I know this is a joke but for anyone reading: Linux has many advantages and is great but is NOT immune to viruses or exploits.
Though there are very few of them… at least regarding virurses.
That isn’t true at all.
Source: My job is hardening Linux servers against cyber security threats.
Hardening a server is not the same thing as running vulnerable operating systems.
According to NIST it is:
You have to harden servers because they’re vulnerable.
That’s because of the function of a server running those services. A desktop isn’t running services.
Desktops absolutely run services that can be vulnerable.
At my job we are looking to use a hardened ubuntu image but not sure what to pick. Got any recommendations?
Are you guys using an AMI, or is this for physical servers? The NEMU images for RHEL on AWS are pretty solid, although I’m working on building one from scratch for our move to RHEL9
We are using an AMI on aws for Ubuntu right now. We need to stick to Ubuntu also since our product is tested on that distribution and so on. What about hardened Ubuntus?
I belive that they have hardened Ubuntu images as well.
Does it have to be Ubuntu, or would Debian be fine? If Debian is fine, check out KickSecure.
I think desktop Linux was implied. You don’t browse porn from servers. Mostly.
Tf does the “mostly” mean??
Because you CAN browse porn from server.
All jokes aside, using Linux really does bring some peace of mind when it comes to malware.
While Linux malware certainly exists, it’s nowhere near as prevalent as Windows one, so that’s one less headache to give serious consideration to.
once linux is more common, that will change for the worse
Probably still not as bad as Windows due to open source nature
After all, there’s plenty of Linux servers around, hacking them can be a huge market, so there already is an incentive to hack into Linux.
Also, it’s a bold assumption that Linux will overtake the desktop market the way it did with servers in any reasonable timeframe.
Just wait until Windows 10 drops support, we’ll probably see a 2%-4% increase within a year. Who knows, maybe more. I was fine with Windows 10, but when I made the move to Windows 11, I said fuck no. It’s what made me switch to Linux as a daily operating system. I’d say with tools like ChatGPT, it will make it much easier for your average joe to switch over. Windows has reached peak enshittification. Do more, teach people, show people how much money they can save.
I already convinced the company I started working at to replace their outdated BIOS firmware with Coreboot. And soon, we’re going to start using Proxmox VE on all of our machines. We have about 40-50 computers, and we’re going to install it on every single one of them (edge virtualization) and manage it them all from a server. Once that’s done, we’ll have even a bigger incentive to switch to Linux. I’ll also soon setup Nextcloud with OnlyOffice, as a replacement for Microsoft Office. I hope to see us transition over fully.
They probably spend around $5000-$6000/more a year in licensing for software. Once we have all Free Software, I think it’ll truly be better for the long run. Sure, a couple issues with people getting used to it, but these are short term issues, down the line we can save so much money and have better security/privacy.
That’s very generous and optimistic considering the amount of people who promised to switch to Linux once Windows 10 came around, and later when Windows 7 support was dropped. Though I wish it were true.
Great to know you switch to open software! One point to note though: you might need more expensive system administrators or some support service for your Linux setup. The issues will still arise, and you need for someone to solve them very quickly - something that is normally part of commercial offerings. Also, it would be super cool to set up some cash to support the devs.
Yeah, the story is gonna be pretty much the same. 0.01% will switch, the rest will just rant and buy new hardware.
Linux is now at 4% of all installations so far in 2024 - the highest it’s ever been. And there is also an uptick in desktop installations as it seems people are moving away from Windows, (Thanks Win11!), and Apple.
But it remains to be seen how many of these new users actually stick to a distro as an everyday driver. I’ve been living the “year of Linux” for 30 years now.
You did get extra cash for this work, right? Or was it part of the job?
I’m a low level IT Support Specialist (it’s my first IT job), I honestly just recommended all these and my boss wants to go through with it, plus it’s something I love to do. In the coming weeks we will start to implement Coreboot w/ LinuxBoot and Proxmox onto most of our machines. I’ve messed with Coreboot a lot, not a dev, just good enough to build/customize and install it for them. I honestly want to see the world change, I mean hell yeah money is great too, but at the end of the day, all I want is for other companies/people to see that this way of doing computing is much better. Sure, you may have to get through the hurdles of learning it, but if you have someone to guide you it makes it so much easier. Now imagine if everyone used it, everyone could lend a helping hand.
