Hello there! I hope you don’t mind me just dropping into your asks like this, but by all means def feel free to just delete this if so, it is kind of a weird ask.

This is the anon from the computer blog asking about a private laptop for collage! After doing (a small amount of) research into Linux, one thing that’s super confusing to me, is… how does one know which distro to use? You mentioned in the replies of the post that you use Ubuntu Linux, which seems to be one of the more popular ones. Would you recommend — and if so, why? Is it good for privacy, do you think? The best? Does the user need to have a good deal of experience with computers to keep it running? (I’ve never used a laptop before but I don’t mind trying to learn stuff)

Also this is an EXTREMELY stupid question my apologies, but how….. exactly do you put Linux on a laptop? OP from my ask said to buy a laptop with no OS but is that something you can do? I’d think so, since 0P works with computer and stuff as their job, but Reddit says that it’s not really possible and that you should just “buy like a Windows laptop and scrap the software”??? Is that… correct? How did you install Linux on your laptop — did y ou have to remove software off it or did you, as OP says, manage to find a laptop with no OS?

Again, feel free to ignore if you don’t wanna put in the time/effort to reply to this, I absolutely don’t mind — it’s a lot of stuff I’m asking and you didn’t invite it all, so ofc feel free to delete the ask if you’d like!

ha, you've zeroed in on one of the big reasons Linux is kind of a contrarian choice for me to recommend: the wild proliferation of distros, many of them hideously complex to work with. luckily, the fact that most of them are niche offshoots created by and for overly-technical nerds makes the choice easier: you don't want those. you want one of the largest, best-supported, most popular ones, with a reputation for being beginner-friendly. the two biggies are Ubuntu and Linux Mint; i'd recommend focusing your research there.

this isn't JUST a popularity-contest thing: the more people use it, the more likely you are to find answers if you're having trouble or plugging a weird error message into google, and the greater the variety of software you'll find packaged for easy install in that distro. some combination of professional and broad-based community support means you'll find better documentation and tutorials, glitches will be rarer and get fixed faster, and the OS is less likely to be finicky about what hardware it'll play nice with. the newbie-friendly ones are designed to be a breeze to install and to not require technical fiddling to run them for everyday tasks like web browsing, document editing, media viewing, file management, and such.

info on installation, privacy, personal endorsement, etc under the cut. tl;dr: most computers can make you a magic Linux-installing USB stick, most Linuces are blessedly not part of the problem on privacy, Ubuntu i can firsthand recommend but Mint is probably also good.

almost all Linux distros can be assumed to be better for privacy than Windows or MacOS, because they are working from a baseline of Not Being One Of The Things Spying On You; some are managed by corporations (Ubuntu is one of them), but even those corporations have to cater to a notoriously cantankerous userbase, so most phoning-home with usage data tends to be easy to turn off and sponsored bullshit kept minimally intrusive. the one big exception i know of is Google's bastard stepchild ChromeOS, which you really don't want to be using, for a wide variety of reasons. do NOT let someone talk you into installing fucking Qubes or something on claims that it's the "most private" or "most secure" OS; that's total user-unfriendly overkill unless you have like a nation-state spy agency or something targeting you, specifically.

how to install Linux is also not a dumb question! back in the day, if you wanted to, say, upgrade a desktop computer from Windows 95 to Windows 98, you'd receive a physical CD-ROM disc whose contents were formatted to tell the computer "hey, i'm not a music CD or a random pile of backup data or a piece of software for the OS to run, i want you to run me as the OS next time you boot up," and then that startup version would walk you through the install.

nowadays almost anyone with a computer can create a USB stick that'll do the same thing: you download an Ubuntu installer and a program that can perform that kind of formatting, plug in the USB stick, tell the program to put the installer on it and make it bootable, and then once it's done, plug the USB stick into the computer you want to Linuxify and turn it on.

Ubuntu has an excellent tutorial for every step of the install process, and an option to do a temporary test install so you can poke around and see how you like it without pulling the trigger irreversibly: https://ubuntu.com/tutorials/install-ubuntu-desktop

having a way to create a bootable USB stick is one reason to just get a Windows computer and then let the Linux installer nuke everything (which i think is the most common workflow), but in a pinch you can also create the USB on a borrowed/shared computer and uninstall the formatter program when you're done. i don't have strong opinions on what kind of laptop to get, except "if you do go for Linux, be sure to research in advance whether the distro is known to play nice with your hardware." i'm partial to ThinkPads but that's just, like, my opinion, man. lots of distros' installers also make it dead simple to create a dual-boot setup where you can pick between Windows and Linux at every startup, which is useful if you know you might have to use Windows-only software for school or something. keep in mind, though, that this creates two little fiefdoms whose files and hard-disk space aren't shared at all, and it is not a beginner-friendly task to go in later and change how much storage each OS has access to.

i've been using the distro i'm most familiar with as my go-to example throughout, but i don't really have a strong opinion on Ubuntu vs Mint, simply because i haven't played around with Mint enough to form one. Ubuntu i'll happily recommend as a beginner-friendly version of Linux that's reasonably private by default. (i think there's like one install step where Canonical offers paid options, telemetry, connecting online accounts, etc, and then respects your "fuck off" and doesn't bug you about it again.) by reputation, Mint has a friendlier UI, especially for people who are used to Windows, and its built-in app library/"store" is slicker but offers a slightly more limited ecosystem of point-and-click installs.

