1

https://ibb.co/nMCHYpbQ

https://ibb.co/Lzjfs2dP

https://ibb.co/zH8c86jv

I need a fucking smoke

Okay, here's a shit story. I was doing a routine scan with ClamAV feb 4th. Out of nowhere it popped for a trojan. Thought it was a bit weird, probably a false positive. Nope. I discovered a weird .DLL in WINE, not in their repos, not something I installed. listed as .BRM for windows 6. I hashed it and ran it against everything I'd pulled from my .DLL files. I went digging and found the schroot under /run/ I took a look at the properties and the env showed 128.7TB of storage. The program I use with WINE requires network access to authenticate and because it was for audio production, it had access to my filesystem for samples.

Broke out wireshark and confirmed they were exfiltrating data. I always have the camera covered and the Mic disabled, but only through a blacklist. As soon as they saw me, they wiped everything from my home folder, everything that wasn't a base part of kde was gone. They got my passport, resumes, had just downloaded all my data from google and deleted my accounts. Wedding photos, contact lists, phone numbers, Everything. Immediately unplugged the router, disconnected the modem.

Found the roommate, he uses windows 10. No security updates, no antivirus. Rooted into his machine as well. 7 foreign IPs routing traffic over privoxy, shut down all the ports, airplane mode, took his important data and burned a windows 10 iso. He's okay now. I'm currently running photorec, foremost and autopsy on an image of my drive trying to get what I can. Reopened a bank account, changed the phone number now I'm paranoid. Network password was stupid easy (not my connection, I don't own it) and he had it set up so everyone with the password was admin. Every machine in the house is potentially compromised. He had a whole host of web 3.0 bullshit, chinese wifi camera,(probably watching through that) old google home assistant, ps4, xbox, light controls.

We ditched the router, the people I share this place with have no idea what a computer even is and I am trying to explain to them why this is a problem. My synthesiser's OS is based on montevista linux, I connect it to the laptop all the time. There's a server farm out there trying to get into insecure connections. I was rooted with 32x linux using a fake .DLL in WINE, he was rooted into by a Windows 10 machine. Of course he uses an admin account for everything. I pulled a shit tonne of persistence off my computer. Cron jobs, Startup scripts for privoxy and schroot, services, grub configuration, SSH keys, User Logins. This is sophisticated enough that they could tailor something on a per machine basis and I never would have found it if I hadn't been actively looking because since they schroot, none of those processes were available to me to view. I just had a funny feeling the last time I used WINE because the configuration kept updating and it normally only does that if you add a library, or make a change to the program and I hadn't done that in a month.

I need some help, fellas because I went to the cops and the cybercrime unit stops at "He posted my nudes on Facebook." This was not intended for me, this is meant to spread across as many machines as possible. ISP in our area recently put in fibre in a bunch of different houses and I'm worried they may be piggy backing our connection off our neighbours. How many people out there are using older versions of android with no security updates? What if they get someone who works in power generation, law enforcement, a nurse on the way to the hospital. It is so bad and I cannot get any one to listen to me. They think I'm a lunatic. Last thing, can you give me some advice on containerising applications in docker, command line docker. I'm not giving a company my personal information to use their stupid GUI and I want to cut this off at the head. No more free access to the file system, every application and all the files I use with them on their own container. How do I build something from source in a leak proof Docker environment? how do I install a web browser with no access to geoclue, date and time or files? Resources, if you can, would be incredibly helpful. I am only doing linux for 2 years as a hobby, this is out of my wheelhouse. Just a blank container with one program, so I can inspect files coming in and out of and decide if something gets access to my home directory or not. stay frosty out there.

Im looking for ways to increase my use of the terminal and so I want to have one around all the time without having to switch tabs. I have seen tiling window managers but I kinda don't want to lose like windows snapping and such. Is there any way to attack a window to the taskbar in kde so that other programs won't overlap it? I basically would like to have like 3 lines of a terminal across the bottom just above the start bar.

I am running Bluefin immutable distro and I would like to test Niri. I found on the net that the cleanest way is to use systemd-sysext and I have managed to install Niri using the community extensions.

Now I would like to install Dank Material Shell, and it has a couple of pre-requisites and I am clueless how I can add them again with systemd-sysext.

I tried to look for additional information, but found very little on the matter. Do any of you have experience with this?

I moved about a month ago and haven't touched my pc a whole lot from before packing it away and finally getting around to unpacking it.

