I use a convenience package on top of stow (yas-bdsm), but yeah: stow is foundational.

IME, beyond the install, it’s all distro- and desktop-specific.

• How to find and install apps varies from distro to distro. IIRC, the Mint menu item is something obvious, like “Install software”, but on Arch (you’d have to hate your newbie to throw them into Arch), it requires a chicken/egg finding and installing a graphical installer. If you know the distro, this would be good information - or if you’re helping with the install, create a desktop launcher.
• Showing them where settings are. Surprising to me, this has been super-not-obvious to my newbs. Even though the KDE Settings app is called “settings”, I think Windows and Mac folks are used to looking for settings in a specific place, rather than an app name - and in Windows, there’s can be several ways to get up different settings, like changing display stuff is always in a weird place. Again, maybe a desktop or panel shortcut would help.
• One of my newbs used Mint for two years without opening a shell, so I don’t think that’s an issue. He even found and installed a piece of software he wanted, but I can’t remember if I originally showed him how to the first time. But that’s Mint. He did, however, need help setting up a printer, but that’s because he couldn’t find the settings program; he came from Windows originally.
• Edge cases, like printers and other peripherals, can be hard, and I don’t think any amount of extra documentation is going to help, because almost every difficulty is practically unique. There’s a ton of online help for stuff like that already. And then, if they want to, eg, attach a game controller… well, that’s very specific and again varies by controller. I don’t think you can cover all of these edge cases.
• Games can be hard only because of the indirection of having to install some other software, like Proton or Steam, creating an account, knowing how to check for compatability - there’s a lot of moving parts. It’s not just: go to the game’s web site, buy, download, and install something and run it, like I imagine it is on Windows. So maybe that would be useful - or - again - pre-installing one of the game stores and (surprise) making a shortcut would eliminate that.
• Network connections. Again, I always find figuring out how to get to network configuration in Windows to be hard, and bizarrely having multiple ways of accomplishing the same task, so I’d guess going the other direction would be confusing. Having a note about how to get to the configuration would be handy.

As I think about it, I realize that configuration under KDE of way more encapsulated and clear than on Windows, and people having learned the byzantine and myriad ways of Windows, KDE’s relative simplicity is confusing. Windows people look for configurations in places they’ve learned to look, which aren’t always where they are under KDE (I can’t speak much about Gnome - I don’t use it or set people up with it). MacOS isn’t as bad, having a similar configure-everything-through-a-single-settings-program approach.

Anyway, that’s my experience.

This seriously got an out-loud chuckle from me. It’s funny, because it’s true! Thanks!

Sourcehut also supports Mercurial, so you also have an option to the herd mentality.

Sourcehut also has zero, or almost zero, JavaScript in the interface, so it doesn’t suck

Sourcehut is also componentized, so you can mix and match the pieces you want or need:

• VCS hosting
• masking list management
• issue management
• build server
• man server

Sourcehut is by far the best hosted VCS option at the moment. The Mercurial support alone puts it miles ahead of the others, which are all hobbled by tight coupling to git.

Are China Parties like Tupperware Parties, where friends get together and one shills a pyramid scheme? That’s what CP is, right?

I gave my dad one of my spare laptops four years ago; it had never had Windows on it (being from the halcyon days when Dell sold laptops with linux pre-installed), so I put Mint on it for him.

Early this year he called and said one of the keys stopped working so he’d bought a newer, used laptop and could I help him put Linux on it, because that’s what he was used to. Over the phone, I helped him download and burn a new Mint image from his ancient desktop, and verbally walked him through switching the bios to boot from the USB, and through the Mint install menus.

Since then, he’s called me once for technical support for getting his printer connected.

Dad’s in his 80’s and was a cop with an associate’s degree; he’s never claimed to be a brainiac. That is what convinced me Linux is ready for anyone, but that the choice of distribution is important. I think dad never upgrades or installs new software, but that’s OK. I have to update and reboot every week because I’m stupidly loyal to Arch.

I’m sorry that your mom had a bad experience; that’s super frustrating.

set his account up without any superuser access

Oh, revenge for when he had parental restrictions on the router and you couldn’t get to teh pron, huh?

I like it.

The Remarkable 2 is fantastic. You can ssh into it, and scp from it. There are some filesystem layout quirks, but it’s good. Peerless writing experience. Great battery. Plenty storage. Large screen. No backlight, sadly. Good for

• taking notes
• reading & annotating PDFs
• reading technical books, with illustrations and diagrams
• reading graphic novels

Not so good for reading for pleasure, like fiction. It’s too big. It’s best for active reading and writing.

I have a Kobo Aura H2O for recreational reading and travel. Massive memory and an SD expansion slot. Backlight. Pretty indestructible, I read it in the jacuzzi.

E2E usually suffers from the same thing HTTP does: the MITM might not be able to read what you’re saying, but they know who you’re saying it to, and they may know in what context. This is a lot of information that can be used in profiling.

So you end up with systems like SimpleX, where everyone has a different UID for every contact, but that has its own problems, as anyone who’s used systems like that are aware. We haven’t really solved making that a good user experience for messaging; I don’t see it translating to broader social media any time soon.

Nostr has some really good specs and tooling that neatly addresses these topics, including great cryptography support, signing, ad-hoc IDs, and an entirely voluntary simple naming lookup; it doesn’t exactly solve zooko’s triangle, but it provides a toolset sufficient to mix and match characteristics for whatever your threat model is. Sadly, Nostr is utterly dominated by the crypto crowd (and is associated with some controversial personalities), and even if you’re not cryptocurrency-hostile, it’s a really dull echo chamber with little other content that has prevented people who might otherwise build interesting platforms in it from doing so.

