Sure, but that’s much harder to do undetected. Don’t let perfect be the enemy of good. Secure Boot still prevents against particular types attacks.

I have been using T14s Gen 6 (AMD) for over a year now and it works perfectly

If you have to choose between one, then yes; full disk encryption is superior. But they should ideally be used in tandem.

Without secure boot, you are vulnerable to evil maid attacks. A bad actor can modify your bootloader (which has to remain unencrypted) in a way that allows them to steal your encryption keys. Secure Boot prevents running unsigned bootloaders, which negates this risk.

BLOB already includes “binary”. That’s what the first B is for.

Sorry, couldn’t stop myself.

DXVK was the last (IMO) major key in enabling proper Linux gaming.

Here’s a short interview with the creator of DXVK.

Prior to this Wine was able to run some simple Windows applications, but games (which heavily rely on GPU acceleration) lagged quite a bit behind since DirectX is a Windows exclusive graphics API. Instead, on Linux we have Vulkan which is similarly feature rich, but an open standard. DXVK translates DirectX API calls to Vulkan, which GPUs on Linux can understand, similar to how Wine translates Windows syscalls to the Linux alternatives. Even though Wine existed for a long time, DXVK’s development started quite a bit later.

Entire Linux gaming happened because one guy wanted to play Nier Automata on it. Don’t underestimate some one guys.

Nice. Unfortunately, it does not offer choosing Immich as an image viewer. I guess this is on Immich to fix, though.

Oh, didn’t know Forgejo was ever intended to have federation. That’s so cool!

I’d say go with LineageOS

Welcome to the club! Enjoy the freedom

Where meme

I don’t know much about it but I am all for open-source hardware.

Fortunately, no. I played after a few years.

One of my favorites is Batman: Arkham Knight. It uses Unreal Engine 3 and looks shockingly good despite it. Goes to show how much art direction matters.

I don’t see how systemd is in the wrong here. Curious, what would you change about it?

When I need to create scratch files I usually operate in /tmp. Almost all directories there that I saw were using randomized paths (e.g. UUIDs). I guess this is to prevent problems mentioned in the article. So, I believe this would be a vulnerability of snap, not systemd.

I use Fedora where /tmp is created as tmpfs, which lives in RAM and is cleared when the system is shut down. I wonder what’s the benefit of Ubuntu’s approach.

Do they imply Wayland forces apps to have CSDs? It is only GNOME that does it.

I run it in a rootless Podman container using Quadlets. Instead of opening the server’s ssh port, I only port-forward the container’s ssh port (e.g. 22 -> 2222). I have sign-ups enabled, since I want people to be able to contribute (or just create issues). But I have configured the server so that nobody can create a repository. They can still fork my repos and send a pull request.

I have yet to experiment with Actions. I assume the safest option would be to only enable it for my own commits, but I am not sure.

It doesn’t need to know your age. It just provides a way to take a note of your birth date, only if you want to. The system already has a place to write your name and home address. All are optional and practically nobody uses them.

Systemd isn’t an init system. Systemd-init is an init system and it is a part of the systemd suite.