Okay, so what’s your problem with my comment then?

You’re the author here, right?

If anything, it would be MORE useful for beginners if it included Snaps or Flatpaks.

That’s what your package manager is for. I’m unaware of a distro that doesn’t include a GUI for this.

You need a GUI-on-GUI thing to make it all work for you?

Depends on the distro and how you have your permissions configured.

The easiest test is to run the creation commands as sudo or root. If it works, then you need a different permissions setup. You didn’t mention any specifics about your distro permissions setup.

Well…I mean the biggest obvious example in recent history is the xz-utils hack. There’s probably more like that out in the wild than most want to think about.

Yes, if not doing this as sudo, you need to be part of the proper group to create and alter network interfaces.

🍑💩

Random new Linux distro from China with zero history or contributions from any FOSS devs?

Nawthx

Good practice though. It’s pretty much a necessity anymore with supply chain attacks becoming such a thing.

Mostly this, but also, if you’re going to manage many scripts in a system for many users, revision control doesn’t help that. Either look at packaging them properly for your distro, or using something Ansible to distribute and manage their versioning on the system to make things easier on yourself.

So you’re saying after a clean boot, the mouse takes time to register and start working again? Does it work in sddm before logging in, but then lags to reconnect once loaded into your DE?

The Desktop Environment doesn’t matter much. Whichever you like. Stock Fedora is Gnome, and there is a Spin of practically every desktop available. Try what you think you’ll like.

You are quite mistaken. TPM is used as a key pair, and not just generation.

Let give you a specific example: built a hardware platform for a company, and they wanted to make sure that the storage and device were secure on their own, as well as being separated to prevent somebody pulling it apart to try and channel attack all the different things.

On install, the encrypted disk generates a signature. TPm has its own clean keys set to verify that it’s paired at various levels with various pieces of onboard hardware. Then you pair a bootloader combination of those signatures to generate a three-part signature to make sure that what is in TPM matches both the onboard signatures of what is hardwired in, along with the key generated by the new encrypted volume on the drive.

Anyone takes that drive out, it’s mostly useless, because it can’t boot without the signatures verified by TPM, and they’ll never be able to match the combination of the other 15 keys stored there for the hardwired components.

That’s how it’s intended for use. Not just for signature generation and verification. It’s more of a key/value store than anything, like a physical hardware token device.

Fedora for beginners. Ubuntu-based lost the crown because of Snap bullshit.

The default gateway. If it’s not passing traffic, your machine doesn’t go looking elsewhere for routes that work. Read through both the links, and they’ll give you extra background.

Then the first setup does that.

It wouldn’t be able to communicate with the internet, but would still be able to talk to your local network.

If that’s not specifically what you’re trying to do, and you don’t care if traffic might go out over your regular Internet connection, then you can create a fail over type situation where it will try and use a “backup” route to communicate to the internet if needed, though you’ll need to spend some time really making it pretty smooth: https://www.baeldung.com/linux/multiple-default-gateways-outbound-connections

ufw is a firewall. Routing controls traffic flow. You want to set the default route of that machine to only use the tun0 interface. Random link explains

As a secondary step you can set your firewall to block any traffic trying to exit an interface I suppose, but it really shouldn’t be necessary.

For your other services on the local network for your subnet, just add a secondary route only for your subnet that uses your router as a gateway.