[-] bsergay@discuss.online 12 points 2 months ago

I daily drive secureblue; or, to be more precise, its bluefin-main-userns-hardened image.

"Why?", you ask. Because security is my number one priority.

I dismiss other often mentioned hardened systems for the following reasons:

  • Qubes OS; my laptop doesn't satisfy its hardware requirements. Otherwise, this would have been my daily driver.
  • Kicksecure; primary reason would be how it's dependent on backports for security updates.
  • Tails; while excellent for protection against forensics, its security model is far from impressive otherwise. It's not really meant as a daily driver for general use anyways.
  • Spectrum OS; heavily inspired by Qubes OS and NixOS, which is a big W. Unfortunately, it's not ready yet.
[-] bsergay@discuss.online 20 points 3 months ago

Nix, the package manager, is distro-agnostic. Add Home Manager on top of it and you're good to go; both packages and dotfiles are dealt with.

43
135
submitted 3 months ago by bsergay@discuss.online to c/linux@lemmy.ml
24
10
submitted 3 months ago by bsergay@discuss.online to c/linux@lemmy.world
26
submitted 3 months ago by bsergay@discuss.online to c/linux@lemmy.ml
[-] bsergay@discuss.online 16 points 3 months ago* (last edited 3 months ago)

Unsurprisingly, usage numbers for distros are hard to get due to lack of telemetry and what not.

However, some measurements do exist; like data from ProtonDB. These are used by Boiling Steam for their excellent reports in which some representation regarding usage across distros can be found. Their most recent report can be found here.

Note, however, that the following, as has been excellently touched upon by Boiling Steam, applies:

COMMON MISCONCEPTIONS

Since we hear some of the following comments EVERY SINGLE TIME, let’s address them here and now:

  • “Duh, it’s not representative of Linux usage in general!”: And nowhere does it claim to be. As often as possible we make it clear this is Linux usage in a gaming context. The usage of Debian and Ubuntu on servers is safe for now, no need to panic.
[-] bsergay@discuss.online 16 points 3 months ago* (last edited 3 months ago)

Read this for the most complete and comprehensive answer on the matter.

TL;DR: Like Fedora Atomic, it utilizes OCI images for its immutability. However, while Fedora Atomic combines this with libostree/OSTree for git-like management of your system, Vanilla OS (instead) keeps it relatively simple with just A/B partioning; which indeed is somewhat reminiscent to what's found on Android.

[-] bsergay@discuss.online 21 points 3 months ago* (last edited 3 months ago)

First of all, thank you for this! This effort is very much appreciated and will definitely make it easier to parse through Linux; especially for beginners.

Having said that, some personal nitpicks of mine:

  • I absolutely love Fedora. But if it's named first on your list of beginner distros (presumably due to alphabetical ordering), then it better be easy as hell and work as expected OOTB. Unfortunately, that ain't the case. Hence, at least mentioning the Howto page of RPM Fusion would have been sensible to combat issues users might experience otherwise.
  • I'm fine with the inclusion of openSUSE Aeon, but openSUSE Kalpa is literally in Alpha. Therefore, it's too early to be recommended.
  • I'm personally not very bothered with Fedora Workstation on the list of distros geared towards beginners, while Debian is found on the list of power-user distros that beginners should avoid instead. ~~(I'm a die hard Fedora fanboy anyways.)~~ However, I am curious to your reasoning/justification.
  • Alpine Linux was originally envisioned as an embedded-first distribution. Therefore, most of its design choices revolve around that; small, secure, simple et cetera. The way that you describe/depict Alpine Linux, is more in line with how I would for (what I'd refer to as) demonstrative distros like Artix and Devuan.
[-] bsergay@discuss.online 9 points 3 months ago

How do the 'offspring' of Mandrake/Mandriva compare to one another? IIRC, there's ALT, Mageia, OpenMandriva, PCLinuxOS and ROSA.

I've also come to the understanding that what set Mandrake apart from its peers was its polish and user-friendliness. Which, harbored a great community back in the days. Currently, however, this role is fulfilled by distros like Linux Mint. Furthermore, most distros are relatively straightforward anyways. So, my other questions would be:

  • Could the argument be made that Linux Mint is the actual spiritual successor to Mandrake?
  • Are the Mandrake-offspring's most compelling raison d'être that they're Mandrake's offspring?
[-] bsergay@discuss.online 14 points 3 months ago

May as well contribute my own 😜.

