| View previous topic :: View next topic |
| Author |
Message |
eschwartz
Developer
Joined: 29 Oct 2023
Posts: 238
|
 Posted: Tue Nov 26, 2024 7:08 pm Post subject: |
 |
|
| pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do 
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. |
|
| Back to top |
|
 |
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1290
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:14 pm Post subject: |
|
|
| pietinger wrote: | | asturm wrote: | | [...] It ultimately runs counter to security, [...] |
|
But that is one of my point about frequent update does not necessary mean you are better secured. Because you don't really review what that update do from security point of view.
It seems to me that few of you think I suggest never update until next 10 years(figurative speaking). And I like to make it clear that is not my post about. I am saying no need to frequent update just because there are new. you should do update because you know what that update will bring for you. |
|
| Back to top |
|
|
asturm
Developer
Joined: 05 Apr 2007
Posts: 9307
|
| Posted: Tue Nov 26, 2024 7:20 pm Post subject: |
|
|
| How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1290
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:23 pm Post subject: |
|
|
| eschwartz wrote: | | pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. |
It is a little bit hard for me to explain that "private way" but essentially I don't use my daily browser for my online transaction.
I wish I am a big fish that I will be selected as target  (because that mean I am well off, and it become a sweet problem) but in fact I am not even close to put on radar.
There is nothing you can do from security point of view if you are targeted. my recording is just a way to prove I done my due diligent. my mind can be rest at peace. And hopefully it can be a learning experience. (which I don't want
edit for correctness.
Last edited by pingtoo on Tue Nov 26, 2024 7:28 pm; edited 1 time in total |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1290
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:27 pm Post subject: |
|
|
| asturm wrote: | | How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
You got it. I actually don't know. Because I a idiot at car mechanic.
So I drove less. Use public transit whenever I can.
I buy insurance, I keep records with dealership (where I do my car maintenance) and I insist everything in writing. |
|
| Back to top |
|
|
CaptainBlood
Advocate
Joined: 24 Jan 2010
Posts: 3912
|
| Posted: Tue Nov 26, 2024 7:38 pm Post subject: Re: What is the update frequency with Gentoo? |
|
|
| eschwartz wrote: | Gentoo's official policy is that it should always be possible to upgrade systems that are only a single year out of date. Therefore if that fails, it's surely a bug. Whether people regularly test this, is another question entirely.  |
Interesting & fairly balanced.
The second sentence could justify switching system fs to btrfs or alike if snapshots allow going back and forth.
Such a system would allow easy checking,
Unsure how beneficial that would be to the current portage tree...
Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5162
Location: Bavaria
|
| Posted: Tue Nov 26, 2024 10:02 pm Post subject: |
|
|
| pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do
[...]
So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. [...] |
Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers.  One of the first things to do is to switch off javascript in your browser.
| pingtoo wrote: | | [...] And ensure no one have access my nodes with me knowing. [...] |
This is about physical security (offline tampering) ... I'm also less worried about this. 
| pingtoo wrote: | | [...] And do all online banking in private way and record everything. |
Me too - although I think I have a “reasonably” secure pc.
| pingtoo wrote: | | (sorry I don't know how to express this in right English way) |
I understood everything ... please don't worry.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1290
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 10:21 pm Post subject: |
|
|
| pietinger wrote: | | Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers. |
But the malicious intent usually have two type, plant something bad on to your computer or redirect so they can act like man in between.
This is where the "private way" happen, I am not worry in something malicious got downloaded. the browser environment is sandboxed so every start is fresh (think docker image/container). I don't worry redirect that is what firewall output filter is for.
I worry that the bank (or whoever I do transaction with) tell me the browser version is not supported. (I don't fool around the agent string, because there could be legal implication that I rather not get involve when something gone wrong) |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20496
|
| Posted: Wed Nov 27, 2024 12:15 am Post subject: |
|
|
| pingtoo wrote: | You do because you wish to stay on edge and to test to help development.
You do because your hardware changed.
You do because you encounter a problem that later version of software solved.
You do because you got new use case that was not part of initial build design. |
You do because you don't want the complexity of problems that come from long gaps between updates.
I now update daily, which is somewhat annoying in itself. However, it is generally less complicated than my previous once per week (if I recall correctly).
| asturm wrote: | | You learn Gentoo by updating frequently, and seeking help - if you need it - along the way. And one way of knowing you've mastered it, is not having felt the need to reinstall from scratch for >10 years. |
This is a good point.
| pingtoo wrote: | I think is do you want to learn Gentoo and being an expert of Gentoo.
