I've written a detailed guide on how to setup the KDE Plasma desktop according to my previous post. Since this is a rather long write up, I won't be copying it to the RSS feed today. You can follow this feed update to the complete blog post.

See you there!

So it's been just little over a week here with KDE Plasma 6 on Debian 13 and I haven't yet run into any major work stoppages or system krashes that weren't self-inflicted.

For the most part it works and hasn't yet annoyed me. I can't recall if I did this out of reflex or if the Debian version of the Plasma desktop pre-disables the Baloo file indexer, but it's disabled, which is fine in my book!

Deja Dup has been working splendid for automatic file backups, the Discover store has been handling system updates swell, Firefox and Thunbird ESR versions have been stable-ish, Bluetooth has been working without a hitch for my Apple Magic trackpad and portable JBL speaker, and I haven't had any major audio or network issues either.

Minor oddities I've picked up on:

• On occasion it might not automatically switch over to the JBL bluetooth speaker upon connecting, but it doesn't bother me.
• Sometimes the keyboard back light on my laptop will be disabled when waking the device from sleep.
• The lock screen fails to lock in time before the system suspends, which causes my desktop to remain visible for a few seconds when waking the device. This happens on the Xorg session. I haven't tested the Wayland session, but I suspect it works properly there. It's no matter for me though, because I have a solution for that.
• The global menubar plasmoid is sometimes flaky when waking the device from a suspend state, so I created a little panel launcher button that when clicked upon, will reset the Plasma shell without losing my session. It's a little silly, but the button actually works great.

An improved desktop UX workflow

I've been having a lot of fun trying out all manner of different desktop layouts and workflows on the Plasma desktop. So far I've liked the following dockbar and global menubar setup similar to macOS, but better.

Customized Plasma 6 Desktop on Debian 13

On my larger QHD display, I found the traditional left aligned start button, quick launch, and taskbar to be more work than it needed to be, causing me to move the pointer a lot. I've come to understand where a center aligned bottom dockbar makes sense on larger and wider displays. It's close to the center of the screen while not requiring as much travel, making it more accessible.

The global menubar feature is also pretty nifty, which I find alright being separated from the application window in this manner. I don't frequently use the menubar in my applications, so it's okay to remain distant and out of the way, however a menubar is always preferable to a stack style menu (aka hamburger menu) thrown off to the side as an afterthought. All menu options should remain visible and accessible and at no point ever hidden.

In addition to the global menubar, I found a plasmoid for enabling window controls from the panel bar too which greatly extends the top panel bars functionality (See Application Title Bar.) There are a lot of different options for the titlebar plasmoid widget, but I prefer it to only display the window control buttons (i.e. minimize, maximize, close.)

In this setup, the window manager title bar is utilized exclusively for non-maximized floating application windows that can be easily clicked, dragged around, and resized as usual. When the application window is maximized, the titlebar becomes integrated into the top panel containing both the global menu and window controls. This is a more optimal solution for maintaining vertical space whilst not tampering with titlebars in a floating state; they're floating for a reason after all because I want to easily move them or reshape the window; replacing them as a toolbar is counter intuitive.

What I find nice about this setup is that I can have a single panel for the system tray, notifier, calendar, and desktop pager while paired with a global menubar and window controls without cluttering up the primary dockbar. In my opinion, this is a lot cleaner than say, client side decorated application windows that omit the menubar for a stack button while cluttering up ideal space as a draggable title bar with toolbar buttons, tabs, and input forms.

I've made a short video demonstrating the workflow process:

Certainly I'm not the first one to come up with this particular workflow, but it leaves me wondering why this direction was never taken up by desktops other than Canonical's Unity and macOS (minus the window manager button integration?) Unfortunately not all applications are compatible with the global menu bar, which probably answers my question, but there remain plenty of applications it works well with. I believe this is the direction modern desktops should have move toward, rather than where things are at today. I should also note that I've only used the Xorg session here. I doubt any of this works on Wayland due to its limited nature, so this mostly serves as a demonstration of what is possible, or was.

If anyone's interested in how I've set everything up, then let me know and I'll write a how-to post.

Thanks for reading my blog!

I've been working in IT now for over 10 years, starting off from help desk to imaging tech, then a hop skip over into systems administration. Fourteen years ago, cyber security was not as serious a subject as today.

