[ home / overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / lgbt / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Captcha
Tor Only
Flag
File
Embed
Password (For file deletion.)
Matrix   IRC Chat   Mumble
ReturnCatalogBottom

File: 1779090752926.jpg ( 54.28 KB , 600x844 , gigachad-1644807974.jpg )

 No.13716

>Why yes, I daily drive Tails OS. How can you tell?

What OS do you use and why?
>>

 No.13719

File: 1779102334064.jpeg ( 64.5 KB , 1080x966 , 2gafoatrgr1e1.jpeg )

Kicksecure.
>developed by the Whonix team
>security hardening by default
>compatible with anything the Linux kernel is
>runs any software
>has a built-in live mode (nothing is saved on reboot)
>can setup a full-disk encryption
>Torified repos
>can install Whonix for the same isolation as Tails's
As for other operating systems:
>OpenBSD has hardware and software compatibility issues and a hard-to-use installer
>HardenedBSD has better compatibility but is still difficult to set up
>Qubes is too fucking resource-hungry
>Tails does what Whonix does but works only on a USB stick and isn't really secure
>Spectrum OS is really cool but it's in a perpetual alpha state
>none of them have Torified repos (except Qubes)
>>

 No.13722

>>13719
>full-disk encryption
Now do you mean actual full-disk encryption or fake "full-disk encryption" that still leaves your /boot partition and EFI system partition unencrypted?
>>

 No.13723

File: 1779219891883.gif ( 16.57 MB , 640x360 , linux-trash.gif )

>>13722
Depends on how far you wanna go really. You can definitely encrypt the boot partition manually. You can also put all the unencrypted shit onto a USB stick and additionally configure the AEM (Kicksecure devs recommend doing at least the first one since OF COURSE leaving unencrypted partitions on your drive is retarded).

You can check their wiki which has pretty hardcore security and privacy tips and start living in a bunker. I especially respect Whonix for opposing Graphene OS's tyrant security (not saying that Graphene OS isn't secure, just saying that its approach to security is very, VERY restrictive, kinda like iOS's).
>>

 No.13724

>>13723
Most Linux distributions support semi-full disk encryption with /boot left unencrypted. I have my full disk encrypted on a Devuan build and it took a considerable degree of extra work to configure GRUB properly (including getting a couple LUKS2 bugs fixed). The distros that have started supporting /boot encryption have likely done so due to recent developments in GRUB, but I doubt any support EFI partition encryption booting from it requires something like Coreboot with a SeaBIOS payload to decrypt your second-stage bootloader, a much smaller niche of boot hardening to defend yourself against potential evil maid attacks.
>>

 No.13727

File: 1779288431428.jpg ( 188.14 KB , 1137x1080 , Wade1.jpg )

>>13724
https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
>I doubt any support EFI partition encryption booting from it requires something like Coreboot
Correct. That's why you should put the ESP on a stick or use an Anti-Evil Maid.

Actually, true full-disk encryption with an AEM support is possible with the heads firmware (another FLOSS alternative to BIOS/UEFI) but it's not used on anything other than Librem laptops. But if you want that you can buy one of those. They even have hardware switches, though these laptops are expensive.
>>

 No.13730

File: 1780092034637.png ( 338.94 KB , 1280x1280 , ClipboardImage.png )

I will fully shill NixOS every chance I get because it genuinely solved a lot of problems for me.

> I can set up a new computer exactly the same as an existing one very easily
> It doesn't break when a new release comes out, at least not in a way that I can't fix and have to clean install (this eventually happened to me with every other distro)
> having services configured in a central place without having to go looking for separate configurations everywhere, and also services configuring other services they depend on more or less automatically means I simply am doing more with Linux than I ever would otherwise, because it would just be too much of a pain to set up.

bonus:
> Using nix for development environments is amazing (but you don't need nixos for that)

People say there's a learning curve, but do you really know your current OS all that well? I think if you bother with NixOS and make it do what you want it to do, which is easier than ever with LLM chatbots, it is easier to become a powerful admin than with other distros in my opinion.