(unlike Apple and Google, there are zero standard Linux distros that give a shit if you manually install software from outside the app store, it's just a notoriously finicky process that could take two clicks or could have you tearing your hair out at 3am. worth trying if the need arises, but not worth stressing over if you can't get it to work.)

basic software starter-pack recommendations for any laptop (all available on Windows and Mac too): Firefox with the uBlock Origin and container tab add-ons, VLC media player, LibreOffice for document editing. the closest thing to a dealbreaking pain in the ass about Linux these days (imo) is that all the image and video editing software i know of is kinda janky in some way, so if that's non-negotiable you may have to dual-boot... GIMP is the godawfully-clunky-but-powerful Photoshop knockoff, and i've heard decent things about Pinta as a mid-weight image editor roughly equivalent to Paint.net for Windows.

I have been considering getting into Linux but the only thing holding me back is game support really, as I'm primarily a PC gamer. How difficult would you say dual booting really is (as in, "how difficult is it to achieve" *and* "how difficult/quick is it to swap between OSes")? Does specific distro affect the difficulty? Do you think it would be worth it?

Also, what are your favorite or recommended distros? I've been told about a few mainly on fedi but haven't looked too far into many. Mint gets frequently recommended, for instance.

Thanks!

I have actually never dual booted before, so opening that up to anyone reading who has! I don't think it's more difficult with one distro compared to another, probably. It is fairly easy to set up as far as I'm aware, your install disc should have an option to set dual booting up for you, nothing too arcane. But anything past that, I don't know much about.

Personally vanilla Debian is my favorite but Ubuntu-based distros have the advantage of being the distros that Valve targets, like the build of Steam on their site is specifically built for those distros. You can get Steam running on other types of Linux though, but that is still an advantage for gaming stuff. (Among other things, it's not uncommon for "game with a Linux build" to really mean "game with an Ubuntu build")

Mint is Ubuntu-based, but the defaults for it are more user-friendly so imo it makes a good distro for gamers.

I personally consider it worth it, some of it is my personal philosophy and some of it is more basic practical stuff like Linux running faster, having better UI customization, not having all the bloat and adware that comes on a fresh install of Windows (although there are means to remove that bloat, of course)

Also not having to reboot and lock my computer to update, oh my god.

Extra notes for gaming, now that I have a Linux gaming setup to reference from:

The current thing I mainly have issues with is MMOs with client-side anti-cheat, some of them really don't want to play with Linux compatibility tools. There are people who have gone to efforts to get these running on Linux but it's a pain in the ass and I don't care enough to do that.

Proton GE can be really helpful for some games. I run most of my games through vanilla wine, but I did end up needing GE to run FF7R. If you're not already a Linux user with Existing Ways You Do Things, just running things through Steam+Proton is generally going to work out just fine for you. You can play pirated Windows games this way too, just add them as non-Steam games and run them through Steam.

If you have very recent hardware, and are going with Mint or another Ubuntu-based distro, go for the edge edition. The old kernel on the standard edition can be kinda finicky with brand new hardware.

My current problem with mastodon is that it's full of nerds. Well, let me rephrase that, because everywhere is full of nerds: it's full of the most annoying kind of nerds. I'll explain under the readmore, because it got long.

Every time I've posted something on mastodon, I've gotten a bunch of replies that seem to be trying to explain things to me. And it's not like I'm posting "hey how do I install Ubuntu on a Samsung tablet?", I'm mainly going "here's some electronics I'm tearing down" or "I'm hacking this game and wow it does the font in a weird way!"

Neither of these is really an invitation to explain at me. And sure, when I did this on Twitter, I'd get these occasionally. There's always one person who thinks they know more than you and is like "I have to explain at this person!"

But on mastodon it's CONSTANT. I post a quick note about how someday I want to find ask the game developers why they encoded the font like this, and in like 12 hours I've gotten like 14 replies all trying to fontsplain at me.

And it would only be half as annoying if they were right! Cause that's the thing, too: THEY'RE NOT. Tons of people are assuming I am hacking a Pokémon game because I mentioned Game Freak, but nope! It's Drill Dozer. And others are explaining how the GameBoy hardware works when this is a GBA game... Jesus.

It's just... Some weird social thing. Maybe because mastodon co-existed with Twitter for so long as the open source Libre-Twitter, it attracted the kind of nerds who only use open source software, and they built networks of similar people. The kind of people that think they are and have to be the smartest guy in the room. And even now with a massive migration from Twitter to Mastodon, their early-adoption of this platform is influencing the culture of it. Maybe mastodon is just the kind of place where you explain tech at people.

Or maybe it's a cultural thing where it's more like 4chan's anonymous culture, where you don't assume or know things about people. There are no reputations, just interchangeable anonymous/pseudoanonymous people. Reddit often has that sort of thing going too, where if you are a Known Person, it's never a good thing. (just ask The Cylinder Guy).

