this post was submitted on 11 Sep 2024
828 points (98.1% liked)
196
16410 readers
1799 users here now
Be sure to follow the rule before you head out.
Rule: You must post before you leave.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Should I like tell you that ur like wrong or sumthin? Cus I will lol /j
OK critique:
Ubuntu is relatively closed/restricted compared to some other Linux distros. Its reliance on Snaps is concerning because its a closed ecosystem (open source client, closed source backend, no option to add other source repos).
Bad critique:
Um🤚🤓, actually you should be using security hardened NixOS using your own custom kernel sysctl config 🥵, using GrapheneOS's hardened-malloc and chrony.conf 🥸, and Tor Browser installed inside a kata-container and sandbox with Bubblejail🤯. All compiled from source, duh. 🥱
Most people will just say "Read theory" or recommend a book that has nothing to do with the topic.
That said, you should totally read "An Appeal to the Young" by Kropotkin and you will understand
You seem knowledgeable about this and I know it's not entirely relevant but I'm planning to swap to Linux soon, what distro would you reccomend I start with?
...Ubuntu.
Linux mint if you don't plan to learn the ecosystem in detail, Manjaro if you have cold feet about wanting to learn the ecosystem, Artix, Arch or Nix if you want to learn the ecosystem.
There's many adjacent options but hopefully that gives you some direction
Probably Aurora by UniversalBlue
GrapheneOS hardened_malloc is great though
So is most of my "nerd voice" bad response. It just isn't for everyone, or very accessible to the majority of people. Only if you specialize in, or work a lot with, operating system security/privacy is it viable. I hope it becomes more accessible. Troubleshooting fuckin sucks.
troubleshooting sucks, and also, the default security model of desktop linux terrifies me. i legitimately don't understand how i can be running all this random code off the internet without being pwned. i figure i probably can't, and that it's really just a matter of time until something real bad happens.
i went down the "sandbox everything" rabbit hole, and 6 months later random stuff still pops up like "trying to connect to an IPv6 link-local address at this LAN party... wait why don't i have an IPv6 link-local address? i know IPv6 connectivity works fine when i'm at home." turns out those NetworkManager hardening patches i've been meaning to upstream forever break SLAAC, and now i'm too worried what other edge-cases they break to try pushing them upstream, and now i understand why distros all run these things as root with access to way more resources than they probably need 🫤