Stellar Data Recovery Professional for Windows LifeTime License Key
Stellar Data Recovery Standard yra naudojamas, kad atkurti prarastus arba ištrintus failus iš operacinės sistemos, kietojo disko, USB įrenginio arba atminties kortelės.
Pagrindinės „Stellar Data Recovery Professional“ funkcijos:
Jei vartotojai praranda duomenis dėl sugadinto arba suformatuoto disko, jie gali juos atkurti naudodami Deep Scan (Išsamus paieška) funkciją. Quick Scan (Greitoji paieška) padeda atkurti duomenis dažniausiai pasitaikančiomis situacijomis.
Su šia programa galima nuskenuoti visą kietąjį diską arba konkrečią aplanką, kad būtų atkuriama ištrinta dokumentai, nuotraukos, vaizdo įrašai ir kt.
Vartotojai gali peržiūrėti failus prieš atkurdami. Taip jie tiksliai gali pasirinkti tuos duomenis, kuriuos nori atgauti.
Ši programa gali atkurti duomenis iš visų saugojimo įrenginių – tai apima USB stick, kietus diskus, atminties korteles, mini diskus, flash korteles, SD korteles ir Compact Flash korteles.
Taip pat suteikiama Save Scan & Resume Recovery (Išsaugoti skenavimą ir Tęsti atstatymą) funkcija. Ji padeda vartotojams sutaupyti laiko ir pastangų, nes nereikia kartoti disko skenavimo proceso.
Security Focused Daily Driving Distros?
I have been tossing around the idea of a little distro hopping. I'm an avid mint fan. It was my first jump from windows. I became quite familiar with mint but felt the want to branch out and went down the rabbit hole (oh my lanta). I like stability and cleanliness. Security by default. Least mental load possible long-term.
I'm currently testing out NIXos. Next will be VanillaOS, 3rd will be Fedora Silverblue. Anyone have good recommendations? Easy backups, stability, security first posture, least maintenance and memory load. I hate getting scattered in symlinks, scripts, and filesystem placing.
I've tried going full custom Linux mint. But app armour and Firejail constantly conflict or require manual updating and tweaking to keep up to date with app installs, or general life cycle updates.
The most intriguing aspect if NIXos was that basically the entire configurable system was confined to two files. Infinitely reproducable. I tend to swap laptops or hardware relatively often being on the go or getting good tech deals. Having your entire system in two files essentially is awesome.
What are some pros and cons of different distros? What do you daily drive as a power user? Give me your thoughts and recommendations! Thanks.
like this
Attacks on Iran Show How US Support for Israel Fuels Regional Instability
Attacks on Iran Show How US Support for Israel Fuels Regional Instability | Truthout
There’s no question that Washington’s longstanding military and economic support made Israel’s illegal war possible.Anton Woronczuk (Truthout)
reshared this
La labirintica magione che sarebbe diventata il simbolo dell’opulenza statunitense
La labirintica magione che sarebbe diventata il simbolo dell'opulenza statunitense - Il blog di Jacopo Ranieri
Una parte significativa del successo economico per la confederazione di stati all’altro lato dell’Atlantico ha radici chiaramente definite da un punto di vista cronologico e organizzativo.Jacopo (Il blog di Jacopo Ranieri)
75% of US scientists who answered Nature poll consider leaving
75% of US scientists who answered Nature poll consider leaving
More than 1,600 readers answered our poll; many said they were looking for jobs in Europe and Canada.Witze, Alexandra
Waymo robotaxi stopped illegally, passenger opened door and severely injured cyclist, lawsuit claims
A woman severely hurt in a bicycle crash with a Waymo robotaxi is suing the company, claiming one of its vehicles pulled over in a no-stopping zone next to a bike lane, and a passenger opened a door into her path — despite the car’s “Safe Exit” system touted by the Mountain View company as protection for passing cyclists.Waymo in online marketing materials says its robotaxi Safe Exit sensor and warning systems provide departing passengers with “explicit audio and visual alerts that inform them when a cyclist or other road user is approaching as they exit the car.” The company cites San Francisco’s transit agency in noting that collisions between cyclists and vehicle doors — incidents known as “doorings” — are the city’s second most common collisions causing death or injury.
