• 0 Posts
  • 12 Comments
Joined 1 month ago
cake
Cake day: November 17th, 2024

help-circle



  • My strategy is to always install program with flatpak, SDKs are also installed as flatpak, find graphical alternatives to command line programs. I don’t use command line a lot, so I don’t need fancy tools for it.

    I only have one system package installed for inputting unicode math symbols. So that I have a clean and easily migratable system.





  • coherent_domain@infosec.pubtolinuxmemes@lemmy.worldWindows VS Linux (part 2)
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    28 days ago

    I think mixing app and system dependencies is not the best idea, and Linux desktop is still fighting its impact.

    When all the apps on a consumer laptop is expected to depend on the same dependencies, the system likely run into dependency hell, which means many apps needs to be downgraded in order to keep older apps working.

    This mixture of system dependency and app dependency also prevents users to use the the latest version of an app on a hyper stable base system.

    Flatpak basically aim to solve this problem, where each app chooses their own dependencies, so you don’t need to downgrade all your app just because one app depends on python 2.7.



  • it says it is encrypted but it is encrypred using keys that google has access to as they are unlocked with you logging in into google account.

    First it uses lock screen password, so google do not have access to this password.

    Even if your lock screen is unfortunately your Google password, I think proper authentication protocol do not send your password to Google to authenticate, but only the hash, which cannot be reverted to derive your password.

    Obviously, the above is assuming that Google is not malicious. Otherwise it can just use play service, which is privileged and closed source, to get all your data. If your threat model including Google itself trying to steal your key, you will probably need to install a trusted rom or use iOS (however, apple and the rom developer can also steal your key).


  • I think these are different. They mostly find vulnerability in the iOS system as opposed to try to crack the backup system.

    I think iOS or Android backup system are rather secure compared to other components because of the following: hacker will also need to break into a cloud drive to retrieve them, which adds extra work; the backup is simple, just bunch of files and a password, apple/google can use standard well-tested encryption to encrypt them.

    However, guaranteeing there is no way to break into an operating system, especially with all the features that a modern system requires, is much harder.