…that proved that the algorithms/protocols work.

You can use a perfect algorithm and still be insecure because the implementation was bad. You are trusting the SimpleX Chat devs to a degree.

I wouldn’t trust encryption made by anti-vaxer more than…

Important to note: SimpleX Chat has gone through two security audits.

The SimpleX Chat is AGPL. If the founder is problematic, one can fork it and avoid reinventing what has already been made.

It is forkable if necessary. I do think SimpleX is a great piece of software that shouldn’t be reinvented because of the founder.

There was this recent attack to XZ utils, which shows that more attention is needed on the code being merged and compiled.

XZ was made possible largely because there was unaudited binary data. One part as test data in the repo, and the other part within the pre-built releases. Bootstrapping everything from source would have required that these binaries had an auditable source, thus allowing public eyes to review the code and likely stopping the attack. Granted, reproducibility almost certainly would have too, unless the malware wasn’t directly present in the code.

Pulled from here:

Every unauditable binary also leaves us vulnerable to compiler backdoors as described by Ken Thompson in the 1984 paper Reflections on Trusting Trust and beautifully explained by Carl Dong in his Bitcoin Build System Security talk.

It is therefore equally important that we continue towards our final goal: A Full Source bootstrap; removing all unauditable binary seeds.

Sure you might have the code that was input into GCC to create the binary, and sure the code can be absolutely safe, and you can even compile it yourself to see that you arrive at the same bit-for-bit binary as the official release binary. But was GCC safe? Did some other compilation dependency infect the compiled binary? Bootstrapping from an auditable seed can answer this question.

The solution is to have stronger privacy laws.

Many people have the power to make certain privacy attacks impossible right now. I consider making that change better for those people than adding a law which can’t stop the behavior, but just adds a negative incentive.

I wouldn’t wait around for the law to prosecute MITM attacks, I would use end to end encryption.

Choosing an esoteric system for yourself is a good way for a free people to protect their privacy, but it won’t scale.

If this is referencing using a barely-used system as a privacy or security protection, then I would regard that as bad protection.

Everyone using GrapheneOS would be a net security upgrade. All the protections in place wouldn’t just fade away now that Facebook wants to spy on that OS. They’re still in place; Facebook’s job is still harder than it otherwise would be.

There’s some time limit before having to re input it.

Inputting a password multiple times into sudo has downsides too. Larger window for attackers to do something like: add a directory to your path, which has a fake sudo in it, and capture your password.

Yes. Memory allocated, but not written to, still counts toward your limit, unlike in overcommit modes 0 or 1.

The default is to hope that not enough applications on the system cash out on their memory and force the system OOM. You get more efficient use of memory, but I don’t like this approach.

And as a bonus, if you use overcommit 2, you get access to vm.admin_reserve_kbytes which allows you to reserve memory only for admin users. Quite nice.

If by “unused” you mean not actively storing data, then the Linux kernel docs disagree.

vm.min_free_kbytes

Unless you have the vm.overcommit_memory sysctl set to 2, and your overcommit is set to less than your system memory.

Then, when an application requests more memory than you have available, it will just get an error instead of needing to be killed by OOM when it attempts to use the memory at a later time.

Same could’ve once been said about a free OS like Linux. Now it is absolutely possible, with the downsides shrinking bit by bit.

The goal of 100% free is one I support. And these people are working to make it possible.

If such a project were to become compromised (the way XZ-Utils was), it would eventually spread to Ventoy.

What a lot of people don’t know is that the XZ attack entirely relied on binary blobs: Partially in the repo as binary test files, and partially in only the github release (binary).

If someone actually built it from source, they weren’t vulnerable. So contrary to some, it wasn’t a vulnerability that was in plain view that somehow passed volunteer review.

This is why allowing binary data in open-source repos should be heavily frowned upon.

You can modify the keybinds in software too. You would need to change your console keymap (TTY) and your desktop environment keybindings. Programmable keyboard is most likely easier though.

I played around with it and changed both to just use F1 = tty1 and so on, without requiring CTRL+ALT.

Your needs must be different than mine.

I press one button combination and have root without ever entering a password. I press a similar combination and go back. Not sure how this is a pain in the ass.

All I do is have agetty --autologin root tty2 linux run as a service. It launches on startup, and I just hit CTRL + ALT + F2 if I ever need a root shell.

All its doing is just auto logging-in as root on TTY2.

The nosuid mount option disables this behavior per mount. Just be sure you don’t use suid binaries.

Example: sudo or doas. I replaced those with switching to a tty with an already open root account on startup. Generally faster and (for me) more secure (you need physical access to get to the tty).