Or maybe... It's just me. I wasn't the most well known weirdo on Twitter but I had a good number of followers. Maybe on Twitter it was more likely that people knew that I was "Foone, hacker of fonts and tearer downer of electronics!", but on mastodon I'm getting a lot of followers that haven't gotten to know me yet, and... Just assume I blundered into hacking a GBA game without knowing anything about how the GBA hardware and font encodings work?

Cause like, I've got about 20k followers on mastodon and I kinda assume those are just a subset of my Twitter followers who migrated over but maybe I have a bunch of new followers who were mastodon-only until now, and they're like "oh I've heard of that foone punk. Nothing specific but supposedly they're a big deal on Twitter, so now that they've joined mastodon I should follow them!"

Or maybe it is mostly a subset but only the most annoying explainy 20k of Twitter followers followed me over to mastodon? I don't know.

And it's the kind of thing where this happening occasionally would be fine. You get used to annoying replies when you have enough followers, no matter what social network you're on.

And God forbid you have something go viral! Fun fact: even if only one person in a thousand is a massive dick, if you have a post get seen by a million people, that's a lot of dicks.

I don't want to sound like "foone complains because they/their shit is popular", that's not really the problem. I've got a bunch of followers on here as well, but ya'll aren't coming into every post I make and trying to explain them at me.

Which is honestly odder? I would have thought it would be the other way around. Like, all my mastodon posts are like "I am hacking this video game: I am a reverse engineer" or "I am taking apart this electronic device: I'm a reverse engineer" or "I'm building this electronic device/software: I'm a forward engineer". So you'd think people would assume Mastodon!foone is the kind of person who Knows Things, as they're clearly highly technical in what they're doing.

But over here on Tumblr, while I may mention those kinds of things from time to time, I'm mostly doing shitposts, writing, fandom stuff, making jokes, being queer. You'd think it'd be much easier to assume Tumblr!foone doesn't know a huge amount about technical subjects and is therefore a great target for explaining at.

But it is a cultural thing, I guess. Mastodon is full of people who assume you don't really understand what you're talking about, and will explain at you. And Tumblr isn't.

Well, at least for technical stuff. You will get plenty of argumentative replies and reblogs, but less on a post about how GBA games encoding Latin text, and more on things like fandom and politics and queer identities. Although even then I would argue they're doing it on a different way, most of the time: they're not assuming you don't understand and explaining at you, they're more going "(I assume you understand), but I disagree" or "I explicitly think you don't understand: here is where you are wrong", vs the mastodon reply of "I'm assuming you don't understand, so let me explain at you what you're talking about".

I dunno. I don't really have a good solution here and this isn't going to be the reason I leave mastodon or anything, but it's odd, and annoying.

I'm not posting on mastodon as much as I posted on Twitter, and while part of that is that I split my online presence between Tumblr and mastodon instead of keeping it all mixed together on my Twitter, a big chunk of it is that mastodon is simply not as fun to post on as Twitter was, even accounting for my smaller follower count.

Because I'm not just getting a proportionally smaller number of interactions (which makes sense given how I have fewer mastodon followers than I had Twitter followers), I'm getting a larger proportion of really annoying interactions.

And I think what annoys me most is the assumption that I don't know what I'm talking about. Like, tearing stuff down and hacking games for their fonts? I am a professional! This is my job (mainly because I'm unemployed at the moment and my Patreon is my only source of cash), and it's not one I picked up recently. I have been hacking the fonts out of games for FIVE YEARS and as for tearing down electronics? I've been documenting that shit on Twitter/mastodon/etc for like eight years but I've been doing it since i was old enough to hold a screwdriver.

And yes, sure, explain things to me if I don't understand: those things will be clearly signposted. I'll be like "I'm not sure what this chip is, these silkscreens don't match anything on Google" and it's always useful if someone can pop in and go "oh that's a SMX8363 Network Biciever!" because they have some knowledge I don't, and I made it clear I don't know what it is.

But it's a whole different thing for me to post a picture of a PCB and day "okay here's the inside of the case", because I'm about to follow it up with closeups and details, and 5 people reply "chip U1 is a SMX8363, that transformates the network bananadines" because HEY I'M ABOUT TO POST THAT.

or worse, I already have, you just didn't scroll down enough to see it.

Anyway the reason I'm ranting about this here in Tumblr is because I'm not exactly trying to call these people out and get them to change their ways. At least one of the people on the most recent post is someone I've known for years and respect, and she has a lot of Pokémon knowledge, and was applying her specific technical background to help explain it. She's cool... But she just happened to reply along with a mob of random people I don't know, and she applied her highly specific Pokémon Knowledge onto a post that was never about Pokémon.

I'm just saying this here, because I'm musing about the differences I've experienced in different social networks. I can't really tell if it's about the networks themselves or just my particular bubble of followers and followed peoples. It could be either. Especially since Tumblr has some hugely different sub-communities (which is why Blaze can be so hilariously odd: it doesn't pay attention to those communities, and just randomly hits people across the site), and mastodon isn't even a single social network, it's a metanetwork of social networks which many (intentionally) broken links between subsets. (I had to move servers a few times because the first couple I picked had problems, like getting shut down, blocked by most of the western world, or getting put on a "probably bad to interact with" greylist)

I dunno. I'm slowly starting to lean towards posting more technical stuff here instead of mastodon, simply because I can post a neat old TV here and only get replies that are positive, whereas the same sort of thing on mastodon would get many more replies but most of them are trying to explain a TV at me.

