|
bad names for open sores projects is just par for the course though. and "fedora" is still miles above stuff like "GIMP"
|
# ? Apr 7, 2021 15:05 |
|
|
# ? Apr 18, 2024 14:00 |
|
I am willing to give them the benefit of the doubt that they named it "fedora" back when they were more associated with Indiana Jones than horrible nerd-ogres, although that suggests they may have had something to do with creating the association
|
# ? Apr 7, 2021 15:25 |
|
Last Chance posted:bad names for open sores projects is just par for the course though. and "fedora" is still miles above stuff like "GIMP" *the GIMP
|
# ? Apr 7, 2021 15:26 |
|
Rufus Ping posted:*the GIMP *muffled voiced thank you* Last Chance fucked around with this message at 15:59 on Apr 7, 2021 |
# ? Apr 7, 2021 15:52 |
|
Truman Peyote posted:I am willing to give them the benefit of the doubt that they named it "fedora" back when they were more associated with Indiana Jones than horrible nerd-ogres, although that suggests they may have had something to do with creating the association red hat was using the fedora as a logo back in the 90s when they were the hat of indiana jones, cold war spies and your grandfather, and the fedora distro was back in 2003, before they were associated with neckbearded fatlords iirc, weirdbeard nerds started wearing them in the mid-00s because they thought it made them look rugged and distinguished, when in reality, it had the opposite effect
|
# ? Apr 7, 2021 16:09 |
|
DoomTrainPhD posted:lmaoooo why would you admit this? SELinux is security theater.
|
# ? Apr 7, 2021 16:26 |
|
Agreed, please use grsec rbac
|
# ? Apr 7, 2021 16:45 |
|
The_Franz posted:red hat was using the fedora as a logo back in the 90s when they were the hat of indiana jones, cold war spies and your grandfather, and the fedora distro was back in 2003, before they were associated with neckbearded fatlords you’re about a half decade late, it was already well established by 04, viz http://achewood.com/index.php?date=11012004
|
# ? Apr 7, 2021 16:54 |
|
The_Franz posted:neckbearded fatlord tyia mods
|
# ? Apr 7, 2021 17:03 |
|
Voodoo Cafe posted:though it is needs suiting and what i use at home; honestly the most offputting thing about fedora is the name I felt much more comfortable telling normal people I was using Arch Linux or Debian rather than Fedora. what a relief!
|
# ? Apr 7, 2021 17:16 |
|
Sapozhnik posted:SELinux is security theater. lmao you have no idea what SELinux does.
|
# ? Apr 7, 2021 17:17 |
|
I have every idea of what SELinux does. I have written modules in their stupid little Type Enforcement language to make normal use cases work correctly. SELinux is security theater.
|
# ? Apr 7, 2021 17:21 |
|
v
FlapYoJacks fucked around with this message at 21:51 on Apr 6, 2022 |
# ? Apr 7, 2021 18:10 |
|
SEcFight!!
|
# ? Apr 7, 2021 18:12 |
|
all the world's a stage, and all the computer touchers merely players
|
# ? Apr 7, 2021 18:12 |
|
DoomTrainPhD posted:You are talking to the guy who maintains a lot of the SELinux packages for Buildroot and has contributed to the main SELinux project for years. So please, do tell, how is SELinux security theater? lol imagine being proud of Linux as anyone other than Axl Torvalds himself
|
# ? Apr 7, 2021 18:15 |
|
What is it with yosposters who are into buildroot and smugly overusing
|
# ? Apr 7, 2021 18:27 |
|
Phobeste posted:What is it with yosposters who are into buildroot and smugly overusing I'm pretty sure I am the only person who uses or develops for Buildroot in this neck of the internet woods?
|
# ? Apr 7, 2021 18:33 |
|
Sapozhnik posted:SELinux is security theater. aww yiss here we go
|
# ? Apr 7, 2021 18:35 |
|
These conversations always go the same way: - SELinux is security theater! - No, it isn't. - Yes it is! It doesn't stop hackers! - That's not what SELinux is supposed to do, it's damage mitigation IF someone hacks into your computer machine. * Other person stops responding *
|
# ? Apr 7, 2021 18:39 |
|
DoomTrainPhD posted:I'm pretty sure I am the only person who uses or develops for Buildroot in this neck of the internet woods? multiple yocto users though
|
# ? Apr 7, 2021 18:53 |
|
Damage is mitigated by isolating services into separate virtual machines and then issuing easily-revocable service tokens to those virtual machines. If you cannot do that for whatever reason then at least logically isolate them into containers. In any case, if a service has no need to access something then that something shouldn't even be visible. If a VM gets broken into then you terminate the VM, do a post-mortem to find and fix whatever vulnerability was used to gain access and (ideally) check your audit logs to see what data its service tokens were used to access. The POSIX security model of elaborate OS-level access control lists governing multiple principals' access to a global resource namespace is a fundamentally broken one.
