On Thursday, 5 January 2017 11:38:52 UTC+11, raah...@gmail.com  wrote:
> On Wednesday, January 4, 2017 at 7:37:42 PM UTC-5, raah...@gmail.com wrote:
> > On Sunday, January 1, 2017 at 12:08:54 PM UTC-5, Jeremy Rand wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA512
> > > 
> > > pixel fairy:
> > > > On Tuesday, October 1, 2013 at 6:32:41 PM UTC-7, ears...@gmail.com
> > > > wrote:
> > > >> We all know Fedora is a big name, but is it a good choice for a
> > > >> Security Driven OS like QubeOS to be based around? What do others
> > > >> here think?
> > > > 
> > > > There are a lot of packages creating a bigger attack surface. but,
> > > > bigger distros like fedora have companies behind them like red hat.
> > > > red hat has been pretty good about actively looking for
> > > > vulnerabilities in those packages. distros that automatically
> > > > upgrade to the latest version (gentoo etc) can also burn you. they
> > > > would make better template vms where your more likely to want newer
> > > > software and new issues can be better contained.
> > > > 
> > > > for dom0, newer distros are better at hardware compatibility with
> > > > those fancy new processors, graphics cards and storage controllers
> > > > in laptops.
> > > > 
> > > > just personal opinion, but wayland is a better fit than x11 for
> > > > qubes in the long run. fedora is the only distro with a dedicated
> > > > security staff actively supporting it.
> > > > 
> > > > anytime you abstract a layer, your diluting your resources.
> > > > maintaining a dom0 isnt much more work than a domu template, but if
> > > > you want to add slackware, arch, and gentoo, youve now more than
> > > > doubled the developers distro maintanance work when they could be
> > > > working on stability and features.
> > > 
> > > Potentially worth noting here that in Ed Snowden's keynote at
> > > Libreplanet 2016, he criticized the free software community's tendency
> > > to use stable, outdated software.  Snowden said that the attackers
> > > move and adapt quickly, and it's dangerous to continue using outdated
> > > software that doesn't have the latest security fixes/features just
> > > because it's more stable or more backward-compatible.  Snowden did not
> > > explicitly mention any distros that he was talking about, but I got
> > > the distinct impression that he was (at least in part) talking about
> > > Debian.
> > > 
> > > Of course, "appeal to authority" is a classic fallacy, so we shouldn't
> > > do what Snowden says without questioning it, but I think it's at least
> > > worth considering his argument seriously.
> > > 
> > > Cheers,
> > > - -Jeremy
> > > -----BEGIN PGP SIGNATURE-----
> > > 
> > > iQIcBAEBCgAGBQJYaTeQAAoJELPy0WV4bWVwbNgP+QG3jY+xlwsTnViOS+IFEHMP
> > > Nyt+d9Cuq7iEnCsr1fuXbzjSNB8RDM0y2BY6rciELmo4kvyfsGoPYZod7nOlQPeV
> > > xjgjubrlA3udMxSCsc5lc2DbP4IszehJECYGbZw4gaFabScs6ugt0P9gxKaiTIWR
> > > pa9bAaSzJffZsJg9/efUJuo134Mdd8QBssKEC6idWCiEuM8YWHZI9xKfvhTjRrqj
> > > g233nSNbvctg0yoUQbf2XHZ6gyGZ2p0Y1ab8o0o0MFVsuQIuPCKlWgr/WhjgdWDY
> > > Ye4TCYZhonuLHRCiOt+ZuS2w8nj24O0qFvXra+asXAaW2mFzQa/Aq3CdLBE87nXE
> > > z3dgNp2Z08dWi28ncbCwvn8mpw0w07yl1n6+2JlBC4pDTF2/r6BMgsp4DIS9sFDB
> > > h+mFWCnqh80P/39SQeOoOcHATruMfHp8CUDVtOMVBRV4VpoA7YaKxiiiUXFnD21M
> > > S6XP7QqxPkbPW0E77UeR53igB61QQ1t3Fb4QQRLZY1bhncKn3kM/OmUDnHzepLQn
> > > 0/FLW/aJMBofOHeb6xqrfipeayGrdHLNuav9Nu1QRuX2lY6E0Sl40VZBwRERxfaW
> > > t+Ck3n4Qw2Gru13zXPhHuE8OpTV3/RgkMzNMnADxfArhSIW2zwoYQvNCn8U/LNaq
> > > P2HMZA0yehx6CZnBmdb/
> > > =RC2L
> > > -----END PGP SIGNATURE-----
> > 
> > I disagree with Snowden on this,  if it aint broke don't fix it.  What 
> > usually happens in reality is the newer software introduces even more bugs 
> > then were originally there imo for the sake of new shiny things.  Many 
> > experts say we are actually less safe nowadays cause systems are already 
> > too complex.    And if new exploits found in old software are patched with 
> > security updates then I think the freesoftware communities have it right 
> > when it comes to security.
> > 
> > If he means old software thats no longer maintained and abandoned then he 
> > has a good point.  There is plenty of that in every linux distro, some more 
> > then others.
> > 
> > But saying attackers adapt quick,  means to me adapting to something new,  
> > adapting to a new exploit, not a secret one they've already known about.
> 
> I use to believe that always updating software would remove exploits 
> currently in them.  But usually in reality if not specifically addressed,  
> since new software is still built upon the same old software,  the old bugs 
> still exist while new ones are now introduced as well.

If you have a secure system in the first place, the exploits can't get a grip 
easily.
If you manage your system you won't get hit easily.
If you lock the machine down, you won't get hit easily.

I limit SUDO activity to what I want to let things use.
I don't let sudo change passwords..
I don't let sudo do anything of impact for the system.

I have firewall set up so that I have to permit what I want, and I monitor all 
traffic. 

So updating the system to the latest, will often break things, along with 
security. So I don't update until I know that the update will actually fix it 
and not break the security I have in place that fix's what's actually wrong, if 
that makes sense?

Moving to Slackware, AWAY from SystemD removes one HUGE security flaw that will 
never be fixed.

it MAY get a few tiny holes/vulnerabilities, but they are easy to protect 
against, where as SystemD, you can't protect against SystemD.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c12be9ec-ec28-470a-9f0e-5e3a1b8fbe2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to