Mastodon was around for ages before (the in practice centralized) Bluesky; why did it take Bluesky to open a mass exodus from X?

This is a hard problem to solve. Throwing E2E at it doesn’t make it easier; it’s just tossing a buzzword in.

Reduced Memory Usage:

This is the one that really matters. Both Chrome and FF are brutal on memory use.

What do you mean by “all right?” What are your concerns?

restic backups are encrypted by default; it should be safe to store them almost anywhere in the cloud. The container needs the credentials, but you can improve security with something like OpenBAO (Hashicorp Vauly fork, github.com/openbao/openbao), SOPS (gitgub.com/getsops/sops), infisical (github.com/Infisical/infisical), or any number of other secrets management tool.

Why don’t you like LDAP? OpenLDAP is a PITA (necessarily, I guess, to be considered “enterprise”), but lldap has been pretty nice to me. I mean, it’s the identity protocol, it’s just that the server software has been complex until relatively recently.

What would you use instead? A SQL DB with some custom schema, that just re-invents LDAP?

I like the motivation behind this, but have a allergy to running critical infrastructure like authentication on node.

To each their own, though, and good luck with the project. Diversity is life.

Ok, I went and read some more about it, and you can manage keys with the kernel user session keyring. So it’s possible.

It brought me back around to why systemd is so shitty.

Session Keyring (Rejected)

This strategy involves placing all keys for fscrypt in KEY_SPEC_SESSION_KEYRING. Using the current session keyring means that fscrypt will not need elevated privileges to place keys in this keyring, eliminating the need for a setuid binary. It also means that if something like pam_keyinit is used, the keys will be inherited across things like sudo.

However, this strategy has a few significant downsides that led to it not being used. The first issue is that keys unlocked in one session for a user are (sometimes) not accessible to the user in other sessions. This can create confusion for users unable to access certain directories. However, the bigger problem is that systemd is incompatible with use of the system keyring. The systemd maintainers are of the reasonable position that the session keyring just shouldn’t be used.

fscrypt

Emphasis mine. Because the user session keyring is incompatible with systemd, the Poetterites say it shouldn’t be used.

The only way to handle keys securely Ok base Linux shouldn’t be used because it’s incompatible with systemd. What a way to see the world: so convinced in the superiority of your monolithic monster system that you argue against an immediately available way of improving security.

It’s incompatible, by the way, because systemd doesn’t run user jobs in the user’s session, but in parallel sessions. This means that, if you use systemd, you can’t use the most secure way of handling secrets with fscrypt, the kernel user session keyring.

Is it possible to configure the kernel to allow access to decrypted contend only through the user session?

Theoretically, kernel keys can be set to be readable only by the user session, and in an uncompromised root is not able to read those keys. I can imagine a filesystem encryption design that uses a user session key to en/decrypt data on the fly using a user session key, such that not even root or a process in another user session could read the mounted filesystem.

Does such a system exist? As I understand, this is not the way dm-crypt or LUKS work. FDE and TPM are still vulnerable to hacking while everything is running, unlocked, and mounted.

An alternative would be to run gonic or Navidrome - both are OpenSubsonic servers, and provide synced lyrics support. Then use the ostui client which plays music and displays synchronized lyrics.

Broadcom, as you’ve discovered. That’s the one brand that I’ve always had trouble with; they go out of their way to be closed source: never publishing specs, never responding to developers. They’re horrible to the point where I will not buy any product that uses Broadcom chips. Which used to be a PITA because they were also common.

Fingerprint readers, in general, also widely seem to be poorly supported.

One of my computers has a MediaTek wireless chip where WiFi isn’t supported but Bluetooth does.

A lot of people have problems with NVidia cards; I’ve not had trouble with either AMD or Intel GPUs (although, I think all Intel GPUs are CPU integrated?).

Multifunction printers are still iffy, and even just plain printers can give grief; I’ve come to believe that this is simply because CUPS is ancient and due for a completely new, modern printing service. It’s an awful piece of software to have to work with.

This article is terrible.

In less than three months’ time, almost no civil servant, police officer or judge in Schleswig-Holstein will be using any of Microsoft’s ubiquitous programs at work.

Instead, the northern state will turn to [an unnamed, gaping information hole] open-source software to “take back control” over data storage and ensure “digital sovereignty”, its digitalisation minister, Dirk Schroedter, told AFP.

“We’re done with Teams!” he said, referring to Microsoft’s messaging and collaboration tool and speaking on a video call – via an [unnamed, gaping information hole] open-source German program, of course.

What will they use instead? Who the fuck knows! The article omits this crucial piece of information.

And don’t say it’s TBD; they’re not going to say they’re “done with Teams” without knowing what they’re switching to. Or, even if they haven’t put the final nail in the decision, they have a short list.

I had the similar comment about PKGBUILD/templates. The package definition is far less likely to do something malicious than the software you’re installing; it’s indeed a vector - a hypothetical AUR “git-plus” package could install git and a virus at the same time - but frankly I’m more concerned about upstream.

Are you running on btrfs? If not, why not? If so, install snapper and grub-snap or refind-btrfs, or whatever, and go wild.

Sounds like you might also be missing backups, but snapper you can have run every 10 minutes at almost no overhead. Then it won’t matter if you delete something; you can always grab it out of a snapshot.