For context, and to brag, I have for my own personal gains a desktop pc, a home server (which is really another desktop), a laptop, and three VPS servers. They all run NixOS, and I use them for shitposting, watching video, developing software projects, hosting said projects, making and recording music, and hosting websites.

I don't think I could get all of that done and manage to keep it up to date with any other software. I've used Kubernetes at work it was a god damn nightmare.
>>

 No.13732

File: 1780128902159.jpg ( 32.04 KB , 1024x768 , 3c1d80ffbcaf508f8d2dd65e99….jpg )

>>13730
The only major issues with NixOS are that it's difficult to install and not security-hardened. Otherwise, yeah, I can see the appeal.
>>

 No.13733

>>13732
>difficult to install
Now they have a live cd with an installer like any other distro, you don't have to do it from the cli anymore, but even if you want to put it on a server, you literally just boot up the minimal install ISO and step-by-step follow the manual.

What's cool is that there's simple tools on NixOS to make a custom iso from your specified config, and it can make container images and even a tarball for kexec that when you unpack and run it will tell the running Linux kernel to replace itself in memory by booting your nixos. This last part is useful if you ever rent a VPS and they don't let you choose your own iso to boot up, so you just boot up Ubuntu and blow it away in memory without actually rebooting.

>security
Well I am going to be tough to be convinced to care about security, but what do you think your OS needs to do security-wise for you? And if you have this, what does that give you?

I find a lot of security stuff just makes my computer a nuisance to use.
>>

 No.13734

File: 1780134327566.png ( 822.34 KB , 774x774 , cfe.png )

>>13733
>What's cool is that there's simple tools on NixOS to make a custom iso from your specified config
That's genuinely cool. 👍
>Well I am going to be tough to be convinced to care about security
It's for countering snitches, feds, and cybercriminals. But if you're not a political extremist and don't live under an authoritarian regime and visit only trusted websites and asocial media then you'll be fine. But at that point, what are you even doing here?
>I find a lot of security stuff just makes my computer a nuisance to use.
A lot of BADLY IMPLEMENTED security stuff makes your computer a nuisance to use. Security should be seemless, baked into the very fabric of your operating system instead of being a bajillion applications and restrictions. Security shouldn't restrict and overwhelm, it should protect and work in a background while you're eating chips and drinking Coca-Cola. That's why antiviruses are a huge pile of garbage.
>>

 No.13735

Yeah I ran the pipeline. Started on Kubuntu, moved to linux mint, moved to arch, moved to gentoo, went backwards to debian…..moved…..was lazy…..used windows for a while….now I mainline mint like a G. It just werks.
>>

 No.13736

>>13730
How does Nix relate to the shitbags at Guix who have been trying to sabotage the GNU project for years now?
>>

 No.13738

>>13736
GNU people tend to not use github, hate MIT licensed software, and are generally their own club. I haven't heard of the drama of them sabotaging the rest of the GNU project, what's that about?

In short I think there's very little cross pollination but I've heard Guix can use nix packages (but so can any distro, you can install nix the package manager as a standalone thing). I've never heard of using guix packages or modules on nixos or anyone wanting to.

IMO guix fails right off the bat because they are using scheme as a configuration language. While the nix language is technically a turing complete programming language in practice it's more like writing json with some helper functions sprinkled in if you need them. It's a much better tool because it's a domain specific language purpose built to write configs, where as scheme is a general purpose langauge.
>>

 No.13739

>>13738
>GNU people hate MIT licensed software
they want people to use a different license, but they don't hate it

Unique IPs: 4
[Return][Catalog][Top][Home][Post a Reply]
Delete Post [ ]
[ home / overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / lgbt / R9K / dead ] [ meta ]
ReturnCatalogTopBottomHome