The passengers from the robotaxi whose door hit Hanke said at the scene that no alert had been given before one of them opened the door into the bike lane, Hanke said. The lawsuit alleged “a malfunction, failure to engage, or design flaw” in the alert system.
Waymo robotaxi stopped illegally, passenger opened door and severely injured cyclist, lawsuit claims
The lawsuit is proceeding through the court as Waymo is expanding service in the Bay Area.Ethan Baron (Silicon Valley)
News Brief: Natural Disaster-izing the Deliberate US-Israeli Starvation Campaign in Gaza (Podcast 29mins)
In this News Brief, we are joined by Ashley Bohrer and Ben Teller of Jewish Voice for Peace Chicago to discuss media indifference to the US and Israel-imposed starvation of Palestinians, how sectarianism is central to the ADL's strategy, and why six JVP activists have decided to hunger strike to draw more attention to the Israeli and US-made famine in Gaza.
Citations Needed: News Brief: Natural Disaster-izing the Deliberate US-Israeli Starvation Campaign in Gaza
In this News Brief, we are joined by Ashley Bohrer and Ben Teller of Jewish Voice for Peace Chicago to discuss media indifference to the US and Israel-imposed starvation of Palestinians, how sectarianism is central to the ADL's strategy, and why six …sites.libsyn.com
Top scientists will leave US in waves this summer: experts
US brain drain set to gather pace as academics seek posts outside Trump’s America
Increasing numbers of scientists are eyeing opportunities in Australia, Canada, China and Europe amid threatened cuts to funding.Ling Xin (South China Morning Post)
adhocfungus likes this.
I read somewhere a long time ago, that eventually the economy will cater to the ultra rich and the lower income class, will still get products, but much lower end stuff or stuff made from the leftovers from the ultra rich.
One example that was given was a game with pay to win mechanics. Most people can play the game and grind away, but the real experience of the game can only be played by people who spend $500 on extra stuff.
☆ Yσɠƚԋσʂ ☆ likes this.
Citigroup’s Plutonomy Memo: “There are rich consumers, and there are the rest”
In October 16, 2005, Citigroup came out with a brochure for investors called “Plutonomy: Buying Luxury, Explaining Global Imbalances” urging investors to put money into a “Plutonomy Baske…Elpidio Valdes
Federal agents denied entry to Dodger Stadium parking lot, sparking new outrage over Trump sweeps
cross-posted from: lemmy.ml/post/31968358
from Los Angeles Times
Terry Castleman, Jack Harris
Thu, June 19, 2025 at 2:07 PM EDT"In photos posted on social media Thursday, a procession of vehicles appeared to attempt to enter #DodgerStadium through the ballpark’s main Sunset Gate off Vin Scully Avenue around 8 a.m. However, they were prevented from passing through a security checkpoint leading to the parking lot.
The caravan then relocated to the stadium’s Downtown Gate near the 110 Freeway. Dozens of vehicles gathered outside a closed parking lot fence, according to witnesses, before many began dispersing.
Later in the morning, several dozen protesters gathered near what remained of the agents, who stood around three unmarked SUVs closer to the stadium’s entry gates but still outside the stadium parking lot."
Federal agents denied entry to Dodger Stadium parking lot, sparking new outrage over Trump sweeps
from Los Angeles Times
Terry Castleman, Jack Harris
Thu, June 19, 2025 at 2:07 PM EDT"In photos posted on social media Thursday, a procession of vehicles appeared to attempt to enter #DodgerStadium through the ballpark’s main Sunset Gate off Vin Scully Avenue around 8 a.m. However, they were prevented from passing through a security checkpoint leading to the parking lot.
