Recent testing revealed that Arch Linux, Pop!_OS, and even Nobara Linux, which is maintained by a single developer, all outstripped Windows for the performance crown on Windows-native games. The testing was run at the high-end of quality settings, and Valve's Proton was used to run Windows games on Linux.
https://www.youtube.com/watch?v=5eKSQT5mV-c
Important: Nobara is way less Secure than Fedora.
If you want to game, stick to regular Fedora. A project that is actually secure is ublue with dedicated NVIDIA images that should just work and never break, and they even have Bazzite, an Image specifically for the Steamdeck but also for Desktop.
These images are only ½ day behind upstream, apply minimal additions and patches (like drivers, codecs, packages, udev rules for controllers) and Nick from the video above found out that the Nobara patches with their weird less supported Kernel arent really worth the hassle.
Secure Boot is an utter piece of bullshit from the depths of hell.
Proprietary UEFI BIOS is, but for a secure system with local manipulation prevention it can be needed. Also secureboot is a security measurement against malware so no, its simply the best we have.
Look at Coreboot if you want a secure modern system
Secure Boot is just Bootloader Signature Enforcement controlled by M$, it’s not gonna prevent Superfish 2.0 from happening.
Unfortunately, I don’t have a coreboot-able system. When I move out I’ll make that a priority.
I mean you saw LogoFAIL right?
I never bought my current machines. Funnily enough, they don’t show any logos on bootup, (Windows Boot Manager is smth else)
The vulnerability actually isn’t in Windows Boot Manager, it’s a flaw in the image-parsing code of the UEFI itself. That’s why it’s able to bypass SecureBoot.
It just happens that for whatever reason you can easily update the image file from within Windows/Linux itself. The fact they don’t show a logo currently does not mean you’re immune, as the system might just be showing a black screen at that point. Code can be injected into an image file without perceptibly affecting the image output, so you’d likely be able to use a “black screen” logo. If your computer has a UEFI instead of a BIOS, which is pretty much everything from the last 10yrs, then you are more than likely at risk.
My computer likely isn’t susceptible, and that’s because it’s a Dell workstation. While the bug still exists in the image parser, Dell has locked things down so it’s pretty much impossible to change the boot logo from userspace.
Yes, IK WBM is not the problem here. My systems don’t show a logo at all, and they don’t have a “hide logo” options.
FWIW, some firmware allow changing it during the update procedure. I remember having to update my ThinkPad’s firmware and it had that option.
That’s valid, I looked into it with Dell and later articles have mentioned they aren’t susceptible.
I 100% agree, its best to just stick to upstream Fedora imo. Glad you made this comment. The security issues of Nobara always put me off, especially since basically everything it does can just be applied to regular Fedora. I think Nobara would much better serve as a script or toolkit, similar to Brace, or something along those lines instead of an entire separate OS with the security issues it brings.
Your ublue-link got messed up, did you mean https://universal-blue.org/ ?
No its their shortlink and I am lazy. But replaced it.
As a non-power user, I don’t want daily updates. Monthly is perfectly fine for me.
Linux desktop updates are handled totally differently than Windows. I don’t even see them, as my distro just has a timer that checks for updates once a day, then updates the whole system in the background. If anything, this behavior is intended for non-power users.
Then disable the updates lol. This is done in the background and includes all the security patches so you dont even see any of it, not a single popup.
We are not talking about backported security fixes, but literally no updates for an entire month.