You are not logged in.
- Topics: Active | Unanswered
#126 Re: Off-topic » Choose your browser carefully » 2020-10-29 18:03:10
I don't disagree with many of your points, but a largely unknown browser from a one man project forked from dead code which was previously developed by a large paid team of devs, cannot automatically be considered secure - especially as that generation of firefox/mozilla was never particularly secure to begin with. You seem to be missing the point the firefox cves will mostly apply to its forks as well... Check the dates of all of those exploitable and bear in mind that most of his security fixes are backports. I assune that the two cves, one severe and remote, are palemoon specific and that firefox was not affected as it was not based on the same obsolete code. .You're also skipping over the fact that modern browser have security features such as sandboxing. Despite the bundled data collection, chromium project is currently the most secure.
He also only dropped google's safebrowsing telemetry because the version in his fork was obsolete and unsupported by google. Not for any rationale relating to privacy. Same reason geo.ip was dropped - and for that he found a reolacement. Go to that site and see how precisley and efficiently it locates you.
I have nothing against palemoon, but agree with the author of the linked article that user spinning it as a privacy and/or security focused browser are doing so out based sone misunderstanding. Its pre australis firefox.
Pale moon amounts to a tiny fraction of a percent of browser marketshare, where firefox is more than a few percent and chromium is massive (a massive monopoly). These browsers have greater exposure, more eyeballs and are bigger and more attractive targets, so it stands to reason that move vulnerabilities are found and fixed.
#127 Re: Off-topic » Choose your browser carefully » 2020-10-28 17:56:01
Palemoon does not phone home anymore if it ever did. That I don't know[...]
I hope I'm not alone in seeing the fallacy there...
If data collection can be disabled, in firefox then I don't personally see the need for any of the current 3rd party forks or "based on" projects. With the exception of ungoogled chromium I can't see the benefits.
Of course the browsers, the web in fact has becone hugely complex and is largely under the control of several huge US corporations (including FAANGS). To build a new browser is beyond the resources of any individual, small project - beyond anyone lacking the support of those. Linux itsekf haa become largely developed and financed by fortune 500 companies. A web browser like chromium/blink is a larger codebase now than some entire OS'. If you have tried building firefox or chromium from source you will know what I mean.
From a security perspective, firefox has been catching with chromium in terms of multi process sandboxing and other security features, pale moon, a fork of a several years old firefox release, isnt even close.
#128 Re: Off-topic » Choose your browser carefully » 2020-10-27 08:12:43
There was a thread about Mozilla recently on LQ:
https://www.linuxquestions.org/question … 175682595/
The trouble is, that the alternatives to Firefox are worse. The 3rd party forks are what amounts to snake oil salesmen peddling their wares. I despise the UIs of both chromium anf Firefox, but just learned to live with them and disable the telemetry / data collection where possible.
#129 Re: Hardware & System Configuration » Freeze at startup probably caused by nvidia driver » 2020-10-23 07:45:15
Unless one uses older hardware, intel graphics and/or rhe nouveau or vesa drivers you're pretty much stuck with proprietary firmware for display adapters . Even when using a completely FOSS solution, x86 as an architecture uses a lot of firmware, much of it already on the devices - and it's almost always proprietary.
#130 Re: Devuan » Meet Chimaera's deepsea theme » 2020-10-23 07:39:07
You can't please all of the people all of the time...
I remember when Debian Squeeze released with the "space fun" theme. It was hated by most, but it actually grew on me eventually. There's no accounting for taste. Ubuntu were a success with their brown themes and then their purple ones, despite all the critique. When all is said and done it's just a default and the user will change it to suit, minutes after installation.
#131 Re: Hardware & System Configuration » Freeze at startup probably caused by nvidia driver » 2020-10-22 22:02:08
No information at all about the hardware, no logs or configuration posted - hence no replies...
#132 Re: Hardware & System Configuration » Changing from amd to nvidia card » 2020-10-12 17:24:32
That kind of output from lspci usually inidicates unsupported hardware.
