mikey

joined 1 year ago
[–] [email protected] 6 points 6 months ago

Whew, there's a lot to unpack here.

First, microkernels being the future: This is a sentence that was said time and time again, but while microkernels definitely have some advantages in separating components which could yield better security, in practice it also introduces other security concerns, not present with monolithic kernels, mostly with the communication between the kernel services.

Second, about the no secure Linux distros thing: As many others have mentioned, there are security-conscious Linux distros, mostly the "immutable" distros. You can use Fedore Silverblue (or even better, SecureBlue) as a daily driver, with Flatpak for your apps. That way, your main OS is read-only, thus harder to infect and all system updates are signed and verified. Using Flatpak helps enforce permissions on apps in a manner similar to Android permission (you can deny an app the right to see your files, for example).

Third, I don't really understand what you mean by "Linux's security holes". Of course it's not bug free, but no kernel of this magnitude is. Also, GrapheneOS uses Linux as well, albeit with a hardening patchset, but you can also get that with desktop Linux distros. If you think Linux (being a monolithic kernel) is automatically less secure than microkernel and hybrid kernel based systems, take a look at Windows and macOS, which both use non-monolithic kernels, but most security experts will tell you that you're better off using Linux.

Fourth, about all the niche, mostly hobby OSes you listed: A big part of security is about having more eyes on the source code. Even if you write a kernel in a "safe" programming language, there will be bugs. Something as advanced as a kernel that's ready for daily desktop use and provides advanced isolation between processes is going to be so complex that you won't be able to see what bugs arised from the different parts interacting with each other. Safe programming languages make it easier to write safe code, but don't stop you from messing up the logic that defines what apps have which permissions. Your best bet is to stick to software that has had time to mature and had more people and companies look through it. Linux is regularly audited by all tech giants, because all clouds use Linux to some extent. If it's secure enough to isolate the workloads in Google Cloud, and Amazon's AWS, it's going to be secure enough for your desktop, provided you use it well (make use of it's security features and don't shoot yourself in the foot by disabling mitigations and the like). This is partly why I think the idea that OpenBSD is more secure than Linux is somewhat outdated. Yes, they advertise it as such, but it has seen much-much less auditing than Linux did in the cloud era.

Of course, there's nothing wrong with playing around with alternatives operating systems, just don't think you'll be more secure just because something is written in Rust, or is a microkernel. Those can help, but there's much more to security than the guardrails a programming language or software architecture can provide, especially with something as complex as a modern kernel.

[–] [email protected] 1 points 7 months ago

For me, as an SRE:

  • Mullvad VPN
  • Google Drive (until I set up my NAS)
  • YouTube Premium
  • ChatGPT (but I am thinking of trying out Claude 3 instead)

Other, non-tech subscriptions:

  • Public transport
  • Public bike sharing
  • Food delivery

Things I might pay for if my employer didn't:

  • IntelliJ Ultimate
  • GitHub Copilot

Random IT-adjacent services I occasionally donate to:

  • Codeberg
  • Wikipedia
[–] [email protected] 10 points 7 months ago

That depends on your Mac. The older the Mac, the older the version. On most M1 Macs, you can go back even to Big Sur, on M2 it's usually Monterey and so on. It might be different with the Pro/Max/Ultra variants though.

[–] [email protected] 23 points 9 months ago (6 children)

In Hungarian it says "segglyuk", but that means "asshole". It should be "segg" to match "ass".

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago) (3 children)

Well, the routes might manifest somewhere as files, but I don't expect anyone to be able to viably parse them without commands like ip or ifconfig (or know where the files even are).

Some devices (like disks for example) are very straightforward to use as files, while some other special files (like USB devices) are so weird/ugly to use that everyone uses tools/libraries to access them (like libusb).

This is very off-topic, but there's a great talk by Benno Rice that talks about this (among many others): https://youtu.be/9-IWMbJXoLM

[–] [email protected] 6 points 10 months ago (5 children)

They aren't asking about changes to a file describing the routing config, rather the actual in-use routing config. Unless the routing rules are modified through a couple of files (which I doubt), this doesn't answer the question.

Cool commands though.

[–] [email protected] 10 points 10 months ago

I don't know anything about how Firefox is packaged for snap, but snap's "sandboxing" might interfere with getting all fonts.

You might want to try using Firefox without snap (which has some other benefits, especially around startup time) or adding ~/.local/share/fonts (which is where fonts are supposed to be installed for users) to some sort of allowlist.

[–] [email protected] 17 points 10 months ago (1 children)

Also, USB4 can optionally support PCIe tunneling, which is a fancy way of saying it supports plugging more advanced types of hardware in (like GPUs, high-speed network cards or NVMe SSDs) at speeds of up to 40Gbps.

And there is USB4 v2 (not kidding, that's the name) which extends USB4 to up to 80Gbps, but there are no devices that support that yet.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (59 children)
[–] [email protected] 39 points 1 year ago (10 children)

I smell AI 😅