Linux The GNU Linux Thread

Do you use GNU Linux distro in your personal PC or laptop?


  • Total voters
    36
Linux Graphics Developer (Karol Herbs) managed to run games on the FOSS, NVK (NVIDIA Vulkan Driver) driver.
7960e9093c7ad565.png

performance is terrible, but that's hopefully resolved with the GSP work which is still ongoing :)
 
The Wine team is proud to announce that the stable release Wine 8.0
is now available.

What's new in Wine 8.0
======================

*** PE modules

- After 4 years of work, the PE conversion is finally complete: all modules can
be built in PE format. This is an important milestone on the road to supporting
various features such as copy protection, 32-bit applications on 64-bit hosts,
Windows debuggers, x86 applications on ARM, etc.
However, some modules still perform direct calls between the PE and the Unix
part, instead of going through the NT system call interface. The remaining
direct calls will be removed during the Wine 8.x development phase.

- A special syscall dispatcher is used for PE -> Unix transitions, to avoid the
overhead of a full NT system call. This minimizes the performance impact of the
new architecture, in particular for the OpenGL and Vulkan libraries.

- Building mixed Windows/Unix libraries in ELF format (.dll.so libraries) is
still supported for use in Winelib applications. However, such applications
won't support features enabled by the NT syscall interface, such as WoW64
without 32-bit libraries.


*** WoW64

- WoW64 thunks are implemented for essentially all Unix libraries, enabling a
32-bit PE module to call a 64-bit Unix library. Once the remaining direct
PE/Unix calls have been removed, this will make it fully possible to run
32-bit Windows applications without any 32-bit Unix library.

- When the 32-bit Wine loader isn't found, 32-bit applications are started in
the new experimental "Windows-like" WoW64 mode (where 32-bit code runs inside
a 64-bit host process). This mode can be enabled by building with the
'--enable-archs' configure option. This is still under development and not yet
recommended for general use. Since in case of configuration errors it is
possible for it to be triggered inadvertently, applications started in this
mode print the warning "starting in experimental wow64 mode".

Full release notes at, https://www.winehq.org/announce/8.0.
 
I am using Linux Mint XFCE used as jump host to access local servers via wireguard. I have tried setting up 2FA for xRDP but it was not working, also didnt find any guide for it.
Does anyone have similar setup for xRDP, please help with configuration.
 
A very nice thing i forgot about: You don't need vpn or other browsers with vpn to browse torr.." ahem" sites on linux. If your distribution uses resolved.conf and systemd, you can change some settings in that file to enable DoH, DoT, DNNSSEC etc.

just edit that file in your favourite editor and change settings to the ones in bold.
sudo nano /etc/systemd/resolved.conf [Resolve] # Some examples of DNS servers which may be used for DNS= and FallbackDNS=: # Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com # Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google # Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net [B]DNS=9.9.9.9#dns.quad.net 2620:fe::fe#dns.quad9.net FallbackDNS=149.112.112.112#dns.quad9.net 2620:fe::9#dns.quad9.net[/B] #Domains= [B]DNSSEC=yes DNSOverTLS=yes[/B] #MulticastDNS=no #LLMNR=no [B]Cache=no-negative[/B] #CacheFromLocalhost=no #DNSStubListener=yes #DNSStubListenerExtra= #ReadEtcHosts=yes #ResolveUnicastSingleLabel=no

After you do this restart the service using -
sudo systemctl restart systemd-resolved.service

Then type "resolvectl status" in terminal to see if DNSSEC s supported
[redacted]:~$ resolvectl status Global Protocols: -LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported resolv.conf mode: stub Current DNS Server: 2620:fe::fe#dns.quad9.net DNS Servers: 9.9.9.9#dns.quad.net 2620:fe::fe#dns.quad9.net Fallback DNS Servers: 149.112.112.112#dns.quad9.net 2620:fe::9#dns.quad9.net Link 2 (wlp1s0) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported Current DNS Server: 2409:40c2:0:f827::d9 DNS Servers: 192.168.127.215 2409:40c2:0:f827::d9 Link 3 (virbr0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported [redacted]:~$

Now you can open any site like nyaa nyaa etc.
 
A very nice thing i forgot about: You don't need vpn or other browsers with vpn to browse torr.." ahem" sites on linux. If your distribution uses resolved.conf and systemd, you can change some settings in that file to enable DoH, DoT, DNNSSEC etc.

just edit that file in your favourite editor and change settings to the ones in bold.
sudo nano /etc/systemd/resolved.conf [Resolve] # Some examples of DNS servers which may be used for DNS= and FallbackDNS=: # Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com # Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google # Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net [B]DNS=9.9.9.9#dns.quad.net 2620:fe::fe#dns.quad9.net FallbackDNS=149.112.112.112#dns.quad9.net 2620:fe::9#dns.quad9.net[/B] #Domains= [B]DNSSEC=yes DNSOverTLS=yes[/B] #MulticastDNS=no #LLMNR=no [B]Cache=no-negative[/B] #CacheFromLocalhost=no #DNSStubListener=yes #DNSStubListenerExtra= #ReadEtcHosts=yes #ResolveUnicastSingleLabel=no

After you do this restart the service using -
sudo systemctl restart systemd-resolved.service

