Pantherina

I use Fedora Kinoite daily and find it to be the only OS to make sense really.

I find Fedora CoreOS totally confusing (with that ignition file, no anaconda, no user password by default, like how would I set this up anywhere I dont have filesystem access to?)

But there are alternatives. I would like to build my own hardened Fedora server image that can be deployed anywhere (i.e. any PC to turn into a secure and easy out-of-the-box server).

As modern server often uses containers anyways, I think an atomic server only makes sense, as damn Debian is just a pain to use.

Experiences, recommendations?

A presentation by @siosm@floss.social and @JoshStrobl@fosstodon.org about the state of the atomic desktops and especially Silverblue, Kinoite and Onyx (Fedora Budgie Atomic)

https://gitlab.opencode.de/opentalk

Btw there is skim, a Rust fzf replacement that is in most repos!

There already is an experimental image based on Silverblue with the alpha stage Cosmic Epoch Desktop.

Mainly finetuning and SELinux profiles are needed!

Join the Matrix Group! (yes, no Discord 😉)

The BlueBuild project creates accessible tools for you to create, configure & build custom images of atomic Fedora distributions.

A custom image in this context is a customized version of an image-based Linux distribution that can be switched to by the user of such a distribution without reinstalling. So about making your own distro, maybe, but not really. When making custom images, you’re building on top of an existing distribution. You’re most likely using its package manager and repositories and just adding your own flair with package set changes and configuration files. It’s more like a more reliable version of maintaining/sharing your dotfiles, but from the perspective of the operating system.

Someone might get turned off from so-called ‘immutable’ Linux distributions due to fears of the taking away them ability to tinker and change the system as you please. The term comes from the usage of immutable root filesystems in these distributions, but in reality most ‘immutable’ Linux distributions are still pretty change-able. So while BlueBuild is a tool that helps you tinker with these sorts of distributions, it’s not giving you back some freedom that was taken away.

Here’s some terms that can be used to better describe these sorts of distributions:

Atomic: instead of new and updated packages being swapped on the running system live, they’re queued up to be used after the next boot.

Image-based: instead of each computer updating each of its system packages individually, the system updates are bundled (usually daily) as images that are pulled onto the user computers and queued up to be used after the next boot.

What’s up with the logo? It’s our mascot, a blue-billed duck with a wrench! A good pun, and cute too! The writer of this FAQ is definitely not at all biased!

The logo (along with all the other BlueBuild branding) was designed by @xynydev and is licensed under CC BY-NC-SA 4.0.

I never had a single "website blocked" dialog because of safe browsing. Meanwhile UBlock Origin often blocks websites, fullscreen with a warning.

On Firefox Safe Browsing is proxied through their servers and anonymized, so I use it. But tbh I have no idea how useful that is?

I use Search Engines (DDG, Startpage, SearX) or Bookmarks and never had such a block, does it directly filter those sites from search results?

I am again deleting old mails. And I have inboxes with like 200 of them, it is hell.

I would like to autodelete mails that contain a date. If there are multiple dates, take the latest one. If that date is older than x days from today, delete the mail.

Is there something like that? Or some regex possible in native filters?

There are big wishes for Signal to adopt the perfectly working Flatpak.

This will make Signal show up in the verified subsection of Flathub, it will improve trust, allow a central place for bug reports and support and ease maintenance.

Flatpak works on pretty much all Distros, including the ones covered by their current "Linux = Ubuntu" .deb repo.

To make a good decision, we need to have some statistics about who uses which package.

I found this really old blog post and it still applies today.

We don't really have antiviruses, and thats nice. But we have a huge monolithic kernel, we have random executable files all over the filesystem, we have systems that to this day often dont even update without elevated privileges.

Android took Linux and fixed it, long ago. You dont even have root! Their app ecosystem is often very restricted by design though, as its a phone OS.

Desktop Linux needs to get more secure, compartimentalized, perfectly usable

• without sudo privileges
• without apps having read/write access everywhere
• without X.Org
• with portals, control, Wayland, Pipewire, Flatpak
• with a split up kernel, drivers in userspace, adapted to the actual hardware you are running
• with as much hardening applied as possible to simply shut off everything you dont need.

I guess there are many great projects out there that try to create exactly such a system

• musl, busybox
• RedoxOS
• hardened_malloc, *BSD software

Can you recommend more software that is secure by design? The blog author mentioned Postfix.