Look, all I'm asking is that people don't assume my wonder at the complexities and weirdness of the world as ignorance and a request for education.

Because that's a big part of my social media persona! I don't know how "fake" it is (I'm autistic. I've been wearing masks so long I'm not sure there's anything under them), but it's a good way to interact with the world in my experience: the world is full of hidden wonders and it makes me happy to share them, and apparently people like learning about them when I'm talking about them in that way. It's like I'm putting on a Bill Nye mask so I can be amazed at everything, to some degree. It keeps me from getting bored and taking things for granted, it lets me discover hidden beauty, and people seem to enjoy that kind of attitude, especially on social networks increasingly full of negativity. I can be excited about this weird old computer, and hopefully I can talk about it in such a way that helps you share in some of that excited, and the world is a little brighter.

And it's just disheartening when you try to share in your excitement about the weird and the complex and unusual and get people going "um actually this is just a common design for systems that use the 430TX chipset, as it's a budget model that didn't implement AGP fully and instead used a PCI bridge chip to implement..." and it's like LET ME HAVE FUN AND SHARE THAT FUN EVEN IF YOU CAN'T.

It's not even that I'm getting less "wow that's cool!" replies, it's that I'm getting mostly "that's just some boring thing that makes sense if you've done five years of electrical engineering like I have" and I'm so tired of that kind of attitude. It just goes double when they're wrong and assumed something was boring because they understand it and I don't, when in reality I do understand it, and they missed the interesting bit because they came into the conversation already looking to rain on my parade and/or educate the fool that they assumed I was.

And don't get me wrong: I am very a fool. But I'm not every kind of fool. I know some things. And I'm not a fan of getting explained at as if I don't understand those things.

Terrible thought, that's probably not true: I got most of my Twitter followers before I was out as trans. I've been trans on mastodon since day one. Are these fuckers assuming I'm a woman and mansplaining at me? Like, they're not transphobic, they respect my identity (even if they have it wrong), but they're still sexist and by assuming I'm a woman, they also assume I don't know what I'm talking about?

God. I hope not.

Anyway. Tumblr and mastodon, won't you?

Another weird troubleshooting problem.

My main (Ubuntu linux) computer stopped working a couple days ago. I came back and the fan was spinning really fast and all the monitors were black. I tried turning it off (had to use the hard power switch on the PSU) and back on.

When I turn it on, the computer wakes up immediately, and the fan immediately goes to max. The main monitor activates, then doesn't get a signal and goes back to sleep. (This is the most confusing to me; the monitor does respond to me turning the computer on, so something is happening!)

I don't have any idea how to go about troubleshooting this, especially since I can't, like, type any commands in to the computer, or at least can't get feedback on them. Any ideas where to start?

(I built the computer myself, in 2018. I used a case and a couple of components from an older computer, though; the fans and the PSU both date back to like 2009 or something, if that helps a plausible diagnosis.)

Yet Another Linux Question - what exactly does the extra ram usage in a heavier distro buy you?

You look at something extremely light like e.g. TinyCore and you compare it to Ubuntu - obviously one of the differences is in how many apps come along when you install the base distro, but they also consume very different amounts of RAM and I'm just wondering, you know... why?

mx linux has this thing called Quick System Info which is a thing that you click and it gives you a bunch of information about your computer that people on the forums who are smarter than you can use to help you troubleshoot* whatever insane linux problem you're having, right. with a "copy for forum" button and everything. what kernel you have what graphics drivers you're running, stuff like that.

*side note / tone setter for this post: stuff like this is all the evidence you need that mx is The distro for people who are new here. they have put so much work into Tools For Getting Help it's insane. mint does not have this. ubuntu is a nightmare hellscape. etc.

they update their tools and default desktop stuff all the time & usually I don't pay a whole lot of attention to those updates (no matter how many times lightdm or whatever updates I still have the exact same problem with it. who cares. it at least almost never breaks a new thing; debian lifestyle) but today on a whim I ran QSI after it showed up as one of today's 2 entire Things There's A New Thing For and omfg. At some point they made it so in addition to the VERY SIMPLE window w/ the basic system information in it, it has a sidebar with like. EVERY LOG.

^ this is but a fraction. Every timeshift log it hasn't deleted yet (~3mo worth?!) is here. Normally I would have to Go Look Up where these are stored and Go Find Them and then open them in featherpad by fuckin right-clicking (because this OS treats .rpy files and .txt / no extension files as the same type of file and I need it to open .rpy files in vscodium more consistently than I need it to open .txt files in featherpad even though having every .txt file open in a fucking IDE when I space out and double-click it is like my worst adhd brain nightmare come to life) and this tool just

A. puts them all right in front of me, where

B. I can click them and they will SHOW UP in the main window, OR

C. check the checkboxes and then SAVE?? THEM??? TO A LOCATION OF MY CHOICE????? ALL AT ONCE?

^^^ LOOK!!!!!

