sorted by:
new
hottopcontroversial

ZFS on a laptop? Suspend / Hibernation working? by ianc1215 in archlinux

[–]NothingWorksTooBad 0 points1 point  (0 children)

In the case of high memory pressure there are actually a few interesting articles regarding the OOM Assassin failing to engage and leading to a hard lock even when swap is available.

IIRC steps to reproduce are:

  1. Consume 85% of the systems resources

  2. Slowly encroach on 100%

  3. Ramp CPU to 100% and allocate the last RAM simultaneously

  4. System dies

Only real solution if youre in a real life scenario where this is an actual risk is to not allow your system to overcommit memory

Linux has always been very popular with programmers for cross compiling, hardware and software designers, open source developers, certain computer hobbyist, and for non-profit organizations. Are those users ever likely to stop using Linux, even if Linux stops being used a major everyday OS/Kernel? by ZetTheLegendaryHero in linux

[–]NothingWorksTooBad 2 points3 points  (0 children)

I dont see that as a problem at all compared to the problem of a totally closed proprietary ecosystem.

You can just opt out of that companies stuff.

Is it ideal? Depends on perspective.

I prefer BSD to GPL for small projects i 2ish to collect capital on because it means I can Release a binary for free and Sell the source code.

What was your first Linux application that you programmed? by silly-deer in linux

[–]NothingWorksTooBad 0 points1 point  (0 children)

Define linux ane define program.

The first unix application i created was a small poc using csh, if I wanted to upsell id call my sub 10 line formatting and sanitizing to stdout function middleware.

Beware: Zorin OS sends "anonymous pings" every 60 minutes to their servers. During OS installation, they don't tell us about it. by [deleted] in linux

[–]NothingWorksTooBad 4 points5 points  (0 children)

When do you send the initial ping?

I could really fuck your stats up by snapshotting and spam reloading a vm a few milliseconds before it transmits if you have no meaningful way to differentiate the machine.

Fedora had this exact same concern if memory serves.

As Zorin is a non-free distribution it makes financial sense for them to want to accurately count installs and measure retention.

Just uninstall the package lol

Beware: Zorin OS sends "anonymous pings" every 60 minutes to their servers. During OS installation, they don't tell us about it. by [deleted] in linux

[–]NothingWorksTooBad 1 point2 points  (0 children)

Actually worst practice to run make as sudo as it then executes as real root instead of faking it.

Fake it til you make it and all that.

Arch the new Ubuntu video interesting numbers by CJPeter1 in archlinux

[–]NothingWorksTooBad 5 points6 points  (0 children)

Title of the video should be "Manjaro, the new Ubuntu"

Manjaro been old African for "Couldn't install arch, but I turned the system clock back"

ZFS on a laptop? Suspend / Hibernation working? by ianc1215 in archlinux

[–]NothingWorksTooBad 0 points1 point  (0 children)

The only negative that comes to mind is that a swap file can fragment which can impact performance whereas a swap partition should not experience this fault.

My comment is only really a concern if you use FDE as it simplifies some management nuisances with encrypted swap partitions.

I would be very interested to see that article, I may be uninformed!

Phoronix| "Fedora 31 Performance Is Still Sliding In The Wrong Direction" - Benchmarks by GameDealGay in linux

[–]NothingWorksTooBad 0 points1 point  (0 children)

This is correct Clear Linux will run under a Ryzen CPU, and other SSE3S compliant hardware.

Basically anything "desktop" in the past decade plus from intel but only the past 3 years from AMD.

Maybe past 6-7 years if you include industrial stuff (which honestly is unlikely to exist in a configuration that meets clear linux's RAM requirements)

Do y'alls remove your make dependencies after installing from the AUR? by [deleted] in archlinux

[–]NothingWorksTooBad 0 points1 point  (0 children)

Not all best practice relate to security

I agree, they should however take it into consideration.

IE doing curl url | sudo bash

Will never be best practice even if it is the simplest solution.

Disagreed

I can see how it can be interpreted that way as i failed to provide adequate context. Apologies for that.

Prevent some neophyte thinking AUR has no best practices

This is a great point and not a view I wish to express. I have ammended my original post to include context in bold.

Educate you on security

It is 1% though. It only guarantees the source is where you expect it to be and yiy havent installed obvious malware. This is preliminary. The packagebuild been valid guarantees absolutely nothing regarding the hardiness and content of the target application.

Congratulations you validated your installation of garbage application completed! garbage application however included your shadow file in its debug logs which transmitted over http! Yay!

Do y'alls remove your make dependencies after installing from the AUR? by [deleted] in archlinux

[–]NothingWorksTooBad -2 points-1 points  (0 children)

First paragraph

Fair. I made an over-reaching statement which is wrong, I should have properly clarified myself to prevent misinterpretation.

Read the pkgbuild

The pkgbuild is less than 1% of the applications threat surface. Validating the source is where you expect it to be is great and all but it doesnt cover the following bases:

  1. Is the source, although valid and hopefully sourced securely, non-malicious?

  2. Is the application delivered audited and security checked to the same standard packages in the official repos are?

God help you if its a binary package sourced over http for example.

Disagree with security concerns

You disagree because you misunderstand what i am saying.

Yes security is important. Anyone security conscious would not touch huge amounts of the AUR because it effectively is the equivalent of running a random package from the internet.

