I am not satisfied with Linux’s security and have been researching alternative open source OS for privacy and security So far only thing that’s ready to use is GrapheneOS (Based on Android) but that’s not available on desktop (Though when Android release Desktop mode it may become viable)...
First, microkernels being the future: This is a sentence that was said time and time again, but while microkernels definitely have some advantages in separating components which could yield better security, in practice it also introduces other security concerns, not present with monolithic kernels, mostly with the communication between the kernel services.
Second, about the no secure Linux distros thing: As many others have mentioned, there are security-conscious Linux distros, mostly the “immutable” distros. You can use Fedore Silverblue (or even better, SecureBlue) as a daily driver, with Flatpak for your apps. That way, your main OS is read-only, thus harder to infect and all system updates are signed and verified. Using Flatpak helps enforce permissions on apps in a manner similar to Android permission (you can deny an app the right to see your files, for example).
Third, I don’t really understand what you mean by “Linux’s security holes”. Of course it’s not bug free, but no kernel of this magnitude is. Also, GrapheneOS uses Linux as well, albeit with a hardening patchset, but you can also get that with desktop Linux distros. If you think Linux (being a monolithic kernel) is automatically less secure than microkernel and hybrid kernel based systems, take a look at Windows and macOS, which both use non-monolithic kernels, but most security experts will tell you that you’re better off using Linux.
Fourth, about all the niche, mostly hobby OSes you listed: A big part of security is about having more eyes on the source code. Even if you write a kernel in a “safe” programming language, there will be bugs. Something as advanced as a kernel that’s ready for daily desktop use and provides advanced isolation between processes is going to be so complex that you won’t be able to see what bugs arised from the different parts interacting with each other. Safe programming languages make it easier to write safe code, but don’t stop you from messing up the logic that defines what apps have which permissions. Your best bet is to stick to software that has had time to mature and had more people and companies look through it. Linux is regularly audited by all tech giants, because all clouds use Linux to some extent. If it’s secure enough to isolate the workloads in Google Cloud, and Amazon’s AWS, it’s going to be secure enough for your desktop, provided you use it well (make use of it’s security features and don’t shoot yourself in the foot by disabling mitigations and the like). This is partly why I think the idea that OpenBSD is more secure than Linux is somewhat outdated. Yes, they advertise it as such, but it has seen much-much less auditing than Linux did in the cloud era.
Of course, there’s nothing wrong with playing around with alternatives operating systems, just don’t think you’ll be more secure just because something is written in Rust, or is a microkernel. Those can help, but there’s much more to security than the guardrails a programming language or software architecture can provide, especially with something as complex as a modern kernel.
Really just curious what folks out there deem valuable enough to give money for monthly or annually. As a software engineer I have quite a few that keep me productive and I’ll list a few:...
That depends on your Mac. The older the Mac, the older the version. On most M1 Macs, you can go back even to Big Sur, on M2 it’s usually Monterey and so on. It might be different with the Pro/Max/Ultra variants though.
This change only brings speed & stability, which is essential, but hard to see for us, end users. The bigger one is going to happen on Thursday, where Lemmy itself is going to be updated. After Thursday’s update, any users will be able to block entire instances and see our upvotes, along with many other Lemmy updates.
Anyone know how to see what pid/process has modified a linux routing table (specifically on Ubuntu )? I have an interesting problem where a route that I have created has been deleted over time, but can’t figure out what. I’ve tried rtmon but seems to only show timestamps of the adds/deletes
They aren’t asking about changes to a file describing the routing config, rather the actual in-use routing config. Unless the routing rules are modified through a couple of files (which I doubt), this doesn’t answer the question.
Well, the routes might manifest somewhere as files, but I don’t expect anyone to be able to viably parse them without commands like ip or ifconfig (or know where the files even are).
Some devices (like disks for example) are very straightforward to use as files, while some other special files (like USB devices) are so weird/ugly to use that everyone uses tools/libraries to access them (like libusb).
