I also need to frequently fill out captchas.
I am part of several large groups, including some that are honeypots for scammers. Signals bot detection system is really bad, so everyone needs to fill out captchas all the time, even on desktop.
I was not able to use the current system, I dont know how it is supposed to work. I was not able to copy just the token from the error popup, as the GTK text selection was buggy (KDE Plasma 6 wayland). instead I copied everything to a text editor
I then filled out the captcha, put the token in the top box and the generated signalcaptcha link in the bottom one, but got a HTTP 400 error
No, this is not about installing GNOME extensions but the "Native Messaging" between browsers and other applications.
Afaik Snaps have solved this by now. Apps like KeepassXC or Zotero need to have a portal to communicate with the Browser, even if both apps are running in a sandbox.
The native messaging proxy might make this possible already.
Here the closed PR with some infos on that
An issue about KeepassXC in a sandbox and the native messaging proxy
The whole thing has progressed but still doesnt seem completed. Looks like integration into desktops is one major missing step, but I have not fully understood the current situation.
boredsquirrel (417dbd5a) at 07 Sep 16:02
allow using run0
Hi there, I will not be able to reply to everything right now.
Good points made here. I am currently a Fedora Kinoite user myself and it is nice. The LTS kernel is a must though. Ae have had at least 2 extreme incedents where desktops were crashing and more, on Fedora. A single guy (kwizart) has a COPR for the LTS kernel, that is a must. Fedora otherwise can be totally fine.
And as a POC, coming from the uBlue infra, it is of course really useful.
I have gotten NixOS setup now, and it is waay easier to get running. I can compose a slim and complete system, and instead of container imager being built and moved around, it would just be a bunch of configs.
Fedora Atomic Desktops (or Alma, CentOS Stream etc) are the only good option apart from that currently. OpenSUSE does not use OCI images, and Kalpa is nowhere compatible with Kinoite. It is not really "immutable" as in "managed system". So no argument here.
Very interesting project! Though, as a Fedora Kinoite user myself, I wonder about the choice a bit.
While Fedora packages and the KDE desktop are great, there are obvious issues here
Pro
Con
Fedora has begun their "Atomic Desktops" which solve a huge issue with the instability of dnf and the need for frequent updates. The system works really well, updates are more solid than Windows updates, but still faster.
This is done via rpm-ostree but will be replaced with bootc soon. A lack in features can be expected, for example local package changes. So admins would need a local forge, pull down an image, add some things on top, and the clients only sync with that image. Updates would be really fast in that way.
Alternatively I have found NixOS, which is more complex and might have specific issues. But it
sudo nixos-rebuild boot)As a beginner, I was able to relatively quickly setup a working system, with the 6.12 LTS kernel, a stable base, a few unstable packages, full disk encryption, systemd-boot and a Wayland-only KDE Plasma desktop!
It was extemely easy, and while there is a learning curve, it is also worth noting that this does not require a server to build images at all. It is all done with a few config files.
A great EU Distro, OpenSUSE, poorly has no good "immutable" or "atomic" model. They implement snapshots well, but there is no way to reset a system, or control the state in a deterministic way.
Rock-stable distros like Debian or Enterprise Linux (RHEL, Alma, etc.) may work, but can still introduce maintenance burdens.
I see Arch and Alpine are discussed. Alpine could have big security benefits, but might have problems running binary packages.
When using rolling distros, packages would need to be delayed and vendored, which is a bit against the goal of not building a distro.
So these would make sense as base
Easiest is to choose a distro that already bundles a stable packaging system with it. So traditional package-based systems are unsuited.
Here, CentOS Stream (apart from NixOS) is best, as there are HeliumOS (now Aurora-LTS) and Bluefin-LTS, both in the "universal blue" project.
They take CentOS Stream as a container image, and add the needed packages on top. All that can be done using podman, anywhere. Basing off CentOS Stream is pretty new, so the images are technically in "alpha". But I have tested them, and they work really well.
Using the official longterm kernel guarantees faster (and less dependent from RedHat) security backports.
If you really want to replace Windows (10), you need something that has
dnf system-upgrade messFor software, using Flatpak and binaries (like the firefox tarball) make sense. Flatpak overrides can be managed with something like Ansible.
Also regarding security, locking down these systems would be a good idea. You can have a look at what I proposed to HeliumOS, and also have a look at the Secureblue project. Secureblue bases off Fedora Atomic Desktops too.
Image-based systems make a lot of sense, like the uBlue project shows. You can build a EU-wide base image, and the national images are built 2 hours after that runner, add in their custom things. Then the regional runners run 4 hours after the EU-wide runner, and can add their custom things again.
You can have a clear hierarchy, and be able to reuse the setups of each country how you like. The images can be built in private, on premise, but could also be built on open forges like a Forgejo instance.
Customization and presets dont take a lot of expertise or tooling like Ansible, as you can see in the heavy customization that uBlue or secureblue do.
Here you can find the CI/CD files for building Fedora Atomic Desktops, on Gitlab
I just wrote to a thumbdrive and accidentally closed the window.
A popup appeared asking me if I really want to cancel
"cancel" and "stop" mean the same thing. This is very confusing, the colors dont help.
Instead I propose renaming the right button to "Continue" (german: fortfahren) and the left to "Close" (german: abbrechen) as this is what they seem to do
And agreed, we dont want to go the Iceraven way and have a list full of nonsense.
https://github.com/fork-maintainers/iceraven-browser/issues/63
I was in a forum with swedish text and ff translate didnt recognize it. Also, it is not always showing, and I am very confused if you need the addon or if it works natively, as they seem to differ a bit.
I talked with the TWP dev and allegedly the addon scans the language locally and only sends text to those providers if one is detected. The websites are public and everyone should use a VPN, so there should be no issue.
FF translate is nice but limited and makes silly mistakes.
The current recommended Addons are problematic.
Instead, only a few are needed and should be recommended so they appear on the page without needing to go to AMO.
Additional ones
What do you think?
I have an addon collection here but it might already be too much.
Hey, currently the GUI anti-tracking preset is "strong".
Instead, using "Custom" might give more privacy if you change some values
Not sure about the last one, is it the new DNT?
Also it might be possible to set those as "strong" preset without exposing all that to users.
This is a pretty small issue but I think the icon should have less white, more fox.
I can edit it?
Hi there! I use Aurorastore frequently and would like a secure, independent way to install it.
The Android package manager allows secure updates, but the first install is critical. Here you need to get a save APK, with a nonvulnerable version. from then on, you could update it from anywhere.
The Accrescent store is targeting exactly that, securing the first install process, while still giving devs all freedom (like signing APKs themselves)
https://accrescent.app/docs/guide/getting-started/index.html
It would be great to have appstores there, as they are really critical.
You can contact the devs, the store is already filling up, and works pretty well.
(I am just a user, not part of their team)
Update: the SELinux policy has been merged!