• 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle
  • shirro@aussie.zonetoLinux@lemmy.mlIs Linux on Android as secure..?
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    9 days ago

    There is no simple answer. Its is almost entirely dependent on implementation. All systems are vulnerable to things like supply chain attacks. We put a lot of trust in phone vendors, telcos and Google.

    If you are going to compare to something like termux you need to compare with an equivalent sandboxed environment on regular linux, like a docker/podman container with appropriate permissions. As far as I know they use the same linux kernel features like cgroups and namespaces under the hood.

    Traditionally Linux desktop apps run with the full permissions of the user and the X window system lets apps spy on each other which is less secure than Android sandboxing by design. There have been attempts to do better (eg flatpak/flatseal, wayland) but they are optional.


  • Having comprehensive unicode language coverage on a free OS is amazing. I wish the font system was smart enough to hide Noto variants in creative apps but leave them available for browsers. There is a workaround to do that but its a huge pain. I wouldn’t delete any files managed by the package system. They will just keep coming back anyway. There are smaller collections of noto fonts in AUR that will satisfy the noto-fonts dependency which should keep KDE Plasma happy. They should be a straight swap if you are comfortable with an AUR dependency for a functioning desktop. The newer one is noto-fonts-main updated this year or there is an older noto-fonts-lite. Not tried either. Usual stuff about backups and taking advice from strangers on the internet.

    Segoe might benefit more from the embedded bitmap or autohint settings than the regular open source fonts I am likely to use. Microsoft would optimise the hell out of it to take advantage of their proprietary, patented font rendering system. I wouldn’t be surprised if it rendered poorly with distro defaults. Its the kind of blind spot a lot of open source devs and packagers could easily have. Its probably packed full of embedded bitmaps for small sizes and proprietary hinting stuff that linux won’t understand.


  • I don’t doubt you. Linux font rendering has been good enough for so long now that its surprising when people say its worse than some other system but I think it is still a reasonably common complaint so there has to be something to it. A lot of distros probably don’t have a very good font selection installed out of the box compared with proprietary systems and I am sure that plays a role.

    My desktop has a 38" ultrawide and the pixel density is a lot lower than your dual 4k monitors so I want to do everything I can for font rendering and your post has got me asking questions. I am in the process of configuring a minimal, low distraction tiling wm setup for a bit of fun (also another nvim conf spring clean). I hadn’t considered changing the font rendering defaults.

    I think I have all the fonts you list installed except for Hack. Inter is also a good one for UI. I don’t use Fira Code anymore for code/terminal but I keep it around. It is a nice code font with ligature support but it didn’t have an Italic variant and I like subtle use of italics in code and docs. Currently using Iosevka for mono but next week it might be something different.


  • This post is fascinating. Most distros have good defaults for font rendering now and I haven’t used hacks like infinality to fix font rendering on Linux for years. That project doesn’t even exist anymore. I would be really interested to know which setting made the difference for OP and why.

    I am writing this on a little HiDPI laptop with over 200dpi and to be honest hinting and sub-pixel rendering are invisible to my eyes on this device. Apple dropped sub-pixel rendering ages ago when all their products moved to retina displays. But its still really useful on low dpi displays and I thought it generally worked well enough out of the box.

    A file almost identical to the local.conf has been posted to forums in the past but back then fontconfig often shipped with outdated defaults. My distro defaults have aliasing, slight hinting and sub-pixel rgb enabled out of the box.

    Arch has these defaults. Bookworm lacks the sub-pixel-rgb (its just a link away) but my guess is Ubuntu derivatives probably include it:

    • 10-hinting-slight.conf
    • 10-sub-pixel-rgb.conf
    • 10-yes-antialias.conf
    • 11-lcdfilter-default.conf

    The differences I see are the last 3 options in local.conf:

    • disabling embedded bitmaps. I think this would change rendering for old MS Office fonts. And perhaps break some emoji fonts. I have Noto Color Emoji but I don’t have any old MS fonts. This seems like it would have limited impact.
    • enabling autohinting. If you have slight hinting enabled and the font contains hinting information it should automatically use it. So I thought it made no difference if you have good fonts installed. I might be wrong. But again if you use good fonts I am not sure this has an impact.
    • setting font weight to medium. This is an odd one. Does this mean that every font query returns a medium weight or that if you don’t give a weight you get medium? Fattening up thin fonts might be a user preference but you can also select desired font weights in your desktop settings and apps.

