Not op but thought this may be interesting

In order to be able to Further configure my system, I am looking for a fork of my current OS (artix with openRC as init system) in which i am able to compile every package from source in order to Further configure it with make flags. I am currently not using gentoo, and because the packages in its default repos are only updated when necessary, and the break-my-gentoo repo is more of a joke than an actual replacement for arch. However, if someone can recommand me a repo with similar package updates as arch, I would be looking at installing gentoo.

EDIT: Thank you for Pointing out to me that Gentoo can have newer Packages too. I did indeed not know this, and therefore just stamped off Gentoo as a stable rolling release distro. I will be looking at learning more about gentoo and eventually installing it, once I know how to use portage.

So I have a two monitor setup, and I really dislike how gnome only lets you have the bar on the primary screen unless you install a plugin that is very outdated and I cannot get working on the latest version of gnome or use dash to dock, and I am not a fan of the dock style...

Then with KDE is kinda nice, but then I have to keep the panel at the bottom of both monitors in sync manually for pinned items... I am just curious if this bothers others and if there is a DE that doesn't really have this issue or any workarounds people know of.

Welcome to the monthly update for openSUSE Tumbleweed for May 2024. This month has seen a significant number of updates, enhancements, and crucial security fixes. Whether you are a developer, a system administrator, or a casual user, these updates are designed to enhance your experience and ensure the highest level of security and performance.

Should readers desire a more frequent amount of information about snapshot updates, readers are encouraged to subscribe to the openSUSE Factory mailing list.

Let’s go!

