Most companies I’ve worked at where employees had a Microsoft work computers. They were under heavy control, even with admin privileges. I was wondering, for a corporate environment, how employees’Linux desktops could be kept under control in a similar way. What would be an open source or Linux based alternative to the...
To get rid of Viruses, simply clean out all executable attachments in mails, mailcow and other solutions support that.
You can also mount /home nonexecutable, which means everything you can run needs to be on the system. Without that, “control over what is installed” is worthless. You could literally download any package, export the binary and run it from anywhere.
To run untrusted software, you can use a server that uses something like KASM. It is image-based, accessed through the browser, suppports uploading files and viewing lots of stuff. You can also run antivirus there, but as shown in this video antivirus is often simply tricked by encoding and re-encoding the scripts into something like Base64.
Antivirus really is flawed. You need to control the origins of code, and run all untrusted code in immutable VMs.
I’ve noticed that ads are absolutely everywhere, and wanted to post this to disillusion some of the places we see ads but don’t realize. It would be harder to make a list of places you don’t see ads....
Nothing digital shows me ads, but going to a crappy supermarket is crazy. Most organic stores dont have any ads, its really disturbing to be in others. (But the fact that they are not able to feed humanity is a complex issue)
Projects leaching on the work of companies like that, “freeing the code” (which literally just means huge companies will not pay a cent for Linux in the future too) and adding their 2 cents, is not really a big effort.
The same thing with other projects that “became nonfree” and where forked to “stay free”.
If a license says “you can use it for free, but need to share profits over x$” it is free software in any way we should be concerned about it.
Yes for sure and I dont know what I think about that RedHat move. But specifically about redis, (the thing I forgot the name of) and others, I get the feeling they just try to protect themselves against being used for free by megacorps.
They offer support for it and contribute a lot to all those projects. But I was mainly focused on projects restricting their license, RHEL is a complicated topic.
Appimages also install another distro onto your system. May be small, but you have no deduplication at all. Flatpak could do a better job at enforcing the use of very few runtimes, but at least it is transparent what is used, unlike with Appimages (where you have no idea if any app has a runtime with a vulnerability etc).
If they use compression, you replace disk space with CPU power.
<span style="color:#323232;">28,88 GB "naive"
</span><span style="color:#323232;">21,57 GB with deduplication
</span><span style="color:#323232;">16,24 GB with compression
</span>
For all my apps, including a ton of stuff I just test. And that on a 1TB drive is just not important.
Appimages can be placed in ~/.local/bin/ which makes them kinda okay for terminal use. But none of the formats is terminal friendly. Flatpak has a veeeery descriptive syntax, which makes sense but for sure it is a pain to write.
But yes, CLI stuff is not covered but that is also okay. Flatpak deals with all the huge GUI apps, the distros can take care of the small rest.
Of course thats not perfect, but snaps have no sandboxing without apparmor (with patches) and appimages have no sandboxing at all, ignoring firejail which is a root binary and has had security vulnerabilities in the past, making it basically a privilege escalator.
Yes they break that strange XDG idea, and that makes sense. Every app is a container, and if you delete that app directory, all its settings are reset etc. It is a huge advantage for a clean system.
For sure the directories are long as f*ck but that is an okay drawback for having the ability to control the app data so easily.
Thats why you should only use flatpakked wine wrappers like Bottles. Bottles has no filesystem permissions at all, everything uses portals. So I suppose (apart from maybe privileged syscalls?) Viruses would be harmless
Please be aware that you just commented on some of the points.
Madaidan is often criticised and debunked, and that “linux is insecure” post is pretty old.
They say that many flatpakked apps have broad permissions, which is not a flatpak issue, because those are simply legacy apps that are often huge, dont support Flatpak at all and often also dont care.
They mention the “badness enumeration” like restricted syscalls, which is really problematic and seems to still be used. This is really bad and I hope it gets fixed, will open an issue about that.
But dont forget: flatpak apps may have broad permissions, but native apps have all permissions, appimages too. They have unrestricted syscalls, if not changed in the system itself.
So these might be valid points, but not a defense of Appimages at all.
Why use an appimage when they also have official RPM or DEB repos? There is nothing gained here, but you have an insecure install and update mechanism.
Would you say portable builds (like deadbeef) also install another distro onto your system?
They statically link binaries which is pretty similar.
You can also extract the appimage and run the AppRun script, comes with the downside that…
I guess you cannot update an app anymore when doing that.
Flatpak uses BTRFS compression afaik, so I dont know if it has a performance hit and it can likely not be turned off.
Is it strange idea to not want my home cluttered by a bunch of useless top level dotfiles?
That is .firefox etc. Flatpaks put everything in ~/.var/app/ which doesnt clutter anything.
Those Appimage helpers sound interesting and I will look at them. The tasks of placing somewhere, creating desktop entries etc. is not hard, but needing to do that manually is a strange and broken concept. I suppose those helper programs have some kind of community support, as Balena Etcher or whatever dont supply .desktop files.
