mudle

joined 9 months ago
MODERATOR OF
[–] mudle@lemmy.ml 9 points 2 weeks ago (2 children)

Flatpak's security and sandbox has gotten much better in recent years. I've been using Steam via Flatpak for a while now and haven't run into any issues yet, other than not being able to make desktop shortcuts of my games.

I use Flatseal (another Flatpak application) to further restrict my Flatpak's permissions) The default Flatpak permissions for Steam aren't bad IMO (at least when compared to other Flatpaks) but you can tweak it to your liking using Flatseal.

If you want to take it a step further, I would recommend using Goldberg's Steam Emulator, which is FOSS, and it will allow you to bypass Steamworks DRM (which is Valve's very weak DRM) for games which solely use Steamworks DRM.

I find that the overwhelming majority of my games just use the Steamworks DRM if any, but YMMV. Using Goldberg's Steam Emulator is also a good way of preserving your library if, in the unfortunate case, Valve decides to remove a title from your library for whatever stupid licensing reason they come up with.

After freeing your games using Goldberg's Steam Emulator you then could use the Flatpak of Lutris and disable network access for Lutris/further restrict permissions it has to the rest of your system using Flatseal.

[–] mudle@lemmy.ml 3 points 3 weeks ago* (last edited 3 weeks ago)

If I don’t alt-tab the game doesn’t break.

It's likely the 560 driver on Wayland being the culprit here. Specifically resizing XWayland windows. You could try running nvidia-smi in a terminal and see what specifically is causing this VRAM spike.

Reports of excessive VRAM usage with the 560 driver on Wayland. See this for a potential fix. Hope it helps

[–] mudle@lemmy.ml 2 points 3 months ago

But if it is true, it may be more sensible to make an API so software with specific permissions could access information needed to effectively function as antivirus, without being run in kernel mode.

I've come to this conclusion as well. I believe Apple has similar functionality with their "kernel-extensions", I believe it's called.

[–] mudle@lemmy.ml 4 points 3 months ago (1 children)

I completely forgot about AI Anti-Cheat, lol. But yes, this is another form of Ant-Cheat that seems to be very effective. (Although I don't much like the idea)

[–] mudle@lemmy.ml 4 points 3 months ago (3 children)

You have a point, but if Microsoft completely locks down the kernel, preventing any third party software/driver from running at the kernel-level, Anti-Cheat developers will have to find a new way to implement Anti-Cheat. This may open up the possibility of some newer form of Anti-Cheat being user-space; or at the very least NOT ring 0, which in-turn may open up the possibility of this new form of Anti-Cheat working underneath Linux.

Or maybe we're all still screwed because this new form of Anti-Cheat will perform on a basis that trusts that there is no third party access to the Windows kernel because of how restricted it is, therefore nullifying the need to be ring 0, but it still might not work under Linux due to the freedom/access users have to the kernel.

But then again, in order to implement any third party driver into the Windows kernel, it has to be signed and/or approved by Microsoft first (IIRC). But cheaters get around this through various means. So maybe nothing changes; but if Microsoft DOES restrict kerne-level access, this leads me to think that Anti-Cheat will have to change in some form or another, which may lead to it working on Linux.

TBH, The only way(s) I see Anti-Cheat moving forward at all, is:

  • Hardware level Anti-Cheat (similar to a DMA card. Maybe it requires a certain type firmware that is universally used across all/most major video game companies)

  • Some form of emulated environment. Maybe like a specific kernel that is used for each game.
[–] mudle@lemmy.ml 1 points 3 months ago* (last edited 3 months ago)

Why do certain security software require access to the kernel? To keep malware from getting to the kernel or something?

Security software doesn't necessarily NEED access to the kernel, but kernel-level access provides the maximum amount of access and visibility to the rest of the system. The only thing higher then kernel-level is hardware-level.

In the case of CrowdStrike, kernel-level access provides their software to have the highest privileges which yields in the most effective defense against malware (in theory). However third-party, kernel-level access is never a good idea. Software that has kernel-level access can be, and has been, exploited before. In the case of CrowdStrike, it was a faulty update that screwed over Windows systems. The more access you have in a system, the more you screw it over when something fails.

Doesn’t restricting access to the kernel offer more security?

Yes! You are correct. If implemented correctly of course, restricted access to the kernel provides a higher amount of security.

Wouldn’t malware also be unable to access the kernel?

In theory, the more restricted the kernel is, the more difficult it is for malware to access the kernel.

Kernel is what connects software and hardware, correct?

Yes. A function of the kernel is providing a way for software and hardware to communicate with each other.

 

CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006 but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.

Now, it looks like Microsoft wants to reopen the conversations around restricting kernel-level access inside Windows.

[–] mudle@lemmy.ml 9 points 3 months ago* (last edited 3 months ago)

In the meantime you can use this. Feel free to ask if you need further help.

Edit: I found this guide. Hope it helps!

[–] mudle@lemmy.ml 5 points 3 months ago* (last edited 3 months ago)

Excluding hardware (microcode, UEFI, etc); within my Linux system, the only proprietary software I have installed are Nvidia drivers and Steam (installed via flatpak). When I first made the switch to Linux, I was actually shocked at the minimal amount of proprietary software I actually used/needed.

[–] mudle@lemmy.ml 3 points 3 months ago

I was initially going to post just the changelog itself, but included in the changelog are other older fixes before July 22nd. Even though the fixes present on July 22nd are bolded, I decided to use the blog post because it only highlights the fixes for July 22nd. I didn't think of this previously, but I could have just posted the changelog, and specifically noted the July 22nd fixes 😅

 

More information available on NVIDIA.com

 

We’re now at a point where transitioning fully to the open-source GPU kernel modules is the right move, and we’re making that change in the upcoming R560 driver release.

 

Back in June the developers of Fishards put out a bit of an ultimatum: fight them in-game and win to make the game open source, or they will nuke the game from orbit.

Thankfully, the community came together, and won. So now Fishards has been made open source, and it's still free to play on Steam too.

 

Yesterday, July 1st, they announced the Alpha release of this next-generation mod manager and their new Product Manager got in touch to mention they "would be really keen to get feedback from Linux users". So this is your chance to ensure Linux (and Steam Deck) finally become a first-class citizen for game modding.

[–] mudle@lemmy.ml -1 points 4 months ago (1 children)

https://www.gamingonlinux.com/ is a wealth of information, of which, I am not willing to let go, as it is a resource of current news that is very relevant to this "Linux Gaming" sub. So no; I will not stop linking https://www.gamingonlinux.com/ to this sub just because you got butt hurt.

[–] mudle@lemmy.ml 21 points 4 months ago

RIP our wallets 😓

96
Steam Summer Sale 2024 is live now (www.gamingonlinux.com)
submitted 4 months ago* (last edited 4 months ago) by mudle@lemmy.ml to c/linux_gaming@lemmy.ml
 

Locked the post due to many, many off-topic comments

 

The time is finally here. The next big stable update to the NVIDIA proprietary driver for Linux with version 555.58 bringing Wayland Explicit Sync.

Following on from the initial NVIDIA 555.42.02 Beta and the 555.52.04 Beta, NVIDIA noted some rather vague "Minor bug fixes and improvements" since the last Beta. With this release, you should be truly good to go with Wayland on NVIDIA GPUs now.

view more: next ›