New Features and Enhancements

• Linux Kernel 6.9.1: The month of May had a couple updates for the Kernel, but so far remains at version 6.9.1, which addresses various issues and enhancing overall stability. The mt76 driver for wifi saw improvements with the addition of missing chanctx operations for the mt7915 wifi card, enhancing functionality. A critical fix was made to the keys subsystem to prevent overwriting key expiration during instantiation, improving security. Support for system suspend/hibernation was enhanced for the Modem Host Interface subsystem with the addition of the mhi_power_down_keep_dev() Application Programming Interfaces, which is beneficial for maintaining device states during power management operations.
• LLVM 18.1.6: Subpackages that were updated were clang-tools, clang18, libLLVM18, libclang-cpp18, libclang13, llvm18-gold. Fixed issues with generating incorrect thunks for functions with aligned parameters or incorrect return value passing when StructRet was used. -Xclang -target-feature -Xclang +unaligned-scalar-mem for enabling unaligned scalar memory accesses on CPUs without unaligned vector access support were introduced. Build failures when compiling AVX512 code with -march=native on machines without AVX512 were addressed. Crashes in the AArch64 backend related to fcmp instruction operands being true or false at the IR level were fixed and there was a fix to compiler crashes.
• KDE Frameworks 5.116.0: Breeze Icons received new icons for audio/ogg and audio/x-vorbis+ogg file types, as well as the audio/vnd.wave MIME type, enhancing support for audio file formats. Extra CMake Modules had notable updates including the dropping of attempts to set IMPORTED on targets with installed configurations in ecm_add_qch. KFileMetaData saw a fix with the handling of attribute namespacing and improved metadata accuracy and processing. KService addressed a warning related to the "mimeType x-scheme-handler/file not found" issue.
• udisks2 2.10.1: This update features updated Ukrainian and German translations, improvements to testing for LVM2 RAID by wiping used devices, settling down before checking properties and rescanning vdevs after tests. Offline and online filesystem grow tests were added, and documentation for the Filesystem.Size property was clarified. A fix was implemented for Python class invocation in nvme tests, and a --no-partition-scan option was added for the loop-setup command in udisksctl. A --no-partition-scan option for the loop-setup command in udisksctl was added.
• firewalld 2.1.2: The update to 2.1.2 includes several fixes: the policy now allows forwarding ports with the to-addr for egress-zone=HOST, the range check for large rule limits in rich rules has been corrected, and skip detection in the fw-in-container environment has been fixed during testing.
• snapper 0.11.0: The update introduces asynchronous cleanup of stale btrfs qgroups and reverts some parts to fix the build in the Open Build Service. The cleanup service is now set to run every hour and qgroups are disabled if they do not exist to avoid failure when creating snapshots. Support for quarterly snapshots has been added, and a table-style selection is now based on codeset.
• GTK3 3.24.42: Printing is improved by avoiding access to freed printers. Wayland fixes include correct monitor sizes, a crash related to tablet removal, inferred resizable edges for tiled windows, and ensuring commits occur soon after acknowledging a configure.
  GTK4 4.14.4: A crash issue when there is no child was resolved and efficiency improvements were made in loading symbolic SVGs and handling color-free symbolics. Accessibility updates include making the gtk-demo sidebar search more accessible and stopping the emission of focus events. GDK introduced support for XDG_ACTIVATION_TOKEN and made defensive improvements for dmabuf. These improvements include handling unknown formats more carefully and using a narrower range for YUV formats.
• Mozilla Firefox 126.0. The browser brought had a major update and fixed 16 Common Vulnerabilities and Exposures. There was arbitrary JavaScript execution in PDF.js fixed with CVE-2024-4367. A potential permissions request bypass via clickjacking was fixed for CVE-2024-4764. There were memory safety bug fixes addressing CVE-2024-4778 and CVE-2024-4777; the latter helps with those for Firefox ESR 115.11 and Thunderbird 115.11.
  sssd 2.9.5: The update introduces a new configuration option called failover_primary_timeout. This option allows users to configure how often SSSD tries to reconnect to a primary server after successfully connecting to a backup server. Previously, this interval was hardcoded to 31 seconds, which remains the default value.
• openldap2 2.6.7: The liblber library fixes a missing newline on long messages and libldap addresses exit handling issues with OpenSSL3, TLS usage with multiple LDAP URIs OpenSSL cipher suite handling and handling of Diffie-Hellman parameter files with OpenSSL 3.0. The slapd service now honors the disclose option in matchedDN handling, improves regex testing in ACLs, and fixes sync replication with glued databases.
• iproute2 6.9: The update introduces several new features and improvements: The m_mirred module now allows mirroring to block and the tc command adds NLM_F_ECHO support for actions and filters. The ip command has been enhanced with coupled_control support for bonding and a new monitor command for IOAM6.
• xwayland 24.1.0: The feature release addresses several regressions introduced in previous release candidate versions. The eglstreams support has been dropped.
• AppStream 1.0.3: Key features include enhanced validator checks to ensure description lists aren't translated, improved translation checks for descriptions and the ability to propagate selected custom entries to catalog output via the CLI compose command. Many other features were added.

Key Package Updates

• tpm2-0-tss 4.1.0: This updated provided a major security fix for CVE-2024-29040. Various bug fixes were implemented, including correcting the length check on FAPI auth callbacks, fixing the deviation from the CEL specification and resolving json syntax errors in FAPI profiles that were previously ignored by json-c. The update also adds support for new features and enables the usage of external keys for Fapi_Encrypt.
• postgresql16 16.3: A fix was made for CVE-2024-4317, which could allow for an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users.
• Python 3.x versions had a fix for CVE-2023-6597 A vulnerability was discovered in the CPython. It affected versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier. This class would incorrectly follow symlinks during cleanup when there were permission errors. As a result, users with the ability to run privileged programs could potentially change the permissions of files pointed to by symlinks under certain conditions.

Bug Fixes

• glib2 2.80.2:

  • CVE-2024-34397 - An issue in GNOME GLib allows spoofed D-Bus signals, affecting client behavior

• qt6-base:

  • CVE-2024-33861 - QStringConverter's invalid pointer callback can modify the stack, risking vulnerabilities in applications using QStringDecoder.

• libxml2 2.12.7

  • CVE-2024-34459 - Buffer over-read in xmllint --htmlout can cause vulnerabilities in libxml2 before 2.12.7.

• libarchive 3.7.4:

  • CVE-2024-26256 - Remote Code Execution Vulnerability.

