| Employment, Dating, and Hookups | Looking |
| Gender | he/him, but queer |
| Location | Northeast Ohio, USA |
| Cons | Anthrocon. Maybe: LVFC, MFF, Harmonycon, Trotcon, PVCF |
BigHeadMode
@BigHeadMode@social.linux.pizza
- 15 Followers
- 12 Following
- 579 Posts
Looking for work! Data scientist who likes to extend the life of technology. #tech, #politics, #furry. The best time to own a computer was 2005. Let's create the electronics renaissance.
I am now running Firefox with bookmarks only in the new tab window. Windows with an auto-hide taskbar.
I don't think I'm ever going back. Holy shit, I'm so much more productive. It also changes what UI I'm looking for in Linux. Suddenly, GNOME or MacOS-like docks make more sense.
#SecureBlue is good, but it disables hyperthreading outright. Doesn't seem worth it to me. Worst case: 30% perf decrease in ffmpeg. Greatest perf loss is in some kinds of highly parallel applications (VM/containers). Low load should have no impact.
You can disable it by changing some of the grub parameters, and persisting them within the OS via rpm-ostree kargs
Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?
I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVE...
I don't love GNOME or KDE, but I'm giving #SecureBlue a shot with GNOME. This might be my daily driver. I have to get over a few usability humps, but in exchange, I should get a vastly more secure OS. Qubes is harder to use.
In the world of hardened Linux PC distros, it feels like it's
Qubes ("not Linux")
secureblue
(power gap)
other immutable distros (Fedora Atomic and others)
(power gap)
Everything else
when I'm sick I commune with ambient music and brush against the divine
Haruomi Hosono - Sunnyside of the Water
https://www.youtube.com/watch?v=2fbMIfRgQn8
Haruomi Hosono - SUNNYSIDE OF THE WATER (水と光)
maybe running code from anyone on the internet is a bad idea and the browser should be isolated
Linux is insecure. Create a threat model and act accordingly. https://lemmy.ml/post/39323639
Linux Hardening Guide / Linux is Insecure - Lemmy
Writeup from 2022 that I assume is mostly still valid. TLDR: 1. Mainstream Linux is less secure than macOS, Windows, and ChromeOS. (Elsewhere: “[iOS/Android] were designed with security as a foundational component. They were built with sandboxing, verified boot, modern exploit mitigations and more from the start. As such, they are far more locked down than other platforms and significantly more resistant to attacks. [https://madaidans-insecurities.github.io/security-privacy-advice.html]”) 2. Move as much activity outside the core maximum privilege OS as possible. 3. OP doesn’t mention immutable OS, but I assume they help a lot. 4. Create a threat model [https://owasp.org/www-community/Threat_Modeling] and use it to guide your time and money investments in secure computing. > Once you have hardened the system as much as you can, you should follow good privacy and security practices: > 1. Disable or remove things you don’t need to minimise attack surface. > 2. Stay updated. Configure a cron job or init script to update your system daily. > 3. Don’t leak any information about you or your system, no matter how minor it may seem. > 4. Follow general security and privacy advice.