mudle
boo
Flatpak’s security and sandbox has gotten much better in recent years. I’ve been using Steam via Flatpak for a while now and haven’t run into any issues yet, other than not being able to make desktop shortcuts of my games.
I use Flatseal (another Flatpak application) to further restrict my Flatpak’s permissions) The default Flatpak permissions for Steam aren’t bad IMO (at least when compared to other Flatpaks) but you can tweak it to your liking using Flatseal.
If you want to take it a step further, I would recommend using Goldberg’s Steam Emulator, which is FOSS, and it will allow you to bypass Steamworks DRM (which is Valve’s very weak DRM) for games which solely use Steamworks DRM.
I find that the overwhelming majority of my games just use the Steamworks DRM if any, but YMMV. Using Goldberg’s Steam Emulator is also a good way of preserving your library if, in the unfortunate case, Valve decides to remove a title from your library for whatever stupid licensing reason they come up with.
After freeing your games using Goldberg’s Steam Emulator you then could use the Flatpak of Lutris and disable network access for Lutris/further restrict permissions it has to the rest of your system using Flatseal.
Why do certain security software require access to the kernel? To keep malware from getting to the kernel or something?
Security software doesn’t necessarily NEED access to the kernel, but kernel-level access provides the maximum amount of access and visibility to the rest of the system. The only thing higher then kernel-level is hardware-level.
In the case of CrowdStrike, kernel-level access provides their software to have the highest privileges which yields in the most effective defense against malware (in theory). However third-party, kernel-level access is never a good idea. Software that has kernel-level access can be, and has been, exploited before. In the case of CrowdStrike, it was a faulty update that screwed over Windows systems. The more access you have in a system, the more you screw it over when something fails.
Doesn’t restricting access to the kernel offer more security?
Yes! You are correct. If implemented correctly of course, restricted access to the kernel provides a higher amount of security.
Wouldn’t malware also be unable to access the kernel?
In theory, the more restricted the kernel is, the more difficult it is for malware to access the kernel.
Kernel is what connects software and hardware, correct?
Yes. A function of the kernel is providing a way for software and hardware to communicate with each other.
RIP our wallets 😓
Undoubtedly
For those curious about the “Memory on Package”; this isn’t soldered on RAM. The RAM is integrated into the CPU package itself. This can be a good thing; improved performance and power efficiency, increased memory bandwidth which allows the CPU to talk to the RAM at insane speeds due to how close the RAM and CPU are to each other . The downside to all of this, is you can’t upgrade the RAM. Intel’s probably gonna pull an Apple, and charge you an insane amount for more RAM. Also, currently they only support memory capacities of 16GB and 32GB.
I’m still in shock how quickly they have progressed.
Since you have Nvidia you’ll want to use the Nvidia proprietary drivers for the best performance. The open source driver for Nvidia (nouveau) is awful when it comes to gaming performance, unfortunately. (Although this will soon be fixed with NVK)
Depending on your distro of choice, you’ll need to figure out whether you want Secure Boot on or not. I believe Windows 10 doesn’t require Secure Boot to be enabled, but I think Windows 11 does. So depending on how frequent you want to be booting into Windows this might be a bit of an annoyance. You can leave Secure Boot disabled and use the Nvidia Proprietary drivers as-is, but if you want to enable Secure Boot you’ll have to sign the Kernel yourself - it’s a pretty straight forward process.
I recommend you try to keep Secure Boot enabled for the added benefit of security and ease of use when dual-booting, but if you don’t want to go through the hassle of signing your own Kernel, then simply leaving Secure Boot disabled when in Linux will suffice.
I recommend against using Ubuntu because of Canonical’s many poor decisions with Ubuntu. I won’t get into it right now, but if you’re comfortable with Ubuntu don’t let me stop you from using it.
In reality, you can use whatever distro you want. One distro isn’t inherently better at gaming then another. It’s a matter of configuration.
TLDR; It started as a young teen who just wanted to get games for free; It continues because companies don’t give two flying hoots about me.
Currently, I pirate because I can’t rightfully give any money to these anti-consumer companies that will only victimize me. I can’t own anything anymore, and this absolutely frustrates me. If I could own the media I purchase, I wouldn’t pirate anymore. (by this I mean I wouldn’t pirate the media I consume. I’d still data hoard because it’s a literal addiction, please help!!)
I don’t pirate games anymore; or better said, I rarely pirate games, and when I do they’re ran in a VM with VFIO because I really don’t like the idea of running arbitrary code on my system; even though we have reputable, vetted, and trustworthy groups. (As a general rule, I don’t trust what I can’t verify.) I buy all my games on Steam for convenience, and I opt to use Goldberg’s Steam Emulator (which is open source!!) to store backups of my games, and this setup works wonderfully! I stay away from games with invasive DRM like Denuvo (I play these in a VM), and I’ve long stopped buying EA and Ubisoft games. The only forms of media I pirate nowadays are movies, and music (and the occasional game).