• 0 Posts
  • 92 Comments
Joined 1 year ago
cake
Cake day: June 2nd, 2023

help-circle





  • Are they so different that it’s justified to have so many different distributions?

    Linux isn’t a project its a source compatible ecosystem. A parts bin out of which different people assemble different things. The parts being open source means you don’t need anyone’s permission or justification to make something different out of them.

    From these many and varied efforts comes life, vitality, interest, intellectual investment. You can’t just take the current things you like best and say well what if we all worked on THOSE when many of them wouldn’t even have existed save for the existence of a vital ecosystem that supported experimentation and differentiation.

    If we really believed in only pulling together maybe you would be developing in cobol on your dos workstation.




  • Security is about understanding reasonable threat models. 99.99% of reasonable threats to your machine involve theft or loss of the entire machine and personal data or accounts being accessed. This doesn’t require advanced attacks or paranoia nor does it require extreme measures to protect against. No installer will create such a configuration without a passphrase because its a simple and effective step to take to protect your data that is enforced by systems created by people who are all smarter than you.

    Your cute statement about child porn is tasteless and thoughtless. I don’t take reasonable precautions like taking 5 seconds to type a password because I’m paranoid or criminal I do so because I have basic common sense.

    “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” https://en.wikipedia.org/wiki/Nothing_to_hide_argument


  • I never suggested there wasn’t value in the TPM for anyone although I think such validation has small value for most folks use case. Normal users are worried about theft of laptop by criminals not spies bugging their machine. I suggested that any configuration without a passphrase was inherently insecure.

    It’s not an “optimal setup” its the only setup that makes even the slightest sense because the alternative configuration can be defeated by a smart 12 year old with access to google.


  • Ah yes security brought to you by the same folks who brought you “bypass encryption by holding down the enter key” and “name your user 0day to get root access”

    It’s like putting security cams and interior locks all over your house instead of locking the front door. If your storage can’t be read without the passphrase then NOTHING can fail in such a way as to provide access. Simplicity and obvious correctness have virtues.

    There isn’t much reason to use anything other than FDE with a sufficient passphrase, auto login so the user doesn’t have to type two distinct passwords, and go luks suspends to evict key from memory on suspend.

    Boot up enter the passphrase -> see your desktop -> close the lid -> open the lid -> enter your passphrase



  • Yes because having firefox in /usr/bin/firefox is trashy and disorganized compared to having it in /home/$USER/.var/app/flatpak/app/org.mozilla.firefox/x86_64/stable/6b73214102d2c232a520923fc04166aed89fa52c392b4173ad77d44c1a8fb51b/files/bin/firefox and running firefox is so much more gross than flatpak run org.mozilla.firefox

    Can you like actually hear yourself?


  • On most systems you can press a hotkey in grub to edit the Linux command line that will be booted and in about 7 keystrokes gain access to any unlocked filesystem. Asking how you can break into a system you physically control is like asking how many ways you could break into a house supposing you had an hour alone with a crowbar the answers are legion. No machine in someone else’s hand which is unlocked can possibly be deemed secure.

    Even dumber no installer will create such an insecure configuration because the people that design Linux installers are smarter than you.



  • You aren’t actually asking to how to bypass encryption because the key is already in memory. You are asking about the much simpler task of compromising a computer with physical access to same. Depending on configuration this can be as ridiculous as killing the lockscreen process or as hard as physically opening the case chilling the contents of ram enough that data survives transfer to different physical hardware. See also the massive attack surface of the USB stack.




  • I have used countless distros over 20 years including Arch although right now I’m primarily running Void on my personal computers. “Bloating up the package database” remains a meaningless factor because it doesn’t bear meaningfully on real world performance or experience. Your computer doesn’t break more or perform worse because you installed more software because this isn’t windows.