Clear Linux* (secured by design as claimed) don't support secure boot yet.

I studied it for several days in thoughts about installing Clear Linux as robust+secure disto, but I saw [this](https://community.clearlinux.org/t/has-clearlinux-secureboot-validation-lockdown/3111):

[Secure by design they said](https://preview.redd.it/mjq6ztnbzvg41.png?width=824&format=png&auto=webp&s=43291e1c4193ff8031ecf36cde5bbdd633774712)

Can anyone explain what's going on? May be secure boot is overrated? But official team forced to keep calm. I regret the time spent, distro hopping continues for me.

https://redd.it/f3rvg4
@r_linux

Secure, Privacy Focused Firefox

These links were emailed to me by Yvan from SnowHaze when I asked if they had a desktop browser of their secure, privacy mobile browser. He gave these to sure up Firefox, enjoy:

https://blog.snowhaze.com/firefox-add-ons/

https://blog.snowhaze.com/boost-your-privacy-and-security-in-firefox-with-these-advanced-settings/

Thank you SnowHaze

https://redd.it/f3ugzz
@r_linux

It's all fun and games untill she gives you this screen
https://redd.it/f3y1qg
@r_linux

Dual boot

Is there a way to dual boot windows 10 and some sort of Linux be it Ubuntu or clear Linux, on the same hard drive? Any suggestions for specific Linux os's

https://redd.it/f3z1wf
@r_linux

BENCHMARK: Windows vs. Clear Linux Scaling Performance analysis From 16 To 128 Threads With AMD Ryzen Threadripper 3990X
https://www.phoronix.com/scan.php?page=article&item=3990x-windows-linux&num=1

https://redd.it/f3z3vj
@r_linux

Steam says they've dropped support for the steam browser on 32-bit Linux systems. Does this mean I'm unable to play the games I own through steam on my 32-bit Linux machine?

I have an old computer which unfortunately is 32-bit afaik from doing lscpu with it telling me I only have the one opmode for 32-bit processing. When I installed steam on it, none of my games would display in my library and there was just one notification in the top left of the window telling me that the steam browser wasn't working correctly with a link as to why.

Following the link; it explained that Steam has dropped support for 32-bit linux systems.

Does this mean it's impossible for me to install/play my purchased games on my computer? Or is there a workaround? Most of my games are old games anyway.

https://redd.it/f40rzp
@r_linux

How and why is UEFI's Secure Boot useful?

There has been some discussions around SecureBoot recently, which a lot of it prompted by Intel's clearlinux team saying that they do not support Secure Boot. I wanted to clear several misconceptions on the matter.

>1) Secure Boot is a microsoft product.

No it's not. It's part of the UEFI (Unified Extensible Firmware Interface) standard that evolved out of Intel's EFI replacement for legacy IBM-PC bios.

UEFI is a defined interface that is presented by a motherboard's firmware to allow conforming operating systems to interact with the platform hardware. Secure Boot is nothing more than a standard for comparing cryptographic signatures on bootable executables and some OS code against a database of keys. [https://www.intel.com/content/www/us/en/support/articles/000006942/boards-and-kits/desktop-boards.html](https://www.intel.com/content/www/us/en/support/articles/000006942/boards-and-kits/desktop-boards.html) . In pretty much all x86 motherboards (by which I mean I can't find any exception,) the key database is entirely controllable by the end user. If you want to add your own key, you can. If you want to delete microsoft's key, you can. The only way that microsoft is involved is that 1) the majority of motherboards ship by default with MS's key, and 2) for a computer to be designated "Certified for Windows 8 or 10 or whatever" it has to ship with Secure Boot enabled by default and have Microsoft's key. It does not prevent user management of the keys.

Many distros have partnered with windows to piggy-back off their keys since they're distributed by default, but this is only relevant for REALLY new users who cannot manage their own key store. It's entirely possible to get the signing keys of your distro or to sign your own stuff without using MS's key at all.

​

>2) Secure boot is meant for enforcing DRM

Secure boot isn't even capable of enforcing DRM by itself. Once the OS is loaded Secure Boot doesn't do anything, it is only capable of restricting execution of boot loaders and OS kernel / modules. Most people confuse the criticism of secure boot with the criticism of hardware TPMs (trusted platform module). A TPM is a hardware device that contains private cryptographic keys with a defined interface for decrypting data without exposing your private key. In theory a company can require a TPM that does not expose an interface for user management of the keys and use it to restrict what devices are authorized to use its software or view media. Essentially a dongle. For that to be effective you'd have to enable both a TPM and a bastardized version of secure-boot that only allows heavily restricted operating systems to boot so that someone could not just load the software, find the unencrypted version of the software / media in RAM, and dump a cracked version that bypasses the DRM. But there are no examples of this type of thing being done on consumer PCs since most don't come with a TPM, and most users are not computer savy enough to understand how to buy / install / use one.

>3) secure boot doesn't protect anything or isn't useful.