I'm running CachyOS and finally got around to unburying it, and after trying to run a system update I'm met with this:

sudo pacman -Syu
:: Synchronizing package databases...
 cachyos-v4 is up to date
 cachyos-core-v4 is up to date
 cachyos-extra-v4 is up to date
 cachyos is up to date
 core is up to date
 extra is up to date
 multilib is up to date
 DEB_Arch_Extra         10.1 KiB  12.5 KiB/s 00:01 [---------------------] 100%
:: Starting full system upgrade...
warning: gtk2: local (2.24.33-5.1) is newer than cachyos (2.24.33-5)
:: Replace lib32-vulkan-mesa-device-select with cachyos/lib32-vulkan-mesa-implicit-layers? [Y/n] y
warning: libpng12: local (1.2.59-2.1) is newer than cachyos (1.2.59-2)
:: Replace vi with extra/ex-vi-compat? [Y/n] y
resolving dependencies...
looking for conflicting packages...
error: unresolvable package conflicts detected
error: failed to prepare transaction (conflicting dependencies)
:: vulkan-mesa-implicit-layers-1:25.3.5-2 and vulkan-mesa-device-select-1:25.2.7-2 are in conflict

I'm not super technologically inclined, not completely illiterate but no expert for sure. Usually I'd update my system regularly but with the move and otherwise being extremely busy lately I'm only getting around to it now. I tried looking it up first but I'm not sure if I just used the wrong search queries or what, but I couldn't get a good answer anywhere, so I thought I'd try here.

Thanks in advance for any help. I really do appreciate it.

Update: I got it working again! Thanks for everyone who offered help, and especially thanks to Ooops@feddit.org. For anyone who may have the same issue in the future, all I needed to do was update the conflicting packages on their own before doing a full system upgrade and it worked.

A few years ago I made a city in Cities Skylines inspired by Linux distributions. There is the main, free island with (mostly) desktop Linux distributions and the smaller, crowded, and restrictive Android island with various Android ROMs. I've probably put over 200 hours into this city in the game. This is a long post, so buckle up.

There are ~90-95 districts in the city, each representing a distro or at least a specific desktop environment. Each district has a 2-digit code, with the first digit having a theme:

• 0x, 1x: Ubuntu and its direct derivatives
• 2x: Ubuntu derivatives, but with some "distance" from Canonical (Linux Mint, ElementaryOS), plus some miscellaneous distros
• 3x: Debian and its non-Ubuntu derivatives
• 4x: Fedora and its derivatives
• 5x: Arch and its derivatives (including SteamOS)
• 6x: Miscellaneous and lightweight distros (Slackware, OpenSUSE, Tiny Core, etc.)
• 7x: "Googled" Android ROMs
• 8x: Degoogled Android ROMs (half of them are probably dead, due to laws from the other parts of the island)
• 9x: "Advanced" Linux distros (ex. Kali, Alpine, NixOS, Gentoo, etc.)

Exceptions to the my first digit rule:

• 27: ChromeOS
• 69: Hannah Montana Linux
• 76: PopOS

There are some other general rules for districts in the city:

• Any major money-making distro corresponds to an industrial district (ex. RHEL, Ubuntu IoT, etc.)
• Districts near the coast correspond to more noob-friendly distros, and districts in the inner mountain regions correspond to more advanced distros.
• Dense districts correspond to distros used by many people, and this pattern continues to exurban or even rural districts.
• In general, the better the distro is, the more "desirable" its corresponding distict is to live in.

Yes, I purposely designed the Ubuntu district to be shaped like the Ubuntu logo and I think it's beautiful.

How to get around the city? There is lots of public transit, and highways for cars.

Let's start with the roads, because I named most of them. Small roads will be bullet-pointed, while large roads will have a picture with the name.

• North-South streets are numbered, from 1st Street (by the GeForce RTX Cliffs Park) to 95th Street (in SteamOS and on Atomic Island). This holds true on Android island.
• East-West roads are named based on the North-South position relative to the center of Ubuntu:
• South of the center of Ubuntu, they are named after the first word of the Ubuntu releases (from Edgy Eft to Noble Numbat)
• North of the center of Ubuntu on Linux island, they are named after the second word of the Ubuntu releases (from Edgy Eft to Kinetic Kudu).
• East-West roads on Android island are named after the Android desserts (from the made up Apple (lol) Street, to Tiramisu Street).
• There are some exceptions, especially in the center of larger districts. Send a reply if you have any questions about a particular road!

