| View previous topic :: View next topic |
| Author |
Message |
eschwartz
Developer
Joined: 29 Oct 2023
Posts: 238
|
 Posted: Tue Nov 26, 2024 7:08 pm Post subject: |
 |
|
| pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do 
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. |
|
| Back to top |
|
 |
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1289
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:14 pm Post subject: |
|
|
| pietinger wrote: | | asturm wrote: | | [...] It ultimately runs counter to security, [...] |
|
But that is one of my point about frequent update does not necessary mean you are better secured. Because you don't really review what that update do from security point of view.
It seems to me that few of you think I suggest never update until next 10 years(figurative speaking). And I like to make it clear that is not my post about. I am saying no need to frequent update just because there are new. you should do update because you know what that update will bring for you. |
|
| Back to top |
|
|
asturm
Developer
Joined: 05 Apr 2007
Posts: 9303
|
| Posted: Tue Nov 26, 2024 7:20 pm Post subject: |
|
|
| How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1289
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:23 pm Post subject: |
|
|
| eschwartz wrote: | | pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. |
It is a little bit hard for me to explain that "private way" but essentially I don't use my daily browser for my online transaction.
I wish I am a big fish that I will be selected as target  (because that mean I am well off, and it become a sweet problem) but in fact I am not even close to put on radar.
There is nothing you can do from security point of view if you are targeted. my recording is just a way to prove I done my due diligent. my mind can be rest at peace. And hopefully it can be a learning experience. (which I don't want
edit for correctness.
Last edited by pingtoo on Tue Nov 26, 2024 7:28 pm; edited 1 time in total |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1289
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:27 pm Post subject: |
|
|
| asturm wrote: | | How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
You got it. I actually don't know. Because I a idiot at car mechanic.
So I drove less. Use public transit whenever I can.
I buy insurance, I keep records with dealership (where I do my car maintenance) and I insist everything in writing. |
|
| Back to top |
|
|
CaptainBlood
Advocate
Joined: 24 Jan 2010
Posts: 3909
|
| Posted: Tue Nov 26, 2024 7:38 pm Post subject: Re: What is the update frequency with Gentoo? |
|
|
| eschwartz wrote: | Gentoo's official policy is that it should always be possible to upgrade systems that are only a single year out of date. Therefore if that fails, it's surely a bug. Whether people regularly test this, is another question entirely.  |
Interesting & fairly balanced.
The second sentence could justify switching system fs to btrfs or alike if snapshots allow going back and forth.
Such a system would allow easy checking,
Unsure how beneficial that would be to the current portage tree...
Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5159
Location: Bavaria
|
| Posted: Tue Nov 26, 2024 10:02 pm Post subject: |
|
|
| pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do
[...]
So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. [...] |
Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers.  One of the first things to do is to switch off javascript in your browser.
| pingtoo wrote: | | [...] And ensure no one have access my nodes with me knowing. [...] |
This is about physical security (offline tampering) ... I'm also less worried about this. 
| pingtoo wrote: | | [...] And do all online banking in private way and record everything. |
Me too - although I think I have a “reasonably” secure pc.
| pingtoo wrote: | | (sorry I don't know how to express this in right English way) |
I understood everything ... please don't worry.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1289
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 10:21 pm Post subject: |
|
|
| pietinger wrote: | | Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers. |
But the malicious intent usually have two type, plant something bad on to your computer or redirect so they can act like man in between.
This is where the "private way" happen, I am not worry in something malicious got downloaded. the browser environment is sandboxed so every start is fresh (think docker image/container). I don't worry redirect that is what firewall output filter is for.
I worry that the bank (or whoever I do transaction with) tell me the browser version is not supported. (I don't fool around the agent string, because there could be legal implication that I rather not get involve when something gone wrong) |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20494
|
| Posted: Wed Nov 27, 2024 12:15 am Post subject: |
|
|
| pingtoo wrote: | You do because you wish to stay on edge and to test to help development.
You do because your hardware changed.
You do because you encounter a problem that later version of software solved.
You do because you got new use case that was not part of initial build design. |
You do because you don't want the complexity of problems that come from long gaps between updates.