I agree with the problems you mentioned after that. Relying on glibc is bad, using outdated x86_64 architecture is silly. The last one could be fixed easily. The former one probably not that easily.
Desktop Linux is messy for sure. But Flatpak is just really good at what it can do.
Hahaha that is actually mentioned in the article below
According to Robin Stern, PhD, co-founder of the Yale Center for Emotional Intelligence, “Gaslighting is often used in an accusatory way when somebody may just be insistent on something, or somebody may be trying to influence you. That’s not what gaslighting is.”[17]
Flatpak does this, just have a look. Every app has its config stored in its own directory. Apps only have access to that directory, if they dont get other static permissions.
yes you could of course script that, but it doesnt change the problem with appimages having insecure updates. Flatpak uses OSTree, Android has a package manager that saves the signature and if that doesnt match, an update fails.
Is that sandboxing graphically available like with Flatpak? To my knowledge it required Apparmor patches but that these are upstreamed is a good info. The SELinux implementation sounds interesting, but well… I dont see the point?
Three soldiers pounce on a shepherd sitting outside his sheep pen. They knock him over and then one of them shoots him to death at point-blank range. Fakher Jaber, a father of four, was suspected of involvement in an incident that probably never happened...
Hey guys, I am looking for a desktop app (Linux) that can translate text in images. I know I can do that with google or some other websites but I was wondering if you have an open source alternative.
Interesting, didnt know the Translation Engine was called Bergamot. Yes this absolutely needs an Android app, a Linux app, and integration everywhere. Its awesome.
being able to silence all system services to detect that bump
being able to run stuff in different ways, without a core system component (with and without systemd, as that backdoor only used data when sshd was started via systemd)
having people be perfectionist about performance measurements
having devs test upstream code not shipped to normal distros
being so good microsoft pays people to work on software for it
I can say apart from core programs like all of KDE (lol) and some CLI tools I use only Flatpaks now! Distrobox as workaround for RStudio and QGis, Appimage only as a last resort.
First, let me say that this is the worst phone I’ve ever owned. I don’t have have “fuck it, I’m buying a Pixel” money right now, but I’d like to try un-ruining my phone if possible. And what are the best ways to back up my phone before the switch?
Its strange that you need to search something first to access it. And the Claude model is really outdated. The new claude model is better than ChatGPT4 but the old one isnt.
Reproducing a Microsoft corporate environment on Linux.
Most companies I’ve worked at where employees had a Microsoft work computers. They were under heavy control, even with admin privileges. I was wondering, for a corporate environment, how employees’Linux desktops could be kept under control in a similar way. What would be an open source or Linux based alternative to the...
Open source alternative to Internet Download Manager
Hello everyone! I want to ask some recommendation of open source alternative to IDM with these feature:...
eza (formerly exa, ls replacement) can now show the actual total size of directory contents
cross-posted from: discuss.tchncs.de/post/13814482...
Linux in hospitals?
I was in the ED the other day and noticed that they use a mix of Windows 7 and Windows 10. My question is two part....
Where are places you see ads?
I’ve noticed that ads are absolutely everywhere, and wanted to post this to disillusion some of the places we see ads but don’t realize. It would be harder to make a list of places you don’t see ads....
In a First, AlmaLinux Patches a Security Hole That Remains Unpatched in Upstream RHEL - FOSS Force (fossforce.com)
Photo : AlmaLinux Day, held on March 18, 2024 in Rust, Germany. Does that mean more Rust in the Linux kernel ? :-)
Team-Kodi PPA officially retired, switches to Flatpak (kodi.tv)
Greta Thunberg detained at The Hague climate demonstration (www.theguardian.com)
Israeli troops shoot and kill a Palestinian shepherd reading the Quran on his land (www.haaretz.com)
Three soldiers pounce on a shepherd sitting outside his sheep pen. They knock him over and then one of them shoots him to death at point-blank range. Fakher Jaber, a father of four, was suspected of involvement in an incident that probably never happened...
deleted_by_moderator
What's your experience with Electron alternatives
Electron is a widely hated framework on Linux, but what about the alternatives like Neutralinojs?...
text in image translation
Hey guys, I am looking for a desktop app (Linux) that can translate text in images. I know I can do that with google or some other websites but I was wondering if you have an open source alternative.
Did One Guy Just Stop a Huge Cyberattack? (www.nytimes.com)
Ubuntu 24.04 Improves Power Efficiency on Laptops - OMG! Ubuntu (www.omgubuntu.co.uk)
Anyone here use AlmaLinux as a desktop?
If so, why? and how’s your experience been?
Best OS for OnePlus Nord N10?
First, let me say that this is the worst phone I’ve ever owned. I don’t have have “fuck it, I’m buying a Pixel” money right now, but I’d like to try un-ruining my phone if possible. And what are the best ways to back up my phone before the switch?
DuckDuckAssitant is back! (media.kbin.social)