You'll need the proprietary driver from backports and likely a new kernel as well... as this is recent hardware.
#133 Re: Desktop and Multimedia » Firefox outdated » 2020-10-03 12:14:54
Doing online bankiing over tor is not only utterly pointless, it's also potentially dangerous. There is absolutely no benefit as your bank obviously knows who you are - so the entire point of using tor: anonymity, is lost. Your bank needs to know it's you and secures transactions using https.
My suggestion is to just install an up to date chrome or firefix release and just use that specifically for banking / online secure transactions.
#134 Re: Forum Feedback » Unable to edit any of my own posts » 2020-09-25 15:21:57
Does this address your concern about a forum member deleting all their posts depriving other forum members of content potentially useful to Devuan users?
I don't have that specific concern. It was head on a stick who used the term "vandalise" and I borrowed that term as it seemed quite apt.
The point was brought up by golinux in post #3 and in later posts.
I have no dog in this race, but I'm struggling to see how archive.org is the answer for a number of reasons, but mainly that it's proposing a third party as a solution to a problem, which didn't seem like much of a problem in the first place - and "make your own backups of threads [in case someone goes on a deleting spree]", just doesn't seem like a good solution or policy in any case.
If this were a mailing list, you'd have to make your contributions and stick to them - rather than editing and changing things around at later dates - it would also be a problem for those prone to such tantrums that they feel the need to remove all of their content. If it were a "wiki" - and it's not - there would be an edit history and a whole set of tools suitable for writing guides/articles/instructions.
This is why I suggested 24 hours - as far as I'm concerned that's more than enough to correct grammatical or factual errors and if not, then if you need to change something at a later date, you would surely post an addendum in the form of a new post? This would immediately bump the thread as well and draw attention to new content/updates being made.
#135 Re: Installation » [Solved] Beowulf - Nvidia legacy 340XX driver will not install. » 2020-09-24 15:01:32
But I would never purchase hardware from those NVIDIA bastards so I'm not speaking from personal experience and anyway the proprietary drivers are not part of the official release so users are pretty much on their own.
Those particular bastards recently announced that they will acquire ARM: https://www.theguardian.com/business/20 … -40bn-deal
Makes them harder to avoid.
#136 Re: Forum Feedback » Unable to edit any of my own posts » 2020-09-24 10:42:35
What do you mean by vandalizing? Is a poster, regretting some pejorative comment and deleting the contents of their post considered vandalizing by you? Please be specific.
No, "vandalising" as in someone who goes through and systematically clears out all of their posting history.
#137 Re: Forum Feedback » Unable to edit any of my own posts » 2020-09-23 10:14:42
Again, your penchant towards secrecy and authoritarianism seem contrary to the stated goals of Devuan being about freedom.
This and some of your other comments, come across as very "forum social justice warrior". You can argue endlessly over how a forum is administered, but when all is said and done - they "administer" and you do not. Far from being about "freedom and democracy", most web forums are in fact "dictatorships", operated by individuals, or groups who will tolerate your presence as long as they have to - but they don't have to, nor do they have to make any changes to policy to suit your own personal preferences. For the latter, you rent some hosting, buy a domain and do your own thing - with yourself established as dictator.
Free software projects are very similar, in that those who write the code and/or pay the bills, get to be involved in the decision making - users are "along for the ride" and get to use the results for free. That's how pretty much all free software works.
Anyway... without a post edit/revision history feature (a la vBulletin), I think it's reasonable to establish a time limit, but I really don't see the case for any secrecy. I would also second the suggestion of removal of the delete button altogether.
24 hours seems the most reasonable amount of time for edits. It will greatly reduce the kind of impact from a disgruntled member "vandalisng" things, but without restricting members from making reasonable edits.
In my opinion, it is better to state it clearly - and not base any policy on theoretical trolls "gaming" the system. I would add that any policy based on trolls, or "countermeasures", which are aimed at troublemakers, but which affect and perhaps alienate the majority of ordinary/decent forums users are not good policies.