Then type "resolvectl status" in terminal to see if DNSSEC s supported
[redacted]:~$ resolvectl status Global Protocols: -LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported resolv.conf mode: stub Current DNS Server: 2620:fe::fe#dns.quad9.net DNS Servers: 9.9.9.9#dns.quad.net 2620:fe::fe#dns.quad9.net Fallback DNS Servers: 149.112.112.112#dns.quad9.net 2620:fe::9#dns.quad9.net Link 2 (wlp1s0) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported Current DNS Server: 2409:40c2:0:f827::d9 DNS Servers: 192.168.127.215 2409:40c2:0:f827::d9 Link 3 (virbr0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported [redacted]:~$

Now you can open any site like nyaa nyaa etc.
This is just doing DNS resolution. At the end of the day, your ISP is going to know what IP you're requesting. If your ISP has blacklisted that IP itself, this is not going to work right? This will only work if the ISP is only blacklisting based on domains on their DNS Servers.
 
This is just doing DNS resolution. At the end of the day, your ISP is going to know what IP you're requesting. If your ISP has blacklisted that IP itself, this is not going to work right? This will only work if the ISP is only blacklisting based on domains on their DNS Servers.
Why would I share it if it didn't work? This makes all the dns requests go encrypted to quad9 servers. To the ISP, they only see that your traffic is going to quad9. They don't know what website addresses your computer is asking for. Your torrent requests to other users go through quad9 once and then directly through the system cache so you are not sending too much requests to quad9.
 
Why would I share it if it didn't work? This makes all the dns requests go encrypted to quad9 servers. To the ISP, they only see that your traffic is going to quad9. They don't know what website addresses your computer is asking for. Your torrent requests to other users go through quad9 once and then directly through the system cache so you are not sending too much requests to quad9.
I don't understand what you're saying. DNS resolution is only to find the IP through the web address. Eventually you have to request that IP through your ISP. There is no way for you to bypass your ISP for actually fetching the website (except VPN of course).

If you query the DNS for techenclave.com and you get a response saying the IP address is 13.235.72.147, you then have to send a get request over https to this address which will go through your ISP. If your ISP, for some reason, has blacklisted this IP, then resolving your DNS using some other method is not going to make any difference.
 
This is just doing DNS resolution. At the end of the day, your ISP is going to know what IP you're requesting. If your ISP has blacklisted that IP itself, this is not going to work right? This will only work if the ISP is only blacklisting based on domains on their DNS Servers.
Think the key here is DoT - DNSOverTLS.
 
As he said, DNS is only used to map the text name to the address. Its like if i ask what is 6packs address and DNS server then replies with address.
So this is not encrypted, anyone on local network too can listen to it. Encrypting dns requests will help there. Also if ISP dns server is blocking some addresses, using custom dns server can override it.

But once you have address, you still need to send requests to that address and get webpage/file/file part etc. This request goes through ISP and they can atleast see the target ip. To avoid that people use VPN which will then send all requests from your pc to VPN server and server will then connect to target address.

So DNS encryption does not hide everything, only your DNS requests.


how-route-53-routes-traffic.8d313c7da075c3c7303aaef32e89b5d0b7885e7c.png
 
Last edited:
Eventually you have to request that IP through your ISP. There is no way for you to bypass your ISP for actually fetching the website (except VPN of course).
no need to use isp for dns. 1.1.1.1 is cloudflare dns for example. setting it up in your router will not use isp for name resolution.
 
no need to use isp for dns. 1.1.1.1 is cloudflare dns for example. setting it up in your router will not use isp for name resolution.
Did you read the full paragraph? DNS resolution only tells you the IP, your actual request to get the webpage will always go through the ISP, DNS server will not deliver the web pages to you.
 
... But once you have address, you still need to send requests to that address and get webpage/file/file part etc. This request goes through ISP and they can atleast see the target ip. To avoid that people use VPN which will then send all requests from your pc to VPN server and server will then connect to target address.

So DNS encryption does not hide everything, only your DNS requests. ...
VPN definitely has its uses. Still, as far as web pages go, does not HTTPS encrypt all requests/responses, including headers?

As I understand, with DoT and HTTPS you get near-total encryption while browsing web pages (both the domain resolution and fetching web content) - at least with websites that use TLS/SSL. Not really a security expert and I could be wrong here, though.
 
VPN definitely has its uses. Still, as far as web pages go, does not HTTPS encrypt all requests/responses, including headers?

As I understand, with DoT and HTTPS you get near-total encryption while browsing web pages (both the domain resolution and fetching web content) - at least with websites that use TLS/SSL. Not really a security expert and I could be wrong here, though.
I am no expert either, but anyway target ip address will still be visible if not using VPN, obviously. So if ip is blocked by ISP, then you will need VPN or proxy.
 
As I understand, with DoT and HTTPS you get near-total encryption while browsing web pages (both the domain resolution and fetching web content) - at least with websites that use TLS/SSL. Not really a security expert and I could be wrong here, though.
You can put a letter in a sealed envelope to hide it's content, but you cannot obfuscate the address. The postman won't know where to deliver the packet. The only way to do that would be to get a PO box, which would be the equivalent of a VPN here.
 
Back
Top