The caravan then relocated to the stadium’s Downtown Gate near the 110 Freeway. Dozens of vehicles gathered outside a closed parking lot fence, according to witnesses, before many began dispersing.
Later in the morning, several dozen protesters gathered near what remained of the agents, who stood around three unmarked SUVs closer to the stadium’s entry gates but still outside the stadium parking lot."
adhocfungus likes this.
Federal agents denied entry to Dodger Stadium parking lot, sparking new outrage over Trump sweeps
from Los Angeles Times
Terry Castleman, Jack Harris
Thu, June 19, 2025 at 2:07 PM EDT
"In photos posted on social media Thursday, a procession of vehicles appeared to attempt to enter #DodgerStadium through the ballpark’s main Sunset Gate off Vin Scully Avenue around 8 a.m. However, they were prevented from passing through a security checkpoint leading to the parking lot.
The caravan then relocated to the stadium’s Downtown Gate near the 110 Freeway. Dozens of vehicles gathered outside a closed parking lot fence, according to witnesses, before many began dispersing.
Later in the morning, several dozen protesters gathered near what remained of the agents, who stood around three unmarked SUVs closer to the stadium’s entry gates but still outside the stadium parking lot."
like this
They are identical twins.
And the babies don’t look identical because that’s not how it works. Otherwise you would be identical to all your siblings.
Dark web’s longest-standing drug market seized in multinational effort
Dark web’s longest-standing drug market seized in multinational effort
The longest-standing dark web drug market was taken down by European authorities last week, with the aid of the United StatesMikael Thalen (Straight Arrow News)
NTSB Issues Rare But Urgent Warning Of Potential Boeing 737 MAX Engine Problems
Issues with the Boeing 737 MAX continue to mount, as the NSTB recommends modifications to its LEAP-1B engines.
Air India Reportedly Flew 3 Airbus Aircraft Despite Overdue Mandatory Safety Checks
This latest revelation raises concerns regarding broader safety control failures at the airline.
US | “It Hurts My Heart”: Protesters Rally Against Avelo Airlines’ Deportation Operation
Americans speak out against deportation flights in Florida.
Major oil companies face first 'climate death' lawsuit
A US complaint against oil and gas giants including BP and Shell claims they fueled the extreme heat that killed a woman in Seattle. Can the first death by 'climate disaster' claim succeed?
Case file: climateintegrity.org/uploads/m…
Scammers Use Google Ads To Inject Phony Help Lines On Apple, Microsoft Sites
Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies. The ruse, outlined in a post on Wednesday from security firm Malwarebytes, threatens to trick users into calling the malicious numbers even when they think they're taking measures to prevent falling for such scams. One of the more common pieces of security advice is to carefully scrutinize the address bar of a browser to ensure it's pointing to an organization's official website. The ongoing scam is able to bypass such checks.
Scammers Use Google Ads To Inject Phony Help Lines On Apple, Microsoft Sites - Slashdot
An anonymous reader quotes a report from Ars Technica: Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies.tech.slashdot.org
India illegally deporting Muslim citizens at gunpoint to Bangladesh, say rights groups
There are fears the crackdown against ‘outsiders’ is driving widespread persecution as expelled Indians are returned by Bangladesh border guards
Archived version: archive.is/20250620005837/theg…
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
adhocfungus likes this.
US | Trump Reportedly Greenlights Plan for US Attack on Iran Without Congressional Approval
"Right now, the most effective thing you can do is flood Congress with calls to show that the American people don't want to go to war with Iran," said the advocacy group Demand Progress.
Archived version: archive.is/20250619142251/comm…
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Trump Reportedly Greenlights Plan for US Attack on Iran Without Congressional Approval
"Right now, the most effective thing you can do is flood Congress with calls to show that the American people don't want to go to war with Iran," said the advocacy group Demand Progress.jake-johnson (Common Dreams)
adhocfungus likes this.
