Para_lyzed

Fedora is what I’d describe as cutting edge, but not bleeding edge. It’s still behind from source, and is semi-rolling release, so it’s further behind than Arch but way ahead of stable/fixed release distros like Debian

Idk, I think Gentoo and Void would be worse for a new user. But yeah, most other distros will be more new user friendly. Bazzite has a great new user experience, for instance

Since they’re running Fedora Atomic, the commands are through rpm-ostree, as dnf is disabled. I’ve provided the relevant instructions.

Since you’re using Fedora Atomic, I’ll give you instructions for rpm-ostree:

Run rpm-ostree status and find the deployment with the dot to the left of it. Example output:

State: idle
Deployments:
● fedora:fedora/40/x86_64/kinoite
                  Version: 40.20240509.0 (2024-05-09T00:47:51Z)
               BaseCommit: 2f8263a33190c4e1320233aebbdc8f337b0a6abcba371d4870ae43fba33aea62
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
          LayeredPackages: akmod-nvidia akmods asusctl asusctl-rog-gui libratbag-ratbagd mullvad-vpn rpmdevtools
                           supergfxctl virt-manager xorg-x11-drv-nvidia
            LocalPackages: rpmfusion-free-release-40-1.noarch rpmfusion-nonfree-release-40-1.noarch

  fedora:fedora/40/x86_64/kinoite
                  Version: 40.20240507.0 (2024-05-07T00:44:22Z)
               BaseCommit: c7fb680111ecf1736e473cf6f9169f69e5f2ec6b50814f7017bd6f9f3c1bdaf2
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
          LayeredPackages: akmod-nvidia akmods asusctl asusctl-rog-gui libratbag-ratbagd mullvad-vpn rpmdevtools
                           supergfxctl virt-manager xorg-x11-drv-nvidia
            LocalPackages: rpmfusion-free-release-40-1.noarch rpmfusion-nonfree-release-40-1.noarch

First one has a dot next to it, which means it’s the active version. Copy the value after “BaseCommit:” (in my case it is 2f8263a33190c4e1320233aebbdc8f337b0a6abcba371d4870ae43fba33aea62)

Run rpm-ostree db list <paste commit hash here> | grep amd. Example output (my command was rpm-ostree db list 2f8263a33190c4e1320233aebbdc8f337b0a6abcba371d4870ae43fba33aea62 | grep amd):

amd-gpu-firmware-20240410-1.fc40.noarch
amd-ucode-firmware-20240410-1.fc40.noarch

In my case, running the most recent update on Fedora Atomic KDE, it looks like I’m running version 20240410-1 of amd-gpu-firmware. Yours may vary depending on what update you’re on.

By the same (virtually nonexistent) logic, neither are games in general, or operating systems, or computers, or anything that is not strictly “necessary” for one to survive. Yet all of these things clearly have a strong intrinsic value to society, else we wouldn’t be working so hard on all of it. If you don’t enjoy VR, don’t use it; it doesn’t get much simpler than that. I can guarantee you that no one on the SteamVR dev team is going to care about your opinion or where you think their resources are better spent. Want to change that? Apply for a job at Valve. Pointless comments aren’t going to do anything.

Facebook has been selling your data to ad companies since the day you created your account. This only changes what you visually see on the website. It makes absolutely zero difference from a data collection standpoint. Just consent so you can delete your accounts with less hassle. Filing GDPR complaints through email is a pain, takes a long time, and has no guarantee that they’ll actually accept it. Plus, some sites (likely including Facebook) will ask for a government ID to verify you live in an area where the GDPR applies. It isn’t worth the trouble when there are easier methods. Once you’re able to log in, you should be able to access a GDPR portal somewhere in case you still want to file a report before deleting your account, but it’s up to you if you want to go through the trouble. At the very least that saves you from having to write a letter and either email or mail it to them. With Facebook’s consistent history of violating GDPR, I honestly don’t even feel like it’s worth it to try. Chances are that your data will still be sold regardless. Just look at all the lawsuits against Facebook for GDPR violations in the past years.

