I am sorry, but I disagree with this statement. I have many opinions. Just ask. ;-)
-
Check it out - we have a chatbot! Go ask TuxBot a question in the Ask Tuxbot section!
Linux is deeply flawed. No GUI isolation!
- Thread starter ArchNemesis
- Start date
D
Deleted member 137406
Guest
OP
ArchNemesis
New Member
Hey kc1, I like your other posts on this forum and have no hard feelings.. so I disagree from a purely debate/idea perspective...
Qubes is based on a Xen hypervisor. The only reason the link you gave says "Fedora-based" is because by default the virtual machines that it creates are Fedora. But the user can change that. One could even use a Windows VM.
The point of distinguishing between a hypervisor making a Linux VM with native Linux, is to point out that Linux's main security model is flawed to the point that it needs virtual machines just to isolate applications. Now Google's Android (modified with Graphine OS to solve the corrupt surveillance issue) does solve this problem much better with a stronger sandbox. However, all the "Linux distros" don't adapt to this Bionic kernel model
OP
ArchNemesis
New Member
I disagree with every point made.
1) lastpass is online & propritary. we're talking about offline. as opposed to what, you writing by hand long complex passwords?
2) Firejail doesn't isolate firefox as just demonstrated in this thread right before
3) Snap is a weak sandbox. Even weaker than firejail. Check out this quote from
Introduction to Snap and Flatpak - Ubuntu Docs!
Snap is a software deployment and package management system like AppImage or any other package manager for that instance. It is originally designed for the now-defunct Ubuntu Touch Operating system. Snappy lets developers create software packages for use in a variety of Linux based...
www.ubuntudocs.com
"The sandboxing feature, a very important one indeed from a security standpoint, is flawed in that the sandboxing actually requires certain other core services to run (such as Mir) while applications running the X11 desktop won’t support the said isolation, hence making the said security feature irrelevant. Questionable press releases and other marketing efforts from Canonical and the “central” and closed app repository are also widely criticized aspects of Snappy."
OP
ArchNemesis
New Member
Hey, so I setup a Fedora VM which has Wayland natively by default. I ensured Wayland was being used by command line.
With Wayland, I ran firefox and hit share screen on Jitsi chat... and it can still see the other windows.. for example a password manager.
Then you chose to share the entire screen because with Wayland you can choose which screen you want to share because you get a popup screen giving you a selection, if you want to share only a specific browser tab or application window.
You might have forgotten one thing, with Firefox for Wayland screen-sharing you need to launch Firefox into Wayland mode by using an environment variable.
Code:
MOZ_ENABLE_WAYLAND=1 firefoxFirefox - ArchWiki
PipeWire - ArchWiki
I suggest you start a thread in the Wayland development mailinglist and see if you get an answer there...
You still haven't answered @MattWinter 's question, what is your definition of flawed and deeply flawed? Also I've seen others screen-sharing in Windows and you can also see other applications in the Windows when screen-sharing, isn't that the point of screen-sharing. So Windows is not flawed or flawed or deeply flawed? Lastly you only reply to to disagree with people but don't actually come with solution, why don't you start your own Linux distribution project that offers a solution to the problem you are complaining about or join the Wayland developers to improve Wayland.
BSD has the same two display servers available to it X11 and Wayland as well, does that make the BSD's flawed or deeply flawed to you as well? I know BSD has jails but I don't know BSD so I don't know if those are only for services or also for GUI applications. Since MacOS is based on BSD most likely the same story but MacOS is a heavily customized version of a BSD, so MacOS must be flawed or deeply flawed as well?
Chapter 5. The X Window System
This chapter describes how to install and configure Xorg on FreeBSD, which provides the open source X Window System used to provide a graphical environment
Chapter 6. Wayland
This chapter describes how to install and configure Wayland and compositors on FreeBSD, which provides a graphical user environment
Chapter 16. Jails
Jails improve on the concept of the traditional chroot environment in several ways
Last edited:
D
Deleted member 137406
Guest
Perhaps these will work for you.I disagree with every point made.
1) lastpass is online & propritary. we're talking about offline. as opposed to what, you writing by hand long complex passwords?
2) Firejail doesn't isolate firefox as just demonstrated in this thread right before
3) Snap is a weak sandbox. Even weaker than firejail. Check out this quote from
Introduction to Snap and Flatpak - Ubuntu Docs!
Snap is a software deployment and package management system like AppImage or any other package manager for that instance. It is originally designed for the now-defunct Ubuntu Touch Operating system. Snappy lets developers create software packages for use in a variety of Linux based...
"The sandboxing feature, a very important one indeed from a security standpoint, is flawed in that the sandboxing actually requires certain other core services to run (such as Mir) while applications running the X11 desktop won’t support the said isolation, hence making the said security feature irrelevant. Questionable press releases and other marketing efforts from Canonical and the “central” and closed app repository are also widely criticized aspects of Snappy."
:max_bytes(150000):strip_icc()/SPR-Home-best-sandboxes-4589115-v1-4f6d91a03a2d41a99bf9ce6413a82e07.jpg)
The Best Sandboxes for Outdoor Fun
Sandboxes are a great way to encourage imaginative play for kids outdoors. We researched the best picks from Gorilla Playsets, KidKraft, and more.
The 5 best sandboxes for kids of all ages, based on advice from child development experts
We spoke to child development experts to find out what to consider when shopping for a sandbox. Here are the best sandboxes for kids of all ages.
www.insider.com
Condobloke
Well-Known Member
Quite possibly, @Bartman has a particular phrase, which only he knows, and his passwords are made from this.
I am not about to ask him if that is the case....that would be none of my business.
I believe strongly, that this type of password/security is second to none.
Which quite likely puts him a few streets ahead of anything that the likes of lastpass can offer.
I further believe that @wizardfromoz uses the same approach
as opposed to what, you writing by hand long complex passwords? ....that is just below the belt, and totally unnecessary.
I am not about to ask him if that is the case....that would be none of my business.
I believe strongly, that this type of password/security is second to none.
Which quite likely puts him a few streets ahead of anything that the likes of lastpass can offer.
I further believe that @wizardfromoz uses the same approach
as opposed to what, you writing by hand long complex passwords? ....that is just below the belt, and totally unnecessary.
Ok Qubes is not linux in the traditional sense. If you truly believe Linux is deeply flawed you have the freedom to choose something else. One of the great things about open source is your not tied into any one particular case. Or you can choose to develope your own Distro that meets this need. Unlike Windows and some other OS that charge large amounts of money for their systems. Most of the Linux Devs donate their time and passion without much thanks. So You have choices maybe for your case Qubes is the answer or maybe another system. You have to make up your mind about that. If what you are saying is a real security risk report it to the Disto's bug reporting team and let them evaluate it. That helps move the discussion to where something can be done. But to argue here will not change things as most of us are already happy with Linux of one form or another.
Everybody is entitled to their opinions and I respect them. Having said that, I have seen several statements above about password security that demonstrate an incomplete understanding, or they are not what I consider "best practices." I am not going to engage in a point-by-point debate here, but I recommend that readers look outside this thread for password security advice.
Linux Laptops Custom Built for You
MALIBAL is an innovative computer manufacturer that produces high-performance, custom laptops for Linux.
For more info, visit: https://www.malibal.com
