What to use for a workstation/gaming desktop?

Delaney

archbtw I wouldn't bother. I'd consider it to be insecure and just enjoy gaming on it with access to bare metal resources. Anything else I want to do, I'd do on another computer that's actually secured

archbtw

Delaney
I mean, apart from having 2 powerful computers being quite costly, I don't really have space for it.
The sandbox doesn't really reduce runtime performance anyways, and the hardening isn't really going to reduce gpu performance, which is always the bottleneck at 4k.

Delaney

archbtw I mean, apart from having 2 powerful computers being quite costly, I don't really have space for it.

I'm not sure what you're talking about. I only said I'd use a secure computer for non-gaming purposes. That would be your laptop in this case.

archbtw The sandbox doesn't really reduce runtime performance anyways, and the hardening isn't really going to reduce gpu performance, which is always the bottleneck at 4k.

Sure, but that assumes that the games will respond well to your security hardening efforts, which is uncertain at best considering most games will only run under wine on Linux.

archbtw

Delaney
We will see... It might have some problems with the hardening.

Anyways, I cannot have this computer just for gaming, as I often don't even game every day. Sometimes I don't launch a game for weeks. I really don't wanna have an expensive computer doing nothing, while I do stuff on an old 13" laptop.

RockHyrax

if you want a secure device, keep things separate. use your other fancy high-end computer for sensitive stuff. if you truly cared about security and privacy, you would make the space for it and use them separately.

by hardening a flatpak app, lets say Steam for example, you run the risks of certain games no longer running properly due to limiting permissions (ptrace, ipc, shared memory, etc).

i have been gaming on fedora close to 6 years now. the reason why i chose fedora is because it has SELinux configured out the box. i have never had an issue gaming on fedora aside from the standard kernel level anti cheat games no longer working on it. for sensitive stuff, i have a laptop running secureblue.

archbtw

RockHyrax
I think in the future I will get a better laptop for sensitive things.

Right now I have only one high end computer and the laptop is kind of trash. All my other computers are decade old, being used as servers.

The laptop (now also running secureblue) also has a security issue with it's management engine being set to manufacturing mode for some reason, and I cannot turn that off.

leafnose

archbtw
What about switching hard drives?

Depending on your desktop motherboard, you could use a PCIe device that lets you switch your system SSD. For instance, you’ll have a SSD for Windows gaming, and another with Linux for everything else…
The motherboard would still be exposed to some sort of attacks, like firmware and BIOS ones (through Windows), which might compromise your Linux install, but depending on your threat model, it could be an acceptable poor man’s choice, I guess.

I’m curious if anyone could chime in about the plausible risks regarding motherboards…

RockHyrax

leafnose i would personally not recommend dual booting as previous windows updates have broke dual booting for linux resulting in people having to reinstall their linux distro.

leafnose

RockHyrax
It is precisely not dual booting.
EDIT: To be clear, I mean to remove and replace the drive each time.

archbtw
Several solutions exist, be it with M.2 SSD or SATA SSD. You should verify if you can boot from such a device with your motherboard, and if it allows the needed bifurcation mode.
You can look at devices like in the Icy Dock ExpressSlot range.

archbtw

Hmm so it would be 2 pcie ssd's in a pcie card? Yeah that does make sense, sure. I mean I wouldn't use windows ever, but having 2 linux drives could be a solution, I could keep some basic security on the gaming drive, like encrypted memory and disk, secure boot, without having to basically babysit the security on that one.

Only issue would be a malware modifying the bios.

archbtw

leafnose
Yeah my motherboard supports it of course. I assumed it would be a device where i can just flip a switch and it would switch the drive. I cannot physically change the drive each time as watercooling pipes are kinda in the way.

GrouchyGrape

archbtw you're not going to find a perfect solution. This is why honest threat modeling is so important.

The highest risk to my health and life is driving on the highway, yet I commute on it everyday to and from work.

