The Linux Thread - The Autist's OS of Choice

[Blackhole]

In the wake of the recent (west)world-wide push for increased surveillance, I want to start a little discussion: what do you think would be the best way to insulate yourself from prying eyes at the OS level? Or rather, which OS would you choose as the base for a 'secure' browsing machine? I'm only focusing on one machine directly exposed to the Internet here, because having shit like hardware firewalls doing packet cleaning or OpenWRT routers might be a bit too much to talk about up front. Ignoring the fact that 99% of "incidents" are due to human error, lets talk technicalities for a bit.

If glowniggers are really after you, physical security is way more important than your OS. Having an encrypted hardened Qubes install is meaningless if you have a gun to your head! Devuan or Artix with VeraCrypt is good enough.

 

[Aidan]

As always, it depends on what you're trying to mitigate. The "surveillance state" is mostly mitigated by setting up custom DNS, using a VPN (often uses its own DNS), not using software with heaps of telemetry, and using end-to-end encrypted chats that you can actually delete or something that otherwise keeps them out of the loop.
Beyond that you're either worrying about a backdoor into some serious mainstream software with a lot of eyes on it (eg systemd or the kernel itself) or worried about being directly hacked by the state, which you're probably not going to avoid if you're at that point without a lot of hoop jumping like using Tails or maybe Qubes.

 

[Baguette Child]

Snowden recommended Tails as his operating system of choice. Which to me says something considering he may have the most concrete reason to be paranoid about his security out of anyone.

 

[y a t s]

Snowden recommended Tails as his operating system of choice. Which to me says something considering he may have the most concrete reason to be paranoid about his security out of anyone.

I remember him endorsing Qubes at one point. I imagine he's only using Tails as a live USB, and perhaps he uses Qubes or similar for daily driver tasks.

 

[Froggy Fresh Sextape]

2. Whonix / Qubes where everything is a VM; excellent compartmentalization means it is very easy to split tasks into their own little isolated VM, thus avoiding ye olde opsec fuckup of cross contamination (to an extent); resource heavy, really cancer to maintain, really cancer to set up, really cancer to use in general (note: I have never used Qubes so I am speaking from what I have read); could be a good driver if set up right but seems like a very large time sink; fingerprinting should be fine as it runs a Fedora base in dom0

This is what I would recommend, assuming you're most worried about privacy and don't have the NSA trying to track you down or something.

It is quite RAM hungry and you'll most likely have to reboot every couple of days due to how Xen manages memory allocation but is otherwise pretty smooth once you get everything set up. It doesn't take that long.

 

[Anti Snigger]

I remember him endorsing Qubes at one point. I imagine he's only using Tails as a live USB, and perhaps he uses Qubes or similar for daily driver tasks.

I'm probably very ignorant for saying this, but doesn't Qubes have an almost prohibitive overhead? I remember wanting to try it almost a decade ago, and at the time it required something like 6GB just for the OS

 

[Froggy Fresh Sextape]

I'm probably very ignorant for saying this, but doesn't Qubes have an almost prohibitive overhead? I remember wanting to try it almost a decade ago, and at the time it required something like 6GB just for the OS

RAM is the main issue. It's usable with 16GB but I'd consider that the bare minimum.

 

[y a t s]

I'm probably very ignorant for saying this, but doesn't Qubes have an almost prohibitive overhead? I remember wanting to try it almost a decade ago, and at the time it required something like 6GB just for the OS

Everything is run isolated through the Xen hypervisor. Significant memory overhead is to be expected. Though I expect anyone paranoid enough to run it as a daily driver isn't going to use it for anything more intensive than email and video chat.
I'm curious how it would run on my old T480. Probably poorly.

 

[Froggy Fresh Sextape]

I'm curious how it would run on my old T480. Probably poorly.

Or possibly not at all. Xen really does not like laptop hardware.

In practice there's likely no benefit to running Qubes over just Fedora + Whonix VMs, and in fact the latter might be safer since there are a lot of ways for people to fuck up Qubes' weird networking setup.

 

[Aidan]

I'm probably very ignorant for saying this, but doesn't Qubes have an almost prohibitive overhead? I remember wanting to try it almost a decade ago, and at the time it required something like 6GB just for the OS

You want a good CPU and lots of RAM, that's about it. By "normie" specs, yes it has a very high bar. It's reasonable for enthusiast specs nowadays, I think. I agree with 16GB being the minimum and it's not a very "portable" OS as in you'd be tethered to an outlet but you're probably used to that already if you're entertaining Qubes. I've only fiddled with it 2 years ago to check it out but I think it's worthwhile especially on a travel device.

I think in practice I'd just use Tails or NomadBSD on an encrypted USB with some modifications if I had such concerns while traveling and a fresh install of anything "normal" as a red herring since most of the issues you'd run into are at the border. But if I was genuinely worried, Qubes would be considered.

I'm curious how it would run on my old T480. Probably poorly.

I don't think it would work at all but if you ever give it a try, provide an update.