MX LINUX !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

do you have any reference for like. pdf malware. preferably how to avoid it since im not interested in creating it.

so prompt injection is not really like malware as you think of it its just manipulating an LLM by writing plaintext. pdf malware usually targets some vulnerability in the pdf viewer, if for example you use firefox's pdf viewer you're mostly safe.

but if you have your doubts about a pdf, feel free to view it by uploading it online to something like smallpdf or sejda. this does mean you might be revealing your data to an a third party. if you're willing to put in the effort, then you should open the pdf in a docker container or virtual os with minimal host permissions. alt, safest: a liveusb aka new temporary os of some linux distro like ubuntu.

I'm no longer a Linux Mint user, I moved upstream to Debian, the distro Mint is based on. Now Debian was part of Linux's forbidding reputation of being difficult to install and use for non-tech-savvy users. Now this wasn't entirely unearned, as this video of trying to install a 1999 boxed edition of Debian demonstrates. Part of this was Debian's commitment to free software, so they didn't include proprietary drivers for hardware in the install, so you had to figure out how to get your wi-fi card to work on your own if you installed Debian on your laptop for example. They are actually one of the distros that call it "GNU/Linux"

The point of both Ubuntu and Mint back in the 00s was to take what Debian did well, but make it more user-friendly. And it worked, Ubuntu nowadays has declined with the Snap pacakage format, but it did do a lot for making desktop Linux user-friendly and more viable (Mint today is essentially what Ubuntu was pre-snap). Debian remains one of the biggest server OS out there, but on desktop Ubuntu by all accounts became way more popular.

However Debian has learned over the years and the latest release from June 2023, Debian 12 "Bookworm" is a massive improvement in user-friendliness. The install process is easy. There is both a slightly more complicated "net-installer" with all ISOs, and a simplified Calameres installer included with live systems that can be run off usbs to test things out. And even the net-installer is quite a simple process that is good at explaining what it does, and having sane defaults it encourages you to pick if you are unsure. This video about Debian 12 is a good counterpoint to the Debian 2.1 video linked above.

It did involve being more pragmatic about their approach to free software and including non-free firmware, so things like wi-fi now work without any problems for the end-user. Now I'm against proprietary software and hardware manufactures should have open source drivers for their shit, but I can't argue with how my laptop's wi-fi and bluetooth worked entirely without hassle.

Now Debian still requires more of the user than Mint does, like you have to figure out how to enable flatpak support and I did have to go into the terminal to install all the packages I wanted. That was a leesser part of the experience with Mint, I only had to do that to install 32bit libraries for my retro games and speciailized things like that.

(And you do want flatpak, the one thing you need to know it's a form of software package that works on basically all Linux distros, so a lot of developers package their programs as flatpaks instead of creating multiple versions for for all the various Linux file systems. So you get a lot of variety in software, and there are other positives as well)

I was happy for having a few months of training in how Linux works from Mint, it taught me how packages work. why flatpaks are useful (they are included by default in Mint and its package manager), how to use the terminal and other useful stuff. So if you are completely new to Linux, Mint is still the distro I recommend. I recently installed Mint on the computer of a 70-year old friend of mine, not Debian for a reason.

Still, It's nice to be at the distro that is the source rather than two steps downstream. Having to set up my Debian, instead of all the things the Ubuntu and Mint devs have added on top (even if what the Mint team adds does make for a smoother out-of-the-box experience). Again I'm not that technically proficient, but I find some enjoyment in tinkering. So setting up things like flatpak in Debian was a fun little challenge for me to do, made quite safe and easy by all the guides there are for such things.

I'm probably going to stick with Debian stable. I like long-term support distro way of doing updates, where you get important security updates, but other updates are released only after being tested for bugs. This ensures sytem stability. The other way is rolling release, where updates are constant. Package updates are released as soon as they are available, which might lead to bugs and other forms of system instability.

LTS does mean you won't get flashy new features for awhile, but I'm usually quite happy with the way I currently use my programs, my current workflow. Despite being a transgendered ultra-leftist, I'm creature of routine and habit (it's the autism), so LTS distros fit me quite well. If it ain't broke, don't fix it. So i'm probably not going to use arch btw, not because I'm afraid of not figuring it out, it might even be a fun challenge, but because I don't care about rolling release cycles.

And Debian is the best of LTS distros, the one most off them are based on. Also Debian is for lesbians.