I'm not defending TACOman here, but bombing the middle east is like a normal afternoon for basically any US president since at least Bush the First
Edit. Shit. I agree with you. And it looks like I'm arguing probably. I hate that I am so cynical, but then I just... I mean... look at everything that keeps happening, you know?
After Obliterating Gaza's Healthcare System, Israeli Leaders Call Iran Hospital Attack a 'War Crime'
"Do you really think we haven't been watching the last 20 months in Gaza?" one critic asked Israeli officials.
Archived version: archive.is/newest/commondreams…
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
After Obliterating Gaza's Healthcare System, Israeli Leaders Call Iran Hospital Attack a 'War Crime'
"Do you really think we haven't been watching the last 20 months in Gaza?" one critic asked Israeli officials.jake-johnson (Common Dreams)
adhocfungus likes this.
'Netanyahu Was Wrong in 2002. He Is Wrong Now': Sanders Warns Against Following Israeli PM Into War
"We must not get involved in Netanyahu's war against Iran," said Sen. Bernie Sanders.
'Netanyahu Was Wrong in 2002. He Is Wrong Now': Sanders Warns Against Following Israeli PM Into War
"We must not get involved in Netanyahu's war against Iran," said Sen. Bernie Sanders.jake-johnson (Common Dreams)
adhocfungus likes this.
Google is Using YouTube Videos To Train Its AI Video Generator
Google is using its expansive library of YouTube videos to train its AI models, including Gemini and the Veo 3 video and audio generator, CNBC reported Thursday.
adhocfungus likes this.
Fury Grows Over Democratic Complacency in Face of Looming War of Choice in Iran
"It's embarrassing that some problematic far-right figures are speaking out more forcefully against direct military action than the so-called leaders of the opposition," said the executive director of Our Revolution.
Fury Grows Over Democratic Complacency in Face of Looming War of Choice in Iran
"It's embarrassing that some problematic far-right figures are speaking out more forcefully against direct military action than the so-called leaders of the opposition," said the executive director of Our Revolution.brett-wilkins (Common Dreams)
adhocfungus likes this.
'Incomprehensible': Trump Admin To Shut Down LGBTQ+ Suicide Hotline
"This is devastating, to say the least," said one critic of the White House decision to dismantle a program that has served nearly 1.3 million young people in recent years. "Suicide prevention is about people, not politics."
adhocfungus likes this.
Tax-Dodging Billionaires Promise to Leave NYC If Mamdani Wins
NYC billionaires threaten to leave if progressive candidate Zohran Mamdani wins mayoral primary. But is their fear of losing wealth justified, or just a desperate attempt to maintain power and privilege?
Tax-Dodging Billionaires Promise to Leave NYC If Mamdani Wins
Rich New Yorkers' threats to flee the city to avoid paying higher taxes served only as a "description of the status quo" that Mamdani hopes to change, said one observer.julia-conley (Common Dreams)
adhocfungus likes this.
Good fucking riddance.
P.S. Their business would still have to pay taxes in NY if they want to operate there.
The 16-billion-record data breach that no one’s ever heard of
Researchers discovered 16 billion exposed login credentials from infostealer malware, creating unprecedented risks for account takeovers.
https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/
NY Court Ruling Will Force Retired Workers Into Privatized, For-Profit Medicare Advantage Plans
"Nobody will ever want to work for New York City again. Zero trust. Medicare Advantage is a bait and switch scam & betrayal. Enough!" wrote one New York City councilmember.
NY Court Ruling Will Force Retired Workers Into Privatized, For-Profit Medicare Advantage Plans
"Nobody will ever want to work for New York City again. Zero trust. Medicare Advantage is a bait and switch scam & betrayal. Enough!" wrote one New York City councilmember.eloise-goldsmith (Common Dreams)
adhocfungus likes this.
UNICEF: Over 5,000 Gaza Children Treated for Malnutrition in May Alone
"Every one of these cases is preventable," said one UNICEF official. "The food, water, and nutrition treatments they desperately need are being blocked from reaching them."
