ssm

ssm, 10 hours ago

Friends don’t let friends use IBM software.

ssm, 13 hours ago (edited 12 hours ago)

lmao how much did steve ballmer pay you to write this

ssm, 12 hours ago

thanks for the brain rot, op 🙏

ssm, 1 day ago

Users should be afraid of the malware that is default firefox. Why do you think so many people use forks?

ssm, 1 day ago (edited 1 day ago)

Chrome being worse than Firefox doesn’t make Firefox’s default telemetry, adware, and DoH to cloudflare good. When the bar is Chrome, essentially any browser passes.

ssm, 1 day ago (edited 1 day ago)

Telemetry you can’t easily disable (requires modifying about:config, can change on update), Glean (nastier than anything in chrome), DoH to cloudflare, pocket (adware), Anonym.

www.jwz.org/blog/2024/06/mozillas-original-sin/ mozilla “saving the web”. If you want to save the web, use something like qutebrowser, luakit, or falkon with drm compiled out.

jwz.org/…/mozilla-is-an-advertising-company-now/

ssm, 2 days ago

Flatpak’s usecase for me is Alpine Linux and other distributions that use musl or other libc implementations. I don’t love it, I think its cli interface and the way you add flatpak servers to be obtuse and annoying, but it is useful for getting glibc dependent software.

ssm, 14 hours ago (edited 14 hours ago)

Just make the file root owned and readable by no one. An unreadable file can’t be copied. You can use chattr to add some flags like immutability if you desire (shouldn’t really need to). Use a command like find /some/path -type f -exec chattr whatever {} ; if you need to do this recursively. Root account should need a password, and should (hopefully) not be accessable with an unprivileged user’s password through sudo/doas, but on its own account with it’s own password using su or login.

Note that without encrypting the file, this does not protect you from someone just grabbing your storage device and mounting it with root permissions and then they can do whatever they want with your data. It also doesn’t protect you if someone gets root access to your device through other remote means. If you want to encrypt the file, use something like openssl some-cipher -k ‘your password’ -in file -out file.cipher_ext. If you want to encrypt multiple files, put them in a tarball and encrypt the tarball. You can again also use find with openssl to encrypt/decrypt recursively if you don’t want to use a tarball, which may be better with ciphers like blowfish that aren’t secure at large file sizes; but if you do that, you expose your encrypted file system structure to attackers.

I am not a fan of full disk encryption, because it usually means leaving all your data decrypted during runtime with how most people use it. If you only decrypt a block device when you need to, there’s nothing wrong with that, and can work as an alternative to encrypting a tarball.

ssm, 4 days ago

OpenBSD’s default public domain kornshell fork on OpenBSD, oksh (portable OpenBSD ksh clone) on Linux/MacOS/Other Unix. It has far fewer extensions than something like Bash (which I consider a positive) while being much faster (tested with hyperfine), and the extensions it does have are all useful (arrays, coprocesses, select, .* not expanding to . or .., pattern blocks, suspending of the whole shell).

ssm, 4 days ago

Plain text files.

ssm, 4 days ago (edited 4 days ago)

I dislike the paradigm that there are “techy people/programmers” and “tech illiterates/non programmers”. Anyone can develop the skills to properly use unix interfaces given proper training; and I know that’s true because the whole world used to run (mostly) unix on the desktop before corporate took over. Unix doesn’t need to be windowsified/macosified to get people to move over; people need to unlearn the interfaces corporate has brainwashed them with for generations. There are so many more interesting user interfaces than just what Windows and MacOS provide; graphical or otherwise.

ssm, 6 days ago

Except the gold is actually poop and the shovels require burning several trees per dig

ssm, 7 days ago

Protonmail sucks because you can’t use it with 3rd party mail clients like claws-mail or mutt without handing over $$$ (even gmail lets you do this for free, I believe). The plaintext mode in Protonmail appears not to be actually be plain text because I’ve had trouble submitting plaintext patches to the OpenBSD lists several times with it.

