Honestly it’s always so weird to hear complaints of bias. The languages you speak, cultures you engage with, class you were born into, and so many other factors will give you a natural bias that you can’t avoid. I am naturally biased to find eating bugs, repulsive but the massive water bugs (lobsters) are classy.
There is no such thing as unbiased and the closest we get is though science.
It’s a really old SMT2 processor with just two physical cores. Even a physical quad-core with SMT2 struggles in 2024, especially if you’re trying to build from source (I use Guix, btw). You need a workstation processor - the U series isn’t going to cut for the task you’re trying to do. Maybe a H, HQ, K or KF-labelled processor? Something like a 6700HQ, 6820HQ, or a Xeon 1505/1535 v5/v6? The P5x series (not the P5xs) is what you need, minus the dGPU. They’re still quite expensive, and at this point, you’re better off getting a A485/T495/T14 Gen 1/2.
I’ve started looking more into getting an ARM laptop. I know a bloke who has an M1 Macbook and it has indescribable battery life without sacrificing performance. Apple is out of the question due to their walled garden, though (I don’t want to get sucked into their ecosystem and end up with an iPhone, Apple Watch, and who knows what else), so Snapdragon X series it is for me.
About the Qualcomm processors, I’d advise you to wait. There’s a lot of hype going around, and apparently, it isn’t as good as Apple’s ARM processor. Honestly, AMD processors are almost what you’re looking for - low-power processors, highly performant iGPU, bang for buck. In fact, if you look at the newer processors, they also provide power-efficient chips, which is almost similar to the big.LITTLE in Arm - Zen4, paired alongside Zen4c. This pattern is also visible with their newer Strix Point - having both the Zen5 and the Zen5c chiplets.
Apparently, it isn’t as good as Apple’s ARM processor
Not from what my searching shows, the X1P curbstomps the M1.
AMD processors are almost what you’re looking for - low-power processors, highly performant iGPU, bang for buck
I’ve used a laptop with a (i think it was) Ryzen 5 5500u and it was the complete opposite of that. Lags on midnight protocol (game), it cost almost 1000euros, aka the same price as the Surface Pro 11 here, and it hit peaks of 101C, averaging at 70.
It is actually safe to ignore them. It means either someone has an email address similar to yours, or a bot of some sort has you email address and only your email address.
Essentially, someone or something goes to the login screen, enters your login, and says “I don’t have the password, let me in!”.
Sending a code to your email like this is the first step in letting someone in without the password, or more specifically to having them reset it.
Since the email is to check “did you ask for this?”, doing nothing tells them that you did not.
If you want some extra peace of mind: account.live.com/Activity should show you any recent login activity which you can use to confirm that no one has gotten in.
Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantra. :)
This is all good information and seems well intentioned, but it’s worth pointing out in a post about account security that clicking links provided by others and giving it your login information is very unwise (even/especially links in emails like these). For the link you provided, it’d be better to recommend going through a primary microsoft page or login that can be confirmed by the user and getting to the activity history page from there
That is wonderful advice and I’m glad you pointed that out. :)
If I knew how to give directions to the page, I would, but unfortunately I don’t know the Microsoft site layout, only the URL that their help center directed to.
In mitigation of my indiscretion: it’s generally safer to trust a person you approach out of nowhere than to trust someone who approaches you out of nowhere.
Since they chose the venue and asked the question, the likelihood that an attacker is present in the replies is lower than the expectation that an unsolicited email is from an attacker.
But it’s also entirely correct to be distrustful of anything anyone asks you to click on, triply so if it involves security or login pages.
For MS guides there usually is an article under support.microsoft.com or learn.microsoft.com (usually more advanced, admin related documentation for company / enterprise level stuff) domains. Here’s an article for checking activity.
Yup, that would indicate that likely a bot is trying to guess it’s way in.
You are still safe.
The only weird thing here is that Microsoft lets such things bother you instead of guessing that you didn’t teleport to Brazil and instead putting a little extra burden on the Brazil end before sending you an email.
If you’re still feeling worried, the biggest thing you can do is enable two-factor auth (which you should do anyway), or even better: enable something like passkeys which are very secure and also easier than username/password.
Two-factor/password manager is the “remember to brush and floss” of the security industry, so… Please do those things. :)
You can create an email alias for your Microsoft account and then only enable login from that account. If you then do not use that email for anything but the login, you should be pretty safe from credential stuffing attacks.
I had a very similar issue with multiple failed login attempts and changing my login email stopped it right away.
Considering most of the attempts are from India and Brazil I suspect a service you signed up for has sold your email to unsavory data brokers and now a bunch of scam companies are doing that MFA attack on you
I’m an absolute sucker for exquisitely hardened distros. Hence, distros like Qubes OS and Kicksecure have rightfully caught my interest. However, the former’s hardware requirements are too harsh on the devices I currently own. While the latter relies on backports for security updates; which I’m not a fan of. Thankfully, there is also https://github.com/secureblue/secureblue/.
Contrary to the others, secureblue is built on top of an ‘immutable’ and/or atomic base distro; namely Fedora Atomic. By which:
It’s protected against certain attacks.