I’d argue SimpleX does it better, they’re even modifying the Signal protocol to support post-quantum encryption. No phone number, uses the Signal protocol, and has no user identifiers at all (no usernames, no account numbers, no account at all; everything is stored locally on your device).

Oh also, before the reply that Signal is post-quantum already, here’s an excerpt from the blog post I linked detailing why SimpleX’s implementation is better:

unlike Signal design that only added quantum resistance to the initial key exchange by replacing X3DH key agreement scheme with post-quantum PQXDH, but did not improve Signal algorithm itself, our design added quantum-resistant key agreements inside double algorithm, making its break-in recovery property also quantum resistant.

There is much more detail in the blog post if you’re interested. SimpleX also has an incredible whitepaper

The best options for you are going to be SimpleX Chat or Jami, depending on your use case. If you only need to make video calls, probably Jami is the easier option, but if you’d like to have a chat app with video call support, SimpleX is the right choice. SimpleX is also just a really good messaging app, because it has no user identifiers or accounts. They have a wonderful explanation of their method for two-way communication in their whitepaper if you’re interested.

Also, video calling in a “secure environment”, as you’ve stated, is not difficult in the slightest, and absolutely not impossible. There are plenty of options available. Others beyond the ones I gave are Jitsi (but it’s gone way downhill; don’t use it), Signal, Element (you do NOT have to self-host for it, you can use the main instance or any other instance), and the options open up to basically everything if you make a new user profile and install sandboxed Google Play Services in the new user profile (from the “Apps” app). With sandboxed Google Play, you can use apps like Zoom if you really wanted, but I’d strongly encourage you not to for the sake of privacy. You can download apps without signing into a Google account via the Aurora Store.

Yes, of course GrapheneOS can run SimpleX! SimpleX has no dependence on the Google Services Framework, and even for apps that do have GSF dependence, they can be run with sandboxed GSF. The only apps that don’t work on GrapheneOS are apps that try to use the SafetyNet, which is mostly banking apps, or those that require GSF to have deep root privilege to operate.

Yes, that is exactly where perfect forward secrecy fails in Element. It allows all of the message keys to be downloaded by attacking a single point of failure. Perfect forward secrecy would necessitate that all messages and their encryption keys be completely independent, and each message would need to be broken one-by-one, as each key is completely different. What Element does with their cloud backup solution is it adds a single point of failure that results in every single message being compromised, without physical access to any device. Real perfect forward secrecy would make that impossible, as you have to break the encryption of every message independently (again, ignoring physical access to the device, because the device will always have access to all the messages anyway). It essentially invalidates many of the benefits of using a double-rachet key exchange protocol to begin with, as you can attack a single point of failure that would compromise all messages instead.

Granted, whether or not that matters to you is entirely up to you. I’m just clarifying that Element lacks perfect forward secrecy, so I have an ideological objection to my own personal use of it for anything sensitive, since there are more secure messengers out there (like SimpleX) that do have perfect forward secrecy, and many more security and privacy features (like the whole no user identifiers thing and no server side storage with SimpleX). That does of course come with the tradeoff that you can only use it on one device at a time, but everything is a list of pros and cons. Is anyone going to target you and attack you by attempting to gain access to your cloud backup keys? No, most certainly not. But the fact that it exists as an attack vector to begin with is troubling from a security perspective (again, that’s where SimpleX shines with all data being stored locally, so there is no way to access those messages on demand without physical access to the device). I personally think that the metadata issues are much worse with Matrix from an immediate privacy perspective, as that is an avenue that can be actively exploited in a much easier capacity.

If I understand correctly though, I believe we’re both on the same page. Element is still a much better option than something like Discord, but it is not without its own flaws.

