Is privacyguides wrong?

While the company has a questionable record and a controversial business model, Brave Browser is an open-source browser with good privacy features.

If they don’t keep any private data on any computer that trusts their home network/wifi and don’t do taxes or banking on those, there’s no problem.

But if they do, I maintain that the analogy is correct: their unpatched machine is an easy way to digitally get access to their home, just like an unlocked door is to a physical home.

You keep using the word “maintenance”. All I’m worried about is not installing any security patches for months.

The problem that I tried to highlight with my “cherry picking” is:

• Running a machine with open vulnerabilities for which patches exist also “paints a target on your back”: even if your data is worthless, you are essentially offering free cloud compute.
• But mostly, a single compromised machine can be an entrypoint towards your entire home network.

So unless you have separated this Orange Pi into its own VLAN or done some other advanced router magic, the Orange Pi can reach, and thus more easily attack all your other devices on the network.

Unless you treat your entire home network as untrusted and have everything shut off on the computers where you do keep private data, the Orange Pi will still be a security risk to your entire home network, regardless of what can be found on the little machine itself.

No it is

https://www.pandasecurity.com/en/mediacenter/consequences-not-applying-patches/

And:

You’re allowing for more attack vectors that would not be there if the system were to be patched. Depending on the severity of the vulnerability, this can result in something like crashes or something as bad as remote code execution, which means attackers can essentially do whatever they want with the pwned machine, such as dropping malware and such. If you wanna try this in action, just spin up a old EOL Windows machine and throw a bunch of metasploit payloads at it and see what you can get.

While nothing sensitive may be going to or on the machine (which may seem to be the case but rarely is the case), this acts as an initial foothold in your environment and can be used as a jumpbox of sorts for the attacker to enumerate the rest of your network.

And:

Not having vulnerability fixes that are already public. Once a patch/update is released, it inherently exposes to a wider audience that a vulnerability exists (assuming we’re only talking about security updates). That then sets a target on all devices running that software that they are vulnerable until updated.

There’s a reason after windows Patch Tuesday there is Exploit Wednesday.

Yes, a computer with vulnerabilities can allow access to others on the network. That’s what it means to step through a network. If computer A is compromised, computer B doesn’t know that so it will still have the same permissions as pre-compromise. If computer A was allowed admin access to computer B, now there are 2 compromised computers.

From https://www.reddit.com/r/cybersecurity/comments/18nt1o2/for_individuals_what_are_the_actual_security/

I used to lose my keys all the time. I don’t want to spend so much time looking for my keys, nowadays I mostly just leave them in the front door, I rarely lock it and it works like a champ.

Does DuckDuckGo do this as well or is that a better option, privacy-wise?

EDIT: answer is here: https://www.privacyguides.org/en/search-engines/#recommended-providers

If you need to hide IP, you just use a VPN. Duh!

And Qwant is not listed on privacyguides?

Welcome to Lemmy @destviz@lemm.ee !

What even is an actual cornball…? Genuine question. Never heard of it.

Of course mass surveillance existed long before the US had a fascist president, no one is implying that it didn’t.

It’s just that fascism is a great reminder why no government should have as much power to invade in privacy as the US has. Especially for those who are not subscribed to this community and forgot about that, so share this with them!

There is a reason why NixOS was invented 21 years ago. Reproducible builds are not simple in most packaging build systems.

And at your next job, at an employer who sees the value of FOSS and a nerd with strong Linux-fu!

Honestly, k8s + GitOps at home is my project that I’m just starting this week. I found a community around it (on Discord 🤮) called Home Operations.

Docker Hub sucks and is VERY strict with rate limits. Try ghcr.io or the aws container registry.

GitOps + Renovate

Gives you:

• automation of updates
• smart notification of updates that are below a certain confidence that it won’t break stuff
• rollback: simply git revert
• the whole shebang

Some stacks that work well with GitOps are:

• k8s + Flux or ArgoCD
• Nix(OS)

Mixing them is a LOT of complexity though. Just pick whichever you are most comfortable with. If you want a declarative immutable OS just for running k8s, check Talos Linux.

If you don’t want to deal with GitOps, Nix or k8s, and you don’t need recent versions, just run Debian and set a cronjob for auto updates. Then only deal with potential breaking changes just once every 5(?) years or thereabouts.

How to call xargs is typically one of those things I always forget. The foreach alias is a great solution!

My current solution was to use tldr for all of these tools, but yeah if I find myself having to do a for each line, I’ll definitely steal your alias.

Luckily (knocks on wood) I almost exclusively work with yaml and json nowadays so I should just learn yq.

The closest to Mint in terms of:

• stability: only have breaking changes once every 6 months
• just-works-factor: shipping drivers and whatever proprietary code is necessary to have a smooth out of the box experience

That I know of, beside maybe OpenSUSE (have no experience with it) is Kubuntu 24.10. Yes apt will say weird things and you’ll want to uninstall snapd.

But Kubuntu 24.10, current latest, ships with Plasma 6.1. Current stable, Kubuntu 24.04 ships with Plasma 5 still.

But I assume you’re not a fan of the rolling release model like EndeavourOS (Archlinux based, KDE is the default). So if you want recent packages AND a versioned release model, that leaves only Fedora out of the distros I’m familiar with. They recently promoted the KDE version from a Spin to a full version beside the GNOME version.

But Fedora is much heavier on the FLOSS philosophy, and not as works-out-of-the-box as Mint or any Ubuntu flavor.

Debian isn’t, but it will take a long time for Plasma 6.3 to make it to Debian stable.

So yeah, I guess OpenSUSE may be your best bet EDIT: took a quick look, there’s a rolling release model of OpenSUSE called Tumbleweed. But you probably don’t like rolling release. And a versioned one called Leap. The current latest Leap version still ships Plasma 5 so that still isn’r nearly as recent as Fedora, which has had Plasma 6 in the last TWO versions.

It’s not just about speed, but also (battery) efficiency.

Even if you don’t notice the speed, if you are working on anything but a modern expensive laptop, you will notice the difference in battery draw between:

VS Code > NeoVim in traditional terminal > Neovim in Alacritty or Ghostty

Won’t something like MicroG allow you to use the full features without Google on your phone?

After years of fighting pip and conda, I got a job where “we work with Python but also still have some .NET Framework apps”.

NuGet seemed just as bad.

People shit on JavaScript (for very good reasons) but npm is amazing compared to all these. You can have one dependency needing PackageX v1 and another dependency needing PackageX v3 and your project will just work!

A modern statically-linked language with a first-class package manager, like Rust or Go is ideal. No fighting the dependency manager, no issue with deploying on different systems, just “run this binary”.

Yeah that checks out.

I’m fairly new to this space so not aware of the more obscure or older ones but my list of popular Desktop Environments would be:

• KDE Plasma
• GNOME
• Cinnamon
• MATE
• Budgie
• XFCE
• LXQt
• Cosmic

I have been planning on migrating to Proton (I know, wrong community) and this could very well be the year. Just 2 gmail and 1 hotmail address/inbox to migrate but would love to follow the tips given here.

I have some questions to specify your case:

• Did you use tags a lot? Did you use them purely as a hierarchy (i.e. could it be mapped to folders) or do you have a lot of crossover between tags?
• Do you have a custom domain or is the original email on the gmail.com domain and the new one a different address?

I’ve been using distrobox at work (on RHEL 8, Fedora 16 based) for a while, but the containerization tech (it uses podman) does seem to introduce some extra latency, which is especially painful when using CLI tools such as zoxide, eza and bat.

I’m in the process of switching to Nix, which should have native performance, the largest number of packages, and guaranteed reproducible, deterministic versions.