I am sure about that.
Pretty much everyone was against them buying ARM. Imagine if they bought Intel.
We-ell, this thread kinda started with saying that we’ll see glaring security holes with the same desktop popularity as that of Windows.
Yeah, like windows did, for a long time, and from time to time still does.
Well, then it doesn’t require flatpaks and snaps to solve this huge problem, right?
It pretty much does, yes.
Well, since you’ve mentioned accessibility […]
Ok. Not to do with security. Let’s not get sidetracked.
Ok I’m not sure, but I think OpenBSD and NetBSD don’t run any scripts contained inside packages. They are not Linux ofc
I’m not sure about the BSDs, but I’m talking about Linux. And as it stands, the package installation step is a risky process in any distro I’ve ever seen. You just have to rely that no mistake will ever be made by packagers, nothing will slip past them, and that they manually and thoroughly look through every installation process of every package (which they don’t).
It’s an unnecessary risk that gets solved by Flatpak (plus a bunch of other security advantages)
Yes, you can do that. You can set aliases which will look like whatever at all. How do you solve that “problem”?
I don’t know, I’m not a security expert. But it is a problem, and a massive one.
Which would be simplification.
Like I said, much of the new things you’re complaining about is simplification. Flatpak, Wayland, xdg-portals.
A personal computer should be as complex as Amiga 500 tops.
Lol. Why stop there? Why not say they should be no more complex than an abacus?
What you run in them is untrusted crap.
How?
And assuming it is… running it without a sandbox is somehow better??
Yes, what’s standard in X11 has N different variants with Wayland. Correct
Can you please answer. X11 is far more complex than Wayland. Why do you prefer it if you like simplicity?
I don’t use it at all.
You don’t use programs that… do things? Things like follow system theming, give notifications, open/save files, record your screen, open a file picker, etc? I don’t think you’re grasping what portals are.
If you meant that Wayland is simpler than X11,
Wayland is simpler than X11, by a long shot.
let’s compare them when Wayland reaches feature parity.
It won’t ever, by choice. It’s not meant to. X11 is filled with many mistakes that it should never have had.
Also X11 as a standard is simple enough.
The X11 developers say otherwise, and have embraced Wayland.
I also consider Nix and Guix to be better solutions to some of the problems Flatpak and Snap solve, and Flatpak and Snap to fall short of solving others.
Christ. I don’t. At all. You want simplicity and are now advocating for Nix and Guix, no Flatpaks, sticking with X11, no xdg-portals?
Do you have the definitions of “simple” and “complicated” mixed up in your mind?
Regulators wouldn’t allow that to happen.
This essentially all boils down to “I don’t like new things, and despite it being made more secure, I don’t trust it”
How are sandboxes “untrusted crap”?
You talk about complexity being bad, yet you seem to prefer X11 over Wayland, and 500 different implementations of the same thing, implemented separately by every app developer, rather than using a standardised xdg-portal. Surely you see the contradiction there?
This would be the same as under Windows, no?
In short, no not really for modern windows versions, in almost all cases.
Although I don’t find “well Windows does it so it must be alright” to be a great argument anyway. When someone says “top notch security”, Windows isn’t the first thing that springs to my mind.
It usually does, but it doesn’t have to.
Hypothetically yes, but in every single distro out there that I’ve seen no. And most people don’t build their own from scratch.
And the new thing to replace that is still not good enough after 10 years or so.
Not in all cases, no. There are fringe usecases still being worked on. I’ve been using it since 2016 just fine, but my sister, who is reliant on screen readers, hasn’t been able to.
Like I said, things are being worked on. This is kind of derailing the conversation away from security, though. I was talking about security.
Let’s please not extrapolate the problems of your distribution to all of them.
No. It is all of them. It’s a problem with all Debian-based distros, Fedora, SUSE, Arch, you name it. Installer scripts run with root privileges.
Your user may set aliases for the shell of your user, and the program\script ran by your user can do that.
Yes… then when you run sudo thinking you’re using whatever command, it can run something entirely different. How don’t you see that as a problem?
It’s not a security hole at all.
WHAT?! Any program, without root privileges, being able to tamper with what commands do, and gain full root access to your system, “is not a security hole at all”??
So you download, say, a text editor. Except it’s been compromised (although you don’t know it). That program alters the sudo command by aliasing it to execute a curl command that encrypts your drive and shows a message that if you send ABC amount of bitcoin to XYZ wallet, then you get the decryption key.
You run sudo for any reason, e.g. to edit your fstab file, do a system update, install a package, anything, and you type your password at the prompt as usual. Unbeknownst to you, you didn’t actually just run sudo plus your intended command, you just ran that aforementioned curl script, and you handed it sudo privileges. Your SSD is encrypted, your data is gone.
In your mind, that’s not a security hole? That’s intended behaviour? Any program should be able to do that?
I don’t really know what to say to that, other than I disagree wholeheartedly.
This is a bit overhyped.
No, it isn’t. If anything it’s the opposite.
Under X11, any program of any kind can see the contents of another program.
Under X11, any program of any kind can see all your keypresses, whether the app is focussed, unfocused, minimised, on another virtual desktop. Anything.
Under X11, any program can inject keypresses into any other program.
Under X11, any program of any kind can access your clipboard.
And it doesn’t even take root privileges. That’s just the default.
