Diseased Open Source Software Community - it's about ethics in Code of Conducts

[Gog & Magog]

Should I uninstall Special K before this retard totally loses it and sabotages the thing?

 

[SCV]

I am intrigued, might try it once the xlibre goes out of testing.

Also someone redpill my dumbass on what the difference between these are? I get that one is using dinit, one OpenRC and so on but I wanna know what those are and how it affects the install.

Disclaimer: I've only used openRC.

If you're using the calamares installer it shouldn't really affect anything during the install. The biggest thing I've run into is that there will be packages that only come with systemd service scripts and you need one for your init system. If it's in the artix repos they will have accounted for this of course so where it'll happen is the AUR and the odd package in the arch repos that isn't in the artix ones. I'd say about half of those times there's some hero who made an [package you want]-openrc package. In the other cases I've been able to write my own service script and I'm just some asshole so it can't be that hard.

Other differnces will be how you enable services or check their status. I picked openRC at the time because it seemed the one with the best documentation (ie. the gentoo wiki) at the time. I'm not sure if that is still true or even if it was true in the first place but I've learned enough about it now switching without a good reason would be a waste.

So if Artix is the chuddiest distro, what's the chuddiest WM / DE?

I don't know about WMs but for DE I'm going to throw our XFCE. They don't even support gayland.

 

[306h4Ge5eJUJ]

No (mainstream) distro runs the X server as root anymore and hasn't for years

Rootless X requires systemd last time I checked, which the Xlibre crowd is unlikely to be a fan of.

 

[YoRHa No. 2 Type B]

I don't know about WMs but for DE I'm going to throw our XFCE. They don't even support gayland.

Xfce does indeed support Wayland in an experimental state with the latest release 4.20.
All the Xfce programs work fine under Wayland thanks to GTK, the only thing not done is porting xfwm4 to Wayland, which is currently in progress but will take a while.
However, you can currently use labwc or wayfire instead (since the xfwm4 Wayland compositor will be based on wlroots) and it works. From the article above:
"To start an Xfce session on Wayland, you can run startxfce4 --wayland from a tty, which will launch xfce4-session from labwc. If you want to use wayfire instead, you'll need to run startxfce4 --wayland wayfire and add this configuration first, as wayfire doesn't have a --startup option like labwc (see startxfce4 --help for details):"
Its very buggy for now but they are very much working on it.
Still the most chud DE though. The only DE that I know of that isn't getting Wayland support is LXDE, which is equally as chud.

 

[fuckingIncredable]

Rootless X requires systemd last time I checked, which the Xlibre crowd is unlikely to be a fan of.

No? Are you retarded nigger?

 

[Ed Special]

for needing to update your OS that's because MS no longer provides security updates.

actually, it's because the steam client is chromium-based, and chromium dropped support for win7/8.1 a few years ago

 

[fuckingIncredable]

actually, it's because the steam client is chromium-based, and chromium dropped support for win7/8.1 a few years ago

I really fucking hate how volvo decided that replacing the old ui engine with chromium slop was a good idea

 

[Betonhaus]

I really fucking hate how volvo decided that replacing the old ui engine with chromium slop was a good idea

Ah I remember the old B20, it just ran forever in my 240

 

[SCV]

However, you can currently use labwc or wayfire instead (since the xfwm4 Wayland compositor will be based on wlroots) and it works. From the article above:

I mean, sure, but I would say even ignoring the experimental status xfwm4 needs to work with wayland before you could say xfce supports wayland. Interesting nonetheless.

 

[Looking Glass]

Least privilege is good when it's the least amount of privilege needed to do your job not the least amount of privilege possible so that nothing fucking works.

Yes, obviously. That's the point of my post.

And I bet the "security" of all the workarounds you mention in your edit which are re-implemented independently several times meaning each implementation will have it's own fun and exciting vulnerabilities is awful.

The security model is pretty simple. Globals for privileged objects are only exposed to clients the server trusts. In KDE or GNOME, everything is (should be) locked down to specific clients the server trusts. Other clients cannot discover or bind the objects.

Other protocols are exposed with authentication interfaces, for example KDE's fake input protocol.

For sandboxing in particular, the security-context protocol allows compositors to remove even more protocol objects from any sandboxed apps, which reduces the available API surface further.

There's no meaningful security to be gained once you're running untrusted code. If some app is willing to key log you the people who made it aren't going to just say "well shucks, this guy is running wayland. guess we can't keylog them. oh well".

There is a big difference between "lets listen to events the display server sends us" and "lets find a privilege exploit to get root and read device events directly". It is quite literally "well shucks, this guy is running wayland. guess we can't keylog them. oh well" unless you have a privilege escalation exploit.

At best if wayland was a step towards good sandboxing is putting the cart WAY before the horse. In reality it's a shit pile pushed by redhat for hostile ends by useful idiot trannies who get off on making people suffer. This whole thing is literally just "security comes at the expense of convenience which comes at the expense of security" spread over 15 years but with corpos + trannies.

It is a fact that Wayland's design is a security model improvement over X. It is also a fact that its taken 15 years to become usable, mostly due to redhat's retardation. I didn't personally switch until a couple years ago when it became reasonably usable.