Here are pictures of each part of the city:

Ubuntu vicinity:

NE Linux Island:

SE Linux Island:

SW Linux Island:

NW Linux Island:

Android Island:

View from "Ubuntu Overlook":

Arch btw Park:

(I'm not even an Arch user but I think this is funny)

The backbone of the public transit are the train lines, named after the Big 4 motorcycle manufacturers (I'm into motorcycles lol) arranged similar topographically to a peace sign:

• Honda loop: Ubuntu, Debian, Raspbian, Linux Mint, PopOS
• Suzuki loop: Ubuntu, Debian, OpenSUSE, Fedora/Nobara, Manjaro, SteamOS
• Kawasaki loop: PopOS, Linux Mint, Raspbian, OpenSUSE, Fedora/Nobara, Manjaro, SteamOS, Stock Android, Airport
• Yamaha line (not loop): Debian, Ubuntu, Airport, Stock Android

Additionally, there are many bus lines, with the long-range ones named after Sheet Music Boss's RUSH songs. Note that the districts I mention are not the only stops, but just give a rundown of where the lines go.

• RUSH A: Ubuntu-AntiX-Arch-Manjaro-Bazzite
• RUSH B: KDE Neon-Kubuntu-Ubuntu-PopOS-Zorin-Linux Mint-ElementaryOS
• RUSH C: Airport-Ubuntu Kylin-Ubuntu-Xubuntu-Linux Mint-ElementaryOS
• RUSH C#: Ubuntu-Ubuntu Budgie-Deepin-MX Linux-Raspbian
• RUSH D: ChromeOS-Slackware-Lubuntu-Debian-Raspbian
• RUSH Eb: SteamOS-EndeavorOS-Arco-Arch-OpenSUSE-Kali
• RUSH E: SteamOS-Manjaro-Bazzite-Silverblue-Fedora
• RUSH F: Linux Mint-Debian-OpenSUSE-Rocky-CentOS-Fedora-Silverblue
• RUSH G: Airport-KDE Neon-Slackware-ChromeOS-Parabola-Northern and central SteamOS
• RUSH PIGGIES: Ubuntu-Ubuntu MATE-Debian-Raspbian-Kali-OpenSUSE-RHEL-Fedora
• RUSH ASTRONOMIA: Hannah Montana-Kubuntu-Lubuntu-Peppermint-Solus-Linux Mint-ElementaryOS
• RUSH ANKHA: ChromeOS-Slackware-Ubuntu-Xubuntu-Linux Lite-Linux Mint
• RUSH SKELETONS: ChromeOS-Gentoo-Puppy-Void-Arch-CentOS-Nobara-Fedora
• RUSH AREA 51: Slax-Slackware-ChromeOS-Garuda-EndeavorOS-Nobara-Fedora

Please note that some parts, especially on the west side, are still undeveloped as I have to wait for more residential demand.

Ironically, this city was fully made in Windows.

cross-posted from: https://lemmy.world/post/42787520

Most of us have some blinking, light-emitting, colorful devices attached to our potatoes - or whatever the minimum specs for Linux are these days, haven't checked in a while.

And most of us use OpenRGB to control them. But I fear this single project has some major, fundamental issues. As with many projects, it grew very fast and very big.

It has over 200 supported devices today, and the list keeps growing.

But it wasn't designed to grow this fast or support such a variety of devices.

This has led to several issues:

Not all features can be implemented for all devices:

For example, devices with different available effects per zone aren't supported by design. You may have noticed that sidebar LEDs on some keyboards aren't controllable via OpenRGB.

No support for macros, DPI settings, and more:

It was always about RGB. This isn't an issue per se - it's the scope of the software. But:

Cannot coexist with macro/mouse controlling software:

OpenRGB needs to open the HIDRAW device to control it, and this is an exclusive operation. So no other software can hook those devices at the same time.

Growing backlog:

Device-support requests keep piling up, new devices wait a long time to be accepted - the usual open-source maintenance challenges.

My Idea

Let's create a unified device abstraction library. The core part should just offer a C++ library with all the device abstraction logic in it. This library can then be consumed by a variety of software:

• OpenRGB could use the RGB part of it, focusing on orchestration and advanced features
• Python bindings for scripting your setup
• Hyprland integrations
• Custom CLI tools
• Whatever the community builds

Therefore, if you're a developer who knows your way around modern C++ features (or wants to learn), here's my project pitch:

What this could be:

• Modernized device code (C++23, memory safety, proper abstractions)
• Support for ALL peripheral features (RGB, macros, DPI, profiles, etc.)
• Clean API for other developers to build on
• Reduced fragmentation - community maintains ONE device library instead of competing implementations

Making this real would need:

• C++ developers , as one developer is no developer (and i have other hobbies!)
• People who've worked with USB/HID protocols on Windows and other Non-Linux platforms!
• Anyone frustrated with current Linux peripheral tools and willing to help fix it
• Design feedback and testing

To kickstart this:

We can fork OpenRGB's existing device implementations (GPL-licensed) as a foundation. I have at least two devices here that offer on-device macro functionality, key remapping, and more, so I can create the basic abstractions for those features.

