Quoting: Purple Library Guy

Quoting: mattaraxia

Quoting: KithopUnless you have a need to sandbox something,

You have a need to snadbox *everything* already. I'm blown away this mindset exists.

Ya know, I find it hard to take this attitude very seriously. I know the computer security people are all authoritative and expert and everything. But I've been using computers since before there was an internet, and in all that time no computer of mine has ever had an attack that I noticed the results of. If it weren't for phishing emails I might think there was no such thing as malicious cyberattacks outside the movies. It's possible that part of the reason my Windows computers of the late 90s/early00s got a bit wonky after a while was viruses, I dunno, but if so their action was indistinguishable from ordinary "Windows installs used to age really badly". So the thing is, after 30 years or so when I could have suffered an attack, during which I never did anything much about security other than "switch to Linux" and "use fairly decent passwords", and nothing ever happening, it gets harder and harder to sustain that panicked "The sky will fall in the next few minutes if I don't do the latest security thing right now!" mentality. Induction says to me "I've never sandboxed everything before and nothing bad ever happened, why would that suddenly change now?"

If I was running a server or something, sure, I'd take security seriously. But I'm not, I'm just a guy with a computer.

Sorry this is very late, but worth responding to.

That's just missing the point.

I rode a motorcycle for years and never needed my helmet. I was still glad to wear one, and would now if I ever went back to it. Induction didn't mean riders don't have a need for helmets.

View this comment - View article - View full comments

Quoting: Kithop

Quoting: mattaraxiaYou have a need to snadbox *everything* already. I'm blown away this mindset exists.

Ah yes, I'm going to sandbox 'ls' from the filesystem, and then explicitly fiddle to punch holes in to make it useful again...

Facetious and hyperbolic, yes, but let's not get into absolutes here. Sandboxing is great when you want it, but it's most definitely not for *everything*. There is a time and place for it, and I believe there are distros that lean on it extensively. It's great tech, but also *incredibly frustrating* as a user if you're not expecting it. All the Wayland xdg-desktop-portal stuff comes to mind - I love Wayland, but it shouldn't take *three separate popups* to allow OBS or Discord to screenshare a particular app, with no option to 'remember my choice forever please'. We're going to end up with Windows UAC level annoyances again, and then people will just turn it off entirely.

Should apps like Steam be sandboxed from accessing anything outside of ~/.steam (or equivalent)? Sure. Should your browser be sandboxed to not access things outside of your Downloads folder? Sounds like a good starting point. But remember, you may want to preview that PDF from your Documents or a thumb drive, or a static HTML page you're working on off a network drive, so it's got to be easy to do so and yes, explain and understand the implications.

If you want to run a Flatpak or Snap, you should understand that yes, you get sandboxing and the double edge that goes with it in terms of 'why can't this app see my files'. Unless your distro is explicitly designed for it, though, I believe it should not replace your native package manager. If I want to switch, let me make the choice to switch, don't start forcing Snaps on me when I call apt and expect a .deb.

Sorry this is so old, but I don't think you're responding to what I said so much as complaining about specific implementations you were already annoyed with.

The point isn't everyone should sandbox everything with existing tech right now, it's that everyone *has a need to* already. I didn't say "I don't understand the mindset of not wanting to use flatpak" the person above specifically said they don't see what problem sandboxing solves, that certainly patching is good enough. That mindset, is fundamentally misinformed. It does not solve the same problems something like flatpak solves. Saying so fundamentally misunderstands the problem.

Similarly, nothing you said addresses the cases I mentioned. That need still exists, for sure, for basically everything anyone runs. Whether or not that means you should run everything in flatpak today, is moving goalposts and missing the point.

View this comment - View article - View full comments

Quoting: KithopUnless you have a need to sandbox something,

You have a need to snadbox *everything* already. I'm blown away this mindset exists.

The purpose of sandboxing is zero days. The whole point is you don't know about them until there's a problem.

For example, there was a nasty bug in steam shortly after launch that could essentially rm -rf / and destroy everything the user had access to. It should be sandboxed. There was a really nasty exploit in Zoom allowing for RCE. It should be sandboxed. There was even a really nasty RCE vulnerability in the library most desktops use to thumbnail common files. Just downloading it and executing nothing could run arbitrary code.