On September 11th, 2023 Google released an emergency security fix for a critical vulnerability discovered, identified as CVE-2023-4863 affecting the Google Chrome for Windows, macOS, and Linux. CVE-2023-4863 is a zero day heap buffer overflow vulnerability in Google Chrome’s WebP with a HIGH 8.8 CVSS score. The vulnerability allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. According to Google’s report and the CISA KEV Catalog, the vulnerability is known to be exploited in the wild, which highlights its urgency and affects any application or software that uses the libwebp package of WebP codec, which significantly increases the attack surface. Rezilion analysis of the vulnerability reveals that: • The scope of this vulnerability is much wider than initially assumed, affecting millions of different applications worldwide • Vulnerability scanners will not necessarily provide a reliable indication of the presence of this vulnerability, due to being wrongly scoped as a Chrome issue. • It is highly likely that the underlying issue in the libwebp library is the same issue resulting in CVE-2023-41064 used by threat actors as part of the BLASTPASS exploit chain to deploy the NSO Group’s Pegasus spyware on target mobile devices. Rezilion analysis reveals that there are several common Linux applications that contain or use the vulnerable libwebp package as a dependency. Examples include: libtiff, python-pillow, libgd, gnuplot, libavcodec58, libmagickcor, libqt5webkit5, libgvc6, libimlib2, and others.  Rezilion has also identified the vulnerable library in several popular container images׳ latest versions, collectively downloaded and deployed billions of times, such as Nginx, Python, Joomla, WordPress, Node.js, and more.

(September 21st 2023)

(September 26th 2023)

A critical zero-day vulnerability Google reported on Wednesday in its Chrome browser is opening the Internet to a new chapter of Groundhog Day. Like a critical zero-day Google disclosed on September 11, the new exploited vulnerability doesn’t affect just Chrome. Already, Mozilla has said that its Firefox browser is vulnerable to the same bug, which is tracked as CVE-2023-5217. And just like CVE-2023-4863 from 17 days ago, the new one resides in a widely used code library for processing media files, specifically those in the VP8 format. Pages here and here list hundreds of packages for Ubuntu and Debian alone that rely on the library known as libvpx. Most browsers use it, and the list of software or vendors supporting it reads like a who’s who of the Internet, including Skype, Adobe, VLC, and Android. It’s unclear how many software packages that depend on libvpx will be vulnerable to CVE-2023-5217. Google’s disclosure says the zero-day applies to video encoding. By contrast, the zero-day exploited in libwebp, the code library vulnerable to the attacks earlier this month, worked for encoding and decoding. In other words, based on the wording in the disclosure, CVE-2023-5217 requires a targeted device to create media in the VP8 format. CVE-2023-4863 could be exploited when a targeted device simply displayed a booby-trapped image. “The fact that a package depends on libvpx does NOT necessarily mean that it'd be vulnerable,” Will Dorman, senior principal analyst at Analygence, wrote in an online interview. “The vuln is in VP8 encoding, so if something uses libvpx only for decoding, they have nothing to worry about.” Even with that important distinction, there are likely to be many more packages besides Chrome and Firefox that will require patching. “Firefox, Chrome (and Chromium-based) browsers, plus other things that expose VP8 encoding capabilities from libvpx to JavaScript (i.e. web browsers), seem to be at risk,” he said.

(September 28th, 2023)

I use Arch, BTW

I made the switch from Ubuntu 23.04 to Arch Linux. I embraced the meme. After over a decade since my last failed attempt at daily driving Arch, I'm gonna put this as bluntly as I can possibly make it:

Arch is a solid Linux distribution, but some assembly is required.

But why?

Hear me out here Debian and Fedora family enjoyers. I have long had the Debian family as my go-to distros and also swallowed the RHEL pill and switched my server over to Rocky Linux from Ubuntu LTS. on another machine. More on that in a later post when I'm more acclimated with that. But for my personal primary laptop, a Dell Latitude 5580, after being continually frustrated with Canonical's decision to move commonly used applications, particularly the web browsers, exclusively to Snap packages and the additional overhead and just weird issues that came with those being containerized instead of just running on the bare metal was ultimately my reason for switching. Now I understand the reason for this move from deb repo to Snap, but the way Snap implements these kinds of things just leaves a sour taste in my mouth, especially compared to its alternative from the Fedora family, Flatpak. So for what I needed and wanted, something up to date and with good support and documentation that I didn't have to deal with 1 particular vendors bullshit, I really only had 2 options: Arch and Gentoo (Fedora is currently dealing with some H264 licensing issues and quite honestly I didn't want to bother with that for 2 machines).

Arch and Gentoo are very much the same but different. And ultimately Arch won over the 4chan /g/ shitpost that has become Gentoo Linux. So why Arch?  Quite honestly, time. Arch has massive repositories of both Arch team maintained  and community software, the majority of what I need already packaged in binary form. Gentoo is much the same way, minus the precompiled binary aspect as the Portage package manager downloads source code packages and compiles things on the fly specifically for your hardware. While yes this can make things perform better than precompiled binaries, the reality is the difference is negligible at best and placebo at worst depending on your compiler settings. I can take a weekend to install everything and do the fine tuning but if half or more of that time is just waiting for packages to compile, no thanks. That plus the massive resource that is the Arch User Repository (AUR), Arch was a no-brainer, and Vanilla arch was probably the best way to go. It's a Lego set vs 3D printer files and a list of hardware to order from McMaster-Carr to screw it together, metaphorically speaking.

So what's the Arch experience like then?