Thoughts?

I followed the written tutorial in the settings but I still don’t know if there’s Wapuro Romaji and often when I try to test the layout it snaps back to English or doesn’t seem to write any different from the english keyboard and if everything does work it seems to delegate individual Kana to keys & I’m not very comfortable with that way of typing.

edit: false alarm, the article is a year old. I saw feb 4th and jumped the gun.

~~hey, what the fuck!? wasn't MICROS~1 recent debacle not a warning huge enough?!~~

Hi all, sorry if I post this the wrong place.

I have a laptop running mint with qtile which sometimes freezes. To the point where nothing responds and I need to kill it. I've tried: sudo journalctl But I don't get any information which helps me.

Can anyone help to debug it?

Is there a daemon that will kill any processes using above a specified % of CPU? I'm having issues where a system is sometimes grinding to a halt due to high CPU usage. I'm not sure what process is doing it (can't htop as system is frozen); ideally I'd like a daemon that automatically kills processes using more than a given % of CPU, and then logs what process it was for me to look back on later. Alternatively something that just logs processes that use a given % of CPU so that I may look back on it after restarting the system.

The system is being used as a server so it's unattended a lot of the time; it's not a situation where I did something on the computer and then CPU usage went up.

Edit: Thanks to the comments pointing out it might be a memory leak instead of CPU usage that's the issue. I've set up earlyoom which seems to have diagnosed the problem as a clamd memory leak. I've been running clamd on the server for ages without problems so might be the result of an update; I've disabled it for now, and will keep monitoring the situation to see if earlyoom catches anything else, or if the problem keeps occurring I'll try some of the other tools people have suggested.

I salvaged a Microsoft Surface Go gen 1 from the scrap pile and installed Linux on it. Most stuff seems to work ok but I can't get screen rotation working in Gnome. I know its not a sensor issue because it works under plasma-mobile, and if I run monitor-sensor I can see its detecting mottion even under Gnome.

I tried installing the older version of iio-sensor-proxy-git suggested here but that made no difference: https://github.com/linux-surface/linux-surface/issues/689

I also tried the screen rotate extension, however the AUR version made no difference and when I tried downloading it from the web it just said it was incompatible. I don't think it would solve the problem anyway because Gnome realises its in tablet mode and has the option for auto-rotate, it just doesn't do anything. I've also tried the Fedora live iso and its the same there.

Alternatively can anyone suggest a good on screen keyboard for KDE? I've tried maliit and plasma-keyboard but they're missing keys like ctrl and tab etc which makes using the terminal horrible. Thats the main reason I'm even using Gnome because the on screen keyboard is great.

Edit: Turns out I just had to go back to the extension web page and enable it.

A while ago, I set up unattended-upgrades on my Debian 13 machines. Running sudo apt updatedoesn't cross my mind now that I assume unattended-upgrades takes care of that for me, but every once in a while, I'll try installing something and get the "Unable to locate package" errors associated with outdated repositories. After being made aware of having outdated repositories and packages, I'll go and run sudo apt update && sudo apt upgrade on my other machines, only to be told that all packages are up to date and unattended-upgrades did do its job there. I don't keep a record of this happening, but I also don't recall there being any pattern to which of my machines are affected and which aren't at any given time.

Where could I start hunting down the cause of this inconsistent behavior? I did double-check that I enabled it via sudo dpkg-reconfigure unattended-upgrades

Hi everyone! I’m trying to get a HP EliteDesk 705 G3 Desktop Mini to work as a Linux media player for my LG smart TV. My TV only has HDMI input, and my EliteDesk only has Display Port output, so I’m using a (reported) 4k60hz DP to HDMI adaptor, with a HDMI 1.3 cable.

Specifically, I want to use my computer to play 4k content on my television. I tried using HDMI 4k60hz and 8k cables, with OpenSUSE Leap with Gnome installed, but that led to the maximum resolution being 640x480. I ended up trying the HDMI 1.3 cable and that did work for whatever reason.

I’m not a fan of Gnome, though, so I wanted to switch to KDE instead. I can’t get 4k to work there at all. It has installed just fine, and I can use the computer with my 1080p monitor, but whenever it attempts to switch to 4k on my TV, I get a black screen right before I can login by entering my password. And if it boots on my TV in 1080p, I don’t have a visible cursor.

reportctl afterwards doesn’t really show any errors.

