The Linux Thread - The Autist's OS of Choice

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
Scotched up Scott said:
yes and no. you can do the same thing with locking down administrative rights on a base Linux machine. you cant touch any root shit without admin, cant install anything without admin, cant update without admin. Linux will never be the OS for people who don't know computers. just throw a chrome book at them.

immutable's advantages just aren't worth it in most cases. except servers and mass deployment. however i doubt you'll see schools swap to linux machines for education and i bet you will never see governments swap to Linux without it becoming a government ran distro.
Click to expand...
You can. But that's the entire idea of those immutable/atomic distros I mentioned. You can't fuck your system up, you can roll back updates. The devs do all the thinking for you.

If someone wanted to replicate that and did with normal Linux. They would already be outside of the group, the people making those distros claim they are for.

I really don't get why distros are pushing for the immutable/atomic thing, and some are implying it's the future of Linux. At least for desktop. If the normal distro of today became a thing of the past. I would consider that an L. I don't want to have android on my laptop. If I'm installing Linux I want Linux.

I'm necessarily disagreeing with you here. I do think generally you're right if people want Linux they should install a normal distro.
 
  • Like
Reactions: Scotched up Scott
prollyanotherlurker said:
You can. But that's the entire idea of those immutable/atomic distros I mentioned. You can't fuck your system up, you can roll back updates. The devs do all the thinking for you.

If someone wanted to replicate that and did with normal Linux. They would already be outside of the group, the people making those distros claim they are for.

I really don't get why distros are pushing for the immutable/atomic thing, and some are implying it's the future of Linux. At least for desktop. If the normal distro of today became a thing of the past. I would consider that an L. I don't want to have android on my laptop. If I'm installing Linux I want Linux.

I'm necessarily disagreeing with you here. I do think generally you're right if people want Linux they should install a normal distro.
Click to expand...
i can see it from some angle. most kids today grow up with an android or apple phone/tablet in their hand. so they want to make OS's like that so your dumb ass zoomer who doesn't know the difference between a JPG and PNG is can use it, but they wouldn't be able to install an OS anyways soo the point is wasted. its the wrong direction in user comfort.
 
  • Like
  • Thunk-Provoking
Reactions: 0gh, prollyanotherlurker and Vecr
prollyanotherlurker said:
You can. But that's the entire idea of those immutable/atomic distros I mentioned. You can't fuck your system up, you can roll back updates. The devs do all the thinking for you.

If someone wanted to replicate that and did with normal Linux. They would already be outside of the group, the people making those distros claim they are for.

I really don't get why distros are pushing for the immutable/atomic thing, and some are implying it's the future of Linux. At least for desktop. If the normal distro of today became a thing of the past. I would consider that an L. I don't want to have android on my laptop. If I'm installing Linux I want Linux.

I'm necessarily disagreeing with you here. I do think generally you're right if people want Linux they should install a normal distro.
Click to expand...
You would be surprised how a normie is able to fuck their system up. I think it's a good thing for a normal nigger.
 
Battlefield42 said:
You would be surprised how a normie is able to fuck their system up. I think it's a good thing for a normal nigger.
Click to expand...
The number of people who I hear about: "Yea, I broke my Linux system and reinstalled." is way higher than it should be.
I don't even think I've managed to do that more than once in 30 years, and it was probably trying to force upgrade something that didn't want to be forced.
 
  • Agree
Reactions: Penne Dreadful and Nitro!
prollyanotherlurker said:
You can. But that's the entire idea of those immutable/atomic distros I mentioned. You can't fuck your system up, you can roll back updates. The devs do all the thinking for you.

If someone wanted to replicate that and did with normal Linux. They would already be outside of the group, the people making those distros claim they are for.

I really don't get why distros are pushing for the immutable/atomic thing, and some are implying it's the future of Linux. At least for desktop. If the normal distro of today became a thing of the past. I would consider that an L. I don't want to have android on my laptop. If I'm installing Linux I want Linux.

I'm necessarily disagreeing with you here. I do think generally you're right if people want Linux they should install a normal distro.
Click to expand...

There are security benefits to doing it more like android though. The android security model is supposedly better. Meanwhile, an attacker on traditional desktop GNU/Linux can easily get the sudo password and escalate to root privileges. See https://madaidans-insecurities.github.io/linux.html#root

On ordinary Linux desktops, a compromised non-root user account with access to sudo is equal to full root compromise, as there are an abundance of ways for an attacker to retrieve the sudo password. Usually, the standard user is part of the "sudo" or "wheel" group, which makes a sudo password security theatre. For example, the attacker can exploit the plethora of keylogging opportunities, such as Xorg’s lack of GUI isolation, the many infoleaks in the procfs filesystem, using LD_PRELOAD to hook into processes and so much more. Even if one were to mitigate every single way to log keystrokes, the attacker can simply setup their own fake sudo prompt by manipulating $PATH or shell aliases/functions to intercept the user's password, completely unbeknownst to the user.
Click to expand...
 
revenge of rebecca said:
There are security benefits to doing it more like android though. The android security model is supposedly better. Meanwhile, an attacker on traditional desktop GNU/Linux can easily get the sudo password and escalate to root privileges. See https://madaidans-insecurities.github.io/linux.html#root
Click to expand...
You don't need sudo access to utterly violate a home system. Just get your binary running under the user's account and you'll have pretty much all their data. It's not going to be enough for an enterprise system, so if you want to actually earn some money you'll have to come up with something else, but a desktop user will be fucked.
 