As I said in the intro, some assembly is required. To start, the installer image you typically download is incredibly barebones. All you get is a simple bash shell as the root user in the live USB/CD environment. From there we need to do 2 things, 1) get the thing online, the nmcli command came in help here as this is on a laptop and I primarily use it wirelessly, and 2) run the archinstall script. At the time I downloaded my Arch installer, archinstall was broken on the base image but you can update it with a quick pacman -S archinstall once you have it online. Arch install does pretty much all the heavy lifting for you, all the primary options you can choose: Desktop environment/window manager, boot loader, audio system, language options, the whole works. I chose Gnome, GRUB bootloader, Pipewire audio system, and EN-US for just about everything. Even then, it's a minimal installation once you do have.

Post-install experience is straightforward, albeit just repetitive. Right off the archinstall script what you get is relatively barebones, a lot more barebones than I was used to with Ubuntu and Debian Linux. I seemingly constantly was missing one thing for another, checking the wiki, checking the AUR, asking friends who had been using arch for even longer than I ever have how to address dumb issues. Going back to the Lego set analogy, archinstall is just the first bag of a larger set. It is the foundation for which you can make it your own further. Everything after that point is the second and onward parts bags, all of the additional media codecs, supporting applications, visual tweaks like a boot animation instead of text mode verbose boot, and things that most distributions such as Ubuntu or Fedora have off the rip, you have to add on yourself. This isn't entirely a bad thing though, as at the end if you're left with what you need and at most very little of what you don't. Keep going through the motions, one application at a time, pulling from the standard pacman repos, AUR, and Flatpak, and eventually you'll have a full fledged desktop with all your usual odds and ends.

And at the end of all of that,  what you're left with is any other Linux distro. I admit previously I wrote Arch off as super unstable and only for the diehard masochists after my last attempt at running Arch when I was a teenager went sideways, but daily driving it on my personal Dell Latitude for the last few months has legitimately been far better than any recent experiences I've had with Ubuntu now. I get it. I get why people use this, why people daily drive this on their work or gaming machines, why people swear off other distros in favor of Arch as their go to Linux distribution. It is only what you want it to be. That said, I will not be switching to Arch any time soon on mission critical systems or devices that will have a high run time with very specific purposes in mind, things like servers or my Raspberry Pi's will get some flavor of RHEL or Debian stable still, and since Arch is one of the most bleeding edge distros, I know my chance of breakage is non zero. But so far the seas have been smooth sailing, and I hope to daily this for many more months to come.

Okay- so

I’ve installed Ubuntu and oh boy it was a lot of commands for me lol. Gave me an idea tho.

Scout (and merc/s of your choice) with s/o that’s kinda into commands and stuff?

It was fun messing it up or finding it tbh.

Scout and Engie with s/o that's into programming.

Scout- doesn't understand any of it. He gave up on trying to pretend he knows what you're talking about a long time ago. However, he still loves to listen to you ramble about it. It also impresses him how you manage to do something so difficult for him. Also..." What does this button do? ",

Engineer- since he's into mechanics, you can expect stuff like this also interests him a bit. Doesn't fully understand it, but would love to sit down with you and try it. I feel like he would learn it very quickly. At some point he starts to enjoy it even more than you do probably. It would be like a past time to him.

Idk how to explain this without being long-winded, but it’s my blog so whatever.

Basically, I have a 2011 MacBook Pro 15”. I’ve replaced the battery and upgraded the RAM and replaced the 500GB HDD with a 500GB SSD. It’s great! The machine is truly the fastest mobile computer I have.

The 2011 MBP was let go from software updates a while ago, meaning, natively, macOS High Sierra is as high as I can get the thing.

Luckily, this computer is from an era when Apple actually made computers and not eWaste, so I just erased macOS off of it and flashed Zorin OS (an Ubuntu-based Linux distro) onto it. The computer is now even better! It’s my primary productivity machine. The display, speakers, battery life, and thermals are all pretty bad, but it’s just so snappy and problem free I can’t help it.

Now, when I set up Zorin OS I used LVM Encryption to encrypt the entire disk. Basically, upon booting, before anything happens, I’m prompted with a password box. Once I put in the encryption key, the computer would continue booting and bring me to my usual login screen. Great! Easy peasy, extra secur-sy. Well. That was the case.

Somehow, in my efforts to find a way to stop Linux from using my MBP’s Discrete GPU in favor of its Integrated (more efficient, less power hungry) one, I broke something in the EFI or SMC idk. Reinstalling didn’t help. MacOS Recovery mode didn’t help. The only way I fixed it was by wiping the device, running the installer USB, downloading the script I used to fuck it up, and then running it to undo what I previous had it do. This worked. Luckily, I was keeping the machine backed up with Timeshift. So, I wiped the computer again and installed Zorin OS, fresh, reinstalled Timeshift, and restored from backup. The only problem?

When I reinstalled Zorin, I didn’t use LVM Encryption because I was tired of having to manually type in that 25 randomized character password I chose. As a result, now every time I boot the computer, I’m prompted with a “Waiting for encrypted device, (name).” That prevents the machine from booting for about 5 minutes until it just randomly decides “ope, never mind” and finally takes me to my login screen. It does nothing in prohibiting me from using the computer expect prolong it. It’s just annoying and weird as hell, and I have no idea how to get rid of it.

Clearly, the way Timeshift resorted the device has it thinking it’s still an encrypted volume, and I have no idea how to tell it that it is not.

