I know this is a joke but for anyone reading: Linux has many advantages and is great but is NOT immune to viruses or exploits.
Though there are very few of them… at least regarding virurses.
That isn’t true at all.
Source: My job is hardening Linux servers against cyber security threats.
Hardening a server is not the same thing as running vulnerable operating systems.
According to NIST it is:
You have to harden servers because they’re vulnerable.
That’s because of the function of a server running those services. A desktop isn’t running services.
Desktops absolutely run services that can be vulnerable.
At my job we are looking to use a hardened ubuntu image but not sure what to pick. Got any recommendations?
Are you guys using an AMI, or is this for physical servers? The NEMU images for RHEL on AWS are pretty solid, although I’m working on building one from scratch for our move to RHEL9
We are using an AMI on aws for Ubuntu right now. We need to stick to Ubuntu also since our product is tested on that distribution and so on. What about hardened Ubuntus?
I belive that they have hardened Ubuntu images as well.
Does it have to be Ubuntu, or would Debian be fine? If Debian is fine, check out KickSecure.
I think desktop Linux was implied. You don’t browse porn from servers. Mostly.
Tf does the “mostly” mean??
Because you CAN browse porn from server.
did…did you really started using linux because of porn?
Of course not, it was because I really liked this girl, and she used Linux too.
GNU/rizz
lmao, this is unironically the reason one of my exs stared using Linux. Because I kept hyping it up so he figured it was a good bonding activity to learn it. To my knowledge he still uses it.
I was actually kidding… I don’t know any girl that uses Linux 😔.
Then allow me to introduce myself.
Not that I’m a Linux pro, but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.one of us one of us one of us
but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.
this is such a mood lmao
Will you marry me 😊?
/s I’m already married, just said it for the joke 😂… not happily though, so there’s always a chance 🤣🤣🤣.
I’ve learned the dumb way going for married people is always a bad idea regardless of the status of the marriage, so I must politely decline.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
Lol 🤣, this is why you are, you’re funny 😂.
Seriously though, I completely agree with you. I was just kidding anyway, that is completely my problem to have and/or solve, don’t need to drag others with me.
relationship is temporary, linux is eternal
goals
Takes all types I guess.
But maybe take OP’s distro recommendations with a grain of salt…
I use Void BTW.
Instruction unclear, put a pound of salt into the void
It was not a hard choice.
I mean, I’d wager it specifically was a hard choice.
I mean, if OP is going to the type of websites that have that significant of a risk of hacking him, he’s pretty deep into the depravity.
That’s… quite the dedication. I personally just never downloaded things or ran random executables from porn sites, but hey… who am I to judge, I guess
There’s always a risk of JavaScript breaking out of the sandbox and crap like that. Browser vendors do their best to protect against things like that but security is often a trade-off for speed and people like fast software, not to mention browsers are huge and complex and they’re going to have vulnerabilities. A browser’s whole job is to execute remote untrusted code, do you trust it that much to be flawless?
… I mean, I don’t but I use it anyway so ¯\_(ツ)_/¯
Linux security noob here but can’t you just run the browser in a chroot with everything isolated?
Yeah, that should work too… but you don’t get to see any of your local files…
Made a Nix library for this. For a simple setup you can just build this (untested) and run the result:
import ./encase.nix { name = "firefox"; rw.home.nathan = /home/nathan/home-for/firefox; # other dependencies it might need... tmp = /tmp; # fresh tmpfs for this sandbox network = true; command = pkgs.firefox; }
It doesn’t have user isolation yet, so if it escapes the browser and the chroot (which doesn’t have a
/proc
unless you setproc = /proc;
, and runs in a PID namespace either way) your files are still at risk. However, this is still pretty secure, and you can run the script itself as a different user (it creates a new UID namespace so chrooting can be done without root).
I mean, yeah, sure. But at this point, if that’s really a worry, one should not trust any sandbox. OSes are huge and complex and will have vulnerabilities too. Hell, there could be a xz level backdoor currently in the wild and nobody knows any better lol
Right, that’s where OP comes in - most malware will be made for Windows, so if you visit such a malicious website, it’ll likely be inert under Linux!
… I’m not saying this is a great reason to use Linux, but there’s at least a little bit of merit to it.
virus.exe has downloaded - Kalm
Wine opens up - Panik!
Btw, news and software sites are scarier in malvertising than porn sites.
Remember when Forbes loaded malware onto people’s computers after demanding they turn off their ad blockers? Cause I sure do.
That’s not really Forbes serving the malvertising intentionally. If your site hooks into a programmatic advertising stack, the risk of malware exists. This is from 2016, but it’s mostly true today. If a user is blocking ads and cookies and they disable their ad blocker on a specific site only, there’s little data to know about that user. So you get low $CPM on the bid which is mainly where the malicious ads win bids on actual quality sites. That’s why most top sites are very strict on who can bid nowadays.
Okay, serious question: which distro is the best for watching Pr0n? One that can handle multiple video streams with out slowing down would be great.
C’mon you nerds, help a degenerate out!
Any distro, I don’t think there’s a difference in this case
Boot off a live media every time you want to watch it
They’re clearly asking about performance not security
Performance wise every modern distro should be able to handle multiple video streams provided your pc has the resources.
Probably would also be doable off the live media?
I imagine there’d be a performance penalty if using a flash drive for the OS. Not sure though.
Most important stuff is loaded in RAM, so unless you’re downloading the stuff as well, you’re probably fine
Only boot performance if you have enough RAM. Linux’ pagecache can be quite agressive. I think with 4GB there won’t be evicted pages, but with 8GB there won’t for sure.
Yeah probably but it could be serviceable over USB C?
What about a VM in Windows?
Honestly I know nothing about security, I just wanted to say a funny thing.
I think a VM would work for most cases? There are ways for Malware to escape from VMs.
Similar thing would probably be a consideration with a live media boot, as Malware could infect another OS on the machine.
Windows VM - even as hypervisor 1 - could leak any data. You need a revisited OS and kernel to be safe.
Edit: Once you accessed your network your firmware could possibly track everything as well. But nobody knows. Once I heard that the intel firmware has more LoC then the linux kernel (which is the most collaborated human project ever in existence).
TAILS
Tail OS.
deleted by creator
Why would you need multiple video streams for that?
Gentoo
Not fedora, i had issues playing any Video file with the standart install. Something openh264 related
The real Linus Tech Tips (now with 100% less sexual harrassment).
The hook is being able to load it onto SBC and selfhosted servers without the hassle of buying a license to an OS and being also to configure it in a way beyond what someone in Redmond or Cupertino intended.
* Using Linux to access religious websites that have been proven more likely to hack you than porn websites:
Or making your own relious distro that out right blocks porn sites! 🤯
Why even allow access to the internet? When you can talk directly to God on the OS
This Post was made by the TempleOS Gang
also keeps the glowing nsa age …
uhhh i can’t do this … nts away
Sweet times, when I made malware running with WINE.
Wasn’t there a story about bug found in kernel because some malware kept crashing in wine?
Yeah, I think I can remember…
Lol, this is too funny to be real 🤣🤣🤣.
On the other hand, you really can’t make this shit up 🤣🤣🤣.
True, nobody cares about us, linux-user porn watchers. It’s a discrimination!
What is pzerorn
What?
It says p0rn and I want to know what pzerorn is
Oh, good question… I’ve always wanted to know what that is.
Cringe
Shhhh. Let people enjoy things