@summerheat Thank you for noting that. I need to start pointing friends to Debian instead of Ubuntu... sigh.
Yes, definitely "threatens". Needless networking support makes things needlessly hackable.
Oh no, it's a zombie OS! Run! This seems pretty bizarre to me, seeing as XP won't even run properly on most modern hardware. Maybe virtual...
@SuperSapien It depends on which kernel exploits. Off the top of my head, I don't know whether it helps with Dirty Cow. Access control is in...
@mirimir Cool, have now set up HTTPS transport in Stretch. This has been a long time coming IMO. Are there HTTPS mirrors available for...
@twins4384 I would also look at this for local security stuff: https://github.com/lfit/itpol/blob/master/linux-workstation-security.md That's...
@twins4384 There are no best applications, only best policies. My own general guidelines look a bit like the column on the right, in this...
@hawki That's pretty much what I've seen with less computer-savvy people. Between horrible engineering by Microsoft, malfeasance by tech support...
Yaaaay, more insecurity from software bloat. Does anyone even use Tracker to index media files? Heck, does anyone use GStreamer instead of VLC or...
Hmmm why am I not at all surprised...
OMG. Author of that article doesn't know the difference between grub-install and update-grub. *bangs head on keyboard* Also I'm not convinced the...
And here I was panicking because I'd just set up LUKS.... But @mirimir is correct, this article is pure garbage. Local console only, doesn't give...
@lotuseclat79 Oy, looking at that gives me a headache! I'm pretty sure that last one is wrong though. The & operator associates more strongly...
Hey thanks, that was quite interesting. Though I doubt I'll ever do anything like the 2D array trick in practice. Too clever, not obvious enough...
@roger_m I'm thinking RAM usage was actually the original problem. On Linux I've seen cases where resource-hungry programs bog the system down...
Okay, 0.9.44 is now in Debian Testing! And, contrary to the warnings on the man page, Chromium works okay with Xorg sandboxing. Not sure yet how...
Needless to say, this comic ~ Funny Image Link Removed As Per Policy ~ applies to the Kremlin too.
@summerheat Including, apparently, an X11 sandboxing method using built-in X extensions! And a way of turning off 3D acceleration support for...
This was presented during DefCon 22, back in 2014, but I only just found it tonight... Here is the presentation as a PDF:...
... Okay, cool. Now why does Docker not do this by default? Likewise with seccomp restrictions, which are available on literally every kernel that...
Huh. At a nonprofit that I volunteered at a few years back, one of the sysadmins swore the demolition work a couple blocks away was making server...
I tried the Solus XFCE version once, maybe a few years ago. Like Mint, it came with lots of web services enabled with insecure settings, and the...
Oh nice. We cannot be rid of this ancient pile of garbage soon enough.
@Wendi Not being able to boot from a USB stick, or even DVD, will be... annoying. Most distros (even i686 ones) don't fit on a CD. I guess I'd...
@Wendi Pretty much all distros support Matrox cards, via the mga and vesa. Problem is more that the mga driver does not (last I checked) support...
Separate names with a comma.