I now update daily, which is somewhat annoying in itself. However, it is generally less complicated than my previous once per week (if I recall correctly).
| asturm wrote: | | You learn Gentoo by updating frequently, and seeking help - if you need it - along the way. And one way of knowing you've mastered it, is not having felt the need to reinstall from scratch for >10 years. |
This is a good point.
| pingtoo wrote: | I think is do you want to learn Gentoo and being an expert of Gentoo.
Or,
Do you want to use Gentoo as tool to do what you want :D |
How well you want to do the latter may depend on how well you do the former.
| asturm wrote: | | How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
My mechanic doesn't add random new "features" to my car, so that reduces a lot of risk. If something "bad" does need to be replaced, it may come with certain requirements that help reduce the risk of the replacement being problematic.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1289
Location: Richmond Hill, Canada
|
| Posted: Wed Nov 27, 2024 12:59 am Post subject: |
|
|
| pjp wrote: | | asturm wrote: | | You learn Gentoo by updating frequently, and seeking help - if you need it - along the way. And one way of knowing you've mastered it, is not having felt the need to reinstall from scratch for >10 years. |
This is a good point. |
Just for laugh. I would argue that if you update two/three month later you learn even more from Gentoo.
And as Neddy said if you update one year later, you learn Gentoo no other way. 
Another just for laugh, if I can update between 10 years that prove Gentoo is so good it can last 10 years without need for update. (plus your hardware is also very good.) Also you made a very good computer practice and possible save a little bit of world from Climate Changes. (less compiling, lesser energy used) |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20494
|
| Posted: Wed Nov 27, 2024 3:24 am Post subject: |
|
|
| pingtoo wrote: | | Just for laugh. I would argue that if you update two/three month later you learn even more from Gentoo. |
That might depend on the individual's starting point and tolerance for frustration. With little experience, two or three months might cause a person to abandon the effort.
| pingtoo wrote: | | And as Neddy said if you update one year later, you learn Gentoo no other way. |
It just depends on the given year. I updated a system about that far out of date and it was mostly uneventful. I used monthly ::gentoo snapshots from a mirror. There were a few things that didn't update until some later point in the process due to lack of source file availability. My systems usually don't have a ton of stuff installed, so I'm sure that helped. But for that circumstance, I _very thankfully_ didn't learn anything new ;)
| pingtoo wrote: | | and possible save a little bit of world from Climate Changes. |
If all compiling stopped, I doubt the impact would be noticeable. Shutting down The Cloud* and the many needless things "webscale" might.
* Not to be confused with the internet.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
eschwartz
Developer
Joined: 29 Oct 2023
Posts: 238
|
| Posted: Wed Nov 27, 2024 3:55 am Post subject: |
|
|
| pingtoo wrote: | | pjp wrote: | | asturm wrote: | | You learn Gentoo by updating frequently, and seeking help - if you need it - along the way. And one way of knowing you've mastered it, is not having felt the need to reinstall from scratch for >10 years. |
This is a good point. |
Just for laugh. I would argue that if you update two/three month later you learn even more from Gentoo.
And as Neddy said if you update one year later, you learn Gentoo no other way.
|
You learn specific topics you cannot learn another way -- that isn't the same as learning greater quantities of knowledge. 
| pingtoo wrote: | | Another just for laugh, if I can update between 10 years that prove Gentoo is so good it can last 10 years without need for update. (plus your hardware is also very good.) Also you made a very good computer practice and possible save a little bit of world from Climate Changes. (less compiling, lesser energy used) |
Just to note, if you're concerned about the energy used in compiling -- Gentoo is, famously, a distro that is "whatever people want to make of it". Well, that includes being a binary distro. https://www.gentoo.org/news/2023/12/29/Gentoo-binary.html
You can sync most common packages as binaries, compiled either for x86-64 (baseline universal amd64) or for x86-64-v3 (Intel Haswell, AMD Excavator / Ryzen, basically, anything with avx2 support): https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels
And you can freely mix-and-match source and binary packages. Full support for USE flags (if the binhost doesn't support your USE flags, you transparently build from source instead). |
|
| Back to top |
|
|
|
Other Things Gentoo
