• 2 Posts
  • 25 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle
  • Fully agree. I started using OnlyOffice about 6 months ago but wouldn’t go back to LibreOffice at this point. I feel the interface is way more intuitive and helps with productivity.

    I’m a fan of the LibreOffice project too, but they need to invest some time in improving the interface. The Word 97 look isn’t cutting it for me anymore and even with “ribbon mode” enabled it’s vastly inferior to OnlyOffice’s UI.


  • Microsoft doesn’t own the standard. It’s actually an open standard maintained and contributed to by a whole host of technology companies. This is contrary to the old BIOS method which was originally proprietary to IBM.

    The fact they have such wide authority in signing is a product of how wide-reaching their market share it. They essentially mandate that OEMs include their signing keys in the signature database if their systems are to ship with Windows, thus making them a de facto authority on what gets signed. This was a point that made a lot of people in the FOSS community uncomfortable and still does to this day, although if one wants they can actually take full control of the Secure Boot process by replacing the Platform Key (PK) with their own. This gives ultimate control to the owner of the machine as they can then replace the Key Exchange Keys to allow them to replace Microsoft’s keys within the signature database (db). This completely removes reliance on any third party signatures and enables ditching the first-stage Shim bootloader from the boot flow entirely, since the owner could just sign whichever bootloader they wanted to use directly with their own key in the database. As it would require manually signing everything from the bootloader to the kernel and its modules though, including re-signing them after updates, this is definitely a much more involved way of doing things although arguably even more secure as the system would be entirely locked down to only binaries signed by its owner at that point.

    As to why they don’t sign GRUB, it’s about licensing. Since GRUB is GPLv3, there are provisions in the license that Microsoft interprets as potentially mandating them to disclose their private key to facilitate users installing modified versions of it. Ubuntu came to the same conclusion when contemplating how to deal with Secure Boot back in the day, where they wanted to provide an alternative to the Microsoft keys by having Canonical’s keys also shipped with firmware, although proliferation of their keys is a lot less widespread and in some peoples’ eyes not all that much different than just using VeriSign’s service for the Microsoft keys anyway.



  • TiffyBelle@feddit.ukOPtoLinux@lemmy.mlOverview: How UEFI Secure Boot Works in Linux
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Good question! There’s a few reasons, I guess:

    • There’s a large element of “because I can” to this, just to explore how stupid the scope of systemd is as a suite.
    • There’s a small practical element. GRUB itself is quite a hefty tool to accommodate all kinds of boot setups, and it works well. If you have a simple boot setup though you could probably shave a couple of seconds off of the boot time just by using the simplified sd-boot and loading the kernel via its EFIStub.
    • A learning exercise in self-signing EFI binaries, enrolling a MOK (if I use Shim), and setting up scripts to handle updates.

    All boils down to my enjoyment of doing weird nerdy things though, ultimately. =)





  • Supporting the Chromium monopoly is a valid point, but there’s also a reason why a lot of browser companies, even those who market their browser at more privacy-conscious individuals such as Vivaldi and Brave, choose to fork Chromium over Firefox/Gecko. A good portion of that reason is Chromium’s superior security architecture that is a lot more battle tested and mature; the rest of the reason often comes down to compatibility and mobile-readiness.

    A lot of people are wary of any browser engine attaining a monopoly since IE achieved this back in the day. It’s not exactly a like-for-like comparison though, since Chromium is actually open source and IE/Trident was not. For that reason, anything problematic can be stripped out by those who fork it which is exactly why we have browsers like Brave, Vivaldi, Ungoogled Chromium, and others who remove anything that feeds data to Google from their releases. The option also theoretically exists to hard fork the project entirely and take it in a different direction which was never a possibility in the IE days, although that would be a monumental effort.

    I get it if people want to support Firefox/Gecko for philosophical reasons. In an ideal world there would be several projects of equal maturity to the browser engines we have today. Realistically though, for all intents and purposes, the vast majority of the world is already using Chromium in some flavor or another and it’s a project that has a lot of the world’s best browser engine developers contributing to it. As a user, I care most about using a secure, privacy-respecting browser that I find innovative which caters to my needs through its features rather than fighting a philosophical battle that’s already been lost. Naturally if you find Firefox does cater to all your needs though, more power to you.