Archived version: archive.is/newest/commondreams…
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
MIT chemical engineers make potentially game-changing breakthrough with crude oil: 'Creates a new way to apply it'
A team of chemical engineers at MIT has invented a new process to separate crude oil's components.
Has anyone used Preveil? How is it? Is there any other services similar to it?
Recently, I came across Preveil, which is a service that can provide end-to-end encryption to either your Outlook, Gmail, or Apple Mail email accounts. It’s free, but if you want more storage, obviously, you will need to pay.
It looks very interesting as this could get others to use end-to-end encryption for the emails without having to move to another provider. However, I haven’t really seen any reviews (besides this one from PC Mag) or others expressing their experience with Preveil, so I am unsure if it’s a good service to use or recommend.
Has anyone used it or is familiar with Preveil? Does anyone know if there are similar services to Preveil, preferably those that are open source?
Encrypted Email and File Sharing for CMMC Compliance | PreVeil
The leading CMMC, NIST, and ITAR compliance solution for SMEs. End-to-end encrypted email and file sharing.PreVeil
like this
ICE Imposes New Rules on Congressional Visits
The policy says that ICE field offices are not subject to a federal law that allows members of Congress to make unannounced oversight visits to immigration facilities that “detain or otherwise house aliens.”
In short, ICE policy is to illegally use the threat of shooting to keep elected Democrats from being able to make inspections they're legally allowed to make
adhocfungus likes this.
Democrats want new leaders, focus on pocketbook issues, Reuters/Ipsos poll finds
Democrats want new leaders, focus on pocketbook issues, Reuters/Ipsos poll finds
Kamala Harris’ November loss to Donald Trump has left the party rudderless and sparked a round of soul-searching about the path forward.James Oliphant and Jason Lange, USA TODAY (USA TODAY)
adhocfungus likes this.
𞋴𝛂𝛋𝛆
in reply to OhVenus_Baby • • •OhVenus_Baby
in reply to 𞋴𝛂𝛋𝛆 • • •𞋴𝛂𝛋𝛆
in reply to OhVenus_Baby • • •They all have a purpose. The key is knowing and understanding their primary purposes. Fedora is like the beta of Red Hat. Red Hat is the old paid pro server version. The main sell of RHEL is the zero down time kernel updates, and lots of custom tools. Fedora is the distro to get the Linux Bible (book) and learn SysAdmin for an IT path.
Debian is where hardware support is built and has tons of custom tools to bootstrap new or undocumented hardware.
Ubuntu is built on Debian, but is primarily a smaller scale server option like RHEL. Their main objective is LTS kernels. LTS is usually poorly understood by many users. It means most packages included in the distro are outdated and frozen in time. There are updating exceptions for packages that never break backwards compatibility. The whole point here is that I can write a script in bash, Python or whatever high level language, and build a custom server that can be online and left unattended while getting security updates to remain online while the LTS remains supported.
Gentoo can build everything from source and can reconfigure or modify anything. It is like Arch Linux with tutorial information documented fully and a responsible package manager that does not do regular rsync hardening pop quizzes on the only distro you'll ever actually boot from backups regularly (Arch).
Nix is for deprecated dependency hell.
Kali or Parrot are for getting your own FBI agent.
Deepin is Chinese, but Tails is for Chinese abroad.
OpenWRT is for embedded Linux, mostly routers, but anything really.
Linux From Scratch is for base chad god bod and Hannah Montana Linux is for memes.
kylian0087
in reply to 𞋴𝛂𝛋𝛆 • • •Debian is so old it doesn't work on very modern hardware.... So what your talking about?
Also Ubuntu is not a "server" option. They do have a server option yes. It is the most used desktop or at least was.
Also I used arch for ca 2 years not once needed to use a backup. Even though I abused the hell out of it.
