Je ne compte plus depuis combien d'années j'ai utilisé Debian + MATE en daily driver. J'en ai toujours été satisfait, mais j'avais aussi envie depuis plusieurs mois d'essayer KDE et surtout de me frotter à SELinux.
Certes il est possible d'installer SELinux sur Debian, mais les policies de base ne sont pas suffisantes car tout crash en mode Enforcing. Il est possible d'y remédier avec quelques commandes audit2allow mais on ne sait pas vraiment ce qu'on autorise et surtout on se retrouve bloqué quand on se frotte à podman.
J'ai donc décidé de réinstaller mon laptop principal sous un système d'exploitation de la Red Hat family !
Mon bureau sous AlmaLinux 9 KDE en 1280x720 pour le screenshot.
For some reasons I use syncthing inside a container with a volume that is located in my home directory. While it's designed to run on Docker, it also works fine with podman which is rootless.
Until SELinux kicks in.
In this post I will try to explained how I managed to make syncthing work inside a podman container on a host where SELinux is present and enforced.
Major warning: I'm not an SELinux expert, and I noticed that policies generated by udica are quite permissive. This is a quick & dirty & easy solution for those who don't want to turn off SELinux.
AlmaLinux provides some "Live" images with various desktop environments. I installed the KDE "spin" and found out that there is a crap load of useless / unwanted packages. Here are my notes to disable them.
You may want to keep sssd and oddjob if your workstation has membership to an Active Directory. You may also want to keep plasma-discover if you want a GUI to search for packages and have software updates notifications.
Softwares that can be a security issue on a workstation (they may listen for connections or allow unwanted remote access):
It's a shame that AlmaLinux and RockyLinux do not provide a "minimal" KDE Live image, or a clear documentation to install a minimal set of packages. Let's hope that KDE gets more attention from Red Hat for the next major release!
I've been using NVIDIA Broadcast for years, a magic tool that helps me to record my voice by removing static / white / ambient noise and even nullifying the reverberation in my room. This software requires of course Microsoft Windows AND an NVIDIA card.
The result was quite impressive but I needed an alternative since I don't use Windows any longer neither an NVIDIA card. That's when I found out rnnoise which is a free software compatible with Linux.
Note: I will explaine how use rnnoise to convert a raw or wav file. I don't know how to use it to filter out audio on a live stream. I assume it's possible since rnnoise is a library that can be used as a plugin for obs-studio or pipewire but I just didn't try that part.
Attention, cet article purement subjectif sera agrémenté d'une touche de "c'était mieux avant".
Mon profil : bientôt quarantenaire, j'ai commencé le gaming dans les années 90 sous DOS, j'ai connu la transition de la 2D vers la 3D, les LAN party, l'avènement du dématérialisé, la disparition des supports physiques. Je suis un pur gamer solo et le multijoueurs en ligne ne m'intéresse pas du tout. Autant dire qu'en 2024 je fais partie de la minorité de joueurs qui ne rapporte pas d'argent aux éditeurs.
