It seems I wasn’t clear as most people misunderstood me.
But, to give a very precise example; say
I had a folder called ~/some/folder.
It was on an encrypted drive.
And I had done additional work to encrypt the folder again.
And say, I used chattr, chmod or chown or similar utilities that remove access as long as one doesn’t have elevated privileges.
And say, I had done whatever (additional thing) mentioned in your comment.
Then, what prevents whosoever, to copy that file through cloning the complete disk?
Even if they’re not able to get past the password, it will be found on the cloned disk. SO, basically, I ask for some method that prevents the file to even be copied through a disk clone. I don’t care that it has three passwords protecting it. What I want is for the disk clone (or whatever sophisticated copy/mv/cut or whatsoever utility exists) to somehow fail while trying to attempt the action on the protected files.
By definition, you can’t. Any software level solution will fail since you can just move the drive somewhere else. It must be baked into the hardware and firmware.
Edit to add further clarification. Do you need it to be failing on every device or just on a device that you control? Since as stated before, moving a mass storage will completely overthrow any software solution
Right, working on every device requires a hardware solution. I haven’t encountered any such hardware yet but I do know that it is possible. Next, your second requirement makes what you’re trying to accomplish impossible. Privilege escalation by definition will escalate the privilege. The problem lies in the fact that the root user is basically a god in linux. You can even wipe your system if you so desire. However, you can read more into SELinux or other similar systems. It works by basically running check on the kernel level not user level. But the only solutions I can think of will make other day-to-day tasks more of a hassle. Also, note that whoever knows how to modify the SELinux can also bypass the system. I found an answer on serverfaultthat points to a blog. However, I haven’t read the blog yet. You may find an answer there.
You’re welcome. I also recommends Arch Wiki on SELinux. It helps clarify a lot of things and how different it is with traditional linux privilege escalation.
I ask for some method that prevents the file to even be copied through a disk clone
Oh that’s quite simple! Just don’t have the files on the first disk in the first place. Make them a remote mount from a server, for example via sshfs, webdav, etc. Heck, even ftp if it comes down to it. That way, even though you can clone the disks, you can not get to the files if you don’t also have the full authentication requirements for the remote server (such as a password).
At a conceptual level, you can’t do anything via root to prevent someone who clones the disk from… well, cloning the disk. Having physical access to a disk is a much higher level of access than even root, so if what you are looking for is for your content to not be cloned, you need to fortify physical access to the device.
This is unexpected, and hits really hard. I tried to get one of his drivers running with a fairly new USB wifi adapter, I made a Github issue, and he was super kind and helpful. This was only in May, it feels unreal to read this news. What a terrible loss, my deepest condolences to his family and friends.
I think it’s absurd that most distros have no tools whatsoever for doing regular checksums of their own files. Windows certainly got that part right IMO.
I’m double checking this myself now, but there are plenty of tools (debsum) they’re just not part of the default implementation as of last time I looked.
i’m almost 100% that debsums on apt stuff and the --verify flag in rpm distros do what sfc did. (kinda, debsums and --verify check against a list of checksums from the repo, i’m pretty sure sfc cracks open an actual known version of the files and compares em with whats on disk)
2 zfs has pretty fast (zfs set dedup=edonr,verify) block level duplication where block size is 1MB (zfs set blocksize=1M).
3 in reality I tried to achieve proper data structure but it was way too time consuming so I couldn’t do any work other than that, thus I established zfs as a history backtrack where I can rollback to something very important what I accidentally can delete, thus using ZFS and all aforementioned its benefits
Use Borg Backup. It has built-in deduplication — it works with chunks not files and will recognize identical chunks and avoid storing them multiple times. It will deduplicate your files and will find duplicated chunks even in files you didn’t know had duplicates. You can continue to keep your files duplicated or clean them out, it doesn’t matter, the borg backups will be optimized either way.
What about folders? Because sometimes when you have duplicated folders (sometimes with a lot of nested subfolders), a file deduplicator will take forever. Do you know of a software that works with duplicate folders?
What do you mean that a file deduplication will take forever if there are duplicated directories? That the scan will take forever or that manual confirmation will take forever?
They should not be worried, they should be educated.
If you worry a new user enough they’ll go back to Windows or Apple because there’s less scary warnings there.
We need to make the transition as pain free as possible. Learning about the joys of kernel compilation and SELinux can come later.
The first step is "Hey, this is as usable as Windows, without stupid ads in the start menu.
No. If you put a warning on every app (except for the most trivial ones that don’t actually do anything useful) then the warnings mean nothing. The become something more than ass-covering legal(ish) BS.
What do you mean by “improving”? This alarming warning appears because Firefox requires permissions. Let us look at the permissions listed there:
“User device access”. From the docs, I’d say the browser needs it for rendering?
“Download folder read/write access”. This one is obvious - the files you download with your browser go there.
“Can access some specific files”. This one, I’ll admit, is a bit cryptic - what files does it need to access? But this one is on Flatpak for making the permission so general.