• krb5 added some patches to fix memory leaks related to:

  • CVE-2024-26458
  • CVE-2024-26461
  • CVE-2024-26462

• ovmf

  • CVE-2022-36763 - EDK2 vulnerability in Tcg2MeasureGptTable() allows heap buffer overflow via local network

• python-Jinja2 3.1.4:

  • CVE-2024-34064 - Jinja's xmlattr filter vulnerability allows non-attribute characters in keys, risking XSS attacks.

• tpm2-0-tss 4.1.0:

  • CVE-2024-29040 is a flaw that allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.

Conclusion

The month of May 2024 had a steady flow of crucial security fixes, important updates, and notable enhancements across various packages for openSUSE Tumbleweed. The updates to the Linux Kernel, LLVM, KDE Frameworks and numerous other components ensure that Tumbleweed systems remain feature-rich and keep rolling. Developers and users alike benefit from the improvements, enhancements and new features.

For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

I own several external 2.5'' HDDs on the 1 TB range where I save my data. Samsung has worked well for me, but now I need more space.

One option would be to buy an external SSD instead of HDD.

Another would be to get an external NVME, but so far I haven't found cases for them.

Nowadays we even have 1 TB flash drives, should I get one of these instead?

I could also buy 2 0.5 TB micro SD cards instead.

So many options make it difficult to decide.

What brands and technologies do you recommend?

Software is going to be debian based.

A way to long introduction

I've been toying with the idea of getting a second phone to put postmarket OS on. So out of curiosity I've been going through the available software checking if I could maybe even use such a device as a daily diver. The result: Not yet, but it is very close (purely from an app availability standpoint). Most use cases have functioning apps or apps that are actively worked on. I did however notice some gaps. Now, my programming knowledge is very small and I don't really have the time to learn and then develop/maintain the apps. At least not at the moment. I have been checking out penpot however. Penpot is a browser-based graphic design tool with a focus on UI/UX design tool, similar to figma, but open source. And there is a mostly complete asset pack for gnome/adwaita applications available. (Side note to everyone trying it out: If you are getting weird flickering then it might be a Nvidia/Wayland issue. Switching to X should resolve it)

Long story short: I have cheated some mock-ups for some apps that I am hereby sharing with the world. Some of them are a bit rough around in some places but maybe someone finds themself inspired by it. All of them are mobile first designs but since its Adwaitas design language it shouldn't be too hard to imagine how they would look on a desktop. If you decide to use one of my designs then you don't need to credit me (though it certainly would be appreciated)

I suspect that most people won't be familiar with (2/3 of) the underlying services that my ideas are build upon. Feel free to check them out; I recommend them wholeheartedly.

App 1: Cookbook

There used to be a piece of software called gnome recipes. But development on that app has since been abandoned and I think they had the wrong approach to it anyway. The old project aimed to not only supply the software but also the content, shipping a curated list of community supplied recipes. I am looking for a solution to save recipes from the numerous food blogs and recipe websites, that syncs using a (self hostable) online service. And wouldn't you know it such a service already exists in the form of "Cookbook" a nextcloud add-on. This app would simply act as an additional frontend. Import happens via a schema.org json template that a lot of websites use to store and display their content. That format does also allow to store nutritional information, meaning that nextcloud is also capable of saving that. I did not make place for that because it seemed to clutter the UI and I personally don't care too much about having that information easily accessible, especially since most sources don't include it in my experience. My mockup does include a floating button that allows to quickly jump between the ingredients and your last scroll position.

I was inspired by a Android/iOS app called [körbchen](koerbchen.app], which offers the same service but isn't open source or self hostable. An already hosted instance of nextcloud cookbook is operated for example by murena, the folks behind the /e android rom btw.

Squeeze Remote

The Lyrion Music Server (previously known as Logitech Music Server) allows you to create your own wifi enabled speaker system (for example using a raspberry pi). Accessing music from your NAS, a webradio or steaming service is possible, complete with multiroom support (allowing you to chain multiple speakers together so that they play the same thing at the same time). But to operate such a system one needs a remote. The server offers a web app but that one isn't particularly nice.