Enables it to benefit from more recent advancements and developments that benefit security without foregoing robustness.
If security is your top priority, Qubes OS is the gold standard. However, secureblue is a decent (albeit inferior) alternative if you prefer current and/or ‘immutable’/atomic distros.
I’m not an expert. While I try to verify information and only accept it accordingly, I’m still human. Thus, some falsehoods may have slipped through, my memory may have failed me, and/or what’s found below could be based on outdated data.
Additionally, I should note that I’m a huge nerd when it comes to ‘immutable’ distros. As a result, I’m very much biased towards secureblue, even if Kicksecure were to address all of their ‘issues’.
Furthermore, for the sake of brevity, I’ve chosen to stick closely to the OOTB experience. At times, I may have diverged with Qubes OS, but Qubes OS is so far ahead of the others that it’s in a league of its own.
Finally, it’s important to mention that -ultimately- these three systems are Linux’ finest when it comes to security. In a sense, they’re all winners, each with its use cases based on hardware specifications, threat models, and priorities. However, if forced to rank them, I would order them as:
Qubes OS >> secureblue >~ Kicksecure
Context: Answering this question puts me in a genuinely conflicted position 😅. I have immense respect for the Kicksecure project, its maintainers and/or developers. Their contributions have been invaluable, inspiring many others to pursue similar goals. Unsurprisingly, some of their work is also found in secureblue. So, to me, it feels unappreciative and/or ungrateful to criticize them beyond what I’ve already done. However, I will honor your request for the sake of providing a comprehensive and balanced perspective on the project’s current state and potential areas for improvement.
Considerations: It’s important to approach this critique with nuance. Kicksecure has been around for over a decade, and their initial decisions likely made the most sense when they started. However, the Linux ecosystem has changed dramatically over the last few years, causing some of their choices to age less gracefully. Unfortunately, like most similar projects, there’s insufficient manpower to retroactively redo some of their earlier work. Consequently, many current decisions might be made for pragmatic rather than idealistic reasons. Note that the criticisms raised below lean more towards the idealistic side. If resources allowed, I wouldn’t be surprised if the team would love to address these issues. Finally, it’s worth noting that the project has sound justifications for their decisions. It’s simply not all black and white.
With that out of the way, here’s my additional criticism along with comparisons to Qubes OS and secureblue:
Late adoption of beneficial security technologies: Being tied to Debian, while sensible in 2012, now presents a major handicap. Kicksecure is often late to adopt new technologies beneficial for security, such as PipeWire and Wayland. While well-tested products are preferred for security-sensitive systems, PulseAudio and X11 have significant exploits that are absent from PipeWire and Wayland by design. In this case, preferring the known threat over the unproven one is questionable.
Qubes OS: Its superior security model makes direct comparisons difficult. However, FWIW, Qubes OS defaults for its VMs to Debian and Fedora. The latter of which is known to push new technologies and adopt them first.
secureblue: Based on Fedora Atomic, therefore it also receives these new technologies first.
Lack of progress towards a stateless^[1]^ system: Stateless systems improve security by reducing the attack surface and making the system more predictable and easier to verify. They minimize persistent changes, impeding malware’s ability to maintain a foothold and simplifying system recovery after potential compromises. While this is still relatively unexplored territory, NixOS’s impermanence module is a prominent example.
Qubes OS: There’s a community-driven step-by-step guide for achieving this.
secureblue: Based on Fedora Atomic, which has prioritized combating state since its inception^[2]^. Its immutable design inherently constrains state compared to traditional distros, with ongoing development promising further improvements.
Deprecation of hardened_malloc: This security feature, found in GrapheneOS, was long championed by Kicksecure for Linux on desktop. However, they’ve recently chosen to deprecate it.
Qubes OS: Supports VMs with hardened_malloc enabled OOTB, for which Kicksecure used to be a great candidate.
secureblue: Continues to support hardened_malloc and has innovatively extended its use to flatpaks.
This paper provides a comprehensive (albeit slightly outdated) exposition on the matter. Note that it covers more than just this topic, so focus on the relevant parts.
Colin Walters, a key figure behind Fedora CoreOS and Fedora Atomic, has written an excellent blog post discussing ‘state’.
Thank you. Stateless is a good idea, and I would personally like to see faster security updates on Debian (and by extension KickSecure). I haven’t been following them lately so I do not know their reasons for deprecating hardened malloc, I assume there’s an explanation for it.
I ran Qubes for a while, really enjoyed the way it integrated windows so I could use MS Office (mandatory job requirement) as apps rather than a VM as I normally do. I realise you can do something similar with Winapps for Linux but to have it baked in was rather nice.
Interesting. Thank you for sharing your experiences! Would you be so kind to elaborate on that experience? Did you like it? Are you still using it? Why or why not? Pros and Cons? Thank you in advance!
I’m playing it via an emulator and it’s working nicely. I didn’t realise there was a mobile port. Though I can see how it would work well for the touchscreen pretty easily.
A lot of deep genres are impossible to port to work with a controller. Sadly, this nowadays means that a lot of those games don’t see a lot of good entries.
