A few months ago I was working on learning more about wireless security and I found that MacOS just wasn’t cutting it compared to how all of the tools worked in Linux. As one of my co-workers pointed out, there was always the option of an external USB antenna and mapping that through to Linux VM. However, I really wanted to refresh myself on Linux more deeply and I knew a VM wasn’t going to do that. Also, I didn’t own a laptop, and the idea of picking one up that didn’t include the “Apple Tax” was pretty appealing.
So I went out and bought an ASUS Zenbook UX305FA (I paid $690), and I’ve been very happy with it. After quite a bit of playing, I’ve finalized on Fedora as my desktop distribution of choice and GNOME 3 as my desktop environment. I’ve setup a separate VM with only a browser (fedora minimal install+x11+openbox), which virtualbox displays pretty nicely with seamless mode.
Overall it works pretty well.
Honestly, as I’ve configured things in GNOME recently, it is not only stalled on features from the ’90s, but it has managed to become more difficult to configure. Now of course, I know it really hasn’t stalled on features, but take the basic configurability of the environment from a user perspective and it really feels like it.
One of the most obnoxious examples is the gnome-keyring. Now I’m very familiar with the MacOS keychain. One of the features it provides is auto-reading in SSH keys from ~/.ssh and setting SSH_AUTH_SOCK for OpenSSH to know it is acting as your ssh agent. Each time I reboot the Macs I use, I go to a terminal window and type ‘ssh-add’, enter my obnoxiously long passphrases, and the keychain can now use those keys for ssh until the next reboot. I was pretty excited to see that gnome-keyring would do the same thing! Except it won’t. My keys are not using default settings/types for creation, which apparently makes gnome-keyring fail to function. It does not fail to load the keys and try to act as an ssh agent, it just fails to present the keys for auth. Great, so I’ll just disable it and go back to .bashrc ssh-agent methods, right? Not so fast.
First, we’re in a UI environment, but there is no setting for it in the UI.. No problem, there must be a simple script/setting where I can just comment out gnome-keyring, right? HAH! Not really.. The final solution was taking /etc/xdg/autostart/gnome-keyring-ssh.desktop file and copying it to ~/.config/autostart, then adding the line X-GNOME-Autostart-enabled=false
Of course, that’s actually not that complicated, but the problem I have is with how it just isn’t intuitive. The Linux desktop and GNOME really isn’t that advanced. Why is that not a more simple thing presented to the user? Also, when searching the Internet for the answer, you’ll realize that with many revisions of GNOME and many distributions of Linux, there is 100 different ways people have solved this problem, many of them correct in their own little splintered world of Linux+GNOME. My favorite was the guy who wrote a daemon that sent SIGKILL to gnome-keyring if it ever started, because he gave up figuring out how it autostarted. A solid example of how badly documented and inconsistent this all is.
Clearly user-friendly is not a priority for the GNOME project and the Linux desktop. Maybe in another 15 years they’ll get there.
A few other quirks of note.
- I had to disable secure boot to load the virtualbox kernel modules with a kernel patched to current – this makes me unhappy
- Nothing on extensions.gnome.org shows as supported with the current version of GNOME, but Fedora has rpms for a few of the extensions to make up for some of it
- The screen brightness keyboard buttons on this machine (fn+F5/F6) don’t work, so I mapped windows key+F5/F6 to xbacklight -inc/dec 10. This is the only unsupported item I’ve found for this hardware
- Audio is very quiet at max, so I installed pavucontrol which supports going to 153% what the default ALSA mixer does
In any case, I have a Linux desktop that seems to be working pretty well now. I have a kali and remnux VM setup, and the seamless mode browser VM. Everything on disk is encrypted, and I’ve locked down the rest pretty well.
My only outstanding items to fix are:
- when focus is on a VM the gnome-screensaver will sometimes be blocked from locking the screen, so even when resuming from sleep the machine may be unlocked
- firewalld. This seems to be regression of capability from the iptables CLI, but I’m giving it a chance and reading all the documentation before I rant too much
I’m sure in a few upgrades I’ll have to re-do half of this, because.. Linux.