View previous topic :: View next topic |
Author |
Message |
eschwartz Developer
Joined: 29 Oct 2023 Posts: 236
|
Posted: Tue Nov 26, 2024 7:08 pm Post subject: |
|
|
pingtoo wrote: | pietinger wrote: | Do you use a Linux kernel and a web browser on your system? | Yes I do
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. |
|
Back to top |
|
|
pingtoo Veteran
Joined: 10 Sep 2021 Posts: 1286 Location: Richmond Hill, Canada
|
Posted: Tue Nov 26, 2024 7:14 pm Post subject: |
|
|
pietinger wrote: | asturm wrote: | [...] It ultimately runs counter to security, [...] |
| But that is one of my point about frequent update does not necessary mean you are better secured. Because you don't really review what that update do from security point of view.
It seems to me that few of you think I suggest never update until next 10 years(figurative speaking). And I like to make it clear that is not my post about. I am saying no need to frequent update just because there are new. you should do update because you know what that update will bring for you. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 9303
|
Posted: Tue Nov 26, 2024 7:20 pm Post subject: |
|
|
How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
|
Back to top |
|
|
pingtoo Veteran
Joined: 10 Sep 2021 Posts: 1286 Location: Richmond Hill, Canada
|
Posted: Tue Nov 26, 2024 7:23 pm Post subject: |
|
|
eschwartz wrote: | pingtoo wrote: | pietinger wrote: | Do you use a Linux kernel and a web browser on your system? | Yes I do
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. | It is a little bit hard for me to explain that "private way" but essentially I don't use my daily browser for my online transaction.
I wish I am a big fish that I will be selected as target (because that mean I am well off, and it become a sweet problem) but in fact I am not even close to put on radar.
There is nothing you can do from security point of view if you are targeted. my recording is just a way to prove I done my due diligent. my mind can be rest at peace. And hopefully it can be a learning experience. (which I don't want
edit for correctness.
Last edited by pingtoo on Tue Nov 26, 2024 7:28 pm; edited 1 time in total |
|
Back to top |
|
|
pingtoo Veteran
Joined: 10 Sep 2021 Posts: 1286 Location: Richmond Hill, Canada
|
Posted: Tue Nov 26, 2024 7:27 pm Post subject: |
|
|
asturm wrote: | How do you know your car drives safely after you brought it to the mechanic for the annual inspection? | You got it. I actually don't know. Because I a idiot at car mechanic.
So I drove less. Use public transit whenever I can.
I buy insurance, I keep records with dealership (where I do my car maintenance) and I insist everything in writing. |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3909
|
Posted: Tue Nov 26, 2024 7:38 pm Post subject: Re: What is the update frequency with Gentoo? |
|
|
eschwartz wrote: | Gentoo's official policy is that it should always be possible to upgrade systems that are only a single year out of date. Therefore if that fails, it's surely a bug. Whether people regularly test this, is another question entirely. | Interesting & fairly balanced.
The second sentence could justify switching system fs to btrfs or alike if snapshots allow going back and forth.
Such a system would allow easy checking,
Unsure how beneficial that would be to the current portage tree...
Thks 4 ur attention, interest & support. _________________ USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5158 Location: Bavaria
|
Posted: Tue Nov 26, 2024 10:02 pm Post subject: |
|
|
pingtoo wrote: | pietinger wrote: | Do you use a Linux kernel and a web browser on your system? | Yes I do
[...]
So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. [...] |
Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers. One of the first things to do is to switch off javascript in your browser.
pingtoo wrote: | [...] And ensure no one have access my nodes with me knowing. [...] |
This is about physical security (offline tampering) ... I'm also less worried about this.
pingtoo wrote: | [...] And do all online banking in private way and record everything. |
Me too - although I think I have a “reasonably” secure pc.
pingtoo wrote: | (sorry I don't know how to express this in right English way) |
I understood everything ... please don't worry. _________________ https://wiki.gentoo.org/wiki/User:Pietinger |
|
Back to top |
|
|
pingtoo Veteran
Joined: 10 Sep 2021 Posts: 1286 Location: Richmond Hill, Canada
|
Posted: Tue Nov 26, 2024 10:21 pm Post subject: |
|
|
pietinger wrote: | Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers. | But the malicious intent usually have two type, plant something bad on to your computer or redirect so they can act like man in between.
This is where the "private way" happen, I am not worry in something malicious got downloaded. the browser environment is sandboxed so every start is fresh (think docker image/container). I don't worry redirect that is what firewall output filter is for.
I worry that the bank (or whoever I do transaction with) tell me the browser version is not supported. (I don't fool around the agent string, because there could be legal implication that I rather not get involve when something gone wrong) |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20492
|
Posted: Wed Nov 27, 2024 12:15 am Post subject: |
|
|
pingtoo wrote: | You do because you wish to stay on edge and to test to help development.
You do because your hardware changed.
You do because you encounter a problem that later version of software solved.
You do because you got new use case that was not part of initial build design. | You do because you don't want the complexity of problems that come from long gaps between updates.
I now update daily, which is somewhat annoying in itself. However, it is generally less complicated than my previous once per week (if I recall correctly).
asturm wrote: | You learn Gentoo by updating frequently, and seeking help - if you need it - along the way. And one way of knowing you've mastered it, is not having felt the need to reinstall from scratch for >10 years. | This is a good point.
pingtoo wrote: | I think is do you want to learn Gentoo and being an expert of Gentoo.
Or,
Do you want to use Gentoo as tool to do what you want :D | How well you want to do the latter may depend on how well you do the former.
asturm wrote: | How do you know your car drives safely after you brought it to the mechanic for the annual inspection? | My mechanic doesn't add random new "features" to my car, so that reduces a lot of risk. If something "bad" does need to be replaced, it may come with certain requirements that help reduce the risk of the replacement being problematic. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
|