• 1 Post
  • 25 Comments
Joined 1 year ago
cake
Cake day: August 27th, 2023

help-circle
  • Yup. You can only add the nopax flag as root, so if your system is already hosed, not much else you can protect. Root has access to ring 0 so anything goes with access like that. Stuff like pax would slow them down for sure and stop script kiddies, but root access is root access.

    No privileged accounts can’t do anything with the nopax flag. That’s why you should configure your system to not run things as root as much as possible. Personally; on desktops, I don’t even use a sudoer natively. I have to su into my sudoer account in order to run root commands.


  • GrSecurity adds so many layers of protections to the kernel. They are literally decades ahead of the vanilla Linux kernel in terms of security. With all of the hardened GrSec settings checked/configured correctly, it stops the majority of 0 ring exploits (at least when I was running it before they went full GPLv2).

    PaX is an awesome part of GrSec. Mprotect stops any read and write and execute access to memory in both user and kernel lands (only rx or wx). Stuff like web browsers won’t work unless you have a program to mark it in elf to not use pax. However, this kills a lot of exploits with that turned on by itself (though there are probably work arounds if you are developing exploits which the other features would hopefully catch). That’s why people installed 3rd party unmainlined security patches, but that’s just me maybe idk.

    I hope this venture will be more fruitful than the copy paste code that people kept trying to push to the hardened Linux kernel project (despite the maintainers best intentions and countless efforts to stop that)




  • I got a onexplayer for like $600 and it has the 7840u in it. No matter how you slice it, the 7840u is much more powerful than the steam deck. However, it doesn’t do well in low tdp. That’s what the steam deck is best at - low tdp gaming and battery life.

    But so long as I’m near an outlet, I can play more AAA games and on much higher resolution and graphics than the steam deck for however long I’d like. On battery, only about 3-4 hours vs 6-8 hours on a steam deck.












  • In the realm of firewall applications, i use the following: ° Ipfire is easy to use, but lacks ipv6 support and it doesn’t have otp. It has lots of packages though.

    ° Alpine is good, if you don’t want a GUI or want to spend time figuring out how to build a web ui (really good for beginners as its mostly xml)

    ° openwrt is good fit for low end hardware (SPARC or arm processors mostly) but also works on x86.

    ° opnsense - like pfsense, but more up to date. Has some quirks in it (like if you block both incoming and outgoing, but just want to allow 80/443, the rules look weird…like the direction you have to allow is in, but destination is 80/443. Very strange bug that isn’t in pfsense).

    ° hardenedbsd firewall - literally just opnsense but with hbsd’s fully patched kernel. No repo though.

    That being said, you can make any distro a firewall, just use iptables/pf/ipfw/ipfilter rules through command line, and you can add anything in that distros repo you can think of.






  • ChiefSinner@lemm.eetoTechnology@lemmy.worldThe Man Amazon Erased
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I mean, if I buy a game on steam and valve goes belly up, how do I retain my games? Game companies were all too eager to stop selling physical discs for PC games and instead give you a code for you to redeem. And you can’t sell it after you play it like with console games, because it goes against most PC game companies’ terms of service (edit - …to sell your account)

    If you buy a security camera that is only available through the cloud and the company stops paying for the cloud service, all you have is a paper weight