• 0 Posts
  • 40 Comments
Joined 9M ago
cake
Cake day: Jun 04, 2023

help-circle
rss

fedora’s Nvidia support is leagues ahead of anything debian based in my experience. that’s not to mention debians insanely out-dated package repo.



the argument that Linux is less popular therefore less targeted is both misguided and a security through obscurity based argument. Linux is the most used server operating system and servers are targeted more than any individual and those server based malware often works on desktop versions as well.



open source exists elsewhere and security through obscurity is a terrible, strawman argument



it is not more secure for the average user. sure it can be hardened to a great degree but that takes proper knowledge of the underlying architecture. for the average user’s ootb experience, Linux is the least secure option.




windows sandbox is… getting there, macos is decent but iirc the app dev can choose to not use it. all Linux options require user intervention to ensure it’s set up properly. ChromeOS’ sandboxing technique is inherited from Android and is the strongest/strictest of any desktop operating system.



you’re definitely over thinking a simple personal preference


if they wanted to employ full browser fingerprinting they could



it’s just a desktop environment. install it on whatever distro you’re using.


however much I love NixOS, I would argue that in it’s current form (steep learning curve and horrendous documentation), the better option is using Nix package manager on a proven distro like Arch (or Debian but I’ve had some issues there). you get the benefits of nixpkgs while also having other pacman repos if you must.


any form of security in the display server would be nice. X is incredibly insecure with no trivial means of locking it down.


my existence is not, nor should be, a political issue. besides, technology doesn’t exist in a vacuum. why do you think I’m on Lemmy instead of Reddit? politics. same with masto and Twitter.

and asking to be treated with respect in order to avoid mental issues is not selfish, you can think about more than yourself for once.


you are generalizing a wide variety of people but okay my guy. go outside for once.


pronouns are a part of the English, and many other, languages.


that’s not really the point considering this didn’t occur in a vacuum. this one event can come to just be a grift and what I said will still be true.


it’s a mesh network built on wireguard. it’s not just a direct connection to another PC on your network. you can select exit node devices on the fly and control acl’s and access based on groups in their admin panel.

and yes, if you want a properly secured vpn setup without the necessary background knowledge, it’s pretty difficult. there is no opening ports on your router, which is especially useful for people on cgnat.


treating people respectfully is not getting offended. please touch some grass and open your eyes.


yeah like other people have rec’d, I just wrote a script for installing/removing/upgrading/searching all the package managers I have. this was used as a tongue in cheek jab and has never truly been a brag.


this is just my opinion but if you aren’t after the sandboxing benefits then don’t bother with them. if you want to avoid dependency hell go with nix, if you are worried about storage space use your standard package manager, and if you want higher security without the knowledge/effort to manually do it, go with flatpak or snaps (although many flatpaks need to be further hardened via Flatseal as the dev gets to configure the sandboxing. I’m unsure how this operates under snap as I refuse to use it.)


I’ve fallen in the same hole before. tbh in my experience you don’t really learn much until things start breaking.




nix package manager works on all posix compliant os’ and doesn’t touch system directories. everything is stored in /nix/store and symlinked to ~/.nix-profile.

personally I run an arch build and then only use nix for my packages.


the only thing I’ll say is the piece about “no viruses” would kinda go away if desktop Linux picked up at all. the security on a default Linux system is worse than macos and windows with substantial hardening efforts needed. the only reason viruses and other malware isn’t common on Linux as is is because of the tiny user base.

with all this said, if enterprise use got more common, security would quickly become an important aspect.


telemetry as a whole isn’t bad. it depends what they are collecting. companies should provide a log of the (raw) telemetry data they’ve collected from you. if they’re not comfortable sharing it it’s probably too invasive.


Mobile platforms like android and iOS (more specifically GrapheneOS), are leagues ahead of desktop operating systems in terms of security because of these strict policies. and besides, you are treating untrusted code as untrusted code. I don’t see the flaw in that logic.

sure, they could use more apis for accessing system directories and stuff like that securely, but that’s not really in scope. this is for end users. not field deployment on an sbc for something.


that’s fair I suppose, I wasn’t saying not to use it, just that it is worth noting. these strict security policies are what makes mobile platforms much more secure than desktop platforms. I typically use my phone for security sensitive tasks because of this, so I tend to care a lot more about this stuff. if you have any banking info or password managers stored on the device, be careful.

I’ll admit, it is pretty unlikely anything to happen, though. always just better knowing.


termux targets an extremely out of date sdk and is therefore quite insecure.


just check out a compatible desktop environment/window manager. you don’t need to do a full distro change.

if the base is the same (ie. debian, arch, etc) there is no point in changing distros anyways.


users shouldn’t have to care about security. it should be the baseline.


there’s a decent amount of research into the psychology behind it and how reading white text on the light green is more difficult than on the blue bubble. it’s rather interesting.

edit: although I would think dark mode should change that effect a little bit


I suppose but my point was that rooting your device decreases security immensely via crippling the android security model.



for what reason, though? the sandboxing doesn’t carry to steam installed games, does it? only steam itself is sandboxed afaik