Pantherina @ Pantherina @feddit.de

Posts

120

Comments

3,420

Joined

3 yr. ago

Yup, do you still see this? For me its still spammed with "post deleted" but not actually hidden

Shit missing internet got my comment deleted...

Appimage is not a neutral packaging format. Of course "an app packaged as .zip is as secure as packages as .tar.gz". But the format causes all the things mentioned in the post.

• libraries are often the oldest non-EOL possible to support old kernels
• no transparency about used libraries and possible vulnerabilities
• no upgrades of libraries, always just the wanted app and then passively also the libraries
• no sandboxing without firejail (which is a root binary and thus can lead to privilege escalation of rootless processes if it has a vulnerability which it had in the past)
• no GUI sandboxing
• even with a repo no cryptographic signature verification like on Android (not sure about Flatpak which uses OSTree)
• requires users to execute code in random locations

So it is way less secure than Flatpak, thats a fact. It may not be worse than tarballs, but if those dont include the libraries even less secure than them.

Yes the Fedora external repo setup sucks extremely.

Have a look at this idea to make it better

Enabling external repos is easy, but really, their setup is a pain in the ass. Lets see.

rpm-ostree doesn’t support akmods afaik

It does and this is the official Fedora recommendation but just dont do that. Ublue has some additional tweaks, and they deal with possible breakages.

No they arent. Please read the linked post.

Toothpaste Sandwich

Yes poorly. The input method protocol was done by Purism (which says something as that company seems dead or whatever) and then basically untouched.

"Recreating the voice of a dying person" is such a weird phrasing. They want to show the voice that a dying person had in the past.

Today I found out that Kbin has an actually usable Interface, unlike Lemmy.

I suggest not giving their user sudo rights and having your own user with sudo rights for installing apps, doing upgrades and so on.

Yes but upgrades should be automatic and not require any privilege escalation. There is nothing privileged about keeping your system up to date. Same for flatpaks.

With a --user repo (in the flathub install command) you can let them install and uninstall their apps without any privileges, only to their user. Otherwise with a system repo they need to be in the flatpak group.

It will be very useful to have SSH installed if you need to assist them remotely.

That didnt age well ;D

and yes complex stuff like Tailscale is needed as the only good VNC apps for Wayland dont have builtin servers for connecting without an IP (like RealVNC, TeamViewer or RustDesk have).

Using NoIP could be an easy solution too though.

Syncthing has versioning, I wouldnt even put servers in the game. Just backup their home to one of your machines (if that is okay for them).

Yes but on GNOME you dont even have a bar at the bottom. GNOME Classic may suit here, or using Dash-to-panel which is very well maintained but may break.

Mate doesnt bundle in a ton of dependencies like KDE or even GNOME, but RAM usage between KDE, XFCE, MATE, Budgie etc. is pretty similar

Yes that would do it. But I wonder if that would silence Mints update notices. These would be redundant and should be disabled/removed.

Even with such a repo they are highly insecure by design.

It is default

Not using Google Play services

Damn... damn!!