Or,
Do you want to use Gentoo as tool to do what you want :D |
How well you want to do the latter may depend on how well you do the former.
| asturm wrote: | | How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
My mechanic doesn't add random new "features" to my car, so that reduces a lot of risk. If something "bad" does need to be replaced, it may come with certain requirements that help reduce the risk of the replacement being problematic.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1290
Location: Richmond Hill, Canada
|
| Posted: Wed Nov 27, 2024 12:59 am Post subject: |
|
|
| pjp wrote: | | asturm wrote: | | You learn Gentoo by updating frequently, and seeking help - if you need it - along the way. And one way of knowing you've mastered it, is not having felt the need to reinstall from scratch for >10 years. |
This is a good point. |
Just for laugh. I would argue that if you update two/three month later you learn even more from Gentoo.
And as Neddy said if you update one year later, you learn Gentoo no other way. 
Another just for laugh, if I can update between 10 years that prove Gentoo is so good it can last 10 years without need for update. (plus your hardware is also very good.) Also you made a very good computer practice and possible save a little bit of world from Climate Changes. (less compiling, lesser energy used) |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20496
|
| Posted: Wed Nov 27, 2024 3:24 am Post subject: |
|
|
| pingtoo wrote: | | Just for laugh. I would argue that if you update two/three month later you learn even more from Gentoo. |
That might depend on the individual's starting point and tolerance for frustration. With little experience, two or three months might cause a person to abandon the effort.
| pingtoo wrote: | | And as Neddy said if you update one year later, you learn Gentoo no other way. |
It just depends on the given year. I updated a system about that far out of date and it was mostly uneventful. I used monthly ::gentoo snapshots from a mirror. There were a few things that didn't update until some later point in the process due to lack of source file availability. My systems usually don't have a ton of stuff installed, so I'm sure that helped. But for that circumstance, I _very thankfully_ didn't learn anything new ;)
| pingtoo wrote: | | and possible save a little bit of world from Climate Changes. |
If all compiling stopped, I doubt the impact would be noticeable. Shutting down The Cloud* and the many needless things "webscale" might.
* Not to be confused with the internet.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
eschwartz
Developer
Joined: 29 Oct 2023
Posts: 238
|
| Posted: Wed Nov 27, 2024 3:55 am Post subject: |
|
|
| pingtoo wrote: | | pjp wrote: | | asturm wrote: | | You learn Gentoo by updating frequently, and seeking help - if you need it - along the way. And one way of knowing you've mastered it, is not having felt the need to reinstall from scratch for >10 years. |
This is a good point. |
Just for laugh. I would argue that if you update two/three month later you learn even more from Gentoo.
And as Neddy said if you update one year later, you learn Gentoo no other way.
|
You learn specific topics you cannot learn another way -- that isn't the same as learning greater quantities of knowledge. 
| pingtoo wrote: | | Another just for laugh, if I can update between 10 years that prove Gentoo is so good it can last 10 years without need for update. (plus your hardware is also very good.) Also you made a very good computer practice and possible save a little bit of world from Climate Changes. (less compiling, lesser energy used) |
Just to note, if you're concerned about the energy used in compiling -- Gentoo is, famously, a distro that is "whatever people want to make of it". Well, that includes being a binary distro. https://www.gentoo.org/news/2023/12/29/Gentoo-binary.html
You can sync most common packages as binaries, compiled either for x86-64 (baseline universal amd64) or for x86-64-v3 (Intel Haswell, AMD Excavator / Ryzen, basically, anything with avx2 support): https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels
And you can freely mix-and-match source and binary packages. Full support for USE flags (if the binhost doesn't support your USE flags, you transparently build from source instead). |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1290
Location: Richmond Hill, Canada
|
| Posted: Wed Nov 27, 2024 7:44 am Post subject: |
|
|
eschwartz, pjp,
Very good points. I thank you for your inputs.
Although I must say I was trying to make a joke (the post about learning Gentoo). my apology to any one whom find it is not funny. |
|
| Back to top |
|
|
asturm
Developer
Joined: 05 Apr 2007
Posts: 9307
|
| Posted: Wed Nov 27, 2024 10:32 am Post subject: |
|
|
| You're not in Gentoo Chat subforum. In general, please be more aware of where you are before posting; do not derail topics in support forums. |
|
| Back to top |
|
|
lars_the_bear
Guru
Joined: 05 Jun 2024
Posts: 535
|
| Posted: Wed Nov 27, 2024 11:01 am Post subject: |
|
|
| pjp wrote: |
I now update daily, which is somewhat annoying in itself. However, it is generally less complicated than my previous once per week (if I recall correctly).
|
I've only been using Gentoo for about six months, so perhaps that isn't long enough to have a good feel for how updating works.
