• 4 Posts
  • 114 Comments
Joined 1 year ago
cake
Cake day: July 4th, 2023

help-circle







  • That’s actually not what I was referring to.

    First of all, RedHat now belongs to IBM, and they’ve never been shy about squeezing customers for a buck.

    Second, having dealt with their support, it’s hit or miss to get a somebody helpful or an endless cycle of tickets. Patching and versioning is sometimes a complete mess.This especially sucks as the main reason most organizations go with RH versus others is for patching and support.

    There’s also a lot of things where there’s a RH-specific implementation , which is further distancing fun other Linuxes and often ignores standard ways of configuring things.

    RedHat actually benefitted from Fedora, CentOS etc as it allowed the community to develop products in a way that could be tested to be reasonably compatible, and to develop our port back fixes etc. It wasn’t just “RedHat made this and others just took it” but in many ways a symbiotic relationship. Yeah some orgs just went with CentOS but often it was those who worked on RH corporately would run CentOS at home in order to have a similar environment.


  • I used to be “Debian on the server, Ubuntu on the desktop” but recently I’ve spun up a few Debian boxes for desktop and I’m pleasantly surprised.

    Kinda wish Valve would go for a full-out supported distro that stays in step with the Deck for Linux gamers (the old desktop SteamOS is kinda abandoned from what I can see), among with making the deck frontend a supported desktop manager. It would make sense for them to do so and rake in the game sales whilst providing a well-supported platform without the shit others are doing.



  • Imagine if it didn’t work on your device. Lawnchair apparently isn’t available on Android 12 without sideloading.

    In the list of available apps I see “Neo Launcher Hyperion SciFi” (no plain “Neo Launcher”) and the first thing that I notice with that is the “contains ads” flag.

    Nova, meanwhile, comes up consistently among searches for launchers, and up until when I stopped using it provided a good mix of functionality and customization (ad-free, and without sideloading). It’s disappointing to learn it’s run by a company that may be likely to harvest data






  • Tip: you can also use chmod u+rwx,g+rx,o+rx etc to add permissions

    With the initial letters corresponding to “user”, “group” and “other”, and ®was, (w)rite, e(x)ecute for the rest.

    In the case of directories, x specifies access to files/etc within the directly (read just let’s you see them)

    You can also use i.e “o-rw” etc etc to remove existing permissions



  • phx@lemmy.catoLinux@lemmy.mlDesktop Security
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    8 months ago

    On Linux, you don’t download random stuff from the internet, e.g. a new browser. You get it from a central source, usually package manager, where it is verified and secure

    Devs tend to make strong use of packages on GitHub, PyPi etc which have been targeted quite a bit with malware. Malicious snaps and

    Linux software is written to need only as many permissions as needed, but not much more.

    Hooboi. Depends on who writes the software. There are plenty of dumb devs for either OS, and I’ve had to yell at many for requiring their commercial software (built in Java with an X11/web front-end and exposed listening ports) run as root, usually because they didn’t want to figure out the permissions needed to access a device. There’s a surprisingly narrow intersection of devs who understand OS security and networking.

    Linux is usually always updated because of the central update mechanism, so that vulnerabilities are fixed very quick

    For OS packages, sure, but are all your Docker containers, snaps, flatpaks, and appimages updated whenever one of the underlying libraries had a significant vulnerability? How about that PPA, or the stuff you compiled from source a year ago?

    Because people are increasingly using those for software not available on the base repositories

    Linux users often have a false sense of security that leads them towards insecure practices, often for the same reasons as Windows users (I just want it to do X and work). While traditional signature-based antivirus doesn’t help much for either OS, there are plenty of other controls to fill the space that most people/organizations can - but don’t - implement on either OS.

    On Linux, that includes strict management/review of software+code sources, SElinux/AppArmor enforcement, remote logging+review, and much more. These often conflict with Linux devs idea of “freedom” and thus area a hard sell.


  • phx@lemmy.catoLinux@lemmy.mlIssue with Valve Index
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    I see you noted how you’re running gnome and what video card, but not how you’re running Steam, so I’ll ask:

    How is Steam installed on your system? I know some people use a flatpak-based install but one of the potential issues with Flatpak (also Snap) is permissions to certain locations or devices can sometimes require extra config.

    If you’re currently running from Flatpak, perhaps try the direct install from .DEB instead


  • It depends on where the encryption data is stored. If the bootloader and bios/efi are locked down and the data to unlock is stored in an encrypted enclave or one is using a TPM (and not an external chip one that can be sniffed with a pi), that’s a reasonable protection for the OS even if somebody gains physical access.

    You could also store the password in the EFI, or on a USB stick etc. It doesn’t help you much against longer-term physical access but it can help if somebody just grabs the drive. It’s also useful to protect the drive if it’s being disposed of as the crypto is tied to other hardware.

    Even just encrypting the main OS with the keys in the boot/initrd has benefit, as ensuring that part is well-wiped makes asset disposal safe®. Some motherboards have an on-board SDCard or USB slot which your can use for the boot partition. It means I don’t have to take a drill to my drives before I dispose of them