  • Brave and Vivaldi are very different companies. I don’t use Brave specifically because I’m not comfortable with the fact that, essentially, they’re an advertising company primarily looking to push their crypto.

    It’s true that using a Chromium base poses some additional privacy challenges. Due to its customizability, it’s certainly possible to harden Firefox to a better level than any Chromium-based browser currently; projects like Arkenfox certainly help with this, as well as the tweaks ported to the browser by the TOR Uplift project. With that said, stock Firefox as shipped by Mozilla isn’t exactly privacy friendly without going to lengths to harden the browser. Mozilla collect an absolute ton of telemetry by default, complete with a unique identifier attached to each download. FF also comes with pre-installed addons with questionable privacy policies like Pocket.

    I think concerns about fingerprinting are somewhat overstated, or at least over thought about. The reality is there’s an absolute ton of metrics that can be used to fingerprint a browser by advanced scripts and if a site wants to fingerprint you it will, and it doesn’t really matter if you’re using FF or Chromium. The only realistic way of avoiding this is by using browsers like TOR or Mullvad, which aim to all have the same fingerprint so you’ll be able to blend in with the crowd. Preventing naïve script fingerprinting is the best you can ever hope to do on any other daily driver browser, and addons like CanvasBlocker for Firefox or JShelter for Chromium are typically enough to prevent fingerprinting by opportunistic scripts.




  • Eh, I used to think this way until I actually tried GNOME for a bit. I’ve grown quite fond of its workflow. There’s definitely extensions that I feel I need for it to be fully usable from my perspective, but in some ways I see it as a positive to start out with a good foundation and then allow users to extend the functionality they feel they need onto that base. Not every user is going to want the same thing, so keeping the core minimalist makes sense.

    If I wanted something like Windows, I’d use KDE. If I really wanted a GNOME Windows-like experience similar to the old GNOME2 behavior I’d use something like MATE or Cinnamon. I guess my point is that there’s plenty of DEs out there that are essentially copies of the same workflow. I respect the desire to innovate in GNOME3.



  • I still use Slackware and it’s a great distro. I very much enjoy its batteries-included approach (a full install comes with pretty much everything pre-installed) and I enjoy its simplicity and ease of configuration and use. There’s a learning curve to get there, but once you understand how everything works it’s a distro that gets completely out of your way. The bonus is that if you understand Slackware, generally, your knowledge of GNU/Linux broadly will mean you’re never lost on any other distro either. Most of my frustrations with other distros actually stem from them patching something/doing something weird with config defaults, whereas Slackware ships stuff as it is from vendors with vendor defaults which I find a lot more palatable and predictable.

    Philosophically, I like how Slackware is independent and beholden to no corporate entity. Controversies that have hit other distros in the past as a result of that just aren’t a thing with Slackware.

    Slackware is a very rewarding distro to use even in 2023. It’s not for everyone, but I imagine there’s a fair amount of people like me who’ve probably been using it for ages and have had absolutely no reason to ever consider using anything else. Once you’ve got everything you want and configured stuff to your liking, it’ll just work forever fantastically.


  • The Lemmy experience has improved immeasurably since the pre-population-boom days, where I saw Kbin as a slightly more attractive option as the UI was more polished at the time. After Lemmy 0.18.2 hit and fixed the issues with the annoying auto-updating timelines, improved the sorting algorithms, and improved database performance I’ve used it exclusively.

    The Lemmy software seems to have more people working on the code and things are being addressed and improved rapidly. This extends to more 3rd party app support too. It feels like the better supported platform and that seems like it’ll be the case moving into the future as well.

    As a personal note I also don’t like some of the terminology used on the Kbin platform. “Magazine” is a confusing term that seems to have been chosen purely to be different. Sometimes it’s just best to stick to common terms to reduce the complexity and learning curve of a platform.