Have no experience with Tuta.

Self host on a VPS. OpenBSD makes it easy, follow a guide like this one.

ssm, 8 days ago

wonder what fraction of a fraction of a percent of their yearly profit they’ll be charged this time

ssm, 9 days ago

SteamOS on steam deck, PostmarketOS on pinephone. On desktop I use OpenBSD, but if I used a Linux it’d be either Alpine, Void, or Devuan.

ssm, 8 days ago

Mouse and keyboard are my bread and butter, I don’t particularly enjoy gamepads, but the Steam Deck gets around this thanks to having touchpads and gyro, so I don’t mind using it when nothing else is available.

ssm, 9 days ago

The longer Bethesda doesn’t touch Fallout the better, as I see it.

ssm, 8 days ago

Really wish when I clicked on the alternative for change.org one of the choices would have just been “a gun”

ssm, 10 days ago

• Closed software (and hardware if we count in house arm chips?) ecosystem is bad for security and privacy
• Apple is subject to ancap US corporate law, which means they can realistically do whatever they want with your data (and it would be a bad business decision not to) with no real punishments/business expenses if they’re caught
• Large number of users increases interest for state backdoors
• *BSD has mostly the same userland, is totally free, and open source

ssm, 10 days ago (edited 10 days ago)

PostmarketOS, pinephone, using phosh (sxmo is good too, but no support for dvorak keyboard :( :( :( ). Very jank, but I would never go back to Google/Android (or derivatives) after tasting what could be. Might try to switch to Void Linux or base Alpine since PostmarketOS is shipping systemd by default next release (“optionally, with openrc still being supported”, but we all know openrc is being pushed to the side, especially since it needs recompilation to switch back). Hope to boot OpenBSD on it some day.

ssm, 9 days ago

systemd is good software and people should find proper reasons for disliking it for once instead of just following the hate train.

Are “breaking portability with non-linux unix systems (and even linux systems that don’t use systemd)” and “overly complex codebases inherently being more bug-prone and systemd having a poor security track record” good enough reasons for you?

ssm, 10 days ago

use relative paths (cd into the directory below your repository) and use tab completion, and you won’t have problems.

ssm, 12 days ago

You’re saying this like Micro$hit isn’t just going to revert back to recall being opt-out (or non-removable) in a few weeks after the outrage dies down

ssm, 14 days ago

Microsoft is evil, but are they more or less evil than Google?

ssm, 15 days ago

corporate linux apologists promoting proprietary ecosystems are still corporate apologists promoting proprietary ecosystems

ssm, 14 days ago

In order of personal preference:

scp (sftp)

rsync/openrsync

nfs

host files on an ftp server with ftpd

hosting files on an http server with httpd

ssm, 16 days ago

My cheeki is breeki’d

ssm, 16 days ago

I love searxng in theory, and I use it as my default search engine, but very often I am missing results; I don’t know if it’s deliberate censorship from bing and google so you don’t use their apis on 3rd party platforms, or if searxng is just buggy, but no matter what search engines I enable in the config, I am missing results.

ssm, 17 days ago

learn ed, the STANDARD EDITOR

ssm, 17 days ago

It’s easy to blame the monetization model, but the devs did decide to pour their effort into a project, knowing that they would likely be cucked by their publisher. There was an way to easily avoid this, even if it meant the game wouldn’t have gotten as much attention. The fewer people use publishers, the less they dominate the front page of retailers.

ssm, 17 days ago (edited 17 days ago)

I use quad9 with DNS over TLS systemwide with openbsd unwind

unwind.conf config

<span style="color:#323232;">forwarder { 9.9.9.9 port 853 DoT 149.112.112.112 port 853 DoT }
</span><span style="color:#323232;">preference { DoT }
</span>

firefox’s use of cloudflare for DoH is irresponsible, and possibly worse than just sending your DNS queries to your ISP’s default servers. It would be in line with Mozilla’s other practices though.