Lemmy

Last but not least of course here is my idea how a gtk client could look like. I know there are already two projects which tried to build such an app, but development seems to have stalled or been outright abandoned. I tried to build !thunder_app@lemmy.world for Linux a couple of weeks ago. That worked reasonably well, but at the end it still feels alien because at the end of the day it is an android and ios app. Using it with a mouse felt even weirder because it is not designed that way. Anyway: Maybe third time is the charm for gtk apps.

If anyone else has similar mock-ups flying around on their hard drive, feel free to post them in the comments.

currently doing a fix of the code, wait for the 0.2 release!

Thunderbird is great, but very complex and possibly insecure and not private.

Threat model is an important key word here. Imagine you would write Mails over Tor/Tails only and need a secure Mail client.

(Btw I can recommend Carburetor Flatpak for that).

Because of this, the thunderbird hardening user.js, similar to the Arkenfox project exists.

But it is a bit too strict for most threat models. Also settings might change or break, and this has no automatic updating mechanism.

(I should upstream the updater)

The user.js is also just a template, so a ton of mostly not needed configs will stay there.

This project makes the setup of the hardening user.js easy.

Once setup, the script is placed in ~/.local/bin and a user systemd service runs it every once in a while.

You can comment out lines if you want to keep certain settings.

A while ago I was looking for a list of available Flatpak repositories but didnt find one, so I made my own.

Note that most developers put everything stable onto Flathub. But there are a ton of other remotes I found, most are for development, beta and nightly things, but there is also a Firefox ESR remote and more interesting stuff to find.

I want this list to be complete so if you know any more please open a PR or Issue!

(I used this list to include a few more tutorials like Flathub subsections)

The fact that you get a full OS for free, customizable and no crappy forced in features that you don't want is amazing.

I can stress enough that my experience with Linux has been resoundingly positive, it's almost like that finnish bill gates guy made a golden goose of an OS.

Ever since I upgraded my WiFi to pcie and moved to Fedora, it has been nothing but smooth sailing.

• AMD GPU just works, no fussing about, get straight to fragging on Xonotic and Counter Strike

•Customize Fedora to my liking, made it more like windows with the extensions provided

• What's this? A software app store? Swell! I no longer need to download stuff off from dodgy sites or numbingly installing everything manually!

• The mascot of Linux? 10/10 and penguins are one of my 2nd favourite animals

How was your experience with this Unix-like wonder? In a home user manner and/or a business use manner?

Let me know!

In every ubuntu derivative, if I open a terminal and type an unrecognized command I always get suggestions.

This is so far not what happens with debian 12.5. What package do I need?

And what do debian users use to find new packages from the terminal?

I think it would be great to have a archive so that the various documentation, comments and hacks / workarounds could be searched.

The reason I ask is because they block VPN traffic, restrict some content behind a login wall and I have blacklisted them from my DNS so I plan on never returning.

But I find myself lacking odd tips from the Sway community and other communities.

I'm looking for alternatives to wii backup manager, what do you recommend?

I came from Arch to Void just today and after installing KDE and enabling dbus, I enabled SDDM, I type in my password and it says login failed, I tried lightdm, I couldn't login neither in my user account nor root, I setup plasma to run with xinit, plasma did launch successfully, but sudo NEVER worked inside plasma, it always says "password incorrect, please try again" even though I'm able to sudo inside TTYs

I tried "sudo sddm" and read the logs, it says SDDM: authentication_FAILED for user "" which is weird (it didn't print any names)

There were also some PAM logs in between, I didn't change any PAM configuration

I have elogind installed and enabled too

I've been using linux desktop for a year or so now. One noteable thing i keep seeing is that one person will say I dont like XYZ distrobution because of its base. But I am still a little unsure what is meant by it. I am assuming the main difference between each base is the choice of package management(?). But what other factors/aspects that are important for the average user to know about each 'base'? This is probably quite a broad question to a rather technical answer, but appriciate any answers, and i'll try my best to understand and read up :)

I'm considering switching to linux but I'm not a computer savvy person, so I wanted to have the option to switch back to windows if unforeseen complications (I only have 1 pc). Is it just a download on usb and install? And what ways can I get the product key or "cleaner" debloated versions.