I'm an absolute sucker for exquisitely hardened distros. Hence, distros like Qubes OS and Kicksecure have rightfully caught my interest. However, the former's hardware requirements are too harsh on the devices I currently own. While the latter relies on backports for security updates; which I'm not a fan of. Thankfully, there is also secureblue.

Contrary to the others, secureblue is built on top of an 'immutable' and/or atomic base distro; namely Fedora Atomic. By which:

  • It's protected against certain attacks.
  • Enables it to benefit from more recent advancements and developments that benefit security without foregoing robustness.

If security is your top priority, Qubes OS is the gold standard. However, secureblue is a decent (albeit inferior) alternative if you prefer current and/or 'immutable'/atomic distros.

69

The Linux ecosystem is vast and diverse, offering a multitude of distributions to suit every need and preference. With hundreds of distros to choose from, it’s a pity that most are rarely mentioned while the popular ones are constantly being regurgitated.

This thread aims to celebrate this diversity and shine a light on smaller projects with passionate developers. I invite you to pitch your favorite underappreciated distro and share your experiences with those lesser-known Linux distributions that deserve more attention.

While there are no strict rules or banlists, I encourage you to focus on truly niche or exotic distributions rather than the more commonly discussed ones. Consider touching upon what makes your chosen distro unique:

  • What features or philosophies set it apart?
  • Why do you favor it over other distros, including the popular ones? (Beyond “It just works.”)
  • In what situations would you recommend it to others?

Whether it’s a specialized distro for a particular use case or a general-purpose OS with a unique twist, let’s explore the road less traveled in the Linux landscape. Your insights could introduce fellow enthusiasts to their next favorite distribution!

21
submitted 3 months ago* (last edited 3 months ago) by bsergay@discuss.online to c/linux@lemmy.world

The Linux ecosystem is vast and diverse, offering a multitude of distributions to suit every need and preference. With hundreds of distros to choose from, it’s a pity that most are rarely mentioned while the popular ones are constantly being regurgitated.

This thread aims to celebrate this diversity and shine a light on smaller projects with passionate developers. I invite you to pitch your favorite underappreciated distro and share your experiences with those lesser-known Linux distributions that deserve more attention.

While there are no strict rules or banlists, I encourage you to focus on truly niche or exotic distributions rather than the more commonly discussed ones. Consider touching upon what makes your chosen distro unique:

  • What features or philosophies set it apart?
  • Why do you favor it over other distros, including the popular ones? (Beyond “It just works.”)
  • In what situations would you recommend it to others?

Whether it’s a specialized distro for a particular use case or a general-purpose OS with a unique twist, let’s explore the road less traveled in the Linux landscape. Your insights could introduce fellow enthusiasts to their next favorite distribution!

104
submitted 3 months ago by bsergay@discuss.online to c/linux@lemmy.ml

The Linux ecosystem is vast and diverse, offering a multitude of distributions to suit every need and preference. With hundreds of distros to choose from, it's a pity that most are rarely mentioned while the popular ones are constantly being regurgitated.

This thread aims to celebrate this diversity and shine a light on smaller projects with passionate developers. I invite you to pitch your favorite underappreciated distro and share your experiences with those lesser-known Linux distributions that deserve more attention.

While there are no strict rules or banlists, I encourage you to focus on truly niche or exotic distributions rather than the more commonly discussed ones. Consider touching upon what makes your chosen distro unique:

  • What features or philosophies set it apart?
  • Why do you favor it over other distros, including the popular ones? (Beyond "It just works.")
  • In what situations would you recommend it to others?

Whether it's a specialized distro for a particular use case or a general-purpose OS with a unique twist, let's explore the road less traveled in the Linux landscape. Your insights could introduce fellow enthusiasts to their next favorite distribution!

249
submitted 3 months ago by bsergay@discuss.online to c/privacy@lemmy.ml
Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock

The leaked April 2024 documents, obtained and verified by 404 Media, show Cellebrite could not unlock a large chunk of modern iPhones.

