No, dont learn docker, learn containerization and what tools can be used for it. No to Kubernetes that comes much later and/is VERY specific. No clue what keycloak is, but it sounds useful. Never hear about Jenkins. Id rather say get a grasp on python and skim what tools are used to administer servers -> ansible and puppet maybe.
Yep. You should absolutely know how all the pieces connect.
One IT responsibility is setting up servers. You should at least know how to get a website running off of a Linux machine at a basic level. But what we judge you on is your ability to manage and secure it.
I’m German. Foreign accents (I.e. some foreigner speaking German) are either funny or cute to me. If I feel neither, that’s probably because I need to concentrate to understand. In German accents, a Bavarian accent, a Saxon or a Frisian one turn me off.
In (to me) foreign languages, I don’t care, meaning that I’m just as fine with „Oi com frum Birmingham“ as with a posh Oxford accent. Also the southern French accent is fine with me, as well as the northwestern one. I’m also fine with Breton, but that’s a language, not an accent. And I don’t understand the latter very well anyway, let alone speak fluently.
Here’s an ordered list of shows that came to mind, starting with what I think best fits with what you mentioned and getting further away from there, though I think they’re all worth it.
We’ve been using famcal for this for years and it works pretty well. There’s probably better, more robust options out there, but it’s free and does everything we need it to so no complaints
i3, or Sway if you’re on Wayland, just gets out of your way.
Have a virtual desktop for each use case, memorize where your apps are, and enjoy muscle-memory-based window management. Mod4+1 brings me to terminal, 2 is browser, 3 is work stuff, 4 is personal chat, 5 is email… Every app is fullscreen, for maximum screen real estate. Nothing annoys by blinking when I’m trying to concentrate on something else.
That’s not true at all. I used to have pain in my wrist and went very heavily into keyboard centric usage. At the time I used AwesomeWM and Conkeror for a full keyboard centric OS, I also learned to touch type in Colemak at this time and bought a trackball. Eventually I started using PyCharm instead of Emacs, and Conkeror was abandoned so I switched back to Firefox, I switched to i3 for their better philosophy on monitors and workspaces, and switched back to a mouse for better aiming on games, and now I have lots of stuff that use mouse, but the pain never came back. And the reason is that while it is true that I still use the mouse, it’s much less than I did before, the vast majority of the time I can be programming, run something in a terminal, go to the browser and do a quick search, send a message to someone on slack and go back to my code without touching the mouse. Sure, if the result of what I was looking for is not on the front page I’ll need the mouse to click a link, and if the person on slack is not the one I was last talking I’ll need the mouse to click his name, but those are two possible mouse movements for a full workflow of stuff that would have needed 6 or more mouse movements before.
I’m an absolute sucker for exquisitely hardened distros. Hence, distros like Qubes OS and Kicksecure have rightfully caught my interest. However, the former’s hardware requirements are too harsh on the devices I currently own. While the latter relies on backports for security updates; which I’m not a fan of. Thankfully, there is also https://github.com/secureblue/secureblue/.
Contrary to the others, secureblue is built on top of an ‘immutable’ and/or atomic base distro; namely Fedora Atomic. By which:
It’s protected against certain attacks.
Enables it to benefit from more recent advancements and developments that benefit security without foregoing robustness.
If security is your top priority, Qubes OS is the gold standard. However, secureblue is a decent (albeit inferior) alternative if you prefer current and/or ‘immutable’/atomic distros.
I’m not an expert. While I try to verify information and only accept it accordingly, I’m still human. Thus, some falsehoods may have slipped through, my memory may have failed me, and/or what’s found below could be based on outdated data.
Additionally, I should note that I’m a huge nerd when it comes to ‘immutable’ distros. As a result, I’m very much biased towards secureblue, even if Kicksecure were to address all of their ‘issues’.
Furthermore, for the sake of brevity, I’ve chosen to stick closely to the OOTB experience. At times, I may have diverged with Qubes OS, but Qubes OS is so far ahead of the others that it’s in a league of its own.
Finally, it’s important to mention that -ultimately- these three systems are Linux’ finest when it comes to security. In a sense, they’re all winners, each with its use cases based on hardware specifications, threat models, and priorities. However, if forced to rank them, I would order them as:
Qubes OS >> secureblue >~ Kicksecure
Context: Answering this question puts me in a genuinely conflicted position 😅. I have immense respect for the Kicksecure project, its maintainers and/or developers. Their contributions have been invaluable, inspiring many others to pursue similar goals. Unsurprisingly, some of their work is also found in secureblue. So, to me, it feels unappreciative and/or ungrateful to criticize them beyond what I’ve already done. However, I will honor your request for the sake of providing a comprehensive and balanced perspective on the project’s current state and potential areas for improvement.