However, my experience was that updating was always painful, whether I did it daily, weekly, or monthly. Maybe that's because of the software I use, or the way I've set things up, or perhaps just my general incompetence. Still, it always took time out of my day, that I feel I could spend better on other things.
Adding up the time I estimate spending on updates over a year, and comparing it with how long it would take to do a full re-installation, suggests to me that one year is a good update frequency. If it fails -- and that seems likely -- I'll reinstall. This means. I guess, that everything is, on average, about six months out of date. But that's how I used Fedora, Debian, etc., and it didn't seem to be a problem.
I understand the rationale for frequent updates but, for some people, I just don't see it being practical. If you can update every day, or every week, you probably should; but I don't feel guilty that I can't.
BR, Lars. |
|
| Back to top |
|
|
asturm
Developer
Joined: 05 Apr 2007
Posts: 9307
|
| Posted: Wed Nov 27, 2024 11:20 am Post subject: |
|
|
| You did that to yourself - I thought we had that settled in multiple of your previous threads. |
|
| Back to top |
|
|
lars_the_bear
Guru
Joined: 05 Jun 2024
Posts: 535
|
| Posted: Wed Nov 27, 2024 11:37 am Post subject: |
|
|
| asturm wrote: | | You did that to yourself - I thought we had that settled in multiple of your previous threads. |
Your low opinion of my competence is already well-documented. I see no reason to rehash the argument here.
BR, Lars. |
|
| Back to top |
|
|
asturm
Developer
Joined: 05 Apr 2007
Posts: 9307
|
| Posted: Wed Nov 27, 2024 11:49 am Post subject: |
|
|
I did criticise your unwillingness to pick up good advice while rehashing time and again those problems that advice would have solved. Just as you did right here, again.
Nothing else. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20496
|
| Posted: Wed Nov 27, 2024 9:11 pm Post subject: |
|
|
| pingtoo wrote: | | Although I must say I was trying to make a joke (the post about learning Gentoo). my apology to any one whom find it is not funny. |
I did notice where you mentioned that. In the interest of the original question, I thought it deserved a genuine reply.
| lars_the_bear wrote: | | pjp wrote: |
I now update daily, which is somewhat annoying in itself. However, it is generally less complicated than my previous once per week (if I recall correctly).
|
I've only been using Gentoo for about six months, so perhaps that isn't long enough to have a good feel for how updating works.
However, my experience was that updating was always painful, whether I did it daily, weekly, or monthly. Maybe that's because of the software I use, or the way I've set things up, or perhaps just my general incompetence. Still, it always took time out of my day, that I feel I could spend better on other things. |
Perhaps lack of experience with Gentoo, but I doubt general incompetence.
Regarding your experience, it certainly is affected by your chosen software and how you choose to manage it. And that should help clarify why it is nearly impossible to have a common expectation of what any given user should expect. Add to that each person's ability and willingness to do a certain amount of upkeep, and what is acceptable for one may not be for another.
If I recall, my "big" savings was more in frustration than time. With fewer updates, the list is shorter for me to evaluate whether or not I want to intervene. In the event that there are conflicts, those too may be fewer in number and therefor easier to navigate.
My alternative would be a binary distro, and those still require updates. Only I have less say in what happens. Some day I may give up and go that route, but the binary distro may be Windows.
| lars_the_bear wrote: | | I understand the rationale for frequent updates but, for some people, I just don't see it being practical. If you can update every day, or every week, you probably should; but I don't feel guilty that I can't. |
You shouldn't feel guilty. It's your environment to use and maintain. General recommendations always have exceptions where they don't quite work. Your chosen path among them. With the exception of the browser being exploited, there's probably very little risk. And that risk you're willing to take is between you, your ISP, and potentially any other organizations that have certain expectations.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
sam_
Developer
Joined: 14 Aug 2020
Posts: 1987
|
| Posted: Wed Nov 27, 2024 11:52 pm Post subject: |
|
|
| asturm wrote: | I did criticise your unwillingness to pick up good advice while rehashing time and again those problems that advice would have solved. Just as you did right here, again.
Nothing else. |
And indeed, it is up to Lars if he wishes to follow our advice, but I'd please ask him to not chime in when other people are asking about best practices (when he's elected not to follow them) with a distorted view. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
