Comments

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

This sort of thing happens dragnet. And mullvad users are definitely a group to be targeted. Dont assume OP isnt a refugee or journalist and give them bad advice that could get them killed

library_napper, 1 year ago (edited 1 year ago) to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

That’s why you download the key from multiple distinct domains from multiple distinct locations using multiple distinct devices and veryify their fingerprints match. If the key/fingerprint is only available on one domain, open a bug report with the maintainer.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

No, you’re confusing two vectors of attack. I’m saying that if you fan trust the vendor, then you’re still at risk from downloading malicious software that was manipulated between the vendor and you (man in the middle attack), unless you verified a signature using a key stores offline (note https is still vulnerable because the keys are stored online)

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

Https is vulnerable to loads of attack. That’s why we sign packages.

library_napper, 1 year ago (edited 1 year ago) to opensource in Could we add alternativeto.net to the sidebar?

Of course it matters.We dont want to support or contribute content to a service that could go down one day and all the data is lost because we can’t fork it.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

Homebrew is extremely insecure. It doesn’t verify package signatures, so its just as bad as the “just donloaf some sketchy untrusted binary off a website” approach

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

You might want to say why or you’ll get downvoted. Spoiler: its not safe and this is how you get malicious software on your computer

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

ChatGPT is garbage in garbage out. It’ll probably tell you to curl a file off the internet and pipe it to bash as root.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

More Performant, yes. More Secure? Not sure about that

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

They probably lowered it became mullvad is a security company and downlaoing .deb files from the Internet ia a vector for attack

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

Yes, there is. You’re risking downloading malicious software.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

Its more secure to go through a package manager. Checking signatures is important.

library_napper, 1 year ago to opensource in Could we add alternativeto.net to the sidebar?

checks alternativeto

library_napper, 1 year ago to news in A year after China ended its harsh COVID policies, it’s struggling to rebound

A year ago, China lifted draconian COVID restrictions that were an anvil around the neck of the economy and placed unprecedented controls on a society that, for the previous four decades, had grown accustomed to expanding personal freedoms, not shrinking them

Definitely not true for folks who use digital privacy tools

library_napper, 1 year ago to opensource in Looking for Notes App for Android & Linux

Zim