Please, don’t recommend Ubuntu. It actively gets in your way, even as a new user. Something like https://distrochooser.de/ could help OP figure out what distro works best for them.

Unless a proper secure boot + FDE setup is in place.

Since the EFI partition is unencrypted, physical access would do the trick here too, even with every firmware/software security measure.

It’s used often by novices, because outdated articles keep telling them it’s “the best Linux distro”. Canonical has gotten very corporate over the last several years, forcing things like snap onto users. Ubuntu used to be the number one user friendly distro, now they shove ads in the terminal. It’s not getting hate for being easy to use, it’s getting hate for marketing itself as such, then forcing corporate bs on the user (who are often new to Linux). Many other user-friendly distros have not seen the same amount of hate, because they aren’t objectively bad.

I recommend against using Manjaro, it is poorly maintained and has many downsides compared to something like EndeavourOS (which has a similar goal to manjaro with less downsides).

If you’re comfortable using a specific package manager, go with a distro that uses that package manager. If you’re already familiar with Mint, something else Debian based might suit your needs.

If you’re still looking for the distro that’s right for you, make sure to separate your / and /home into different partitions during your next installation. This allows you to switch distros while keeping all your documents and personal files.

If you’re unsure which distro to try next, https://distrochooser.de/ gives you a set of questions and ranks distros on what would fit best to your needs.

Most malware is written for Windows, especially when it’s distributed as a Windows executable. (Almost) no Windows malware targets Wine specifically. However, Wine on its own is not a sandboxing tool, and Windows ransomware will ruin your day.

Bottles does two things for security:

1. Separate wineprefixes
2. Being a flatpak

By separating wineprefixes, as long as the host filesystem is not directly exposed (which iirc is default for bottles), any malware not written with Wine in mind will only affect its own “bottle”.

By being a flatpak, even if some Windows malware specifically targets Wine, it would still have to escape the flatpak sandbox for elevated permissions. If the bottles flatpak has no access to personal files, “Wine-aware” malware won’t either.

Although malware can still do damage, even in its own sandbox. For example, botnet type malware would still function. The host system is “safe”, but the damage can still be done externally. Usually application-defined “autostarting” of applications is broken under Wine (iirc), which means all non “Wine-aware” malware will only start when an infected windows application is started in bottles.

Any sandbox will eventually be escaped, and malware sophisticated enough will be able to get access to everything on the host system. The chances of running into malware like this in the wild are extremely small.

• Is it fully secure? No.
• Is your virtual Windows environment safe? No.
• Are other “bottles” safe? Likely, as long as the malware isn’t aware of Wine.
• Is your Linux host safe? Most likely, depending on your flatpak settings. (and the malware has to specifically target Wine under Flatpak).

And the reason you mentioned Ubuntu is “finicky” was explained above. It is not a good “just works” distro, there’s much better options than Ubuntu.

It used to be (one of) the best “just works” distros, but is somehow one of the worst now. Outdated blogposts still recommend it, and Canonical still calls themselves the “most used” desktop distro. The alternatives are just better.

This isn’t about “making the game work”, or “adding Linux support”. This is about toggling a checkbox to stop explicitly preventing Linux from working.

The games that already did never faced a massive cheater problem because of it. The games that have stopped development long ago or “don’t care about Linux” (without preventing it with anti cheat) were still made playable by Wine and Proton.

If the developer wants, they can add system info to their ticket system and filter out any Linux tickets. It costs a game developer barely anything to decide to allow Linux users. Linux support costs a lot, but valve, wine, and the community has been putting a lot of effort in so game developers don’t have to change anything about their game.

I did buy an index and I wouldn’t be able to go back to full “inside-out” camera tracking. Just doesn’t work for some games.

This is a very rushed update. SteamVR on Windows will be lacking some features a lot of people got used to, but it runs. (Main one I ran into so far is screenshot management, but a lot of the big picture mode UI is not accessible due to a controller being required to push buttons)

SteamVR on Linux however, is a complete mess. It was also a mess on SteamVR 1.x, but 2.0 broke so many things. Launching any of the included apps such as room setup, changing settings, taking screenshots. I really hope they add the last 1.x version as an update branch for compatibility reasons, 2.0 is simply not ready on Linux.

Also, good luck everyone on the keyboard. It’s supposed to have support for using multiple controllers, but it has been dropping and duplicating keypresses for me.

Some programs may use libraries or tools specific to a distributions package manager. For example, yay, an AUR helper/pacman wrapper. You would have a very hard time getting it to work on Debian.

Other programs might only include build scripts for a distro specific build system. For example, a program might skip using a Makefile, and do everything in the Arch-specific PKGBUILD.

Generally though, most software uses a standard cross-distro (or even OS) build system. In this case, compiling from source would be an option on any distro. The program might still only be packaged for Arch/NixOS/Gentoo (or others), as it is a very simple process to do so.

The times I calculated were indeed going over every possible combination, it would take half as long to crack a password on average. Considering reducing the time to 1/1000000 still leaves you with an incomprehensibly large estimated timespan, dividing that by 2 doesn’t do that much for making it brute-forceable.

I did note it was specifically for 8 emojis, not 8 characters or bytes.

And yes, it’s very impractical and likely to break things. It’s better and much easier to add extra letters, numbers, and symbols to your password rather than using emojis. Using a password manager is even better.

As you stated, a single unicode character would mean your password wouldn’t be included with the potential options in almost all brute forcing tools. Whether you use 8 emojis or 1, your password likely won’t get brute forced.

