I don't agree with this anymore!!! Linux, presently, it's an easy OS. You don't have to get to the CLI if you don't want to. If you're "just" a simple user you can just live in the GUI like in windows and get on with it!!!
With MacOS you sometimes need to pick between Intel or Apple Silicon.
For Linux you invariably have to navigate list of Deb or RPM, perhaps TarGz files, maybe a torrent or two.
Sticking with apt can lead to a list of issues of ensuring you have the right dependencies.
Let’s start before that : With Windows the OS usually comes pre installed, with Macs, always.
Linux - with one to pick? Ubuntu, PopOS, Elementary?
Oh, so you picked Ubuntu - congratulations - now which DE? Or should you pick a derivative such as Mint first?
I’m a huge fan of Linux servers - I think they’re so easy to work with on a server level even with many of the same issues I described above and I’m actively ripping out every Windows server in our environment and replacing it with Linux.
But I still, after all these years, can’t seem to pick a Desktop Linux platform that I feel comfortable with. And this after 40 years in the industry.
I was about to ask for the same thing. All best practices within the security domain point towards multiple layers of security, simply to have some fallback if one mechanism is compromised.
i don't have any example over this part. Maybe the OP has...
Still, a layered approach is great "on paper" (and probably the best actual solution we have atm), but it is only great in practice if it's well coded and the op is right that in lots of cases there are numerous flaws.
yes, you have failsafes on the layer bellow, but then again... it's just another "challenge" to find the flaw...
If we have a simple and effective code (à lá unix: do one thing, do it well), that has the possibility of becoming more effective that "flawed layers".
yeah... we can have multiple - simple - layers... but again... that will also raise the possibility of unforeseen flaws...
all in all: it's always a double-edged sword...
you're right and the op is right XP
(unless the layered approach is actually really really well coded!!! That's the ideal... but not many can do it!!! - i surely can't ahahah)
This is actually completely contrary to documented best practices. Best practices involve a lot of layers and processes. Defense-in-depth is best practice.
My experience is that only helps if each layer is carefully designed and analyzed at a level impractical for most real-world systems.
In most cases, unless you're designing Unix from the ground up, the better approach is KISS.
Let's not talk about privacy (because there is no point in talking about it: Firefox is eons more private than Chrome - or any of it's based browsers - can ever be)
About security: Chrome has a biggest workforce, yes. but let's think about this a bit...
First, let's not forget that chrome is also a bigger target.
let's imagine this:
Consider that 90% of the users worldwide use chromium-based browsers, and you are an hacker who wants to steal peoples data or access their computers.
Would you bother targeting 10% of the users. Or would you just go after those 90%???
now add another detail into that thinking:
people who use Firefox are mostly techies, people who know about computers, gnu/linux users, developers, more security-conscientious users, people who actually know and care about the tech that goes bellow, people that knows what's happening in the IT world, and people that simple don't go with the flock without studding it's path first... now... would you really bother targeting those when you have 90% of people - where probably 85% don't know anything about computers or just don't give a #$%& about it???
Would you go easy bait, or would you try to outsmart those who might be at the same level you are???
This is exactly it. I used Linux on PowerPC for the same reason: Literally nobody was targeting it, especially compared to Windows on x86. Even now, why would anyone waste their time targeting desktop Linux on x86. Basically unheard of, because it's pointless (Except in targeted attacks.)
Thing is, targeting Linux on x86 will target high value users. Either servers, developers, sysadmins and the like. Yes you will hit less people, but the value of each hit is magnitude higher. It’s the same reasons apps first target iOS rather than android: apple users have an easier wallet.
I covered that in my post. Those users are targeted specifically. There have been news stories about it recently. People don't develop general malware for x86 Linux that also happens to catch those users though. That was the point. If someone with resources is targeting you, you don't stand a chance regardless of what you do.
Servers: mostly are not on x86.
Also they are a lot more difficult to exploit due to the security nature of linux (yes, they go down very often and nothing is unhackable)
developers, sysadmins:
tend to have the hardest configs and thus making it a lot more difficult to hack.
So, afaik, most of the hacks on this areas are more due to human flaws than the systems per se.
Now, i do agree that for a group of hackers with profound knowledge and that is trying to hit really big, servers are more attractive.
devs and sysadms alone/personally not that much! ... unless ... they are targeting the servers managed by those devs and sysadms and in this case, targeting the devs and sysadms personally make more sense - which tend to be one of the best/easiest ways to hack the servers - again, exploiting human flaw instead of system flaw)
naturally, this is my personal view! I may be wrong here!
What architecture do you think servers use? Some graphs I found with a quick google ( https://www.itcandor.com/server-q219/ ) suggest >85% market share of x86, what else would they use? ARM is still not very widely used in servers, I think.
Let's agree that we disagree. I'll just say that I work for a cloud provider and non-x86 servers are anecdotal :) but their media presence is not, as it's the new hot thing and that's free advertising.