The idea with perfect forward secrecy is that by breaking one key, you aren’t able to read all the other messages. The way Element works (allowing users to share encryption keys for messages stored server-side across devices, using a shared storage system), allows for a single key to allow access to all messages. All you need is your backup phrase (or a valid login session), and suddenly not just one message is visible, but all messages are. That is fundamentally in complete opposition to perfect forward secrecy.

The way to work around this is by storing all messages locally so they cannot be decrypted simply with server access, but Element stores messages on their servers, not locally (like SimpleX does, for instance). That would allow robust backup and syncing without breaking PFS.

Do you have any sources for that, preferably their own documentation

https://github.com/element-hq/element-meta/issues/1296

I got that from the privacyguides.org website, at:

https://www.privacyguides.org/en/real-time-communication/#element

If you look carefully on the Element website, there are never any claims that it provides perfect forward secrecy. This is intentional, and unless they change their backup keys, it will continue to stay that way. As the issue is still currently open, I can only assume it is still currently an issue.

From the article, it seems that there will be a DRM-free version available on the game’s website for Linux (and that will be the only place to get the Linux native package). So no need to go through Epic. Plus, most Epic exclusives eventually end up on Steam anyway, it’s just a matter of time.

I’d like to add SimpleX to this list, as Matrix based messengers hemorrhage metadata, and Session doesn’t have perfect forward secrecy. Also, while the Matrix protocol technically supports perfect forward secrecy, Element does not currently use it.

https://simplex.chat/

Good to know, thanks!

The common recommendation is Linux Mint, but there are lots of Ubuntu derivatives out there. Another common recommendation is Debian or a Debian derivative, and those will generally be similar to Ubuntu since Debian is the upstream of Ubuntu.

You can feel free to ignore it if you aren’t open to other options, but my personal distro recommendation for a Gnome-based desktop is Fedora. It has a much quicker update cycle, so you’ll actually get feature updates on your packages (which is great if you use neovim plugins, since the neovim packages in the Ubuntu repos are ancient at this point, or you know, any other package that benefits from being updated). Of course it obviously isn’t as bleeding edge as Arch, though I personally see that as a benefit because I found Arch to be unstable (haven’t really experienced any instability with Fedora in the past few years though). But don’t be mistaken, I’m not saying Fedora is similar to Ubuntu, just providing an alternative perspective since you seem to be open to switching to a different distro (though the differences may be more minor than you think from an end-user perspective).

BTW, Linux Mint isn’t just a “beginner distro”, it’s perfectly fine for anyone to use, and it fixes a lot of the Canonical BS from Ubuntu. I feel like some people get caught up in the thought that Mint is the distro that you ditch for another one when you become more comfortable with Linux, but that doesn’t have to be the case.

Going through the GitHub page for the bot, it seems that this is intended behavior by the dev. In their own words:

I think it still serves its purpose of people not having to leave the community to see what the article is about.

I agree with this, personally, as I don’t like having to follow links to read articles. It’s nice having a comment with a TL;DR, or for very short articles having the whole article in the comments. Plus, it’s not like one (relatively short) comment really adds bloat to the comments section, it’s something that can be easily scrolled past.

Perhaps I was a bit vague with the word “performance”, but given that this user only seems to be interested in running ROS, there is absolutely no reason they need anything above the FPS cap (hence my recommendation of virt-manager, as it is quite user friendly). The “performance” aspect of it boils down to CPU utilization and efficiency more than anything.

Yet Another Call Blocker. Also available on F-Droid

I don’t have much to comment on native installs that hasn’t already been said, but if you go with a VM, please don’t use VirtualBox. It’s a pile of hot garbage that pales in comparison to the already existing, kernel-level virtualization offered by KVM/QEMU. Use a package like virt-manager for KVM/QEMU based VMs and your experience and performance will be infinitely better. The Linux kernel has KVM built in for a reason, so take advantage of that.

Otherwise, Distrobox is a great recommendation, as are many of the other install methods listed in these comments.