Recent comments in /f/Linux
baby_bat OP wrote
Reply to comment by sovereign in Linux security questions from a newb by baby_bat
This is super cool, thanks for the link!! I'll def look into this
z3d wrote
Reply to Linux security questions from a newb by baby_bat
In short, unless the attacker has physical access to your box, you don't have much to worry about.
More info:
- https://eclypsium.com/blog/bootkitty-linux-bootkit/
- https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/
For some hints on hardening Linux, try installing lynis and following the advice.
sovereign wrote (edited )
Reply to Linux security questions from a newb by baby_bat
I'm involved in a project with the goal of improving security of Linux systems. The project is called: The Sovereign Project (http://sovereign.i2p)
The project's scope is to secure digital and physical resources accessible from Linux based computers. It uses elliptic curve digital signatures (Monero protocol) for authentication and supports Monero Proof-of-Payment in authentication policies. The Monero Proof-of-Payment provides for securing resources with the electrical power (watts) consumed by Monero miners globally (estimated at about 80 megawatt hours).
The project recently developed a Linux Pluggable Authentication Module that authenticates using monero digital signatures and optionally authenticates via Monero Proof-of-Payment to secure Linux systems. There is a bounty (currently 17 XMR) for anyone able to compromise a Linux system via SSH (Attack Bounty #1). The secured system for the bounty is addressable only from an I2P destination:
e5xemz5wfdbq4ujm6vvlvhtpjn3hp55a6pk5noo4jouigkd7de4q.b32.i2p
The Sovereign protocol is a message passing protocol (JSON messages) over the I2P network or SSH Tunnels on private networks and I2P and SSH Tunnel connections are interoperable.
The project was started in 2024 and its still in its early days and is targeted for highly secure systems.
Sovereign Project - Approach to effective cyber security: http://sovereign.i2p/steps-to-effective-cyber-security.html
The project is for those serious about security with technical competencies. It may or may not be suited to your needs.
Browse the eepsite to investigate: http://sovereign.i2p
ManMan wrote
I watched Mental Outlaw's video on it. It fucking pisses me off, anything that benefits everyone such as science or open source software needs to be kept away from politics. If the Russian government really wants to backdoor the Linux kernel pose as an American or something.
ManMan wrote
Reply to comment by gresskar in Xfce 4.20 Pre1: The Road to Final Release Kicks Off by z3d
nice
gresskar wrote
Looks like they'll finally add Wayland support in 4.20
saturata wrote
As already stated, that'll have not much impact to an average user but for me, working with video analysis and interpretation in real-time it will definitely make sense. All the headache with self-compiling preempt_rt into current kernels will be over (I hope so) but we will have to wait for wider feedback from RT community. Thank you very much to the devs.
TronNerd82 wrote
You can have whatever opinion you want about trans people (I am wholly in support of the entire LGBTQ community), but this is just stupid.
The NixOS devs are just shooting themselves in the foot by doing this, because by targeting average people with no opinion regarding the topic, they're just making themselves look bad. After all, it'd make for great propaganda from those politically opposed to the stance of the NixOS devs.
"tHe WoKe LiBeRaLs ArE pErSeCuTiNg NoRmAl PeOpLe!!1!one!!1!"
At the end of the day, the NixOS devs aren't doing anything productive with this endeavor, and are just turning themselves into cannon fodder for the opposing side. Let's just let each other exist, trans or not.
integra wrote
Reply to Help for creating a distro by piezoofc
This might be me not knowing much about Arch Linux distributions, but I think it would be interesting to see it ship a wayland compositor such as River or DWL as default. If I recall correctly most of the wayland distros mainly ship either Sway or Hyprland as defaults.
bottticelli wrote
Does it mean for us to put aside dual-boot Windows-Linux eventually and get ourselves on the Linux-only configurations?
zooman wrote
what kind of bull-shittery is this?
bottticelli wrote
Reply to 2 good 2 be true....GUIX Resurrection? by GUIX_FAN
It sounds wonderful! Does anyone know other package managers suitable for Debian or Gentoo that allow handling packages on the 'per-user' basis? I'm really tired of sudo-ing every time I want to install a package for non-sudo user... This seems obsolete, redundant, and simply ugly. GUIX is definitely better in this regard, but what might be an alternative?
righttoprivacy wrote (edited )
Reply to Help for creating a distro by piezoofc
I would 1st (of course) take a look at what's already out there, and done in Arch-land, as a point of reference.
Find out what many users desire, (ex: search social media / forums for popular questions. Not only app-wise, but configuration, features.