𞋴𝛂𝛋𝛆
in reply to kylian0087 • • •Are you insane? Debian is a base distro like any other and runs more hardware than any other. It has all of the bootstrapping tools to get hardware working.
Canonical is a server company and Ubuntu server is literally the product.
Arch is absolute garbage for most users unless you have a CS degree or you have entirely too much time on your hands and don't mind an OS as your life project. Arch abhors tutorial content in all documentation and therefore dumps users into a rabbit hole regularly. Pacman is the worst package manager as it will actively break a system and present the user with the dumbest of choices at random because the maintainers are ultimately sadistic and lackadaisical. Arch is nearly identical to Gentoo with Arch binaries often based on Gentoo builds, yet Gentoo provides relevant instruction and documentation with any changes that require user intervention and does so at a responsible and ethical level that shows kindness, respect, and consideration completely absent from Arch. Arch is a troll by trolls for trolls. I'm more than capable of running it now, but I would never bother with such inconsiderate behavior.
Geodad
in reply to kylian0087 • • •Why is it running on my new MSI Katana?
kylian0087
in reply to Geodad • • •Its that simple.... Things might work on a basic level sure. Drivers baked in to the kernel and when you use a damn old version of it you get old drivers and old hardware support.
Geodad
in reply to kylian0087 • • •Everything works. Even the Nvidia drivers work.
I play Final Fantasy XIV on this laptop with no problems.
kylian0087
in reply to OhVenus_Baby • • •Most major distros are fairly secure by default without things breaking (arch is a exception there, As you got to set that up your self).
If you want to go extreme their is Qubes OS. But you can not swap that across systems like you might want do.
OhVenus_Baby
in reply to kylian0087 • • •Qubes is good. Not super daily driver friendly. Lots of tweaks needed. I use a laptop like a phone replacement. Banking, apps, messaging, all sorts of usual phone tasks. Also Qubes is too resource heavy on a laptop, it drains the batteries in a couple hours on basic usage. Takes 16 gigs if RAM to run and 32gb to breathe really. Plus 30 ish percent CPU idle roughly on a 12th gen Intel i7.
It's too heavy to daily, perfect for desktop, just not laptop all day material.
HayadSont
in reply to OhVenus_Baby • • •Excellent breakdown of your desires! FWIW, I definitely resonate with these as well.
One simply can't ignore the fact that these are so-called atomic distros. Which makes a ton of sense considering what you set out for. FWIW, my personal takes on the individual projects are as follows:
- NixOS is pretty excellent. If the epitome of cleanliness is reached with becoming stateless, then there's simply no other viable alternative.
- For VanillaOS, I feel it has yet to fully realize its promise. Or, at least, hasn't fulfilled whatever's required to break into the (relative) 'mainstream' for one reason or another.
- Fedora Silverblue has been my daily-driver in some shape or form over the last three years 😅. As such, I'm clearly biased. However, I'd reckon secureblue, i.e. a derivative that goes all-in on security, is actually more interesting for you.
Honestly, with Fedora Atomic and Nixos, you're already considering the very best at the job. Though, for completeness' sake, consider looking into openSUSE Aeon as well. While I'd argue the other two are currently more interesting, I wouldn't want to dismiss it altogether.
Beyond these, we find some other distros that miss something crucial for them to be considered a legit candidate/alternative:
- Guix System can put up a decent fight against NixOS and may even sway you over if you're into lisp. Unfortunately, though, it has yet to receive what flakes brought to the table for NixOS. Don't get me wrong; Guix' implementation of channels is vastly superior over Nix' and therefore Guix System doesn't gain as much from its (to be) flake counterpart. However, with flakes, NixOS becomes pretty smooth sailing. Like, you can just trust it to work reliably. With Guix, however, it can get ugly sometimes. Which can even lead the biggest Guix proponents back to NixOS...
- Kicksecure is another hardened-by-default distro worth mentioning. Sadly, unlike secureblue, it does nothing with atomicity.
