Comment by sandreas
5 days ago
Long time Linux Desktop user here. I really think Linux is a great choice as a Desktop in days of liquid glass and webviews. There are a lot of choices to make, but in the end it is working out really well (at least for me). KDE and the new COSMIC desktop environment with tiling support are tempting, but for now I keep using GNOME until I have more time to check them out.
The things I personally had problems with is BTRFS and printers. BTRFS was completely irrecoverable after a system crash, full story see here [1]. Since I've read a lot of these horror stories while doing some research after the crash, I would encourage everyone using it to be careful and backup your system on a daily basis. I switched to ZFS with ZFSBootMenu[2] and never looked back.
Printer-wise, I have a Canon network printer / scanner which seems to use a strange proprietary protocol. On Fedora everything worked fine while on Arch I did not find a way to get this thing working (I tried hard with different options like driverless, gutenprint, cupsd etc.) - printing also seems to be a bit of a security nightmare when changing firewall settings is mandatory.
Everything else is working absolutely stunning.
1: https://forum.cgsecurity.org/phpBB3/viewtopic.php?t=13013
Quick note on #2 - there aren't really any issues with storing your encryption root passphrase in a file. If the file is owned by root, with no read permissions for any account, only root can access it. Since it's stored on an encrypted dataset, and your initramfs is as well, it's unreadable when the machine is off. Lastly, if anybody _does_ have a root shell on your machine, they can change the encryption passphrase without needing to know the current value.
In short, I'm not sure there are any real issues with having it on disk but unreadable by anybody but root.
In general I agree with you but there is one difference - a sneaky user with physical access can read it and _not_ change it, vs changing it. The latter is more detectable. But this is minor.
Yeah. Unfortunately, ZFS encryption is missing a few creature comforts of something like LUKS. I've stuck with native OpenZFS mechanisms, though, to keep the complexity sprawl to a minimum.
Absolutely - I know that but thanks for pointing that out again. There is no real "use case" for NOT storing the key into a root owned file. However, as I don't do it for myself there is no way of accidentally deleting the file, copying it quickly from my system to another drive when I accidentally left a root shell open and went to the restrooms (that never happens;) and the one single place I store the key (my head) is pretty much unreadable for everyone except me (at least for now :-) Being paranoid doesn't mean they are not after you :p
Since I reboot my notebook only about once in a month it is no real hassle to enter the key twice 12 times a year :-)
I've run BTRFS on my server (and external drive backups) for over 10 years without issues. I would use BTRFS on my main rig, but Steam (or perhaps Proton in particular) doesn't like it, so Ext4 there.
I’m running BTRFS now on a Cachy install and Steam/Proton seems fine - when did you last try?
About a year ago. Games simply refused to run, and some cursory searching suggested it was because my filesystems were BTRFS and advised using EXT4 instead. That worked for me.