0.02
#138 Re: Off-topic » New here - presentation! » 2020-07-15 22:34:28
This kind of corporate mentality will never fit into the free software...
Wrong it fits perfectly.
Anyway sysv stinks hence I am thinking to use OpenRC...
Brilliant technical analysis... Poettering et al don't have to break into a sweat, where such useful idiots abound.
#139 Re: Desktop and Multimedia » Alternative browser for Devuan/Debian - Brave » 2020-06-26 06:09:07
LU344928 wrote:Perhaps I'm missing something but if you don't opt in to those schemes then it seems to me there's not a lot of difference to Firefox etc.
Indeed. AFAICT it's nothing more exciting than YACB (Yet Another Chromium Build). So why all the yammering about it, like it's the hottest new thing?
Because the primary target is average Joe and they readily suck up marketing and empty promises. Even with Firefox, the target is windows/android/apple. Linux and bsd's are tiny and unimportant . It's all about consumers rather than users.
Iridium turned to be much the same. Despite all the claims, the safe browsing spyware is on by default.
If you want a "private browser", that's something you have to configure and/Or find for yourself. Relying on snake oil salesmen with an ulterior motive, is unwise.
#140 Re: News & Announcements » Bound to happen ... » 2020-06-18 10:21:57
Torvalds is NOT paid by corporations, he's not on their payrolls. He's employed by a foundation and although they get donations from various corporations, that doesn't mean it'll do their bidding. For starters, Linus is too independently minded. Remember the finger he gave to nVidia? Then there's the "threat" (for want of a better word) of forking the kernel to keep such a patch out and thus non-systemd distro's alive. And IIRC Linus brought the entire kernel code (or at least his contributions, which are the core of the matter) under the GPLv3, which has a lot more restrictions on claiming IP for it by 3rd parties.
No, I'm not worried about Torvalds getting his arm up corporate bums. He's a geek and coder, not a career-technologist
Technically you're quite correct, but in the real world those paying for everything are always assumed to have ultimate control.
Not so long ago, Linux Foundation was writing about it's love of MS (one of the biggest) donors - and you have corporate reps sitting on the LF board of directors, etc.
While he's "independently minded" he also had to tone down his behaviour and introduce a CoC.
The kernel is GPL2. Torvalds alone can't change that and it's mostly developers on the payroll of the large companies who contribute to Linux signing off most commits these days.
#141 Re: Off-topic » HyperbolaBSD Roadmap relevance to Devuan » 2020-05-24 15:39:43
What do you think about following OpenBSD criticism?
Many have agendas and usually those who blog about how crap or deficient something is or how another OS somehow got their first when it comes to security features sporting catchy acronyms, all while remaining mostly anonymous, they usually fall into that category. They have picked apart a single facet of a project/product, focusing only on that, igoring all other aspects - only to suit a very specific agenda. They write blogs - criticising others' work, instead of patches...
#142 Re: News & Announcements » Bound to happen ... » 2020-04-07 18:22:05
I just wrote some lines elsewhere about backdoors and dataleaks in phone apps and that I think that 99.674352% of the users care more about having always the newest and flashy toys than for their privacy and security.
Those are the "consumers"... there was a time when "Linux" was aimed at a different kind of user and indeed worked on by a different kind of hacker, rather than a "developer" on the payroll of some fortune 500 corporation.
Systemd is for this type of users.
And they are many.
Windows is for that type of user and systemd is merely following the same path of adding more and more feature creep, complexity and attack surface, with zero regard for the things they simply don't care about and which don't fit the business ambitions of IBM/Red Hat. As with gnome project, as far as systemd project is concerned, users are there as guinea pigs and to be spoonfed, restricted and steered - users in fact have sown the seeds of their own destruction over the last two decades, by simply accepting crap and "automagic" solutions from those who cater to laziness and ineptitude. If someone is making it easy for you and the OS is "free", start questioning it.
Board footer
