My Keyoxide Idendity:

aspe:keyoxide.org:TJXAWXPMSAG6VPARJQRWNB2TPA

  • 39 Posts
  • 1.24K Comments
Joined 8 months ago
cake
Cake day: April 11th, 2024

help-circle





  • Yeah because Flatpak firefox is damn insecure!

    Please dont use it. Firefox devs dont care. Flatpak restricts browsers from spawning “user namespace” sandboxes for filesystem isolation.

    Chromium uses a fork server (zygote) and breaks when it cannot spawn these sandboxes. So developers created zypak, which allows to isolate processes using bubblewrap, the Flatpak sandbox.

    Firefox just runs without a sandbox, and doesnt have a fork server, so nobody cares.

    Without process isolation, you have less duplicated content. This saves space but IT IS INSECURE.

    Please use a non-Flatpak Firefox version.

    There is no reason why a “Zen Browser” should use less RAM than Firefox.


    • use a non sudo user for the user
    • somehow get the IP address of that laptop all the time. There are dynDNS solutions like this where the client just needs to automatically download a certain file daily and you know his IP, my implementation is here.
    • have ssh access to root with a ssh key. The usual hardening, fail2ban, block using passwords
    • open the port for ssh on the clients system

    If something goes wrong, login via ssh (you know the dynamically changing IP) and remove a directory or the entire user.

    You cannot avoid that a user would copy files from there to a usb stick. Well you could, by using usbguard. Works really well in my experience, just prevent nonsudo users from adding new devices.

    And then you need to prevent the user from booting another system, or taking out the SSD and reading it. TPM and boot lock is the right thing here.








  • What would you expect?

    The tor network has more common stuff, drugs etc.

    I2p meanwhile is just really good for anonymity. I think using it for messengers is the best use. I was able to find a bunch of stuff, and yes unlike the dark web this would mostly be also there on the clearnet, mainly because there is no such business on i2p I guess

    Just random people offering services for free, a few pads, pastebins, fileservers

    You can find quite some cool stuff actually, but I think the main advantage is using it for messaging

    And unlike i2p, i2pd also doesnt really use much battery? I could totally keep that on all day




  • Anyone can host a site. Just keep it up for like a month without a pause so that it can be discovered.

    Then go to a domain registrar and get a domain name. I2p sites have BASE32 names, kinda like onion addresses. But they can also use shorter names like postman.i2p

    If you register such a name, the site will become more discoverable as those registrars likely share the sites, you might appear in some lists, people connect to you, add you to their address book and forward stuff to you.




  • Oooh crazy!

    You didnt layer aurora on bazzite, you rebased.

    This is very problematic and I didnt know this could happen. OCI images dont have a concept of “removing packages”. Instead, they are always removed on the local system.

    The firefox issue is uBlue people being weird. They remove it, preventing anyone from installing it. Instead you need to use the firefox tar archive from their website, works well too but is kinda random as you need to place it in some nonstandard folder.

    Steam is interesting. Please report that. I am not sure how these things work but my theory is that the installer (anaconda) wrote the system to your PC with the default configuration (with steam).

    Then you rebased to Aurora but the system was still originally Bazzite. Which is odd, ai thought there was no such state. Please report that to them!

    My idea is to rebase to their main image and then back to aurora. This may remove this steam error. The main images also still have firefox and just the codecs etc added, so I can recommend them.

    UBlue removed the instructions on how to do that from their website with the redesign.

    Use the rebase command you used, but use ublue-os/kinoite-main:latest instead of ublue-os/aurora:latest in the rebase command.

    Then rebase back to aurora after a reboot. But tbh I didnt like Aurora it is weird and kinda random. I like ujust and yafti though. I am on Fedora Kinoite with a huge set of layers. Works very fine too, still worlds faster than Windows updates LOL