>get Qubes for convenient online identity separation and sane attitude to security
[one imageboard later]
>realize Fedora (dom0) is bloated fuck with strong commercial influence
>realize Linux is just a hobbyist kernel with poor overall design partly due to being so old
>[spoiler]realize OpenBSD is probably just as vulnerable as Linux kernel due to lack of devs, and the other alternatives are even more dead and with less creator integrity[/spoiler].
>>1988 less devs = easier to find vulns
Since when is compromise something to be called out? also openbsd is literally unusable if you do anything else other than browse web, code having it as router - alpine is good if not better anyway Just stick to whatever you find most secure and harden it even more.
The main and most important problem is hardware anyway. It's kind of pointless to have ultra-minimal/hard-as-cock software when the me/psp can change what you see etc.
Also minimal meme is fuckin bullshit. The en.wikipedia.org/wiki/Big_Design_Up_Front is the way to go. Shame that for marketing purposes it's better to add features to constantly stream toxic waste into "tech" media than having developed quality software that ages like wine no one talks about.
just like, switch to Macs
they never get viruses :^)
I'd rather stick with Linux for now. It's secure enough and supports enough software for reasonable use. It's not like there's anything better.
>>2354 He was blaming GUIs while using Ubuntu to screen-record his running TempleOS in a VM ...
>>2150 It's just that the first adopters where smarter than those that followed.
>>2355 I mean, yeah, I understand that. I just love the way Terry talked and the bluntness and edginess of the statement. I understand that the real issue is just that the internet stopped being only for enthusiasts and techies.
It's like Skyrim, really. It caught on with normies, so they fell for the GUI meme and got hand-held for over two decades of computer science progress. Just like normies would never bother writing notes and learning how to traverse the worlds of TES without a stupid compass telling you exactly where to go no matter how outlandish.
For what it's worth, using an up-to-date GNU/Linux OS will be sufficient for most attacks. For the NSA, it's easier to bypass rather than exploit. For prevention of zero-days, use the 'need-to-know' model that governments use. Use text-based browsers like links2 (has a graphical mode as well) for general browsing. If you need javascript, then and only then open firefox. The idea is to start with the most minimal and simple solution and work up to unsafe solutions as necessary.
>>2370 That's a good point. I may be a feeble weakling who can't compile or use a terminal whatsoever, but I can appreciate minimalist browsers. Thanks for namedropping links2, I'll give it a shot sometime.
>>2656 Your hardware doesn't have to be on the HCL, as long as it supports VT-d/IOMMU (check bios settings, mine was off by default). Try installing anyway, I was surprised when my cheap obscure mobo worked.
Linux isn't hobbyist kernel for a long time, I'd say it's less secure because of that since such huge torrent of new code each merge window is a great way to introduce vulnerabilities.
OpenBSD on the other hand while has small amount of devs has much smaller codebase. Adding careful coding and ROP mitigations to the equation and we get pretty much the best we can get for no money.
As alternatives to OpenBSD you have Grsecurity which closed their sources. Unless you're ready to promote yourself as a security expert and pick up last public grsec patches and forward port them on modern kernels, you're out of luck. Yes, there was a leak for not so old grsec on github: https://github.com/jameshilliard/linux-grsec.git . At least it's post meltdown and you won't have to adapt grsec patch for PTI. But also you'd have to audit the leaked kernel for any possible backdoors.
The main thought: unless you have a company which can become a grsecurity client - OpenBSD is your best bet nowdays.
Self-correction:
Grsec didn't close their source strictly speaking, they just hand it out only to their clients. And stop giving it to the client if client publishes it.
Opinions differ. As grsec themselves put it they do it because some vendors just use their patch without any thought.
Some think this is because of advent of KSPP (Kernel Self Protection Project) which started effort to upstream grsecurity features to mainline kernel. And grsec doesn't pass any opportunity to snark on KSPP. You can find that in their twitter feed.
As for locating source leak, one might imagine that grsec can hand out slightly modified versions of the same patch (whitespaces, or some other technique) to each client so if the patch then appears in the wild grsec could deduce which client received it. But that's my speculation.
There are multiple ways that it can be done. As mentioned in >>3711 formatting can be modified, but other changes can be done such as adding benign functions that just act as a wrapper to some actual function. That would survive any sort of automated attempt to just rename all the variables and change whitespacing.
If you had two copies of the patches, you could probably figure out the difference. However, even then, they may make an effort to ensure each released copy shares unique watermark pairings with all other released copies.
On a related note, I'm certain that paid shills create certain memes and URLs for this purpose so if you use them IRL or non-anonymized, you get flagged and/or traced.
>>3749 No, because /g/ is a public board and couldn't keep the source code hidden.
>How much do they charge?
Idk but I wouldn't pay any money to that bunch of wiggers and jews.
>hurr durr Lincucks actually isn't that great goysss!1!!1! OpenBSD isn't eitherrrr!!1!!!
You do realize the best isn't always good, right? I'm getting really tired of these blackpill smallbrain shill threads.
>get Qubes for convenient online identity separation and sane attitude to security
[one imageboard later]
>realize Fedora (dom0) is bloated fuck with strong commercial influence
>realize Linux is just a hobbyist kernel with poor overall design partly due to being so old
>[spoiler]realize OpenBSD is probably just as vulnerable as Linux kernel due to lack of devs, and the other alternatives are even more dead and with less creator integrity[/spoiler].