Cellebrite, the well-known mobile forensics company, was unable to unlock a sizable chunk of modern iPhones available on the market as of April 2024, according to leaked documents verified by 404 Media.

The documents, which also show what various Android handsets and operating system versions Cellebrite can access, provide granular insight into the very recent state of mobile forensic technology. Mobile forensics companies typically do not release details on what specific models their tools can or cannot penetrate, instead using vague terms in marketing materials. The documents obtained by 404 Media, which are given to customers but not published publicly, show how fluid and fast moving the success, or failure, of mobile forensic tools can be, and highlights the constant cat and mouse game between hardware and operating manufacturers like Apple and Google, and the hacking companies looking for vulnerabilities to exploit.

Analysis of the documents also comes after the FBI announced it had successfully gained access to the mobile phone used by Thomas Matthew Crooks, the suspected shooter in the attempted assassination of former President Donald Trump. The FBI has not released details on what brand of phone Crooks used, and it has not said how it was able to unlock his phone.

The documents are titled “Cellebrite iOS Support Matrix” and “Cellebrite Android Support Matrix” respectively. An anonymous source recently sent the full PDFs to 404 Media, who said they obtained them from a Cellebrite customer. GrapheneOS, a privacy and security focused Android-based operating system, previously published screenshots of the same documents online in May, but the material did not receive wider attention beyond the mobile forensics community.

For all locked iPhones able to run 17.4 or newer, the Cellebrite document says “In Research,” meaning they cannot necessarily be unlocked with Cellebrite’s tools. For previous iterations of iOS 17, stretching from 17.1 to 17.3.1, Cellebrite says it does support the iPhone XR and iPhone 11 series. Specifically, the document says Cellebrite recently added support to those models for its Supersonic BF [brute force] capability, which claims to gain access to phones quickly. But for the iPhone 12 and up running those operating systems, Cellebrite says support is “Coming soon.”

A SECTION OF THE IOS DOCUMENT. IMAGE: 404 MEDIA.

The iPhone 11 was released in 2019. The iPhone 12 was launched the following year. In other words, Cellebrite was only able to unlock iPhones running the penultimate version of iOS that were released nearly five years ago.

The most recent version of iOS in April 2024 was 17.4.1, which was released in March 2024. Apple then released 17.5.1 in May. According to Apple’s own publicly released data from June, the vast majority of iPhone users have upgraded to iOS 17, with the operating system being installed on 77 percent of all iPhones, and 87 percent of iPhones introduced in the last four years. The data does not break what percentage of those users are on each iteration of iOS 17, though.

Cellebrite offers a variety of mobile forensics tools. That includes the UFED, a hardware device that can extract data from a physically connected mobile phone. The UFED is a common sight in police departments across the country and world, and is sometimes used outside of law enforcement too. Cellebrite also sells Cellebrite Premium, a service that either gives the client’s UFED more capabilities, is handled in Cellebrite’s own cloud, or comes as an “offline turnkey solution,” according to a video on Cellebrite’s website.

That video says that Cellebrite Premium is capable of obtaining the passcode for “nearly all of today’s mobile devices, including the latest iOS and Android versions.”

That claim does not appear to be reflected in the leaked documents, which show that, as of April, Cellebrite could not access from locked iOS phones running 17.4.

The second document shows that Cellebrite does not have blanket coverage of locked Android devices either, although it covers most of those listed. Cellebrite cannot, for example, brute force a Google Pixel 6, 7, or 8 that has been turned off to get the users’ data, according to the document. The most recent version of Android at the time of the Cellebrite documents was Android 14, released October 2023. The Pixel 6 was released in 2021.

A SECTION OF THE ANDROID DOCUMENT. IMAGE: 404 MEDIA.

Cellebrite confirmed the authenticity of the documents in an emailed statement to 404 Media. “Similar to any other software company, the documents are designed to help our customers understand Cellebrite’s technology capabilities as they conduct ethical, legally sanctioned investigations—bound by the confines of a search warrant or an owner’s consent to search. The reason we do not openly advertise our updates is so that bad actors are not privy to information that could further their criminal activity,” Victor Ryan Cooper, senior director of corporate communications and content at Cellebrite, wrote.