It is entirely possible that your specific use case and risk tolerance is such that it is not an overall benefit for you to use secure-boot, but there are real benefits to it. If you dual boot your computer with both Windows and Linux, and have encrypted your Linux main drive, you still have unencrypted files that are used to bootstrap your computer enough to unencrypted those files. Even without a filesystem driver in windows that can read a linux partition, there still exists a theoretical attack where someone could compromise your windows OS, modify your initramfs, and put in some code to sniff your decryption password, writing it back onto your windows system to be retrieved the next time you boot into your compromised windows. SecureBoot prevents this attack, and even if your windows system is compromised by someone without a private key matching your secure boot key database, your linux boot files cannot be modified. If you only run o

ne Linux distro, it's much less beneficial since a compromised Linux system that allows modifying boot files would mean access to anything else, but it would still prevent certain theoretical classes of attack.

​

I'm certain I missed something, and am open to discussion or debate, but I wanted to clear up a lot of confusion and myths that seems to exist.

https://redd.it/f414vl
@r_linux

OpenSSH release (8.2) with FIDO/U2F support
http://www.openssh.com/txt/release-8.2

https://redd.it/f403vj
@r_linux

KDE is crap

Is it just me or is KDE the most buggy desktop environment out there. Everytime I try installing KDE plasma in a virtual machine. VMware Tools, Open VM Tools, VirtualBox Guest Additions and nothing else works.

KDE looks great but is disfunctional as hell.

That's not all. Plasma constantly crashes. Windows (graphically) sometimes glitch up (that one could be due to it running in a VM though)

https://redd.it/f3zbus
@r_linux

Best linux books for beginners?



https://redd.it/f43kg2
@r_linux

A funky smelling output
https://redd.it/f433xb
@r_linux

Cockpit 210, 211 & 212 — Cockpit Project

[**Cockpit 212 and Cockpit-podman 13**](https://cockpit-project.org/blog/cockpit-212.html)**:**

* Per-page documentation
* Localize times
* Podman: Show full log

​

[**Cockpit 221**](https://cockpit-project.org/blog/cockpit-211.html)**:**

* Better support for various TLS certificate formats
* Switch from Zanata to Weblate
* Overview layout optimizations

​

[**Cockpit 210 and Cockpit-podman 12**](https://cockpit-project.org/blog/cockpit-210.html)**:**

* Overview: Add CPU utilization to usage card
* Dashboard: Support SSH identity unlocking when adding new machines
* SElinux: Introduce an Ansible automation noscript
* Machines: Support “bridge” type network interfaces
* Machines: Support bus type disk configuration
* Podman: Configure CPU share for

https://redd.it/f3du5h
@r_linux

I wonder if I can get this to work on anything...
https://redd.it/f453y4
@r_linux

Having issues downloading for browser. Secure Connection failed

I recently downloaded a fresh install of Linux Mint 19.3 cinnamon and have been tailoring it to me taste. I am trying to download the tor browser but every time I access the website through Firefox or Chromium I get “secure connection failed error code: ssl error ex record too long” I’ve tried some fixes some people have recommended and still get the same problem. If anyone find or knows of anything that can help out I really appreciate it.

https://redd.it/f45w6v
@r_linux

Q&A with Greg Kroah-Hartman on state of android kernel
https://www.reddit.com/r/Android/comments/ezrb1y/how_many_android_devices_get_os_updates_2020/

https://redd.it/f46an6
@r_linux

plank dock in openbox and lxde missing features

hey guys, newbie issue with plank. I am missing transparency and icon zoom in openbox and lxde, while in xfce it acts much better.

Am I missing something in openbox or is it simply not supported that much like more robust DE and WM ?

https://redd.it/f46hyb
@r_linux

This Week in Matrix 2020-02-1
https://matrix.org/blog/2020/02/14/this-week-in-matrix-2020-02-14

https://redd.it/f47g2x
@r_linux

Slackware Linux on a 386sx40

[https://www.youtube.com/watch?v=5DBPuZHWEXc](https://www.youtube.com/watch?v=5DBPuZHWEXc)

https://redd.it/f47zya
@r_linux

Noob question about dsd audio files in li ux

Hi,

my aim is to build up a linux computer as an audio player for my audio files that are stored on a QNAP NAS. I bought myself a used Lenovo Thinkpad and managed to install Linux Mint onto it. I will use JRiver's Media Center to play my music files. This works fine so far for my HighRes Flac files. The one thing that doesn't work "out of the box", is playing DSD files and I wonder if there is need of some codec files to support DSD files. Maybe some of you can help me out here. Or is there a Linux system out there that is "better" for streaming and playing audio files from a NAS into a DAC via USB? The JRiver Media Center isn't tested for many distributions though and I would like to stick to it.
Thanks for any tipps, as I am quite new to Linux and wouldn't know where to search and look!

https://redd.it/f47cnr
@r_linux

Guake 3.7.0 Drop-Down Terminal Released With Option To Change Terminal Colors On A Per-Tab Basis, More
https://github.com/Guake/guake/releases/tag/3.7.0

https://redd.it/f48vwq
@r_linux