App permissions should not be about “this app cannot be trusted because it asks for scary scary permissions”. They should be about “take a look at the list of permissions the app requests and determine whether or not it make sense for such an app to need such permissions”.
To 1.: dri instead of all would handle hardware-accelerated rendering. Then some webcams or controllers won’t be accessible though. This one’s a bit complicated, since the necessary portals for e.g. generic USB device access aren’t yet there.
To 2.: portals should be used instead of that. Using them doesn’t require these permissions.
To 3.: click on details and see. This is Flathub making it easy to understand for users.
Permissions should make clear whatever dangerous things an app can do. If not, why do all this effort of isolation? Firefox could delete everything in downloads, either by accident on Mozilla’s side, or a privilege escalation. If the app used portals instead, it couldn’t, at least without user interaction. Or a browser security vulnerability could open up any USB devices to webpages. It’s all about what could happen with granted permissions. And these can 100 % be fixed in at least some way.
If “nearly every app” that people already use suddenly has a big warning on it, people will quickly decide the warnings are meaningless and start ignoring them, like Prop 65 warnings. Congratulations, we’ve moved the needle backwards.
You have to meet people where they’re at. I finally switched to Linux when MS introduced a feature I wanted no part in (Recall AI), but I would have given up within a day or two if the transition hadn’t been basically seamless. I was able to pick up right where I left off, using all the same apps I did on Windows except MusicBee RIP, but now I’m in a better position than before, on an open-source OS instead of closed-source. Now there’s a little less friction between me and better, freer software.
I imagine the largest mobile phone operating system on the planet has a few more downloads than one of the several available package managers for the comparatively very small desktop Linux audience, yeah. This is the Linux community, not the Android or Google community, so I’m not sure what you’re yapping away about or why.
edit: i wanted to know how many devices run android and according to this it’s three billion so you’re wrong anyway lmao
Flatpak’s usecase for me is Alpine Linux and other distributions that use musl or other libc implementations. I don’t love it, I think its cli interface and the way you add flatpak servers to be obtuse and annoying, but it is useful for getting glibc dependent software.
I got as far as using fdupe to identify duplicates and delete the extras. It was slow.
Thinking about some of the other comments… If you use a tool to create hardlinks first, then one could then traverse the entire tree and deleting a file if it has more than one hardlink. The two phases could be done piecemeal and are cancelable and restartable.
Backup backup backup! If you have btrfs them just take a snapshot first: instantly.
One could do a non-destructive rename first. E.g. prepend deleteme. to the file name, sanity check it, then ‘rollback’ by renaming back without the prefix or commit and delete anything with the prefix.
To be fair, the fact that browsers are allowed to do so much that this warning has to be shown is more an indictment on the current state of browsers (which at this point are almost like installing VMWare and a virtual machine on your computer!) than on something something Firefox or something something Flatpak.
I mean yes, how exactly would you want the web to work? In order for it to be secure we need website code to run in an isolated environment. Modern web browsers have gotten pretty good at this.
Though we say it’s a JavaScript Virtual Machine it’s not the kind of virtual machine you are thinking of. It just means it’s being interpreted in a certain environment rather than compiles code running natively. It’s not like a whole OS. Running a web browser in a Virtual Machine is unironically a method to improve security; checkout Qubes OS for an example.
Also the permissions it’s asking for aren’t that serious. Basically GPU access and download folder access.
I mean yes, how exactly would you want the web to work?
Text and images and hyperlinks; maybe audio and video if you’re lucky and you can prove you can be trusted. No such thing as scripting, or if it’s allowed, only in a limited manner with no such thing as “eval” and obfuscation and no ability to add or delete nodes from the DOM (or if it’s allowed, those nodes must reflect under View Source / CTRL+U). No such things as loading a javascript audioplayer that tries to mix 123456 weird sources, just link me the .m3u direct to the audio stream’s .mp3 file, or even better an .opus.
Definitively no DRM.
If any such thing as GPU access is provided it should be to deposit data, not to run code.
Text and images and hyperlinks; maybe audio and video if you’re lucky and you can prove you can be trusted.
Those things still require a GPU to render efficiently.
All the other stuff you talk about don’t need a GPU or really any systems permissions at all. So even if the web changes to your twisted view the flatpak would still require the same permissions. All you’ve just proven is that you don’t understand technology.
If any such thing as GPU access is provided it should be to deposit data, not to run code.
You don’t know what a GPU is apparently. Regardless the same access is needed for both.
Also you use Lemmy, which requires scripting. Pretty much every online game, shopping website, calculator, and so on require scripting of some kind. Scripting isn’t just for bad things like tracking. It makes a lot of cool stuff possible, that you doubtlessly use everyday. As a plus it’s generally more secure to use a web app than have a myriad of different programs or applets replace all these different things, as websites are sandboxed. There is a reason JavaScript replaced Flash and Java applets.
You’re confusing a technology problem with a society/capitalism problem.
linux
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.