Linux for beginners

Discussion in 'all things UNIX' started by Krusty, Jul 2, 2016.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Unneeded software on any of my machines is as far as I'm concerned is bloat. Obviously Firejail works for others but it will not be on my machine again.

    I can't help what has or hasn't happened in that thread, I can only report my experience, one I'm not interested in repeating.

    As far as I'm concerned, I'm done with the Firejail discussion. Thanks all for your interest. As there is already a thread dedicated to Firejail I will refrain from discussing that any further here.
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    But not the ones discussed above. And the second issue quoted by you refers to the archtitectural changes in Firefox mentioned earlier.

    I had never had an infection with Firefox pre-57. Does this make its sandbox, which was introduced in that version, useless - at least, on Linux? Does this mean that sandboxing other applications - particularly the ones with network access - is useless as well?
     
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    But, nevertheless, it has had problems.

    I think this is a false analogy. I never had an infection with Windows 7 but I still ran an AV with it. I think if you feel the need for Firejail, that's great. To me, it's surplus to requirements, and that being the case it makes it an extra thing to go wrong or conflict with another program. One of the main reasons I abandoned Windows was so I could vastly simplify my approach to security. The way I see it, with no extraneous or bloated additions to my system, there is less complexity, less potential conflicts, and less to go wrong.
     
  4. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    KISS principle in action :):thumb:

    I just want to add after reading the comments here:

    Some Linux distros by default can be very secure and use very secure kernel configs.

    https://wiki.ubuntu.com/Security/Features

    If even more security is needed then kernel level protection like AppArmor or SELinux can be added to mix
    (which of course increases complexity, which increases chances to things starting to break)

    And finally, if even more security is needed, then one can use userspace solution like FireJail which
    actually does nothing more than uses the already built-in kernel features (seccomp, namespaces, Linux capabilities etc...)
    but in much more userfriendly way. But which again complicates things more because additonal layer of security on top of other layers...

    Is Firejail absolutely needed? Nope.
    Is it nice addition? Sure, it reduces attack surface which is always important for any network facing app.


    firejail --dns=1.1.1.1 --caps.drop=all --nonewprivs --seccomp firefox --private
     
  5. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    AppArmor and Firejail don't seem to be things a newcomer to Linux should dive into unless it's on a "non-production" machine. So a thread titled "Linux for beginners" would have been better off without discussing them in the first place. As for Firejail, I wouldn't say it's bloat. But using it requires understanding, skill and a fair bit of perseverance.
     
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I think for most general surfing and internet use the KISS principle is the best approach. If I wanted complexity with security I'd go back to Windows. :eek::argh:
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,004
    Location:
    Member state of European Union
    As Mrkvonic said about necessity:
    Also it is important to understand how Firejail works:
     
  8. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I'm sure Firejail is an option that runs well for many people. I honestly think many users can get very tinfoil hat about security though. I certainly went through this phase with Windows at one time. Linux is a different mindset. If Firejail isn't a necessity it's extra baggage.
     
  9. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    As I understand it, Firejail is a bit like Sandboxie. You can test applications in a restricted environment. And that particular usage may have nothing to do with security but be all about convenience.
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I figured it was some sort of sandbox, not unlike Sandboxie. I can see that it could have non-security related applications. I'm sure it's great if you like to 'tinker under the bonnet' and the like.

    I'm basically just your average computer user though. I know a tiny little bit about software, just enough to get by anyway. I can even use the Linux Terminal occasionally.

    Linux is often seen as a bit anorak by many users and is probably totally alien to the vast majority of general Windows users who equate MS with computing and IT in general. I remember once reading about a US undergraduate who tried to sue her university because she was issued with a laptop running Ubuntu and failed part of her course as she didn't understand how to operate the laptop. The story may be apocryphal but it illustrates my point.