Concrete examples where Wayland improves security right now:
- Screen lockers fail closed instead of open (this could be fixed in X with changes to the X server and rewrites of screen locking tools)
- Background keyloggers don't work
- Input injection doesn't work
- Apps can't arbitrarily capture your screen*
*Under KDE and GNOME. Workaround protocols currently allow this in small compositors because it's been necessary, but the newish image-copy-capture protocol should allow this to be fixed and correctly permissioned. Security-context affected apps already shouldn't see this.

XNamespace has a chance to fix some of this under X, but its complicated, especially to do in a backwards compatible way.

Hopefully this doesn't come off as combative. Given you're bringing up the work arounds I think you're going to agree generally. I just really dislike the excuse that wayland is about security.

I understand where you're coming from. My personal stance is that Wayland isn't about security, but a chance to rearchitect the display stack in general and it shouldn't be forced on anyone until it works for them. That is obviously not the stance of the redhat trannies and gnome so I understand why people are combative about it.

If you've personally tried a compositor and it sucked I'd be interested to hear which one, how recently, and why it sucked.

 

[CrunkLord420]

So Canonical replied to Lunduke. Long story short, Jeremy Bicha disclosed his criminal record upon hire. Canonical always knew he was a serial child molester. Canonical implies that this is okay since it wasn't a computer or fraud related crime. Ignoring the liability of having a registered sex offender represent your company, especially at conferences, which are a big part of being a professional FOSS person. Crazy.

I can't even, the edit: Imagine all the times we've heard about how political opinions create unsafe work environments, but not a chomo? Come on. Would you leave your kid, or really anyone with that guy? Of fucking course not. Chomos are constant re-offenders. Chomos get out and immediately run out to a park to molest a kid, happens all the fucking time. No mental gymnastics needed, everyone instinctively understands this guy needs constant direct supervision because if you relax he might just try to rape you with a dildo. That's not a safe workplace, sorry. What is your HR team doing? This is lawsuit fuel. It's perfectly reasonable to feel unsafe around a serial child molester, and juries would agree.

 

[SCV]

"lets find a privilege exploit to get root and read device events directly"

My only thoughts are that even without root permissions if you have malicious code running that can read (and delete) /home keylogging is probably the least of your problems and that IMO privilege escalations are pretty common.

If you've personally tried a compositor and it sucked I'd be interested to hear which one, how recently, and why it sucked.

Can't say that I have. I moved off windows 7 to artix. I had a decent amount of experience from VMs and a couple SBCs that informed me on what I wanted (rolling-release because fuck re-installing and out-of-date repos, no systemd, was interested in the AUR). Ironically my DE choice mostly dictated by what was avaiable OOB with artix and /g/ memes.

 

[Looking Glass]

if you have malicious code running that can read (and delete) /home keylogging is probably the least of your problems

That is most of the reason why sandboxing is important. A sandbox can remove /home as well as most everything else from the app.

 

[skunt]

View attachment 7624290

> felonies and misdemeanor convictions that would prevent an individual from being trusted,

nice to know canonical doesn't think the crimes of rape & molestation aren't breaches of trust.

 

[General Emílio Médici]

Canonical implies that this is okay since it wasn't a computer or fraud related crime.

So they would have hired him if his crime was lynching a nigger too? That is not computer related.

That is such a obvious and complete fucking bullshit. Aren't these the people blocking and banning anyone who fucking contributes to a different FOSS project because people in said project said edgy things?

Literally the "I may be a pedophile but at least I am not rude" position.

 

[YoRHa No. 2 Type B]

Canonical implies that this is okay since it wasn't a computer or fraud related crime.

I imagine if he murdered someone that Canonical wouldn't be okay with that.
But by their logic here they would still hire a convicted murderer.
Canonical is somehow trying to make their reputation worse then Red Hat's, which is impressive.

 

[DavidS877]

I imagine if he murdered someone that Canonical wouldn't be okay with that.
But by their logic here they would still hire a convicted murderer.
Canonical is somehow trying to make their reputation worse then Red Hat's, which is impressive.

At least if Hans Reiser ever gets out he'll have a place he can get a job.

 

[Ferryman]

Making DRM harder to remove by making core game functionality dependent on it is clever, but also very scummy.

DRM is nothing short of a Baphomet worship ritual designed to fuck over consumers. Daily reminder that it is morally just to pirate corposlop content, games or otherwise, even if it means risking the good ol' PUNJABI PR3CRACKED N0 V1RUS download every once in a while.

 

[Retarded Weeb]

So they would have hired him if his crime was lynching a nigger too? That is not computer related.

That is such a obvious and complete fucking bullshit. Aren't these the people blocking and banning anyone who fucking contributes to a different FOSS project because people in said project said edgy things?

Literally the "I may be a pedophile but at least I am not rude" position.

Canonical: "Wow, you know what. Our employee may have been convicted for over a thousand counts of child rape. But at least he respects Codes of Conduct."

 

[Battlefield42]

We need to boycott Steam because of it's anti-consumer practices and buy from Ubisoft and Epic instead. At least they support the retard mode on the X-box One controller, while Steam treats it like an X-box 360 controller.

Nigger, who the fuck cares about some retarded microshit controller on Steam?