- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
cross-posted from: https://programming.dev/post/24574658
was checking my old favourite posts and found this.
You must log in or register to comment.
“Has hundreds of private messaging applications that their friends won’t use” Stop, the wound is still fresh.
true lol
I’m feel so called out
we are all
This chart doesn’t represent me lol
Favorite OS: “everything sucks” Favorite browser: “everything sucks” Favorite Apps: mpv and rtorrent (I pirate a lot of media)
best pirate in the seas
At some point I just need to jump off the ship and live full time Linux. I remember my Linux friend from high school telling me how cool gentoo was back in 2k3, and I got a disk and was like wtf… what do I do??? I need to try it again.
Try one of the distros in the second panel next time.
I’m a bit of 2,3 and 4.
Hey now, I’ve been paranoid for years. Don’t call me a newborn.
- arch
- lineage os (rooted)
- librewolf
- fdroid, element
[Realisation]
… I would go full paranoid but Its over my skill level. Also I’m quite happy now that the transition to more private things process is mostly over.
Why would you root Lineage OS? You are putting a hole in your security.
I also do that because it lets me
- limit charging with ACC
- use microG as network location provider (microg installer revived)
- fix SafetyNet
- YouTube ReVanced
- Make using other App stores easier (updating can happen automatically in more recent Android versions, but first installs still require confirmation outside the Play Store)
MicroG doesn’t require root
Also Charging control is now part of Android 15
Root can be a huge security risk. Be very careful and always stay updated with the latest security patches.
Yes, microG works without root, however to get it working as a network location provider you either need it installed as system app (for example LOS4microg) or patch android to allow non-system apps for providing network location.
There’s an official patch, also mentioned in the Install Guide and it’s basically the reason for microg_installer and its revived fork existing.
I could use LOS4microg, which does include the patch, but builds are run much less frequently (once a month instead of weekly) and I’d rather stick to original Lineage.
Thanks for pointing out charging control, I wasn’t aware of that new feature. One more reason to upgrade LOS my phone
Graphene os for security, lineage os is for debloated aosp experience, root is for things like wifite2 on smartphone, cheat engine like apps on smartphone, deep control of your smartphone and etc
I did not give it much thought really, I just wanted my previously rooted phone with no google things. But mainly the SafetyNet thing.
If you are either A) bootloader unlocked or B) using a custom ROM via an exploit, your system is freely open to modification by a physical attacker, regardless.
e.g. for better charging control, to allow f-droid to update apps automatically
You don’t need root for any of those in Lineage OS 22. Android has a API that F-droid uses for updates and Android 15 introduces charging control.
In all fairness you have more control with root but it also introduces a major security risk. With root an app can completely bypass all security controls. If malware gets root you are basically hosed.
Android has a API that F-droid uses for updates and Android 15
that’s a cool thingit always should have worked this way.at the same time many people don’t have phones that have such a new OS available. people shouldn’t buy a new phone just for this.
and Android 15 introduces charging control
on what level? my rom too has a built-in setting to stop charging at 90%, but thats it, it’s a static thing. with root I can set a more suitable upper limit, the level at which charging should start again, charging speed limit, and idle mode that does not charge the battery but switches the power source from battery to charger. and all of this can be set by a schedule, so that it’s fine to have it slowly charge at night from any starting level, but at the day it just idle charges.
can you do any of this on 15?
the funniest part is that this has been a feature of phones for a decade or more, they just didn’t let the user configure it.
In all fairness you have more control with root but it also introduces a major security risk
that’s true, if you are being used to impulse accepting any permission prompt
With root an app can completely bypass all security controls
apps that you have approved
If malware gets root you are basically hosed
that’s just how normal computers work. There’s a tradeoff, sure, just like you can fall and die if you leave the house.
did everything but not rooted phone i just debloated my phone currently i don’t use arch btw but it was great but skill issue kills me so i’m here with lmde
I feel like I’m kinda somewhere in between tech conservative and paranoid. I am privacy conscious but I don’t engage in privacy related content too often. I use Arch, Manjaro, /e/OS on a fairphone with mostly foss apps and decline most cookies I can. I also like self hosted things just because the corporate SaaS stuff sucks over time with artificial restrictions and has no privacy
respect
This is fairly dated.
Don’t use Telegram or Jami. Also Xorg is dead.
Wait, why not Jami?
No independent audit is a bad sign. It also is unstable with a giant code base.
According to the threads I found privacy guides:
-
It mostly just doesn’t work well.
-
It hasn’t been independently audited
https://discuss.privacyguides.net/t/add-jami/20052
https://discuss.privacyguides.net/t/why-is-jami-not-listed-in-pg/12500
-
Also Luke Smith hasn’t uploaded in years now
deleted by creator
Seems like I’m a newborn paranoid. Favorite os = arch Favorite browser = librewolf Favorite apps = f-droid
I disable cookies on virtually all websites. And I do fear the slippery slope sometimes.