 

[SCV]

I want to switch to Linux full time, but I'm always having issues on my main PC with my graphics always being a pain in the ass to deal with at my max refresh rate 165Hz. I have a 3080, but I always heard that Nvidia is a bitch to deal with when it comes to drivers on Linux. Would it be easier to switch to an AMD card instead, or has Nvidia gotten a bit better? I'm eyeing the 7900XT as a replacement potentially.

sudo pacman -S nvidia
done.
I would not change from a 3080 to a 7900XT because that seems like a sidegrade at best. Then again is it a 10gb 3080? If so then lol.

If you have another drive lying around or are comfortable setting up a dedicated Linux partition, the best thing to do is try it out and see if there are any problems, ideally in whatever game you want to be sure works as expected.

This is the correct decision. Pay 70$ or whatever for a 1 or 2tb ssd, plug it into your current comp, and install a linux distro (artix) onto it. If you screw up you still have your windows install and you should be able to easily browse your windows drive under linux so you can move over at your pace. If you want to get fancy you can just run your windows install in a VM (from it's original SSD).

 

[Betonhaus]

https://github.com/X11Libre/xserver/releases/tag/xlibre-xserver-25.0.0.8

 

[Betonhaus]

let's say someone wanted to make a super bare bones window manager, one that doesn't even support tiling, basically runs an application directly on X11 with no windowing or decorations, and you can switch between applications by using shortcuts or by launching a dedicated app that basically shows all running apps as tiles, possibly doubling as a start menu where you can click on the tiles of unopen apps and they will launch. this would be intended for tablets and HTPCs, running native linux apps and PWAs through a basic Chromium browser. Is there something like that already? and how hard would it be to add some sort of transitions between apps (or transitions between the apps and the menu) and ensure it supports HDR and smooth fonts?

 

[DavidS877]

let's say someone wanted to make a super bare bones window manager, one that doesn't even support tiling,

You can go with no window manager at all. You can go with something hackable like Qtile and maybe the Max layout which just makes stuff full screen. You could use something like FVWM with no decorations and virtual desktops and load each app into its own desktop and just switch them.

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

let's say someone wanted to make a super bare bones window manager, one that doesn't even support tiling, basically runs an application directly on X11 with no windowing or decorations, and you can switch between applications by using shortcuts or by launching a dedicated app that basically shows all running apps as tiles

If you only want to see one window at once, you can use a tiling window manager in tabbed or 'monocle' mode, using keyboard shortcuts to switch between windows. There probably exists one that allows you to do window switching based off thumbnails of the full sized windows.
EDIT: And there is a program called
github.com/richardgv/skippy-xd
that when run without any command line options copies the MacOS X style thumbnail window behavior and allows the selection of a window and then switching to it before it exits- so would just be a matter of tying that to a shortcut in the WM of your choice.

Super fancy tiling WMs like i3wm can use many tens of megabytes of memory, More optimized WMs like Ratpoison or Suckless DWM will use a few megabytes at most, which is to say, relatively barebones.

and how hard would it be to add some sort of transitions between apps (or transitions between the apps and the menu)

Would require boofing some cum

and ensure it supports HDR and smooth fonts?

Not window manager related as far as I know, unless you're super stressed about what font your WM uses to display window titles

 

[Ferryman]

I'm curious how it would run on my old T480. Probably poorly.

Ironically enough that's the most recent machine I currently own, so that would be the theoretical host for one of these systems. I agree that Qubes might be a bit of a pinch here, however, considering that the oldest machine certified by the Qubes project is essentially a maxed out x230/t430 (https://www.qubes-os.org/doc/certified-hardware/), and on the community compatible hardware list it is listed as having full support, there's a good chance it'll run, just not very fast.

Qubes over just Fedora + Whonix VMs

Devuan or Artix with VeraCrypt is good enough.

I think in practice I'd just use Tails or NomadBSD on an encrypted USB with some modifications if I had such concerns while traveling and a fresh install of anything "normal" as a red herring since most of the issues you'd run into are at the border.

This or the Tails /w some persistent storage is likely the best angle of approach here. Of course, its overkill for 90% of peeps here right now, but you never know what tomorrow might bring. Probably a good idea to have something like Tails, Qubes or a VM-heavy setup in one's back pocket, just in case.

 

[analrapist]

https://github.com/X11Libre/xserver/releases/tag/xlibre-xserver-25.0.0.8

All metux authored bug fixes. Lack of community involvement makes me a little uneasy, but at least it's a healthy crop of bugfix.

 

[Betonhaus]

All metux authored bug fixes. Lack of community involvement makes me a little uneasy, but at least it's a healthy crop of bugfix.

The community did help with finding bugs, like I saw in the Telegram chat a day ago someone bringing up a memory leak issue which seems to have already been fixed. Metux was already the main person who was maintaining Xorg originally

 

[Betonhaus]

KDE Linux is out.
Its a Arch based immutable OS that uses a 5GB os image managed by brtfs partitions.

 

[Max Weber]

KDE Linux is out.
Its a Arch based immutable OS that uses a 5GB os image managed by brtfs partitions.

>immutable system
>no package manager
>only flatpaks
>system update just replaces the entire system image

Man, I'm so glad desktops continue to devolve into glorified phones!