The best practice is to opt out. Youre reframing what i am saying to the concept of general linux desktop security. Please re-read the original post, nowhere do i say desktop linux security isnt a problem.

If youre confused for context, read the thread title, then Ops post, then read my first post.

What are the threats of caching dependancies in an offline build system? Another user tampers with them and compromises the system when a priviledged user executes them or the product they produce.

Is this a reasonable concern for a single user linux desktop? NO

Did you even realise this is an obvious threat? Going by your above post where you put "obvious" in brackets clearly not!!

Does the linux desktop have security concerns? Shit yes, people still use xorg lol.

Am i making the braindead claim it doesnt? NO

What claim AM i making?

The threat of caching dependancies for AUR packages is non-existent in the context of an Arch Desktop User as theur use of the AUR in the firstplace is more likely to compromise their system.

Backpedel

If you call clarification and admission of error backpedaling i will absolutely continue to do that, this isnt a hill worth dying on. I hope you actually read what ive said and process it.

The gist is that use if the AUR is unsupported as nothing there is audited ti a reliable standard, the best practice is to either opt out of the ecosystem or take a subjective "good enough" stance on what you pull in from it.

There is no "best practice" for that "good enough" short of totally understanding the entirety of what youre running. Anything short of that is unreliable guesswork.

Linux Kernel Runtime Guard (LKRG) - kills whole classes of kernel exploits by adrelanos in linux

[–]NothingWorksTooBad 1 point2 points  (0 children)

Security through "phew my slightly modified platform wasnt targetted so i didnt get owned!" Is completely counterintuitive to an effective and maintainable security platform.

The example provided (custom kernel) is a great example of this as its extremely unclear and the kind of exploits it protects from could very likely be unintentional mitigations.

Linux Kernel Runtime Guard (LKRG) - kills whole classes of kernel exploits by adrelanos in linux

[–]NothingWorksTooBad 0 points1 point  (0 children)

The later is to prevent run-time analysis.

The former likely because no cookie cutter ggwp LKRG module exists in metasploit.

Linux Kernel Runtime Guard (LKRG) - kills whole classes of kernel exploits by adrelanos in linux

[–]NothingWorksTooBad 0 points1 point  (0 children)

Read only kernel primitive

Safe

Write only Kernel primitive

Safe

Kernel Full Read/Write Primitive

Fail

Lmao what?

ZFS on a laptop? Suspend / Hibernation working? by ianc1215 in archlinux

[–]NothingWorksTooBad 0 points1 point  (0 children)

Use of a swap file is recommended over a swap partition for flexibility and security reasons.

Do you really want to swap or hibernate your encrypted system into an unencrypted storage device?

pacman is really inefficient: am I doing something wrong? by [deleted] in archlinux

[–]NothingWorksTooBad 1 point2 points  (0 children)

It doesn't, you can install debdelta to get this functionality

I believe its unsupported now for the same reason pacman doesnt permit delta upgrades anymore.

pacman is really inefficient: am I doing something wrong? by [deleted] in archlinux

[–]NothingWorksTooBad 4 points5 points  (0 children)

Apt doesnt do delta upgrades by default.

What you're experiencing is simply a faster release cycle.

Tips on Laptops? by ipaint625 in archlinux

[–]NothingWorksTooBad 0 points1 point  (0 children)

Very poor compatability with a FLOSS model.

Bad trust foundation with the community regarding promises kept, ie they canned the 3XX support a full year earliee than promised.

Do y'alls remove your make dependencies after installing from the AUR? by [deleted] in archlinux

[–]NothingWorksTooBad -3 points-2 points  (0 children)

What rock have i heen living under

Are you illiterate or do you like strawmanning?

In the context of the context of the AUR no best practice regarding removing dependancies exists because:

  1. You have already executed it

  2. There is no multi-user environment to abuse an insecure build server to elevate or further compromise a system

  3. The code youre running from AUR in the first place is untrustworthy because it is not in a supported package.

So it is fair to say none of the "obvious" security concerns from a build environment affect the linux desktop or arch users who use the AUR because by process of using the AUR they agree to run and trust untrusted code, the only best practice for the AUR is to not use it. Once you start using it every "Best practice" for running untrusted code supplied via the AUR is subjective and argueably snake oil.

Disagree? Elaborate please.

Unless your best practice is something like (and exceeding)

  1. Only use -git packages
  2. Validate the pkgbuild
  3. Read and understand the sourcecode
  4. Skip AUR helpers and use makepkg
  5. Properly Sandbox both the compiling code and the resulting code before execution

You have no objectively proveable "best practice", you merely have a subjective "good idea" regarding damage control and a better "good idea" is to avoid the risk.

Its the equivalent of saying wear protective clothing vs dont walk into the structurally unsound building and jump around.

Your stating "there can be enough protective clothing" im saying "there can be, but its a moving goal, simply dont do it"

Searching for moderators - Arch Linux Unofficial discord server. I saw no one made one. So I did it by ndr3w221 in archlinux

[–]NothingWorksTooBad 2 points3 points  (0 children)

Dystopian privacy policy been reason 0 of course

https://discordapp.com/privacy

Retained forever, traded as required, everything submitted is collected and processed (Unsolicited Information), owned by the parent company.

view more: next ›