N.E.P.T.R

N.E.P.T.R@lemmy.blahaj.zone · 2 months ago

For real, a good font.

N.E.P.T.R@lemmy.blahaj.zone · 2 months ago

It’s Portuguese

N.E.P.T.R@lemmy.blahaj.zone · 3 months ago

Yes there are. Actually quite a lot. They hate it because it isn’t a perfect solution in every single case that X.Org provided but ignore the long history of vulnerabilities, bugs, and cursed workarounds present in X.Org. it is getting harder for them to hate though as most of the pain points (eg. color management and global shortcuts) are part of the standard now.

N.E.P.T.R@lemmy.blahaj.zone · edit-2 5 months ago

If all you want to do is run VMs, Qubes is not what you are looking for. Even virtual machine manager (and other abstractions over libvirt and KVM) need to be hardened to avoid compromising the host.

Example: By default virt-manager uses a NAT bridge to allow for the guest VM to access the host and the LAN. A couple of weeks ago vulnerability was found in CUPS print server, allowing a hacker to do RCE. If a guest VM was compromised (previously or because of the vulnerability), since the host also likely has CUPS the hacker could use the guest system to compromise the host. This is avoided on Qubes because the host has minimal software.

Virt-manager offers no where near the same Security as Qubes. Qubes has a security hardened host and strong Desktop security model. Everything runs in VMs (aka qubes) including different parts of the system to further improve isolation. Sure, you could replace Qubes OS with an off the shelf Linux distro and run VMs, but that is nothing like Qubes, offers none of the convenience, and isn’t hardened or debloated (reducing host attack surface).

No Linux distro comes close. Qubes is designed for a specific job. I am not saying Qubes is the “best OS ever” when I say Linux distros dont come close, I specifically mean that no Linux distro is designed with as strong of a focus on Desktop security model and isolation-based workflow.

N.E.P.T.R@lemmy.blahaj.zone · 6 months ago

People on Snapchat dont give a fuck about cleanliness.

N.E.P.T.R@lemmy.blahaj.zone · 6 months ago

Gender is obviously a signed byte.

N.E.P.T.R@lemmy.blahaj.zone · edit-2 7 months ago

Docker is good when combined with gVisor runtime for better isolation.

What is gVisor?

gVisor is an application kernel, written in memory safe Golang, that emulates most system calls and massively reduces the attack surface of the kernel. This is important since the host and guest share the same kernel, and Docker runs rootful. Root inside a Docker container is the same as root on the host, as long as a sandbox escape is used. This could arise if a container image requires unsafe permissions like Docker socket access. gVisor protects against privilege escalation by only using root at the start and never handing root over to the guest.

Sydbox OCI runtime is also cool and faster than gVisor (both are quick)

N.E.P.T.R@lemmy.blahaj.zone · edit-2 7 months ago

YouTube is a monopoly. The reason no one really uses multiple platforms to upload videos at the same level as YouTube is because it was run for a long time at a loss to push out all competition. I have no simpthy.