@freddy My computer is mine because it runs Linux.People who use proprietary software don't deserve anything better than that.

@nipos @freddy Does your computer have an Intel or AMD CPU? If so I have bad news about your computer ownership. Look up the intel ME and amd PSP (platform security processor)

@errantlibrarian @nipos @freddy
You have this (potential) vector with apple as well, but you don't have (real) others with linux.

@nipos A lot of people using proprietary systems don't even know Linux exists, let alone what it is

@nipos Hate to tell you but your computer probably still isn't yours. If you have an Intel or AMD processor (other than a few) your device is packed with hardware level spying that you can't remove. Also Linux is wildly insecure and its only saving grace is security by obscurity which won't protect it as it's shallow excuse forever. Also due to its lack of any meaningful sandbox, any anti privacy apps you have installed are tracking everything you're doing in other apps too.

@ThreeBadgersInATrenchcoat Linux is *not* insecure and I only use free open source software.

@nipos It is objectively insecure. There is no sandboxing on the standard desktop, the entire kernel is written in a memory unsafe language, the kernel is too big for anyone to review so you just have to trust others, the kernel is wildly behind on exploit mitigations, a compromised non-root user with access to sudo is almost equal to a full root compromise as there are an insane amount of ways for an attacker to retrieve a password,

(1/2)

no verified boot, no full system MAC policies, and if you think "well Flatpaks have sandboxing so I'm good if I just use Flatpaks!", then you aren't. Flatpak tries to implement sandboxing but then allows and trusts all applications to set their own sandboxing policies, meaning any application security or sandboxing is entirely optional and the burden of the program developer(s) to set.
I could go on but I think you get it. I use Linux everyday, I think its great, but it is not secure.

(2/2)

Hardening Linux to a point in which it's actually secure is well out of the range of normal users and would take a team of skilled devs to have the knowledge and put in the time, no standard desktop OS devs have done this so far. Just because you harden a few SELinux policies or use a distro with a MAC framework without strict enforcement and policies or whatever else you consider hardening, it doesn't fix the inherent architectural problems with Linux and it's overarching security model.

@nemo Also I don't see how the link you attached is at all related to the discussion of hardening Linux.

@nemo Genuinely not trolling. Qubes isn't even a Linux distribution, they say it themselves.

@nemo Yeah I realized right after I sent it, I just typed the link incorrectly. There is another reply with the correct URL, though.

@ThreeBadgersInATrenchcoat You are refering to this:

Is Qubes just another Linux distribution?

If you really want to call it a distribution, then it’s more of a “Xen distribution” than a Linux one. But Qubes is much more than just Xen packaging. It has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc. It also has a very unique GUI virtualization infrastructure.

@ThreeBadgersInATrenchcoat You are correct my mistake sorry. I trusted wikipedia I'll never make that mistake again

@nemo Feels satirical but maybe I'm just reading too much into it. Assuming that it is genuine then it's not a big deal, I actually see that on Wikipedia now. It has some roots in fedora but as they said its much more heavily based on Xen so neither place is just outright lying or totally incorrect really.

@ThreeBadgersInATrenchcoat Yeah I also thought that it is mainly based on fedora that was the reason why I got confused. Thats the problem with complexity neither of us is entirely wrong or correct. I still think that linux has a lot of advantages also disadvantages but the advantages outweigh the disadvantages

@nemo Right, I've just kind of taken what they say on that but I could be wrong. Yeah it's a complicated discussion, but I'm glad we could actually discuss it in a civil way, you'd be surprised how many people get so defensive and unnecessarily aggressive about it. I couldn't agree more, its a balancing act of security and privacy, and if privacy is your concern the Linux or BSD is just about as good as it gets.

@ThreeBadgersInATrenchcoat Exactly, yeah I feel the same way. It's really hard nowadays to have a constructive discussion about anything. At the beginning I thought that you tried to troll, hence the response. But you seem like a legit being. I thank you very much for the participation and engagement. If you wan't to have a chit chat or something feel free to toot me :D

Regards👍

Show more

@ThreeBadgersInATrenchcoat Well there must be a reason, why most of the internet is run on linux servers :)

There is a triangle of security.

The red circle is an indication of our system. When we play with the parameters and move the circle closer to security. The functionality and usability suffers. QubesOS is one of the most secure systems. Out there most of the technologies which are implemented in it can also easily be applied to most standard distros. Absolute security is not possible.

@nemo

Most of the internet and servers are run on Linux for stability, low overhead, versatility, and package support. I'm aware that there is no OS with perfect security or anything, and that the more secure you get the less usable it gets, and logically that would be true..except for MacOS.. MacOS right now is the leader for desktop OS security (security =/= privacy) second only to Qubes and it's extremely usable. I mean people don't pay $2500 for them to not be able to use them.
1/3

It has verified boot, granular and strong firewalls if you know how to use them, sandboxing, etc. Once again, taking Qubes out of the equation because it's in its own league, MacOS is the gold standard for desktop OS security and it's one of the most usable and self explanatory desktop OSes. But that's the thing, the same can't be said for Linux. It seems like the worst of both worlds in a way. Steep initial learning curve, frequently difficult to use bar a few distros, atrocious security.
2/3

But don't think I'm just bashing Linux because I have something against it, I don't. Hell, I use Linux on all of my computers everyday and even have a secondary phone with Ubuntu Touch, I think Linux is awesome, I'm just not assuming it to be something its not and I'm certainly not using it for security.
3/3

@ThreeBadgersInATrenchcoat well there also a looot of tech folks who use linux instead of macos :D I don't think that price has anything to do with privacy or security :D

sorry haven't seen the 1/3 I wait till you've finished your writing

@nemo I just finished them, they're in reply to the 1/3 message. Yeah a lot of tech people use them but I think that can be more attributed to Linux just being fun to use and mess around with due to versatility.
My point wasn't that the premium price was attributed to privacy or security. I meant its so easy to use and made for anyone to just pick up and get going, and yet its so secure, directly contradicting prior notions of convenience and security in tandem.

@freddy sometimes it would be great to boost and quote ...in this case I would have said:

FFFFFFFuUUUUUUUuUUCCCCCcCCKKKKkKKK

@freddy this helps maybe: gist.github.com/joseconstela/a (also if somebody don't want or can't use little snitch). To keep software updates working lines 745 - 753 and 778, 780 must be cutted out (or commented out for while making updates)

@freddy
Well that's fucked. Though I love the old versions of MacOS, I'm really glad I got out of that ecosystem before they started really pushing this shit.

I guess I should stop putting off flashing coreboot.

@freddy Windows users have been in that mess for a lot longer, and that's a big part of the world there.

@freddy People should learn more about the internet before writing/sharing this rubbish.

<quot>These OCSP requests are transmitted unencrypted</>

Can you explain to me how I should check a certificate when I login first?

Please read this article that explains how it does what it needs.

en.wikipedia.org/wiki/Online_C

Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!