This is very off-topic, but there’s a great talk by Benno Rice that talks about this (among many others): youtu.be/9-IWMbJXoLM
Edit: copying the font to /usr/local/share/fonts/ fixed it. (I downloaded Debian Xfce a while ago because of how much I dislike Snap, so I’ll soon replace Xubuntu with it.)...
I don’t know anything about how Firefox is packaged for snap, but snap’s “sandboxing” might interfere with getting all fonts.
You might want to try using Firefox without snap (which has some other benefits, especially around startup time) or adding ~/.local/share/fonts (which is where fonts are supposed to be installed for users) to some sort of allowlist.
Also, USB4 can optionally support PCIe tunneling, which is a fancy way of saying it supports plugging more advanced types of hardware in (like GPUs, high-speed network cards or NVMe SSDs) at speeds of up to 40Gbps.
And there is USB4 v2 (not kidding, that’s the name) which extends USB4 to up to 80Gbps, but there are no devices that support that yet.
I have a Samsung TV, a Google Chromecast and an iPhone. I want to watch a movie on Apple TV+ on my TV, but my Chromecast doesn’t support Airplay, and Apple TV+ doesn’t support Google Cast. My Samsung TV supports Airplay, but I don’t want it on the internet at all....
AirPlay capabilities for your Chromecast players. Apple devices use AirPlay to send audio to other devices, but this is not compatible with Google’s Chromecast. This add-on tries to solve this compatibility gap. It detects Chromecast players in your network and creates virtual AirPlay devices for each of them. It acts as a bridge between the AirPlay client and the real Chromecast player.
Sounds like just the thing you want, although I haven’t tried it personally.
The SkyConnect dongle was sold as Zigbee but with the promise of also supporting Thread. This is available in HA as experimental. Does anyone have experience with how stable it is? Is it close to ready?
I’ve found the built in nix firewall to be somewhat lacking (can’t have different ports open on different networks for instance, I would rather reduce my attack surface while out on other people’s/public WiFi)...
Secure Operating Systems (Microkernels seems to be the future)
I am not satisfied with Linux’s security and have been researching alternative open source OS for privacy and security So far only thing that’s ready to use is GrapheneOS (Based on Android) but that’s not available on desktop (Though when Android release Desktop mode it may become viable)...
What web services do you subscribe to?
Really just curious what folks out there deem valuable enough to give money for monthly or annually. As a software engineer I have quite a few that keep me productive and I’ll list a few:...
USB hubs, printers, Java, and more seemingly broken by macOS 14.4 update (arstechnica.com)
Update on SJW upgrade to v19.3
Hello sh.itjust.works community,...
#memes (leminal.space)
How do I see what pid/process has modified a linux routing table?
Anyone know how to see what pid/process has modified a linux routing table (specifically on Ubuntu )? I have an interesting problem where a route that I have created has been deleted over time, but can’t figure out what. I’ve tried rtmon but seems to only show timestamps of the adds/deletes
[Solved] Font not available in Firefox or (Epiphany GNOME) Web browser.
Edit: copying the font to /usr/local/share/fonts/ fixed it. (I downloaded Debian Xfce a while ago because of how much I dislike Snap, so I’ll soon replace Xubuntu with it.)...
The EU common charger : USB-C (europa.eu)
cross-posted from: jlai.lu/post/3226934...
Send video to Chromecast through Airplay via Home Assistant
I have a Samsung TV, a Google Chromecast and an iPhone. I want to watch a movie on Apple TV+ on my TV, but my Chromecast doesn’t support Airplay, and Apple TV+ doesn’t support Google Cast. My Samsung TV supports Airplay, but I don’t want it on the internet at all....
How stable is multi-protocol support on SkyConnect?
The SkyConnect dongle was sold as Zigbee but with the promise of also supporting Thread. This is available in HA as experimental. Does anyone have experience with how stable it is? Is it close to ready?
Are there alternatives for the NixOS firewall?
I’ve found the built in nix firewall to be somewhat lacking (can’t have different ports open on different networks for instance, I would rather reduce my attack surface while out on other people’s/public WiFi)...
Praise Cheeses (feddit.de)