If you use a GUI configuration tool for NetworkManger like virtually every user I don’t know how that works. Odds are not well.
If you use a GUI configuration tool for NetworkManger like virtually every user I don’t know how that works. Odds are not well.
Are they so different that it’s justified to have so many different distributions?
Linux isn’t a project its a source compatible ecosystem. A parts bin out of which different people assemble different things. The parts being open source means you don’t need anyone’s permission or justification to make something different out of them.
From these many and varied efforts comes life, vitality, interest, intellectual investment. You can’t just take the current things you like best and say well what if we all worked on THOSE when many of them wouldn’t even have existed save for the existence of a vital ecosystem that supported experimentation and differentiation.
If we really believed in only pulling together maybe you would be developing in cobol on your dos workstation.
Are we suggesting that rich people who get a product for free and use it to forklift more piles of money into their scrooge mcDuck like vault ought to demand more accountability from the people who provided the free forklift.
How about they pay for that?
You asked for details and pick on the unlikely measure of cold boot but ignore the fact that in most configurations you can press the letter “e” to edit the boot up command line. It wasn’t “cute” it made you look like a gross human being.
Security is about understanding reasonable threat models. 99.99% of reasonable threats to your machine involve theft or loss of the entire machine and personal data or accounts being accessed. This doesn’t require advanced attacks or paranoia nor does it require extreme measures to protect against. No installer will create such a configuration without a passphrase because its a simple and effective step to take to protect your data that is enforced by systems created by people who are all smarter than you.
Your cute statement about child porn is tasteless and thoughtless. I don’t take reasonable precautions like taking 5 seconds to type a password because I’m paranoid or criminal I do so because I have basic common sense.
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” https://en.wikipedia.org/wiki/Nothing_to_hide_argument
I never suggested there wasn’t value in the TPM for anyone although I think such validation has small value for most folks use case. Normal users are worried about theft of laptop by criminals not spies bugging their machine. I suggested that any configuration without a passphrase was inherently insecure.
It’s not an “optimal setup” its the only setup that makes even the slightest sense because the alternative configuration can be defeated by a smart 12 year old with access to google.
Ah yes security brought to you by the same folks who brought you “bypass encryption by holding down the enter key” and “name your user 0day to get root access”
It’s like putting security cams and interior locks all over your house instead of locking the front door. If your storage can’t be read without the passphrase then NOTHING can fail in such a way as to provide access. Simplicity and obvious correctness have virtues.
There isn’t much reason to use anything other than FDE with a sufficient passphrase, auto login so the user doesn’t have to type two distinct passwords, and go luks suspends to evict key from memory on suspend.
Boot up enter the passphrase -> see your desktop -> close the lid -> open the lid -> enter your passphrase
You can google lets drop all the crap you think you understand but don’t use simple logic. Unencrypted data isn’t secure against physical access. If your data is automatically unencrypted without benefit of entering a passphrase then its not actually secure. There’s no free lunch.
Yes because having firefox in /usr/bin/firefox is trashy and disorganized compared to having it in /home/$USER/.var/app/flatpak/app/org.mozilla.firefox/x86_64/stable/6b73214102d2c232a520923fc04166aed89fa52c392b4173ad77d44c1a8fb51b/files/bin/firefox and running firefox is so much more gross than flatpak run org.mozilla.firefox
Can you like actually hear yourself?
On most systems you can press a hotkey in grub to edit the Linux command line that will be booted and in about 7 keystrokes gain access to any unlocked filesystem. Asking how you can break into a system you physically control is like asking how many ways you could break into a house supposing you had an hour alone with a crowbar the answers are legion. No machine in someone else’s hand which is unlocked can possibly be deemed secure.
Even dumber no installer will create such an insecure configuration because the people that design Linux installers are smarter than you.
It also meets any reasonable definition of bloat
You aren’t actually asking to how to bypass encryption because the key is already in memory. You are asking about the much simpler task of compromising a computer with physical access to same. Depending on configuration this can be as ridiculous as killing the lockscreen process or as hard as physically opening the case chilling the contents of ram enough that data survives transfer to different physical hardware. See also the massive attack surface of the USB stack.
I take 3 seconds looking at what’s updating after I clicked update knowing its incredibly unlikely that anything will break and if it did it would take 30 second to reboot into the snapshot that was automatically created by running the update script.
If package foo requires runtimev1 and bar requires runtimev1.1 you will end up with installing v1 and v1.1 with similar but not identical files and if another package requires 1.2 and 1.3 and 2.0 then 2.1 eventually you will have a whole lot of libsomethingorother.
I have used countless distros over 20 years including Arch although right now I’m primarily running Void on my personal computers. “Bloating up the package database” remains a meaningless factor because it doesn’t bear meaningfully on real world performance or experience. Your computer doesn’t break more or perform worse because you installed more software because this isn’t windows.
Normal systems that you don’t do something extremely creative with don’t normally develop conflicts because the packages are literally all designed to work with the same version.
The words " bloating up your actual system and package database." don’t actually mean anything except that you don’t know what any of those words mean together.
I have 2 flatpaks installed and I already have duplicated runtimes not to speak of the deps themselves that are built into the apps. There is definitely duplication.
You have a competent grasp of the situation
This is a common misunderstanding insofar as how encryption works. You can’t flick a bit and TURN your storage unencrypted nor can you plausibly make your computer obey restrictions.
If your storage is encrypted it remains encrypted always including the file you have open right now. Your takes a plausibly length usable string and uses it to compute or retrieve the long binary number actually needed to decrypt your files. This number is stored in memory such that encrypted files can be decrypted when read into memory.
Once that key is loaded in memory anyone with 10 minutes and access to google could trivially unlock your computer in several different ways. It is virtually exactly like having no security whatsoever.
If you don’t actually enter a passphrase to unlock you have no meaningful security against anything but the most casual unmotivated snooping.
Your little sister might not be motivated enough to read your diary but the dipstick that stole your laptop will definitely be spending your money.
Flatpak isn’t going to have every library, cli tool, or even every GUI tool. I think in the end out of date just isn’t worth it.