this post was submitted on 11 Sep 2024
838 points (98.2% liked)

196

16597 readers
3156 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Andromxda@lemmy.dbzer0.com 1 points 2 months ago (1 children)

GrapheneOS hardened_malloc is great though

[–] Lemongrab@lemmy.one 2 points 2 months ago (1 children)

So is most of my "nerd voice" bad response. It just isn't for everyone, or very accessible to the majority of people. Only if you specialize in, or work a lot with, operating system security/privacy is it viable. I hope it becomes more accessible. Troubleshooting fuckin sucks.

[–] colin@lemmy.uninsane.org 1 points 2 months ago

troubleshooting sucks, and also, the default security model of desktop linux terrifies me. i legitimately don't understand how i can be running all this random code off the internet without being pwned. i figure i probably can't, and that it's really just a matter of time until something real bad happens.

i went down the "sandbox everything" rabbit hole, and 6 months later random stuff still pops up like "trying to connect to an IPv6 link-local address at this LAN party... wait why don't i have an IPv6 link-local address? i know IPv6 connectivity works fine when i'm at home." turns out those NetworkManager hardening patches i've been meaning to upstream forever break SLAAC, and now i'm too worried what other edge-cases they break to try pushing them upstream, and now i understand why distros all run these things as root with access to way more resources than they probably need 🫤