Is Linux Actually More Secure?
The boys return to talk about Linux security. It sounds dull, but we’ll have a good time. Promise.
👇 PULL IT DOWN FOR THE GOOD STUFF 👇
==== Special Thanks to Our Patrons! ====
https://thelinuxcast.org/patrons/
===== Follow us 🐧🐧 ======
MERCH – https://shop.thelinuxcast.org
Discord – https://discord.gg/62RPDBMH8W
Odysee – https://odysee.com/$/invite/@thelinuxcast:4
Mastodon- https://fosstodon.org/@thelinuxcast
Subscribe at http://thelinuxcast.org
Contact us email@thelinuxcast.org
https://facebook.com/thelinuxcast
Telegram Group – https://t.me/+9lYoIuLh0JIyMzcx
Matrix – https://matrix.to/#/#the-linux-cast:matrix.org
Tyler – https://bit.ly/3wk9LNy on Odysee , https://youtube.com/ZaneyOG on YouTube and on Discord https://discord.gg/bpyzraKDJC
Drew – https://odysee.com/@justaguylinux:c on Odyssey, https://youtube.com/JustAGuyLinux on YouTube, https://fosstodon.org/@justaguylinux on Fosstodon.
https://youtube.com/thelinuxcast
Patreon – https://patreon.com/thelinuxcast
PayPal – https://paypal.me/thelinuxcast
Kofi – https://ko-fi.com/thelinuxcast
Logo Courtesy of pedropaulo.net
Intro Courtesy of https://www.fragcgi.com/?i=1
[show notes]
https://gitlab.com/thelinuxcast/podcast-files/-/blob/ccbbd8ac3bfea2d98b4957821133bf4759cd8641/notes/Season%208/815.md
[time stamps]
0:00 Intro
1:50 Our Week in FOSS
2:00 Tyler’s Week In FOSS
6:27 Drew’s Week in Linux
8:04 Matt’s Week in FOSS
17:09 Is Linux Secure?
1:10:14 Nuggies of the Week
1:10:38 Drew’s Nuggie
1:11:44 Tyler’s Nuggie of the Week
1:14:38 Matt’s Nuggie
1:16:01 Contact Info and Goodbyes
by The Linux Cast
linux foundation
I've done plenty stupid stuff. 😊
Yes it is.
what isnt safe is your health, spend some time in the gym
Linux is more secure than Windows. Windows has had a malware problem for years.
No. End of discussion. It's a huge house of cards built on top of trusting random strangers (to write and package everything on your system), while being obscure enough that very little malware is written for it. And the malware just needs user access to exfiltrate all important user documents, so any app or script you use can steal your data, which is exactly what we saw with multiple Linux desktop malware in Snaps, AUR, pypi, npm, libxz, etc. We don't have any antivirus (yet!). It just means we gotta be smarter than Windows users to stay safe.
Firewalls only help against external hackers. The only hacks I had were internal: I used an insecure web link and the other was a colleague sending me an old photo and the double click on the photo did not display a photo, but had some strange screen effects. In both cases I used OpenZFS to rollback to the last snapshot. Next day my colleague emailed me, that he had been hacked and the hacker used his email addresses. My security contains the following measures:
– the 2nd WiFi router is used for all my PCs. Firewall closed for inbound traffic and admin access only allowed for the MAC address of my Laptop or Desktop.
– All apps are moved to VMs and only one VM has open ports for internal communication with other PCs and phones.
– OpenZFS stores VMs and Data and I use snapshots to rollback a failed upgrade or a hacked VM. OpenZFS shared data is for communication between VMs.
– Banking VM is exclusively used for that purpose and the VM is encrypted.
– Backups systems are only powered on, when needed for backup or restore.
To improve:
– better partition the access of VMs to shared data, the 3 chunks are too big.
– never use the Host OS (minimal install of Ubuntu) for browsing, use a separate VM for it. I have a separate VM, but I only use it occasionally, because the CPU load gets high ~40% (Ryzen 3 2200G). In the summer I will upgrade to a Ryzen 5 5600G, which is 3x faster. I intend to use the half-year releases for browsing, so I always dump it after 6 months. LTS releases I replace after 2 years and locally I still use a Windows XP VM installed and activated in March 2010 🙂 🙂
Hello, and thank you.
I don't distrohop, since 2008 I use Ubuntu. If I want to have a look at a distro, I use a VM 🙂
Immutable system for dumb friends and relatives. I have to deal with 5 people next year switching to linux. They all will be on silverblue because they are the trusting the talking fairy asking for their credit card kinda people.
So weird watching a dude sucking on a piece of plastic all video long..
I made it so sudo and polkit dont bother me for password. I know its bad but I do it anyway lol.
"So…is it safe?" ~ "Marathon Man" quote 🙂
i got like 2 subs and i have not made anything for 10 plus years
Android is immutable overlay, and it doesn't stop hacks. It's important to containerize the browser now. But in Linux, it's all approachable, unlike a proprietary OS. At least you can see yourself getting screwed. There's no services I can't turn off. I'm more comfortable with the situation. Toolbox, distrobox, podman has given me an extra level beyond immutable. Scripts are dangerous, python. You gotta file watch that. Write a filewatcher that uses sqlcipher instead of sqlite or another script. I wouldn't know what to not scan in Windows.
Great pod; nice to see Drew on there as well. Thanks guys!
you can not compare WIN/MAC with LINUX, Linux is man made!!!
Can you guys write down nuggies of the week? Edit them as text into video, put them in video description or pin them in comment section? Because I'm European[Poland] and it's sometimes hard to figure out what the exact correct name of nuggie is
What's wrong with Calibre?
Nixos is not a corporate distro, it’s govern by the Nixos foundation that can take donations from companies. It’s community distro similar to Debian.
27:45 its not about being lazy, but about not being paid to do that…
I check the checksums and signatures of iso every time before loading it on my ventoy usb thumb drivers.
Aerospace is a recent window manager for macOS that works pretty well! The rest have never been worth using for me but it at least lets you have a decent i3 clone on the mac. The new window vs new app instance is the only pain that I run into but has workarounds.
This is completely off topic but, I've been on Linux for 16 years and it's always been exciting seeing new apps, features, kernel updates, but holy crap is Linux boring now in 2024. Is it just because I run Debian and everything just works and never breaks or is it like this for everyone?
OOTB? Most distros are actually less secure.
Not to mention some combinations that some users do. For example using X11 which is completely insecure, with no process isolation whatsoever, and running firefox which is also way less hardened than chromium browsers and with very poor sandboxing.
Flatpaks which as you said come with too many permissions by default.
It' not moore secure
26:40 This is what reproducible builds are trying to solve, so the software binary is the same across distros
I would be okay with more background fan noise.
✅️
"It depends"
bit of a stickler coment but shuld you not add there youtube links in bio? sure i could just search my self.
I check my checksums on my iso's, every time, all the time.
Hi and thanks.
Help support the pod! https://patreon.com/thelinuxcast . Weekly exclusive podcasts!
0:00 Intro
1:50 Our Week in FOSS
2:00 Tyler's Week In FOSS
6:27 Drew's Week in Linux
8:04 Matt's Week in FOSS
17:09 Is Linux Secure?
1:10:14 Nuggies of the Week
1:10:38 Drew's Nuggie
1:11:44 Tyler's Nuggie of the Week
1:14:38 Matt's Nuggie
1:16:01 Contact Info and Goodbyes