Somewhere around late 2010's there was a big shift in attitude and it seemed security for once was taken seriously, but it wasn't what I expected. It was more like a game of hot potato where shuffling risk and liability onto someone else rather than addressing the actual security issues was more important. Risk in the business world translates directly to liability while it's variable on whether or not a security issue is a risk worth addressing. It just so happens that since businesses can be held liable for damages as a result of their lax cyber security, security is now of concern. In the not so distant past, this wasn't always the case. This is really only made so due to recent regulatory pressure, especially among financial institutions.

This has lead to businesses flocking in droves to ready made security products and solutions, which aren't always as secure as what's written on the tin. Personally, and in my opinion, I believe this has produced the opposite effect to what it was supposed to alleviate. This is also further exacerbated by business strategies migrating to cloud services for literally everything.

The Web has been commandeered by digital fiefdoms inherently insecure because it was meant to be a digital library, not the circulatory system of a service economy. That didn't stop people from attempting to make it into one though, and as a result, we get data breeches on the daily and a constant anxiety around the security of these services.

I've seen simple things twisted into pretzel knots all because of this, and often we forget why or what lead up to some of the most egregious security practices in the first place because that last knot wasn't enough and needed to be twisted all the more.

Let's take passwords for instance... Why are they routinely changed? If you thought it was to eliminate persistence to an account or account takeovers, you've already lost the premise. This isn't the 90's anymore, the moment an attacker has gained access to an account, it's game over and your password update routine ceases to matter. In fact, I don't believe it ever helped, even as a precautionary measure. Was there a data breech? Did the account owner re-use the same password elsewhere and it was leaked there? Is there a backdoor method to get into the account? It wasn't Pasword123 was it? People in security make a big deal about this too, as if passwords over time just submit themselves to a public plain text ledger all because someone didn't change their password on time. No that doesn't happen and making people frequently change their passwords isn't actually addressing the problem here, and to clarify, the problem isn't the user. It's a lack of insight as to where, when, and how things occur and go wrong paired with a false sense of security in following irrelevant feel-good rituals rather than establishing a secured system. Here's a mantra to go by; if it's on the internet, it's not secure. Congratulations, we've established our first pretzel knot!

Now introducing MFA verification... Why do we have to verify our sign in with MFA? Because in theory, if someone happens to obtain your password and attempts to sign into the account it belongs to, it would perform as an additional verification step requiring the account owner to approve. We're now twisting another knot into our pretzel here because we still haven't addressed the original problem as to how someone got into the account in the fist place. If someone's able to sign into any of your business accounts from any device and location in the world, then we have a serious network security breech on our hands that needs to be resolved ASAP and MFA is a band-aid solution at best.

Now let's increase the frequency of MFA verification into a daily, if not multiple times a day routine. Why? Because in theory, again, someones session (namely session cookies), could be hijacked and replayed from an attackers device without requiring them to sign in or MFA with anything. This is just adding salt to our pretzel now, because still we're not addressing the original problem and have also introduced another theoretical scenario here. How in the world are user sessions getting hijacked!? Oh yeah, that wide open network we're still ignoring, that's how. Also daily MFA is a terrible idea because it fatigues the users to the point they don't even pay attention to what their signing into, much less verifying anymore. A screen pops up prompting them to "verify now! >:O" and they don't even think about it and just follow it thru.

Oh did you think I'm done here? Not even... Next up comes mobile authentication apps, biometrics, security PINs, endpoint monitoring and detection, travel restrictions, device attestation, SSL inspection, continuous verification, quarterly user cyber training, phishing tests - it just doesn't end, but it's certainly fueling a market and I suspect that's the point. There's a lot more I could go into, but I would have to write a book to contain it all and I don't have the time.

Behold, the World Wide Web!

It's as if we've boot and nuked the whole Web just to install Windows XP over it as a shared system set to auto login with the firewall disabled and call it cloud computing. Everyone's scrambling to secure their little corner, meanwhile the whole system is compromised from top to bottom. It's not going to work and will inevitably lead to nationalist "sovereignty" policies to erect mandatory security networks and data centers further restricting and controlling peoples communication and behavior on the Web all to preserve a parasitic economy desperately clinging onto anything to remain relevant.

There was nothing wrong with the Web as an open digital library, file sharing resource, social network or even a virtual store, but in hindsight, reinventing it into an IPC-like messaging bus to facilitate identity management services in front of sensitive infrastructure was careless and sloppy. Unfortunately this is the direction of technology these days, making cyber security a very lucrative field similar to the old adage of Microsoft keeping IT employed. It's really only been the last 20 years that any of this has existed and although people are hopelessly soulbound to it and their devices, it could take all of 20 seconds to come to a crashing end and maybe bring the world back to a sense of normalcy.

