You can also nest rootful Xwayland in there too!

From the user’s shell,

WAYLAND_DISPLAY=/run/user/1000/wayland-0 Xwayland :1 &
export DISPLAY=:1 WAYLAND_DISPLAY=
i3 &
xterm &
konsole &

Of course you that means you can also run Plasma X11 that way for example:

Make sure to use machinectl and not sudo or anything else. That’s about the symptoms I’d expect from an incomplete session setup. The use of machinectl there was very deliberate, as it goes through all the PAM, logind, systemd and D-Bus stuff as any normal login. It gets you a clean and properly registered session, and also gets rid of anything tied to your regular user:

max-p@desktop ~> loginctl list-sessions
SESSION  UID USER  SEAT  LEADER CLASS   TTY   IDLE SINCE
      2 1000 max-p seat0 3088   user    tty2  no   -    
      3 1000 max-p -     3112   manager -     no   -    
      8 1001 tv    -     589069 user    pts/4 no   -    
      9 1001 tv    -     589073 manager -     no   -    

It basically gets you to a state of having properly logged into the system, as if you logged in from SDDM or in a virtual console. From there, if you actually had just logged in a tty as that user, you could run startplasma-wayland and end up in just as if you had logged in with SDDM, that’s what SDDM eventually launches after logging you in, as per the session file:

max-p@desktop ~> cat /usr/share/wayland-sessions/plasma.desktop 
[Desktop Entry]
Exec=/usr/lib/plasma-dbus-run-session-if-needed /usr/bin/startplasma-wayland
TryExec=/usr/bin/startplasma-wayland
DesktopNames=KDE
Name=Plasma (Wayland)
# ... and translations in every languages

From there we need one last trick, it’s to get KWin to start nested. That’s what the additional WAYLAND_DISPLAY=/run/user/1000/wayland-0 before is supposed to do. Make sure that this one is ran within the machinectl shell, as that shell and only that shell is the session leader.

The possible gotcha I see with this, is if startplasma-wayland doesn’t replace that WAYLAND_DISPLAY environment variable with KWin’s, so all the applications from that session ends up using the main user. You can confirm this particular edge case by logging in with the secondary user on a tty, and running the same command including the WAYLAND_DISPLAY part of it. If it starts and all the windows pop up on your primary user’s session, that’s the problem. If it doesn’t, then you have incorrect session setup and stuff from your primary user bled in.

Like, that part is really important, by using machinectl the process tree for the secondary user starts from PID 1:

max-p@desktop ~> pstree
systemd─┬─auditd───{auditd}
        ├─bash─┬─(sd-pam)                 # <--- This is the process machinectl spawned
        │      └─fish───zsh───fish───zsh  # <-- Here I launched a bunch of shells to verify it's my machinectl shell
        ├─systemd─┬─(sd-pam) # <-- And that's my regular user
        │         ├─Discord─┬─Discord───Discord───46*[{Discord}]
        │         ├─DiscoverNotifie───9*[{DiscoverNotifie}]
        │         ├─cool-retro-term─┬─fish───btop───{btop}
        │         ├─dbus-broker-lau───dbus-broker
        │         ├─dconf-service───3*[{dconf-service}]
        │         ├─easyeffects───11*[{easyeffects}]
        │         ├─firefox─┬─3*[Isolated Web Co───30*[{Isolated Web Co}]]

Super weird stuff happens otherwise that I can’t explain other than some systemd PAM voodoo happens. There’s a lot of things that happens when you log in, for example giving your user access to keyboard, mouse and GPU, and the type of session depends on the point of entry. Obviously if you log in over SSH you don’t get the keyboard assigned to you. When you switch TTY, systemd-logind also moves access to peripherals such that user A can’t keylog user B while A’s session is in the background. Make sure the machinectl session is also the only session opened for the secondary user, as it being assigned to a TTY session could also potentially interfere.

what distro/plasma version are you running? (here it’s opensuse slowroll w/ plasma 6.1.4)

Arch, Plasma 6.1.5.

what happens if you just run startplasma-wayland from a terminal as your user? (I see the plasma splash screen and then I’m back to my old session)

You mean a tty or a terminal emulator like Konsole?

• In a tty
  • if I’m already logged in it should switch to the current session as multi-instance is not supported
  • if it’s my only graphical session, it should start Plasma normally with the only exception being KWallet not unlocking automatically.
• In a terminal within my graphical session: nothing at all.

It’s a lot easier with Wayland and hardware acceleration works, see my solution. It does a proper login session and starts the whole DE exactly the same way as if you logged in from a tty too so everything just works as expected there. Wayland devs use that a lot for testing and development so it’s quite well supported overall.

Totally possible. It’ll work best with Wayland thanks to nested compositor support, whereas on Xorg you’d need to use Xephyr which doesn’t do hardware acceleration.

# Give the other user access to your Wayland socket
setfacl -m u:otheruser:rx $XDG_RUNTIME_DIR
setfacl -m u:otheruser:rwx $XDG_RUNTIME_DIR/wayland-0

# Open a session as the other user (note the trailing @, it's there to login in to the local machine)
sudo machinectl login otheruser@

# Start your DE!
WAYLAND_DISPLAY=/run/user/$(id -u yourmainuser)/wayland-0 startplasma-wayland

And tada!

Does the morning coffee count? I’ll skip it if I’m being late but I do like my morning coffee.

I would use maybe a Raspberry Pi or old laptop with two drives (preferably different brands/age, HDD or SSD doesn’t really matter) in it using a checksumming filesystem like btrfs or ZFS so that you can do regular scrubs to verify data integrity.