I added inxi -Gxx as an image.

Any thoughts?

Recently I got into playing Cyberpunk 2077 and it's a dx12 only game, no native vulkan support and need to be translated to vulkan which is bad because my framerate drop from 65fps to a merely 35-42fps because of dx12 bug, which is a lot of frames to lose. As soon as nvdia fix it or nvk driver caught up with nvdia proprietary driver I will remove win10. If you wondering why I have nvdia GPU because I only use laptop and an AMD laptop with the same power as nvdia is rare and even rarer in my country and also 2x more expensive. English is not my native language sorry if there's any mistakes.

I am now a published author.

I know there isn't an objectively correct answer to this question, and I'm not asking for the "party line" - I just want to hear everyone's opinions (and the inevitable arguments had in good fun, of course).

I have a TV which says it supports 4K 144Hz and right now I run an old laptop as a media server/desktop to it, which can only handle 1080p. I wish to switch to some NUC/mini-pc that run a linux desktop in 4K and run media flawlessly on it.

There are two things that I get confused about trying to find something that suits my wishes:

1. How do I properly find out if the hardware can handle this? Like a rpi5 can handle 4K video playback with like librelec, but a 4K desktop distribution is laggy and slow. Is a CPU only enough, or do I need dedicated GPU? Should I be looking at the Ultra Core series from intel, does it have good linux support?
2. Are my wishes on hdmi 2.1 level troughput? Which may not work on linux? Reading about hdmi 2.1, then it says that the hdmi forum forbids open source support for hdmi 2.1, does that mean there are binary blobs for linux that will work?

Is there anything else I'm missing? If you run a linux media server, what hardware and dist are you running?

I distro hopped for a bit before finally settling in Debian (because Debian was always mentioned as a distro good for servers, or stable machines that are ok with outdated software)

And while I get that Debian does have software that isn't as up to date, I've never felt that the software was that outdated. Before landing on Debian, I always ran into small hiccups that caused me issues as a new Linux user - but when I finally switched over to Debian, everything just worked! Especially now with Debian 13.

So my question is: why does Debian always get dismissed as inferior for everyday drivers, and instead mint, Ubuntu, or even Zorin get recommended? Is there something I am missing, or does it really just come down to people not wanting software that isn't "cutting edge" release?

All the ones that keep getting recommended have a UI like a cockpit of a Boeing 747 (kdenlive, shotcut, openshot, DaVinci resolve) which is so overwhelming, all I want is just make some cuts, blur a face, or something on the screen, and maybe add some subtitles.

I just want something simple, I am not gonna make the next Avatar movie.

I have a feeling there is nothing like this on linux but hey maybe one of you actually knows of one.

I have three Ethernet interfaces, namely eth[0...2]. eth0 is connected to my VPN router and eth1 and eth2 are connected to my public facing router. eth0 is the standard interface that I normally let my Linux instance use. I now want to set up a container that hijacks (makes unavailable to the host) eth1 or eth2 in order to run various services that need to be reachable from WAN through a Wireguard tunnel.

I am aware that the man pages for systemd-nspawn say that it is primarily meant to be a test environment and not a secure container. Does anybody have experience with and/or opinions on this? Should I just learn how to use Docker?

For now, I am only asking about any potential security implications, since I don't understand how container security works "under the hood". The network portion of the setup would be something like:

Enabling forwarding kernel parameters on the host

Booting the container with systemd-nspawn -b -D [wherever/I/put/the/container] --network-interface=[eth1 or 2]

Then, managing the container's network with networkd config files, including enabling IPForward and IPMasquerade

Then, configuring wireguard according their official guides or, for instance, the Arch wiki.

Any and all input would be appreciated! 😊

[Update: I went with CachyOS instead, it looks like a great option for gaming with general usage and has a really good wiki]

A coworker of mine asked me to help him install Linux, he hasn't tried Linux before but he's sick of Windows.

He is very much into gaming, so gaming support is the first priority. He is also a developer/tester so I suppose that he will also want to have access to dev tools, languages, and other packages like that for personal projects.

My first go-to when recommending to newbies is Mint because it's simple, tried and tested, but I have been hearing a lot about Bazzite lately and see that it offers a very nice gaming experience. However it scares me that there's no typical package management like apt or pacman as I browse their docs, instead it relies heavily on Flatpaks and brew, or even podman images. Will this be a problem as he uses the OS for general usage besides gaming in the long term, would it be better to just go with Mint and set that up for gaming instead?

Feel free to also recommend other distros, but keep in mind that while he is technical, he is still completely new to this so I want things to work out perfectly for his first experience.