“Cellebrite does not sell to countries sanctioned by the U.S., EU, UK or Israeli governments or those on the Financial Action Task Force (FATF) blacklist. We only work with and pursue customers who we believe will act lawfully and not in a manner incompatible with privacy rights or human rights,” the email added. In 2021 Al Jazeera and Haaretz reported that a paramilitary force in Bangladesh was trained to use Cellebrite’s technology.

Cellebrite is not the only mobile forensics company targeting iOS devices. Grayshift makes a product called the GrayKey, which originally was focused on iOS devices before expanding to Android phones too. It is not clear what the GrayKey’s current capabilities are. Magnet Forensics, which merged with Grayshift in 2023, did not immediately respond to a request for comment.

Cellebrite’s Android-focused document also explicitly mentions GrapheneOS in two tables. As well as being an operating system that the privacy-conscious might use, 404 Media has spoken to multiple people in the underground industry selling secure phones to drug traffickers who said some of their clients have moved to using GrapheneOS in recent years.

Daniel Micay, founder of GrapheneOS, told 404 Media that GrapheneOS joined a Discord server whose members include law enforcement officials and which is dedicated to discussions around mobile forensics. “We joined and they approved us, with our official GrapheneOS account, but it seems some cops got really mad and got a mod to ban us even though we didn't post anything off topic or do anything bad,” Micay said.

There is intense secrecy around the community of mobile forensics experts that discuss the latest unlocking tricks and shortcomings with their peers. In 2018 at Motherboard, I reported that law enforcement officials were trying to hide their emails about phone unlocking tools. At the time, I was receiving leaks of emails and documents from inside mobile forensics groups. In an attempt to obtain more information, I sent public records requests for more emails.

“Just a heads up, my department received two public records request[s] from a Joseph Cox at Motherboard.com requesting 2 years of my emails,” a law enforcement official wrote in one email to other members. I learned of this through a subsequent leak of that email. (404 Media continues to receive leaks, including a recent set of screenshots from a mobile forensics Discord group).

Google did not respond to a request for comment. Apple declined to comment.

7
Linux Myths (linux-myths.pages.dev)
submitted 3 months ago* (last edited 3 months ago) by bsergay@discuss.online to c/linux@programming.dev
Linux Myths

A compilation of linux myths and misconceptions, busted and explained

Purpose

To catalog and provide useful responses to common linux misconceptions and myths. To serve as a useful reference for new and old users alike.


I'm not affiliated with the website or its creator(s).

4
Linux Myths (linux-myths.pages.dev)
submitted 3 months ago* (last edited 3 months ago) by bsergay@discuss.online to c/linux@lemmy.world
Linux Myths

A compilation of linux myths and misconceptions, busted and explained

Purpose

To catalog and provide useful responses to common linux misconceptions and myths. To serve as a useful reference for new and old users alike.


I'm not affiliated with the website or its creator(s).

43
Linux Myths (linux-myths.pages.dev)
submitted 3 months ago* (last edited 3 months ago) by bsergay@discuss.online to c/linux@lemmy.ml
Linux Myths

A compilation of linux myths and misconceptions, busted and explained

Purpose

To catalog and provide useful responses to common linux misconceptions and myths. To serve as a useful reference for new and old users alike.


I'm not affiliated with the website or its creator(s).

[-] bsergay@discuss.online 12 points 3 months ago* (last edited 3 months ago)

/etc can’t be edited on immutable distros

False on at least Fedora Atomic^[1]^, NixOS^[2]^ and openSUSE Aeon^[3]^..

Which 'immutable' distros are you referring to?


  1. On Fedora Atomic, changing /etc is literally identical to how it goes any other distro; or at least 1-to-1 as on traditional Fedora. The bonus is that a pristine copy of the original /etc is kept inside a sub-directory of /usr. Furthermore, all changes compared to the pristine copy are kept track of.
  2. On NixOS, changes have to be applied through configuration.nix. Though, regardless, it's effectively possible to edit and populate /etc like it is on other distros.
  3. It's explicitly mentioned that /etc does not belong to the immutable base.
view more: next ›

bsergay

joined 4 months ago