Thanks for reading my blog!

Perhaps this is a controversial observation to make, but hopefully people might understand where I'm coming from.

I say this because recently I've been writing about different Linux distributions and it reminded me of some of the other blogs I've read that tend to write on religious topics that are somewhat adjacent to this part of the web being tech blogger themed and all. This actually has me reconsidering my writing on the topic of "Linux," because I think it's become an idol. I've also picked up on peculiar parallels with Linux and "internet religious" people. Why in the world is that, and have I been psyopped or something!? I feel like a fool...

Anyhow, I've read quite a few religious blogs around these parts of the web and can't help but feel like I'm reading someone write about their favorite Linux distribution. Shoot, some of them even go into their process of choosing their distribution - I mean denomination or whatever, then describe it as if they were choosing a class to roleplay in Morrowind. None of it really strikes me at all as being serious.

The virtual shrines adorned in crosses, saintly pictures and nature are all neat to look at, but it reminds me of how I use to make scrapbook cardboard cutouts of Star Wars characters when I was 12 years old. In other words, it's kind of childish and hey I get it because it can be fun to share the things you enjoy with other people and you might want to express that to them, but the expression of your faith is in your actions which hinge on your receptivity to hear and obey the word spoken to you. Much of what I've seen among some of these blogs strikes me as being similar to the shallow "I identify as blah blah blah" self-labeling lunatics you'd find on neocities, but this time religious themed with an edge to it, as if it were a flippant contrarian reaction to something they hate rather than a profound spiritual revelation in that persons life.

I believe it's fine to want to share ones faith, testimony and spiritual journey in a blog, but it should be to uplift others in the faith rather than a "look at me!" pursuit waxing philosophical in go-nowhere essays to flex ones knowledge of bible lore.

Sorry if I'm being a buzzkill here... Just thought I should say something. Also what's up with Heaven Tree's little slogans and quotes? I tried archiving this for proof so you don't think I added it in the element inspector, but its random generated. If you refresh the page enough times, you'll get a few doozies like the following. What sort of webring is this? I don't think Jesus would approve of that. Not cool.

Thanks for reading my blog!

Reasons to use Debian.

So here I am back on Debian, and this time with the KDE Plasma desktop. Not only do I run Debian for my servers, but also for my personal computer too!

Unlike before on the other distributions I was trying out, I'm not using as many flatpak applications this time since it's a gosh darn storage hog, and because I ran into issues with Firefox as a Flatpak since the containerization format doesn't support mDNS; it made for a perplexing case seeing that I could connect to my NAS servers web interface from Pale Moon, but not Firefox... I also didn't like how Thunderbird's profile sources are linked to a fake /run/ path that doesn't actually exist on the host; it's lead to a number of issues for me in how I sync my POP mailboxes.

Just keep it minimal.

I'm also using Deja dup for user data backups since it's an all around better backup solution with support for network shares as a backup destination. I still don't like the built-in backup service that comes with KDE Plasma due to its limitations with network file share support. When I was on KDE Neon, SMB4K was not very reliable in maintaining a connection with the network share, often crashing when changing networks between home and work. The Dolphin kiofuse service works well enough for basic file management needs and is stable.

Since Debian's default boot splash was a text only setup, I went ahead and installed the Debian 13 Plymouth graphical boot splash theme to cut down on the distracting startup console messages littering the screen. I'd prefer it to display nothing at all on boot up, but I do have to type in a password for the disk encryption and appreciate having something that doesn't momentarily make me think my computer broke. This was broken on KDE Neon for me and I was having to type in my LUKS password on some janky console that if mistyped, it would have me reboot the system to start over. Being one of the rare few people that consistently shuts their computer down, bootup wasn't an enjoyable process on KDE Neon.

A few other minor adjustments I've made to my system was installing the KDE4-Seasons-Colors color theme and the Oxygen Qt widget and Kwin themes. The default Breeze theme is a little too flat and barren of visual indicators in the UI.

I use the Xorg session and was able to setup my touchpad gestures and Xorg input device configurations for my trackball and G600 Logitech mouse. None of this stuff worked on the Wayland session by the way...

I did discover that the ksshaskpass service seems to have a Wayland only feature though where if a Konsole is launched with an SSH command (or in my case, RSync to a remote destination) from a custom file action in Dolphin, it'll automatically hook up with the KDE Wallet and doesn't prompt me for my SSH key passwords. Meanwhile this feature doesn't work on Xorg, however ksshaskpass does work perfectly fine if I manually open a Konsole and attempt to SSH or use any SSH function. I wished it worked in X, but oh well.

