Mordikan

I don’t think flatseal isolates child processes, only the flatpak itself.

You could use firejail. That is available outside the AUR. As there is no socket available, if testing with a browser it should force the browser to crash. You could also try setting up a network namespace that only binds to loopback in case you want local device network access.

EDIT: I don’t think you need to switch distros to solve this problem, but if you do you could try NixOS. Obviously there is no AUR, but you can write .nix config files to fine tune how firejail automatically works with specific applications:

programs.firejail = {
  enable = true;
  wrappedBinaries = {
    
    firefox = {
      executable = "${pkgs.firefox}/bin/firefox";
      profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
      extraArgs = [
        "--private-home=.mozilla"
        "--whitelist=\${HOME}/Desktop/BrowserSandbox"
      ];
    };

    transmission-qt = {
      executable = "${pkgs.transmission-qt}/bin/transmission-qt";
      profile = "${pkgs.firejail}/etc/firejail/transmission-qt.profile";
      extraArgs = [
        "--net=none"
      ];
    };
    
  };
};

I had to recheck the timeout mention, and you are totally correct.

You can set it to timeout but the default for most distros appears to be that it stays unlocked which is crazy.

I believe that if your login password and gnome keyring password are the same, then the keyring will automatically unlock during login as well. That’s something to consider as I’m sure people commonly reuse their password for both. The gnome keyring would sit unlocked until timeout occurs on every login.

Thanks! I’ll take a look at this.

So, there is some aggravation (not really a con) in terms of package management systems.

You have MANY options not limited to your standard repo tools like yum, pacman, apt, etc. You also have 3rd party ones like flatpak and snap. You could also throw in the AppImage format to that. Arch has the AUR on top of that which usually means you’re running paru or yay. And then you have things like brew and crates which you might run into.

Working in any of these is straightforward, the problem comes from having to manage them all independently of one another at the same time. Pacman will update standard repo, but not AUR. Paru will update standard repo and AUR, but that doesn’t help with flatpak/snap. Then docker/pods/lxc are in their own little world while you get those handled.

In the end, the more complex you build a system the more complex it is to manage, but it still is an aggravation. I’d still take it over the one-size fits all approach Microsoft has, though.

But did you RTFM?

I used Arch for ~15 years before switching my daily driver to NixOS. In that entire time, I never once posted a question to the forums. The wiki is that well constructed.

If you do post a question without searching first (that’s a big no no), they will link to you the exact steps from the wiki to use. They might treat you badly at that point, but in a way you would have been treating the community as a personal assistant to look up things for you which I would say is equally bad.

I think redundancy is an important factor here as well. That was an issue I saw frequently on subreddits and a primary reason for me disengaging from those communities.

You would see the same low effort question posed with other users responding with high effort/detail (albeit redundant) answers. Regardless how well constructed the feedback might be, that response is dragged down by the lack of effort inherent overall to the post.

If nothing else except for the sake of space saving, a large percentage of those posts could have been nuked with no real impact to how readily the subjects/solutions could be found.

I was curious if it was some AI tool that asks the question, collects the answers, then removes itself.

I will say I am making the assumption that these are actual people and not bot accounts. Even if they were bots, why even bother removing the posts? It’s not like it is somehow detrimental to what they are doing.

How can you build a collective knowledge base when you delete your post after receiving an answer? I seriously don’t understand why people do that, either. No one knows/cares who you are and there is no reason to feel ashamed for not knowing how something works.

edit2: thanks again everyone, you don’t need to check if it’s working. apparently I’m blocked from accessing the site, can’t see any other explanation. DNS resolves fine, flushed caches, tried private mode, clear cookies, tried everything on my end to rule stuff out, nothing

You might run traceroutes/mtr to see where exactly this is failing. Here’s the IP I show in case yours differs:

➜  ~ dig freedns.afraid.org @10.10.0.1 A

; <<>> DiG 9.20.23 <<>> freedns.afraid.org @10.10.0.1 A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51734
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;freedns.afraid.org.		IN	A

;; ANSWER SECTION:
freedns.afraid.org.	60	IN	A	69.42.215.252

;; Query time: 206 msec
;; SERVER: 10.10.0.1#53(10.10.0.1) (UDP)
;; WHEN: Wed Jun 03 14:48:58 CDT 2026
;; MSG SIZE  rcvd: 63

Like Inception.

The article service that talks about a compromise to steal credentials that secretly steals your credentials.

I remember getting into security about 15 years ago. This was around the time of Android really kicking off and it was crazy all the stupid things you could get away with (and that’s just a static permission set). Now you have AI pentesting tools and AI slopcode to use it on. Depending on perspective, this is either a great time to be working in security and/or an awful time to be working in security.

At the very bottom of their link:

© 2026 Odysseus · Built from one prompt that refused to stop.

In California Jan 1st 2027, effectively yes. Please read AB-1043. All of this information is present there. It functionally forces any systemd‑based OS to populate it in order to comply with the law’s mandatory age‑collection requirements. It’s literally in the bill. Next time, just fucking read it, damn. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

California’s AB-1043 already passed, so we get to bitch about it now. Thanks for your support.

Qutebrowser

I ran into the same thing. Nix store got up to 57GB in size for me. I have lots of generations and upgrades ran which just continually fill up. Figured out you have to run garbage collection or use the optimizer (which takes a LONG time to run for me): https://nlewo.github.io/nixos-manual-sphinx/administration/cleaning-store.xml.html

I’ve used Arch as my daily for so many years now, it is a little tricky moving from imperative to declarative configuration. I’m treating my NixOS machine more as long term maintenance, so I’m not using the most bleeding edge packages. You can do that though by pointing to nixos-unstable.

I plan on using flakes for pinning and home-manager for writing ~/.config configurations, but I don’t think I really need it, more just to learn how. With home-manager, I could rebuild this machine from scratch (including individual application preferences/settings) just with the backed up configs. I can at any point rollback to any saved previous generation though, too, just by restarting the machine.

I’ve really been impressed with it though. To the point, I will probably be moving my Arch DIY router over and converting it to NixOS.