OK, you’re young, I get it.
No way am I doing that for free.
I work in IT too BTW… just not as young as you.
I mean I already get paid for the work I do, I make $55K/year currently. Should I be asking for more?
I obviously know nothing about your business but this sounds like a mistake from an outsider’s perspective. Enterprise software exists so companies can call somebody and get help when something goes wrong. Also more people are familiar with Windows and Microsoft Office so it’s much easier to onboard new employees and find IT Administrators who can support their environment and keep things running smoothly.
I think the setup you’re describing will cost more in the long run because your company will have to find people with more specialized knowledge to help maintain everything.
I love Linux and open source software but I also think they should only be used when they fit the need.
We’re going to buy the enterprise support plans for Nextcloud and Proxmox. I understand that some specialized knowledge would be needed, but we’re making guides for it where anyone can do it (guides for flashing Coreboot, setting up Nextcloud, etc., this will be a guide for my boss for him to look back on). We will test this through slowly and try to see if this is something we can realistically do or not.
XZ
That is gonna be fixed… eventually.
Even open-source systems can sometimes get vulnerabilities and backdoors - except for them it’s big and rare news rather than everyday occasion.
Also, it’s the open-source nature that allowed to spot the backdoor relatively early.
At that point BSD will take the place of linux I guess.
And TempleOS will take the place of BSD.
Millions of colors and separated CPU ring privileges are overrated anyway.
And Plan9 will take the place of BSD, and TempleOS will take the place of Plan9?
Plan9 is probably really secure due to its obscurity. Any malware that targets Linux, Unix Windows, or Mac would do absolutely jack shit to Plan9 because it’s so much different.
I have yet to see a person that uses an AV on his Linix install.
i have clamav on mine
Has it found anything that can run on Linux?
it’s picked some stuff out of my proton prefixes. but i think those were false positives
Yeah, fasle positives.
Yeah. Sometimes I wonder why anyone would bother :D
I have a virus on my pc. It’s called Arch Linux. I love how they brought over one of the most prominent features from windows: system degradation over time. Not every Arch issue can actually be solved without a reinstall unless you’re one of the top percentile Linux gurus that understands everything there is to know.
Seriously. Even Gentoo works better after 3 years of use than an Arch Linux installation.
Try Void, thank me later.
did…did you really started using linux because of porn?
Of course not, it was because I really liked this girl, and she used Linux too.
GNU/rizz
lmao, this is unironically the reason one of my exs stared using Linux. Because I kept hyping it up so he figured it was a good bonding activity to learn it. To my knowledge he still uses it.
I was actually kidding… I don’t know any girl that uses Linux 😔.
Then allow me to introduce myself.
Not that I’m a Linux pro, but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.one of us one of us one of us
but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.
this is such a mood lmao
Will you marry me 😊?
/s I’m already married, just said it for the joke 😂… not happily though, so there’s always a chance 🤣🤣🤣.
I’ve learned the dumb way going for married people is always a bad idea regardless of the status of the marriage, so I must politely decline.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
Lol 🤣, this is why you are, you’re funny 😂.
Seriously though, I completely agree with you. I was just kidding anyway, that is completely my problem to have and/or solve, don’t need to drag others with me.
relationship is temporary, linux is eternal
goals
Takes all types I guess.
But maybe take OP’s distro recommendations with a grain of salt…
I use Void BTW.
Instruction unclear, put a pound of salt into the void
It was not a hard choice.
I mean, I’d wager it specifically was a hard choice.
I mean, if OP is going to the type of websites that have that significant of a risk of hacking him, he’s pretty deep into the depravity.
That’s… quite the dedication. I personally just never downloaded things or ran random executables from porn sites, but hey… who am I to judge, I guess
There’s always a risk of JavaScript breaking out of the sandbox and crap like that. Browser vendors do their best to protect against things like that but security is often a trade-off for speed and people like fast software, not to mention browsers are huge and complex and they’re going to have vulnerabilities. A browser’s whole job is to execute remote untrusted code, do you trust it that much to be flawless?
… I mean, I don’t but I use it anyway so ¯\_(ツ)_/¯
Linux security noob here but can’t you just run the browser in a chroot with everything isolated?
