Viewing a single comment thread. View all comments

lautreamont wrote

The issues with systemd should be the same than on Debian or any other systemd based Linux.

Good point about Heads. I just didn't notice how old it was... so likely not that reliable.

Tails should be the better tradeoff between security and out-of-the-box usability. For more permanent distros, tho, those like Whonix, Gentoo and FreeBSD are paranoid-level of security.

Let's never forget about the Intel ME backdoor too. Even though that doesn't mean everyone's being watched 24/7 on their computer.

2

yam wrote

For more permanent distros, tho, those like Whonix, Gentoo and FreeBSD are paranoid-level of security.

Totally! Or QubesOS. Or Alpine.

Alpine is very secure while also having a crazy fast package manager, and you can run the whole system in pure memory so large apps boot instantly, although you can not have too many large apps installed that way.

Tails should be the better tradeoff between security and out-of-the-box usability.

Yea.

I'd say it also depends on the person and the use case. I see some people coming straight from Windows to Tails, because they heard it's secure, but they are bound to be surprised by the home folder being wiped on every boot.

In my experience, also some people will like the talk about "paranoid-level of security" while still using some of the popular pre-compromised apps, like Zoom, Google Docs or Slack. For those people, I'd say the first step is to get off those.

Let's never forget about the Intel ME backdoor too. Even though that doesn't mean everyone's being watched 24/7 on their computer.

It's so messed up. In some twisted way, it's kinda cool that pretty much all laptops run Minix though.

In my guesstimate, human error, like posting something on a forum like this, or emails sent to Gmail addresses, is way more likely to be the source of compromise than IME hack.

I'd love to be free of IME but I've given up on using 32-bit laptops.

I could of course buy a new laptop with Libreboot online, but I also think there's value to re-using old hardware, and it's much cheaper. A way to fight planned obsolescence. I have to use Debian Testing with non-free drivers for the backlight to work, so not super compatible with 100% free drivers. That Crimethinc post that was pinned also makes about about recycling computers:

»1. Manufacture no new computers, but use existing resources to maintain current machines.«

Any experience getting rid of IME? Or finding laptops without it? (It's only 32-bit ones, right? With max 2GB mem, right?! Ouch)

The issues with systemd should be the same than on Debian or any other systemd based Linux.

My main issue with systemd is that it's not fast. Alpine's Openrc is super fast, but you have to add the startup apps on the commandline. That's not for everyone.

I don't run modern Gnome because it makes my laptop crawl. mpv dropped Gnome support for a while and just refused to run. But for people who have newish laptops, Gnome is really slick, and everything just works: backlight brightness, bluetooth, redshift, dark theme, laptop lid settings, volume buttons, multiple speakers and screens, even window tiling layout (where xfce and lxde and all non-tiling window managers are just shite), keyboard layout with multilingual compose key, advanced touchpad config, package management "app store"-lookalike. I think Gnome developers are doing interesting stuff, and I'm glad it exists, but I wouldn't use it myself.

3

lautreamont wrote (edited )

Afaik the System76 laptops are top-tier hardware that come with Coreboot (or Libreboot?) preinstalled, so no IME. They're expensive tho.

There's the Pinebook that's cheap tho also has quality control issues, being made in China (eek). Rockchip and ARM Chromebooks seem to not have IME as well, and aren't too pricey.

If you want a complete Linux without systemd I can recommend Artix, or Devuan, or even that funny old Puppy Linux.

3

celebratedrecluse wrote

why not? I assume it periodically uploads data of interest whenever online.

3

lautreamont wrote

data of interest

The key part, here.

2

celebratedrecluse wrote

Eh, with gigabit becoming more common in many places, and 5G mobiles, it's trivial for network operators with root access to your device to upload whatever they want in the background. There are even economic contractual ways that this has been priced into agreements, eg youtube or spotify making deals with a mobile provider to not charge data for their traffic on the user's data account.

3