This is too broad of a question 😅. If possible, narrow it down to some face-offs you're particularly interested in. After which I will try to help out if I can. Btw, I 'found' this comment that attempts to assign tiers to distros in terms of how they fare security-wise.
Without going over what a power user is and/or if I would even qualify as such, I've been daily-driving secureblue for over a year now.
At this point, I think both NixOS and secureblue pose as the most interesting candidates for ya. The former peaks in cleanliness, while the latter peaks in security.
secureblue: Hardened Fedora Atomic and Fedora CoreOS images
secureblueKory
in reply to OhVenus_Baby • • •secureblue: Hardened Fedora Atomic and Fedora CoreOS images
secureblueOhVenus_Baby
in reply to Kory • • •I2jgwh0hYtxrCZQ
in reply to OhVenus_Baby • • •There is Parrot OS Home edition which is marketed as privacy and security friendly.
parrotsec.org/
Parrot Security
www.parrotsec.orgnon_burglar
in reply to I2jgwh0hYtxrCZQ • • •lilith267
in reply to non_burglar • • •"Home Edition: Designed for daily use" - from their website
Something tells me it might be practial for daily use
swelter_spark
in reply to I2jgwh0hYtxrCZQ • • •IHave69XiBucks
in reply to OhVenus_Baby • • •Honestly id argue Debian stable is the most secure as long as the apps your using are getting security hotfixes backported. Since you get all the security fixes and none of the new features that tend to be where new security holes pop up. Combine that with good opsec in general, and your basically good to go.
One thing tho. Some people use them interchangably but is your focus security or privacy? Security being harder for bad actors to exploit something on your system, and privacy being strict control over your data.
OhVenus_Baby
in reply to IHave69XiBucks • • •Leny
in reply to OhVenus_Baby • • •qubes-os.org/
mio
in reply to Leny • • •Drunk & Root
in reply to OhVenus_Baby • • •OhVenus_Baby
in reply to Drunk & Root • • •Drunk & Root
in reply to OhVenus_Baby • • •monovergent
in reply to OhVenus_Baby • • •As others have suggested, QubesOS is a good one to have on your list. I'd probably use if it weren't for its crippling effects on battery life.
Immutable distros are much friendlier to laptops and, as I understand, update in a way not unlike an Android device would. But I insist on some system-level customizations and I haven't been motivated to learn how such customizations can be made to survive updates and the like.
I've also been eyeing NixOS, but with everything up and running on Debian smoothly for a few years, I haven't found the excuse to switch yet. Along with customizing it to be a comfortable daily driver, I've also been trying to see how secure I can make my system as a fun exercise. While it's not immutable, Debian is a good base considering the team behind it and how much is riding on its security, including internet-facing servers.
What I've done to harden Debian, if anyone's interested:
- Apply Madaidan's hardening guide judiciously. Roughly 2/3 of the measures made sense for my use case and it's almost unnoticeable in my daily workflow.
- Have as few closed-source components as possible. In my case, intel-microcode is the only non-free package on my system.
- Install the hardening-runtime package, but remove its included
slub_debug=FPZkernel argument, which in recent kernels forces less secure unhashed pointers.- XFCE is still not fully ported to Wayland, so I use slock, the X11 screen locker with fewest lines of code.
- Install the ufw firewall and default to deny
- Enable unattended-upgrades
- Everything including the /boot partition is encrypted. I have built coreboot with just the GRUB2 payload, which I configured to immediately bring up the LUKS password prompt. All other options are behind a password.
I also put together and maintain a ~16 GB clean system image of Debian set up exactly to my taste, which I clone to my machines as needed. This probably wouldn't have been a thing if I knew about NixOS earlier, and it certainly hasn't helped me switch over either.
Linux Hardening Guide | Madaidan's Insecurities
madaidans-insecurities.github.ioOhVenus_Baby
in reply to monovergent • • •You have some decent hardening, just note x11 is turning legacy, wayland seems to be picking up for many reasons. I'm only slightly familiar with Debian as a whole. I'd look into firejail, app armour, firetools GUI for Firejail, flatseal, and good backup plans.