Yeah, that should work too… but you don’t get to see any of your local files…
Made a Nix library for this. For a simple setup you can just build this (untested) and run the result:
import ./encase.nix { name = "firefox"; rw.home.nathan = /home/nathan/home-for/firefox; # other dependencies it might need... tmp = /tmp; # fresh tmpfs for this sandbox network = true; command = pkgs.firefox; }
It doesn’t have user isolation yet, so if it escapes the browser and the chroot (which doesn’t have a
/proc
unless you setproc = /proc;
, and runs in a PID namespace either way) your files are still at risk. However, this is still pretty secure, and you can run the script itself as a different user (it creates a new UID namespace so chrooting can be done without root).
I mean, yeah, sure. But at this point, if that’s really a worry, one should not trust any sandbox. OSes are huge and complex and will have vulnerabilities too. Hell, there could be a xz level backdoor currently in the wild and nobody knows any better lol
Right, that’s where OP comes in - most malware will be made for Windows, so if you visit such a malicious website, it’ll likely be inert under Linux!
… I’m not saying this is a great reason to use Linux, but there’s at least a little bit of merit to it.
virus.exe has downloaded - Kalm
Wine opens up - Panik!
Btw, news and software sites are scarier in malvertising than porn sites.
Remember when Forbes loaded malware onto people’s computers after demanding they turn off their ad blockers? Cause I sure do.
That’s not really Forbes serving the malvertising intentionally. If your site hooks into a programmatic advertising stack, the risk of malware exists. This is from 2016, but it’s mostly true today. If a user is blocking ads and cookies and they disable their ad blocker on a specific site only, there’s little data to know about that user. So you get low $CPM on the bid which is mainly where the malicious ads win bids on actual quality sites. That’s why most top sites are very strict on who can bid nowadays.
Okay, serious question: which distro is the best for watching Pr0n? One that can handle multiple video streams with out slowing down would be great.
C’mon you nerds, help a degenerate out!
Any distro, I don’t think there’s a difference in this case
Boot off a live media every time you want to watch it
What about a VM in Windows?
Windows VM - even as hypervisor 1 - could leak any data. You need a revisited OS and kernel to be safe.
Edit: Once you accessed your network your firmware could possibly track everything as well. But nobody knows. Once I heard that the intel firmware has more LoC then the linux kernel (which is the most collaborated human project ever in existence).
Honestly I know nothing about security, I just wanted to say a funny thing.
I think a VM would work for most cases? There are ways for Malware to escape from VMs.
Similar thing would probably be a consideration with a live media boot, as Malware could infect another OS on the machine.
They’re clearly asking about performance not security
Performance wise every modern distro should be able to handle multiple video streams provided your pc has the resources.
Probably would also be doable off the live media?
I imagine there’d be a performance penalty if using a flash drive for the OS. Not sure though.
Most important stuff is loaded in RAM, so unless you’re downloading the stuff as well, you’re probably fine
Only boot performance if you have enough RAM. Linux’ pagecache can be quite agressive. I think with 4GB there won’t be evicted pages, but with 8GB there won’t for sure.
Yeah probably but it could be serviceable over USB C?
TAILS
Tail OS.
Why would you need multiple video streams for that?
deleted by creator
Gentoo
Not fedora, i had issues playing any Video file with the standart install. Something openh264 related
The real Linus Tech Tips (now with 100% less sexual harrassment).
The hook is being able to load it onto SBC and selfhosted servers without the hassle of buying a license to an OS and being also to configure it in a way beyond what someone in Redmond or Cupertino intended.
* Using Linux to access religious websites that have been proven more likely to hack you than porn websites:
Or making your own relious distro that out right blocks porn sites! 🤯
Why even allow access to the internet? When you can talk directly to God on the OS
This Post was made by the TempleOS Gang
also keeps the glowing nsa age …
uhhh i can’t do this … nts away
Sweet times, when I made malware running with WINE.
Wasn’t there a story about bug found in kernel because some malware kept crashing in wine?
Yeah, I think I can remember…
Lol, this is too funny to be real 🤣🤣🤣.
On the other hand, you really can’t make this shit up 🤣🤣🤣.
What is pzerorn
What?
It says p0rn and I want to know what pzerorn is
Oh, good question… I’ve always wanted to know what that is.
Cringe