Why Debian instead of something else?

Debian with the XFCE desktop is originally what I ran on for the longest time, probably 15 years. I consider it one of the conservative distributions since it doesn't attempt to do anything whacky and crazy that would inevitably break making me have to work around or against it. Around 2022 I jumped off of Debian 8 to Pop_OS for a little while since I was interested in some of the things I heard coming from System76, but because I was in the middle of moving out of my apartment shortly followed with buying a house, I didn't have time to tinker with my computer and stuck with it until here recently. Now that things have settled down, I've had some time on my hands to explore other distributions and software which I've been writing about on this blog. For example, Joplin and Obsidian, Nextcloud, snaps and flatpak, Wayland compositors, various web browsers and desktop environments.

Of late, I struggle to find a use case for a lot of this stuff though and resort back to what I know and what works. I'll write a little more on this in a later blog though.

Thanks for reading my blog!

Nobody should have to change anything with their feed reader or already established bookmarks with the site. I just wanted the ".blog" TLD since it goes well with the blog page. This has more to do for discovery of future visitors rather than already established readers.

This will probably conflict with search engine results down the road by creating duplicated results, but I don't really care about search engines anyhow. That's their problem to figure out, not mine!

Going forward, I'll be using the ".blog" domain when self-linking in future RSS feed updates. Again, you don't have to change anything. Just letting everyone know so they don't get caught by surprise and think someone's trying to make a rip-off copy of the site or something.

The blog site is the only site the ".blog" TLD will be applied to. All other sub-domains will remain as they were (i.e. mail.cozynet.org, pastezone.cozynet.org, mumble.cozynet.org, etc.)

Touching down on planet KDE Neon!

Since I was unable to use my touchpad gestures on Ubuntu 25.10, I decided to give KDE Plasma a spin since it's a desktop environment focused on the conventional mouse and keyboard. The touchpad gestures aren't exactly a huge deal in my book, but they're necessary for the GNOME desktop and without them, it becomes considerably less usable compared to the alternatives.

After testing out Plasma and liking what I saw, I decided to go all in on KDE Neon, which is a Ubuntu derivative that's focused on the KDE Plasma environment directly from the KDE project. It's similar to Kubuntu, but they persist in stating they're not the same thing. The difference being is that KDE Neon has newer releases of the desktop while remaining on an LTS version of Ubuntu. In this case, it's 24.04, so I've gone back a few release versions in the Ubuntu world, but I'm on the latest KDE Plasma desktop.

It comes with Xorg included, but I was unable to get touchegg to work on it for my touchpad gestures. Since it's not that big a deal here unlike GNOME, I've been using the default Wayland session instead.

Right out the gate, KDE Neon didn't come with an office suite, a calculator, nor a mail client. I suppose that's fine if you want a system without all the extra cruft, but I do, so I went ahead and installed everything I want. This lead me to discovering the giant list of KDE Applications that honestly I didn't really know about.

They have a lot on here.

I felt like a kid in the candy store scrolling thru the list of things. A lot of their applications are actually pretty good, especially by comparison with GNOME Circle Apps (which I usually avoided with alternatives, even while on mainline Ubuntu.) I realize much of this is nothing new, but just so you understand, I come from the GTK / GNOME influence which is spread across the solar system of Linux desktops. KDE was always its own system, but it was one I didn't bother with until recent times here. This was partly because the KDE applications would clash visually with my GTK applications and mostly because I was already set in my ways in the various applications I preferred.

To this day I still prefer Liferea for RSS and Thunderbird for email and refuse to use Akregator or KMail in their place, but I've been willing to try out other things. For example, instead of GNOME Disks, the KDE Partition Manager. Okular for PDF files instead of Atril or Evince. Ark for file archives instead of Xarchiver. Filelight instead of disk usage analyzer. Kompare for diff checking files instead of Meld. KTorrent instead of Transmission for torrent files. Smb4K instead of Gigolo for mounting file shares.

I think each one of these are possibly even better than the former applications I've been using too. At first glance, they're all consistent and clean. Okular has a lot more capabilities than any other generic PDF viewer I've used before. I'm still a little leery about Smb4k, but so far it's worked well; I still think the GVFS backends utilized by Gigolo were technically superior, but I'll give smb4k and whatever it's using on the back-end a chance.

The reasons I stick to Thunderbird and Liferea is because each one does its job better than anything else out there and I've used them for a very long time (Thunderbird especially.)