    I switched to Linux as I just couldn't face using Windows anymore. I'd become security conscious when running Windows over a number of years. Maybe paranoia is the wrong word but there is a mindset and attitude peculiar to running Microsoft.

    The mindset, security thinking and attitude with running Linux is different however. People told me that it could be a mental adjustment and that I'd have to essentially unlearn the Windows paradigm to achieve peace of mind.

    I actually find Ubuntu easier to use than Windows in many respects. I'm sure Firejail has its place as an open source sandbox and that it has many other applications in the Linux universe.

    It's just that I don't need it to be secure online and it is an extra complication on any system.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I'm not running a Government, power station, or other critical infrastructure, in fact that machine won't even have any personal files, so I don't need an Abrams tank.

    Mint will be secure enough for me as long as I keep it updated.
     
  12. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    And you survived :D
     
  13. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Just about. :argh:
     
  14. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  15. guest

    guest Guest

    No, firejail is different, from what I understand, it uses restrictions (more like ReHIPS than Sandboxie which uses virtualization) , so the firejailed app has limited access to the core areas of the OS.
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Lol @Krusty, now to get back into paranoid Windows mode and try Firejail again :D.

    Btw Is Linux Mint (Mate, Cinnamon, Xcfe) the 'best' distro and desktops for a Linux beginner coming from Windows? I have seen reference also to MX Linux ..., Kubuntu?

    I would be looking for the highest quality, preferably Ubuntu-based distro, lean & mean, and 'prettiest' (preferably 'Windowish') desktop.
    I know there's no single answer and subject to requirements and preferences but there must be top recommendations i.e. not for complete geeks.
     
    Last edited: Apr 16, 2019
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Hey Paul,

    The problem is though, that still does not explain why Firefox would open a blank white page and I could not browse or open any bookmarks, so nar, I'll pass. ;)
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb: Yeah, if I fired up a Linux machine, I'd want to keep it as simple / vanilla as possible. Just some browser hardening as mentioned above by @Daveski17.
     
  19. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Which Firejail version did you install? It's possible that the repos still has an old version which doesn't contain an updated Firefox profile available here. The best solution, though, is adding the Firejail ppa by Reiner Herrmann who is the Firejail maintainer for Debian and a contributor to the Firejail project.

    EDIT: Quite often packages in universe - and I think Firejail is in universe - are not always properly mainatained.

    EDIT2: Mint is based upon Ubuntu 18.04 LTS. That version still has Firejail 0.9.52. firejail was last updated in Dec. 2017. This explains it. The updated Firefox profile mentioned above is obviously not included. While the ppa contains Firejail 0.9.58 from Jan. 2019.
     
    Last edited: Apr 16, 2019
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Yes it was 0.9.52, I'm pretty sure. I guess that does explain the Firefox problem. At this point I'm still not sure I want to go down that road at this time. Obviously, if I was running a server or performed important tasks on that machine it would be different.

    Maybe in time I'll revisit Firejail and then will seek help in the other thread if I run into problems.

    Thanks.
     
  21. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    With security simplicity is preferable over complexity. I thought that was the whole point of Linux lol. I'm still ridiculously happy because I don't run an AV. :)
     
  22. sbwhiteman

    sbwhiteman Registered Member

    Joined:
    Jul 20, 2009
    Posts:
    88
    Paulderdash, see HERE.
     
  23. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,004
    Location:
    Member state of European Union
    AVs or Sandboxie loads its driver to Windows kernel. Firejail does not load any code to Linux kernel. That's why I think it doesn't add any significant complexity.
     
  24. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    'Significant' being the operative word here. Any superfluous extra layer makes a system more complex.
     
  25. guest

    guest Guest

    Start by Mint (excellent and friendly forum for beginners, I learn most there), after a while you may go one level deeper towards Debian by using a Ubuntu based distro (personally I chose Kubuntu because the massive awesome customization features) then after a while you may get tired and just want simplicity and efficiency then go with an Xfce desktop and use Linux MX, like I did.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.