ssm, 18 days ago

maybe consider buying hardware that supports a real mobile Linux like postmarketos.org next time

ssm, 18 days ago (edited 18 days ago)

The software that runs on mobile Linux is the same that runs on desktop arm64 Linux, minus a few mobile-specific components packaged by postmarketOS/etc. Minus the few mobile-specific components (modem drivers, userland components like the virtual keyboard and window manager), the software is very well tested and used regularly. Only thing I’m sketched about is the sim card, which has quite a lot of control over the device from what I was told. It’s not like non-linux phones are any safer from this though; if anything they’re more likely to be targeted by any hardware vulnerabilities/backdoors due to being more popular devices.

ssm, 18 days ago

Linux can be hardened, but is very open by default.

yup.

It also offers no out of the default sandboxing of apps from each other.

I don’t use applications that need sandboxing. I would enjoy if OpenBSD’s pledge and unveil were ported to Linux at some point though.

It isn’t immutable, unless postmarketOS is, which is a large security threat when considering device integrity.

How does immutability improve security beyond standard unix file modes?

Full disk encryption isn’t enabled by default (unless changed in postmarketOS).

I used to do FDE, but now I prefer just encrypting the files I actually need encrypted. FDE doesn’t protect you from an attacker that can get access to your phone while it is booted.

Root login is enabled by default (a huge attack vector).

What huge attack vector? It’s just as secure as any account if it’s given a good password. I’d argue sudo/doas is a lot less secure when authenticating to root, since if an attacker knows your user password, they now also have root access.

I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS.

I will use my already deblobbed Linux distribution, but thanks ;)

ssm, 18 days ago

Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?

No. Why would I need to do this compared to a standard Linux desktop PC? Does having a WWAN radio somehow open me up to some massive amount of exploits compared to another mobile device, say a linux laptop?

Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.

I don’t think my hardware (pinephone) needs any blobs (If any, the GPU? Panfrost exists so probably not). It may need proprietary firmware, but firmware doesn’t touch the kernel and is loaded onto the auxilliary device’s CPU, so it’s not as big of a security compromise (excluding CPU firmware). I already replaced the modem firmware with an open source version, so I think I’m fine there.

ssm, 19 days ago

“modern” is a very loaded term here

ssm, 19 days ago

Since the consensus is that Borderlands is now a dead franchise, anyone know of any alternatives? I enjoy Roboquest, but it doesn’t quite scratch the same itch (minus the artstyle). Gunfire Reborn seems closer to Borderlands, so I’ll check it out eventually.

ssm, 20 days ago (edited 20 days ago)

No, nor should the user be encouraged to. Shell is often the best tool for the job for things like filesystem operations and scripting for a unix environment. Limiting yourself as a user just to copy Windows’ and MacOS’ paradigm is just hurting yourself in the long run.

ssm, 20 days ago

I would hardly call using the shell “tinkering”. It’s just a different interface.

ssm, 19 days ago (edited 19 days ago)

Most Windows and Mac users have no idea what a script is,nor do they care.

Imagine how much easier their lives would be if they did (at least the MacOS users, since Windows has yet to find a usable shell).

If you’re on GNOME, KDE or any of the other DEs for that matter, and you’re not a geek, yes you can live on GUI alone these days.