|
# ? Apr 7, 2021 19:04 |
|
Ah gotcha. Just take every service that is running on your desktop and isolate every single one into a VM or a container. Bing bong so simple lmao.
|
# ? Apr 7, 2021 19:05 |
|
DoomTrainPhD posted:Ah gotcha. Just take every service that is running on your desktop and isolate every single one into a VM or a container. Bing bong so simple lmao. That is Qubes
|
# ? Apr 7, 2021 19:11 |
|
IDk anything about this stuff, but if someone hacks/gains root into your computer, can't they just turn off SELinux?
|
# ? Apr 7, 2021 19:14 |
|
Well, that's what Qubes does but Qubes is a little extreme. If I'm running something on my desktop then my main security concern is the credential store within my web browser. Web browser developers address this concern by decomposing the web browser into isolated communicating processes and applying mitigations like syscall allowlists, return address stacks, ASLR etc. For whatever reason SELinux doesn't really seem to factor into that. Desktop applications and services on Linux are increasingly being run from a variety of isolated execution environments. Flatpak for desktop applications (with portals that allow the user to expose individual files from their personal filesystem), systemd sandboxes, or various forms of OCI containers if it's something that runs in the background (although distros don't generally package services in OCI format out of the box, but there's nothing preventing them from managing their own container registries and in fact Red Hat does just that). That being said Android does make use of SELinux to isolate applications from each other, but Android is very different from a normal POSIX system. Also individual Android applications are not given the opportunity to define their own SELinux policy as far as I'm aware.
|
# ? Apr 7, 2021 19:16 |
|
Last Chance posted:IDk anything about this stuff, but if someone hacks/gains root into your computer, can't they just turn off SELinux? Depends on how they got root. Did they just ssh into your computer? Then they have the correct security context to turn it off. Did they hack in through httpd? Then they do not have the correct security context and cannot turn it off. Also, it can create a log entry that (if logs are monitored) will get them shut down
|
# ? Apr 7, 2021 19:18 |
|
yes, buildroot, quite a popular desktop distribution
|
# ? Apr 7, 2021 19:19 |
|
It should be pointed out that LSMs are frequently applied to VMs as well. Even in Ubuntu, you have apparmor applied to your VMs. The whole point of adding this extra security layer is defense in depth. Make it harder for hackers to get anything done. Is it worth it to develop selinux for your package? It depends. As long as someone is willing to pay well enough for its development (either because of precautions or regulations) it is worth doing. EDIT: Here is a redhat article about locking down containers with selinux. That might be more your style. https://access.redhat.com/documenta...s_using-selinux sb hermit fucked around with this message at 19:41 on Apr 7, 2021 |
# ? Apr 7, 2021 19:33 |
|
remains kind of true that on a single desktop installation it is very unlikely that you'll have anything of value outside of your own home directory, and it is also unlikely that you'll get owned as anything but your own user account. but it also remains true that a pure desktop install of linux is incredibly rare compare to the universe of all linux installs.
|
# ? Apr 7, 2021 19:54 |
|
sb hermit posted:
Epic this, udica is really nice
|
# ? Apr 7, 2021 19:57 |
|
Rufus Ping posted:*the GIMP mystes fucked around with this message at 00:48 on Apr 8, 2021 |
# ? Apr 8, 2021 00:44 |
|
mystes posted:It seems like they've at least finally stopped using the "the" after a billion years. They really just should have changed the name entirely, though, because the fact that they went out of their way to gleefully insist on using the "the" for so long makes the whole name incredibly toxic and offensive. looks like the latest of the periodic rename forks is wandering off into rust rewrite land
|
# ? Apr 8, 2021 00:47 |
|
remember bitchx or gently caress
|
# ? Apr 8, 2021 00:47 |
|
PCjr sidecar posted:looks like the latest of the periodic rename forks is wandering off into rust rewrite land
|
# ? Apr 8, 2021 00:49 |
|
ok has there been any successful rust rewrites like, anything at all?
|
# ? Apr 8, 2021 00:58 |
|
carry on then posted:remember bitchx this one's good
|
# ? Apr 8, 2021 00:58 |
|
carry on then posted:ok has there been any successful rust rewrites the llvm frontend used to compile rust was successfully rewritten from C to rust
|
# ? Apr 8, 2021 01:01 |
|
they use gimp at the library system where I live and the name is upsetting to the library workers who have to use it without knowing the entire backstory of GNU, how lennart got us in this mess, etc. this is the kind of workplace where everyone has to participate in various cultural sensitivity trainings regularly, so I can see how it would be jarring.
|
# ? Apr 8, 2021 01:01 |
|
|
# ? Apr 18, 2024 14:00 |
|
discord had a good article about rewriting their server stuff from go to rust
|
# ? Apr 8, 2021 01:02 |