I thought that’s a firefox exclusive feature. in which other programs did you see it work?
Computers and the internet gave you freedom. Trusted Computing would take your freedom.
Learn why: https://vimeo.com/5168045
I thought that’s a firefox exclusive feature. in which other programs did you see it work?
afaik USB can be used for serial, car diag programs often work like that too, so this might not be the problem
3 GB swap usage is usually very unpleasant in my experience when the swap is on a HDD. and no thabks, I won’t move the swap to the SSD to kill it earlier
19 GB cache is worthless after you have just moved a lot of files, large in total size. very few useful things remain in there, while your program will get swapped out unnecessarily
through a kernel parameter, or permanently through sysctl
and then I guess it can even be trimmed somewhat. delete the development packages, look through and filter the unneeded larger ones, …
I guess you can do that on Linux as well by disabling kvm passthrough of the GPU to the VMs.
I think it is disabled by default, and you would need to enable it for a specific VM. as I know, the GPU can rarely be shared to multiple VMs
I think QubesOS only does mitigations, not microupdates.
it may be possible to do it on Qubes too. I think the microcode updates are not OS-specific, but I’m not certain about this
do you mean this part?
However, some of the vulnerabilities of this class cannot be effectively mitigated without updated CPU microcode.
(https://osresearch.net/Heads-threat-model/)
linux can do microcode updates. I think what they wanted to mean is that the general mitigations (the retpolines and the page table isolation they mention near it) are what is not enough
my PC constantly awakening from standby
why do you think that’s caused by plasma? I don’t think it would intentionally wake itself up. Did you check the same kernel version with gnome?
which frontend allows that?
as I know piped and invidious have their own account system, and by following their attempts to regain access to youtube content I would think that if they allowed login with a google account, that would place the account in danger of getting blocked for good
to be targeted through an old ThinkPad.
I’m not convinced that this needs targeting. At the same time, you can’t know if any of the former owners was an important person, or in the environment of one, just as you can’t know what removed did they install entirely carelessly.
These old bricks don’t get microcode updates for the CPU which means you will be vulnerable to many Spectre and Meltdown attacks. QubesOS can mitigate it to some degree such as by disabling hyperthreading, but QubesOS can’t mitigate it completely, only microcode updates can and these old bricks don’t receive them.
as I know linux is capable of loading its own, updated cpu microcode at boot time. I’m not sure if it’s being done by default, but this article probably means that it isn’t
but the main thing is that built-in microcode version is probably not that bad of a problem if you take care of it
keep in mind that phone number privacy does not mean that they don’t get your phone number, but that the official app does not reveal it.
but then, they have probably found you either by phone number or from a group
Which which one?
netfilter, iptables, or one that is based on them
Firewalld isn’t a GUI
that’s right, but it has an official GUI: https://firewalld.org/documentation/utilities/firewall-config.html
I haven’t tried opensnitch.
it has per-app rules, and can show a popup for programs that don’t yet have a rule. you can also limit the access by time, destination, and port
DKMS is setup, and I still have to plan my kernel upgrades due to the compilation time.
in my experience every kind of update requires planning and a reboot because incompatibilities between new libs and already running older programs will cause problems. but DKMS may help in making it less of a work
hmm. I have to admit I don’t understand the difference. on windows it’s the desktop folder, plus a few separate icons to system utilities with some way to filter them. did you mean that?
requirement of the root password? why would it need that, when it normally doesn’t? to clarify, I didn’t mean the “sudo reboot” command, but the reboot button in the KDE application launcher
solution: use their tor hidden service instead. It’s for exactly that
what parts of it do you miss exactly?
can’t you change the compression algorithm, or its compression level?
but yeah it would be much better if we could set it on a per-file basis, and also on demand so that it can compress/decompress a file in place
any of them could make it work through FUSE
for me it doesn’t work in telegram and notepad++, but does in word. this seems to be a program-specific feature though, not an os-specific one