Geez I can’t believe a major group was nuked just like that. I never noticed anything about it being unmoderated but thank you for providing the explanation.
Geez even with decentralization we still have people making bone headed decisions. What is the best/strongest politics group that is not lemmy.ml nor lemmy.world?
Beehaw has a fairly active politics comm, their moderation is more on the strict side but it’s “hey be nice and dont use slurs” kind of strict and not “how dare you say Russia is bad, banned” kind of strict. Id recommend them. Otherwise it’s .world.
There are so many politics communities, but before you mentioned this I didn’t realize how concentrated they are on .ml and .world. These look like the most-subscribed USA and World politics communities that aren’t on .ml or .world:
[Edit: Though I listed them here, the hexbear and beehaw communities are not accessible to large swaths of the Lemmy user base due to instance defederations.]
I’ve heard bad things about hexbear and beehaw. But I looked at these other two.
!politics – unfortunately too many dumb restrictions.
Rule: Title must match the article headline <-- definitely a deal killer because often journalists use dumb headlines or leave the most important things out of the headline.
Rule Recent (Past 30 Days) <-- also a deal killer. Relevant is more important the recent. They are not the same things. “Recent” is only an imperfect proxy for “relevant”.
Rule: Be respectful and civil. No racism/bigotry/hateful speech. <-- perfect
I would also welcome suggestions for “news” groups outside of lemmy.world and lemmy.ml. [email protected] is okay so far but I’m always looking for possible alternatives.
It doesn’t matter where your account is. If someone kills your account you can quickly switch to another lemmy instance and resub to all your communities.
It’s too big. And it has dumb restrictions like no video content. But also, I had a very popular posting just completely nuked by the mod of [email protected] and the entire advanced discussion was suddenly lost, forcing me to recreate the discussion on [email protected]. Ever since I’ve been posting content to lemmy.ml instead of lemmy.world. Mainly important things missing from [email protected] or that they took down.
But aside from all that, we absolutely need redundancy on lemmy for major stuff like news and politics. Mods will abuse their power because they all want to “control the experience” instead of just do the basics. I’ve also had content nuked for no reason on [email protected] also and as a result I mostly use [email protected] instead although I’m open for alternate news site suggestions too.
!Pleasantpolitics might interest you. It’s an experimental community that employs a really interesting bot that scans users all across the lemmyverse, and prevents the most toxic people from participating. It seems to work fairly well, so far.
We need… something like a “transfer, merge, fork, split” for communities.
For example, if these guys are just going to nuke that content, another instance should have the opportunity to either fork it, or merge it with another community. Its mostly the same stuff as would have been in c/Politics here.
And what it does now, is it puts even more editorial power in the hands of fewer people (ones that ml probably) don’t vibe with.
We need… something like a “transfer, merge, fork, split” for communities.
People can do it currently. I’ve done it a few times, for all for cases. You just make an announcement on the community, or on !newcommunities if you are splitting from a power tripping mod.
Yeah idk. This was a criticism that I brought up of the fundamentals in lemmys structure early on: it selects for, effectively, clones of “whole reddits”, when it should be set up to support more balkanized instances.
Basically, lemmy.ml’s c/Politics is functionally redundant to .worlds c/politics; but thats by design.
What I think would be better would be adding tagging and taking federation a step further. Every post needs a ‘tag’; we steal that part from mastadon. It can have many, but it needs at least one, say #politics in this example.
Then, on instances, federation happens both at the instance level but also at the community level; communities can federate with other communtiies. But all posts get #tagged on the way in the door. Communtiies can then federate or defederate at will, and if neccessary, a community can “branch”; for example, maybe they want to split off US politics from politics; then you grab all the posts with the #US.
As far as an abuse vector. Thats just hang wringing. IF your mods are that abusive for a large sub, you’ve got way bigger issues. Which, if it did ever happen, is something that “forking” would solve. Mod on a power trip? No problem. Fork the community.
What I think would be better would be adding tagging and taking federation a step further. Every post needs a ‘tag’; we steal that part from mastadon. It can have many, but it needs at least one, say #politics in this example.
Tags also bring issues from a moderation perspective. Who can decide who can use tags to label which type content? Seems another way to have everyone spamming trending tags on all type of contents without control. I think tags work better on a microblog format than community format, where you can potentially reach out everyone following that community/tag much easily than crossposting each time.
As far as an abuse vector. Thats just hang wringing. IF your mods are that abusive for a large sub, you’ve got way bigger issues. Which, if it did ever happen, is something that “forking” would solve. Mod on a power trip? No problem. Fork the community.
I was more thinking about people wanting to ruin things by importing huge communities to small instances, consuming their space and resources, and making it confusing to people to know which one is the “legit” community.
And if you limit this feature to admins, then requesting communities is already possible from admins on most of the instances, so that covers the transfer. Fork/split (what is the difference, btw), as I said, can be done manually now.
Importing a community is the one use case remaining, but I see why it’s not a priority for the Lemmy devs, there is bigger fish to fry at the moment (multicommunities for instance)
kbin.life
Active