But anyway, it just aggravates me, and I needed to ramble and vent about it. Carry on.

words of wisdom...

a you should stop doing magical thinking if you know nothing, making more measurements will not help you i told you before, stop applying patches from ubuntu linux to 9front BurnZeZ: wrong wrong troff is the assembly language of text setting, lots of newlines god damn it theres no error message for stupidity just stop doing that yeah off to work m( \o/ Dis code doesnt fuck arround i just know pokemon exception handling… catch them all stop bullshitting I can no longer sit back and allow NIX infiltration, NIX indoctrination, NIX subversion and the international NIX conspiracy to sap and impurify all of our precious cats. maybe i can get a job as deep packet inspector filtering the internet is like trying to vacuum the desert my inodes explode in delight @_@ this bug report is full of bugs until reproducable test cases are provided, i dont belive anything why does plan9 always have to change to fix go? i have an idea what if the battery runs low on my smc file? but why do you need that? i wonder lets make a website wrong. we cannot abandon logic i have no tools to fight witchcraft 9front is sandcastles on the beach, everything else is sandcastles in YOUR FUCKING EYES they should'v been more sorry you probably killed yourself is there any good init system for systemd? its like dos, but it doesnt work every time you hit backspace with a selection in rio, robs pink sunglasses reflect a flash of light how does my opinion matter? the best code is the one that isnt there. so this is fossil bug thats easy another way would be me moving to america why do i have to repeat myself LET THEM EAT SNAKES. which all can be avoided with discipline old rob: "no." -> new rob "No." "no key matches" might be misleading honor, code, hjfs. fuck you intel we'r already pretty much dead with captain blaub├ñr this wouldnt have happend. i'd not advice for using tls so really, unix doesnt have this concept of a shred env srv files are not srv files stop mashing keys

Computers

Before everything else: I know this isn't the type of stuff I usually post, but here we go:

I recently switched my computer from Windows to Linux.

And must say, I much prefer Linux. It runs much better on slower computers. If you have a machine that's not running so well on Windows, you might consider trying Linux. For example, my computer kept freezing the whole time I was using it with Windows, but as soon as I switched to Linux that stopped happening.

In case you're curious as to how to do this, I'll try my best to explain.

WARNING: This process will delete EVERYTHING on your computer! Make sure to save any important files on a separate USB stick (not the one you'll use in this process)

So the first thing you will want to do is to download your preferred version of Linux. I took Ubuntu, it's probably one of the best-known ones. I just googled "Ubuntu OS download" and went from there.

Then you need to flash the OS onto a USB stick. There are several programs you can use to do this, Balena Etcher is very user-friendly but I was having some problems with it. Rufus would be another option but it's less user-friendly. You can google around and see what program you want to use. (There's also online guides on how to flash Linux onto a USB stick if you need help.)

Next comes the (sorta?) tricky part. (Make sure all your files are saved to a separate USB stick before you continue!!!) Plug the USB stick with Linux into your computer. Restart your computer, and while it's restarting, spam the function keys on your keyboard (the F1-F12) to get into the BIOS. Unfortunately I don't know exactly which one does the trick, if it doesn't work, try again until you get it.

Now you should see a list of options to boot your computer, and your USB stick should be one of them. Select it in the list. (At lest with Ubuntu) It prompted me to select an operating system or something like that, you don't have to worry about that, just select the first one in the list ("*Ubuntu" in my case).

Now your computer is running on Linux! You can now go ahead and download Linux onto our hard drive, the computer will immediately present this option to you.

Once it's done downloading, you now have a Linux computer!

All you need to do now is grab your USB stick with your files on it, plug it into your computer and you're good to go!

I'm sure there are more detailed guides on the internet, I guess I just wanted to put this out there in case anyone is curious.

Does anyone here use Linux Mint and also a few other distributions they can use for comparison? Every time I read the Mint docs I get the feeling that I'm missing something, how is it still so popular. It feels like Ubuntu with a few very small changes to the repository defaults. Is it just that the Cinnamon UI is more appealing than GNOME? (understandable and I'll pretty much take that as an answer, GNOME has issues but I mean, there's Kubuntu and half a dozen other official Ubuntu flavours right there.)

Like I get running some variations on popular distributions out of the box, e.g. MX over Debian for the alternative init support, alternative inits are a pain to set up and need repo-wide support, but as far as I can tell the selling point of the Mint customisations is "multimedia codec support" which I'm pretty sure are well supported by default in any basic Ubuntu since I think 12.04. There's a checkbox for it during installation. It's been over a decade since 12.04, so it'd be weird if that still mattered.

I guess if you've never used Linux it's nice that you don't even have to think about it but it's not like OpenSUSE where you have to add an entire repo to get that support, even if YaST makes that easy it's still a nuisance. I have philosophical gripes with Ubuntu but they're easily the best beginner Linux just because almost everyone supports it. If you search for "How to X on Linux" you'll almost always get something for Ubuntu first.

Some of it is probably just the meme of your weirdo friend installing Linux Mint on your parents work laptop. That's another viable reason.

How does Arch have better sound support by default than Ubuntu?

The OS that takes a solid day to install Grub, how does THAT work?