All of my “emoji password” numbers are if the attacker knows it’s a password containing exactly 8 emojis, and nothing more. Adding a regular symbols+upper+lower+numbers 16 character password would make it even more impossible to brute force.

For somewhat more realistic numbers:

According to minerstat.com, an NVidia RTX 4090 has a hashrate of 118.07MH/s. This is 118.07 Megahashes per second, or 118.070.000 hashes per second. For a password with only 8 lowercase letters (208.827.064.576 combinations), it would take an RTX 4090 approximately 1769 seconds (or ~30 minutes) to go through all possible combinations. For an 8 character upper+lower+numbers password (218340105584896 combinations) it would take 1849243 seconds, or 21.4 days.

For an 8 emoji password (32482071647592311234920185856 combinations), it would take 275.108.593.610.504.896.512 seconds, or 8.723.636.276.335 years.

Lets say a magic prediction algorithm reduces the number of possible combinations in each password to 1 out of every 1 million previously possible combinations. 8 lowercase letters would be cracked instantly, while an 8 emoji password would still take 8.723.636 years.

NordPass is completely incorrect on the "it makes a password easier to “crack” thing.

I absolutely don’t recommend using emojis in your password, as it is far too easy to get locked out. However, a password containing an emoji is significantly harder to crack.

Hashing is a process used to calculate a large number based on some input data. If the input is the same, the output is the same. If the input differs just slightly, the output is completely different. This process is mathematically irreversible. Since this (and other techniques) is often used for passwords, to “crack”/bruteforce a password, the attacker has to go through every possible combination of input data, calculate the hash, and check if the hash is the same as the password hash.

To make the process of bruteforcing a hash quicker, an attacker often makes assumptions about the input data. If they know a password contains 8 characters, and only lowercase letters, this massively narrows down the amount of passwords that need to be hashed and checked. If they know the password contains someones birth year, that too reduces the time to bruteforce a password.

The more possible characters you have per position in your password, the longer it will take to bruteforce. An 8 character password with just lowercase letters has 208.827.064.576 possible combinations. This sounds like a lot, but it’s often bruteforced rather quickly. Adding uppercase letters and numbers to that, we’re already at 218.340.105.584.896 possible combinations. That’s ~1000x more combinations, and that’s for 8 characters. It’s the difference between bruteforcing taking a day, and taking 1000 days. (Do note an 8 characters lowercase password probably only takes like a few seconds to minutes, not a full day.)

According to https://emojipedia.org/stats there are 3664 different emojis. Lets say we create an 8 emoji password. (some emojis aren’t one character internally, the same principle still applies.) Just 8 completely randomly chosen emojis. That password would have 32.482.071.647.592.311.234.920.185.856 different possible combinations. That is about 148.768.232.755.857 times more combinations than an 8 character uppercase+lowercase+numbers password. That is the difference between bruteforcing taking a day or taking 407584199331 years.

The same things as non-emoji passwords still apply, you can make assumptions about which emojis are used. People aren’t entirely random, so chances are higher they used some of the more common emojis. However, that is similar to prioritizing the letter “e” because it is more common. Yes, it’ll probably reduce the time taken to bruteforce a bunch of passwords, but it’s not set in stone that every password will even contain the letter “e”.

Again, due to the potential of breaking things, locking yourself out, etc. I DO NOT recommend using emojis. Use a password manager with longer passwords.

However, including an emoji in your password makes it significantly more difficult to bruteforce. As the assumption that the characters in your password are letters, numbers, and symbols no longer holds, which drastically increases the possible number of combinations.

You want a magic Discord speedboost? It’s called OpenAsar. Mitigates telemetry, and speeds the client up to usable levels, especially on lower end hardware.

Currently on Phosh on postamarketOS. Would’ve loved to use Plasma mobile but it is very unstable.

Although Unity and Epic are not related (other than both being companies that make a game engine), and Epic is not related to these Unity pricing changes, Epic has still done a lot of things “wrong”. Especially for gaming on Linux. A lot of games that are currently unplayable under Linux is due to kernel-level (rootkit) anti-cheats. Being the creators of EAC, Epic has actively been harming the compatibility of games on Linux. Developers “can enable Proton support”, but even Epic themselves in many of their own titles don’t enable this.

They haven’t pissed off the larger gaming industry to the point where everybody is moving off their platform/products, but they are still a greedy corporation. Remember the whole exclusives thing on the epic games store?

Depending on the application you used to alert you of the AirTag, it’s possible that your phone did not send location data back to Apple.

Apple can track AirTags, because iPhones are programmed to listen for them over Bluetooth Low Energy, and send the ID of the AirTag and location data of the device to Apple.

If your Android phone has an application to listen for BLE devices in the background, keeping track (locally) of which devices it saw in what locations, that application can tell you if you’re travelling with an AirTag (or similar device). It might even be able to interact with the AirTag, such as making it beep or reading its ID. If that application doesn’t send your location to Apple, the AirTag was not able to use your phone to make its location known to the owner.

Therefore, to the owner, AirTags are useless unless an iPhone (or other device that sends its location to Apple) is around.

I can personally vouch for how toxic the Discord server and its moderators/admins are. Went there for support (Hyprland was crashing on startup on AMD, sway worked fine), and was told something along the lines of “if you can’t figure this out you’re stupid and you should stop using Linux”. Figured out the issue on my own and stopped using and recommending Hyprland after that.

Crackers often only patch out the DRM to redistribute a pirated copy of a game. If it is a game from a small studio, something like Goldberg is enough to “crack” the game, and it wouldn’t remove any of the Unity telemetry.