> developers, sysadmins: tend to have the hardest configs and thus making it a lot more difficult to hack.
yet those people have a cognitive bias of "i'm too smart to fall". and those people will have some practices that are so detrimental to security it's laughable. how many developers will shutdown their laptop every day after work? compare this to the common practice of "just go to sleep" which will prevent browser updates, system updates, kernel updates, you name it. take a firefox that is months old with an unpatched ubuntu and you get the idea ground for a browser escape combined with an lpe. and even without lpe you'll grab many many credentials.
imho those still are harder to trick, but not because the config is hardened, but because there is a config at all. for example a phishing that imitates a floating browser window with a fake login page would not work on me. not because i'm smart, not because my config is hardened or whatnot, but because good luck to the scam for finding the specific window decorations I have on my linux system. oh, and the fact that I use a tiling wm and thus floating windows don't exist. it's a side effect of nerds being nerds.
> So, afaik, most of the hacks on this areas are more due to human flaws than the systems per se.
This is not incompatible. "normies" will get tricked in downloading invoice.pdf.exe, but that's windows only. The payout for invoice.pdf.sh or whatever may be very high, but you need your rat or stealer or whatever to know linux.
> unless ... they are targeting the servers managed by those devs and sysadms
That was the precise reason I talked about devs and sysadmins. Infrastructure credentials, aws keys, you name it.
And as a dev/sysadmin, you don't need targeted attacks to get pwned. A malicious package on npm/gems/cargo is all it takes. It's a spray and pray strategy, but if you catch even a handful of people this way it might be the jackpot.
I find this to be a bit of a weak argument. What you make makes sense, but of for some reason a glaring security hole is noticed, people are going to take advantage of it.
naturally! There are always exceptions and there will always be people that will bother targeting those 10%.
Even more: if they could create something that targets both platforms that will be even better...
The question will always be of Work Vs Gain. Will your work result in gain. Does it justify targeting those 10%? (if it's an "easy thing to do" then we'll all get targeted)
Going off the top comment’s simplicity is security paradigm, it’s hard to pitch Brave as a secure browser given its non-core complexity. (This would be as true if it were running a protein-folding simulation in the background as it is with its crypto bits.)
My understanding of safe browsing is that a local database is maintained and lookups happen against that. Eg: no information about the sites you're visiting is leaked.
Is this not the case / am I misunderstanding something?
Your understanding is not (entirely) up to date. At some point they switched to downloading only a list of (partial) hashes. If an URL matches a partial hash then the browser asks Google for a lists of URLs for that hash. This does can let google get some information about what websites you visit. And those requests as well as the updates of the initial hash lists still ping Google with all the tracking posibilities that entails.
> Let's not talk about privacy (because there is no point in talking about it: Firefox is eons more private than Chrome - or any of it's based browsers - can ever be)
Firefox with its default settings is both less private and less secure than Brave. On iOS, Firefox has refused for years to implement an adblocker.
It’s best to say nothing if you don’t know what you’re talking about.
Mozilla deserves some of the blame for misleading users into thinking that Firefox is available on iOS when all they really provide is a Safari reskin.
The average user doesn't care about the underlying browser engine. Why should Mozilla add that to their advertising when no other browser maker on iOS is?
The two most popular browsers on iOS do not support ad blocking, unless there's something I'm not aware of. I've never seen an ad blocker in iOS Safari or Chrome. Firefox on iOS has tracking protection which can block some ads if you believe the description of the setting.
Not really. That's all Apple. Mozilla wants to try and provide the UI and experience and are doing so as best they can to satisfy their users requesting it.
Yes. Like, you are a laughably wrong. I can literally see the Brave “shield” icon staring right back at me right there in the bottom right of the screen.
I guess you must be in the EU and on iOS 17.4 or later. I forgot the Apple were forced to allow other browser engines to be installed in the EU recently.
But aside from that recent exception, no one ever had anything except Safari on iOS, even if they thought otherwise.
You haven't been blocking them, because iOS with Safari didn't allow that.
Hiding, and blocking, are not the same thing. The former is far less secure than the latter.
As for blocking ads on iOS with Brave, well, it really doesn't work that well[0]. Why? Because iOS doesn't let you block ads, unless you are in the EU and on 17.4 or later.
You should exit the RDF and really do at least a bare minimum of research.
Just because Brave calls it blocking, doesn't mean it is blocking.
Again, just do some god-damn research. Really, the bare minimum. It isn't news to anyone educated on this stuff that Apple has never* allowed proper ad blocking until recently in the EU.
But, believe whatever you want. I get being too scared to leave that ever so comfy RDF you found yourself in.
yeap... i really don't know what i'm talking about, how would I...
I also don't like to go with the flock...
and... how cares about the defaults? You have the options you should care to configure things for yourself. if you don't know how you should search and instruct yourself to do it.
About iOS... Have you even considered that Apple has forced their rendering engine ( https://gprivate.com/6btxx ) and that alone makes it impossible to have an adblocker - yeah... apple is THAT great!!! (in fact, their products are the best of the best. You should keep using them...)
but then again... i don't know what i'm talking about, do I!!!
(also... you should learn how to be polite to others!!!)
I want this in my regular browser (you ear me Mozilla && Servo devs?!)
reply