Considerations: It’s important to approach this critique with nuance. Kicksecure has been around for over a decade, and their initial decisions likely made the most sense when they started. However, the Linux ecosystem has changed dramatically over the last few years, causing some of their choices to age less gracefully. Unfortunately, like most similar projects, there’s insufficient manpower to retroactively redo some of their earlier work. Consequently, many current decisions might be made for pragmatic rather than idealistic reasons. Note that the criticisms raised below lean more towards the idealistic side. If resources allowed, I wouldn’t be surprised if the team would love to address these issues. Finally, it’s worth noting that the project has sound justifications for their decisions. It’s simply not all black and white.
With that out of the way, here’s my additional criticism along with comparisons to Qubes OS and secureblue:
Late adoption of beneficial security technologies: Being tied to Debian, while sensible in 2012, now presents a major handicap. Kicksecure is often late to adopt new technologies beneficial for security, such as PipeWire and Wayland. While well-tested products are preferred for security-sensitive systems, PulseAudio and X11 have significant exploits that are absent from PipeWire and Wayland by design. In this case, preferring the known threat over the unproven one is questionable.
Qubes OS: Its superior security model makes direct comparisons difficult. However, FWIW, Qubes OS defaults for its VMs to Debian and Fedora. The latter of which is known to push new technologies and adopt them first.
secureblue: Based on Fedora Atomic, therefore it also receives these new technologies first.
Lack of progress towards a stateless^[1]^ system: Stateless systems improve security by reducing the attack surface and making the system more predictable and easier to verify. They minimize persistent changes, impeding malware’s ability to maintain a foothold and simplifying system recovery after potential compromises. While this is still relatively unexplored territory, NixOS’s impermanence module is a prominent example.
Qubes OS: There’s a community-driven step-by-step guide for achieving this.
secureblue: Based on Fedora Atomic, which has prioritized combating state since its inception^[2]^. Its immutable design inherently constrains state compared to traditional distros, with ongoing development promising further improvements.
Deprecation of hardened_malloc: This security feature, found in GrapheneOS, was long championed by Kicksecure for Linux on desktop. However, they’ve recently chosen to deprecate it.
Qubes OS: Supports VMs with hardened_malloc enabled OOTB, for which Kicksecure used to be a great candidate.
secureblue: Continues to support hardened_malloc and has innovatively extended its use to flatpaks.
This paper provides a comprehensive (albeit slightly outdated) exposition on the matter. Note that it covers more than just this topic, so focus on the relevant parts.
Colin Walters, a key figure behind Fedora CoreOS and Fedora Atomic, has written an excellent blog post discussing ‘state’.
I ran Qubes for a while, really enjoyed the way it integrated windows so I could use MS Office (mandatory job requirement) as apps rather than a VM as I normally do. I realise you can do something similar with Winapps for Linux but to have it baked in was rather nice.
Interesting. Thank you for sharing your experiences! Would you be so kind to elaborate on that experience? Did you like it? Are you still using it? Why or why not? Pros and Cons? Thank you in advance!
The idea isn’t that one big accident is the result of many smaller ones. You theoretically could be completely safe and then have an unpredictable and terrible freak accident.
What the HSE are trying to say is that if you diligently record all your smaller incidents that it could draw a picture that helps you predict a bigger incident before it happens and implement control measures to mitigate that risk.
Maybe he should buy Alphabet and rename their search engine.
He’d probably do it because of his hatred for “aLphABeT PeOpLE!” like his own kid. That fucking prick. If he were on fire, I’d piss on him, but not at the base of the flames.
I think all he managed to do, other than torching a legendary amount of money, was to create a bunch of easy content for some lazy college students in marketing 101. The ones who don’t want to dig to find something more interesting and nuanced.
“wasn’t a bad name” is the understatement of the year. it was one of the most successful brand names ever. normal people with functioning brains would kill to have a brand that’s so ingrained in the language, especially without the threat of genericizing the trademark.
xerox didn’t want people to use xerox as a generic verb to mean photocopy, or kleenex the same for a generic tissue.
but Twitter was never used to mean another social media site, and tweeting never means posting on Facebook or Tumblr or whatever. a tweet is specifically a post on Twitter. that’s the perfect brand.
He’s been wanting to have an “everything” company named X for years, since before PayPal I think. So he jumped at the chance to ruin twitter of course and rebuild it from the top down
Cory Doctorow pointed out recently that having pages be ugly and half-broken is an immune system against creeping corporate influence. Marketing people are incapable of making ugly pages without collapsing into fits, so if every page on your system is ugly and homemade, they won’t be able to fit in there, and they’ll have a harder time turning it all into shit.
kbin.life
Active