that’s the joke

it’s still factual that flatpaks sandbox is weak by default, especially compared to what chromium provides on its own.

check Nix instead.

I’ve had the best experience using xfce.

just so people are aware:

third party clients are against Discord’s ToS. with that out of the way, looks really cool and I’ll give it a try!

1. it does tho as that is the entire point
2. it won’t, as that logic doesn’t make any sense.

** you should remember that desktop Linux as is, is horribly insecure and any security increase is putting you leagues ahead of most others. immutability is ensuring a minimum level of stability and security.

this was a whole bunch of rambling and complaining without amounting to much. what’s actually got you upset about increasing the security model?

ironically this is what x11 was originally built for.

I’m curious what would even be “snuck into it” ?

windows sandbox is… getting there, macos is decent but iirc the app dev can choose to not use it. all Linux options require user intervention to ensure it’s set up properly. ChromeOS’ sandboxing technique is inherited from Android and is the strongest/strictest of any desktop operating system.

yes but no. the pixelbook was by far and away the nicest build quality of any laptop I’ve owned, and the Linux containers has basically made it a normal laptop other than requiring chrome. with that said, I bought it second hand for ~$200 would never have even considered it for its original $1000 or whatever it listed at.

ChromeOS is also the most secure desktop focused os you can get so I usually use it for banking and stuff like that.

I think using virtualbox is the bigger offense here.

I’ve been working on one for a minute but the best solution I’ve come up with is searching every package manager when search is invoked but otherwise requiring the package manager to be declared via pkgman.package for installs/removes etc.

“appimage doesn’t suck” is a funnier joke than the original.

wh… what. lmao yall just say as many buzz words as possible.

Garuda is much more bloated ootb

you’re definitely over thinking a simple personal preference

if they wanted to employ full browser fingerprinting they could

why don’t you just install gnome…?

it’s just a desktop environment. install it on whatever distro you’re using.

however much I love NixOS, I would argue that in it’s current form (steep learning curve and horrendous documentation), the better option is using Nix package manager on a proven distro like Arch (or Debian but I’ve had some issues there). you get the benefits of nixpkgs while also having other pacman repos if you must.

any form of security in the display server would be nice. X is incredibly insecure with no trivial means of locking it down.

my existence is not, nor should be, a political issue. besides, technology doesn’t exist in a vacuum. why do you think I’m on Lemmy instead of Reddit? politics. same with masto and Twitter.

and asking to be treated with respect in order to avoid mental issues is not selfish, you can think about more than yourself for once.

you are generalizing a wide variety of people but okay my guy. go outside for once.

pronouns are a part of the English, and many other, languages.

that’s not really the point considering this didn’t occur in a vacuum. this one event can come to just be a grift and what I said will still be true.

it’s a mesh network built on wireguard. it’s not just a direct connection to another PC on your network. you can select exit node devices on the fly and control acl’s and access based on groups in their admin panel.

and yes, if you want a properly secured vpn setup without the necessary background knowledge, it’s pretty difficult. there is no opening ports on your router, which is especially useful for people on cgnat.

treating people respectfully is not getting offended. please touch some grass and open your eyes.

yeah like other people have rec’d, I just wrote a script for installing/removing/upgrading/searching all the package managers I have. this was used as a tongue in cheek jab and has never truly been a brag.

this is just my opinion but if you aren’t after the sandboxing benefits then don’t bother with them. if you want to avoid dependency hell go with nix, if you are worried about storage space use your standard package manager, and if you want higher security without the knowledge/effort to manually do it, go with flatpak or snaps (although many flatpaks need to be further hardened via Flatseal as the dev gets to configure the sandboxing. I’m unsure how this operates under snap as I refuse to use it.)

I’ve fallen in the same hole before. tbh in my experience you don’t really learn much until things start breaking.

what obscurity… is that?

? eh?

nix package manager works on all posix compliant os’ and doesn’t touch system directories. everything is stored in /nix/store and symlinked to ~/.nix-profile.

personally I run an arch build and then only use nix for my packages.

the only thing I’ll say is the piece about “no viruses” would kinda go away if desktop Linux picked up at all. the security on a default Linux system is worse than macos and windows with substantial hardening efforts needed. the only reason viruses and other malware isn’t common on Linux as is is because of the tiny user base.

with all this said, if enterprise use got more common, security would quickly become an important aspect.

play store build is broken because of its insecurities via sdk29 usage.

out of curiosity, what do you use it for? I’ve never been able to find a useful function of it beyond a niche party trick

telemetry as a whole isn’t bad. it depends what they are collecting. companies should provide a log of the (raw) telemetry data they’ve collected from you. if they’re not comfortable sharing it it’s probably too invasive.

Mobile platforms like android and iOS (more specifically GrapheneOS), are leagues ahead of desktop operating systems in terms of security because of these strict policies. and besides, you are treating untrusted code as untrusted code. I don’t see the flaw in that logic.

sure, they could use more apis for accessing system directories and stuff like that securely, but that’s not really in scope. this is for end users. not field deployment on an sbc for something.

that’s fair I suppose, I wasn’t saying not to use it, just that it is worth noting. these strict security policies are what makes mobile platforms much more secure than desktop platforms. I typically use my phone for security sensitive tasks because of this, so I tend to care a lot more about this stuff. if you have any banking info or password managers stored on the device, be careful.

I’ll admit, it is pretty unlikely anything to happen, though. always just better knowing.