Don't create non-probabilistic threats only to endlessly attempt to mitigate them. It's unhealthy at best. If it's purely for research and/or a hobby, then knock yourself out. But that's not what I'm sensing.

There are many ways to skin this cat, try them all. All you have to lose is time, but you'll gain a lot of knowledge and experience along the way. I settled on having a dedicated windows gaming machine and VM's for everything else. I ran the windows machine headless for a while, using moonlight/sunshine to stream to a fedora machine. Worked a treat.

archbtw

GrouchyGrape

I don't need a windows machine. Not even for games.

I think the most experience I gain is by hardening the system.

And while the threats are low probability, I really don't know what my biggest threats would be, so I just try to cover the basics.

leafnose

archbtw
Well, devices with ON/OFF switches and eject push buttons do exist, mostly 5.25 bay devices. And as far as I know, depending on the performance you want, you’ll need to connect it with OCuLink.
Regarding PCIe cards, with some models, you can remove and insert the SSD from behind the case, no need to open the case.

n3t_admin

archbtw try to cover the basics.

archbtw a state actor

Pick one. You really should read up on threat modeling first. It's a complicated topic, but what you are doing right now is pointless. It's like saying "I'm trying to protect my house". From what? An earthquake? A fire? Burglars? A nuclear strike? That will pretty much determine what you need to do. The same applies for cybersecurity. Determine a clear path, then move forward. You can't really protect yourself from "everyone", unless you want to live a very uncomfortable life.

DeletedUser396

archbtw And more importantly for the desktop, I'm not sure if I want to switch from arch to fedora just for the selinux. I feel way too comfortable with arch on my main pc.

then don't... its your choice. use windows, again its your choice.

You know what you are doing, you must as Arch is a pain in the ass to load, maintain and run properly.

Arch users... insufferable

Sigismund

DeletedUser396 You know what you are doing, you must as Arch is a pain in the ass to load, maintain and run properly.

Not in the slightest. My rigs run years on same install now.

DeletedUser396 Arch users... insufferable

Again a hyperbole. OP is a good example of "recent convert" who thinks its "cool" to run arch. I don't get what's your issue with the os is, but don't judge the entire community based on actions of some (very vocal) minority that plagues forums and reddit. Especially the "PC MaStEr RaCe" ones..

archbtw

Sigismund
I'm not a recent convert. I use arch for almost a decade. I use it because I find it the least pain to use. I always have issues with certain things on other distros where it's harder to fix..

pixelfairy

archbtw You can lock it down. Or make compromise not matter much. Or both.

Since you already bought the hardware and your comfortable with arch, you could just go with it. Make two steam accounts, a buyer and a player. The player account goes on the pc, the buyer your trusted device to gift games to your player. For some bundles and deals, you'll have to gift account credit and buy them as the player. Keep financial or any other sensitive info off the pc and treat it as potentially compromised. If anything happens, or you think anything might have happened, all you have to do is reinstall linux and steam.

Anything you can run in a vm, such as web browsers, discord, music streaming etc, should be. Your router may be able to isolate the pc from the rest of your network.

If you want it more appliance like, theres some atomic variants of arch like blendos. Theres also Bazzite, an atomic Fedora variant made for gaming and includes Steam. All you have to do is install and log in.

This setup assumes you have a trusted device, which you said you'll get later. You don't need much for said trusted device. You could do a fresh install on one of those old servers, buy your pc some games, tell steam not to keep your cc number (who knows if it listens), and then wipe the device and just keep your pass and 2fa safe.

archbtw

pixelfairy
Good idea. I will run a lot of things in immutable fedora virtual machines.
My router is a custom opnsense box and my pc is already on a separate vlan.

Sigismund

archbtw I'm sure you do. You use it so hard, you have to tell everyone you use it, without actually telling anyone what distro you use.

archbtw

Sigismund

Umm, you just did that.

Also, how can someone use an OS "so hard"? You use a computer, and doing that you automatically use the os, this doesn't make sense.

« Previous Page Next Page »