hottari
TLDR Some folks just never update their software. Idk if this is just a Windows problem but damn. I remember reading about this 0-day months ago and thinking to myself malware groups will have a field day before the vulnerability finally becomes dead just because of this.
That's a feature not a bug. Under flathub, the original author of the software (for verified apps at least) knows what is the best configuration to ship for their package.
ATM. You are not trusting flathub when installing a flatpak. You are trusting the application's author. Maybe in the future, flathub would introduce restrictions on certain permissions but we would be speculating at that point.
Long answer: Chrome like every other application with a textbox will paste the text when copied from Firefox (bug originator). But you cannot trigger this bug from Chrome so...
Short answer: No.
You said all browsers would follow your system DNS, I just explained that’s not always the case.
Both Firefox & Chrome follow my system DNS at default settings. Just because Firefox forcefully enrolled US users to Cloudflare's DOH doesn't mean that DNS is broken for every one else.
And there is actually a common problem with devices on the LAN that use DoH. You can block their access to the specific DNS servers they use, or block their access to the internet altogether, but you can’t force them to use your DNS settings.
Again. Has nothing to do with the topic i.e Linux DNS. Applications can use their own custom DOH/DOQ resolvers to bypass system DNS, this has no bearing on the brokeness or not of systemd-resolved or any other system DNS resolver.
The US is not the world!
And neither Firefox nor its broken? DNS implementation have anything to do with the topic(Linux DNS)...
Then Firefox is broken in this context. It should respect the user's system DNS settings.
Edit: You are wrong. The correct answer is somewhere along the lines of borderline confusing and you don't have to worry about it if everything is working. In my case, it used my DNS provider set by systemd-resolved and not cloudflare but YMMV.
This is what the default menu for Firefox DNS settings say:
Enable secure DNS using:
...
Firefox decides when to use secure DNS to protect your privacy.
Use secure DNS in regions where it’s available
Use your default DNS resolver if there is a problem with the secure DNS provider
Use a local provider, if possible
....
Turn off when VPN, parental control, or enterprise policies are active
Turn off when a network tells Firefox it shouldn’t use secure DNS
Your suggested solution would leak DNS for everything except thr browser
How so?
I don't think systemd-resolved has support for DNS-over-HTTPS yet but it has support for DNS over TLS which I have used issue free for years now.
All the browsers will use your system configured DNS if you do not touch the browser's DNS settings.
DNS is not broken on Linux, your configuration is.
Good to know that if I ever get tired of Gnome one day, there's this.
The entire premise is for a package/manager to create a running/permanent service that will be started after boot AND does not require user intervention (for the avoidance of doubt, enabling the systemd service counts as intervention).
One way to do this is to create the service file and do the symlink to a folder that systemd automatically runs on boot. For both user and system systemd files you require root to make these modifications.
Another way is to create a Desktop file in the path I shared.
If you have more ways I'd be happy to hear them.
You should listen to the advice from Distro Chooser. Arch fits the bill. You'll just have to take care not to convolute the system too much with workarounds & all sorts of packages and it will take care of you.