alt

Ow wow, that's a lot! Unsure to what degree you've used them; but if you feel confident talking about (at least some of) them, would you be so kind to offer us a rundown of what you liked and didn't like? Thanks in advance!

Basically, you want to not disable kernel.unprivileged_userns_clone.

For a temporary solution that has to be redone after reboot, there is sysctl kernel.unprivileged_userns_clone=1.

For a lasting solution, consider echo kernel.unprivileged_userns_clone=1 | sudo tee /etc/sysctl.d/99-enable-unpriv-userns.conf.

In either case you're foregoing security for the sake of convenience/functionality, so I understand why you would rather not act upon either of them.

I don't know what the solution is that would be analogous to installing bubblewrap-suid. Perhaps, it's worth exploring the projects found within the github page of Awesome Fedora Security for some pointers.

I don't know by heart if it's able to do your bidding, but perhaps it's worth checking out penguins-eggs. I guess the following would be its elevator pitch:

"penguins-eggs is a console tool, under continuous development, that allows you to remaster your system and redistribute it as live images on usb sticks or via PXE.

The default behavior is total removal of the system's data and users, but it is also possible to remaster the system including the data and accounts of present users, using flag --clone. It is also possible to keep the users and files present under an encrypted LUKS file within the same resulting iso file, flag --cryptedclone.

You can easily install the resulting live system with the calamares installer or the internal TUI krill installer."

Well I guess I’m a Linux user now.

One of us! Welcome!

Gnome apparently doesn’t let you create desktop shortcuts unless you resort to command line.

GNOME is indeed very opinionated. Consider taking a look at any of the "Desktop Icons"-extensions on extensions.gnome.org. This enables one to engage with desktop shortcuts without opening a terminal.

Linux is NOT dumbed down enough for the average user yet.

Depends. I can't imagine how something like Endless OS could cause troubles to someone that only requires simple functionality (like e.g. their favorite web browser working etc) from their OS.

As a final note some Linux users push harder than crack dealers I’ve met.

Yes. We can be very enthusiastic at times 😅.

I do think that engaging with different desktop environments at this stage of your Linux journey might be very beneficial in the long run, but I can totally understand it if you'd like to settle down for (at least) a moment.

The link for uBlue didn't work for me. For those interested: uBlue

Not OP.

getting downvotes etc

That was mostly on the first day. OP was probably very frustrated and disappointed after their initial impression. The way the rant that followed afterwards was written didn't do them any favors 😅 and the downvotes that followed afterwards were therefore not very surprising...

I allredy forgot which distro worked for you

Pop!_OS

I hope to read more about OP's experiences with Linux and if they decide to stick with it. Let's hope we get updates on those soon 😉.

Again an association is made between butt plugs and Arch users. I wonder if moving forward showing a collection of butt plugs will become the next "I use Arch, btw".

Distrobox is directly inspired from Toolbx and was created because of limitations of Toolbx and how Toolbx' maintainers didn't want to implement some features at that moment in time.

Currently, Distrobox is almost a superset of Toolbx. Though, I've come to the understanding that Toolbx does better at some tasks.

If you would like to stick to just one of them, then Distrobox is probably still the better one and should be preferred. However, if its added functionality doesn't do it for you, then please feel free to continue using Toolbx.

Why is toolbox preinstalled and not distrobox?

Because Toolbx predates Distrobox and is developed by developers that are associated with Fedora and even specifically designed in hopes of solving some issues pertaining to Fedora's Atomic distros.

Thanks for the explanation!

I didn’t like Runit

Unfortunate, but not very surprising 😭. I hope it (or another init) will one day be more than a viable alternative to systemd, so that the hegemony will cease to exist.

the package selection wasn’t great

While not applicable in all cases, I've had great success with relying on Distrobox in case I had to rely on the repos of another distro to get my software.

As for siduction, it was just a touch too buggy (i.e. XScreensaver caused the laptop to freeze when I closed the lid) and too preconfigured to be able to resolve easily. It also played havoc with my school’s BYOD internet.

Interesting! I didn't know that siduction is relatively unpolished.

I’ll probably go back to it at some point, though.

I wonder if perhaps SpiralLinux does a better job.

Of course, the main reason for this new install is that I just bought an SSD, and I’d rather start fresh than try to flash my old hard disk across.

Relatable 😜.

Looks good!

Are you just exploring the waters? Or were you discontent with Void and siduction?

Thanks a lot for this excellent write-up! I believe it has successfully fulfilled its purpose.

To make myself absolutely clear: I believe that we agree on our general sentiment towards systemd; I don't like how it has almost ostracized other inits, nor do I like how ever-impactful it has become across the board so much so that even the most established DE (read: GNOME) has had hard dependencies to systemd in the past^[1]^.

And this is where i think you’ve contradicted yourself. IMO, the only reason opponents use it is not because it’s so great but because it’s so entrenched in whichever distro they’re using.

Got it! I see now why you might have perceived that as a contradiction. And honestly, you might be correct! I assumed that systemd is used for how it might enable the full system AppArmor policy^[2]^ and other features that Kicksecure has become known for. Honestly, I'm not an expert on Kicksecure myself. I just like the project and even try to import some of their systemd-related features and/or configs on my daily driver.

Based on past readings, the idea that systemd was (ironically) still preferred on Kicksecure for security-related features stuck with me. But, honestly, it could have been my misunderstanding and instead they might have chosen to make the best out of it as not using systemd would have increased the maintenance burden tremendously.

This conversation has opened the possibility to me that Kicksecure's maintainers might have stuck to systemd for non-security reasons. Ultimately, your contribution by addressing that point has been immense. Thank you so much for the insight and for being patient with me 😊!

1. I believe this has since been resolved.
2. Based on the following statement: "AppArmor can do this by loading a profile for systemd in the initramfs." found here

Thanks for the answer! I got some pointers 😉.