Unless you have exactly 1 tech support issue, in which the assistant will tell you to open a terminal for diagnostics, because any other interface for debugging is insane. Telling users they shouldn’t learn shell is just setting them up for being dependent on users that do.

ssm, 19 days ago (edited 19 days ago)

DNS blocking with DNS over TLS (DoT) with OpenBSD unwind + disabling javascript

• userscripts where javascript is required and the site is cancer (youtube, twitch, other corpomedia)
• disable/compile without DNS over HTTPS (DoH)
  • I’m not sending my DNS requests to cloudflare, and I want my DNS to be system-wide

always disable DNS prefetch

works in any browser (system-wide actually), not just in Firefox/Chromium

ssm, 19 days ago

2FA is for people who don’t know how to use randomized passwords for every site

ssm, 21 days ago

This you, OP?

https://lemmy.sdf.org/pictrs/image/a0caa9e5-65e3-46d7-8dcd-b4cf2ff32480.png

ssm, 21 days ago

it’s him

ssm, 21 days ago

Copying this from another thread that was basically the same question, but didn’t get much attention

Started on Arch Linux for some reason back in 2016, I just decided to throw out my Windows and install it (Don’t really remember what was going through my head, or why I wanted to install Linux, other than I was reading the r/linux subreddit wiki at the time). I was trapped in a TTY trying to install the thing for maybe a week, and after 9 reinstallations, I got Arch working and got a Weston compositor session running under Wayland. After realizing Weston was more a tech-demo than something I was actually supposed to use, I installed X11 and Gnome, which was cool for approximately 3 minutes before I decided to replace it with some minimal window manager instead. Can’t remember if it was i3wm or something else, but i3wm sounds right; and later I messed around with some tilers like StumpWM, ratpoison, and HerbstluftWM.

After about 3 months, something in Arch broke (systemd was not reaping processes properly was what I concluded at the time, no idea what the actual problem was but I ended up with a bunch of zombie processes), and I decided to install Gentoo as my second Linux distribution. After installing Gentoo, I entered a stage which is colloquially know as “config hell” where I overconfigured everything to the point of breaking something, and could never figure out what I actually broke because everything was so overconfigured. After recompiling the whole system, everything was still broken, so I reinstalled Gentoo, this time less overconfigured, but still somewhat overconfigured (It didn’t help I was also running a full self-made custom kernel config with 3 months of Linux experience, I surprised the thing booted at all).

I lived in Gentoo for around a year using HerbstluftWM, but eventually I grew tired of how much maintenance Gentoo required and just wanted some sane defaults. This led me to installing OpenBSD, which I guess was the right decision for me because I’m still using it to this day (7 years!), and is where I gained the majority of my knowledge about using Unix thanks to the wonderful documentation. Initially I didn’t like the ports system because it didn’t have as many knobs as Gentoo’s portage did (Gentoo’s portage is more modeled after FreeBSD’s ports than OpenBSD’s ports it seems), but I came around to enjoying hacking ports with my own patches instead of using preconfigured knobs. Eventually my porting skills got good enough that I now officially mantain a couple OpenBSD ports (games/stone-soup, www/pipe-viewer), and that list is likely to grow. I switched between some other window managers (ratpoison, JWM, FVWM2) before settling on OpenBSD’s in-house cwm. I purchased a VPS also running OpenBSD, and self host various things like email, git, ZNC, web/http, and IPsec/VPN. Eventually, I grew tired of not having games to play (OpenBSD doesn’t support WINE), so I bought a Steam Deck that I use as both my gaming desktop and handheld. I also bought a Pinephone from Pine64 which currently uses PostmarketOS (I hope to run OpenBSD on it some day though).

https://lemmy.sdf.org/pictrs/image/56735566-ad96-4ae6-a667-434aa5275e39.png

tl;dr Use Arch as your first Linux distribution and you’ll end up as an OpenBSD ports maintainer I guess

ssm, 22 days ago

Write your steam username and password down somewhere in plain text (and maybe your email auth too since steam seems to like email 2fa garbage), and then someone will find it after you die and can use your account.

ssm, 23 days ago

It starts with a blatantly llm-generated image, with the text possibly being a chatbot as well; good journalism is rare these days compared to this mass-produced slop

ssm, 22 days ago

If the user sees the following

Linux Is Only Free if You Don’t Value Your Time

one must immediately counter with

Windows Is Only Free if You Don’t Value Your Privacy

The Windows user will immediately disintegrate if performed optimally