Zorin is too walled off IMO. Too many features locked in Pro version.
N.E.P.T.R
I’m the Never Ending Pie Throwing Robot, aka NEPTR.
Linux enthusiast, programmer, and privacy advocate. I’m nearly done with an IT Security degree.
TL;DR I am a nerd.
- 0 Posts
- 24 Comments
Joined 7 months ago
Cake day: November 20th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
1·3 months agoIt is recommended for activists, but it really can be for anyone. It is basically just Android and your grandmother could daily drive it about as well as any other Android OS. It’s solid, security hardened, gives extra security toggles, and extends device longevity past being made ewaste by EOL. I was hesitant at first to use it, especially given its cult-ish community, but it really has “just worked”.
2·4 months agoMostly the same, and if not all it has taken for me to figure it out was searching “fedora $pkgname”
For work, you could also try Fedora Workstation or Linux Mint Debian Edition. Debian is pretty barebones, but if that isnt a bother then do whatever.
You can layer packages using
rpm-ostree install $pkgname. It uses fedora repos. You can also (preferably) use a distrobox or toolbox container with a non-atomic distro and then install the desired package. Generally better to avoid layering packages but it works fine in my experience.
4·4 months agoSee if RTranslator meets your needs for a gtranslate alternative.
Also, Heliboard has swipe/glide typing and can use other STT/voice type apps. I recommend Heliboard + FUTO Voice Input.
I watched the video. Yes, if your sandbox config is weak then it will allow sandbox escapes. I agree the should default should be a secure sandbox. Bubblewrap offers the opportunity to shoot yourself in the foot. Look into the others tools I mentioned if you want to see different implementations. Sydbox is the one I think is the most interesting.
The only way I know to harden Linux Mint is using the Debian edition. Using LMDE, you can (unofficial) use Kicksecure to harden the base system. This isnt a great solution since the Linux Mint software is untested with Kicksecure and may/will reduce the security of the overall hardening.
Hardening is not useless, but it doesnt fix the architectural issues with Linux and its outdated threat model. That article says the same thing. It isnt an all-or-nothing situation, hardening still improves Linux security. Projects exist like SELinux, Bubblewrap, Crablock, Sydbox, and Landlock. Efforts to harden GNU/Linux have been made, like Kicksecure (Debian) and Secureblue (Fedora Silverblue), which protect against many threat vectors, but not perfect obviously.
/e/os is often behind on Android monthly security patches (sometimes up to a month or more!) and the apps they fork I have heard also often lag behind upstream. It also doesnt do much to deblob the ROM if proprietary binary blobs.
Comparison table of Android ROMs: https://eylenburg.github.io/android_comparison.htm
0·5 months agoGender is obviously a signed byte.
Basically, its a customization of Fedora Workstation with Steam, Proton GE, and some system tweaks for better gaming support.
Really fun/interesting read.
Nyarch honestly looks like a joke distro and most of its features are not worth IMO.
I used Tumbleweed for a long time as a daily driver and then as my admin workstation. Worked really well, GUI admin panels are nice, and I didnt find anything too difficult.
The weakest link of any secured system is the user. I know that will never change, especially as computers/software become more complicated over time. But I don’t understand why many people argue that “since the user is the weakest link, we don’t need more secure systems, we need better users.” We need both.
Explaination
For anyone who suggests that a user can “just be smarter and not install malware” think about this: do you check read all the commits to the software you install, for each update, and then compile from source. The answers is no. And I don’t think we should need to.
Linux is not secure, it is still meant for tinkerers and by design is very open. This is one of my favorite aspects of Linux, just how open it is. The result though is an insecure system with many attack vectors that are hard to protect against.
For example, I recently wanted to patch a game for mod support. This required me to run a script that i didnt fully understand. I did my best to read it and nothing looked suspicious, but I couldn’t fully understand because I am not a modder for that game.
This script could have done a number of things:
- Added a fake sudo script to the path in the user’s home resulting in privilege escalation.
- Created a user Systemd service that logs everything added to the clipboard or keylog, since that is also possible on Wayland with an LD_PRELOAD attack.
- Create a Systemd service that records the screen to grab passwords.
- Edit the user’s .bashrc file.
- Delete/encrypt every file owned by the user.
- Read and exfiltrate all app data from the $HOME
- Or a combination of multiple other things.
The solution is sandboxing, permission system, secure defaults, and transparency to the user. And of course a way to disable security checks for tinkerers.
My point is that the perfect user does not exist. We (inevitably) use our computers to do all sorts of niche things, the perfect user does not even turn their PC on.
X.Org server has been largely abandoned by maintainers and developers.
Here are some links:
https://www.theregister.com/2020/10/30/x_server_lead_maintainer_declares
https://www.phoronix.com/news/XServer-Abandonware
https://www.osnews.com/story/132507/its-time-to-admit-it-the-x-org-server-is-abandonware/
It requires rootful containers, risqué.