    Fontconfig is a compiled database for font queries, it doesn’t do rendering. Whatever you put in fontconfig, an app like kitty will not implement sub-pixel rgba rendering for performance and implementation reasons but many other terminals will. I think gtk4 might be heading the same way. Depending on variations in colour vision and displays people tend to disagree on the value of sub-pixel rgb but it looks like it is a common distro default anyway.


  • The local.conf file should work on any distro. It’s an opinionated override and might not be ideal for everyone but you can use the settings as a starting point to research further. Don’t modify the other files in /etc/fonts as they will be updated by the distro. Claude’s other suggestions apart from selecting some better fonts generally do nothing as far as I can tell. I connected to one of my debian machines and the symbolic links Claude gave to /etc/conf.avail are a debianism as I suspected. If you don’t install or use bitmap fonts and you override the rgb aliasing in local.conf I don’t see the point of either of those symbolic links but whatever meatbag wrote them in a stackoverflow or reddit post intended them for a debian distro.


  • Freetype2, fontconfig and cairo are going to be pulled in as dependencies when you install just about any desktop app/library eg firefox, gtk so this is a no-op. Same for installing the jre and fontconfig again. Its pointless. The freetype2.sh line is commented out because that has been the default setting for the last 8 years so it makes no difference. The gfx.webrender.all setting in firefox is an override to force something it is most likely already doing based on the detected environment. If you check about:support the chances are you are already using hardware rendering. And its a performance and not quality setting. Half of this makes no sense.

    Installing nicer fonts is always a good idea and also setting your desktop and application default fonts.

    Some of the local.conf settings could potentially makes a big difference if your desktop environment defaults/user settings aren’t good. Don’t know a huge amount about freetype settings but I suspect using assign in there might override desktop environment settings which some people might not want. I set mine in a gui like the monkey I am.

    My conversation with any llm tends to go, “you got a, b, c wrong, it should be d, e and f” and it says “sorry, ofcourse it should be d, e and f, my mistake, here it is with d, e, f, g and h”. Then I say “g and h are wrong it should be i and j”. And it keeps going. In the end I write it myself. Huge time wasters.

    Edit: didn’t pick up on it immediately but the two symbolic link commands are suss (they are for debian based distros). Endeavor is arch based and fontconfig on arch has the configs in /usr/share/fontconfig and the ones in the conf.default directory should already be linked into /etc/fonts/conf.d. 10-sub-pixel-rgb is in /usr/share/fontconfig/conf.default so that is already linked for me so attempting to do another link without deleting it would be an error - another no-op. I don’t like rgb sub-pixel rendering so its overridden in my desktop settings. It shouldn’t be necessary on high dpi IMO. The proper path for 70-no-bitmaps is in the /usr/share/fontconfig/conf.avail directory if you want to link it properly. If you use the wrong path as Claude suggested, its another no-op. If, like me, you don’t have any bitmap fonts installed it won’t make any difference anyway. Also /etc/fonts/conf.d is created by the fontconfig package so that is another no-op.

    Edit 2: The setting’s name might be inaccurate but Cleartype is the name of Microsoft’s proprietary font renderer and isn’t available on Linux. So possibly gfx.font_rendering.cleartype_params.rendering_mode was picked up from some StackOverflow discussion about Firefox font rendering on Windows. I won’t say it doesn’t work without reading the Firefox source code and/or trying it but I suspect a setting with that name would not have any effect on Mac or Linux.