• argv_minus_one@beehaw.org
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Only if your CPU is Intel.

      That Minix-based embedded operating system that Intel CPUs all have is a huge attack surface that can be attacked by anyone capable of sending network packets to the machine, it cannot be protected by the operating system’s firewall, the public cannot audit its code, and it doesn’t receive security updates if your motherboard is more than a few years old. Quite frankly, I find it terrifying and refuse to buy Intel because of it.

        • argv_minus_one@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          AMD’s equivalent does not have a network stack. There is no way to attack it unless the attacker already has ring 0 or there is a vulnerability in the driver for it, and you can protect yourself from the latter by disabling or not loading a driver for it.

      • DidacticDumbass@lemmy.one
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Aaaaaaah! Trying to be secure sucks. My main computer has an Intel CPU, and I truly don’t know what bios settings to use, but I suppose that is a moot point.

        It is like delinerating over legacy bios or UEFI. One is familiar and reliable but is actually emulated, and the other is modern with a lot of usability features. I finally stopped worrying and used UEFI because it seems more reliable when installing new linux distros.

        Same with SystemD. I had some understanding of why people were against it, but it always felt as much as a bias against the author than a genuine desire to keep the init system small and do one thing well, the unix way. I stopped being concerned when I learned Linus Torvalds does not give a damn about how linux distros are composed, I stopped worrying. A lot of great linux distros still use simple init systems, and are wonderful, but often I need to use software that is not in the package manager, and it always requires systemD.

        Perhaps I should be a lot more concerned and principled like I used to be, only using the safest FOSS options. Realistically that would require having significantly more programming skills and maintaining my own distro just to be happy. Also, those are not my principles, I did not come up with them, nor do I fully understand or agree with them.

        In the future I will avoid Intel.

        MX Linux pretty much has me covered, and the option to turn on SystemD makes it the best distro I have ever used. It does everything.

        One day I will sit down and finally learn how to use Gobo Linux.