I don’t use NixOS for my home server mainly because of lack of MAC (SELinux or AppArmor). I use Ansible to configure AlmaLinux from package installation to firewall to systemd services.

I use NixOS for desktop and development machines.

Ansible and Nix. Code is the document.

I am a developer. While AI is being marketed as snake oil, the things they can do is astonishing. One example is it reviews code a lot better than human beings. It’s not just finding obvious errors but it catches logical error that no human would have caught.

I see people are just forming two groups. Those who thinks AI will solve everything and those who thinks AI is useless. Neither of them are right.

It’s not about just installing. Once you installed, welcome to the nightmare. Secure boot error, Suspend issues, kernel and driver version incompatibility etc.

No their engineering is great. But it’s their management who has no clue what they are doing in Mozilla.

I think Linux enshitifcation will happen when Linus Torvalds is no longer the benevolent dictator. I assume bigtech would add more DRM crap for more usecases etc, regular (unintentional) userspace breaking for desktop users since development would be focused for server/cloud computing etc.

The number of times WhatsApp crashes in GrapheneOS is so high. GrapheneOS exposes all memory corruption bugs due to it’s hardened memory allocator and memory tagging features.

No wonder WhatsApp is exploited just like that. I sometimes think if these bugs were built purposefully.

I think Tor Project is implementing a better version of Linux package. The current Flatpak one is more of a Python wrapper to download the browser rather than an actual browser. It was developed by an independent open source developer later took over by Tor Project since it was very popular. Hopefully it will be fixed in future.

There are no alternative browsers out there. Our situation has came down to choose one of the least evil out there.

Same here. Just turned off all data collection checkboxes. Fuck Mozilla!

Windows Vista had lot of changes to the kernel. Windows 7 relaxed security features introduced in Vista. But nothing changed after that. They have been slapping ugly UI on top of existing kernel.

This is on my todo list. I use Docker-compose for it’s simplicity, but Docker is a security nightmare. If you are not careful, it would expose your Nextcloud instance to the whole world. Podman integrates nicely with firewalld which gives me zone based rules. Can’t wait to do this. But I will give sometime to let Quadlet get stabilized and popular.

Is no one aware of Fedora Media Writer? It’s FOSS and the most trustworthy ISO burning software in existence. It’s only issue is that its named as if it is written only for producing Fedora bootable media. It works for everything.

GrapheneOS is both secure and private. It also supports hardware based attestation (No need for SafetyNet). It’s just that mediocre people who develop these apps do not wish to support freedom respecting platforms.

Your dumb phone is much insecure than a smartphone which has GrapheneOS or LineageOS. Your dumb phone certainly lacks secure 4G or 5G communication, cannot use e2e encrypted messaging platforms and cannot update firmware in case of security bugs.

Did you even read the article? 0-day vulnerabilities are not unique to WhatsApp. Even Signal can be exploited given it’s complexity.

SimpleX is not a Signal fork. It is it’s own protocol, service and app. It just utilizes Signal protocol for encryption like every good e2e encrypted messenger out there.

SimpleX allows anonymous identity, federation between servers and still a good UX.

Don’t bother videos against GrapheneOS. The lead of GrapheneOS has autism and he lacks social skills. This creates endless loop of hate talk between some YouTubers and GrapheneOS.

As a technical project, GOS is far superior and it is the most secure OS on the planet right now. The lead of the GOS has developed hardened malloc and various other security solutions that is now baked into GrapheneOS. So I would ask people to enjoy the project rather than stimulating more fuss against the project.

I agree SimpleX is superior protocol. I use it to share text between my devices. But I’m little bit hesitant to recommend it to friends and family because it is VC funded. Until SimpleX becomes non-profit or alternative implementation of SimpleX protocol starts showing up, I won’t use it as my main IM.

This is why I like GrapheneOS on phone. It is hardened and secure, but never gets in the way of your work. Everything works as it should. Kicksecure is the closest on the desktop space, though Fedora is also reasonably secure.