I discovered NIXos a few days ago and while it was a steep learning curve to set up! And I mean a learning curve and steep in all senses. It's quite possibly the smoothest, simplest distro I've ever used once you make it run. Instant rollbacks in grub. It boots in grub in order. Boot 23 works you tried tweaking boot 24 failed, you made it work boot 25. Got mad. Select boot 23 in grub and your back to square one. 10 seconds.
Due to the nature of it you can choose like any desktop type you'd like from xfce to cinnamon or names I never heard of even headless, and literally any of them gnome, KDE, you name it. I like simplicity. Low mental load. Immutable is a chef's kiss but configurable strikes my fancy.
I loathe getting scattered it symlinks, scripts, having files I forget about scattered all through my system, shit updates and breaks because I firejailed an app from 2 years ago. So much hassle. I like to boot and go. Keeping all if my configs in literally 2 nix files is fantastic, no more where did this go, or where did this write to. It will never change, update and break, it's like a master key that will forever work. Just don't lose your config and any hardware, any time, if you have your master file you can boot in like you was at your machine the time you left.
I still think about my first love, Linux mint so I installed cinnamon and now I feel I got the best of both worlds. I nearly gave up after a few days OK like 4 or 5 lol of attempting a custom install of NIX, full luks from boot to home, all my installed apps and configs, separated partitioning, containerized apps, I went all out. Idles at 1% CPU themed and applets, desklets, conky, etc. Created a couple copies of my NIX config file and I feel fairly safe. I built it all and tweaked then compiled it all finalized. Once you understand the concepts in their coding style, it'll click in your brain.
I went straight from Windows, to Mint for 2 years barely touching terminal. Now with a little internet research for commands. I can crawl through almost any issue. I've broken so much stuff. But atleast it wasn't a windows update borking/bricking my entire PC into a paperweight again. I chose to experiment. I've cussed myself so many times. But anything is better than going backwards.
Tenderizer78
in reply to OhVenus_Baby • • •fool
in reply to OhVenus_Baby • • •It depends on what you mean by "secure". I'm going to assume that your threat model is "I want to minimize the damage caused by any generic malware". If you would like tips on some other threat model, I would be happy to assist you.
Generally, I would recommend fedora secureblue or silverblue. It works very well "out of the box", doesn't require much maintenance, and it has relatively good security defaults.
I wouldn't call NIXos inherently "secure", because it doesn't have nearly as many security benefits compared to more security-focused distros. Immutability doesn't really help much in this context because all it's doing is making your root read-only. In most cases, an attacker getting access to your home directory is just as bad as them having root access. Security aside, if NIXos suits your other needs then I encourage you to keep using it.
Qubes is probably overkill. I would only recommend using it if your threat model depends on it. It offers very good sandboxing/compartmentalization, but it can be tricky to use and is resource-intensive. Personally, I don't think it has the best "out of the box experience" and most of its benefits can be replicated (with much effort) on a distro like gentoo or arch.
Gentoo and Arch have the highest potential to become the "most secure" because they are the most customizable but they require a lot more maintenance since you essentially have to learn how to build your system from the ground up.
In the end, I don't think the distro matters too much because as long as you can tweak the distro to fit your needs (or threat model), you will eventually end up with your own perfect mix of usability and security. You can start hardening your system by: configuring the firewall (I recommend ufw), proper sandboxing (I recommend using flatpaks or writing your own bubblewrap scripts), and maybe running untrusted processes in a virtual machine (I recommend qemu/virt-manager). For more advanced security, I would highly recommend looking into Mandatory Access Control (Fedora enables SELinux by default but you can tailor the reference policy to be VERY strict).
Once again, If you have anything more specific in mind in regards to security, I'll be happy to elaborate 😁