The X11 system itself runs as root, though. And this opens the door for privilege escalation exploits.
That’s before we even consider the devs themselves saying that the complexity, decades of spaghetti code, and unfixable bugs make it virtually impossible to patch.
X11 is a security nightmare of epic proportions. An absolutely cataclysmically insecure system. And it’s one of the main reasons that X11 devs abandoned it for Wayland.
WTF? Things that run as root, do. Things that don’t, don’t. Obviously most things don’t.
I never said that things that don’t run as root run as root. That doesn’t make sense, it’s self contradictory.
What I said was that install scripts for repo packages always run as root. And therefore anything that makes its way into the script will be executed with root privileges. That is a risk.
For your own user, so what?
What do you mean, “so what”?! A non-root program being able to highjack system commands and even gain root access isn’t “so what”, it’s a glaring security hole.
Actually it is. One can make levels over levels of isolation, sandboxes and more sandboxes, but in the end conscious hygiene matters most.
You’re right, but you’re taking my words there a little too literally there.
When I say the problems aren’t insurmountable I mean “with effort, a lot of these will be fixed and your system will be pretty secure”, not “one day Linux systems will literally be unhackable, and no exploit or security issue will ever be found again. Security problems will be a thing of the past.”
I’m not sure this is entirely correct
Why is that?
Now, using snap store, flathub and all that is just unhygienic.
What is this based on? What do you mean by “unhygienic” anyway?
Flatpaks are more secure than system packages. They’re not installed with installation scripts that run as root (and can therefore do anything to your system if malicious code is slipped in.
Flatpaks also have sandboxing. It’s not a perfect implementation mind you, but it’s better than zero sandboxing.
Snaps is a bit more complicated, but sandboxing works if you have a fistro that uses AppArmour, so basically Ubuntu and some derivatives. Although who else would use snaps anyway lol. Flatpak won that fight.
I’m certain most of the failures will be in the new shiny stuff
I don’t know why you’d be certain of that. New stuff is generally designed from the ground up to be more secure.
Look at Flatpaks Vs repo packages.
Look at xdg-portals Vs 500 different implementations to do the same thing.
Look at the absolutely cataclysmic security catastrophe that is X11 compared to Wayland.
It is a retort.
Hedge funds do invest in stocks. On what planet are they not investors? They invest.
Short sellers are certainly a bit more ambiguous in how you’d classify them - but at the end of the day they’re still buying and selling stocks, and therefore investing and divesting. Classify them how you wish.
It’s also true that short positions only make up a small amount of the market.
Saying that there’s no such thing as investors or that stock prices aren’t influenced by the buying and selling of stocks is insane. That’s ultimately the only thing that influences them.
100% there will be more malware and scams as Linux grows. In fact, it’s happening already.
Just look at there being multiple instances of cryptowallet theft on Ubuntu’s app store by devs uploading fake copies of crypto wallet managers.
And that’s before we even get onto DEs – and much of the desktop Linux stack in general – generally not being designed with security in mind, as it’s not been something they’ve had to worry about.
We will see more malware, more scams. We will see glaring security problems that were allowed to stay in place for years be exploited. We will see infighting in the Linux community over all of this stuff.
It is the price we must pay for being an increasingly relevant platform.
With any luck, more users will mean more contributors, more financial support for devs, and of course better security as a result of that - you only need to look at how much KDE Plasma has improved with support from Valve, and how much work Gnome has been getting done after Germany’s “Sovereign Tech Fund” contribution to see that even a little bit of support can go a long way.
Unfortunately there’s a lot more to it than that.
You’re right that the “back end” of Linux systems tend to be quite hardened.
It’s the desktop environments that are a concern when it comes to security hardening, IMO. Almost all servers have no DE installed so it’s not something enterprise has cared about.
How much effort has been put into security on DEs? I honestly have no idea, but so far there hasn’t been an enormous pressure to security harden them.
Shit, look at:
X11. It’s insecure by design, yet most distros still ship with it (understandably, since Wayland isn’t 100% yet).
packaged software runs as root during the whole installation period - this means that anything slipped into the install script will have full root privileges to do anything to your system. Flatpak does fix this, but normally-packaged software is still abundant.
any non-root program can change aliases in your bashrc or bash_aliases file. I.e. they can change “apt install” to some other nefarious command, or to point to a dodgy software repository, so that next time the user types “sudo apt install [XYZ]”, it downloads malware or does other nasty things.
I’m absolutely clueless about this stuff and I can come up with those potential attack vectors in seconds. Imagine what a proficient hacker could do, or a hostile nation-state.
I definitely think improvements will have to be made in terms of security, and we’re no doubt going to hear more about malware in the coming years. But it’s not an insurmountable problem, IMO. Distros and DEs will just take time to adapt.
Those are investors.
Eh, if they were doing it on Mastodon nobody would see their campaigning. And of that tiny amount that do see them, they’d mostly be preaching to the choir.
For an average user you have a point, though.
I’ve heard Musk referred to as a piss baby moreso than other dickheads in the public eye.
Is there some story I’ve missed out on, or is it just a generic insult that’s somehow stuck to Musk more than it has to others?
No but I definitely should
Born in India
Can’t deny liking bobs and vagene from time to time
There’s a whole world outside of the US, you know.