  • Like
Reactions: Rusty Metal Skull Gun
Susanna said:
You don't need sudo access to utterly violate a home system. Just get your binary running under the user's account and you'll have pretty much all their data. It's not going to be enough for an enterprise system, so if you want to actually earn some money you'll have to come up with something else, but a desktop user will be fucked.
Click to expand...

Well the other part of the equation is presumably to sandbox all the applications you run via flatpak and use flatseal. Madaidan is critical of flatpak, and he is probably right. But if you only download verified flatpaks, use flatseal to deny them unnecessary permissions before running them, and use an immutable system, I would think you would be in a better place security-wise over the traditional GNU/linux distro. The traditional GNU/linux distro does not sandbox by default and allows the user to use sudo to change the operating system itself. And as Madaidan explains, a sophisticated attacker can easily get the sudo password.
 
Last edited:
  • Agree
Reactions: Susanna
It's are you willing to make the compromises that come with having android type security.

I haven't looked into Selinux a ton. So idk exactly how much or less security you would be getting from using that, and how much different it is to using a normal Linux install. So I can't say much about it besides it's a thing you can do.

I recently set up a Gentoo install with apparmor and snap. Just to see how that runs and how different Gentoo with systemd, is from Arch and openrc Gentoo. So far it seems clunkier than setting up Arch, or Gentoo with openrc. I ran into issues with DNS. And ended up having to trouble shoot to find out what the issue was. Since it doesn't get taken care of for you like almost every other distro I've tried. Whether systemd or not.

But the apparmor stuff could potentially have some benefits. I haven't been using it long enough to know if I am willing to keep it. I've ran into some weird problems so far. That I will need to work out. Like after setting it up. Htop isn't showing me my CPU temperature for some reason. Which makes no sense to me.


All this is to say. It's either be secure as possible. Or be less secure, and have more control over your system, or be less secure and have more convenience. I like having the ability to do whatever I want. I could maybe set up one install, that I will just fully set up to be as secure as possible, and not mess with it a ton. Then use that for anything sensitive. But I like the way traditional Linux lets you do whatever.
 
revenge of rebecca said:
which is one reason why immutable/atomic distro with flatpak may very well be the future of linux.
Click to expand...
I feel like something closer to docker or portainer based seems more likely. Flatpack doesn't make defining it's restrictions easy. the flatpack version of Mega is limited to 250mb unless you search for the command to allow it more use of space, for example.

A potential solution is a wrapper for .appimage that automatically handles dependencies and updates and makes it easier to handle restrictions and intergrations.
 
I used to use Tomoyo as MAC implementation, because I found it the most intuitive I actually felt I could configure myself. (AppArmor, SELinux etc. seemed too complex) I find namespace sandboxing "good enough" now.
 
Last edited:
prollyanotherlurker said:
It's are you willing to make the compromises that come with having android type security.

I haven't looked into Selinux a ton. So idk exactly how much or less security you would be getting from using that, and how much different it is to using a normal Linux install. So I can't say much about it besides it's a thing you can do.

I recently set up a Gentoo install with apparmor and snap. Just to see how that runs and how different Gentoo with systemd, is from Arch and openrc Gentoo. So far it seems clunkier than setting up Arch, or Gentoo with openrc. I ran into issues with DNS. And ended up having to trouble shoot to find out what the issue was. Since it doesn't get taken care of for you like almost every other distro I've tried. Whether systemd or not.

But the apparmor stuff could potentially have some benefits. I haven't been using it long enough to know if I am willing to keep it. I've ran into some weird problems so far. That I will need to work out. Like after setting it up. Htop isn't showing me my CPU temperature for some reason. Which makes no sense to me.


All this is to say. It's either be secure as possible. Or be less secure, and have more control over your system, or be less secure and have more convenience. I like having the ability to do whatever I want. I could maybe set up one install, that I will just fully set up to be as secure as possible, and not mess with it a ton. Then use that for anything sensitive. But I like the way traditional Linux lets you do whatever.
Click to expand...
This might just be me but I found SELinux to be a fucking clusterfuck setting up. Apparmor seems easier in comparison but I haven't really tried poking around in apparmor much. The little bit I looked into leads me to believe that if you know how to actually use the damn thing then SELinux would provide far higher levels of security. If I had to take a stance (that's quite possibly retarded because I am not that knowledgeable with either option) I would say apparmor would probably be better used for consumerist use IE the desktop and SELinux would just thrive better in a server setting. Again I am most likely completely wrong and saying shit that sounds like shit but that's my understanding and I would greatly like to see a bit more detail from someone who actually understands both of these things tbh.
 
  • Agree
Reactions: Jang Joo
The more I hear about people who don't use Linux complain about Linux, the more I don't want them to ever use Linux.
Every time I see some people complain about "having issues", I get:
  • 90%, they just don't reply;
  • 9% of the time, it's something that's a simple fix if they could do even the slightest research;
  • 1%, it's an actual issue that you can't do much about on Linux
Seriously, hearing someone complain about Arch Linux's installation is driving me fucking mental since a) archinstall exists and b) you can just use EndeavourOS or even Garuda Linux if you want an easy Arch install. At least say Gentoo if you wanna sound like someone who isn't completely retarded. I honestly feel like the reason people make complaints about Linux is to justify their laziness and what we saw in the 2020 with people spending more time on activities instead of actual skill building reinforces that.
 
  • Agree
  • Winner
Reactions: Blackhole, Kiwi2Shoes, Rekeita's Kidneys and 4 others
You must log in or register to reply here.
Back