*nothing* is immune. Sandboxing is categorically good.

Also, flatpak absolutely uses shared libraries. This notion that you have to hope every single app updates is fundamentally wrong. The runtimes can also be provided by the distro, like on Fedora, especially Silverblue.

These things need to be embraced. They are the best Linux Desktop security improvements we've had in . . . well maybe ever.

View this comment - View article - View full comments

Quoting: ArehandoroCan the original Steam be upgraded with this new OLED? Can the new battery be installed on the original?

If the answer to both is no, even if by sending to Valve in case they don’t provide the parts to other vendors, I’m rather unhappy with this. Too early for a revision.

Edit: I just saw the HDR screen doesn’t fit in the old one.

I really don't get this reasoning, essentially being mad someone gets something newer.

It's basically been two years. An eternity for devices like this. I'd be mad if they *didn't* switch to using more power efficient chips at least, it's a good thing.

View this comment - View article - View full comments

This talk feels like the most obvious thing in the world that should go without saying, and a thing that can't be said enough. It is crazy what Valve is accomplishing here, and even crazier how they are doing it. They have been very good Open Source/Linux citizens, they are a great model for other companies to follow.

View this comment - View article - View full comments

Quoting: GuestI don't smurf, and I don't like smurfing, but I think smurfs shouldn't be banned, but rather yeeted to their real ranks instead, as soon as possible. Smurfing isn't cheating after all.

I think that's literally the goal here.

They are making a big deal out of focusing in on the main account, presumably it will tell them why they're being penalized, not just quietly adjust their scores, the end goal being to force them to just use one account like more honest players are doing.

View this comment - View article - View full comments

Quoting: StoneColdSpiderI wonder how many times April O'Neil will be kidnapped in this game????.......

Wrong decade. She kick punches with the rest of them now. (And is actually really fun to play.)

View this comment - View article - View full comments

Quoting: Eike

Quoting: ZlopezIt's also good to see that Flatpak Steam is so widely used. :-)

Why? The reason for Flatpak that I'm aware of is getting newer software, but Steam is updating itself...

I think that's maybe a common reason desktop users use flatpak, but it's not *the reason for flatpak.*

flatpak is meant to solve several problems that have existed for decades. Packages only need to be made once to run (hopefully very) well on many distros, and they have security features baked right in.

If anything I'd say *the* reason for flatpak is making it easy for companies like Valve to target as many users as possible, while the biggest advantage to those users is sandboxing by default. It only happened once, but years ago there was this *nasty* bug where I believe restoring a backup in Steam would remove a users entire home folder. That bug wouldn't have been a very big deal for flatpak users. Same go for major exploits in games, Dota was basically distributing a remote shell for a while last year.

View this comment - View article - View full comments

Quoting: TcheyI miss the time of the eeePC from Asus, back in 2008 i think. Linux native, light, cheap (less than 400€), "real" computer (opposed to tablet with tactile stuff, or worst, smartphone), they were perfect for real nomad use, office, internet, 2D games or many small indie or roguelike, etc. And durable, i still boot mine from time to time when i’m on the move.

I had a eeePC 901, played Cataclysm Dark Days Ahead, X@COM, TOME4... My current eeePC is unknown (nothing written on it, i think it’s 1201 but not sure), and rarely opened, but sometimes, a couple of weeks a year, i’d say, it’s usefull.

That time is still here, better than ever.

Many Chromebooks can run regular Linux distros very well. My 2017 Pixelbook is still my favorite laptop of all time, runs Fedora great, is all those things you described, can be had cheap.

View this comment - View article - View full comments

Quoting: Klaas

It will take around an hour to build the shaders on the main menu

Wow.

with many people on Windows reporting problematic performance and constant crashes.

When was the last big release where everything worked on release? You spend more money and are rewarded with a miserable experience.

Edit: According to several reviews the German version features a wrong translation for building shaders, i.e. in the sense of house shaders.

Resident Evil 4? Is it perfect? Probably not but why is that the bar? It's very similar to the Last of Us, many people are no doubt choosing between the two, and its reviews are overwhelmingly positive a week after release, very few technical complaints.

Relative to its peers, this seems exceptionally bad, Exceptions are newsworthy.

View this comment - View article - View full comments