A lot of the cleaner and modern mail clients out there only support IMAP instead of POP3 and their default security settings are essentially nothing. The ones that do support POP3 mailboxes tend to mangle those mailboxes into a singular directory while providing special care for IMAP boxes. The only competent mail clients that support POP3 are either old as the hills and tend to not play well with HTML-based emails, or Thunderbird. There's also Betterbird, but Thunderbird does everything I need.

As for RSS News readers, Liferea has been the only one I've seen that actually works worth a darn. All of the modern alternatives out there have zero organization and poorly attempt to force users into meta-data tagging their feeds into "categories" (information that's non-exportable to other clients by the way because it's not part of the OPML format) rather than just giving you a dang folder. I hate that junk and want a folder! And not only that, but I also want to "fetch" the feed status per-folder instead of fetching everything all at once because I still have well over a hundred different feed subscriptions, and not all of those I care to read but maybe once or twice out of the year.

Additionally, the modern RSS News readers almost always have the worst screen-wasting layouts that attempt to cram everything into columns while cutting off news titles into ellipsis. Could you imagine getting a newspaper that cuts off the headlines like that? I only want my feed subscriptions in a sidebar column with tree-style folder drop-downs and then a top-row listing feeds per selected folder (this is called "Table view" in Thunderbird by the way) and a bottom row for the reader.

Akregator can do all of this, but every time I've tried to use it, it'll either outright miss or skip feeds when fetching, gets things terribly out of order (because it doesn't correctly handle publish dates on non-atom feeds), or simply crashes in the middle of fetching feeds for no reason. It also doesn't support what I assume are unicode icons or emoticons; I don't know what they're called, but it fails to render them. So therefor, I remain with Liferea.

I can gladly say that KDE Neon works just as well as Ubuntu did for me. My Dell dock station works, bluetooth works, I can connect my camera (old company iPhone I use exclusively as a camera.)

I have noticed a phenomena of missed clicks when I attempt to launch an application. I'll click on an application icon from either the start menu or the taskbar and nothing happens. I click a second time and then it registers. I don't know what that's about, but it's slightly irritating. I don't know if this occurs on the Xorg session or not, which by the way I did try out the Xorg session and instantly noticed the floating panel style causes a frame hitching effect when toggling the maximized state of an application window. It was very irritating and so I disabled it and that resolved it.

I learned pretty quick that the kiofuse service for connecting to file shares is quite limited. For instance, I can't configure the built-in backup service to use my network file share as a backup destination; it expects a block device.

I suppose I get what I paid for...

This is when I looked around on the KDE Applications list and found Smb4K which all worked out, but I suspect Smb4K is more or less a front-end to the crusty old mount command which in that case, is incapable of handling network changes without trashing your system by pegging out the CPU if disrupted. I've not put much research into it yet and could be wrong, but if I'm right, I'll have to switch over to the gvfs-fuse system and use Gigolo for managing the network share.

I had to disable the Baloo file indexer entirely because it was very inefficient, utilizing 100% CPU which was going to burn thru my battery. It seemed to be getting caught up indexing the contents of various text files in the ~/.var directory. Initially I thought it would take a while to complete its process since I copied over my Downloads, Documents, and Pictures, but it wasn't even touching those directories yet and I could see in Filelight it had already amassed a 19GB database of whatever the heck it was indexing. I deleted it and disabled Baloo because I don't need it anyhow; I typically know where my files are at, and if I need to search for something on my system in particular, then I'll use find, grep, or locate.

Thanks, but I already know how to fish.

KDE Neon seems to have a focus on Flatpak and the Flathub repository rather than Canonical's Snap ecosystem despite coming with both. It doesn't really bother me either way so long it works. I am a little suspicious of both packaging systems though given the recent age attestation laws. These modern packaging / app stores seem ripe for regulatory capture unlike the conventional packaging systems that were all over the place. I suppose if I have to make an exodus in the near future, I'll move over to Devuan. I have tested KDE Plasma 6 on Devuan, but there are a surprising number of little SystemD gotcha's under the ol' Plasma hood that lead to a lot instability. In this regard, XFCE might be the only future which isn't so bad. Debian with XFCE is originally where I came from, having used it consistently since 2012 till 2022, that is, until I recently decided to smack my head into a wall in trying out different Linux distributions and desktops.

I'll keep an eye out on where things go, but for now I'll continue to happily use KDE Neon. Maybe I'll even donate to the project too, that way I can say I'm paying for something at least.

Thanks for reading my blog!