Then, from that device, pull the data from your main system as needed (that way, the main system has no way of breaking into the backup device so won’t be affected by ransomware), and once it’s done, shut it off or even unplug it completely and store it securely, preferably in a metal box to avoid any magnetic fields from interfering with the drives. Plug it in and boot it up every now and then to perform a scrub to validate that the data is all still intact and repair the data as necessary and resilver a drive if one of them fails.

The unfortunate reality is most storage mediums will eventually fade out, so the best way to deal with that is an active system that can check data integrity and correct the files, and rewrite all the data once in a while to make sure the data is fresh and strong.

If you’re really serious about that data, I would opt for both an HDD and an SSD, and have two of those systems at different locations. That way, if something shakes up the HDD and damages the platter, the SSD is probably fine, and if it’s forgotten for a while maybe the SSD’s memory cells will have faded but not the HDD. The strength is in the diversity of the mediums. Maybe burn a Blu-Ray as well just in case, it’ll fade too but hopefully differently than an SSD or an HDD. The more copies, even partial copies, the more likely you can recover the entirety of the data, and you have the checksums to validate which blocks from which medium is correct. (Fun fact, people have been archiving LaserDiscs and repairing them by ripping the same movie from multiple identical discs, as they’re unlikely to fade at exactly the same spots at the same time, so you can merge them all together and cross-reference them and usually get a near perfect rip of it).

The real victim here is the poor souls that have to use Oracle products

No but it does show how much capitalism relies on the absolute exploitation of the labor market and the double-standards from the US in that regard. Free market good but only when US companies are the ones fucking everyone over.

• US companies buying cheap stuff from China and marking it up 500%: good, American values
• China cuts the middleman and sells the same product for the same price they would sell it to the reseller: noooooo we can’t compete with that, China bad, it’s so unfair! Waaaaaaa

At least the EU doesn’t constantly brag about muh freedom and how the free market is the best thing ever and you’re a commie if you don’t agree that capitalism is the best.

Good luck with that given 3D printers are full of open-source software.

Yeah, that didn’t stop it from pwning a good chunk of the Internet: https://en.wikipedia.org/wiki/Log4Shell

IMO the biggest attack vector there would be a Minecraft exploit like log4j, so the most important part to me would make sure the game server is properly sandboxed just in case. Start from a point of view of, the attacker breached Minecraft and has shell access to that user. What can they do from there? Ideally, nothing useful other than maybe running a crypto miner. Don’t reuse passwords obviously.

With systemd, I’d use the various Protect* directives like ProtectHome, ProtectSystem=full, or failing that, a container (Docker, Podman, LXC, manually, there’s options). Just a bare Alpine container with Java would be pretty ideal, as you can’t exploit sudo or some other SUID binaries if they don’t exist in the first place.

That said the WireGuard solution is ideal because it limits potential attackers to people you handed a key, so at least you’d know who breached you.

I’ve fogotten Minecraft servers online and really nothing happened whatsoever.

Does Lemmy even have print CSS or is it more like the site’s style is so basic it just works? I looked quickly and apart from hiding a few elements, it doesn’t look like it really tries to be printer friendly at all.

Lemmy’s format just kind of sucks for discussions and visibility. If you comment on a post from a year ago, you can expect that to not been seen by anyone ever.

Lemmy is primarily a link aggregator, just like Reddit. It also happens to somewhat work for Q&A and help forums, but fundamentally Lemmy is more oriented towards new content.

The more classic forum format is better for discussions because replies bump the thread up to bring new attention to it.

Also a lot of people just don’t give a shit about random people’s random thoughts, that’s why I’m not on Mastodon and never really used Twitter either. I don’t know why people feel the need to dump all their thoughts on the Internet, like I care that a celebrity is on a plane or enjoying a nice meal.

Lemmy is about topics, not people, that’s what I like about it. I don’t care about people.

Make it through the web UI, this is not implemented as far as I know as that’s not a particularly common operation.

Also !boostforlemmy@lemmy.world

Isn’t he the same person who calls adblocking piracy?

He’s also got a generally nuanced opinion of piracy, in that it’s justifiable in some situations. If you call it piracy and you’re okay with piracy then it’s not really a contradiction.

Being willing to talk about it despite working against your interests isn’t always bad depending on context.

They’ll appear removable but if you don’t put users in the option it shouldn’t be unmountable.

I’ve read some posts about editing fstab to mount them at startup, but they don’t cover whether the drives will be available to other users or not. Can I just add them to fstab and mount them somewhere that’s available to all users, then sort out the permissions? If so, where’s the best place to put them?

Yes pretty much. It just explicitly tells the system where to mount it, and for some filesystems you can even force the UID/GID and modes.

Usually /mnt/whatever for static mounts and /media/whatever for removable mounts (those appear as drives in file managers, whereas /mnt doesn’t). You can set the users option in fstab and it’ll let users mount and unmount it without sudo as well, or auto to always mount it on boot.

From there usually you can make a shared group, chown the mount to root:thatgroup, then chmod g+s to make sure the group is inherited. And you should mostly be good to go.

I used Boost for Reddit, and now Boost for Lemmy.

It’s incredible how much the app is part of the experience. Same experience, completely different data source, it mostly just feels like early Reddit again, with niche subs of mere hundreds of people.

People are on average nicer here. Few loud nutjobs but overall I have mostly pleasant discussions.

Patience. It really helps to have all the latest set up: SPF, DKIM, DMARC. Then after that it’s a matter of IP reputation, you can email the various blocklists and you wait for the rest of them to clear on their own.

I’ve had that IP for 10 years and it has never sent spam, and I’ve sent enough emails that people open that it actually does get through fine. I haven’t had to think about it for a long time, it just keeps on working. Barely had to even adjust my Postfix config through the upgrades.

You can boot it in a VM and do it from a VM. In fact even if the VBIOS is completely broken, you can still usually override the VBIOS in libvirt/qemu and boot it anyway and then you can flash it.