FYI, there are uBlock filters to block most cookie popups - you just have to enable them. From memory, I think they are called annoyances
yeah but if you want actual security you use Qubes
and for the love of Torvalds don’t use Tails as a daily driver, it’s not for that
also have you seen Stallman’s other video?
Wow, Qubes seems pretty badass! Do you run it? How heavy is it? (Like, how beefy a PC do ya need for decent performance?) How intuitive do you find the experience, from your perspective? 🙂
I have run it on a laptop in the past, and I think it’s a good option for a mobile system that you may be using on public/unsafe wifi and/or if your laptop is your primary computer and is actively carrying sensitive data (e.g. PII, financial records, health records, etc) that you want to keep in a separate environment from normal activities (though my advice would still be to keep such data on an external drive that is normally unplugged). It’s not a good choice if you want to use that system for gaming - the hardware driver abstraction and segregation causes problems.
I don’t really have a use case for it at the moment so I don’t have any systems running it. It’s OK for general use if you’re not doing anything particularly complicated. Document editing, web browsing, code development - no problem. I wouldn’t recommend it if you’re doing CAD/3D modeling, graphics, audio/video editing, &etc - it’s not really a good platform for doing creative work, too many complications.
The base system is not particularly heavy, though obviously the more VMs you run concurrently the more resources you’ll need. It does require specific virtualization features for the CPU (documented in Choosing Hardware), which are not always available especially on laptop processors. My laptop had a mobile version of AMD Ryzen which worked. That was a 13" lightweight laptop, nothing too beefy, and it ran Qubes with a couple Debian VMs just fine.
Once you understand the basics of using dom0 to control the other VMs (and that you don’t ever use dom0 for anything besides configuring and launching the other VMs) it’s fairly straightforward. You do have to get used to virtually unplugging any USB devices from one VM and then plugging them into another (no bridging VMs via USB, that would break data security) but it makes sense if you think of those VMs as separate computers.
I think it’s great if you’re traveling a lot with a personal laptop and you won’t have control over the networks you connect to, because you can basically seal off any sensitive data from any external/untrusted connections in completely separate virtual environments. You can have VMs which just don’t ever have network access and so are “air gapped” by virtue of not even having network drivers installed, and then just manually transfer specific pieces of data as needed.
Thank you for the response!! I will definitely give it a go sometime!
Not sure where I fall into this chart =)
Favorite OS: OpenSuse Tumbleweed
Favorite browser: Librewolf
Favorite Apps: Vim/Neovim (not even close to anything else)- I’m not paranoid, though. (It’s not paranoia if everyone agrees with you, most people just don’t care)
- I love FOSS culture and hate corporations with passion.
- For messaging I use Discord and Telegram
- Use old netbook from 2007 and my desktop PC is around the same age.
- I do watch Luke Smith and “Richard Stallman was right”!
Not sure where I fall into this chart.
I can tell you. You’re in the shit distro+shit browser part of the chart. Terrible choices. Not like my distribution which is so good. With a very good browser.
No I haven’t read what your distro is. Nor your browser. Irrelevant.
My distro? You wouldn’t know it. Very niche. But very good. Maybe the same as yours, but not the shit one. The good one.
Am I a moron? Sure. A moron with a good distro. (It’s ubuntu+chrome, if you know it)
cool 👍
I would say somewhere between paranod newborness and tech conservatism 🤔
I live on the right side of the second box, between second and third. I venture into the fourth maybe once or twice a year. It is a good life.
yeah me to
Suspicious lack of Qubes. Who do you work for??? the CIA? China? The Rwandan National Intelligence and Security Agency?
Honestly Qubes is over rated.
Just use virtual manager with VMs.
If all you want to do is run VMs, Qubes is not what you are looking for. Even virtual machine manager (and other abstractions over libvirt and KVM) need to be hardened to avoid compromising the host.
Example: By default virt-manager uses a NAT bridge to allow for the guest VM to access the host and the LAN. A couple of weeks ago vulnerability was found in CUPS print server, allowing a hacker to do RCE. If a guest VM was compromised (previously or because of the vulnerability), since the host also likely has CUPS the hacker could use the guest system to compromise the host. This is avoided on Qubes because the host has minimal software.
Virt-manager offers no where near the same Security as Qubes. Qubes has a security hardened host and strong Desktop security model. Everything runs in VMs (aka qubes) including different parts of the system to further improve isolation. Sure, you could replace Qubes OS with an off the shelf Linux distro and run VMs, but that is nothing like Qubes, offers none of the convenience, and isn’t hardened or debloated (reducing host attack surface).
No Linux distro comes close. Qubes is designed for a specific job. I am not saying Qubes is the “best OS ever” when I say Linux distros dont come close, I specifically mean that no Linux distro is designed with as strong of a focus on Desktop security model and isolation-based workflow.