I'm just guessing here - really depends what you hope to achieve out of your project.
Most users outside the hardcore Archians, will opt for Arch based, easy guided usage / install.
Maybe you want something more easy to work with - or you could keep closer to traditional Arch, and enhance that?
If security is the idea, usability can take some balance. Kicksecure project for Debian serves as a nice example of usable / hardened, if security is one of your goals (might not be the goal if seeking new to Linux users).
Ask yourself what kind of users are you trying to attract out there. Anything from a distro you always wanted to see on a distro, that you felt partly missing?..
That is where I would start.
NotQball wrote
Reply to Help for creating a distro by piezoofc
This is a very complex question. The Arch people were to NOT able to get a decent Qubes template even though they CAN kick Qubes developer ass blinded and one hand tied behind their backs. Arch has the best software people and documentation. Did I kiss your ass enough?
One of the problems is the update/installation networks. Arch handles most hardware like a champ. At this point torrents are your best bet.
Maintenace screen time is another problem. If it is more than 5 hours a week, you lost me. I hate screen time even TV and sometimes cinema.
The level of skill of the user is also a factor (audience). Arch requires a very knowledgeable user. The Austrian Arch-Crap is just unsecured crap with my rating being toxic.
The rest is standard: reproducible builds, snapshots and the rest of the buzzwords that do mean something.
Let me know if you have a decent Qubes template that I can install the easy way. I did use Arch for a few month and some hardware wizards use it all the time, but they need a truck load of equipment to make it safe and anonymous.
Immortals wrote
Interesting and a bit dangerous.
kolyzzy wrote
Reply to So, I decided to give KDE Plasma a whirl... by Rambler
I use KDE Plasma and by my experience it works pretty great with two monitors.
righttoprivacy wrote (edited )
Super cool looking as well. Always appreciate the practical SIGINT / radio based ones.
Things that make you love technology again.
not_bob wrote
Reply to So, I decided to give KDE Plasma a whirl... by Rambler
That's cool and all, but I'm going to stick with fvwm2. I like a window manager that uses less than 200k of ram.
someoneonarchlinux wrote
Reply to Slackware turns 30 Years Old! by righttoprivacy
Damn... 30 YEARS OLD???
someoneonarchlinux wrote
Reply to So, I decided to give KDE Plasma a whirl... by Rambler
I have currently installed cinnamon, xfce, gnome, lxde, lxqt, mate and plasma on my Debian PC. Most often, I find myself using lxde and plasma. I admire plasma's looks! I primarily use lxde because it is so lightweight, and my computer is 15 years old. However, it does struggle a bit when running plasma...
Barnacle wrote
Reply to So, I decided to give KDE Plasma a whirl... by Rambler
I used XFCE from 2006 until around 2011 and it was pretty nice and lightweight. Then I switched to a laptop running Gnome for a few years, but noticed later versions became a bit sluggish. On my current machine (a laptop based on Ryzen 7 with 40 GB of RAM) I switched to KDE Plasma because its performance is pretty good, it's compatible with Wayland and it has a lot of built-in applets and stuff. And it didn't have the frequent CPU activity spikes I was seeing with Gnome.
Despite the lack of Wayland support, XFCE is really nice, although I'd consider LXDE or Enlightenment on a low RAM machine. Enlightenment looked amazing last time I tried it on an old laptop.
expiccione wrote (edited by a moderator )
Reply to comment by Rambler in So, I decided to give KDE Plasma a whirl... by Rambler
You can try to strip some part of Plasma to make it less heavy on resources. Still, if your hardware's shit, there's nothing doing. I've got a laptop which barely runs bspwm xd.
What you are looking for is baloo and PIM shit, which is almost useless. if you take a look at htop, you can see what is chugging RAM and other resources.
Anyway, what hardware do you have to not run Plasma?
Rambler OP wrote
Reply to So, I decided to give KDE Plasma a whirl... by Rambler
Update: Tried running in on my workstation. It's performs like dog shit.
Back to XFCE fulltime.
shrug wrote
you can install linux on a btrfs subvolume.
during the installation you have to manually mount it on /target and skip the partitioning process. after continuing you'll probably get an error message where you hit 2xback and suddenly it continues. i could expand on this. is there (still) demand ?
baby_bat OP wrote
Reply to comment by z3d in Linux security questions from a newb by baby_bat
Thanks for the reassurance, I always make sure nobody has physical access to any of my devices unless I'm there with them. I'll look into the linux hardening tips as well